cti-python-stix2/stix2/sources/memory.py

"""
Python STIX 2.0 Memory Source/Sink

Classes:
    MemoryStore
    MemorySink
    MemorySource

TODO: Test everything.

TODO: Use deduplicate() calls only when memory corpus is dirty (been added to)
      can save a lot of time for successive queries

Notes:
    Not worrying about STIX versioning. The in memory STIX data at anytime
    will only hold one version of a STIX object. As such, when save() is called,
    the single versions of all the STIX objects are what is written to file.

"""

import json
import os

from stix2validator import validate_string

from stix2 import Bundle
from stix2.sources import DataSink, DataSource, DataStore, Filter


class MemoryStore(DataStore):
    """
    """
    def __init__(self, name="MemoryStore", stix_data=None):
        """
        Notes:
            It doesn't make sense to create a MemoryStore by passing
            in existing MemorySource and MemorySink because there could
            be data concurrency issues. Just as easy to create new MemoryStore.

        """
        super(MemoryStore, self).__init__(name=name)
        self.data = {}

        if stix_data:
            if type(stix_data) == dict:
                # stix objects are in a bundle
                # verify STIX json data
                r = validate_string(json.dumps(stix_data))
                # make dictionary of the objects for easy lookup
                if r.is_valid:
                    for stix_obj in stix_data["objects"]:
                        self.data[stix_obj["id"]] = stix_obj
                else:
                    print("Error: json data passed to MemorySink() was found to not be validated by STIX 2 Validator")
                    print(r)
            elif type(stix_data) == list:
                # stix objects are in a list
                for stix_obj in stix_data:
                    r = validate_string(json.dumps(stix_obj))
                    if r.is_valid:
                        self.data[stix_obj["id"]] = stix_obj
                    else:
                        print("Error: STIX object %s is not valid under STIX 2 validator." % stix_obj["id"])
                        print(r)

        self.source = MemorySource(stix_data=self.data, _store=True)
        self.sink = MemorySink(stix_data=self.data, _store=True)

    def save_to_file(self, file_path):
        return self.sink.save_to_file(file_path=file_path)

    def load_from_file(self, file_path):
        return self.source.load_from_file(file_path=file_path)


class MemorySink(DataSink):
    """
    """
    def __init__(self, name="MemorySink", stix_data=None, _store=False):
        """
        Args:
            stix_data (dictionary OR list): valid STIX 2.0 content in
                bundle or a list.
            name (string): optional name tag of the data source
            _store (bool): if the MemorySink is a part of a DataStore,
                in which case "stix_data" is a direct reference to
                shared memory with DataSource.

        """
        super(MemorySink, self).__init__(name=name)

        if _store:
            self.data = stix_data
        else:
            self.data = {}
            if stix_data:
                if type(stix_data) == dict:
                    # stix objects are in a bundle
                    # verify STIX json data
                    r = validate_string(json.dumps(stix_data))
                    # make dictionary of the objects for easy lookup
                    if r.is_valid:
                        for stix_obj in stix_data["objects"]:

                            self.data[stix_obj["id"]] = stix_obj
                    else:
                        print("Error: json data passed to MemorySink() was found to not be validated by STIX 2 Validator")
                        print(r)
                        self.data = {}
                elif type(stix_data) == list:
                    # stix objects are in a list
                    for stix_obj in stix_data:
                        r = validate_string(json.dumps(stix_obj))
                        if r.is_valid:
                            self.data[stix_obj["id"]] = stix_obj
                        else:
                            print("Error: STIX object %s is not valid under STIX 2 validator." % stix_obj["id"])
                            print(r)
                else:
                    raise ValueError("stix_data must be in bundle format or raw list")

    def add(self, stix_data):
        """
        """
        if type(stix_data) == dict:
            # stix data is in bundle
            r = validate_string(json.dumps(stix_data))
            if r.is_valid:
                for stix_obj in stix_data["objects"]:
                    self.data[stix_obj["id"]] = stix_obj
            else:
                print("Error: json data passed to MemorySink() was found to not be validated by STIX 2 Validator")
                print(r)
        elif type(stix_data) == list:
            # stix data is in list
            for stix_obj in stix_data:
                r = validate_string(json.dumps(stix_obj))
                if r.is_valid:
                    self.data[stix_obj["id"]] = stix_obj
                else:
                    print("Error: STIX object %s is not valid under STIX 2 validator." % stix_obj["id"])
                    print(r)
        else:
            raise ValueError("stix_data must be in bundle format or raw list")

    def save_to_file(self, file_path):
        """
        """
        json.dump(Bundle(self.data.values()), file_path, indent=4)


class MemorySource(DataSource):

    def __init__(self, name="MemorySource", stix_data=None, _store=False):
        """
        Args:
            stix_data (dictionary OR list): valid STIX 2.0 content in
                bundle or list.
            name (string): optional name tag of the data source.
            _store (bool): if the MemorySource is a part of a DataStore,
                in which case "stix_data" is a direct reference to shared
                memory with DataSink.

