cti-python-stix2/stix2/test/v21/test_threat_actor.py

94 lines
2.6 KiB
Python
Raw Normal View History

import datetime as dt
import pytest
import pytz
import stix2
import stix2.v21
from .constants import IDENTITY_ID, THREAT_ACTOR_ID
EXPECTED = """{
"type": "threat-actor",
"spec_version": "2.1",
"id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z",
"name": "Evil Org",
2018-10-15 20:48:52 +02:00
"description": "The Evil Org threat actor group",
"threat_actor_types": [
"crime-syndicate"
2018-10-15 20:48:52 +02:00
]
}"""
def test_threat_actor_example():
threat_actor = stix2.v21.ThreatActor(
2019-01-23 16:56:20 +01:00
id=THREAT_ACTOR_ID,
created_by_ref=IDENTITY_ID,
created="2016-04-06T20:03:48.000Z",
modified="2016-04-06T20:03:48.000Z",
name="Evil Org",
description="The Evil Org threat actor group",
threat_actor_types=["crime-syndicate"],
)
assert threat_actor.serialize(pretty=True) == EXPECTED
@pytest.mark.parametrize(
"data", [
EXPECTED,
{
"created": "2016-04-06T20:03:48.000Z",
"created_by_ref": IDENTITY_ID,
"description": "The Evil Org threat actor group",
2019-01-23 16:56:20 +01:00
"id": THREAT_ACTOR_ID,
"threat_actor_types": [
"crime-syndicate",
],
"modified": "2016-04-06T20:03:48.000Z",
"name": "Evil Org",
"spec_version": "2.1",
"type": "threat-actor",
},
],
)
def test_parse_threat_actor(data):
actor = stix2.parse(data, version="2.1")
assert actor.type == 'threat-actor'
assert actor.spec_version == '2.1'
assert actor.id == THREAT_ACTOR_ID
assert actor.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
assert actor.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
assert actor.created_by_ref == IDENTITY_ID
assert actor.description == "The Evil Org threat actor group"
assert actor.name == "Evil Org"
assert actor.threat_actor_types == ["crime-syndicate"]
def test_seen_ordering_constraint():
"""
Test first_seen/last_seen value co-constraint.
"""
with pytest.raises(ValueError):
stix2.v21.ThreatActor(
name="Bad Person",
threat_actor_types=["hacker", "criminal"],
first_seen="2010-04-21T09:31:11Z",
last_seen="2009-02-06T03:39:31Z",
)
# equal timestamps is okay.
stix2.v21.ThreatActor(
name="Bad Person",
threat_actor_types=["hacker", "criminal"],
first_seen="2010-04-21T09:31:11Z",
last_seen="2010-04-21T09:31:11Z",
)
# TODO: Add other examples