MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

added 'to_pattern()' utility for pattern expressions; more information on patterning guide

stix2.0
mbastian1135 2018-08-27 16:21:14 -04:00
parent a9de13107f
commit 10149b9345
2 changed files with 35 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/guide/creating.ipynb
View File

@ -881,7 +881,7 @@
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.6.3"
"version": "3.6.5"
}
},
"nbformat": 4,

53
stix2/patterns.py
View File

@ -51,7 +51,6 @@ class IntegerConstant(_Constant):
Args:
value (int): integer value
"""
def __init__(self, value):
try:
@ -133,10 +132,10 @@ class HashConstant(StringConstant):
Args:
value (str): hash value
type (str): hash algorithm name
supported hash algorithms: "MD5", "MD6", RIPEMD160", "SHA1",
"SHA224", "SHA256", "SHA384", "SHA512", "SHA3224", "SHA3256",
"SHA3384", "SHA3512", "SSDEEP", "WHIRLPOOL"
type (str): hash algorithm name. Supported hash algorithms:
"MD5", "MD6", RIPEMD160", "SHA1", "SHA224", "SHA256",
"SHA384", "SHA512", "SHA3224", "SHA3256", "SHA3384",
"SHA3512", "SSDEEP", "WHIRLPOOL"
"""
def __init__(self, value, type):
key = type.upper().replace('-', '')
@ -197,7 +196,7 @@ def make_constant(value):
at determining root value type and corresponding conversion
Args:
value (): value to convert to Pattern constant
value: value to convert to Pattern constant
"""
if isinstance(value, _Constant):
return value
@ -234,7 +233,7 @@ class _ObjectPathComponent(object):
class BasicObjectPathComponent(_ObjectPathComponent):
"""Basic object path component (for a observation or expression)
"""Basic object path component (for an observation or expression)
By "Basic", implies that the object path component is not a
list, object reference or futher referenced property, i.e. terminal
@ -242,7 +241,7 @@ class BasicObjectPathComponent(_ObjectPathComponent):
Args:
property_name (str): object property name
is_key (): is dictionary key, default: False
is_key (bool): is dictionary key, default: False
"""
def __init__(self, property_name, is_key=False):
self.property_name = property_name
@ -256,10 +255,9 @@ class BasicObjectPathComponent(_ObjectPathComponent):
class ListObjectPathComponent(_ObjectPathComponent):
"""List object path component (for an observation or expression)
Args:
property_name (): list object property name
index (): index of the list property's value that is specified
property_name (str): list object property name
index (int): index of the list property's value that is specified
"""
def __init__(self, property_name, index):
self.property_name = property_name
@ -287,7 +285,7 @@ class ObjectPath(object):
Args:
object_type_name (str): name of object type for corresponding object path component
property_path (_ObjectPathComponent OR str): Object path
property_path (_ObjectPathComponent OR str): object path
"""
def __init__(self, object_type_name, property_path):
self.object_type_name = object_type_name
@ -315,7 +313,10 @@ class ObjectPath(object):
class _PatternExpression(object):
pass
def to_pattern(self):
"""return a properly formatted string of the pattern expression"""
return "[{}]".format(self.__str__())
class _ComparisonExpression(_PatternExpression):
@ -424,7 +425,7 @@ class InComparisonExpression(_ComparisonExpression):
class LikeComparisonExpression(_ComparisonExpression):
"""'in' Comparison Expression
"""'like' Comparison Expression
Args:
lhs (ObjectPath OR str): object path of left-hand-side component of expression
@ -437,7 +438,7 @@ class LikeComparisonExpression(_ComparisonExpression):
class MatchesComparisonExpression(_ComparisonExpression):
"""Matches Comparison Expression
"""'Matches' Comparison Expression
Args:
lhs (ObjectPath OR str): object path of left-hand-side component of expression
@ -476,7 +477,7 @@ class IsSupersetComparisonExpression(_ComparisonExpression):
class _BooleanExpression(_PatternExpression):
"""Pattern Boolean Expression
"""Boolean Pattern Expression
Args:
operator (str): boolean operator
@ -502,7 +503,7 @@ class _BooleanExpression(_PatternExpression):
class AndBooleanExpression(_BooleanExpression):
"""Pattern 'AND' Boolean Expression
"""'AND' Boolean Pattern Expression
Args:
operands (list): AND operands
@ -512,7 +513,7 @@ class AndBooleanExpression(_BooleanExpression):
class OrBooleanExpression(_BooleanExpression):
"""Pattern 'OR' Boolean Expression
"""'OR' Boolean Pattern Expression
Args:
operands (list): OR operands
@ -551,9 +552,14 @@ class _CompoundObservationExpression(_PatternExpression):
sub_exprs.append("%s" % o)
return (" " + self.operator + " ").join(sub_exprs)
def to_pattern(self):
return "{0} {1} {2}".format(self.operands[0].to_pattern(),
self.operator,
self.operands[1].to_pattern())
class AndObservationExpression(_CompoundObservationExpression):
"""Pattern 'AND' Compound Observation Expression
"""'AND' Compound Observation Pattern Expression
Args:
operands (str): compound observation operands
@ -582,6 +588,9 @@ class FollowedByObservationExpression(_CompoundObservationExpression):
def __init__(self, operands):
super(FollowedByObservationExpression, self).__init__("FOLLOWEDBY", operands)
def to_pattern(self):
return "[{}] {} [{}]".format(self.operands[0], "FOLLOWEDBY", self.operands[1])
class ParentheticalExpression(_PatternExpression):
"""Pattern Parenthetical Observation Expression
@ -597,6 +606,9 @@ class ParentheticalExpression(_PatternExpression):
def __str__(self):
return "(%s)" % self.expression
def to_pattern(self):
return "({})".format(self.expression.to_pattern())
class _ExpressionQualifier(_PatternExpression):
pass
@ -676,3 +688,6 @@ class QualifiedObservationExpression(_PatternExpression):
def __str__(self):
return "%s %s" % (self.observation_expression, self.qualifier)
def to_pattern(self):
return "{} {}".format(self.observation_expression.to_pattern(), self.qualifier)