2017-05-30 22:56:27 +02:00
|
|
|
from stix2.sources import taxii
|
2017-05-25 19:31:45 +02:00
|
|
|
|
|
|
|
|
2017-05-30 22:56:27 +02:00
|
|
|
def test_ds_taxii():
|
2017-05-31 15:47:36 +02:00
|
|
|
ds = taxii.TAXIIDataSource()
|
|
|
|
assert ds.name == 'TAXII'
|
2017-05-30 22:56:27 +02:00
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
|
2017-05-30 22:56:27 +02:00
|
|
|
def test_ds_taxii_name():
|
2017-05-31 15:47:36 +02:00
|
|
|
ds = taxii.TAXIIDataSource(name='My Data Source Name')
|
|
|
|
assert ds.name == "My Data Source Name"
|
2017-05-30 22:56:27 +02:00
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
|
2017-05-30 22:56:27 +02:00
|
|
|
def test_ds_params():
|
2017-05-31 15:47:36 +02:00
|
|
|
url = "http://taxii_url.com:5000"
|
2017-05-31 15:58:14 +02:00
|
|
|
creds = {"username": "Wade", "password": "Wilson"}
|
|
|
|
ds = taxii.TAXIIDataSource(api_root=url, auth=creds)
|
2017-05-31 15:47:36 +02:00
|
|
|
assert ds.taxii_info['api_root']['url'] == url
|
|
|
|
assert ds.taxii_info['auth'] == creds
|
2017-05-30 22:56:27 +02:00
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
|
2017-05-30 22:56:27 +02:00
|
|
|
def test_parse_taxii_filters():
|
2017-05-31 15:47:36 +02:00
|
|
|
query = [
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "added_after",
|
|
|
|
"op": "=",
|
|
|
|
"value": "2016-02-01T00:00:01.000Z"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "id",
|
|
|
|
"op": "=",
|
|
|
|
"value": "taxii stix object ID"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "type",
|
|
|
|
"op": "=",
|
|
|
|
"value": "taxii stix object ID"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "version",
|
|
|
|
"op": "=",
|
|
|
|
"value": "first"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "created_by_ref",
|
|
|
|
"op": "=",
|
|
|
|
"value": "Bane"
|
2017-05-31 15:47:36 +02:00
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
expected_params = {
|
2017-05-31 15:58:14 +02:00
|
|
|
"added_after": "2016-02-01T00:00:01.000Z",
|
|
|
|
"match[id]": "taxii stix object ID",
|
|
|
|
"match[type]": "taxii stix object ID",
|
|
|
|
"match[version]": "first"
|
2017-05-31 15:47:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
ds = taxii.TAXIIDataSource()
|
|
|
|
|
|
|
|
taxii_filters = ds._parse_taxii_filters(query)
|
|
|
|
|
|
|
|
assert taxii_filters == expected_params
|
|
|
|
|
|
|
|
|
|
|
|
def test_add_get_remove_filter():
|
|
|
|
class dummy(object):
|
|
|
|
x = 4
|
|
|
|
|
|
|
|
obj_1 = dummy()
|
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
# First 3 filters are valid, remaining fields are erroneous in some way
|
2017-05-31 15:47:36 +02:00
|
|
|
filters = [
|
|
|
|
{
|
|
|
|
"field": "type",
|
|
|
|
"op": '=',
|
2017-05-31 15:58:14 +02:00
|
|
|
"value": "malware"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "id",
|
|
|
|
"op": "!=",
|
|
|
|
"value": "stix object id"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "labels",
|
|
|
|
"op": "in",
|
|
|
|
"value": ["heartbleed", "malicious-activity"]
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "revoked",
|
|
|
|
"value": "filter missing \'op\' field"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "granular_markings",
|
|
|
|
"op": "=",
|
|
|
|
"value": "not supported field - just place holder"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "modified",
|
|
|
|
"op": "*",
|
|
|
|
"value": "not supported operator - just place holder"
|
2017-05-31 15:47:36 +02:00
|
|
|
},
|
|
|
|
{
|
2017-05-31 15:58:14 +02:00
|
|
|
"field": "created",
|
|
|
|
"op": "=",
|
|
|
|
"value": obj_1
|
2017-05-31 15:47:36 +02:00
|
|
|
}
|
|
|
|
]
|
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
expected_errors = [
|
2017-05-31 15:47:36 +02:00
|
|
|
"Filter was missing a required field(key). Each filter requires 'field', 'op', 'value' keys.",
|
|
|
|
"Filter 'field' is not a STIX 2.0 common property. Currently only STIX object common properties supported",
|
|
|
|
"Filter operation(from 'op' field) not supported",
|
|
|
|
"Filter 'value' type is not supported. The type(value) must be python immutable type or dictionary"
|
|
|
|
]
|
|
|
|
|
|
|
|
ds = taxii.TAXIIDataSource()
|
2017-05-31 15:58:14 +02:00
|
|
|
# add
|
2017-05-31 15:47:36 +02:00
|
|
|
ids, statuses = ds.add_filter(filters)
|
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
# 7 filters should have been successfully added
|
2017-05-31 15:47:36 +02:00
|
|
|
assert len(ids) == 7
|
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
# all filters added to data source
|
2017-05-31 15:47:36 +02:00
|
|
|
for idx, status in enumerate(statuses):
|
|
|
|
assert status['filter'] == filters[idx]
|
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
# proper status warnings were triggered
|
2017-05-31 15:47:36 +02:00
|
|
|
assert statuses[3]['errors'][0] == expected_errors[0]
|
|
|
|
assert statuses[4]['errors'][0] == expected_errors[1]
|
|
|
|
assert statuses[5]['errors'][0] == expected_errors[2]
|
|
|
|
assert statuses[6]['errors'][0] == expected_errors[3]
|
2017-05-30 22:56:27 +02:00
|
|
|
|
|
|
|
|
2017-05-31 15:58:14 +02:00
|
|
|
# def test_data_source_file():
|
|
|
|
# ds = file.FileDataSource()
|
|
|
|
#
|
|
|
|
# assert ds.name == "DataSource"
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# def test_data_source_name():
|
|
|
|
# ds = file.FileDataSource(name="My File Data Source")
|
|
|
|
#
|
|
|
|
# assert ds.name == "My File Data Source"
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# def test_data_source_get():
|
|
|
|
# ds = file.FileDataSource(name="My File Data Source")
|
|
|
|
#
|
|
|
|
# with pytest.raises(NotImplementedError):
|
|
|
|
# ds.get("foo")
|
|
|
|
#
|
|
|
|
# #filter testing
|
|
|
|
# def test_add_filter():
|
|
|
|
# ds = file.FileDataSource()
|