diff --git a/stix2/test/test_utils_type_checks.py b/stix2/test/test_utils_type_checks.py new file mode 100644 index 0000000..31d99eb --- /dev/null +++ b/stix2/test/test_utils_type_checks.py @@ -0,0 +1,287 @@ +import pytest +import stix2.utils + + +### +### Tests using types/behaviors common to STIX 2.0 and 2.1. +### + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +@pytest.mark.parametrize( + "type_", [ + "attack-pattern", + "campaign", + "course-of-action", + "identity", + "indicator", + "intrusion-set", + "malware", + "observed-data", + "report", + "threat-actor", + "tool", + "vulnerability" + ] +) +def test_is_sdo(type_, stix_version): + assert stix2.utils.is_sdo(type_, stix_version) + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert stix2.utils.is_sdo(id_, stix_version) + + d = { + "type": type_ + } + assert stix2.utils.is_sdo(d, stix_version) + + assert stix2.utils.is_stix_type( + type_, stix_version, stix2.utils.STIXTypeClass.SDO + ) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +@pytest.mark.parametrize( + "type_", [ + "relationship", + "sighting", + "marking-definition", + "bundle", + "language-content", + "ipv4-addr", + "foo" + ] +) +def test_is_not_sdo(type_, stix_version): + assert not stix2.utils.is_sdo(type_, stix_version) + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert not stix2.utils.is_sdo(id_, stix_version) + + d = { + "type": type_ + } + assert not stix2.utils.is_sdo(d, stix_version) + + assert not stix2.utils.is_stix_type( + type_, stix_version, stix2.utils.STIXTypeClass.SDO + ) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +@pytest.mark.parametrize( + "type_", [ + "artifact", + "autonomous-system", + "directory", + "domain-name", + "email-addr", + "email-message", + "file", + "ipv4-addr", + "ipv6-addr", + "mac-addr", + "mutex", + "network-traffic", + "process", + "software", + "url", + "user-account", + "windows-registry-key", + "x509-certificate" + ] +) +def test_is_sco(type_, stix_version): + assert stix2.utils.is_sco(type_, stix_version) + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert stix2.utils.is_sco(id_, stix_version) + + d = { + "type": type_ + } + assert stix2.utils.is_sco(d, stix_version) + + assert stix2.utils.is_stix_type( + type_, stix_version, stix2.utils.STIXTypeClass.SCO + ) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +@pytest.mark.parametrize( + "type_", [ + "identity", + "sighting", + "marking-definition", + "bundle", + "language-content", + "foo" + ] +) +def test_is_not_sco(type_, stix_version): + assert not stix2.utils.is_sco(type_, stix_version) + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert not stix2.utils.is_sco(id_, stix_version) + + d = { + "type": type_ + } + assert not stix2.utils.is_sco(d, stix_version) + + assert not stix2.utils.is_stix_type( + type_, stix_version, stix2.utils.STIXTypeClass.SCO + ) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +@pytest.mark.parametrize( + "type_", [ + "relationship", + "sighting" + ] +) +def test_is_sro(type_, stix_version): + assert stix2.utils.is_sro(type_, stix_version) + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert stix2.utils.is_sro(id_, stix_version) + + d = { + "type": type_ + } + assert stix2.utils.is_sro(d, stix_version) + + assert stix2.utils.is_stix_type( + type_, stix_version, stix2.utils.STIXTypeClass.SRO + ) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +@pytest.mark.parametrize( + "type_", [ + "identity", + "marking-definition", + "bundle", + "language-content", + "ipv4-addr", + "foo" + ] +) +def test_is_not_sro(type_, stix_version): + assert not stix2.utils.is_sro(type_, stix_version) + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert not stix2.utils.is_sro(id_, stix_version) + + d = { + "type": type_ + } + assert not stix2.utils.is_sro(d, stix_version) + + assert not stix2.utils.is_stix_type( + type_, stix_version, stix2.utils.STIXTypeClass.SRO + ) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +def test_is_marking(stix_version): + assert stix2.utils.is_marking("marking-definition", stix_version) + + id_ = "marking-definition--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert stix2.utils.is_marking(id_, stix_version) + + d = { + "type": "marking-definition" + } + assert stix2.utils.is_marking(d, stix_version) + + assert stix2.utils.is_stix_type( + "marking-definition", stix_version, "marking-definition" + ) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +@pytest.mark.parametrize( + "type_", [ + "identity", + "bundle", + "language-content", + "ipv4-addr", + "foo" + ] +) +def test_is_not_marking(type_, stix_version): + assert not stix2.utils.is_marking(type_, stix_version) + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert not stix2.utils.is_marking(id_, stix_version) + + d = { + "type": type_ + } + assert not stix2.utils.is_marking(d, stix_version) + + assert not stix2.utils.is_stix_type( + type_, stix_version, "marking-definition" + ) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +@pytest.mark.parametrize( + "type_", [ + "identity", + "relationship", + "sighting", + "marking-definition", + "bundle", + "ipv4-addr" + ] +) +def test_is_object(type_, stix_version): + assert stix2.utils.is_object(type_, stix_version) + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert stix2.utils.is_object(id_, stix_version) + + d = { + "type": type_ + } + assert stix2.utils.is_object(d, stix_version) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +def test_is_not_object(stix_version): + assert not stix2.utils.is_object("foo", stix_version) + + id_ = "foo--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert not stix2.utils.is_object(id_, stix_version) + + d = { + "type": "foo" + } + assert not stix2.utils.is_object(d, stix_version) + + +@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) +def test_is_stix_type(stix_version): + + assert not stix2.utils.is_stix_type( + "foo", stix_version, stix2.utils.STIXTypeClass.SDO, "foo" + ) + + assert stix2.utils.is_stix_type( + "bundle", stix_version, "foo", "bundle" + ) + + assert stix2.utils.is_stix_type( + "identity", stix_version, + stix2.utils.STIXTypeClass.SDO, + stix2.utils.STIXTypeClass.SRO + ) + + assert stix2.utils.is_stix_type( + "software", stix_version, + stix2.utils.STIXTypeClass.SDO, + stix2.utils.STIXTypeClass.SCO + ) diff --git a/stix2/test/v21/test_utils.py b/stix2/test/v21/test_utils.py index 41bc087..940d1db 100644 --- a/stix2/test/v21/test_utils.py +++ b/stix2/test/v21/test_utils.py @@ -241,3 +241,40 @@ def test_find_property_index(object, tuple_to_find, expected_index): ) def test_iterate_over_values(dict_value, tuple_to_find, expected_index): assert stix2.serialization._find_property_in_seq(dict_value.values(), *tuple_to_find) == expected_index + + +# Only 2.1-specific types/behaviors tested here. +@pytest.mark.parametrize( + "type_", [ + "grouping", + "infrastructure", + "location", + "malware-analysis", + "note", + "opinion" + ] +) +def test_is_sdo(type_): + assert stix2.utils.is_sdo(type_, "2.1") + + id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" + assert stix2.utils.is_sdo(id_, "2.1") + + d = { + "type": type_ + } + assert stix2.utils.is_sdo(d, "2.1") + + assert stix2.utils.is_stix_type( + type_, "2.1", stix2.utils.STIXTypeClass.SDO + ) + + +def test_type_checks_language_content(): + assert stix2.utils.is_object("language-content", "2.1") + assert not stix2.utils.is_sdo("language-content", "2.1") + assert not stix2.utils.is_sco("language-content", "2.1") + assert not stix2.utils.is_sro("language-content", "2.1") + assert stix2.utils.is_stix_type( + "language-content", "2.1", "language-content" + )