cti-python-stix2/stix2/test/v21/test_bundle.py

import json

import pytest

import stix2

from .constants import IDENTITY_ID

EXPECTED_BUNDLE = """{
    "type": "bundle",
    "id": "bundle--00000000-0000-4000-8000-000000000007",
    "objects": [
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--00000000-0000-4000-8000-000000000001",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "indicator_types": [
                "malicious-activity"
            ],
            "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
            "valid_from": "2017-01-01T12:34:56Z"
        },
        {
            "type": "malware",
            "spec_version": "2.1",
            "id": "malware--00000000-0000-4000-8000-000000000003",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "name": "Cryptolocker",
            "malware_types": [
                "ransomware"
            ]
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--00000000-0000-4000-8000-000000000005",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
            "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
        }
    ]
}"""

EXPECTED_BUNDLE_DICT = {
    "type": "bundle",
    "id": "bundle--00000000-0000-4000-8000-000000000007",
    "objects": [
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--00000000-0000-4000-8000-000000000001",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
            "valid_from": "2017-01-01T12:34:56Z",
            "indicator_types": [
                "malicious-activity",
            ],
        },
        {
            "type": "malware",
            "spec_version": "2.1",
            "id": "malware--00000000-0000-4000-8000-000000000003",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "name": "Cryptolocker",
            "malware_types": [
                "ransomware",
            ],
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--00000000-0000-4000-8000-000000000005",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
            "relationship_type": "indicates",
            "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
            "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
        },
    ],
}


def test_empty_bundle():
    bundle = stix2.v21.Bundle()

    assert bundle.type == "bundle"
    assert bundle.id.startswith("bundle--")
    with pytest.raises(AttributeError):
        assert bundle.objects


def test_bundle_with_wrong_type():
    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
        stix2.v21.Bundle(type="not-a-bundle")

    assert excinfo.value.cls == stix2.v21.Bundle
    assert excinfo.value.prop_name == "type"
    assert excinfo.value.reason == "must equal 'bundle'."
    assert str(excinfo.value) == "Invalid value for Bundle 'type': must equal 'bundle'."


def test_bundle_id_must_start_with_bundle():
    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
        stix2.v21.Bundle(id='my-prefix--')

    assert excinfo.value.cls == stix2.v21.Bundle
    assert excinfo.value.prop_name == "id"
    assert excinfo.value.reason == "must start with 'bundle--'."
    assert str(excinfo.value) == "Invalid value for Bundle 'id': must start with 'bundle--'."


def test_create_bundle1(indicator, malware, relationship):
    bundle = stix2.v21.Bundle(objects=[indicator, malware, relationship])

    assert str(bundle) == EXPECTED_BUNDLE
    assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE


def test_create_bundle2(indicator, malware, relationship):
    bundle = stix2.v21.Bundle(objects=[indicator, malware, relationship])

    assert json.loads(bundle.serialize()) == EXPECTED_BUNDLE_DICT


def test_create_bundle_with_positional_args(indicator, malware, relationship):
    bundle = stix2.v21.Bundle(indicator, malware, relationship)

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_positional_listarg(indicator, malware, relationship):
    bundle = stix2.v21.Bundle([indicator, malware, relationship])

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_listarg_and_positional_arg(indicator, malware, relationship):
    bundle = stix2.v21.Bundle([indicator, malware], relationship)

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_listarg_and_kwarg(indicator, malware, relationship):
    bundle = stix2.v21.Bundle([indicator, malware], objects=[relationship])

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_with_arg_listarg_and_kwarg(indicator, malware, relationship):
    bundle = stix2.v21.Bundle([indicator], malware, objects=[relationship])

    assert str(bundle) == EXPECTED_BUNDLE


def test_create_bundle_invalid(indicator, malware, relationship):
    with pytest.raises(ValueError) as excinfo:
        stix2.v21.Bundle(objects=[1])
    assert excinfo.value.reason == "This property may only contain a dictionary or object"

    with pytest.raises(ValueError) as excinfo:
        stix2.v21.Bundle(objects=[{}])
    assert excinfo.value.reason == "This property may only contain a non-empty dictionary or object"

    with pytest.raises(ValueError) as excinfo:
        stix2.v21.Bundle(objects=[{'type': 'bundle'}])
    assert excinfo.value.reason == 'This property may not contain a Bundle object'


