From 0a8ff2ab2e0764531d199f966663b5c28e1999b7 Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Thu, 1 Nov 2018 19:58:34 -0400 Subject: [PATCH] Add some newer versions of a couple of object IDs in the stix2 test data corpus. Updated filesystem store tests accordingly: - Remove comments from all_versions tests stating that multiple versions are not supported. Improve the tests to ensure that all versions are in fact retrieved. - Update the get() test to assure that it gets only the latest version, when there is more than one version. - Update some count checks, since there are more objects now - Fix some typos --- .../20181101232448446000.json | 11 ++++++ .../20181101232448456000.json | 27 +++++++++++++++ .../20181101232448457000.json | 27 +++++++++++++++ stix2/test/test_datastore_filesystem.py | 34 +++++++++++-------- 4 files changed, 85 insertions(+), 14 deletions(-) create mode 100644 stix2/test/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json create mode 100644 stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json create mode 100644 stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json diff --git a/stix2/test/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json b/stix2/test/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json new file mode 100644 index 0000000..ff3cc88 --- /dev/null +++ b/stix2/test/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json @@ -0,0 +1,11 @@ +{ + "type": "identity", + "id": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "created": "2017-06-01T00:00:00.000Z", + "modified": "2018-11-01T23:24:48.446Z", + "name": "The MITRE Corporation", + "identity_class": "organization", + "labels": [ + "version two" + ] +} \ No newline at end of file diff --git a/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json b/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json new file mode 100644 index 0000000..e025563 --- /dev/null +++ b/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json @@ -0,0 +1,27 @@ +{ + "type": "malware", + "id": "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "created": "2017-05-31T21:32:58.226Z", + "modified": "2018-11-01T23:24:48.456Z", + "name": "Rover", + "description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]", + "labels": [ + "version two" + ], + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/wiki/Software/S0090", + "external_id": "S0090" + }, + { + "source_name": "Palo Alto Rover", + "description": "Ray, V., Hayashi, K. (2016, February 29). New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.", + "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] +} \ No newline at end of file diff --git a/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json b/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json new file mode 100644 index 0000000..5f65e74 --- /dev/null +++ b/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json @@ -0,0 +1,27 @@ +{ + "type": "malware", + "id": "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "created": "2017-05-31T21:32:58.226Z", + "modified": "2018-11-01T23:24:48.457Z", + "name": "Rover", + "description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]", + "labels": [ + "version three" + ], + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/wiki/Software/S0090", + "external_id": "S0090" + }, + { + "source_name": "Palo Alto Rover", + "description": "Ray, V., Hayashi, K. (2016, February 29). New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.", + "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] +} \ No newline at end of file diff --git a/stix2/test/test_datastore_filesystem.py b/stix2/test/test_datastore_filesystem.py index 93bb8c7..44a12ed 100644 --- a/stix2/test/test_datastore_filesystem.py +++ b/stix2/test/test_datastore_filesystem.py @@ -152,27 +152,32 @@ def test_filesystem_source_bad_stix_file(fs_source, bad_stix_files): assert "could either not be parsed to JSON or was not valid STIX JSON" in str(e) -def test_filesytem_source_get_object(fs_source): - # get object +def test_filesystem_source_get_object(fs_source): + # get (latest) object mal = fs_source.get("malware--6b616fc1-1505-48e3-8b2c-0d19337bff38") assert mal.id == "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38" assert mal.name == "Rover" + assert mal.modified == datetime.datetime(2018, 11, 1, 23, 24, 48, 457000, + pytz.utc) -def test_filesytem_source_get_nonexistent_object(fs_source): +def test_filesystem_source_get_nonexistent_object(fs_source): ind = fs_source.get("indicator--6b616fc1-1505-48e3-8b2c-0d19337bff38") assert ind is None -def test_filesytem_source_all_versions(fs_source): - # all versions - (currently not a true all versions call as FileSystem cant have multiple versions) - id_ = fs_source.get("identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5") - assert id_.id == "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" - assert id_.name == "The MITRE Corporation" - assert id_.type == "identity" +def test_filesystem_source_all_versions(fs_source): + ids = fs_source.all_versions( + "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + ) + assert len(ids) == 2 + assert all(id_.id == "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" + for id_ in ids) + assert all(id_.name == "The MITRE Corporation" for id_ in ids) + assert all(id_.type == "identity" for id_ in ids) -def test_filesytem_source_query_single(fs_source): +def test_filesystem_source_query_single(fs_source): # query2 is_2 = fs_source.query([Filter("external_references.external_id", '=', "T1027")]) assert len(is_2) == 1 @@ -387,8 +392,9 @@ def test_filesystem_store_get_stored_as_object(fs_store): def test_filesystem_store_all_versions(fs_store): - # all versions() - (note at this time, all_versions() is still not applicable to FileSystem, as only one version is ever stored) - rel = fs_store.all_versions("relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1")[0] + rels = fs_store.all_versions("relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1") + assert len(rels) == 1 + rel = rels[0] assert rel.id == "relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1" assert rel.type == "relationship" @@ -411,7 +417,7 @@ def test_filesystem_store_query_single_filter(fs_store): def test_filesystem_store_empty_query(fs_store): results = fs_store.query() # returns all - assert len(results) == 26 + assert len(results) == 29 assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [obj.id for obj in results] assert "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" in [obj.id for obj in results] @@ -425,7 +431,7 @@ def test_filesystem_store_query_multiple_filters(fs_store): def test_filesystem_store_query_dont_include_type_folder(fs_store): results = fs_store.query(Filter("type", "!=", "tool")) - assert len(results) == 24 + assert len(results) == 27 def test_filesystem_store_add(fs_store):