2017-04-25 00:29:56 +02:00
|
|
|
import datetime as dt
|
|
|
|
|
2017-03-31 21:52:27 +02:00
|
|
|
import pytest
|
2017-04-19 15:22:08 +02:00
|
|
|
import pytz
|
2017-05-09 21:10:53 +02:00
|
|
|
|
2017-04-25 00:29:56 +02:00
|
|
|
import stix2
|
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
from .constants import INDICATOR_KWARGS, REPORT_ID
|
2017-02-24 18:56:55 +01:00
|
|
|
|
|
|
|
EXPECTED = """{
|
2017-08-15 19:41:51 +02:00
|
|
|
"type": "report",
|
2017-02-24 18:56:55 +01:00
|
|
|
"id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3",
|
2017-08-15 19:41:51 +02:00
|
|
|
"created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
|
|
|
|
"created": "2015-12-21T19:59:11.000Z",
|
2017-06-23 00:47:35 +02:00
|
|
|
"modified": "2015-12-21T19:59:11.000Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
"name": "The Black Vine Cyberespionage Group",
|
2017-08-15 19:41:51 +02:00
|
|
|
"description": "A simple report with an indicator and campaign",
|
|
|
|
"published": "2016-01-20T17:00:00Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
"object_refs": [
|
|
|
|
"indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",
|
|
|
|
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
|
|
|
|
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a"
|
|
|
|
],
|
2017-08-15 19:41:51 +02:00
|
|
|
"labels": [
|
|
|
|
"campaign"
|
|
|
|
]
|
2017-02-24 18:56:55 +01:00
|
|
|
}"""
|
|
|
|
|
|
|
|
|
|
|
|
def test_report_example():
|
2018-07-05 21:23:25 +02:00
|
|
|
report = stix2.v20.Report(
|
2017-02-24 18:56:55 +01:00
|
|
|
id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3",
|
|
|
|
created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
|
2017-06-23 00:47:35 +02:00
|
|
|
created="2015-12-21T19:59:11.000Z",
|
|
|
|
modified="2015-12-21T19:59:11.000Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
name="The Black Vine Cyberespionage Group",
|
|
|
|
description="A simple report with an indicator and campaign",
|
2017-04-18 15:21:38 +02:00
|
|
|
published="2016-01-20T17:00:00Z",
|
2017-02-24 18:56:55 +01:00
|
|
|
labels=["campaign"],
|
|
|
|
object_refs=[
|
|
|
|
"indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",
|
|
|
|
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
|
2018-07-13 17:10:05 +02:00
|
|
|
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a",
|
2017-02-24 18:56:55 +01:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
assert str(report) == EXPECTED
|
|
|
|
|
2017-03-31 21:52:27 +02:00
|
|
|
|
|
|
|
def test_report_example_objects_in_object_refs():
|
2018-07-05 21:23:25 +02:00
|
|
|
report = stix2.v20.Report(
|
2017-03-31 21:52:27 +02:00
|
|
|
id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3",
|
|
|
|
created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
|
|
|
|
created="2015-12-21T19:59:11.000Z",
|
|
|
|
modified="2015-12-21T19:59:11.000Z",
|
|
|
|
name="The Black Vine Cyberespionage Group",
|
|
|
|
description="A simple report with an indicator and campaign",
|
2017-04-18 15:21:38 +02:00
|
|
|
published="2016-01-20T17:00:00Z",
|
2017-03-31 21:52:27 +02:00
|
|
|
labels=["campaign"],
|
|
|
|
object_refs=[
|
2018-07-12 20:33:00 +02:00
|
|
|
stix2.v20.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS),
|
2017-03-31 21:52:27 +02:00
|
|
|
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
|
2018-07-13 17:10:05 +02:00
|
|
|
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a",
|
2017-03-31 21:52:27 +02:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
|
|
|
