2017-09-25 22:39:58 +02:00
|
|
|
"""STIX 2 Common Data Types and Properties."""
|
2017-02-10 22:35:02 +01:00
|
|
|
|
2017-09-01 22:37:49 +02:00
|
|
|
from collections import OrderedDict
|
2017-08-11 21:11:54 +02:00
|
|
|
|
2017-10-26 17:39:45 +02:00
|
|
|
from ..base import _STIXBase
|
|
|
|
from ..markings import _MarkingsMixin
|
|
|
|
from ..properties import (HashesProperty, IDProperty, ListProperty, Property,
|
|
|
|
ReferenceProperty, SelectorProperty, StringProperty,
|
|
|
|
TimestampProperty, TypeProperty)
|
|
|
|
from ..utils import NOW, get_dict
|
2017-02-10 22:35:02 +01:00
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
class ExternalReference(_STIXBase):
|
2018-02-21 22:42:25 +01:00
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
`the STIX 2.0 specification <http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html#_Toc496709261>`__.
|
|
|
|
"""
|
|
|
|
|
2017-08-14 21:21:58 +02:00
|
|
|
_properties = OrderedDict()
|
|
|
|
_properties.update([
|
|
|
|
('source_name', StringProperty(required=True)),
|
|
|
|
('description', StringProperty()),
|
|
|
|
('url', StringProperty()),
|
|
|
|
('hashes', HashesProperty()),
|
|
|
|
('external_id', StringProperty()),
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
def _check_object_constraints(self):
|
|
|
|
super(ExternalReference, self)._check_object_constraints()
|
|
|
|
self._check_at_least_one_property(["description", "external_id", "url"])
|
|
|
|
|
|
|
|
|
|
|
|
class KillChainPhase(_STIXBase):
|
2018-02-21 22:42:25 +01:00
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
`the STIX 2.0 specification <http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html#_Toc496709267>`__.
|
|
|
|
"""
|
|
|
|
|
2017-08-14 21:21:58 +02:00
|
|
|
_properties = OrderedDict()
|
|
|
|
_properties.update([
|
|
|
|
('kill_chain_name', StringProperty(required=True)),
|
|
|
|
('phase_name', StringProperty(required=True)),
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
|
|
|
|
class GranularMarking(_STIXBase):
|
2018-02-21 22:42:25 +01:00
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
`the STIX 2.0 specification <http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html#_Toc496709290>`__.
|
|
|
|
"""
|
|
|
|
|
2017-08-14 21:21:58 +02:00
|
|
|
_properties = OrderedDict()
|
|
|
|
_properties.update([
|
|
|
|
('marking_ref', ReferenceProperty(required=True, type="marking-definition")),
|
|
|
|
('selectors', ListProperty(SelectorProperty, required=True)),
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
|
|
|
|
class TLPMarking(_STIXBase):
|
2018-02-21 22:42:25 +01:00
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
`the STIX 2.0 specification <http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html#_Toc496709287>`__.
|
|
|
|
"""
|
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
# TODO: don't allow the creation of any other TLPMarkings than the ones below
|
2017-08-14 21:21:58 +02:00
|
|
|
_type = 'tlp'
|
|
|
|
_properties = OrderedDict()
|
|
|
|
_properties.update([
|
2018-02-21 22:42:25 +01:00
|
|
|
('tlp', StringProperty(required=True))
|
2017-08-14 21:21:58 +02:00
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
|
|
|
|
class StatementMarking(_STIXBase):
|
2018-02-21 22:42:25 +01:00
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
`the STIX 2.0 specification <http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html#_Toc496709286>`__.
|
|
|
|
"""
|
|
|
|
|
2017-08-14 21:21:58 +02:00
|
|
|
_type = 'statement'
|
|
|
|
_properties = OrderedDict()
|
|
|
|
_properties.update([
|
|
|
|
('statement', StringProperty(required=True))
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
def __init__(self, statement=None, **kwargs):
|
|
|
|
# Allow statement as positional args.
|
|
|
|
if statement and not kwargs.get('statement'):
|
|
|
|
kwargs['statement'] = statement
|
|
|
|
|
|
|
|
super(StatementMarking, self).__init__(**kwargs)
|
|
|
|
|
|
|
|
|
|
|
|
class MarkingProperty(Property):
|
2017-09-22 17:03:25 +02:00
|
|
|
"""Represent the marking objects in the ``definition`` property of
|
2017-08-11 22:18:20 +02:00
|
|
|
marking-definition objects.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def clean(self, value):
|
2017-08-14 21:21:58 +02:00
|
|
|
if type(value) in OBJ_MAP_MARKING.values():
|
2017-08-11 22:18:20 +02:00
|
|
|
return value
|
|
|
|
else:
|
2017-08-14 21:21:58 +02:00
|
|
|
raise ValueError("must be a Statement, TLP Marking or a registered marking.")