@pytest.mark.parametrize("version", ["2.1"])
def test_parse_bundle(version):
    bundle = stix2.parse(EXPECTED_BUNDLE, version=version)

    assert bundle.type == "bundle"
    assert bundle.id.startswith("bundle--")
    assert type(bundle.objects[0]) is stix2.v21.Indicator
    assert bundle.objects[0].type == 'indicator'
    assert bundle.objects[1].type == 'malware'
    assert bundle.objects[2].type == 'relationship'


def test_parse_unknown_type():
    unknown = {
        "type": "other",
        "spec_version": "2.1",
        "id": "other--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
        "created": "2016-04-06T20:03:00Z",
        "modified": "2016-04-06T20:03:00Z",
        "created_by_ref": IDENTITY_ID,
        "description": "Campaign by Green Group against a series of targets in the financial services sector.",
        "name": "Green Group Attacks Against Finance",
    }

    with pytest.raises(stix2.exceptions.ParseError) as excinfo:
        stix2.parse(unknown, version="2.1")
    assert str(excinfo.value) == "Can't parse unknown object type 'other'! For custom types, use the CustomObject decorator."


def test_stix_object_property():
    prop = stix2.properties.STIXObjectProperty(spec_version='2.1')

    identity = stix2.v21.Identity(name="test", identity_class="individual")
    assert prop.clean(identity) is identity


def test_bundle_obj_id_found():
    bundle = stix2.parse(EXPECTED_BUNDLE)

    mal_list = bundle.get_obj("malware--00000000-0000-4000-8000-000000000003")
    assert bundle.objects[1] == mal_list[0]
    assert len(mal_list) == 1


@pytest.mark.parametrize(
    "bundle_data", [{
        "type": "bundle",
        "id": "bundle--00000000-0000-4000-8000-000000000007",
        "objects": [
            {
                "type": "indicator",
                "spec_version": "2.1",
                "id": "indicator--00000000-0000-4000-8000-000000000001",
                "created": "2017-01-01T12:34:56.000Z",
                "modified": "2017-01-01T12:34:56.000Z",
                "indicator_types": [
                    "malicious-activity",
                ],
                "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
                "valid_from": "2017-01-01T12:34:56Z",
            },
            {
                "type": "malware",
                "spec_version": "2.1",
                "id": "malware--00000000-0000-4000-8000-000000000003",
                "created": "2017-01-01T12:34:56.000Z",
                "modified": "2017-01-01T12:34:56.000Z",
                "name": "Cryptolocker1",
                "malware_types": [
                    "ransomware",
                ],
            },
            {
                "type": "malware",
                "spec_version": "2.1",
                "id": "malware--00000000-0000-4000-8000-000000000003",
                "created": "2017-01-01T12:34:56.000Z",
                "modified": "2017-12-21T12:34:56.000Z",
                "name": "CryptolockerOne",
                "malware_types": [
                    "ransomware",
                ],
            },
            {
                "type": "relationship",
                "spec_version": "2.1",
                "id": "relationship--00000000-0000-4000-8000-000000000005",
                "created": "2017-01-01T12:34:56.000Z",
                "modified": "2017-01-01T12:34:56.000Z",
                "relationship_type": "indicates",
                "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
                "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
            },
        ],
    }],
)
def test_bundle_objs_ids_found(bundle_data):
    bundle = stix2.parse(bundle_data)

    mal_list = bundle.get_obj("malware--00000000-0000-4000-8000-000000000003")
    assert bundle.objects[1] == mal_list[0]
    assert bundle.objects[2] == mal_list[1]
    assert len(mal_list) == 2


def test_bundle_getitem_overload_property_found():
    bundle = stix2.parse(EXPECTED_BUNDLE)

    assert bundle.type == "bundle"
    assert bundle['type'] == "bundle"


def test_bundle_getitem_overload_obj_id_found():
    bundle = stix2.parse(EXPECTED_BUNDLE)

    mal_list = bundle["malware--00000000-0000-4000-8000-000000000003"]
    assert bundle.objects[1] == mal_list[0]
    assert len(mal_list) == 1


def test_bundle_obj_id_not_found():
    bundle = stix2.parse(EXPECTED_BUNDLE)

    with pytest.raises(KeyError) as excinfo:
        bundle.get_obj('non existent')
    assert "does not match the id property of any of the bundle" in str(excinfo.value)


def test_bundle_getitem_overload_obj_id_not_found():
    bundle = stix2.parse(EXPECTED_BUNDLE)

    with pytest.raises(KeyError) as excinfo:
        bundle['non existent']
    assert "neither a property on the bundle nor does it match the id property" in str(excinfo.value)
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`import json`

