2017-11-02 12:21:24 +01:00
|
|
|
"""STIX 2.1 Common Data Types and Properties."""
|
2017-02-10 22:35:02 +01:00
|
|
|
|
2017-09-01 22:37:49 +02:00
|
|
|
from collections import OrderedDict
|
2017-08-11 21:11:54 +02:00
|
|
|
|
2018-07-11 14:11:47 +02:00
|
|
|
from ..custom import _custom_marking_builder
|
2020-03-05 02:55:52 +01:00
|
|
|
from ..exceptions import InvalidValueError
|
2017-11-02 12:21:24 +01:00
|
|
|
from ..markings import _MarkingsMixin
|
2019-05-08 16:35:53 +02:00
|
|
|
from ..markings.utils import check_tlp_marking
|
2018-07-13 17:10:05 +02:00
|
|
|
from ..properties import (
|
|
|
|
BooleanProperty, DictionaryProperty, HashesProperty, IDProperty,
|
2018-10-15 21:02:59 +02:00
|
|
|
IntegerProperty, ListProperty, Property, ReferenceProperty,
|
|
|
|
SelectorProperty, StringProperty, TimestampProperty, TypeProperty,
|
2018-07-13 17:10:05 +02:00
|
|
|
)
|
2018-05-23 17:43:52 +02:00
|
|
|
from ..utils import NOW, _get_dict
|
2020-03-22 03:22:36 +01:00
|
|
|
from .base import _STIXBase21
|
2017-02-10 22:35:02 +01:00
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
|
2020-03-22 03:22:36 +01:00
|
|
|
class ExternalReference(_STIXBase21):
|
2018-07-10 21:15:33 +02:00
|
|
|
"""For more detailed information on this object's properties, see
|
2020-03-25 16:36:29 +01:00
|
|
|
`the STIX 2.1 specification <https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_bajcvqteiard>`__.
|
2018-07-10 21:15:33 +02:00
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-14 21:21:58 +02:00
|
|
|
('source_name', StringProperty(required=True)),
|
|
|
|
('description', StringProperty()),
|
|
|
|
('url', StringProperty()),
|
2018-07-12 20:31:14 +02:00
|
|
|
('hashes', HashesProperty(spec_version='2.1')),
|
2017-08-14 21:21:58 +02:00
|
|
|
('external_id', StringProperty()),
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
2020-03-05 02:55:52 +01:00
|
|
|
# This is hash-algorithm-ov
|
|
|
|
_LEGAL_HASHES = {
|
|
|
|
"MD5", "SHA-1", "SHA-256", "SHA-512", "SHA3-256", "SHA3-512", "SSDEEP",
|
|
|
|
"TLSH",
|
|
|
|
}
|
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
def _check_object_constraints(self):
|
|
|
|
super(ExternalReference, self)._check_object_constraints()
|
2018-06-30 00:38:04 +02:00
|
|
|
self._check_at_least_one_property(['description', 'external_id', 'url'])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
2020-03-05 02:55:52 +01:00
|
|
|
if "hashes" in self:
|
|
|
|
if any(
|
|
|
|
hash_ not in self._LEGAL_HASHES
|
|
|
|
for hash_ in self["hashes"]
|
|
|
|
):
|
|
|
|
raise InvalidValueError(
|
|
|
|
ExternalReference, "hashes",
|
|
|
|
"Hash algorithm names must be members of hash-algorithm-ov",
|
|
|
|
)
|
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
|
2020-03-22 03:22:36 +01:00
|
|
|
class KillChainPhase(_STIXBase21):
|
2018-07-10 21:15:33 +02:00
|
|
|
"""For more detailed information on this object's properties, see
|
2020-03-25 16:36:29 +01:00
|
|
|
`the STIX 2.1 specification <https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_i4tjv75ce50h>`__.
|
2018-07-10 21:15:33 +02:00
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-08-14 21:21:58 +02:00
|
|
|
('kill_chain_name', StringProperty(required=True)),
|
|
|
|
('phase_name', StringProperty(required=True)),
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
|
2020-03-22 03:22:36 +01:00
|
|
|
class GranularMarking(_STIXBase21):
|
2018-07-10 21:15:33 +02:00
|
|
|
"""For more detailed information on this object's properties, see
|
2020-03-25 16:36:29 +01:00
|
|
|
`the STIX 2.1 specification <https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_robezi5egfdr>`__.
