cti-python-stix2/stix2/__init__.py

"""Python APIs for STIX 2."""

# flake8: noqa

from .bundle import Bundle
from .observables import Artifact, AutonomousSystem, EmailAddress, File
from .other import ExternalReference, KillChainPhase, MarkingDefinition, \
    GranularMarking, StatementMarking, TLPMarking
from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \
    IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \
    Vulnerability
from .sro import Relationship, Sighting
from .utils import get_dict
from . import exceptions


OBJ_MAP = {
    'attack-pattern': AttackPattern,
    'campaign': Campaign,
    'course-of-action': CourseOfAction,
    'identity': Identity,
    'indicator': Indicator,
    'intrusion-set': IntrusionSet,
    'malware': Malware,
    'marking-definition': MarkingDefinition,
    'observed-data': ObservedData,
    'report': Report,
    'relationship': Relationship,
    'threat-actor': ThreatActor,
    'tool': Tool,
    'sighting': Sighting,
    'vulnerability': Vulnerability,
}

OBJ_MAP_OBSERVABLE = {
    'artifact': Artifact,
    'autonomous-system': AutonomousSystem,
    'email-address': EmailAddress,
    'file': File,
}


def parse(data):
    """Deserialize a string or file-like object into a STIX object"""

    obj = get_dict(data)

    if 'type' not in obj:
        # TODO parse external references, kill chain phases, and granular markings
        pass
    else:
        try:
            obj_class = OBJ_MAP[obj['type']]
        except KeyError:
            # TODO handle custom objects
            raise ValueError("Can't parse unknown object type '%s'!" % obj['type'])
        return obj_class(**obj)

    return obj


def parse_observable(data, _valid_refs):
    """Deserialize a string or file-like object into a STIX Cyber Observable
    object.
    """

    obj = get_dict(data)
    obj['_valid_refs'] = _valid_refs

    if 'type' not in obj:
        raise ValueError("'type' is a required field!")
    try:
        obj_class = OBJ_MAP_OBSERVABLE[obj['type']]
    except KeyError:
        # TODO handle custom objects
        raise ValueError("Can't parse unknown object type '%s'!" % obj['type'])
    return obj_class(**obj)
Refactor library into separate files. 2017-02-10 22:35:02 +01:00			`"""Python APIs for STIX 2."""`
Initial tests for STIX 2 2017-01-17 21:37:47 +01:00
Fix or ignore Flake8 warnings. 2017-03-22 14:05:59 +01:00			`# flake8: noqa`

Refactor library into separate files. 2017-02-10 22:35:02 +01:00			`from .bundle import Bundle`
Add EmailAddress and ObjectReferenceProperty 2017-05-05 18:32:02 +02:00			`from .observables import Artifact, AutonomousSystem, EmailAddress, File`
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`from .other import ExternalReference, KillChainPhase, MarkingDefinition, \`
			`GranularMarking, StatementMarking, TLPMarking`
Add tests for all SDOs 2017-02-24 18:56:55 +01:00			`from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \`
			`IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \`
			`Vulnerability`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00			`from .sro import Relationship, Sighting`
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`from .utils import get_dict`
Add exception for invalid Property values. 2017-04-18 21:19:16 +02:00			`from . import exceptions`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00

Fix typos, add to Property class documentation, small performance boosts, and let strings and booleans in a ListProperty be handled by __call__(). 2017-04-24 22:33:59 +02:00			`OBJ_MAP = {`
			`'attack-pattern': AttackPattern,`
			`'campaign': Campaign,`
			`'course-of-action': CourseOfAction,`
			`'identity': Identity,`
			`'indicator': Indicator,`
			`'intrusion-set': IntrusionSet,`
			`'malware': Malware,`
			`'marking-definition': MarkingDefinition,`
			`'observed-data': ObservedData,`
			`'report': Report,`
			`'relationship': Relationship,`
			`'threat-actor': ThreatActor,`
			`'tool': Tool,`
			`'sighting': Sighting,`
			`'vulnerability': Vulnerability,`
			`}`

Add Artifact type 2017-05-03 23:35:33 +02:00			`OBJ_MAP_OBSERVABLE = {`
			`'artifact': Artifact,`
Add Autonomous System 2017-05-04 00:19:30 +02:00			`'autonomous-system': AutonomousSystem,`
Add EmailAddress and ObjectReferenceProperty 2017-05-05 18:32:02 +02:00			`'email-address': EmailAddress,`
Add Artifact type 2017-05-03 23:35:33 +02:00			`'file': File,`
			`}`

Fix typos, add to Property class documentation, small performance boosts, and let strings and booleans in a ListProperty be handled by __call__(). 2017-04-24 22:33:59 +02:00
Add EmailAddress and ObjectReferenceProperty 2017-05-05 18:32:02 +02:00			`def parse(data):`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00			`"""Deserialize a string or file-like object into a STIX object"""`

Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`obj = get_dict(data)`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00
			`if 'type' not in obj:`
			`# TODO parse external references, kill chain phases, and granular markings`
			`pass`
Parse all SDOs and SROs 2017-04-19 15:22:08 +02:00			`else:`
			`try:`
Add EmailAddress and ObjectReferenceProperty 2017-05-05 18:32:02 +02:00			`obj_class = OBJ_MAP[obj['type']]`
Parse all SDOs and SROs 2017-04-19 15:22:08 +02:00			`except KeyError:`
			`# TODO handle custom objects`
Add Artifact type 2017-05-03 23:35:33 +02:00			`raise ValueError("Can't parse unknown object type '%s'!" % obj['type'])`
			`return obj_class(**obj)`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00
			`return obj`
Add EmailAddress and ObjectReferenceProperty 2017-05-05 18:32:02 +02:00

			`def parse_observable(data, _valid_refs):`
			`"""Deserialize a string or file-like object into a STIX Cyber Observable`
			`object.`
			`"""`

			`obj = get_dict(data)`
			`obj['_valid_refs'] = _valid_refs`

			`if 'type' not in obj:`
			`raise ValueError("'type' is a required field!")`
			`try:`
			`obj_class = OBJ_MAP_OBSERVABLE[obj['type']]`
			`except KeyError:`
			`# TODO handle custom objects`
			`raise ValueError("Can't parse unknown object type '%s'!" % obj['type'])`
			`return obj_class(**obj)`