MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Add some newer versions of a couple of object IDs in the stix2 

test data corpus.  Updated filesystem store tests accordingly:
- Remove comments from all_versions tests stating that multiple
  versions are not supported.  Improve the tests to ensure that
  all versions are in fact retrieved.
- Update the get() test to assure that it gets only the latest
  version, when there is more than one version.
- Update some count checks, since there are more objects now
- Fix some typos
master
Michael Chisholm 2018-11-01 19:58:34 -04:00
parent 2b983368e5
commit 0a8ff2ab2e
4 changed files with 85 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
stix2/test/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json Normal file
View File

@ -0,0 +1,11 @@
{
"type": "identity",
"id": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"created": "2017-06-01T00:00:00.000Z",
"modified": "2018-11-01T23:24:48.446Z",
"name": "The MITRE Corporation",
"identity_class": "organization",
"labels": [
"version two"
]
}

27
stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json Normal file
View File

@ -0,0 +1,27 @@
{
"type": "malware",
"id": "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"created": "2017-05-31T21:32:58.226Z",
"modified": "2018-11-01T23:24:48.456Z",
"name": "Rover",
"description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]",
"labels": [
"version two"
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/wiki/Software/S0090",
"external_id": "S0090"
},
{
"source_name": "Palo Alto Rover",
"description": "Ray, V., Hayashi, K. (2016, February 29). New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.",
"url": "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/"
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
]
}

27
stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json Normal file
View File

@ -0,0 +1,27 @@
{
"type": "malware",
"id": "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"created": "2017-05-31T21:32:58.226Z",
"modified": "2018-11-01T23:24:48.457Z",
"name": "Rover",
"description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]",
"labels": [
"version three"
],
"external_references": [
{
"source_name": "mitre-attack",
"url": "https://attack.mitre.org/wiki/Software/S0090",
"external_id": "S0090"
},
{
"source_name": "Palo Alto Rover",
"description": "Ray, V., Hayashi, K. (2016, February 29). New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.",
"url": "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/"
}
],
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
]
}

34
stix2/test/test_datastore_filesystem.py
View File

@ -152,27 +152,32 @@ def test_filesystem_source_bad_stix_file(fs_source, bad_stix_files):
assert "could either not be parsed to JSON or was not valid STIX JSON" in str(e) assert "could either not be parsed to JSON or was not valid STIX JSON" in str(e)
def test_filesytem_source_get_object(fs_source): def test_filesystem_source_get_object(fs_source):
# get object # get (latest) object
mal = fs_source.get("malware--6b616fc1-1505-48e3-8b2c-0d19337bff38") mal = fs_source.get("malware--6b616fc1-1505-48e3-8b2c-0d19337bff38")
assert mal.id == "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38" assert mal.id == "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38"
assert mal.name == "Rover" assert mal.name == "Rover"
assert mal.modified == datetime.datetime(2018, 11, 1, 23, 24, 48, 457000,
pytz.utc)
def test_filesytem_source_get_nonexistent_object(fs_source): def test_filesystem_source_get_nonexistent_object(fs_source):
ind = fs_source.get("indicator--6b616fc1-1505-48e3-8b2c-0d19337bff38") ind = fs_source.get("indicator--6b616fc1-1505-48e3-8b2c-0d19337bff38")
assert ind is None assert ind is None
def test_filesytem_source_all_versions(fs_source): def test_filesystem_source_all_versions(fs_source):
# all versions - (currently not a true all versions call as FileSystem cant have multiple versions) ids = fs_source.all_versions(
id_ = fs_source.get("identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5") "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
assert id_.id == "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" )
assert id_.name == "The MITRE Corporation" assert len(ids) == 2
assert id_.type == "identity" assert all(id_.id == "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
for id_ in ids)
assert all(id_.name == "The MITRE Corporation" for id_ in ids)
assert all(id_.type == "identity" for id_ in ids)
def test_filesytem_source_query_single(fs_source): def test_filesystem_source_query_single(fs_source):
# query2 # query2
is_2 = fs_source.query([Filter("external_references.external_id", '=', "T1027")]) is_2 = fs_source.query([Filter("external_references.external_id", '=', "T1027")])
assert len(is_2) == 1 assert len(is_2) == 1
@ -387,8 +392,9 @@ def test_filesystem_store_get_stored_as_object(fs_store):
def test_filesystem_store_all_versions(fs_store): def test_filesystem_store_all_versions(fs_store):
# all versions() - (note at this time, all_versions() is still not applicable to FileSystem, as only one version is ever stored) rels = fs_store.all_versions("relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1")
rel = fs_store.all_versions("relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1")[0] assert len(rels) == 1
rel = rels[0]
assert rel.id == "relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1" assert rel.id == "relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1"
assert rel.type == "relationship" assert rel.type == "relationship"
@ -411,7 +417,7 @@ def test_filesystem_store_query_single_filter(fs_store):
def test_filesystem_store_empty_query(fs_store): def test_filesystem_store_empty_query(fs_store):
results = fs_store.query() # returns all results = fs_store.query() # returns all
assert len(results) == 26 assert len(results) == 29
assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [obj.id for obj in results] assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [obj.id for obj in results]
assert "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" in [obj.id for obj in results] assert "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" in [obj.id for obj in results]
@ -425,7 +431,7 @@ def test_filesystem_store_query_multiple_filters(fs_store):
def test_filesystem_store_query_dont_include_type_folder(fs_store): def test_filesystem_store_query_dont_include_type_folder(fs_store):
results = fs_store.query(Filter("type", "!=", "tool")) results = fs_store.query(Filter("type", "!=", "tool"))
assert len(results) == 24 assert len(results) == 27
def test_filesystem_store_add(fs_store): def test_filesystem_store_add(fs_store):