2018-07-03 13:00:18 +02:00
|
|
|
import datetime as dt
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
import pytz
|
|
|
|
|
|
|
|
import stix2
|
|
|
|
|
2019-01-29 16:52:59 +01:00
|
|
|
from .constants import IDENTITY_ID, INDICATOR_ID, SIGHTING_ID, SIGHTING_KWARGS
|
2018-07-03 13:00:18 +02:00
|
|
|
|
|
|
|
EXPECTED_SIGHTING = """{
|
|
|
|
"type": "sighting",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
|
|
|
|
"created": "2016-04-06T20:06:37.000Z",
|
|
|
|
"modified": "2016-04-06T20:06:37.000Z",
|
2018-07-11 15:43:37 +02:00
|
|
|
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
2018-07-03 13:00:18 +02:00
|
|
|
"where_sighted_refs": [
|
2019-01-29 16:52:59 +01:00
|
|
|
"identity--311b2d2d-f010-4473-83ec-1edf84858f4c"
|
2018-07-03 13:00:18 +02:00
|
|
|
]
|
|
|
|
}"""
|
|
|
|
|
|
|
|
BAD_SIGHTING = """{
|
|
|
|
"created": "2016-04-06T20:06:37.000Z",
|
|
|
|
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
|
|
|
|
"modified": "2016-04-06T20:06:37.000Z",
|
2018-07-11 15:43:37 +02:00
|
|
|
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
2018-07-03 13:00:18 +02:00
|
|
|
"spec_version": "2.1",
|
|
|
|
"type": "sighting",
|
|
|
|
"where_sighted_refs": [
|
|
|
|
"malware--8cc7afd6-5455-4d2b-a736-e614ee631d99"
|
|
|
|
]
|
|
|
|
}"""
|
|
|
|
|
|
|
|
|
|
|
|
def test_sighting_all_required_properties():
|
|
|
|
now = dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
|
|
|
|
|
2018-07-03 15:40:51 +02:00
|
|
|
s = stix2.v21.Sighting(
|
2018-07-03 13:00:18 +02:00
|
|
|
type='sighting',
|
|
|
|
id=SIGHTING_ID,
|
|
|
|
created=now,
|
|
|
|
modified=now,
|
|
|
|
sighting_of_ref=INDICATOR_ID,
|
2019-01-29 16:52:59 +01:00
|
|
|
where_sighted_refs=[IDENTITY_ID],
|
2018-07-03 13:00:18 +02:00
|
|
|
)
|
|
|
|
assert str(s) == EXPECTED_SIGHTING
|
|
|
|
|
|
|
|
|
|
|
|
def test_sighting_bad_where_sighted_refs():
|
|
|
|
now = dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
|
|
|
|
|
|
|
|
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
|
2018-07-03 15:40:51 +02:00
|
|
|
stix2.v21.Sighting(
|
2018-07-03 13:00:18 +02:00
|
|
|
type='sighting',
|
|
|
|
id=SIGHTING_ID,
|
|
|
|
created=now,
|
|
|
|
modified=now,
|
|
|
|
sighting_of_ref=INDICATOR_ID,
|
2018-07-13 17:10:05 +02:00
|
|
|
where_sighted_refs=["malware--8cc7afd6-5455-4d2b-a736-e614ee631d99"],
|
2018-07-03 13:00:18 +02:00
|
|
|
)
|
|
|
|
|
2018-07-03 15:40:51 +02:00
|
|
|
assert excinfo.value.cls == stix2.v21.Sighting
|
2018-07-03 13:00:18 +02:00
|
|
|
assert excinfo.value.prop_name == "where_sighted_refs"
|
|
|
|
assert excinfo.value.reason == "must start with 'identity'."
|
|
|
|
assert str(excinfo.value) == "Invalid value for Sighting 'where_sighted_refs': must start with 'identity'."
|
|
|
|
|
|
|
|
|
|
|
|
def test_sighting_type_must_be_sightings():
|
|
|
|
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
|
2018-07-03 15:40:51 +02:00
|
|
|
stix2.v21.Sighting(type='xxx', **SIGHTING_KWARGS)
|
2018-07-03 13:00:18 +02:00
|
|
|
|
2018-07-03 15:40:51 +02:00
|
|
|
assert excinfo.value.cls == stix2.v21.Sighting
|
2018-07-03 13:00:18 +02:00
|
|
|
assert excinfo.value.prop_name == "type"
|
|
|
|
assert excinfo.value.reason == "must equal 'sighting'."
|
|
|
|
assert str(excinfo.value) == "Invalid value for Sighting 'type': must equal 'sighting'."
|
|
|
|
|
|
|
|
|
|
|
|
def test_invalid_kwarg_to_sighting():
|
|
|
|
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo:
|
2018-07-03 15:40:51 +02:00
|
|
|
stix2.v21.Sighting(my_custom_property="foo", **SIGHTING_KWARGS)
|
2018-07-03 13:00:18 +02:00
|
|
|
|
2018-07-03 15:40:51 +02:00
|
|
|
assert excinfo.value.cls == stix2.v21.Sighting
|
2018-07-03 13:00:18 +02:00
|
|
|
assert excinfo.value.properties == ['my_custom_property']
|
|
|
|
assert str(excinfo.value) == "Unexpected properties for Sighting: (my_custom_property)."
|
|
|
|
|
|
|
|
|
|
|
|
def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811
|
2018-07-03 15:40:51 +02:00
|
|
|
rel = stix2.v21.Sighting(sighting_of_ref=malware)
|
2018-07-03 13:00:18 +02:00
|
|
|
|
2018-07-11 15:43:37 +02:00
|
|
|
assert rel.sighting_of_ref == 'malware--00000000-0000-4000-8000-000000000001'
|
|
|
|
assert rel.id == 'sighting--00000000-0000-4000-8000-000000000003'
|
2018-07-03 13:00:18 +02:00
|
|
|
|
|
|
|
|
2018-07-13 17:10:05 +02:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"data", [
|
|
|
|
EXPECTED_SIGHTING,
|
|
|
|
{
|
|
|
|
"created": "2016-04-06T20:06:37Z",
|
2019-01-23 16:56:20 +01:00
|
|
|
"id": SIGHTING_ID,
|
2018-07-13 17:10:05 +02:00
|
|
|
"modified": "2016-04-06T20:06:37Z",
|
|
|
|
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"type": "sighting",
|
|
|
|
"where_sighted_refs": [
|
2019-01-29 16:52:59 +01:00
|
|
|
IDENTITY_ID,
|
2018-07-13 17:10:05 +02:00
|
|
|
],
|
|
|
|
},
|
|
|
|
],
|
|
|
|
)
|
2018-07-03 13:00:18 +02:00
|
|
|
def test_parse_sighting(data):
|
2018-07-03 15:40:51 +02:00
|
|
|
sighting = stix2.parse(data, version="2.1")
|
2018-07-03 13:00:18 +02:00
|
|
|
|
|
|
|
assert sighting.type == 'sighting'
|
2018-07-03 15:40:51 +02:00
|
|
|
assert sighting.spec_version == '2.1'
|
2018-07-03 13:00:18 +02:00
|
|
|
assert sighting.id == SIGHTING_ID
|
|
|
|
assert sighting.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
|
|
|
|
assert sighting.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
|
2019-01-23 16:56:20 +01:00
|
|
|
assert sighting.sighting_of_ref == INDICATOR_ID
|
2019-01-29 16:52:59 +01:00
|
|
|
assert sighting.where_sighted_refs == [IDENTITY_ID]
|