Provide default for revoked, sighting:summary.
This allows filter on un-revoked objects. Changes default JSONEncoder to drop optional properties with default values in the spec if set to the default value. They can be included by passing include_optional_defaults=True to serialize().stix2.0
parent
194672ee2b
commit
14dce03616
|
@ -22,6 +22,33 @@ DEFAULT_ERROR = "{type} must have {property}='{expected}'."
|
|||
|
||||
|
||||
class STIXJSONEncoder(json.JSONEncoder):
|
||||
"""Custom JSONEncoder subclass for serializing Python ``stix2`` objects.
|
||||
|
||||
If an optional property with a default value specified in the STIX 2 spec
|
||||
is set to that default value, it will be left out of the serialized output.
|
||||
|
||||
An example of this type of property include the ``revoked`` common property.
|
||||
"""
|
||||
|
||||
def default(self, obj):
|
||||
if isinstance(obj, (dt.date, dt.datetime)):
|
||||
return format_datetime(obj)
|
||||
elif isinstance(obj, _STIXBase):
|
||||
tmp_obj = dict(copy.deepcopy(obj))
|
||||
for prop_name in obj._defaulted_optional_properties:
|
||||
del tmp_obj[prop_name]
|
||||
return tmp_obj
|
||||
else:
|
||||
return super(STIXJSONEncoder, self).default(obj)
|
||||
|
||||
|
||||
class STIXJSONIncludeOptionalDefaultsEncoder(json.JSONEncoder):
|
||||
"""Custom JSONEncoder subclass for serializing Python ``stix2`` objects.
|
||||
|
||||
Differs from ``STIXJSONEncoder`` in that if an optional property with a default
|
||||
value specified in the STIX 2 spec is set to that default value, it will be
|
||||
included in the serialized output.
|
||||
"""
|
||||
|
||||
def default(self, obj):
|
||||
if isinstance(obj, (dt.date, dt.datetime)):
|
||||
|
@ -122,14 +149,25 @@ class _STIXBase(collections.Mapping):
|
|||
setting_kwargs[prop_name] = prop_value
|
||||
|
||||
# Detect any missing required properties
|
||||
required_properties = get_required_properties(cls._properties)
|
||||
missing_kwargs = set(required_properties) - set(setting_kwargs)
|
||||
required_properties = set(get_required_properties(cls._properties))
|
||||
missing_kwargs = required_properties - set(setting_kwargs)
|
||||
if missing_kwargs:
|
||||
raise MissingPropertiesError(cls, missing_kwargs)
|
||||
|
||||
for prop_name, prop_metadata in cls._properties.items():
|
||||
self._check_property(prop_name, prop_metadata, setting_kwargs)
|
||||
|
||||
# Cache defaulted optional properties for serialization
|
||||
defaulted = []
|
||||
for name, prop in cls._properties.items():
|
||||
try:
|
||||
if (not prop.required and not hasattr(prop, '_fixed_value') and
|
||||
prop.default() == setting_kwargs[name]):
|
||||
defaulted.append(name)
|
||||
except (AttributeError, KeyError):
|
||||
continue
|
||||
self._defaulted_optional_properties = defaulted
|
||||
|
||||
self._inner = setting_kwargs
|
||||
|
||||
self._check_object_constraints()
|
||||
|
@ -151,7 +189,7 @@ class _STIXBase(collections.Mapping):
|
|||
(self.__class__.__name__, name))
|
||||
|
||||
def __setattr__(self, name, value):
|
||||
if name != '_inner' and not name.startswith("_STIXBase__"):
|
||||
if not name.startswith("_"):
|
||||
raise ImmutableError(self.__class__, name)
|
||||
super(_STIXBase, self).__setattr__(name, value)
|
||||
|
||||
|
@ -170,6 +208,7 @@ class _STIXBase(collections.Mapping):
|
|||
if isinstance(self, _Observable):
|
||||
# Assume: valid references in the original object are still valid in the new version
|
||||
new_inner['_valid_refs'] = {'*': '*'}
|
||||
new_inner['allow_custom'] = self.__allow_custom
|
||||
return cls(**new_inner)
|
||||
|
||||
def properties_populated(self):
|
||||
|
@ -183,7 +222,7 @@ class _STIXBase(collections.Mapping):
|
|||
def revoke(self):
|
||||
return _revoke(self)
|
||||
|
||||
def serialize(self, pretty=False, **kwargs):
|
||||
def serialize(self, pretty=False, include_optional_defaults=False, **kwargs):
|
||||
"""
|
||||
Serialize a STIX object.
