cti-python-stix2/stix2/test/v21/test_malware_analysis.py

import json

import pytest

import stix2.exceptions
import stix2.utils
import stix2.v21

MALWARE_ANALYSIS_JSON = """{
    "type": "malware-analysis",
    "spec_version": "2.1",
    "id": "malware-analysis--f8afc020-f92f-4906-a971-88ee5882eb46",
    "created_by_ref": "identity--e0353ed3-991e-4f71-a332-114c2f10b84f",
    "created": "2017-11-28T09:44:58.418Z",
    "modified": "2017-12-31T21:27:49.754Z",
    "product": "Acme Malware Analyzer",
    "version": "2.5",
    "host_vm_ref": "software--1bda7336-fe67-469f-a8ca-ab6268b0449b",
    "operating_system_ref": "software--c96bfaef-861b-408b-b0f1-b685881725ef",
    "installed_software_refs": [
        "software--7325bf2d-de9e-441e-b3b3-63df43149897",
        "software--46a6a91d-1160-4867-a4d1-b14e080e4e5b"
    ],
    "configuration_version": "1.7",
    "modules": [
        "Super Analyzer"
    ],
    "analysis_engine_version": "1.2",
    "analysis_definition_version": "3.4",
    "submitted": "2018-11-23T06:45:55.747Z",
    "analysis_started": "2018-11-29T07:30:03.895Z",
    "analysis_ended": "2018-11-29T08:30:03.895Z",
    "result_name": "MegaRansom",
    "result": "malicious",
    "analysis_sco_refs": [
        "file--fc27e371-6c88-4c5c-868a-4dda0e60b167",
        "url--6f7a74cd-8eb2-4b88-a4da-aa878e50ac2e"
    ],
    "sample_ref": "email-addr--499a32d7-74c1-4276-ace9-725ac933e243",
    "labels": [
        "label1",
        "label2"
    ]
}"""


MALWARE_ANALYSIS_DICT = json.loads(MALWARE_ANALYSIS_JSON)


def test_malware_analysis_example():
    ma = stix2.v21.MalwareAnalysis(**MALWARE_ANALYSIS_DICT)

    assert str(ma) == MALWARE_ANALYSIS_JSON


@pytest.mark.parametrize(
    "data", [
        MALWARE_ANALYSIS_JSON,
        MALWARE_ANALYSIS_DICT,
    ],
)
def test_parse_malware_analysis(data):
    ma = stix2.parse(data, version="2.1")

    # timestamp-valued attributes whose values (from JSON) can't be compared
    # directly, since stix2 internally converts them to datetime objects.
    ts_attrs = {
        "created",
        "modified",
        "submitted",
        "analysis_started",
        "analysis_ended",
    }

    for attr_name, attr_value in MALWARE_ANALYSIS_DICT.items():
        cmp_value = stix2.utils.parse_into_datetime(attr_value) \
            if attr_name in ts_attrs else attr_value

        assert getattr(ma, attr_name) == cmp_value


def test_malware_analysis_constraint():
    with pytest.raises(stix2.exceptions.AtLeastOnePropertyError):
        stix2.v21.MalwareAnalysis(
            product="Acme Malware Analyzer",
        )
Oops, forgot to add the malware-analysis test suite... 2019-06-26 23:10:04 +02:00			`import json`
Changes from add-trailing-comma hook 2019-06-26 23:17:16 +02:00
Oops, forgot to add the malware-analysis test suite... 2019-06-26 23:10:04 +02:00			`import pytest`

