2017-02-10 22:35:02 +01:00
|
|
|
"""Python APIs for STIX 2."""
|
2017-01-17 21:37:47 +01:00
|
|
|
|
2017-03-22 14:05:59 +01:00
|
|
|
# flake8: noqa
|
|
|
|
|
2017-04-05 23:12:44 +02:00
|
|
|
import json
|
|
|
|
|
2017-02-10 22:35:02 +01:00
|
|
|
from .bundle import Bundle
|
2017-02-24 19:51:21 +01:00
|
|
|
from .common import ExternalReference, KillChainPhase
|
2017-02-24 18:56:55 +01:00
|
|
|
from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \
|
|
|
|
IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \
|
|
|
|
Vulnerability
|
2017-03-31 21:52:27 +02:00
|
|
|
from .sro import Relationship, Sighting
|
|
|
|
from .markings import MarkingDefinition, GranularMarking, StatementMarking, TLPMarking
|
2017-04-05 23:12:44 +02:00
|
|
|
|
|
|
|
|
|
|
|
def parse(data):
|
|
|
|
"""Deserialize a string or file-like object into a STIX object"""
|
|
|
|
|
2017-04-10 16:42:07 +02:00
|
|
|
if type(data) is dict:
|
|
|
|
obj = data
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
obj = json.loads(data)
|
|
|
|
except TypeError:
|
|
|
|
obj = json.load(data)
|
2017-04-05 23:12:44 +02:00
|
|
|
|
2017-04-19 15:22:08 +02:00
|
|
|
obj_map = {
|
|
|
|
'attack-pattern': AttackPattern,
|
|
|
|
'campaign': Campaign,
|
|
|
|
'course-of-action': CourseOfAction,
|
|
|
|
'identity': Identity,
|
|
|
|
'indicator': Indicator,
|
|
|
|
'intrusion-set': IntrusionSet,
|
|
|
|
'malware': Malware,
|
|
|
|
'marking-definition': MarkingDefinition,
|
|
|
|
'observed-data': ObservedData,
|
|
|
|
'report': Report,
|
|
|
|
'relationship': Relationship,
|
|
|
|
'threat-actor': ThreatActor,
|
|
|
|
'tool': Tool,
|
|
|
|
'sighting': Sighting,
|
|
|
|
'vulnerability': Vulnerability,
|
|
|
|
}
|
|
|
|
|
2017-04-05 23:12:44 +02:00
|
|
|
if 'type' not in obj:
|
|
|
|
# TODO parse external references, kill chain phases, and granular markings
|
|
|
|
pass
|
2017-04-19 15:22:08 +02:00
|
|
|
else:
|
|
|
|
try:
|
|
|
|
obj_class = obj_map[obj['type']]
|
|
|
|
return obj_class(**obj)
|
|
|
|
except KeyError:
|
|
|
|
# TODO handle custom objects
|
|
|
|
raise ValueError("Can't parse unknown object type!")
|
2017-04-05 23:12:44 +02:00
|
|
|
|
|
|
|
return obj
|