|
2018-07-10 21:15:33 +02:00
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2017-10-11 19:30:26 +02:00
|
|
|
('lang', StringProperty()),
|
2019-08-27 23:36:45 +02:00
|
|
|
('marking_ref', ReferenceProperty(valid_types='marking-definition', spec_version='2.1')),
|
2017-08-14 21:21:58 +02:00
|
|
|
('selectors', ListProperty(SelectorProperty, required=True)),
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
2017-10-11 19:30:26 +02:00
|
|
|
def _check_object_constraints(self):
|
|
|
|
super(GranularMarking, self)._check_object_constraints()
|
2018-06-30 00:38:04 +02:00
|
|
|
self._check_at_least_one_property(['lang', 'marking_ref'])
|
2017-10-11 19:30:26 +02:00
|
|
|
|
|
|
|
|
2020-03-22 03:22:36 +01:00
|
|
|
class LanguageContent(_STIXBase21):
|
2018-07-10 21:15:33 +02:00
|
|
|
"""For more detailed information on this object's properties, see
|
2020-03-25 16:36:29 +01:00
|
|
|
`the STIX 2.1 specification <https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_nfwr8z9ax2bi>`__.
|
2018-07-10 21:15:33 +02:00
|
|
|
"""
|
2017-10-23 14:04:18 +02:00
|
|
|
|
2017-10-11 19:30:26 +02:00
|
|
|
_type = 'language-content'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2020-04-02 03:52:04 +02:00
|
|
|
('type', TypeProperty(_type, spec_version='2.1')),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2019-06-14 23:58:51 +02:00
|
|
|
('id', IDProperty(_type, spec_version='2.1')),
|
2019-08-27 23:36:45 +02:00
|
|
|
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')),
|
2020-03-17 01:25:38 +01:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
|
|
|
|
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
|
2019-11-06 16:11:12 +01:00
|
|
|
('object_ref', ReferenceProperty(valid_types=["SCO", "SDO", "SRO"], spec_version='2.1', required=True)),
|
2017-10-11 19:30:26 +02:00
|
|
|
# TODO: 'object_modified' it MUST be an exact match for the modified time of the STIX Object (SRO or SDO) being referenced.
|
2019-07-25 22:56:34 +02:00
|
|
|
('object_modified', TimestampProperty(precision='millisecond')),
|
2017-10-11 19:30:26 +02:00
|
|
|
# TODO: 'contents' https://docs.google.com/document/d/1ShNq4c3e1CkfANmD9O--mdZ5H0O_GLnjN28a_yrEaco/edit#heading=h.cfz5hcantmvx
|
2018-07-10 21:07:08 +02:00
|
|
|
('contents', DictionaryProperty(spec_version='2.1', required=True)),
|
2017-10-11 19:30:26 +02:00
|
|
|
('revoked', BooleanProperty()),
|
|
|
|
('labels', ListProperty(StringProperty)),
|
2018-10-15 21:02:59 +02:00
|
|
|
('confidence', IntegerProperty()),
|
2017-10-11 19:30:26 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2019-08-27 23:36:45 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
|
2017-10-11 19:30:26 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
])
|
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
|
2020-03-22 03:22:36 +01:00
|
|
|
class TLPMarking(_STIXBase21):
|
2018-07-10 21:15:33 +02:00
|
|
|
"""For more detailed information on this object's properties, see
|
2020-03-25 16:36:29 +01:00
|
|
|
`the STIX 2.1 specification <https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_yd3ar14ekwrs>`__.
|
2018-07-10 21:15:33 +02:00
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
2017-08-14 21:21:58 +02:00
|
|
|
_type = 'tlp'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2018-11-29 16:26:20 +01:00
|
|
|
('tlp', StringProperty(required=True)),
|
2017-08-14 21:21:58 +02:00
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
|
2020-03-22 03:22:36 +01:00
|
|
|
class StatementMarking(_STIXBase21):
|
2018-07-10 21:15:33 +02:00
|
|
|
"""For more detailed information on this object's properties, see
|
2020-03-25 16:36:29 +01:00
|
|
|
`the STIX 2.1 specification <https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_3ru8r05saera>`__.