			`import stix2.exceptions`
			`import stix2.utils`
			`import stix2.v21`

			`MALWARE_ANALYSIS_JSON = """{`
			`"type": "malware-analysis",`
			`"spec_version": "2.1",`
			`"id": "malware-analysis--f8afc020-f92f-4906-a971-88ee5882eb46",`
fix ordering problem with Class definitions 2020-11-19 01:01:12 +01:00			`"created_by_ref": "identity--e0353ed3-991e-4f71-a332-114c2f10b84f",`
Oops, forgot to add the malware-analysis test suite... 2019-06-26 23:10:04 +02:00			`"created": "2017-11-28T09:44:58.418Z",`
			`"modified": "2017-12-31T21:27:49.754Z",`
			`"product": "Acme Malware Analyzer",`
			`"version": "2.5",`
			`"host_vm_ref": "software--1bda7336-fe67-469f-a8ca-ab6268b0449b",`
			`"operating_system_ref": "software--c96bfaef-861b-408b-b0f1-b685881725ef",`
			`"installed_software_refs": [`
			`"software--7325bf2d-de9e-441e-b3b3-63df43149897",`
			`"software--46a6a91d-1160-4867-a4d1-b14e080e4e5b"`
			`],`
			`"configuration_version": "1.7",`
Fix most unit tests to pass again. Awaiting feedback regarding possible library bugs, before I fix the remaining unit tests. 2019-07-16 22:10:25 +02:00			`"modules": [`
			`"Super Analyzer"`
			`],`
Oops, forgot to add the malware-analysis test suite... 2019-06-26 23:10:04 +02:00			`"analysis_engine_version": "1.2",`
			`"analysis_definition_version": "3.4",`
			`"submitted": "2018-11-23T06:45:55.747Z",`
			`"analysis_started": "2018-11-29T07:30:03.895Z",`
			`"analysis_ended": "2018-11-29T08:30:03.895Z",`
Update malware-analysis SDO's av_result property: replace it with result and result_name properties. Per: https://github.com/oasis-tcs/cti-stix2/issues/213 2020-02-27 23:26:04 +01:00			`"result_name": "MegaRansom",`
			`"result": "malicious",`
Oops, forgot to add the malware-analysis test suite... 2019-06-26 23:10:04 +02:00			`"analysis_sco_refs": [`
			`"file--fc27e371-6c88-4c5c-868a-4dda0e60b167",`
			`"url--6f7a74cd-8eb2-4b88-a4da-aa878e50ac2e"`
Add the "sample_ref" property to malware-analysis SDOs, per: https://github.com/oasis-tcs/cti-stix2/issues/210 2020-02-27 22:40:56 +01:00			`],`
fix ordering problem with Class definitions 2020-11-19 01:01:12 +01:00			`"sample_ref": "email-addr--499a32d7-74c1-4276-ace9-725ac933e243",`
			`"labels": [`
			`"label1",`
			`"label2"`
			`]`
Oops, forgot to add the malware-analysis test suite... 2019-06-26 23:10:04 +02:00			`}"""`


			`MALWARE_ANALYSIS_DICT = json.loads(MALWARE_ANALYSIS_JSON)`


			`def test_malware_analysis_example():`
			`ma = stix2.v21.MalwareAnalysis(**MALWARE_ANALYSIS_DICT)`

			`assert str(ma) == MALWARE_ANALYSIS_JSON`


Changes from add-trailing-comma hook 2019-06-26 23:17:16 +02:00			`@pytest.mark.parametrize(`
			`"data", [`
			`MALWARE_ANALYSIS_JSON,`
			`MALWARE_ANALYSIS_DICT,`
			`],`
			`)`
Oops, forgot to add the malware-analysis test suite... 2019-06-26 23:10:04 +02:00			`def test_parse_malware_analysis(data):`
			`ma = stix2.parse(data, version="2.1")`

			`# timestamp-valued attributes whose values (from JSON) can't be compared`
			`# directly, since stix2 internally converts them to datetime objects.`
			`ts_attrs = {`
			`"created",`
			`"modified",`
			`"submitted",`
			`"analysis_started",`
			`"analysis_ended",`
			`}`

			`for attr_name, attr_value in MALWARE_ANALYSIS_DICT.items():`
			`cmp_value = stix2.utils.parse_into_datetime(attr_value) \`
			`if attr_name in ts_attrs else attr_value`

			`assert getattr(ma, attr_name) == cmp_value`


			`def test_malware_analysis_constraint():`
			`with pytest.raises(stix2.exceptions.AtLeastOnePropertyError):`
			`stix2.v21.MalwareAnalysis(`
Changes from add-trailing-comma hook 2019-06-26 23:17:16 +02:00			`product="Acme Malware Analyzer",`
Oops, forgot to add the malware-analysis test suite... 2019-06-26 23:10:04 +02:00			`)`