assert str(report) == EXPECTED
|
|
|
|
|
|
|
|
|
|
|
|
def test_report_example_objects_in_object_refs_with_bad_id():
|
2017-04-18 21:42:59 +02:00
|
|
|
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
|
2018-07-05 21:23:25 +02:00
|
|
|
stix2.v20.Report(
|
2017-03-31 21:52:27 +02:00
|
|
|
id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3",
|
|
|
|
created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
|
|
|
|
created="2015-12-21T19:59:11.000Z",
|
|
|
|
modified="2015-12-21T19:59:11.000Z",
|
|
|
|
name="The Black Vine Cyberespionage Group",
|
|
|
|
description="A simple report with an indicator and campaign",
|
2017-04-18 15:21:38 +02:00
|
|
|
published="2016-01-20T17:00:00Z",
|
2017-03-31 21:52:27 +02:00
|
|
|
labels=["campaign"],
|
|
|
|
object_refs=[
|
2018-07-12 20:33:00 +02:00
|
|
|
stix2.v20.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS),
|
2017-03-31 21:52:27 +02:00
|
|
|
"campaign-83422c77-904c-4dc1-aff5-5c38f3a2c55c", # the "bad" id, missing a "-"
|
2018-07-13 17:10:05 +02:00
|
|
|
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a",
|
2017-03-31 21:52:27 +02:00
|
|
|
],
|
|
|
|
)
|
|
|
|
|
2018-07-05 21:23:25 +02:00
|
|
|
assert excinfo.value.cls == stix2.v20.Report
|
2017-04-18 21:19:16 +02:00
|
|
|
assert excinfo.value.prop_name == "object_refs"
|
2018-07-05 18:25:48 +02:00
|
|
|
assert excinfo.value.reason == stix2.properties.ERROR_INVALID_ID
|
|
|
|
assert str(excinfo.value) == "Invalid value for Report 'object_refs': " + stix2.properties.ERROR_INVALID_ID
|
2017-03-31 21:52:27 +02:00
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
|
2018-07-13 17:10:05 +02:00
|
|
|
@pytest.mark.parametrize(
|
|
|
|
"data", [
|
|
|
|
EXPECTED,
|
|
|
|
{
|
|
|
|
"created": "2015-12-21T19:59:11.000Z",
|
|
|
|
"created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
|
|
|
|
"description": "A simple report with an indicator and campaign",
|
|
|
|
"id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3",
|
|
|
|
"labels": [
|
|
|
|
"campaign",
|
|
|
|
],
|
|
|
|
"modified": "2015-12-21T19:59:11.000Z",
|
|
|
|
"name": "The Black Vine Cyberespionage Group",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",
|
|
|
|
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
|
|
|
|
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a",
|
|
|
|
],
|
|
|
|
"published": "2016-01-20T17:00:00Z",
|
|
|
|
"type": "report",
|
|
|
|
},
|
|
|
|
],
|
|
|
|
)
|
2017-04-19 15:22:08 +02:00
|
|
|
def test_parse_report(data):
|
2018-07-05 21:23:25 +02:00
|
|
|
rept = stix2.parse(data, version="2.0")
|
2017-04-19 15:22:08 +02:00
|
|
|
|
|
|
|
assert rept.type == 'report'
|
|
|
|
assert rept.id == REPORT_ID
|
|
|
|
assert rept.created == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc)
|
|
|
|
assert rept.modified == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc)
|
|
|
|
assert rept.created_by_ref == "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283"
|
2018-07-13 17:10:05 +02:00
|
|
|
assert rept.object_refs == [
|
|
|
|
"indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",
|
|
|
|
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
|
|
|
|
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a",
|
|
|
|
]
|
2017-04-19 15:22:08 +02:00
|
|
|
assert rept.description == "A simple report with an indicator and campaign"
|
|
|
|
assert rept.labels == ["campaign"]
|
|
|
|
assert rept.name == "The Black Vine Cyberespionage Group"
|
|
|
|
|
2017-02-24 18:56:55 +01:00
|
|
|
# TODO: Add other examples
|