			`import pytest`

			`import stix2`

Replace most SDO/SRO values in tests with IDs from constants.py 2019-01-29 16:52:59 +01:00			`from .constants import IDENTITY_ID`

Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`EXPECTED_BUNDLE = """{`
			`"type": "bundle",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"id": "bundle--00000000-0000-4000-8000-000000000007",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"objects": [`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"id": "indicator--00000000-0000-4000-8000-000000000001",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
Update v20 and v21 tests In v20, only minor stuff that was addressing wrong spec. In v21, align tests with new/changed properties in the specs 2018-07-12 20:33:00 +02:00			`"indicator_types": [`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"malicious-activity"`
Update v20 and v21 tests In v20, only minor stuff that was addressing wrong spec. In v21, align tests with new/changed properties in the specs 2018-07-12 20:33:00 +02:00			`],`
			`"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",`
			`"valid_from": "2017-01-01T12:34:56Z"`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`},`
			`{`
			`"type": "malware",`
			`"spec_version": "2.1",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"id": "malware--00000000-0000-4000-8000-000000000003",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
			`"name": "Cryptolocker",`
Update v20 and v21 tests In v20, only minor stuff that was addressing wrong spec. In v21, align tests with new/changed properties in the specs 2018-07-12 20:33:00 +02:00			`"malware_types": [`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"ransomware"`
Update v20 and v21 tests In v20, only minor stuff that was addressing wrong spec. In v21, align tests with new/changed properties in the specs 2018-07-12 20:33:00 +02:00			`]`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`},`
			`{`
			`"type": "relationship",`
			`"spec_version": "2.1",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"id": "relationship--00000000-0000-4000-8000-000000000005",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
			`"relationship_type": "indicates",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",`
			`"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`}`
			`]`
			`}"""`

			`EXPECTED_BUNDLE_DICT = {`
			`"type": "bundle",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"id": "bundle--00000000-0000-4000-8000-000000000007",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"objects": [`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"id": "indicator--00000000-0000-4000-8000-000000000001",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
			`"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",`
			`"valid_from": "2017-01-01T12:34:56Z",`
Update v20 and v21 tests In v20, only minor stuff that was addressing wrong spec. In v21, align tests with new/changed properties in the specs 2018-07-12 20:33:00 +02:00			`"indicator_types": [`
Formatting changes made by the new pre-commit hook 'add trailing commas' closes #189 2018-07-13 17:10:05 +02:00			`"malicious-activity",`
			`],`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`},`
			`{`
			`"type": "malware",`
			`"spec_version": "2.1",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"id": "malware--00000000-0000-4000-8000-000000000003",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
			`"name": "Cryptolocker",`
Update v20 and v21 tests In v20, only minor stuff that was addressing wrong spec. In v21, align tests with new/changed properties in the specs 2018-07-12 20:33:00 +02:00			`"malware_types": [`
Formatting changes made by the new pre-commit hook 'add trailing commas' closes #189 2018-07-13 17:10:05 +02:00			`"ransomware",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`],`
			`},`
			`{`
			`"type": "relationship",`
			`"spec_version": "2.1",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"id": "relationship--00000000-0000-4000-8000-000000000005",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
			`"relationship_type": "indicates",`
Align tests with news additions from 'master' branch. 2018-07-11 15:43:37 +02:00			`"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",`
Formatting changes made by the new pre-commit hook 'add trailing commas' closes #189 2018-07-13 17:10:05 +02:00			`"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",`
			`},`
			`],`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`}`


			`def test_empty_bundle():`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`bundle = stix2.v21.Bundle()`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
			`assert bundle.type == "bundle"`
			`assert bundle.id.startswith("bundle--")`
			`with pytest.raises(AttributeError):`
			`assert bundle.objects`


