2017-04-25 00:29:56 +02:00
|
|
|
import datetime as dt
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
import pytest
|
|
|
|
import pytz
|
2017-05-09 21:10:53 +02:00
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
import stix2
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
from .constants import ATTACK_PATTERN_ID
|
|
|
|
|
2017-05-09 21:10:53 +02:00
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
EXPECTED = """{
|
2017-04-11 18:10:55 +02:00
|
|
|
"created": "2016-05-12T08:17:27Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
"description": "...",
|
|
|
|
"external_references": [
|
|
|
|
{
|
2017-04-19 20:32:56 +02:00
|
|
|
"external_id": "CAPEC-163",
|
2017-02-24 18:56:55 +01:00
|
|
|
"source_name": "capec"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
|
2017-04-11 18:10:55 +02:00
|
|
|
"modified": "2016-05-12T08:17:27Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
"name": "Spear Phishing",
|
|
|
|
"type": "attack-pattern"
|
|
|
|
}"""
|
|
|
|
|
|
|
|
|
|
|
|
def test_attack_pattern_example():
|
|
|
|
ap = stix2.AttackPattern(
|
|
|
|
id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
|
2017-04-11 18:10:55 +02:00
|
|
|
created="2016-05-12T08:17:27Z",
|
|
|
|
modified="2016-05-12T08:17:27Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
name="Spear Phishing",
|
|
|
|
external_references=[{
|
|
|
|
"source_name": "capec",
|
2017-04-19 20:32:56 +02:00
|
|
|
"external_id": "CAPEC-163"
|
2017-02-24 18:56:55 +01:00
|
|
|
}],
|
|
|
|
description="...",
|
|
|
|
)
|
|
|
|
|
|
|
|
assert str(ap) == EXPECTED
|
|
|
|
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
@pytest.mark.parametrize("data", [
|
|
|
|
EXPECTED,
|
|
|
|
{
|
|
|
|
"type": "attack-pattern",
|
|
|
|
"id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
|
|
|
|
"created": "2016-05-12T08:17:27Z",
|
|
|
|
"modified": "2016-05-12T08:17:27Z",
|
|
|
|
"description": "...",
|
|
|
|
"external_references": [
|
|
|
|
{
|
2017-04-19 20:32:56 +02:00
|
|
|
"external_id": "CAPEC-163",
|
2017-04-19 15:22:08 +02:00
|
|
|
"source_name": "capec"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"name": "Spear Phishing",
|
|
|
|
},
|
|
|
|
])
|
|
|
|
def test_parse_attack_pattern(data):
|
|
|
|
ap = stix2.parse(data)
|
|
|
|
|
|
|
|
assert ap.type == 'attack-pattern'
|
|
|
|
assert ap.id == ATTACK_PATTERN_ID
|
|
|
|
assert ap.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
|
|
|
|
assert ap.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
|
|
|
|
assert ap.description == "..."
|
2017-04-19 20:32:56 +02:00
|
|
|
assert ap.external_references[0].external_id == 'CAPEC-163'
|
|
|
|
assert ap.external_references[0].source_name == 'capec'
|
2017-04-19 15:22:08 +02:00
|
|
|
assert ap.name == "Spear Phishing"
|
|
|
|
|
2017-05-15 16:57:40 +02:00
|
|
|
|
|
|
|
def test_attack_pattern_invalid_labels():
|
|
|
|
with pytest.raises(stix2.exceptions.InvalidValueError):
|
|
|
|
stix2.AttackPattern(
|
|
|
|
id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
|
|
|
|
created="2016-05-12T08:17:27Z",
|
|
|
|
modified="2016-05-12T08:17:27Z",
|
|
|
|
name="Spear Phishing",
|
|
|
|
labels=1
|
|
|
|
)
|
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
# TODO: Add other examples
|