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
|
2017-10-06 02:50:54 +02:00
|
|
|
class MarkingDefinition(_STIXBase, _MarkingsMixin):
|
2018-02-21 22:42:25 +01:00
|
|
|
"""For more detailed information on this object's properties, see
|
|
|
|
`the STIX 2.0 specification <http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html#_Toc496709284>`__.
|
|
|
|
"""
|
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
_type = 'marking-definition'
|
2017-08-14 21:21:58 +02:00
|
|
|
_properties = OrderedDict()
|
|
|
|
_properties.update([
|
|
|
|
('type', TypeProperty(_type)),
|
|
|
|
('id', IDProperty(_type)),
|
|
|
|
('created_by_ref', ReferenceProperty(type="identity")),
|
|
|
|
('created', TimestampProperty(default=lambda: NOW)),
|
|
|
|
('external_references', ListProperty(ExternalReference)),
|
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
('definition_type', StringProperty(required=True)),
|
|
|
|
('definition', MarkingProperty(required=True)),
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
def __init__(self, **kwargs):
|
|
|
|
if set(('definition_type', 'definition')).issubset(kwargs.keys()):
|
|
|
|
# Create correct marking type object
|
|
|
|
try:
|
2017-08-14 21:21:58 +02:00
|
|
|
marking_type = OBJ_MAP_MARKING[kwargs['definition_type']]
|
2017-08-11 22:18:20 +02:00
|
|
|
except KeyError:
|
|
|
|
raise ValueError("definition_type must be a valid marking type")
|
|
|
|
|
|
|
|
if not isinstance(kwargs['definition'], marking_type):
|
|
|
|
defn = get_dict(kwargs['definition'])
|
|
|
|
kwargs['definition'] = marking_type(**defn)
|
|
|
|
|
|
|
|
super(MarkingDefinition, self).__init__(**kwargs)
|
|
|
|
|
|
|
|
|
2017-08-14 21:21:58 +02:00
|
|
|
OBJ_MAP_MARKING = {
|
|
|
|
'tlp': TLPMarking,
|
|
|
|
'statement': StatementMarking,
|
|
|
|
}
|
|
|
|
|
2017-08-28 20:30:53 +02:00
|
|
|
|
|
|
|
def _register_marking(cls):
|
|
|
|
"""Register a custom STIX Marking Definition type.
|
|
|
|
"""
|
|
|
|
OBJ_MAP_MARKING[cls._type] = cls
|
|
|
|
return cls
|
|
|
|
|
|
|
|
|
|
|
|
def CustomMarking(type='x-custom-marking', properties=None):
|
2017-09-22 17:03:25 +02:00
|
|
|
"""Custom STIX Marking decorator.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
>>> @CustomMarking('x-custom-marking', [
|
|
|
|
... ('property1', StringProperty(required=True)),
|
|
|
|
... ('property2', IntegerProperty()),
|
|
|
|
... ])
|
|
|
|
... class MyNewMarkingObjectType():
|
|
|
|
... pass
|
2017-08-28 20:30:53 +02:00
|
|
|
|
|
|
|
"""
|
|
|
|
def custom_builder(cls):
|
|
|
|
|
|
|
|
class _Custom(cls, _STIXBase):
|
|
|
|
_type = type
|
|
|
|
_properties = OrderedDict()
|
|
|
|
|
|
|
|
if not properties or not isinstance(properties, list):
|
|
|
|
raise ValueError("Must supply a list, containing tuples. For example, [('property1', IntegerProperty())]")
|
|
|
|
|
|
|
|
_properties.update(properties)
|
|
|
|
|
|
|
|
def __init__(self, **kwargs):
|
|
|
|
_STIXBase.__init__(self, **kwargs)
|
2017-11-15 18:55:34 +01:00
|
|
|
try:
|
|
|
|
cls.__init__(self, **kwargs)
|
|
|
|
except (AttributeError, TypeError) as e:
|
|
|
|
# Don't accidentally catch errors raised in a custom __init__()
|
|
|
|
if ("has no attribute '__init__'" in str(e) or
|
|
|
|
str(e) == "object.__init__() takes no parameters"):
|
|
|
|
return
|
|
|
|
raise e
|
2017-08-28 20:30:53 +02:00
|
|
|
|
|
|
|
_register_marking(_Custom)
|
|
|
|
return _Custom
|
|
|
|
|
|
|
|
return custom_builder
|
|
|
|
|
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
TLP_WHITE = MarkingDefinition(
|
2017-08-14 21:21:58 +02:00
|
|
|
id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
created="2017-01-20T00:00:00.000Z",
|
|
|
|
definition_type="tlp",
|
|
|
|
definition=TLPMarking(tlp="white")
|
2017-08-11 22:18:20 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
TLP_GREEN = MarkingDefinition(
|
2017-08-14 21:21:58 +02:00
|
|
|
id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
|
|
created="2017-01-20T00:00:00.000Z",
|
|
|
|
definition_type="tlp",
|
|
|
|
definition=TLPMarking(tlp="green")
|
2017-08-11 22:18:20 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
TLP_AMBER = MarkingDefinition(
|
2017-08-14 21:21:58 +02:00
|
|
|
id="marking-definition--f88d31f6-486f-44da-b317-01333bde0b82",
|
|
|
|
created="2017-01-20T00:00:00.000Z",
|
|
|
|
definition_type="tlp",
|
|
|
|
definition=TLPMarking(tlp="amber")
|
2017-08-11 22:18:20 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
TLP_RED = MarkingDefinition(
|
2017-08-14 21:21:58 +02:00
|
|
|
id="marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed",
|
|
|
|
created="2017-01-20T00:00:00.000Z",
|
|
|
|
definition_type="tlp",
|
|
|
|
definition=TLPMarking(tlp="red")
|
2017-08-11 22:18:20 +02:00
|
|
|
)
|