2017-06-09 20:21:42 +02:00
|
|
|
"""
|
2017-11-09 16:10:19 +01:00
|
|
|
Functions for working with STIX 2 Data Markings.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
2017-11-09 16:10:19 +01:00
|
|
|
These high level functions will operate on both object-level markings and
|
2017-06-09 20:21:42 +02:00
|
|
|
granular markings unless otherwise noted in each of the functions.
|
2017-09-22 16:01:00 +02:00
|
|
|
|
2017-11-09 16:10:19 +01:00
|
|
|
Note:
|
|
|
|
These functions are also available as methods on SDOs, SROs, and Marking
|
|
|
|
Definitions. The corresponding methods on those classes are identical to
|
|
|
|
these functions except that the `obj` parameter is omitted.
|
|
|
|
|
2017-09-22 16:01:00 +02:00
|
|
|
|
|
|
|
.. autosummary::
|
2017-09-22 20:54:21 +02:00
|
|
|
:toctree: markings
|
2017-09-22 16:01:00 +02:00
|
|
|
|
|
|
|
granular_markings
|
|
|
|
object_markings
|
|
|
|
utils
|
|
|
|
|
2017-10-06 02:44:58 +02:00
|
|
|
|
|
2017-06-09 20:21:42 +02:00
|
|
|
"""
|
|
|
|
|
2017-08-18 18:36:34 +02:00
|
|
|
from stix2.markings import granular_markings, object_markings
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
|
2017-09-01 16:50:01 +02:00
|
|
|
def get_markings(obj, selectors=None, inherited=False, descendants=False):
|
2017-06-09 20:21:42 +02:00
|
|
|
"""
|
2017-11-09 16:10:19 +01:00
|
|
|
Get all markings associated to the field(s) specified by selectors.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Args:
|
2017-08-24 18:47:14 +02:00
|
|
|
obj: An SDO or SRO object.
|
|
|
|
selectors: string or list of selectors strings relative to the SDO or
|
|
|
|
SRO in which the properties appear.
|
2017-06-09 20:21:42 +02:00
|
|
|
inherited: If True, include object level markings and granular markings
|
2017-08-24 18:47:14 +02:00
|
|
|
inherited relative to the properties.
|
2017-06-09 20:21:42 +02:00
|
|
|
descendants: If True, include granular markings applied to any children
|
2017-08-24 18:47:14 +02:00
|
|
|
relative to the properties.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Returns:
|
2017-08-24 18:47:14 +02:00
|
|
|
list: Marking identifiers that matched the selectors expression.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Note:
|
|
|
|
If ``selectors`` is None, operation will be performed only on object
|
|
|
|
level markings.
|
|
|
|
|
|
|
|
"""
|
|
|
|
if selectors is None:
|
|
|
|
return object_markings.get_markings(obj)
|
|
|
|
|
|
|
|
results = granular_markings.get_markings(
|
|
|
|
obj,
|
|
|
|
selectors,
|
|
|
|
inherited,
|
2018-07-13 17:10:05 +02:00
|
|
|
descendants,
|
2017-06-09 20:21:42 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
if inherited:
|
|
|
|
results.extend(object_markings.get_markings(obj))
|
|
|
|
|
|
|
|
return list(set(results))
|
|
|
|
|
|
|
|
|
2017-09-01 16:50:01 +02:00
|
|
|
def set_markings(obj, marking, selectors=None):
|
2017-06-09 20:21:42 +02:00
|
|
|
"""
|
2017-11-09 16:10:19 +01:00
|
|
|
Remove all markings associated with selectors and appends a new granular
|
2017-06-09 20:21:42 +02:00
|
|
|
marking. Refer to `clear_markings` and `add_markings` for details.
|
|
|
|
|
|
|
|
Args:
|
2017-08-24 18:47:14 +02:00
|
|
|
obj: An SDO or SRO object.
|
2017-06-09 20:21:42 +02:00
|
|
|
marking: identifier or list of marking identifiers that apply to the
|
2017-08-24 18:47:14 +02:00
|
|
|
properties selected by `selectors`.
|
2017-11-09 16:10:19 +01:00
|
|
|
selectors: string or list of selectors strings relative to the SDO or
|
|
|
|
SRO in which the properties appear.
|
2017-08-24 18:47:14 +02:00
|
|
|
|
|
|
|
Returns:
|
|
|
|
A new version of the given SDO or SRO with specified markings removed
|
|
|
|
and new ones added.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Note:
|
|
|
|
If ``selectors`` is None, operations will be performed on object level
|
|
|
|
markings. Otherwise on granular markings.
