cti-python-stix2/stix2/__init__.py

57 lines
1.6 KiB
Python
Raw Normal View History

2017-02-10 22:35:02 +01:00
"""Python APIs for STIX 2."""
2017-01-17 21:37:47 +01:00
2017-03-22 14:05:59 +01:00
# flake8: noqa
2017-04-05 23:12:44 +02:00
import json
2017-02-10 22:35:02 +01:00
from .bundle import Bundle
2017-02-24 19:51:21 +01:00
from .common import ExternalReference, KillChainPhase
2017-02-24 18:56:55 +01:00
from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \
IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \
Vulnerability
from .sro import Relationship, Sighting
from .markings import MarkingDefinition, GranularMarking, StatementMarking, TLPMarking
2017-04-05 23:12:44 +02:00
def parse(data):
"""Deserialize a string or file-like object into a STIX object"""
if type(data) is dict:
obj = data
else:
try:
obj = json.loads(data)
except TypeError:
obj = json.load(data)
2017-04-05 23:12:44 +02:00
2017-04-19 15:22:08 +02:00
obj_map = {
'attack-pattern': AttackPattern,
'campaign': Campaign,
'course-of-action': CourseOfAction,
'identity': Identity,
'indicator': Indicator,
'intrusion-set': IntrusionSet,
'malware': Malware,
'marking-definition': MarkingDefinition,
'observed-data': ObservedData,
'report': Report,
'relationship': Relationship,
'threat-actor': ThreatActor,
'tool': Tool,
'sighting': Sighting,
'vulnerability': Vulnerability,
}
2017-04-05 23:12:44 +02:00
if 'type' not in obj:
# TODO parse external references, kill chain phases, and granular markings
pass
2017-04-19 15:22:08 +02:00
else:
try:
obj_class = obj_map[obj['type']]
return obj_class(**obj)
except KeyError:
# TODO handle custom objects
raise ValueError("Can't parse unknown object type!")
2017-04-05 23:12:44 +02:00
return obj