flatten the extensions map, remove enclosing_type from ExtensionsProperty
other minor changespull/1/head
parent
4340be13c4
commit
22c4351688
|
@ -24,8 +24,8 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
from collections import Mapping
|
from collections import Mapping
|
||||||
|
|
||||||
TYPE_REGEX = re.compile(r'^\-?[a-z0-9]+(-[a-z0-9]+)*\-?$')
|
TYPE_REGEX = re.compile(r'^-?[a-z0-9]+(-[a-z0-9]+)*-?$')
|
||||||
TYPE_21_REGEX = re.compile(r'^([a-z][a-z0-9]*)+(-[a-z0-9]+)*\-?$')
|
TYPE_21_REGEX = re.compile(r'^([a-z][a-z0-9]*)+([a-z0-9-]+)*-?$')
|
||||||
ERROR_INVALID_ID = (
|
ERROR_INVALID_ID = (
|
||||||
"not a valid STIX identifier, must match <object-type>--<UUID>: {}"
|
"not a valid STIX identifier, must match <object-type>--<UUID>: {}"
|
||||||
)
|
)
|
||||||
|
@ -638,9 +638,8 @@ class ExtensionsProperty(DictionaryProperty):
|
||||||
"""Property for representing extensions on Observable objects.
|
"""Property for representing extensions on Observable objects.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, spec_version=stix2.DEFAULT_VERSION, allow_custom=False, enclosing_type=None, required=False):
|
def __init__(self, spec_version=stix2.DEFAULT_VERSION, allow_custom=False, required=False):
|
||||||
self.allow_custom = allow_custom
|
self.allow_custom = allow_custom
|
||||||
self.enclosing_type = enclosing_type
|
|
||||||
super(ExtensionsProperty, self).__init__(spec_version=spec_version, required=required)
|
super(ExtensionsProperty, self).__init__(spec_version=spec_version, required=required)
|
||||||
|
|
||||||
def clean(self, value):
|
def clean(self, value):
|
||||||
|
@ -655,10 +654,10 @@ class ExtensionsProperty(DictionaryProperty):
|
||||||
|
|
||||||
v = 'v' + self.spec_version.replace('.', '')
|
v = 'v' + self.spec_version.replace('.', '')
|
||||||
|
|
||||||
specific_type_map = STIX2_OBJ_MAPS[v]['observable-extensions'].get(self.enclosing_type, {})
|
extension_type_map = STIX2_OBJ_MAPS[v].get('extensions', {})
|
||||||
for key, subvalue in dictified.items():
|
for key, subvalue in dictified.items():
|
||||||
if key in specific_type_map:
|
if key in extension_type_map:
|
||||||
cls = specific_type_map[key]
|
cls = extension_type_map[key]
|
||||||
if type(subvalue) is dict:
|
if type(subvalue) is dict:
|
||||||
if self.allow_custom:
|
if self.allow_custom:
|
||||||
subvalue['allow_custom'] = True
|
subvalue['allow_custom'] = True
|
||||||
|
@ -673,6 +672,9 @@ class ExtensionsProperty(DictionaryProperty):
|
||||||
else:
|
else:
|
||||||
if self.allow_custom:
|
if self.allow_custom:
|
||||||
dictified[key] = subvalue
|
dictified[key] = subvalue
|
||||||
|
elif key.startswith('stix-extension--'):
|
||||||
|
_validate_id(key, '2.1', 'stix-extension')
|
||||||
|
dictified[key] = subvalue
|
||||||
else:
|
else:
|
||||||
raise CustomContentError("Can't parse unknown extension type: {}".format(key))
|
raise CustomContentError("Can't parse unknown extension type: {}".format(key))
|
||||||
return dictified
|
return dictified
|
||||||
|
|
|
@ -82,26 +82,18 @@ OBJ_MAP_OBSERVABLE = {
|
||||||
}
|
}
|
||||||
|
|
||||||
EXT_MAP = {
|
EXT_MAP = {
|
||||||
'file': {
|
'archive-ext': ArchiveExt,
|
||||||
'archive-ext': ArchiveExt,
|