|
|
|
|
|
|
|
|
"""
|
|
|
|
if selectors is None:
|
2017-08-21 19:57:01 +02:00
|
|
|
return object_markings.set_markings(obj, marking)
|
2017-06-09 20:21:42 +02:00
|
|
|
else:
|
2017-09-01 16:50:01 +02:00
|
|
|
return granular_markings.set_markings(obj, marking, selectors)
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
|
2017-09-01 16:50:01 +02:00
|
|
|
def remove_markings(obj, marking, selectors=None):
|
2017-06-09 20:21:42 +02:00
|
|
|
"""
|
2017-11-09 16:10:19 +01:00
|
|
|
Remove a marking from this object.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Args:
|
2017-08-24 18:47:14 +02:00
|
|
|
obj: An SDO or SRO object.
|
2017-06-09 20:21:42 +02:00
|
|
|
marking: identifier or list of marking identifiers that apply to the
|
2017-08-24 18:47:14 +02:00
|
|
|
properties selected by `selectors`.
|
2017-11-09 16:10:19 +01:00
|
|
|
selectors: string or list of selectors strings relative to the SDO or
|
|
|
|
SRO in which the properties appear.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Raises:
|
2017-08-24 18:47:14 +02:00
|
|
|
InvalidSelectorError: If `selectors` fail validation.
|
|
|
|
MarkingNotFoundError: If markings to remove are not found on
|
|
|
|
the provided SDO or SRO.
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
A new version of the given SDO or SRO with specified markings removed.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Note:
|
|
|
|
If ``selectors`` is None, operations will be performed on object level
|
|
|
|
markings. Otherwise on granular markings.
|
|
|
|
|
|
|
|
"""
|
|
|
|
if selectors is None:
|
2017-08-21 19:57:01 +02:00
|
|
|
return object_markings.remove_markings(obj, marking)
|
2017-06-09 20:21:42 +02:00
|
|
|
else:
|
2017-09-01 16:50:01 +02:00
|
|
|
return granular_markings.remove_markings(obj, marking, selectors)
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
|
2017-09-01 16:50:01 +02:00
|
|
|
def add_markings(obj, marking, selectors=None):
|
2017-06-09 20:21:42 +02:00
|
|
|
"""
|
2017-11-09 16:10:19 +01:00
|
|
|
Append a marking to this object.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Args:
|
2017-08-24 18:47:14 +02:00
|
|
|
obj: An SDO or SRO object.
|
2017-06-09 20:21:42 +02:00
|
|
|
marking: identifier or list of marking identifiers that apply to the
|
2017-08-24 18:47:14 +02:00
|
|
|
properties selected by `selectors`.
|
2017-11-09 16:10:19 +01:00
|
|
|
selectors: string or list of selectors strings relative to the SDO or
|
|
|
|
SRO in which the properties appear.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Raises:
|
2017-08-24 18:47:14 +02:00
|
|
|
InvalidSelectorError: If `selectors` fail validation.
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
A new version of the given SDO or SRO with specified markings added.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Note:
|
|
|
|
If ``selectors`` is None, operations will be performed on object level
|
|
|
|
markings. Otherwise on granular markings.
|
|
|
|
|
|
|
|
"""
|
|
|
|
if selectors is None:
|
2017-07-13 13:57:01 +02:00
|
|
|
return object_markings.add_markings(obj, marking)
|
2017-06-09 20:21:42 +02:00
|
|
|
else:
|
2017-09-01 16:50:01 +02:00
|
|
|
return granular_markings.add_markings(obj, marking, selectors)
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
|
2017-09-01 16:50:01 +02:00
|
|
|
def clear_markings(obj, selectors=None):
|
2017-06-09 20:21:42 +02:00
|
|
|
"""
|
2017-11-09 16:10:19 +01:00
|
|
|
Remove all markings associated with the selectors.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Args:
|
2017-08-24 18:47:14 +02:00
|
|
|
obj: An SDO or SRO object.
|
|
|
|
selectors: string or list of selectors strings relative to the SDO or
|
|
|
|
SRO in which the field(s) appear(s).
|
|
|
|
|
|
|
|
Raises:
|
|
|
|
InvalidSelectorError: If `selectors` fail validation.
|
|
|
|
MarkingNotFoundError: If markings to remove are not found on
|
|
|
|
the provided SDO or SRO.
