cti-python-stix2/stix2/other.py

"""STIX 2.0 Objects that are neither SDOs nor SROs"""

from .base import _STIXBase
from .properties import (IDProperty, ListProperty, Property, ReferenceProperty,
                         SelectorProperty, StringProperty, TimestampProperty,
                         TypeProperty)
from .utils import get_dict, NOW


class ExternalReference(_STIXBase):
    _properties = {
        'source_name': StringProperty(required=True),
        'description': StringProperty(),
        'url': StringProperty(),
        'external_id': StringProperty(),
    }


class KillChainPhase(_STIXBase):
    _properties = {
        'kill_chain_name': StringProperty(required=True),
        'phase_name': StringProperty(required=True),
    }


class GranularMarking(_STIXBase):
    _properties = {
        'marking_ref': ReferenceProperty(required=True, type="marking-definition"),
        'selectors': ListProperty(SelectorProperty, required=True),
    }


class TLPMarking(_STIXBase):
    # TODO: don't allow the creation of any other TLPMarkings than the ones below
    _properties = {
        'tlp': Property(required=True)
    }


class StatementMarking(_STIXBase):
    _properties = {
        'statement': StringProperty(required=True)
    }

    def __init__(self, statement=None, **kwargs):
        # Allow statement as positional args.
        if statement and not kwargs.get('statement'):
            kwargs['statement'] = statement

        super(StatementMarking, self).__init__(**kwargs)


class MarkingProperty(Property):
    """Represent the marking objects in the `definition` property of
    marking-definition objects.
    """

    def clean(self, value):
        if type(value) in [TLPMarking, StatementMarking]:
            return value
        else:
            raise ValueError("must be a Statement or TLP Marking.")


class MarkingDefinition(_STIXBase):
    _type = 'marking-definition'
    _properties = {
        'created': TimestampProperty(default=lambda: NOW, required=True),
        'external_references': ListProperty(ExternalReference),
        'created_by_ref': ReferenceProperty(type="identity"),
        'object_marking_refs': ListProperty(ReferenceProperty(type="marking-definition")),
        'granular_markings': ListProperty(GranularMarking),
        'type': TypeProperty(_type),
        'id': IDProperty(_type),
        'definition_type': StringProperty(required=True),
        'definition': MarkingProperty(required=True),
    }
    marking_map = {
        'tlp': TLPMarking,
        'statement': StatementMarking,
    }

    def __init__(self, **kwargs):
        if set(('definition_type', 'definition')).issubset(kwargs.keys()):
            # Create correct marking type object
            try:
                marking_type = self.marking_map[kwargs['definition_type']]
            except KeyError:
                raise ValueError("definition_type must be a valid marking type")

            if not isinstance(kwargs['definition'], marking_type):
                defn = get_dict(kwargs['definition'])
                kwargs['definition'] = marking_type(**defn)

        super(MarkingDefinition, self).__init__(**kwargs)


TLP_WHITE = MarkingDefinition(
                id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
                created="2017-01-20T00:00:00.000Z",
                definition_type="tlp",
                definition=TLPMarking(tlp="white")
)

TLP_GREEN = MarkingDefinition(
                id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
                created="2017-01-20T00:00:00.000Z",
                definition_type="tlp",
                definition=TLPMarking(tlp="green")
)

TLP_AMBER = MarkingDefinition(
                id="marking-definition--f88d31f6-486f-44da-b317-01333bde0b82",
                created="2017-01-20T00:00:00.000Z",
                definition_type="tlp",
                definition=TLPMarking(tlp="amber")
)

TLP_RED = MarkingDefinition(
                id="marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed",
                created="2017-01-20T00:00:00.000Z",
                definition_type="tlp",
                definition=TLPMarking(tlp="red")
)
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`"""STIX 2.0 Objects that are neither SDOs nor SROs"""`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00
			`from .base import _STIXBase`
Fix import order, add flake8-import-order plugin to Tox 2017-04-25 00:29:56 +02:00			`from .properties import (IDProperty, ListProperty, Property, ReferenceProperty,`
			`SelectorProperty, StringProperty, TimestampProperty,`
			`TypeProperty)`
			`from .utils import get_dict, NOW`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00

Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`class ExternalReference(_STIXBase):`
Rework ListProperty, fix merging issues 2017-04-14 16:42:17 +02:00			`_properties = {`
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`'source_name': StringProperty(required=True),`
			`'description': StringProperty(),`
			`'url': StringProperty(),`
			`'external_id': StringProperty(),`
Rework ListProperty, fix merging issues 2017-04-14 16:42:17 +02:00			`}`


Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`class KillChainPhase(_STIXBase):`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00			`_properties = {`
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00			`'kill_chain_name': StringProperty(required=True),`
			`'phase_name': StringProperty(required=True),`
			`}`


			`class GranularMarking(_STIXBase):`
			`_properties = {`
			`'marking_ref': ReferenceProperty(required=True, type="marking-definition"),`
			`'selectors': ListProperty(SelectorProperty, required=True),`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00			`}`


			`class TLPMarking(_STIXBase):`
			`# TODO: don't allow the creation of any other TLPMarkings than the ones below`
			`_properties = {`
			`'tlp': Property(required=True)`
			`}`


			`class StatementMarking(_STIXBase):`
			`_properties = {`
Fix typos, add to Property class documentation, small performance boosts, and let strings and booleans in a ListProperty be handled by __call__(). 2017-04-24 22:33:59 +02:00			`'statement': StringProperty(required=True)`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00			`}`

			`def __init__(self, statement=None, **kwargs):`
			`# Allow statement as positional args.`
			`if statement and not kwargs.get('statement'):`
			`kwargs['statement'] = statement`

			`super(StatementMarking, self).__init__(**kwargs)`
Fix parsing errors - Typos in Attack Pattern tests - Put MarkingDefinition, ExternalReference, and KillChainPhase together in a file for objects that aren't SDOs or SROs - Create utility function to return dictionary from string or file-like object - Put off testing parsing Cyber Observable Objects until a later commit 2017-04-19 20:32:56 +02:00

			`class MarkingProperty(Property):`
			"""Represent the marking objects in the `definition` property of
			`marking-definition objects.`
			`"""`

			`def clean(self, value):`
			`if type(value) in [TLPMarking, StatementMarking]:`
			`return value`
			`else:`
			`raise ValueError("must be a Statement or TLP Marking.")`


			`class MarkingDefinition(_STIXBase):`
			`_type = 'marking-definition'`
			`_properties = {`
			`'created': TimestampProperty(default=lambda: NOW, required=True),`
			`'external_references': ListProperty(ExternalReference),`
			`'created_by_ref': ReferenceProperty(type="identity"),`
			`'object_marking_refs': ListProperty(ReferenceProperty(type="marking-definition")),`
			`'granular_markings': ListProperty(GranularMarking),`
			`'type': TypeProperty(_type),`
			`'id': IDProperty(_type),`
			`'definition_type': StringProperty(required=True),`
			`'definition': MarkingProperty(required=True),`
			`}`
			`marking_map = {`
			`'tlp': TLPMarking,`
			`'statement': StatementMarking,`
			`}`

			`def __init__(self, **kwargs):`
			`if set(('definition_type', 'definition')).issubset(kwargs.keys()):`
			`# Create correct marking type object`
			`try:`
			`marking_type = self.marking_map[kwargs['definition_type']]`
			`except KeyError:`
			`raise ValueError("definition_type must be a valid marking type")`

			`if not isinstance(kwargs['definition'], marking_type):`
			`defn = get_dict(kwargs['definition'])`
			`kwargs['definition'] = marking_type(**defn)`

			`super(MarkingDefinition, self).__init__(**kwargs)`
Add Sighting object and data markings - Update ReferenceProperty to allow specifying a particular object type - Update ListProperty and add SelectorProperty - Add description to Relationship 2017-03-31 21:52:27 +02:00

			`TLP_WHITE = MarkingDefinition(`
			`id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",`
			`created="2017-01-20T00:00:00.000Z",`
			`definition_type="tlp",`
			`definition=TLPMarking(tlp="white")`
			`)`

			`TLP_GREEN = MarkingDefinition(`
			`id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",`
			`created="2017-01-20T00:00:00.000Z",`
			`definition_type="tlp",`
			`definition=TLPMarking(tlp="green")`
			`)`

			`TLP_AMBER = MarkingDefinition(`
			`id="marking-definition--f88d31f6-486f-44da-b317-01333bde0b82",`
			`created="2017-01-20T00:00:00.000Z",`
			`definition_type="tlp",`
			`definition=TLPMarking(tlp="amber")`
			`)`

			`TLP_RED = MarkingDefinition(`
			`id="marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed",`
			`created="2017-01-20T00:00:00.000Z",`
			`definition_type="tlp",`
			`definition=TLPMarking(tlp="red")`
			`)`