|
||||
|
||||
|
@ -191,6 +230,8 @@ class _STIXBase(collections.Mapping):
|
|||
pretty (bool): If True, output properties following the STIX specs
|
||||
formatting. This includes indentation. Refer to notes for more
|
||||
details. (Default: ``False``)
|
||||
include_optional_defaults (bool): Determines whether to include
|
||||
optional properties set to the default value defined in the spec.
|
||||
**kwargs: The arguments for a json.dumps() call.
|
||||
|
||||
Returns:
|
||||
|
@ -213,7 +254,10 @@ class _STIXBase(collections.Mapping):
|
|||
|
||||
kwargs.update({'indent': 4, 'separators': (",", ": "), 'item_sort_key': sort_by})
|
||||
|
||||
return json.dumps(self, cls=STIXJSONEncoder, **kwargs)
|
||||
if include_optional_defaults:
|
||||
return json.dumps(self, cls=STIXJSONIncludeOptionalDefaultsEncoder, **kwargs)
|
||||
else:
|
||||
return json.dumps(self, cls=STIXJSONEncoder, **kwargs)
|
||||
|
||||
|
||||
class _Observable(_STIXBase):
|
||||
|
|
|
@ -6,7 +6,7 @@ import stix2
|
|||
|
||||
EXPECTED_BUNDLE = """{
|
||||
"type": "bundle",
|
||||
"id": "bundle--00000000-0000-0000-0000-000000000004",
|
||||
"id": "bundle--00000000-0000-0000-0000-000000000007",
|
||||
"spec_version": "2.0",
|
||||
"objects": [
|
||||
{
|
||||
|
@ -22,7 +22,7 @@ EXPECTED_BUNDLE = """{
|
|||
},
|
||||
{
|
||||
"type": "malware",
|
||||
"id": "malware--00000000-0000-0000-0000-000000000002",
|
||||
"id": "malware--00000000-0000-0000-0000-000000000003",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"name": "Cryptolocker",
|
||||
|
@ -32,7 +32,7 @@ EXPECTED_BUNDLE = """{
|
|||
},
|
||||
{
|
||||
"type": "relationship",
|
||||
"id": "relationship--00000000-0000-0000-0000-000000000003",
|
||||
"id": "relationship--00000000-0000-0000-0000-000000000005",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"relationship_type": "indicates",
|
||||
|
@ -44,7 +44,7 @@ EXPECTED_BUNDLE = """{
|
|||
|
||||
EXPECTED_BUNDLE_DICT = {
|
||||
"type": "bundle",
|
||||
"id": "bundle--00000000-0000-0000-0000-000000000004",
|
||||
"id": "bundle--00000000-0000-0000-0000-000000000007",
|
||||
"spec_version": "2.0",
|
||||
"objects": [
|
||||
{
|
||||
|
@ -60,7 +60,7 @@ EXPECTED_BUNDLE_DICT = {
|
|||
},
|
||||
{
|
||||
"type": "malware",
|
||||
"id": "malware--00000000-0000-0000-0000-000000000002",
|
||||
"id": "malware--00000000-0000-0000-0000-000000000003",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"name": "Cryptolocker",
|
||||
|
@ -70,7 +70,7 @@ EXPECTED_BUNDLE_DICT = {
|
|||
},
|
||||
{
|
||||
"type": "relationship",
|
||||
"id": "relationship--00000000-0000-0000-0000-000000000003",
|
||||
"id": "relationship--00000000-0000-0000-0000-000000000005",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"relationship_type": "indicates",
|
||||
|
|
|
@ -405,13 +405,11 @@ def test_apply_common_filters4():
|
|||
|
||||
def test_apply_common_filters5():
