Align tests with news additions from 'master' branch.
parent
a042970a1f
commit
281dbfb0f4
|
@ -194,14 +194,14 @@ def test_registered_custom_marking():
|
|||
nm = NewMarking(property1='something', property2=55)
|
||||
|
||||
marking_def = stix2.v20.MarkingDefinition(
|
||||
id="marking-definition--00000000-0000-0000-0000-000000000012",
|
||||
id="marking-definition--00000000-0000-4000-8000-000000000012",
|
||||
created="2017-01-22T00:00:00.000Z",
|
||||
definition_type="x-new-marking-type",
|
||||
definition=nm
|
||||
)
|
||||
|
||||
assert marking_def.type == "marking-definition"
|
||||
assert marking_def.id == "marking-definition--00000000-0000-0000-0000-000000000012"
|
||||
assert marking_def.id == "marking-definition--00000000-0000-4000-8000-000000000012"
|
||||
assert marking_def.created == dt.datetime(2017, 1, 22, 0, 0, 0, tzinfo=pytz.utc)
|
||||
assert marking_def.definition.property1 == "something"
|
||||
assert marking_def.definition.property2 == 55
|
||||
|
@ -229,7 +229,7 @@ def test_not_registered_marking_raises_exception():
|
|||
no = NewObject2(property1='something', property2=55)
|
||||
|
||||
stix2.v20.MarkingDefinition(
|
||||
id="marking-definition--00000000-0000-0000-0000-000000000012",
|
||||
id="marking-definition--00000000-0000-4000-8000-000000000012",
|
||||
created="2017-01-22T00:00:00.000Z",
|
||||
definition_type="x-new-marking-type2",
|
||||
definition=no
|
||||
|
|
|
@ -27,7 +27,7 @@ def uuid4(monkeypatch):
|
|||
|
||||
def wrapped():
|
||||
data[0] += 1
|
||||
return "00000000-0000-0000-0000-00000000%04x" % data[0]
|
||||
return "00000000-0000-4000-8000-00000000%04x" % data[0]
|
||||
|
||||
return wrapped
|
||||
monkeypatch.setattr(uuid, "uuid4", wrapper())
|
||||
|
@ -52,7 +52,7 @@ def relationship(uuid4, clock):
|
|||
def stix_objs1():
|
||||
ind1 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -65,7 +65,7 @@ def stix_objs1():
|
|||
}
|
||||
ind2 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -78,7 +78,7 @@ def stix_objs1():
|
|||
}
|
||||
ind3 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -91,7 +91,7 @@ def stix_objs1():
|
|||
}
|
||||
ind4 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -104,7 +104,7 @@ def stix_objs1():
|
|||
}
|
||||
ind5 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -122,7 +122,7 @@ def stix_objs1():
|
|||
def stix_objs2():
|
||||
ind6 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -135,7 +135,7 @@ def stix_objs2():
|
|||
}
|
||||
ind7 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -148,7 +148,7 @@ def stix_objs2():
|
|||
}
|
||||
ind8 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
|
|
@ -7,17 +7,17 @@ FAKE_TIME = dt.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc)
|
|||
ATTACK_PATTERN_ID = "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061"
|
||||
CAMPAIGN_ID = "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
|
||||
COURSE_OF_ACTION_ID = "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
|
||||
IDENTITY_ID = "identity--311b2d2d-f010-5473-83ec-1edf84858f4c"
|
||||
INDICATOR_ID = "indicator--01234567-89ab-cdef-0123-456789abcdef"
|
||||
IDENTITY_ID = "identity--311b2d2d-f010-4473-83ec-1edf84858f4c"
|
||||
INDICATOR_ID = "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"
|
||||
INTRUSION_SET_ID = "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29"
|
||||
LOCATION_ID = "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64"
|
||||
MALWARE_ID = "malware--fedcba98-7654-3210-fedc-ba9876543210"
|
||||
MALWARE_ID = "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
|
||||
MARKING_DEFINITION_ID = "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||||
NOTE_ID = "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061"
|
||||
OBSERVED_DATA_ID = "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf"
|
||||
OPINION_ID = "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7"
|
||||
REPORT_ID = "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3"
|
||||
RELATIONSHIP_ID = "relationship--00000000-1111-2222-3333-444444444444"
|
||||
RELATIONSHIP_ID = "relationship--df7c87eb-75d2-4948-af81-9d49d246f301"
|
||||
THREAT_ACTOR_ID = "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
|
||||
TOOL_ID = "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
|
||||
SIGHTING_ID = "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb"
|
||||
|
|
|
@ -6,12 +6,12 @@ import stix2
|
|||
|
||||
EXPECTED_BUNDLE = """{
|
||||
"type": "bundle",
|
||||
"id": "bundle--00000000-0000-0000-0000-000000000007",
|
||||
"id": "bundle--00000000-0000-4000-8000-000000000007",
|
||||
"objects": [
|
||||
{
|
||||
"type": "indicator",
|
||||
"spec_version": "2.1",
|
||||
"id": "indicator--00000000-0000-0000-0000-000000000001",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
|
||||
|
@ -23,7 +23,7 @@ EXPECTED_BUNDLE = """{
|
|||
{
|
||||
"type": "malware",
|
||||
"spec_version": "2.1",
|
||||
"id": "malware--00000000-0000-0000-0000-000000000003",
|
||||
"id": "malware--00000000-0000-4000-8000-000000000003",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"name": "Cryptolocker",
|
||||
|
@ -35,24 +35,24 @@ EXPECTED_BUNDLE = """{
|
|||
{
|
||||
"type": "relationship",
|
||||
"spec_version": "2.1",
|
||||