			`def test_bundle_with_wrong_type():`
			`with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`stix2.v21.Bundle(type="not-a-bundle")`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
Update v21 tests for some missing methods, ensure we are calling and using the right classes. 2018-07-05 21:21:09 +02:00			`assert excinfo.value.cls == stix2.v21.Bundle`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`assert excinfo.value.prop_name == "type"`
			`assert excinfo.value.reason == "must equal 'bundle'."`
			`assert str(excinfo.value) == "Invalid value for Bundle 'type': must equal 'bundle'."`


			`def test_bundle_id_must_start_with_bundle():`
			`with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`stix2.v21.Bundle(id='my-prefix--')`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
Update v21 tests for some missing methods, ensure we are calling and using the right classes. 2018-07-05 21:21:09 +02:00			`assert excinfo.value.cls == stix2.v21.Bundle`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`assert excinfo.value.prop_name == "id"`
			`assert excinfo.value.reason == "must start with 'bundle--'."`
			`assert str(excinfo.value) == "Invalid value for Bundle 'id': must start with 'bundle--'."`


			`def test_create_bundle1(indicator, malware, relationship):`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`bundle = stix2.v21.Bundle(objects=[indicator, malware, relationship])`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
			`assert str(bundle) == EXPECTED_BUNDLE`
			`assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE`


			`def test_create_bundle2(indicator, malware, relationship):`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`bundle = stix2.v21.Bundle(objects=[indicator, malware, relationship])`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
			`assert json.loads(bundle.serialize()) == EXPECTED_BUNDLE_DICT`


			`def test_create_bundle_with_positional_args(indicator, malware, relationship):`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`bundle = stix2.v21.Bundle(indicator, malware, relationship)`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
			`assert str(bundle) == EXPECTED_BUNDLE`


			`def test_create_bundle_with_positional_listarg(indicator, malware, relationship):`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`bundle = stix2.v21.Bundle([indicator, malware, relationship])`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
			`assert str(bundle) == EXPECTED_BUNDLE`


			`def test_create_bundle_with_listarg_and_positional_arg(indicator, malware, relationship):`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`bundle = stix2.v21.Bundle([indicator, malware], relationship)`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
			`assert str(bundle) == EXPECTED_BUNDLE`


			`def test_create_bundle_with_listarg_and_kwarg(indicator, malware, relationship):`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`bundle = stix2.v21.Bundle([indicator, malware], objects=[relationship])`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
			`assert str(bundle) == EXPECTED_BUNDLE`


			`def test_create_bundle_with_arg_listarg_and_kwarg(indicator, malware, relationship):`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`bundle = stix2.v21.Bundle([indicator], malware, objects=[relationship])`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
			`assert str(bundle) == EXPECTED_BUNDLE`


			`def test_create_bundle_invalid(indicator, malware, relationship):`
			`with pytest.raises(ValueError) as excinfo:`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`stix2.v21.Bundle(objects=[1])`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`assert excinfo.value.reason == "This property may only contain a dictionary or object"`

			`with pytest.raises(ValueError) as excinfo:`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`stix2.v21.Bundle(objects=[{}])`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`assert excinfo.value.reason == "This property may only contain a non-empty dictionary or object"`

			`with pytest.raises(ValueError) as excinfo:`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`stix2.v21.Bundle(objects=[{'type': 'bundle'}])`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`assert excinfo.value.reason == 'This property may not contain a Bundle object'`


			`@pytest.mark.parametrize("version", ["2.1"])`
			`def test_parse_bundle(version):`
			`bundle = stix2.parse(EXPECTED_BUNDLE, version=version)`

			`assert bundle.type == "bundle"`
			`assert bundle.id.startswith("bundle--")`
Update v21 tests for some missing methods, ensure we are calling and using the right classes. 2018-07-05 21:21:09 +02:00			`assert type(bundle.objects[0]) is stix2.v21.Indicator`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`assert bundle.objects[0].type == 'indicator'`
			`assert bundle.objects[1].type == 'malware'`
			`assert bundle.objects[2].type == 'relationship'`


			`def test_parse_unknown_type():`
			`unknown = {`
			`"type": "other",`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`"spec_version": "2.1",`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"id": "other--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",`
			`"created": "2016-04-06T20:03:00Z",`
			`"modified": "2016-04-06T20:03:00Z",`
Replace most SDO/SRO values in tests with IDs from constants.py 2019-01-29 16:52:59 +01:00			`"created_by_ref": IDENTITY_ID,`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`"description": "Campaign by Green Group against a series of targets in the financial services sector.",`
			`"name": "Green Group Attacks Against Finance",`
			`}`

