cti-python-stix2/stix2/__init__.py

"""Python APIs for STIX 2."""

# flake8: noqa

from .bundle import Bundle
from .other import ExternalReference, KillChainPhase, MarkingDefinition, \
    GranularMarking, StatementMarking, TLPMarking
from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \
    IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \
    Vulnerability
from .sro import Relationship, Sighting
from .utils import get_dict
from . import exceptions


def parse(data):
    """Deserialize a string or file-like object into a STIX object"""

    obj = get_dict(data)

    obj_map = {
        'attack-pattern': AttackPattern,
        'campaign': Campaign,
        'course-of-action': CourseOfAction,
        'identity': Identity,
        'indicator': Indicator,
        'intrusion-set': IntrusionSet,
        'malware': Malware,
        'marking-definition': MarkingDefinition,
        'observed-data': ObservedData,
        'report': Report,
        'relationship': Relationship,
        'threat-actor': ThreatActor,
        'tool': Tool,
        'sighting': Sighting,
        'vulnerability': Vulnerability,
    }

    if 'type' not in obj:
        # TODO parse external references, kill chain phases, and granular markings
        pass
    else:
        try:
            obj_class = obj_map[obj['type']]
            return obj_class(**obj)
        except KeyError:
            # TODO handle custom objects
            raise ValueError("Can't parse unknown object type!")

    return obj
Refactor library into separate files. 2017-02-10 22:35:02 +01:00			`"""Python APIs for STIX 2."""`
Initial tests for STIX 2 2017-01-17 21:37:47 +01:00
Fix or ignore Flake8 warnings. 2017-03-22 14:05:59 +01:00			`# flake8: noqa`

Refactor library into separate files. 2017-02-10 22:35:02 +01:00			`from .bundle import Bundle`
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`from .other import ExternalReference, KillChainPhase, MarkingDefinition, \`
			`GranularMarking, StatementMarking, TLPMarking`
Add tests for all SDOs 2017-02-24 18:56:55 +01:00			`from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \`
			`IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \`
			`Vulnerability`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00			`from .sro import Relationship, Sighting`
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`from .utils import get_dict`
Add exception for invalid Property values. 2017-04-18 21:19:16 +02:00			`from . import exceptions`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00

			`def parse(data):`
			`"""Deserialize a string or file-like object into a STIX object"""`

Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`obj = get_dict(data)`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00
Parse all SDOs and SROs 2017-04-19 15:22:08 +02:00			`obj_map = {`
			`'attack-pattern': AttackPattern,`
			`'campaign': Campaign,`
			`'course-of-action': CourseOfAction,`
			`'identity': Identity,`
			`'indicator': Indicator,`
			`'intrusion-set': IntrusionSet,`
			`'malware': Malware,`
			`'marking-definition': MarkingDefinition,`
			`'observed-data': ObservedData,`
			`'report': Report,`
			`'relationship': Relationship,`
			`'threat-actor': ThreatActor,`
			`'tool': Tool,`
			`'sighting': Sighting,`
			`'vulnerability': Vulnerability,`
			`}`

Add parsing of Malware objects 2017-04-05 23:12:44 +02:00			`if 'type' not in obj:`
			`# TODO parse external references, kill chain phases, and granular markings`
			`pass`
Parse all SDOs and SROs 2017-04-19 15:22:08 +02:00			`else:`
			`try:`
			`obj_class = obj_map[obj['type']]`
			`return obj_class(**obj)`
			`except KeyError:`
			`# TODO handle custom objects`
			`raise ValueError("Can't parse unknown object type!")`
Add parsing of Malware objects 2017-04-05 23:12:44 +02:00
			`return obj`