"id": "relationship--00000000-0000-0000-0000-000000000005",
|
||||
"id": "relationship--00000000-0000-4000-8000-000000000005",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"relationship_type": "indicates",
|
||||
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
|
||||
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
|
||||
}
|
||||
]
|
||||
}"""
|
||||
|
||||
EXPECTED_BUNDLE_DICT = {
|
||||
"type": "bundle",
|
||||
"id": "bundle--00000000-0000-0000-0000-000000000007",
|
||||
"id": "bundle--00000000-0000-4000-8000-000000000007",
|
||||
"objects": [
|
||||
{
|
||||
"type": "indicator",
|
||||
"spec_version": "2.1",
|
||||
"id": "indicator--00000000-0000-0000-0000-000000000001",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
|
||||
|
@ -64,7 +64,7 @@ EXPECTED_BUNDLE_DICT = {
|
|||
{
|
||||
"type": "malware",
|
||||
"spec_version": "2.1",
|
||||
"id": "malware--00000000-0000-0000-0000-000000000003",
|
||||
"id": "malware--00000000-0000-4000-8000-000000000003",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"name": "Cryptolocker",
|
||||
|
@ -76,12 +76,12 @@ EXPECTED_BUNDLE_DICT = {
|
|||
{
|
||||
"type": "relationship",
|
||||
"spec_version": "2.1",
|
||||
"id": "relationship--00000000-0000-0000-0000-000000000005",
|
||||
"id": "relationship--00000000-0000-4000-8000-000000000005",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"relationship_type": "indicates",
|
||||
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
|
||||
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ IDENTITY_CUSTOM_PROP = stix2.v21.Identity(
|
|||
def test_identity_custom_property():
|
||||
with pytest.raises(ValueError) as excinfo:
|
||||
stix2.v21.Identity(
|
||||
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
created="2015-12-21T19:59:11Z",
|
||||
modified="2015-12-21T19:59:11Z",
|
||||
name="John Smith",
|
||||
|
@ -27,7 +27,7 @@ def test_identity_custom_property():
|
|||
|
||||
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo:
|
||||
stix2.v21.Identity(
|
||||
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
created="2015-12-21T19:59:11Z",
|
||||
modified="2015-12-21T19:59:11Z",
|
||||
name="John Smith",
|
||||
|
@ -40,7 +40,7 @@ def test_identity_custom_property():
|
|||
assert "Unexpected properties for Identity" in str(excinfo.value)
|
||||
|
||||
identity = stix2.v21.Identity(
|
||||
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
created="2015-12-21T19:59:11Z",
|
||||
modified="2015-12-21T19:59:11Z",
|
||||
name="John Smith",
|
||||
|
@ -55,7 +55,7 @@ def test_identity_custom_property():
|
|||
def test_identity_custom_property_invalid():
|
||||
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo:
|
||||
stix2.v21.Identity(
|
||||
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
created="2015-12-21T19:59:11Z",
|
||||
modified="2015-12-21T19:59:11Z",
|
||||
name="John Smith",
|
||||
|
@ -69,7 +69,7 @@ def test_identity_custom_property_invalid():
|
|||
|
||||
def test_identity_custom_property_allowed():
|
||||
identity = stix2.v21.Identity(
|
||||
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
created="2015-12-21T19:59:11Z",
|
||||
modified="2015-12-21T19:59:11Z",
|
||||
name="John Smith",
|
||||
|
@ -84,7 +84,7 @@ def test_identity_custom_property_allowed():
|
|||
"""{
|
||||
"type": "identity",
|
||||
"spec_version": "2.1",
|
||||
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
"created": "2015-12-21T19:59:11Z",
|
||||
"modified": "2015-12-21T19:59:11Z",
|
||||
"name": "John Smith",
|
||||
|
@ -128,7 +128,7 @@ def test_custom_property_dict_in_bundled_object():
|
|||
custom_identity = {
|
||||
'type': 'identity',
|
||||
'spec_version': '2.1',
|
||||
'id': 'identity--311b2d2d-f010-5473-83ec-1edf84858f4c',
|
||||
'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c',
|
||||
'created': '2015-12-21T19:59:11Z',
|
||||
'name': 'John Smith',
|
||||
'identity_class': 'individual',
|
||||
|
@ -146,7 +146,7 @@ def test_custom_properties_dict_in_bundled_object():
|
|||
custom_identity = {
|
||||
'type': 'identity',
|
||||
'spec_version': '2.1',
|
||||
'id': 'identity--311b2d2d-f010-5473-83ec-1edf84858f4c',
|
||||
'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c',
|
||||
'created': '2015-12-21T19:59:11Z',
|
||||
'name': 'John Smith',
|
||||
'identity_class': 'individual',
|
||||
|
|
|
@ -22,13 +22,13 @@ def test_datastore_smoke():
|
|||
|
||||
def test_datastore_get_raises():
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
DataStoreMixin().get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
DataStoreMixin().get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert "DataStoreMixin has no data source to query" == str(excinfo.value)
|
||||
|
||||
|
||||
def test_datastore_all_versions_raises():
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
DataStoreMixin().all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
DataStoreMixin().all_versions("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert "DataStoreMixin has no data source to query" == str(excinfo.value)
|
||||
|
||||
|
||||
|
@ -46,14 +46,14 @@ def test_datastore_creator_of_raises():
|
|||
|
||||
def test_datastore_relationships_raises():
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