'ntfs-ext': NTFSExt,
|
||||||
'ntfs-ext': NTFSExt,
|
'pdf-ext': PDFExt,
|
||||||
'pdf-ext': PDFExt,
|
'raster-image-ext': RasterImageExt,
|
||||||
'raster-image-ext': RasterImageExt,
|
'windows-pebinary-ext': WindowsPEBinaryExt,
|
||||||
'windows-pebinary-ext': WindowsPEBinaryExt,
|
'http-request-ext': HTTPRequestExt,
|
||||||
},
|
'icmp-ext': ICMPExt,
|
||||||
'network-traffic': {
|
'socket-ext': SocketExt,
|
||||||
'http-request-ext': HTTPRequestExt,
|
'tcp-ext': TCPExt,
|
||||||
'icmp-ext': ICMPExt,
|
'windows-process-ext': WindowsProcessExt,
|
||||||
'socket-ext': SocketExt,
|
'windows-service-ext': WindowsServiceExt,
|
||||||
'tcp-ext': TCPExt,
|
'unix-account-ext': UNIXAccountExt,
|
||||||
},
|
|
||||||
'process': {
|
|
||||||
'windows-process-ext': WindowsProcessExt,
|
|
||||||
'windows-service-ext': WindowsServiceExt,
|
|
||||||
},
|
|
||||||
'user-account': {
|
|
||||||
'unix-account-ext': UNIXAccountExt,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -91,29 +91,20 @@ OBJ_MAP_OBSERVABLE = {
|
||||||
}
|
}
|
||||||
|
|
||||||
EXT_MAP = {
|
EXT_MAP = {
|
||||||
'file': {
|
'archive-ext': ArchiveExt,
|
||||||
'archive-ext': ArchiveExt,
|
'ntfs-ext': NTFSExt,
|
||||||
'ntfs-ext': NTFSExt,
|
'pdf-ext': PDFExt,
|
||||||
'pdf-ext': PDFExt,
|
'raster-image-ext': RasterImageExt,
|
||||||
'raster-image-ext': RasterImageExt,
|
'windows-pebinary-ext': WindowsPEBinaryExt,
|
||||||
'windows-pebinary-ext': WindowsPEBinaryExt,
|
'http-request-ext': HTTPRequestExt,
|
||||||
},
|
'icmp-ext': ICMPExt,
|
||||||
'network-traffic': {
|
'socket-ext': SocketExt,
|
||||||
'http-request-ext': HTTPRequestExt,
|
'tcp-ext': TCPExt,
|
||||||
'icmp-ext': ICMPExt,
|
'windows-process-ext': WindowsProcessExt,
|
||||||
'socket-ext': SocketExt,
|
'windows-service-ext': WindowsServiceExt,
|
||||||
'tcp-ext': TCPExt,
|
'unix-account-ext': UNIXAccountExt,
|
||||||
},
|
|
||||||
'process': {
|
|
||||||
'windows-process-ext': WindowsProcessExt,
|
|
||||||
'windows-service-ext': WindowsServiceExt,
|
|
||||||
},
|
|
||||||
'user-account': {
|
|
||||||
'unix-account-ext': UNIXAccountExt,
|
|
||||||
},
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# Ensure star-imports from this module get the right symbols. "base" is a
|
# Ensure star-imports from this module get the right symbols. "base" is a
|
||||||
# known problem, since there are multiple modules with that name and one can
|
# known problem, since there are multiple modules with that name and one can
|
||||||
# accidentally overwrite another.
|
# accidentally overwrite another.
|
||||||
|
|
|
@ -55,7 +55,7 @@ from . import ( # noqa: F401
|
||||||
WindowsPEBinaryExt, WindowsPEOptionalHeaderType,
|
WindowsPEBinaryExt, WindowsPEOptionalHeaderType,
|
||||||
WindowsPESection, WindowsProcessExt, WindowsRegistryKey,
|
WindowsPESection, WindowsProcessExt, WindowsRegistryKey,
|
||||||
WindowsRegistryValueType, WindowsServiceExt, X509Certificate,
|
WindowsRegistryValueType, WindowsServiceExt, X509Certificate,
|
||||||
X509V3ExtenstionsType
|
X509V3ExtensionsType
|
||||||
)
|
)
|
||||||
from .datastore.filters import FilterSet
|
from .datastore.filters import FilterSet
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue