cti-python-stix2/stix2/test/v21/test_note.py

121 lines
3.3 KiB
Python
Raw Normal View History

2017-10-23 14:06:29 +02:00
import datetime as dt
import re
import pytest
import pytz
import stix2
from .constants import CAMPAIGN_ID, NOTE_ID
2018-10-15 20:48:52 +02:00
CONTENT = (
'This note indicates the various steps taken by the threat'
' analyst team to investigate this specific campaign. Step'
' 1) Do a scan 2) Review scanned results for identified '
'hosts not known by external intel... etc'
)
2017-10-23 14:06:29 +02:00
EXPECTED_NOTE = """{
"type": "note",
"spec_version": "2.1",
2017-10-23 14:06:29 +02:00
"id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
2018-10-15 20:48:52 +02:00
"abstract": "Tracking Team Note#1",
"content": "%s",
2017-10-23 14:06:29 +02:00
"authors": [
"John Doe"
],
"object_refs": [
"campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
],
"external_references": [
{
"source_name": "job-tracker",
"external_id": "job-id-1234"
}
]
2018-10-15 20:48:52 +02:00
}""" % CONTENT
2017-10-23 14:06:29 +02:00
EXPECTED_OPINION_REPR = "Note(" + " ".join((
"""
2017-10-23 14:06:29 +02:00
type='note',
spec_version='2.1',
2017-10-23 14:06:29 +02:00
id='note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061',
created='2016-05-12T08:17:27.000Z',
modified='2016-05-12T08:17:27.000Z',
2018-10-15 20:48:52 +02:00
abstract='Tracking Team Note#1',
content='%s',
2017-10-23 14:06:29 +02:00
authors=['John Doe'],
object_refs=['campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f'],
external_references=[ExternalReference(source_name='job-tracker', external_id='job-id-1234')]
2018-10-15 20:48:52 +02:00
""" % CONTENT
).split()) + ")"
2017-10-23 14:06:29 +02:00
def test_note_with_required_properties():
now = dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
note = stix2.v21.Note(
2017-10-23 14:06:29 +02:00
type='note',
id=NOTE_ID,
created=now,
modified=now,
2018-10-15 20:48:52 +02:00
abstract='Tracking Team Note#1',
2017-10-23 14:06:29 +02:00
object_refs=[CAMPAIGN_ID],
authors=['John Doe'],
2018-10-15 20:48:52 +02:00
content=CONTENT,
2017-10-23 14:06:29 +02:00
external_references=[
{
'source_name': 'job-tracker',
'external_id': 'job-id-1234',
},
],
2017-10-23 14:06:29 +02:00
)
assert str(note) == EXPECTED_NOTE
rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(note))
assert rep == EXPECTED_OPINION_REPR
@pytest.mark.parametrize(
"data", [
EXPECTED_NOTE,
{
"type": "note",
"spec_version": "2.1",
2019-01-23 16:56:20 +01:00
"id": NOTE_ID,
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
2018-10-15 20:48:52 +02:00
"abstract": "Tracking Team Note#1",
"content": CONTENT,
"authors": [
"John Doe",
],
"object_refs": [
2019-01-23 16:56:20 +01:00
CAMPAIGN_ID,
],
"external_references": [
{
"source_name": "job-tracker",
"external_id": "job-id-1234",
},
],
},
],
)
2017-10-23 14:06:29 +02:00
def test_parse_note(data):
note = stix2.parse(data, version="2.1")
2017-10-23 14:06:29 +02:00
assert note.type == 'note'
assert note.spec_version == '2.1'
2017-10-23 14:06:29 +02:00
assert note.id == NOTE_ID
assert note.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert note.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert note.object_refs[0] == CAMPAIGN_ID
assert note.authors[0] == 'John Doe'
2018-10-15 20:48:52 +02:00
assert note.abstract == 'Tracking Team Note#1'
assert note.content == CONTENT
2017-10-23 14:06:29 +02:00
rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(note))
assert rep == EXPECTED_OPINION_REPR