        """
        super(MemorySource, self).__init__(name=name)

        if _store:
            self.data = stix_data
        else:
            self.data = {}
            if stix_data:
                if type(stix_data) == dict:
                    # STIX objects are in a bundle
                    # verify STIX json data
                    r = validate_string(json.dumps(stix_data))
                    # make dictionary of the objects for easy lookup
                    if r.is_valid:
                        for stix_obj in stix_data["objects"]:
                            self.data[stix_obj["id"]] = stix_obj
                    else:
                        print("Error: json data passed to MemorySource() was found to not be validated by STIX 2 Validator")
                        print(r.as_dict())
                        self.data = {}
                elif type(stix_data) == list:
                    # STIX objects are in a list
                    for stix_obj in stix_data:
                        r = validate_string(json.dumps(stix_obj))
                        if r.is_valid:
                            self.data[stix_obj["id"]] = stix_obj
                        else:
                            print("Error: STIX object %s is not valid under STIX 2 validator." % stix_obj["id"])
                            print(r)
                else:
                    raise ValueError("stix_data must be in bundle format or raw list")

    def get(self, stix_id, _composite_filters=None):
        """
        """
        if _composite_filters is None:
            # if get call is only based on 'id', no need to search, just retrieve from dict
            try:
                stix_obj = self.data[stix_id]
            except KeyError:
                stix_obj = None
            return stix_obj

        # if there are filters from the composite level, process full query
        query = [
            Filter("id", "=", stix_id)
        ]

        all_data = self.query(query=query, _composite_filters=_composite_filters)

        # reduce to most recent version
        stix_obj = sorted(all_data, key=lambda k: k['modified'])[0]

        return stix_obj

    def all_versions(self, stix_id, _composite_filters=None):
        """
        Notes:
            Since Memory sources/sinks don't handle multiple versions of a
            STIX object, this operation is futile. Translate call to get().
            (Approved by G.B.)

        """

        # query = [
        #     {
        #         "field": "id",
        #         "op": "=",
        #         "value": stix_id
        #     }
        # ]

        # all_data = self.query(query=query, _composite_filters=_composite_filters)

        return [self.get(stix_id=stix_id, _composite_filters=_composite_filters)]

    def query(self, query=None, _composite_filters=None):
        """
        """
        if query is None:
            query = []

        # combine all query filters
        if self.filters:
            query.extend(self.filters.values())
        if _composite_filters:
            query.extend(_composite_filters)

        # deduplicate data before filtering  -> Deduplication is not required as Memory only ever holds one version of an object
        # all_data = self.deduplicate(all_data)

        # apply STIX common property filters
        all_data = self.apply_common_filters(self.data.values(), query)

        return all_data

    def load_from_file(self, file_path):
        """
        """
        file_path = os.path.abspath(file_path)
        stix_data = json.load(open(file_path, "r"))

        r = validate_string(json.dumps(stix_data))

        if r.is_valid:
            for stix_obj in stix_data["objects"]:
                    self.data[stix_obj["id"]] = stix_obj
        else:
            print("Error: STIX data loaded from file (%s) was found to not be validated by STIX 2 Validator" % file_path)
            print(r)
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`
			`Python STIX 2.0 Memory Source/Sink`

			`Classes:`
			`MemoryStore`
			`MemorySink`
			`MemorySource`

			`TODO: Test everything.`

			`TODO: Use deduplicate() calls only when memory corpus is dirty (been added to)`
			`can save a lot of time for successive queries`

Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`Notes:`
			`Not worrying about STIX versioning. The in memory STIX data at anytime`
			`will only hold one version of a STIX object. As such, when save() is called,`
			`the single versions of all the STIX objects are what is written to file.`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`"""`

			`import json`
			`import os`

Code coverage changes, fix some tests. Add stix2-validator dependency. 2017-08-28 21:19:55 +02:00			`from stix2validator import validate_string`

Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`from stix2 import Bundle`
Change query dict style for Filter namedtuple. 2017-08-18 18:05:12 +02:00			`from stix2.sources import DataSink, DataSource, DataStore, Filter`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00