|
||||
# "Return any object whose not revoked"
|
||||
# Note that if 'revoked' property is not present in object.
|
||||
# Currently we can't use such an expression to filter for... :(
|
||||
resp = list(apply_common_filters(stix_objs, [filters[5]]))
|
||||
assert len(resp) == 0
|
||||
|
||||
resp = list(apply_common_filters(real_stix_objs, [filters[5]]))
|
||||
assert len(resp) == 0
|
||||
assert len(resp) == 4
|
||||
|
||||
|
||||
def test_apply_common_filters6():
|
||||
|
|
|
@ -45,6 +45,7 @@ def test_indicator_with_all_required_properties():
|
|||
labels=['malicious-activity'],
|
||||
)
|
||||
|
||||
assert ind.revoked is False
|
||||
assert str(ind) == EXPECTED_INDICATOR
|
||||
rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(ind))
|
||||
assert rep == EXPECTED_INDICATOR_REPR
|
||||
|
|
|
@ -123,8 +123,8 @@ def test_create_relationship_from_objects_rather_than_ids(indicator, malware):
|
|||
|
||||
assert rel.relationship_type == 'indicates'
|
||||
assert rel.source_ref == 'indicator--00000000-0000-0000-0000-000000000001'
|
||||
assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000002'
|
||||
assert rel.id == 'relationship--00000000-0000-0000-0000-000000000003'
|
||||
assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000003'
|
||||
assert rel.id == 'relationship--00000000-0000-0000-0000-000000000005'
|
||||
|
||||
|
||||
def test_create_relationship_with_positional_args(indicator, malware):
|
||||
|
@ -132,8 +132,8 @@ def test_create_relationship_with_positional_args(indicator, malware):
|
|||
|
||||
assert rel.relationship_type == 'indicates'
|
||||
assert rel.source_ref == 'indicator--00000000-0000-0000-0000-000000000001'
|
||||
assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000002'
|
||||
assert rel.id == 'relationship--00000000-0000-0000-0000-000000000003'
|
||||
assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000003'
|
||||
assert rel.id == 'relationship--00000000-0000-0000-0000-000000000005'
|
||||
|
||||
|
||||
@pytest.mark.parametrize("data", [
|
||||
|
|
|
@ -86,7 +86,7 @@ def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811
|
|||
rel = stix2.Sighting(sighting_of_ref=malware)
|
||||
|
||||
assert rel.sighting_of_ref == 'malware--00000000-0000-0000-0000-000000000001'
|
||||
assert rel.id == 'sighting--00000000-0000-0000-0000-000000000002'
|
||||
assert rel.id == 'sighting--00000000-0000-0000-0000-000000000003'
|
||||
|
||||
|
||||
@pytest.mark.parametrize("data", [
|
||||
|
|
|
@ -19,6 +19,19 @@ EXPECTED = """{
|
|||
]
|
||||
}"""
|
||||
|
||||
EXPECTED_WITH_REVOKED = """{
|
||||
"type": "tool",
|
||||
"id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
|
||||
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
|
||||
"created": "2016-04-06T20:03:48.000Z",
|
||||
"modified": "2016-04-06T20:03:48.000Z",
|
||||
"name": "VNC",
|
||||
"revoked": false,
|
||||
"labels": [
|
||||
"remote-access"
|
||||
]
|
||||
}"""
|
||||
|
||||
|
||||
def test_tool_example():
|
||||
tool = stix2.Tool(
|
||||
|
@ -64,4 +77,18 @@ def test_tool_no_workbench_wrappers():
|
|||
with pytest.raises(AttributeError):
|
||||
tool.created_by()
|
||||
|
||||
|
||||
def test_tool_serialize_with_defaults():
|
||||
tool = stix2.Tool(
|
||||
id="tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
|
||||
created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
|
||||
created="2016-04-06T20:03:48.000Z",
|
||||
modified="2016-04-06T20:03:48.000Z",
|
||||
name="VNC",
|
||||
labels=["remote-access"],
|
||||
)
|
||||
|
||||
assert tool.serialize(pretty=True, include_optional_defaults=True) == EXPECTED_WITH_REVOKED
|
||||
|
||||
|
||||
# TODO: Add other examples
|
||||
|
|
|
@ -36,7 +36,7 @@ class AttackPattern(STIXDomainObject):
|
|||
('name', StringProperty(required=True)),
|
||||
('description', StringProperty()),
|
||||
('kill_chain_phases', ListProperty(KillChainPhase)),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -63,7 +63,7 @@ class Campaign(STIXDomainObject):
|
|||
('first_seen', TimestampProperty()),
|
||||
('last_seen', TimestampProperty()),
|
||||
('objective', StringProperty()),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -86,7 +86,7 @@ class CourseOfAction(STIXDomainObject):