|
2018-07-10 21:15:33 +02:00
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
2017-08-14 21:21:58 +02:00
|
|
|
_type = 'statement'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2018-07-13 17:10:05 +02:00
|
|
|
('statement', StringProperty(required=True)),
|
2017-08-14 21:21:58 +02:00
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
def __init__(self, statement=None, **kwargs):
|
|
|
|
# Allow statement as positional args.
|
|
|
|
if statement and not kwargs.get('statement'):
|
|
|
|
kwargs['statement'] = statement
|
|
|
|
|
|
|
|
super(StatementMarking, self).__init__(**kwargs)
|
|
|
|
|
|
|
|
|
|
|
|
class MarkingProperty(Property):
|
2017-09-22 17:03:25 +02:00
|
|
|
"""Represent the marking objects in the ``definition`` property of
|
2017-08-11 22:18:20 +02:00
|
|
|
marking-definition objects.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def clean(self, value):
|
2017-08-14 21:21:58 +02:00
|
|
|
if type(value) in OBJ_MAP_MARKING.values():
|
2017-08-11 22:18:20 +02:00
|
|
|
return value
|
|
|
|
else:
|
2017-08-14 21:21:58 +02:00
|
|
|
raise ValueError("must be a Statement, TLP Marking or a registered marking.")
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
|
2020-03-22 03:22:36 +01:00
|
|
|
class MarkingDefinition(_STIXBase21, _MarkingsMixin):
|
2018-07-10 21:15:33 +02:00
|
|
|
"""For more detailed information on this object's properties, see
|
2020-03-25 16:36:29 +01:00
|
|
|
`the STIX 2.1 specification <https://docs.oasis-open.org/cti/stix/v2.1/cs01/stix-v2.1-cs01.html#_hr5vgqxjk7ns>`__.
|
2018-07-10 21:15:33 +02:00
|
|
|
"""
|
2017-10-06 21:09:14 +02:00
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
_type = 'marking-definition'
|
2018-06-30 00:38:04 +02:00
|
|
|
_properties = OrderedDict([
|
2020-04-02 03:52:04 +02:00
|
|
|
('type', TypeProperty(_type, spec_version='2.1')),
|
2018-06-30 00:48:41 +02:00
|
|
|
('spec_version', StringProperty(fixed='2.1')),
|
2017-08-14 21:21:58 +02:00
|
|
|
('id', IDProperty(_type)),
|
2019-08-27 23:36:45 +02:00
|
|
|
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')),
|
2020-03-17 01:25:38 +01:00
|
|
|
('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
|
2017-08-14 21:21:58 +02:00
|
|
|
('external_references', ListProperty(ExternalReference)),
|
2019-08-27 23:36:45 +02:00
|
|
|
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
|
2017-08-14 21:21:58 +02:00
|
|
|
('granular_markings', ListProperty(GranularMarking)),
|
|
|
|
('definition_type', StringProperty(required=True)),
|
2020-01-28 19:19:23 +01:00
|
|
|
('name', StringProperty()),
|
2017-08-14 21:21:58 +02:00
|
|
|
('definition', MarkingProperty(required=True)),
|
|
|
|
])
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
def __init__(self, **kwargs):
|
|
|
|
if set(('definition_type', 'definition')).issubset(kwargs.keys()):
|
|
|
|
# Create correct marking type object
|
|
|
|
try:
|
2017-08-14 21:21:58 +02:00
|
|
|
marking_type = OBJ_MAP_MARKING[kwargs['definition_type']]
|
2017-08-11 22:18:20 +02:00
|
|
|
except KeyError:
|
|
|
|
raise ValueError("definition_type must be a valid marking type")
|
|
|
|
|
|
|
|
if not isinstance(kwargs['definition'], marking_type):
|
2018-05-23 17:43:52 +02:00
|
|
|
defn = _get_dict(kwargs['definition'])
|
2017-08-11 22:18:20 +02:00
|
|
|
kwargs['definition'] = marking_type(**defn)
|
2018-12-14 10:12:30 +01:00
|
|
|
interoperability = kwargs.get('interoperability', False)
|
|
|
|
self._properties['id'].interoperability = interoperability
|
|
|
|
if kwargs.get('created_by_ref'):
|
|
|
|
self._properties['created_by_ref'].interoperability = interoperability
|
|
|
|
if kwargs.get('object_marking_refs'):
|
|
|
|
self._properties['object_marking_refs'].contained.interoperability = interoperability
|
2017-08-11 22:18:20 +02:00
|
|
|
|
|
|
|
super(MarkingDefinition, self).__init__(**kwargs)
|
|
|
|
|
2019-05-03 15:59:07 +02:00
|
|
|
def _check_object_constraints(self):
|
|
|
|
super(MarkingDefinition, self)._check_object_constraints()
|
|
|
|
check_tlp_marking(self, '2.1')
|
|
|
|
|
|
|
|
def serialize(self, pretty=False, include_optional_defaults=False, **kwargs):
|
|
|
|
check_tlp_marking(self, '2.1')
|
|
|
|
return super(MarkingDefinition, self).serialize(pretty, include_optional_defaults, **kwargs)
|
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
|
2017-08-14 21:21:58 +02:00
|
|
|
OBJ_MAP_MARKING = {
|
|
|
|
'tlp': TLPMarking,
|
|
|
|
'statement': StatementMarking,
|
|
|
|
}
|
|
|
|
|
2017-08-28 20:30:53 +02:00
|
|
|
|
|
|
|
def CustomMarking(type='x-custom-marking', properties=None):
|
2017-09-22 17:03:25 +02:00
|
|
|
"""Custom STIX Marking decorator.