DataStoreMixin().relationships(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
DataStoreMixin().relationships(obj="indicator--00000000-0000-4000-8000-000000000001",
|
||||
target_only=True)
|
||||
assert "DataStoreMixin has no data source to query" == str(excinfo.value)
|
||||
|
||||
|
||||
def test_datastore_related_to_raises():
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
DataStoreMixin().related_to(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
DataStoreMixin().related_to(obj="indicator--00000000-0000-4000-8000-000000000001",
|
||||
target_only=True)
|
||||
assert "DataStoreMixin has no data source to query" == str(excinfo.value)
|
||||
|
||||
|
@ -66,13 +66,13 @@ def test_datastore_add_raises():
|
|||
|
||||
def test_composite_datastore_get_raises_error():
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
CompositeDataSource().get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
CompositeDataSource().get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert "CompositeDataSource has no data sources" == str(excinfo.value)
|
||||
|
||||
|
||||
def test_composite_datastore_all_versions_raises_error():
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
CompositeDataSource().all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
CompositeDataSource().all_versions("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert "CompositeDataSource has no data sources" == str(excinfo.value)
|
||||
|
||||
|
||||
|
@ -84,28 +84,28 @@ def test_composite_datastore_query_raises_error():
|
|||
|
||||
def test_composite_datastore_relationships_raises_error():
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
CompositeDataSource().relationships(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
CompositeDataSource().relationships(obj="indicator--00000000-0000-4000-8000-000000000001",
|
||||
target_only=True)
|
||||
assert "CompositeDataSource has no data sources" == str(excinfo.value)
|
||||
|
||||
|
||||
def test_composite_datastore_related_to_raises_error():
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
CompositeDataSource().related_to(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
CompositeDataSource().related_to(obj="indicator--00000000-0000-4000-8000-000000000001",
|
||||
target_only=True)
|
||||
assert "CompositeDataSource has no data sources" == str(excinfo.value)
|
||||
|
||||
|
||||
def test_composite_datastore_add_data_source_raises_error():
|
||||
with pytest.raises(TypeError) as excinfo:
|
||||
ind = "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f"
|
||||
ind = "indicator--00000000-0000-4000-8000-000000000001"
|
||||
CompositeDataSource().add_data_source(ind)
|
||||
assert "DataSource (to be added) is not of type stix2.DataSource. DataSource type is '{}'".format(type(ind)) == str(excinfo.value)
|
||||
|
||||
|
||||
def test_composite_datastore_add_data_sources_raises_error():
|
||||
with pytest.raises(TypeError) as excinfo:
|
||||
ind = "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f"
|
||||
ind = "indicator--00000000-0000-4000-8000-000000000001"
|
||||
CompositeDataSource().add_data_sources(ind)
|
||||
assert "DataSource (to be added) is not of type stix2.DataSource. DataSource type is '{}'".format(type(ind)) == str(excinfo.value)
|
||||
|
||||
|
@ -113,5 +113,5 @@ def test_composite_datastore_add_data_sources_raises_error():
|
|||
def test_composite_datastore_no_datasource():
|
||||
cds = CompositeDataSource()
|
||||
with pytest.raises(AttributeError) as excinfo:
|
||||
cds.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
cds.get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert 'CompositeDataSource has no data source' in str(excinfo.value)
|
||||
|
|
|
@ -40,16 +40,16 @@ def test_composite_datasource_operations(stix_objs1, stix_objs2):
|
|||
cds1.add_data_sources([ds1_1, ds1_2])
|
||||
cds2.add_data_sources([ds2_1, ds2_2])
|
||||
|
||||
indicators = cds1.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
indicators = cds1.all_versions("indicator--00000000-0000-4000-8000-000000000001")
|
||||
|
||||
# In STIX_OBJS2 changed the 'modified' property to a later time...
|
||||
assert len(indicators) == 2
|
||||
|
||||
cds1.add_data_sources([cds2])
|
||||
|
||||
indicator = cds1.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
indicator = cds1.get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
|
||||
assert indicator["id"] == "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f"
|
||||
assert indicator["id"] == "indicator--00000000-0000-4000-8000-000000000001"
|
||||
assert indicator["modified"] == "2017-01-31T13:49:53.935Z"
|
||||
assert indicator["type"] == "indicator"
|
||||
|
||||
|
@ -69,15 +69,15 @@ def test_composite_datasource_operations(stix_objs1, stix_objs2):
|
|||
# original time in STIX_OBJS1
|
||||
assert len(results) == 3
|
||||
|
||||
indicator = cds1.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
indicator = cds1.get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
|
||||
assert indicator["id"] == "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f"
|
||||
assert indicator["id"] == "indicator--00000000-0000-4000-8000-000000000001"
|
||||
assert indicator["modified"] == "2017-01-31T13:49:53.935Z"
|
||||
assert indicator["type"] == "indicator"