			`class MemoryStore(DataStore):`
			`"""`
			`"""`
Changes to datastores. 2017-08-28 20:32:51 +02:00			`def __init__(self, name="MemoryStore", stix_data=None):`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`"""`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`Notes:`
			`It doesn't make sense to create a MemoryStore by passing`
			`in existing MemorySource and MemorySink because there could`
			`be data concurrency issues. Just as easy to create new MemoryStore.`

taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`"""`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`super(MemoryStore, self).__init__(name=name)`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`self.data = {}`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`if stix_data:`
			`if type(stix_data) == dict:`
			`# stix objects are in a bundle`
			`# verify STIX json data`
			`r = validate_string(json.dumps(stix_data))`
			`# make dictionary of the objects for easy lookup`
			`if r.is_valid:`
			`for stix_obj in stix_data["objects"]:`
			`self.data[stix_obj["id"]] = stix_obj`
			`else:`
			`print("Error: json data passed to MemorySink() was found to not be validated by STIX 2 Validator")`
			`print(r)`
			`elif type(stix_data) == list:`
			`# stix objects are in a list`
			`for stix_obj in stix_data:`
			`r = validate_string(json.dumps(stix_obj))`
			`if r.is_valid:`
			`self.data[stix_obj["id"]] = stix_obj`
			`else:`
Formatting changes, skip add/remove filter test, change deduplicate() approach. 2017-08-09 19:31:07 +02:00			`print("Error: STIX object %s is not valid under STIX 2 validator." % stix_obj["id"])`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`print(r)`

			`self.source = MemorySource(stix_data=self.data, _store=True)`
			`self.sink = MemorySink(stix_data=self.data, _store=True)`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`def save_to_file(self, file_path):`
Remove duplicate code. 2017-07-20 21:34:09 +02:00			`return self.sink.save_to_file(file_path=file_path)`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`def load_from_file(self, file_path):`
			`return self.source.load_from_file(file_path=file_path)`

Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`class MemorySink(DataSink):`
			`"""`
			`"""`
Changes to datastores. 2017-08-28 20:32:51 +02:00			`def __init__(self, name="MemorySink", stix_data=None, _store=False):`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`
			`Args:`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`stix_data (dictionary OR list): valid STIX 2.0 content in`
			`bundle or a list.`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`name (string): optional name tag of the data source`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`_store (bool): if the MemorySink is a part of a DataStore,`
			`in which case "stix_data" is a direct reference to`
			`shared memory with DataSource.`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`"""`
			`super(MemorySink, self).__init__(name=name)`

taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`if _store:`
			`self.data = stix_data`
			`else:`
			`self.data = {}`
			`if stix_data:`
			`if type(stix_data) == dict:`
			`# stix objects are in a bundle`
			`# verify STIX json data`
			`r = validate_string(json.dumps(stix_data))`
			`# make dictionary of the objects for easy lookup`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`if r.is_valid:`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`for stix_obj in stix_data["objects"]:`

			`self.data[stix_obj["id"]] = stix_obj`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`else:`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`print("Error: json data passed to MemorySink() was found to not be validated by STIX 2 Validator")`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`print(r)`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`self.data = {}`
			`elif type(stix_data) == list:`
			`# stix objects are in a list`
			`for stix_obj in stix_data:`
			`r = validate_string(json.dumps(stix_obj))`
			`if r.is_valid:`
			`self.data[stix_obj["id"]] = stix_obj`
			`else:`
Formatting changes, skip add/remove filter test, change deduplicate() approach. 2017-08-09 19:31:07 +02:00			`print("Error: STIX object %s is not valid under STIX 2 validator." % stix_obj["id"])`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`print(r)`
			`else:`
			`raise ValueError("stix_data must be in bundle format or raw list")`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`def add(self, stix_data):`
			`"""`
			`"""`
			`if type(stix_data) == dict:`
			`# stix data is in bundle`
			`r = validate_string(json.dumps(stix_data))`
			`if r.is_valid:`
			`for stix_obj in stix_data["objects"]:`
			`self.data[stix_obj["id"]] = stix_obj`
			`else:`
			`print("Error: json data passed to MemorySink() was found to not be validated by STIX 2 Validator")`
			`print(r)`
			`elif type(stix_data) == list:`
			`# stix data is in list`
			`for stix_obj in stix_data:`
			`r = validate_string(json.dumps(stix_obj))`
			`if r.is_valid:`
			`self.data[stix_obj["id"]] = stix_obj`
			`else:`
Formatting changes, skip add/remove filter test, change deduplicate() approach. 2017-08-09 19:31:07 +02:00			`print("Error: STIX object %s is not valid under STIX 2 validator." % stix_obj["id"])`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`print(r)`
			`else:`
			`raise ValueError("stix_data must be in bundle format or raw list")`

taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`def save_to_file(self, file_path):`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`
			`"""`
			`json.dump(Bundle(self.data.values()), file_path, indent=4)`


