cti-python-stix2/stix2/test/test_bundle.py

131 lines
4.2 KiB
Python
Raw Normal View History

2017-03-22 13:46:39 +01:00
import pytest
import stix2
2017-03-22 13:46:39 +01:00
EXPECTED_BUNDLE = """{
"type": "bundle",
2017-03-22 13:46:39 +01:00
"id": "bundle--00000000-0000-0000-0000-000000000004",
"spec_version": "2.0",
2017-03-22 13:46:39 +01:00
"objects": [
{
"type": "indicator",
2017-03-22 13:46:39 +01:00
"id": "indicator--00000000-0000-0000-0000-000000000001",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
2017-03-22 13:46:39 +01:00
"labels": [
"malicious-activity"
],
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "2017-01-01T12:34:56Z"
},
{
"type": "malware",
2017-03-22 13:46:39 +01:00
"id": "malware--00000000-0000-0000-0000-000000000002",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
2017-03-22 13:46:39 +01:00
"name": "Cryptolocker",
"labels": [
"ransomware"
]
2017-03-22 13:46:39 +01:00
},
{
"type": "relationship",
2017-03-22 13:46:39 +01:00
"id": "relationship--00000000-0000-0000-0000-000000000003",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
2017-03-22 13:46:39 +01:00
"relationship_type": "indicates",
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
2017-03-22 13:46:39 +01:00
}
]
2017-03-22 13:46:39 +01:00
}"""
def test_empty_bundle():
bundle = stix2.Bundle()
assert bundle.type == "bundle"
assert bundle.id.startswith("bundle--")
assert bundle.spec_version == "2.0"
with pytest.raises(AttributeError):
assert bundle.objects
2017-03-22 13:46:39 +01:00
def test_bundle_with_wrong_type():
2017-04-18 21:42:59 +02:00
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
2017-03-22 14:05:59 +01:00
stix2.Bundle(type="not-a-bundle")
2017-03-22 13:46:39 +01:00
assert excinfo.value.cls == stix2.Bundle
assert excinfo.value.prop_name == "type"
assert excinfo.value.reason == "must equal 'bundle'."
2017-03-22 13:46:39 +01:00
assert str(excinfo.value) == "Invalid value for Bundle 'type': must equal 'bundle'."
def test_bundle_id_must_start_with_bundle():
2017-04-18 21:42:59 +02:00
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
2017-03-22 14:05:59 +01:00
stix2.Bundle(id='my-prefix--')
2017-03-22 13:46:39 +01:00
assert excinfo.value.cls == stix2.Bundle
assert excinfo.value.prop_name == "id"
assert excinfo.value.reason == "must start with 'bundle--'."
2017-03-22 13:46:39 +01:00
assert str(excinfo.value) == "Invalid value for Bundle 'id': must start with 'bundle--'."
def test_bundle_with_wrong_spec_version():
2017-04-18 21:42:59 +02:00
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
2017-03-22 14:05:59 +01:00
stix2.Bundle(spec_version="1.2")
2017-03-22 13:46:39 +01:00
assert excinfo.value.cls == stix2.Bundle
assert excinfo.value.prop_name == "spec_version"
assert excinfo.value.reason == "must equal '2.0'."
2017-03-22 13:46:39 +01:00
assert str(excinfo.value) == "Invalid value for Bundle 'spec_version': must equal '2.0'."
2017-04-07 22:36:42 +02:00
def test_create_bundle(indicator, malware, relationship):
2017-03-22 13:46:39 +01:00
bundle = stix2.Bundle(objects=[indicator, malware, relationship])
2017-03-22 13:46:39 +01:00
assert str(bundle) == EXPECTED_BUNDLE
2017-04-07 22:36:42 +02:00
def test_create_bundle_with_positional_args(indicator, malware, relationship):
2017-03-22 13:46:39 +01:00
bundle = stix2.Bundle(indicator, malware, relationship)
assert str(bundle) == EXPECTED_BUNDLE
def test_create_bundle_with_positional_listarg(indicator, malware, relationship):
bundle = stix2.Bundle([indicator, malware, relationship])
assert str(bundle) == EXPECTED_BUNDLE
def test_create_bundle_with_listarg_and_positional_arg(indicator, malware, relationship):
bundle = stix2.Bundle([indicator, malware], relationship)
assert str(bundle) == EXPECTED_BUNDLE
def test_create_bundle_with_listarg_and_kwarg(indicator, malware, relationship):
bundle = stix2.Bundle([indicator, malware], objects=[relationship])
assert str(bundle) == EXPECTED_BUNDLE
def test_create_bundle_with_arg_listarg_and_kwarg(indicator, malware, relationship):
bundle = stix2.Bundle([indicator], malware, objects=[relationship])
assert str(bundle) == EXPECTED_BUNDLE
def test_parse_bundle():
bundle = stix2.parse(EXPECTED_BUNDLE)
assert bundle.type == "bundle"
assert bundle.id.startswith("bundle--")
assert bundle.spec_version == "2.0"
assert type(bundle.objects[0]) is stix2.Indicator
assert bundle.objects[0].type == 'indicator'
assert bundle.objects[1].type == 'malware'
assert bundle.objects[2].type == 'relationship'