|
||||
|
||||
# There is only one indicator with different ID. Since we use the same data
|
||||
# when deduplicated, only two indicators (one with different modified).
|
||||
results = cds1.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
results = cds1.all_versions("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert len(results) == 2
|
||||
|
||||
# Since we have filters already associated with our CompositeSource providing
|
||||
|
|
|
@ -198,7 +198,7 @@ def test_filesystem_sink_add_stix_object_dict(fs_sink, fs_source):
|
|||
"type": "campaign",
|
||||
"objective": "German and French Intelligence Services",
|
||||
"aliases": ["Purple Robes"],
|
||||
"id": "campaign--111111b6-1112-4fb0-111b-b111107ca70a",
|
||||
"id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
|
||||
"created": "2017-05-31T21:31:53.197755Z"
|
||||
}
|
||||
|
||||
|
@ -218,14 +218,14 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source):
|
|||
# add stix bundle dict
|
||||
bund = {
|
||||
"type": "bundle",
|
||||
"id": "bundle--112211b6-1112-4fb0-111b-b111107ca70a",
|
||||
"id": "bundle--040ae5ec-2e91-4e94-b075-bc8b368e8ca3",
|
||||
"objects": [
|
||||
{
|
||||
"name": "Atilla",
|
||||
"type": "campaign",
|
||||
"objective": "Bulgarian, Albanian and Romanian Intelligence Services",
|
||||
"aliases": ["Huns"],
|
||||
"id": "campaign--133111b6-1112-4fb0-111b-b111107ca70a",
|
||||
"id": "campaign--b8f86161-ccae-49de-973a-4ca320c62478",
|
||||
"created": "2017-05-31T21:31:53.197755Z"
|
||||
}
|
||||
]
|
||||
|
@ -245,15 +245,15 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source):
|
|||
|
||||
def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source):
|
||||
# add json-encoded stix obj
|
||||
camp4 = '{"type": "campaign", "id":"campaign--144111b6-1112-4fb0-111b-b111107ca70a",'\
|
||||
camp4 = '{"type": "campaign", "id":"campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d",'\
|
||||
' "created":"2017-05-31T21:31:53.197755Z", "name": "Ghengis Khan", "objective": "China and Russian infrastructure"}'
|
||||
|
||||
fs_sink.add(camp4)
|
||||
|
||||
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--144111b6-1112-4fb0-111b-b111107ca70a" + ".json"))
|
||||
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d" + ".json"))
|
||||
|
||||
camp4_r = fs_source.get("campaign--144111b6-1112-4fb0-111b-b111107ca70a")
|
||||
assert camp4_r.id == "campaign--144111b6-1112-4fb0-111b-b111107ca70a"
|
||||
camp4_r = fs_source.get("campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d")
|
||||
assert camp4_r.id == "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d"
|
||||
assert camp4_r.name == "Ghengis Khan"
|
||||
|
||||
os.remove(os.path.join(FS_PATH, "campaign", camp4_r.id + ".json"))
|
||||
|
@ -261,15 +261,15 @@ def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source):
|
|||
|
||||
def test_filesystem_sink_json_stix_bundle(fs_sink, fs_source):
|
||||
# add json-encoded stix bundle
|
||||
bund2 = '{"type": "bundle", "id": "bundle--332211b6-1132-4fb0-111b-b111107ca70a",' \
|
||||
' "objects": [{"type": "campaign", "spec_version": "2.1", "id": "campaign--155155b6-1112-4fb0-111b-b111107ca70a",' \
|
||||
bund2 = '{"type": "bundle", "id": "bundle--3d267103-8475-4d8f-b321-35ec6eccfa37",' \
|
||||
' "objects": [{"type": "campaign", "spec_version": "2.1", "id": "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b",' \
|
||||
' "created":"2017-05-31T21:31:53.197755Z", "name": "Spartacus", "objective": "Oppressive regimes of Africa and Middle East"}]}'
|
||||
fs_sink.add(bund2)
|
||||
|
||||
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--155155b6-1112-4fb0-111b-b111107ca70a" + ".json"))
|
||||
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b" + ".json"))
|
||||
|
||||
camp5_r = fs_source.get("campaign--155155b6-1112-4fb0-111b-b111107ca70a")
|
||||
assert camp5_r.id == "campaign--155155b6-1112-4fb0-111b-b111107ca70a"
|
||||
camp5_r = fs_source.get("campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b")
|
||||
assert camp5_r.id == "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b"
|
||||
assert camp5_r.name == "Spartacus"
|
||||
|
||||
os.remove(os.path.join(FS_PATH, "campaign", camp5_r.id + ".json"))
|
||||
|
@ -287,14 +287,14 @@ def test_filesystem_sink_add_objects_list(fs_sink, fs_source):
|
|||
"spec_version": "2.1",
|
||||
"objective": "Central and Eastern Europe military commands and departments",
|
||||
"aliases": ["The Frenchmen"],
|
||||
"id": "campaign--122818b6-1112-4fb0-111b-b111107ca70a",
|
||||
"id": "campaign--122818b6-1112-4fb0-b11b-b111107ca70a",
|
||||
"created": "2017-05-31T21:31:53.197755Z"
|
||||
}
|
||||
|
||||
fs_sink.add([camp6, camp7])
|
||||
|
||||
assert os.path.exists(os.path.join(FS_PATH, "campaign", camp6.id + ".json"))
|
||||
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--122818b6-1112-4fb0-111b-b111107ca70a" + ".json"))
|
||||
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--122818b6-1112-4fb0-b11b-b111107ca70a" + ".json"))
|
||||
|
||||
camp6_r = fs_source.get(camp6.id)
|
||||
assert camp6_r.id == camp6.id
|
||||
|
@ -402,7 +402,7 @@ def test_filesystem_add_bundle_object(fs_store):
|
|||
|
||||
|
||||
def test_filesystem_store_add_invalid_object(fs_store):
|
||||
ind = ('campaign', 'campaign--111111b6-1112-4fb0-111b-b111107ca70a') # tuple isn't valid
|
||||
ind = ('campaign', 'campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f') # tuple isn't valid
|
||||
with pytest.raises(TypeError) as excinfo:
|
||||
fs_store.add(ind)
|
||||
assert 'stix_data must be' in str(excinfo.value)
|
||||
|
|
|
@ -8,7 +8,7 @@ stix_objs = [
|
|||
{
|
||||
"created": "2017-01-27T13:49:53.997Z",
|
||||
"description": "\n\nTITLE:\n\tPoison Ivy",
|
||||
"id": "malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111",
|
||||
"id": "malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111",
|
||||
"spec_version": "2.1",
|
||||
"labels": [
|
||||
"remote-access-trojan"
|
||||
|
@ -20,7 +20,7 @@ stix_objs = [
|
|||
},
|
||||
{
|
||||
"created": "2014-05-08T09:00:00.000Z",
|
||||
"id": "indicator--a932fcc6-e032-176c-126f-cb970a5a1ade",
|
||||
"id": "indicator--a932fcc6-e032-476c-826f-cb970a5a1ade",
|
||||
"labels": [
|
||||
"file-hash-watchlist"
|
||||
],
|
||||
|
@ -48,16 +48,16 @@ stix_objs = [
|
|||
],
|
||||
"relationship_type": "indicates",
|
||||
"revoked": True,
|
||||
"source_ref": "indicator--a932fcc6-e032-176c-126f-cb970a5a1ade",
|
||||
"source_ref": "indicator--a932fcc6-e032-476c-826f-cb970a5a1ade",
|
||||
"spec_version": "2.1",
|
||||
"target_ref": "malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111",
|
||||
"target_ref": "malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111",
|
||||
"type": "relationship"
|
||||
},
|
||||
{
|
||||
"id": "vulnerability--ee916c28-c7a4-4d0d-ad56-a8d357f89fef",
|
||||
"spec_version": "2.1",
|
||||
"created": "2016-02-14T00:00:00.000Z",
|
||||
"created_by_ref": "identity--00000000-0000-0000-0000-b8e91df99dc9",
|
||||
"created_by_ref": "identity--f1350682-3290-4e0d-be58-69e290537647",
|
||||
"modified": "2016-02-14T00:00:00.000Z",
|
||||
"type": "vulnerability",
|
||||
"name": "CVE-2014-0160",
|
||||
|
@ -102,11 +102,13 @@ filters = [
|
|||
Filter("granular_markings.selectors", "in", "relationship_type"),
|
||||
Filter("granular_markings.marking_ref", "=", "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed"),
|
||||
Filter("external_references.external_id", "in", "CVE-2014-0160,CVE-2017-6608"),
|
||||
Filter("created_by_ref", "=", "identity--00000000-0000-0000-0000-b8e91df99dc9"),
|
||||
Filter("object_marking_refs", "=", "marking-definition--613f2e26-0000-0000-0000-b8e91df99dc9"),
|
||||
Filter("created_by_ref", "=", "identity--f1350682-3290-4e0d-be58-69e290537647"),
|
||||
Filter("object_marking_refs", "=", "marking-definition--613f2e26-0000-4000-8000-b8e91df99dc9"),
|
||||
Filter("granular_markings.selectors", "in", "description"),
|
||||
Filter("external_references.source_name", "=", "CVE"),
|
||||
Filter("objects", "=", {"0": {"type": "file", "name": "HAL 9000.exe"}})
|
||||
Filter("objects", "=", {"0": {"type": "file", "name": "HAL 9000.exe"}}),
|
||||
Filter("objects", "contains", {"type": "file", "name": "HAL 9000.exe"}),
|
||||
Filter("labels", "contains", "heartbleed"),
|
||||
]
|
||||
|
||||
# same as above objects but converted to real Python STIX2 objects
|
||||
|
@ -268,7 +270,7 @@ def test_apply_common_filters9():
|
|||
|
||||
|
||||
def test_apply_common_filters10():
|
||||
# "Return any object that matches marking-definition--613f2e26-0000-0000-0000-b8e91df99dc9 in object_marking_refs" (None)
|
||||
# "Return any object that matches marking-definition--613f2e26-0000-4000-8000-b8e91df99dc9 in object_marking_refs" (None)
|
||||
resp = list(apply_common_filters(stix_objs, [filters[11]]))
|
||||
assert len(resp) == 0
|
||||
|
||||
|
@ -308,6 +310,28 @@ def test_apply_common_filters13():
|
|||
assert len(resp) == 1
|
||||
|
||||
|
||||
def test_apply_common_filters14():
|
||||
# Return any object that contains a specific File Cyber Observable Object
|
||||
resp = list(apply_common_filters(stix_objs, [filters[15]]))
|
||||
assert resp[0]['id'] == stix_objs[4]['id']
|
||||
assert len(resp) == 1
|
||||
|
||||
resp = list(apply_common_filters(real_stix_objs, [filters[15]]))
|
||||
assert resp[0].id == real_stix_objs[4].id
|
||||
assert len(resp) == 1
|
||||
|
||||
|
||||
def test_apply_common_filters15():
|
||||
# Return any object that contains 'heartbleed' in "labels"
|
||||
resp = list(apply_common_filters(stix_objs, [filters[16]]))
|
||||
assert resp[0]['id'] == stix_objs[3]['id']
|
||||
assert len(resp) == 1
|
||||
|
||||
resp = list(apply_common_filters(real_stix_objs, [filters[16]]))
|
||||
assert resp[0].id == real_stix_objs[3].id
|
||||
assert len(resp) == 1
|
||||
|
||||
|
||||
def test_datetime_filter_behavior():
|
||||
"""if a filter is initialized with its value being a datetime object
|
||||
OR the STIX object property being filtered on is a datetime object, all
|
||||
|
@ -401,12 +425,12 @@ def test_filters4():
|
|||
|
||||
|
||||
def test_filters5(stix_objs2, real_stix_objs2):
|
||||
# "Return any object whose id is not indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f"
|
||||
resp = list(apply_common_filters(stix_objs2, [Filter("id", "!=", "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")]))
|
||||
# "Return any object whose id is not indicator--00000000-0000-4000-8000-000000000002"
|
||||
resp = list(apply_common_filters(stix_objs2, [Filter("id", "!=", "indicator--00000000-0000-4000-8000-000000000002")]))
|
||||
assert resp[0]['id'] == stix_objs2[0]['id']
|
||||
assert len(resp) == 1
|
||||
|
||||
resp = list(apply_common_filters(real_stix_objs2, [Filter("id", "!=", "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")]))
|
||||
resp = list(apply_common_filters(real_stix_objs2, [Filter("id", "!=", "indicator--00000000-0000-4000-8000-000000000002")]))
|
||||
assert resp[0].id == real_stix_objs2[0].id
|
||||
assert len(resp) == 1
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@ from .constants import (CAMPAIGN_ID, CAMPAIGN_KWARGS, IDENTITY_ID,
|
|||
|
||||
IND1 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -27,7 +27,7 @@ IND1 = {
|
|||
}
|
||||
IND2 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -40,7 +40,7 @@ IND2 = {
|
|||
}
|
||||
IND3 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -53,7 +53,7 @@ IND3 = {
|
|||
}
|
||||
IND4 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -66,7 +66,7 @@ IND4 = {
|
|||
}
|
||||
IND5 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -79,7 +79,7 @@ IND5 = {
|
|||
}
|
||||
IND6 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -92,7 +92,7 @@ IND6 = {
|
|||
}
|
||||
IND7 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -105,7 +105,7 @@ IND7 = {
|
|||
}
|
||||
IND8 = {
|
||||
"created": "2017-01-27T13:49:53.935Z",
|
||||
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
|
||||
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
||||
"labels": [
|
||||
"url-watchlist"
|
||||
],
|
||||
|
@ -158,12 +158,12 @@ def fs_mem_store(request, mem_store):
|
|||
|
||||
|
||||
def test_memory_source_get(mem_source):
|
||||
resp = mem_source.get("indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")
|
||||
assert resp["id"] == "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f"
|
||||
resp = mem_source.get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert resp["id"] == "indicator--00000000-0000-4000-8000-000000000001"
|
||||
|
||||
|
||||
def test_memory_source_get_nonexistant_object(mem_source):
|
||||
resp = mem_source.get("tool--d81f86b8-975b-bc0b-775e-810c5ad45a4f")
|
||||
resp = mem_source.get("tool--8d0b222c-7a3b-44a0-b9c6-31b051efb32e")
|
||||
assert resp is None
|
||||
|
||||
|
||||
|
@ -174,7 +174,7 @@ def test_memory_store_all_versions(mem_store):
|
|||
spec_version="2.0",
|
||||
type="bundle"))
|
||||
|
||||
resp = mem_store.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
resp = mem_store.all_versions("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert len(resp) == 1 # MemoryStore can only store 1 version of each object
|
||||
|
||||
|
||||
|
@ -185,7 +185,7 @@ def test_memory_store_query(mem_store):
|
|||
|
||||
|
||||
def test_memory_store_query_single_filter(mem_store):
|
||||
query = Filter('id', '=', 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f')
|
||||
query = Filter('id', '=', 'indicator--00000000-0000-4000-8000-000000000001')
|
||||
resp = mem_store.query(query)
|
||||
assert len(resp) == 1
|
||||
|
||||
|
@ -195,15 +195,15 @@ def test_memory_store_query_empty_query(mem_store):
|
|||
# sort since returned in random order
|
||||
resp = sorted(resp, key=lambda k: k['id'])
|
||||
assert len(resp) == 2
|
||||
assert resp[0]['id'] == 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f'
|
||||
assert resp[0]['modified'] == '2017-01-27T13:49:53.935Z'
|
||||
assert resp[1]['id'] == 'indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f'
|
||||
assert resp[1]['modified'] == '2017-01-27T13:49:53.936Z'
|
||||
assert resp[0]['id'] == 'indicator--00000000-0000-4000-8000-000000000001'
|
||||
assert resp[0]['modified'] == '2017-01-27T13:49:53.936Z'
|
||||
assert resp[1]['id'] == 'indicator--00000000-0000-4000-8000-000000000002'
|
||||
assert resp[1]['modified'] == '2017-01-27T13:49:53.935Z'
|
||||
|
||||
|
||||
def test_memory_store_query_multiple_filters(mem_store):
|
||||
mem_store.source.filters.add(Filter('type', '=', 'indicator'))
|
||||
query = Filter('id', '=', 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f')
|
||||
query = Filter('id', '=', 'indicator--00000000-0000-4000-8000-000000000001')
|
||||
resp = mem_store.query(query)
|
||||
assert len(resp) == 1
|
||||
|
||||
|
@ -215,13 +215,13 @@ def test_memory_store_save_load_file(mem_store, fs_mem_store):
|
|||
# (this is done in fixture 'fs_mem_store'), so can already read-in here
|
||||
contents = open(os.path.abspath(filename)).read()
|
||||
|
||||
assert '"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",' in contents
|
||||
assert '"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",' in contents
|
||||
assert '"id": "indicator--00000000-0000-4000-8000-000000000001",' in contents
|
||||
assert '"id": "indicator--00000000-0000-4000-8000-000000000001",' in contents
|
||||
|
||||
mem_store2 = MemoryStore()
|
||||
mem_store2.load_from_file(filename)
|
||||
assert mem_store2.get("indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")
|
||||
assert mem_store2.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
assert mem_store2.get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
assert mem_store2.get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
|
||||
|
||||
def test_memory_store_add_invalid_object(mem_store):
|
||||
|
|
|
@ -253,7 +253,7 @@ def test_add_dict_bundle_object(collection):
|
|||
def test_get_stix2_object(collection):
|
||||
tc_sink = stix2.TAXIICollectionSource(collection)
|
||||
|
||||
objects = tc_sink.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
|
||||
objects = tc_sink.get("indicator--00000000-0000-4000-8000-000000000001")
|
||||
|
||||
assert objects
|
||||
|
||||
|
@ -320,7 +320,7 @@ def test_add_get_remove_filter(collection):
|
|||
def test_get_all_versions(collection):
|
||||
ds = stix2.TAXIICollectionStore(collection)
|
||||
|
||||
indicators = ds.all_versions('indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f')
|
||||
indicators = ds.all_versions('indicator--00000000-0000-4000-8000-000000000001')
|
||||
# There are 3 indicators but 2 share the same 'modified' timestamp
|
||||
assert len(indicators) == 2
|
||||
|
||||
|
|
|
@ -191,7 +191,7 @@ def test_parse_malware():
|
|||
data = """{
|
||||
"type": "malware",
|
||||
"spec_version": "2.1",
|
||||
"id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
|
||||
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
|
||||
"created": "2017-01-01T12:34:56.000Z",
|
||||
"modified": "2017-01-01T12:34:56.000Z",
|
||||
"name": "Cryptolocker",
|
||||
|
|
|
@ -10,9 +10,9 @@ def test_clock(clock):
|
|||
|
||||
|
||||
def test_my_uuid4_fixture(uuid4):
|
||||
assert uuid.uuid4() == "00000000-0000-0000-0000-000000000001"
|
||||
assert uuid.uuid4() == "00000000-0000-0000-0000-000000000002"
|
||||
assert uuid.uuid4() == "00000000-0000-0000-0000-000000000003"
|
||||
assert uuid.uuid4() == "00000000-0000-4000-8000-000000000001"
|
||||
assert uuid.uuid4() == "00000000-0000-4000-8000-000000000002"
|
||||
assert uuid.uuid4() == "00000000-0000-4000-8000-000000000003"
|
||||
for _ in range(256):
|
||||
uuid.uuid4()
|
||||
assert uuid.uuid4() == "00000000-0000-0000-0000-000000000104"
|
||||
assert uuid.uuid4() == "00000000-0000-4000-8000-000000000104"
|
||||
|
|
|
@ -10,7 +10,7 @@ from .constants import IDENTITY_ID
|
|||
EXPECTED = """{
|
||||
"type": "identity",
|
||||
"spec_version": "2.1",
|
||||
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
"created": "2015-12-21T19:59:11.000Z",
|
||||
"modified": "2015-12-21T19:59:11.000Z",
|
||||
"name": "John Smith",
|
||||
|
@ -20,7 +20,7 @@ EXPECTED = """{
|
|||
|
||||
def test_identity_example():
|
||||
identity = stix2.v21.Identity(
|
||||
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
created="2015-12-21T19:59:11.000Z",
|
||||
modified="2015-12-21T19:59:11.000Z",
|
||||
name="John Smith",
|
||||
|
@ -34,7 +34,7 @@ def test_identity_example():
|
|||
EXPECTED,
|
||||
{
|
||||
"created": "2015-12-21T19:59:11.000Z",
|
||||
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
"identity_class": "individual",
|
||||
"modified": "2015-12-21T19:59:11.000Z",
|
||||
"name": "John Smith",
|
||||
|
@ -57,7 +57,7 @@ def test_parse_no_type():
|
|||
with pytest.raises(stix2.exceptions.ParseError):
|
||||
stix2.parse("""
|
||||
{
|
||||
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
|
||||
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
|
||||
"created": "2015-12-21T19:59:11.000Z",
|