|
|
|
|
|
|
|
|
Example:
|
2018-07-10 21:07:08 +02:00
|
|
|
>>> from stix2.v21 import CustomMarking
|
|
|
|
>>> from stix2.properties import IntegerProperty, StringProperty
|
2017-09-22 17:03:25 +02:00
|
|
|
>>> @CustomMarking('x-custom-marking', [
|
|
|
|
... ('property1', StringProperty(required=True)),
|
|
|
|
... ('property2', IntegerProperty()),
|
|
|
|
... ])
|
|
|
|
... class MyNewMarkingObjectType():
|
|
|
|
... pass
|
2017-08-28 20:30:53 +02:00
|
|
|
|
|
|
|
"""
|
2018-07-10 21:07:08 +02:00
|
|
|
def wrapper(cls):
|
2020-03-22 03:22:36 +01:00
|
|
|
return _custom_marking_builder(cls, type, properties, '2.1', _STIXBase21)
|
2018-07-10 21:07:08 +02:00
|
|
|
return wrapper
|
2017-08-28 20:30:53 +02:00
|
|
|
|
|
|
|
|
2017-10-06 21:09:14 +02:00
|
|
|
# TODO: don't allow the creation of any other TLPMarkings than the ones below
|
|
|
|
|
2017-08-11 22:18:20 +02:00
|
|
|
TLP_WHITE = MarkingDefinition(
|
2018-06-30 00:38:04 +02:00
|
|
|
id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9',
|
|
|
|
created='2017-01-20T00:00:00.000Z',
|
|
|
|
definition_type='tlp',
|
2020-01-28 19:19:23 +01:00
|
|
|
name='TLP:WHITE',
|
2018-07-13 17:10:05 +02:00
|
|
|
definition=TLPMarking(tlp='white'),
|
2017-08-11 22:18:20 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
TLP_GREEN = MarkingDefinition(
|
2018-06-30 00:38:04 +02:00
|
|
|
id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da',
|
|
|
|
created='2017-01-20T00:00:00.000Z',
|
|
|
|
definition_type='tlp',
|
2020-01-28 19:19:23 +01:00
|
|
|
name='TLP:GREEN',
|
2018-07-13 17:10:05 +02:00
|
|
|
definition=TLPMarking(tlp='green'),
|
2017-08-11 22:18:20 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
TLP_AMBER = MarkingDefinition(
|
2018-06-30 00:38:04 +02:00
|
|
|
id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82',
|
|
|
|
created='2017-01-20T00:00:00.000Z',
|
|
|
|
definition_type='tlp',
|
2020-01-28 19:19:23 +01:00
|
|
|
name='TLP:AMBER',
|
2018-07-13 17:10:05 +02:00
|
|
|
definition=TLPMarking(tlp='amber'),
|
2017-08-11 22:18:20 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
TLP_RED = MarkingDefinition(
|
2018-06-30 00:38:04 +02:00
|
|
|
id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed',
|
|
|
|
created='2017-01-20T00:00:00.000Z',
|
|
|
|
definition_type='tlp',
|
2020-01-28 19:19:23 +01:00
|
|
|
name='TLP:RED',
|
2018-07-13 17:10:05 +02:00
|
|
|
definition=TLPMarking(tlp='red'),
|
2017-08-11 22:18:20 +02:00
|
|
|
)
|