cti-python-stix2/stix2/equivalence/pattern/compare/observation.py

"""
Comparison utilities for STIX pattern observation expressions.
"""
from stix2.equivalence.pattern.compare import generic_cmp, iter_lex_cmp
from stix2.equivalence.pattern.compare.comparison import (
    comparison_expression_cmp, generic_constant_cmp,
)
from stix2.patterns import (
    AndObservationExpression, FollowedByObservationExpression,
    ObservationExpression, OrObservationExpression,
    QualifiedObservationExpression, RepeatQualifier, StartStopQualifier,
    WithinQualifier, _CompoundObservationExpression,
)

_OBSERVATION_EXPRESSION_TYPE_ORDER = (
    ObservationExpression, AndObservationExpression, OrObservationExpression,
    FollowedByObservationExpression, QualifiedObservationExpression,
)


_QUALIFIER_TYPE_ORDER = (
    RepeatQualifier, WithinQualifier, StartStopQualifier,
)


def repeats_cmp(qual1, qual2):
    """
    Compare REPEATS qualifiers.  This orders by repeat count.
    """
    return generic_constant_cmp(qual1.times_to_repeat, qual2.times_to_repeat)


def within_cmp(qual1, qual2):
    """
    Compare WITHIN qualifiers.  This orders by number of seconds.
    """
    return generic_constant_cmp(
        qual1.number_of_seconds, qual2.number_of_seconds,
    )


def startstop_cmp(qual1, qual2):
    """
    Compare START/STOP qualifiers.  This lexicographically orders by start time,
    then stop time.
    """
    return iter_lex_cmp(
        (qual1.start_time, qual1.stop_time),
        (qual2.start_time, qual2.stop_time),
        generic_constant_cmp,
    )


_QUALIFIER_COMPARATORS = {
    RepeatQualifier: repeats_cmp,
    WithinQualifier: within_cmp,
    StartStopQualifier: startstop_cmp,
}


def observation_expression_cmp(expr1, expr2):
    """
    Compare two observation expression ASTs.  This is sensitive to the order of
    the expressions' sub-components.  To achieve an order-insensitive
    comparison, the ASTs must be canonically ordered first.

    :param expr1: The first observation expression
    :param expr2: The second observation expression
    :return: <0, 0, or >0 depending on whether the first arg is less, equal or
        greater than the second
    """
    type1 = type(expr1)
    type2 = type(expr2)

    type1_idx = _OBSERVATION_EXPRESSION_TYPE_ORDER.index(type1)
    type2_idx = _OBSERVATION_EXPRESSION_TYPE_ORDER.index(type2)

    if type1_idx != type2_idx:
        result = generic_cmp(type1_idx, type2_idx)

    # else, both exprs are of same type.

    # If they're simple, use contained comparison expression order
    elif type1 is ObservationExpression:
        result = comparison_expression_cmp(
            expr1.operand, expr2.operand,
        )

    elif isinstance(expr1, _CompoundObservationExpression):
        # Both compound, and of same type (and/or/followedby): sort according
        # to contents.
        result = iter_lex_cmp(
            expr1.operands, expr2.operands, observation_expression_cmp,
        )

    else:  # QualifiedObservationExpression
        # Both qualified.  Check qualifiers first; if they are the same,
        # use order of the qualified expressions.
        qual1_type = type(expr1.qualifier)
        qual2_type = type(expr2.qualifier)

        qual1_type_idx = _QUALIFIER_TYPE_ORDER.index(qual1_type)
        qual2_type_idx = _QUALIFIER_TYPE_ORDER.index(qual2_type)

        result = generic_cmp(qual1_type_idx, qual2_type_idx)

        if result == 0:
            # Same qualifier type; compare qualifier details
            qual_cmp = _QUALIFIER_COMPARATORS.get(qual1_type)
            if qual_cmp:
                result = qual_cmp(expr1.qualifier, expr2.qualifier)
            else:
                raise TypeError(
                    "Can't compare qualifier type: " + qual1_type.__name__,
                )

        if result == 0:
            # Same qualifier type and details; use qualified expression order
            result = observation_expression_cmp(
                expr1.observation_expression, expr2.observation_expression,
            )