			`with pytest.raises(stix2.exceptions.ParseError) as excinfo:`
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`stix2.parse(unknown, version="2.1")`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`assert str(excinfo.value) == "Can't parse unknown object type 'other'! For custom types, use the CustomObject decorator."`


			`def test_stix_object_property():`
Fix location for test_object_property 2018-07-10 22:11:07 +02:00			`prop = stix2.properties.STIXObjectProperty(spec_version='2.1')`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00
First pass at making sure everything uses v21 classes and representations 2018-07-03 15:40:51 +02:00			`identity = stix2.v21.Identity(name="test", identity_class="individual")`
Create v21 test package with new spec changes 2018-07-03 13:00:18 +02:00			`assert prop.clean(identity) is identity`
Fixes #257 2019-05-20 22:29:01 +02:00

			`def test_bundle_obj_id_found():`
			`bundle = stix2.parse(EXPECTED_BUNDLE)`

			`mal_list = bundle.get_obj("malware--00000000-0000-4000-8000-000000000003")`
			`assert bundle.objects[1] == mal_list[0]`
			`assert len(mal_list) == 1`


			`@pytest.mark.parametrize(`
			`"bundle_data", [{`
			`"type": "bundle",`
			`"id": "bundle--00000000-0000-4000-8000-000000000007",`
			`"objects": [`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--00000000-0000-4000-8000-000000000001",`
			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
			`"indicator_types": [`
			`"malicious-activity",`
			`],`
			`"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",`
			`"valid_from": "2017-01-01T12:34:56Z",`
			`},`
			`{`
			`"type": "malware",`
			`"spec_version": "2.1",`
			`"id": "malware--00000000-0000-4000-8000-000000000003",`
			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
			`"name": "Cryptolocker1",`
			`"malware_types": [`
			`"ransomware",`
			`],`
			`},`
			`{`
			`"type": "malware",`
			`"spec_version": "2.1",`
			`"id": "malware--00000000-0000-4000-8000-000000000003",`
			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-12-21T12:34:56.000Z",`
			`"name": "CryptolockerOne",`
			`"malware_types": [`
			`"ransomware",`
			`],`
			`},`
			`{`
			`"type": "relationship",`
			`"spec_version": "2.1",`
			`"id": "relationship--00000000-0000-4000-8000-000000000005",`
			`"created": "2017-01-01T12:34:56.000Z",`
			`"modified": "2017-01-01T12:34:56.000Z",`
			`"relationship_type": "indicates",`
			`"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",`
			`"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",`
			`},`
			`],`
			`}],`
			`)`
			`def test_bundle_objs_ids_found(bundle_data):`
			`bundle = stix2.parse(bundle_data)`

			`mal_list = bundle.get_obj("malware--00000000-0000-4000-8000-000000000003")`
			`assert bundle.objects[1] == mal_list[0]`
			`assert bundle.objects[2] == mal_list[1]`
			`assert len(mal_list) == 2`


			`def test_bundle_getitem_overload_property_found():`
			`bundle = stix2.parse(EXPECTED_BUNDLE)`

			`assert bundle.type == "bundle"`
			`assert bundle['type'] == "bundle"`


			`def test_bundle_getitem_overload_obj_id_found():`
			`bundle = stix2.parse(EXPECTED_BUNDLE)`

			`mal_list = bundle["malware--00000000-0000-4000-8000-000000000003"]`
			`assert bundle.objects[1] == mal_list[0]`
			`assert len(mal_list) == 1`


			`def test_bundle_obj_id_not_found():`
			`bundle = stix2.parse(EXPECTED_BUNDLE)`

			`with pytest.raises(KeyError) as excinfo:`
			`bundle.get_obj('non existent')`
			`assert "does not match the id property of any of the bundle" in str(excinfo.value)`


			`def test_bundle_getitem_overload_obj_id_not_found():`
			`bundle = stix2.parse(EXPECTED_BUNDLE)`

			`with pytest.raises(KeyError) as excinfo:`
			`bundle['non existent']`
Slightly change bundle error message 2019-05-22 17:05:01 +02:00			`assert "neither a property on the bundle nor does it match the id property" in str(excinfo.value)`