			`class MemorySource(DataSource):`

Changes to datastores. 2017-08-28 20:32:51 +02:00			`def __init__(self, name="MemorySource", stix_data=None, _store=False):`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`
			`Args:`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`stix_data (dictionary OR list): valid STIX 2.0 content in`
			`bundle or list.`
			`name (string): optional name tag of the data source.`
			`_store (bool): if the MemorySource is a part of a DataStore,`
			`in which case "stix_data" is a direct reference to shared`
			`memory with DataSink.`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`"""`
			`super(MemorySource, self).__init__(name=name)`

taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`if _store:`
			`self.data = stix_data`
			`else:`
			`self.data = {}`
			`if stix_data:`
			`if type(stix_data) == dict:`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`# STIX objects are in a bundle`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`# verify STIX json data`
			`r = validate_string(json.dumps(stix_data))`
			`# make dictionary of the objects for easy lookup`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`if r.is_valid:`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`for stix_obj in stix_data["objects"]:`
			`self.data[stix_obj["id"]] = stix_obj`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`else:`
Changes to datastores. 2017-08-28 20:32:51 +02:00			`print("Error: json data passed to MemorySource() was found to not be validated by STIX 2 Validator")`
			`print(r.as_dict())`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`self.data = {}`
			`elif type(stix_data) == list:`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`# STIX objects are in a list`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`for stix_obj in stix_data:`
			`r = validate_string(json.dumps(stix_obj))`
			`if r.is_valid:`
			`self.data[stix_obj["id"]] = stix_obj`
			`else:`
Formatting changes, skip add/remove filter test, change deduplicate() approach. 2017-08-09 19:31:07 +02:00			`print("Error: STIX object %s is not valid under STIX 2 validator." % stix_obj["id"])`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`print(r)`
			`else:`
			`raise ValueError("stix_data must be in bundle format or raw list")`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`def get(self, stix_id, _composite_filters=None):`
			`"""`
			`"""`
			`if _composite_filters is None:`
			`# if get call is only based on 'id', no need to search, just retrieve from dict`
			`try:`
			`stix_obj = self.data[stix_id]`
			`except KeyError:`
			`stix_obj = None`
			`return stix_obj`

			`# if there are filters from the composite level, process full query`
			`query = [`
Change query dict style for Filter namedtuple. 2017-08-18 18:05:12 +02:00			`Filter("id", "=", stix_id)`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`]`

			`all_data = self.query(query=query, _composite_filters=_composite_filters)`

			`# reduce to most recent version`
			`stix_obj = sorted(all_data, key=lambda k: k['modified'])[0]`

			`return stix_obj`

			`def all_versions(self, stix_id, _composite_filters=None):`
			`"""`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`Notes:`
			`Since Memory sources/sinks don't handle multiple versions of a`
			`STIX object, this operation is futile. Translate call to get().`
			`(Approved by G.B.)`

Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00			`"""`

			`# query = [`
			`# {`
			`# "field": "id",`
			`# "op": "=",`
			`# "value": stix_id`
			`# }`
			`# ]`

			`# all_data = self.query(query=query, _composite_filters=_composite_filters)`

			`return [self.get(stix_id=stix_id, _composite_filters=_composite_filters)]`

			`def query(self, query=None, _composite_filters=None):`
			`"""`
			`"""`
			`if query is None:`
			`query = []`

			`# combine all query filters`
			`if self.filters:`
			`query.extend(self.filters.values())`
			`if _composite_filters:`
			`query.extend(_composite_filters)`

			`# deduplicate data before filtering -> Deduplication is not required as Memory only ever holds one version of an object`
Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 14:10:20 +02:00			`# all_data = self.deduplicate(all_data)`
Data* suite reorg, fixing bugs 2017-07-12 16:58:31 +02:00
			`# apply STIX common property filters`
			`all_data = self.apply_common_filters(self.data.values(), query)`

			`return all_data`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00
			`def load_from_file(self, file_path):`
			`"""`
			`"""`
			`file_path = os.path.abspath(file_path)`
			`stix_data = json.load(open(file_path, "r"))`

			`r = validate_string(json.dumps(stix_data))`

			`if r.is_valid:`
			`for stix_obj in stix_data["objects"]:`
			`self.data[stix_obj["id"]] = stix_obj`
			`else:`
Formatting changes, skip add/remove filter test, change deduplicate() approach. 2017-08-09 19:31:07 +02:00			`print("Error: STIX data loaded from file (%s) was found to not be validated by STIX 2 Validator" % file_path)`
taxii client and source/sink seperated; memory store common data dict (bug); all *Store classes have their sources and sinks tethered to one backend target 2017-07-13 00:03:59 +02:00			`print(r)`