|
|||
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
||||
('name', StringProperty(required=True)),
|
||||
('description', StringProperty()),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -112,7 +112,7 @@ class Identity(STIXDomainObject):
|
|||
('identity_class', StringProperty(required=True)),
|
||||
('sectors', ListProperty(StringProperty)),
|
||||
('contact_information', StringProperty()),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -139,7 +139,7 @@ class Indicator(STIXDomainObject):
|
|||
('valid_from', TimestampProperty(default=lambda: NOW)),
|
||||
('valid_until', TimestampProperty()),
|
||||
('kill_chain_phases', ListProperty(KillChainPhase)),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty, required=True)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -169,7 +169,7 @@ class IntrusionSet(STIXDomainObject):
|
|||
('resource_level', StringProperty()),
|
||||
('primary_motivation', StringProperty()),
|
||||
('secondary_motivations', ListProperty(StringProperty)),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -193,7 +193,7 @@ class Malware(STIXDomainObject):
|
|||
('name', StringProperty(required=True)),
|
||||
('description', StringProperty()),
|
||||
('kill_chain_phases', ListProperty(KillChainPhase)),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty, required=True)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -218,7 +218,7 @@ class ObservedData(STIXDomainObject):
|
|||
('last_observed', TimestampProperty(required=True)),
|
||||
('number_observed', IntegerProperty(required=True)),
|
||||
('objects', ObservableProperty(required=True)),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -243,7 +243,7 @@ class Report(STIXDomainObject):
|
|||
('description', StringProperty()),
|
||||
('published', TimestampProperty(required=True)),
|
||||
('object_refs', ListProperty(ReferenceProperty, required=True)),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty, required=True)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -274,7 +274,7 @@ class ThreatActor(STIXDomainObject):
|
|||
('primary_motivation', StringProperty()),
|
||||
('secondary_motivations', ListProperty(StringProperty)),
|
||||
('personal_motivations', ListProperty(StringProperty)),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty, required=True)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -299,7 +299,7 @@ class Tool(STIXDomainObject):
|
|||
('description', StringProperty()),
|
||||
('kill_chain_phases', ListProperty(KillChainPhase)),
|
||||
('tool_version', StringProperty()),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty, required=True)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -322,7 +322,7 @@ class Vulnerability(STIXDomainObject):
|
|||
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
|
||||
('name', StringProperty(required=True)),
|
||||
('description', StringProperty()),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -382,7 +382,7 @@ def CustomObject(type='x-custom-type', properties=None):
|
|||
|
||||
# This is to follow the general properties structure.
|
||||
_properties.update([
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
|
|
@ -32,7 +32,7 @@ class Relationship(STIXRelationshipObject):
|
|||
('description', StringProperty()),
|
||||
('source_ref', ReferenceProperty(required=True)),
|
||||
('target_ref', ReferenceProperty(required=True)),
|
||||
('revoked', BooleanProperty()),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
@ -72,8 +72,8 @@ class Sighting(STIXRelationshipObject):
|
|||
('sighting_of_ref', ReferenceProperty(required=True)),
|
||||
('observed_data_refs', ListProperty(ReferenceProperty(type="observed-data"))),
|
||||
('where_sighted_refs', ListProperty(ReferenceProperty(type="identity"))),
|
||||
('summary', BooleanProperty()),
|
||||
('revoked', BooleanProperty()),
|
||||
('summary', BooleanProperty(default=lambda: False)),
|
||||
('revoked', BooleanProperty(default=lambda: False)),
|
||||
('labels', ListProperty(StringProperty)),
|
||||
('external_references', ListProperty(ExternalReference)),
|
||||
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
|
||||
|
|
Loading…
Reference in New Issue