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
A new version of the given SDO or SRO with specified markings cleared.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Note:
|
|
|
|
If ``selectors`` is None, operations will be performed on object level
|
|
|
|
markings. Otherwise on granular markings.
|
|
|
|
|
|
|
|
"""
|
|
|
|
if selectors is None:
|
2017-08-21 19:57:01 +02:00
|
|
|
return object_markings.clear_markings(obj)
|
2017-06-09 20:21:42 +02:00
|
|
|
else:
|
2017-08-21 19:57:01 +02:00
|
|
|
return granular_markings.clear_markings(obj, selectors)
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
|
2017-09-01 16:50:01 +02:00
|
|
|
def is_marked(obj, marking=None, selectors=None, inherited=False, descendants=False):
|
2017-06-09 20:21:42 +02:00
|
|
|
"""
|
2017-11-09 16:10:19 +01:00
|
|
|
Check if field(s) is marked by any marking or by specific marking(s).
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Args:
|
2017-08-24 18:47:14 +02:00
|
|
|
obj: An SDO or SRO object.
|
2017-06-09 20:21:42 +02:00
|
|
|
marking: identifier or list of marking identifiers that apply to the
|
2017-08-24 18:47:14 +02:00
|
|
|
properties selected by `selectors`.
|
2017-11-09 16:10:19 +01:00
|
|
|
selectors: string or list of selectors strings relative to the SDO or
|
|
|
|
SRO in which the field(s) appear(s).
|
2017-06-09 20:21:42 +02:00
|
|
|
inherited: If True, include object level markings and granular markings
|
2017-08-24 18:47:14 +02:00
|
|
|
inherited to determine if the properties is/are marked.
|
2017-06-09 20:21:42 +02:00
|
|
|
descendants: If True, include granular markings applied to any children
|
2017-08-24 18:47:14 +02:00
|
|
|
of the given selector to determine if the properties is/are marked.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
Returns:
|
2017-08-24 18:47:14 +02:00
|
|
|
bool: True if ``selectors`` is found on internal SDO or SRO collection.
|
2017-06-09 20:21:42 +02:00
|
|
|
False otherwise.
|
|
|
|
|
|
|
|
Note:
|
2017-08-24 18:47:14 +02:00
|
|
|
When a list of marking identifiers is provided, if ANY of the provided
|
|
|
|
marking identifiers match, True is returned.
|
2017-06-09 20:21:42 +02:00
|
|
|
|
|
|
|
If ``selectors`` is None, operation will be performed only on object
|
|
|
|
level markings.
|
|
|
|
|
|
|
|
"""
|
|
|
|
if selectors is None:
|
|
|
|
return object_markings.is_marked(obj, marking)
|
|
|
|
|
|
|
|
result = granular_markings.is_marked(
|
|
|
|
obj,
|
|
|
|
marking,
|
2017-09-01 16:50:01 +02:00
|
|
|
selectors,
|
2017-06-09 20:21:42 +02:00
|
|
|
inherited,
|
2018-07-13 17:10:05 +02:00
|
|
|
descendants,
|
2017-06-09 20:21:42 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
if inherited:
|
|
|
|
granular_marks = granular_markings.get_markings(obj, selectors)
|
|
|
|
object_marks = object_markings.get_markings(obj)
|
|
|
|
|
|
|
|
if granular_marks:
|
|
|
|
result = granular_markings.is_marked(
|
|
|
|
obj,
|
|
|
|
granular_marks,
|
2017-09-01 16:50:01 +02:00
|
|
|
selectors,
|
2017-06-09 20:21:42 +02:00
|
|
|
inherited,
|
2018-07-13 17:10:05 +02:00
|
|
|
descendants,
|
2017-06-09 20:21:42 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
result = result or object_markings.is_marked(obj, object_marks)
|
|
|
|
|
|
|
|
return result
|
2017-10-03 16:28:58 +02:00
|
|
|
|
|
|
|
|
2017-10-06 02:50:54 +02:00
|
|
|
class _MarkingsMixin():
|
2017-10-03 16:28:58 +02:00
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
# Note that all of these methods will return a new object because of immutability
|
2017-10-06 02:50:54 +02:00
|
|
|
_MarkingsMixin.get_markings = get_markings
|
|
|
|
_MarkingsMixin.set_markings = set_markings
|
|
|
|
_MarkingsMixin.remove_markings = remove_markings
|
|
|
|
_MarkingsMixin.add_markings = add_markings
|
|
|
|
_MarkingsMixin.clear_markings = clear_markings
|
|
|
|
_MarkingsMixin.is_marked = is_marked
|