    return result
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`"""`
			`Comparison utilities for STIX pattern observation expressions.`
			`"""`
Graph Equivalence (#449) * new packages for graph and object-based semantic equivalence * new method graphically_equivalent for Environment, move equivalence methods out * object equivalence function, methods used for object-based moved here. * new graph_equivalence methods * add notes * add support for versioning checks (default disabled) * new tests to cover graph equivalence and new methods * added more imports to environment.py to prevent breaking changes * variable changes, new fields for checks, reset depth check per call * flexibility when object is not available on graph. * refactor debug logging message * new file stix2.equivalence.graph_equivalence.rst and stix2.equivalence.object_equivalence.rst for docs * API documentation for new modules * additional text required to build docs * add more test methods for list_semantic_check an graphically_equivalent/versioning * add logging debug messages, code clean-up * include individual scoring on results dict, fix issue on list_semantic_check not keeping highest score * include results as summary in prop_scores, minor tweaks * Update __init__.py doctrings update * apply feedback from pull request - rename semantic_check to reference_check - rename modules to graph and object respectively to eliminate redundancy - remove created_by_ref and object_marking_refs from graph WEIGHTS and rebalance * update docs/ entries * add more checks, make max score based on actual objects checked instead of the full list, only create entry when type is present in WEIGHTS dictionary update tests to reflect changes * rename package patterns -> pattern * documentation, moving weights around * more documentation moving * rename WEIGHTS variable for graph_equivalence 2020-10-16 17:35:26 +02:00			`from stix2.equivalence.pattern.compare import generic_cmp, iter_lex_cmp`
			`from stix2.equivalence.pattern.compare.comparison import (`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`comparison_expression_cmp, generic_constant_cmp,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`
			`from stix2.patterns import (`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`AndObservationExpression, FollowedByObservationExpression,`
			`ObservationExpression, OrObservationExpression,`
			`QualifiedObservationExpression, RepeatQualifier, StartStopQualifier,`
			`WithinQualifier, _CompoundObservationExpression,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`

			`_OBSERVATION_EXPRESSION_TYPE_ORDER = (`
			`ObservationExpression, AndObservationExpression, OrObservationExpression,`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`FollowedByObservationExpression, QualifiedObservationExpression,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`


			`_QUALIFIER_TYPE_ORDER = (`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`RepeatQualifier, WithinQualifier, StartStopQualifier,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`


			`def repeats_cmp(qual1, qual2):`
			`"""`
			`Compare REPEATS qualifiers. This orders by repeat count.`
			`"""`
			`return generic_constant_cmp(qual1.times_to_repeat, qual2.times_to_repeat)`


			`def within_cmp(qual1, qual2):`
			`"""`
			`Compare WITHIN qualifiers. This orders by number of seconds.`
			`"""`
			`return generic_constant_cmp(`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`qual1.number_of_seconds, qual2.number_of_seconds,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`


			`def startstop_cmp(qual1, qual2):`
			`"""`
			`Compare START/STOP qualifiers. This lexicographically orders by start time,`
			`then stop time.`
			`"""`
			`return iter_lex_cmp(`
			`(qual1.start_time, qual1.stop_time),`
			`(qual2.start_time, qual2.stop_time),`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`generic_constant_cmp,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`


			`_QUALIFIER_COMPARATORS = {`
			`RepeatQualifier: repeats_cmp,`
			`WithinQualifier: within_cmp,`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`StartStopQualifier: startstop_cmp,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`}`


			`def observation_expression_cmp(expr1, expr2):`
			`"""`
			`Compare two observation expression ASTs. This is sensitive to the order of`
			`the expressions' sub-components. To achieve an order-insensitive`
			`comparison, the ASTs must be canonically ordered first.`

			`:param expr1: The first observation expression`
			`:param expr2: The second observation expression`
			`:return: <0, 0, or >0 depending on whether the first arg is less, equal or`
			`greater than the second`
			`"""`
			`type1 = type(expr1)`
			`type2 = type(expr2)`

			`type1_idx = _OBSERVATION_EXPRESSION_TYPE_ORDER.index(type1)`
			`type2_idx = _OBSERVATION_EXPRESSION_TYPE_ORDER.index(type2)`

			`if type1_idx != type2_idx:`
			`result = generic_cmp(type1_idx, type2_idx)`

			`# else, both exprs are of same type.`

			`# If they're simple, use contained comparison expression order`
			`elif type1 is ObservationExpression:`
			`result = comparison_expression_cmp(`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`expr1.operand, expr2.operand,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`

			`elif isinstance(expr1, _CompoundObservationExpression):`
			`# Both compound, and of same type (and/or/followedby): sort according`
			`# to contents.`
			`result = iter_lex_cmp(`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`expr1.operands, expr2.operands, observation_expression_cmp,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`

			`else: # QualifiedObservationExpression`
			`# Both qualified. Check qualifiers first; if they are the same,`
			`# use order of the qualified expressions.`
			`qual1_type = type(expr1.qualifier)`
			`qual2_type = type(expr2.qualifier)`

			`qual1_type_idx = _QUALIFIER_TYPE_ORDER.index(qual1_type)`
			`qual2_type_idx = _QUALIFIER_TYPE_ORDER.index(qual2_type)`

			`result = generic_cmp(qual1_type_idx, qual2_type_idx)`

			`if result == 0:`
			`# Same qualifier type; compare qualifier details`
			`qual_cmp = _QUALIFIER_COMPARATORS.get(qual1_type)`
			`if qual_cmp:`
			`result = qual_cmp(expr1.qualifier, expr2.qualifier)`
			`else:`
			`raise TypeError(`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`"Can't compare qualifier type: " + qual1_type.__name__,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`

			`if result == 0:`
			`# Same qualifier type and details; use qualified expression order`
			`result = observation_expression_cmp(`
pre-commit hook stylistic changes 2020-08-13 23:44:42 +02:00			`expr1.observation_expression, expr2.observation_expression,`
Add first cut of a pattern equivalence capability 2020-08-11 00:33:26 +02:00			`)`

			`return result`