||||
"modified": "2015-12-21T19:59:11.000Z",
|
||||
"name": "John Smith",
|
||||
|
|
|
@ -11,7 +11,7 @@ from .constants import FAKE_TIME, INDICATOR_ID, INDICATOR_KWARGS
|
|||
EXPECTED_INDICATOR = """{
|
||||
"type": "indicator",
|
||||
"spec_version": "2.1",
|
||||
"id": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"created": "2017-01-01T00:00:01.000Z",
|
||||
"modified": "2017-01-01T00:00:01.000Z",
|
||||
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
|
||||
|
@ -24,7 +24,7 @@ EXPECTED_INDICATOR = """{
|
|||
EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join("""
|
||||
type='indicator',
|
||||
spec_version='2.1',
|
||||
id='indicator--01234567-89ab-cdef-0123-456789abcdef',
|
||||
id='indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7',
|
||||
created='2017-01-01T00:00:01.000Z',
|
||||
modified='2017-01-01T00:00:01.000Z',
|
||||
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
|
||||
|
@ -56,7 +56,7 @@ def test_indicator_with_all_required_properties():
|
|||
def test_indicator_autogenerated_properties(indicator):
|
||||
assert indicator.type == 'indicator'
|
||||
assert indicator.spec_version == '2.1'
|
||||
assert indicator.id == 'indicator--00000000-0000-0000-0000-000000000001'
|
||||
assert indicator.id == 'indicator--00000000-0000-4000-8000-000000000001'
|
||||
assert indicator.created == FAKE_TIME
|
||||
assert indicator.modified == FAKE_TIME
|
||||
assert indicator.labels == ['malicious-activity']
|
||||
|
@ -65,7 +65,7 @@ def test_indicator_autogenerated_properties(indicator):
|
|||
|
||||
assert indicator['type'] == 'indicator'
|
||||
assert indicator['spec_version'] == '2.1'
|
||||
assert indicator['id'] == 'indicator--00000000-0000-0000-0000-000000000001'
|
||||
assert indicator['id'] == 'indicator--00000000-0000-4000-8000-000000000001'
|
||||
assert indicator['created'] == FAKE_TIME
|
||||
assert indicator['modified'] == FAKE_TIME
|
||||
assert indicator['labels'] == ['malicious-activity']
|
||||
|
@ -156,7 +156,7 @@ def test_created_modified_time_are_identical_by_default():
|
|||
EXPECTED_INDICATOR,
|
||||
{
|
||||
"type": "indicator",
|
||||
"id": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"created": "2017-01-01T00:00:01Z",
|
||||
"modified": "2017-01-01T00:00:01Z",
|
||||
"labels": [
|
||||
|
|
|
@ -11,7 +11,7 @@ from .constants import FAKE_TIME, MALWARE_ID, MALWARE_KWARGS
|
|||
EXPECTED_MALWARE = """{
|
||||
"type": "malware",
|
||||
"spec_version": "2.1",
|
||||
"id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
|
||||
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
|
||||
"created": "2016-05-12T08:17:27.000Z",
|
||||
"modified": "2016-05-12T08:17:27.000Z",
|
||||
"name": "Cryptolocker",
|
||||
|
@ -40,14 +40,14 @@ def test_malware_with_all_required_properties():
|
|||
|
||||
def test_malware_autogenerated_properties(malware):
|
||||
assert malware.type == 'malware'
|
||||
assert malware.id == 'malware--00000000-0000-0000-0000-000000000001'
|
||||
assert malware.id == 'malware--00000000-0000-4000-8000-000000000001'
|
||||
assert malware.created == FAKE_TIME
|
||||
assert malware.modified == FAKE_TIME
|
||||
assert malware.labels == ['ransomware']
|
||||
assert malware.name == "Cryptolocker"
|
||||
|
||||
assert malware['type'] == 'malware'
|
||||
assert malware['id'] == 'malware--00000000-0000-0000-0000-000000000001'
|
||||
assert malware['id'] == 'malware--00000000-0000-4000-8000-000000000001'
|
||||
assert malware['created'] == FAKE_TIME
|
||||
assert malware['modified'] == FAKE_TIME
|
||||
assert malware['labels'] == ['ransomware']
|
||||
|
@ -111,7 +111,7 @@ def test_invalid_kwarg_to_malware():
|
|||
{
|
||||
"type": "malware",
|
||||
"spec_version": "2.1",
|
||||
"id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
|
||||
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
|
||||
"created": "2016-05-12T08:17:27.000Z",
|
||||
"modified": "2016-05-12T08:17:27.000Z",
|
||||
"labels": ["ransomware"],
|
||||
|
|
|
@ -1,16 +1,19 @@
|
|||
import uuid
|
||||
|
||||
import pytest
|
||||
|
||||
import stix2
|
||||
from stix2.exceptions import AtLeastOnePropertyError, DictionaryKeyError
|
||||
from stix2.properties import (BinaryProperty, BooleanProperty,
|
||||
DictionaryProperty, EmbeddedObjectProperty,
|
||||
EnumProperty, ExtensionsProperty, FloatProperty,
|
||||
from stix2.properties import (ERROR_INVALID_ID, BinaryProperty,
|
||||
BooleanProperty, DictionaryProperty,
|
||||
EmbeddedObjectProperty, EnumProperty,
|
||||
ExtensionsProperty, FloatProperty,
|
||||
HashesProperty, HexProperty, IDProperty,
|
||||
IntegerProperty, ListProperty, Property,
|
||||
ReferenceProperty, StringProperty,
|
||||
TimestampProperty, TypeProperty)
|
||||
|
||||
from .constants import FAKE_TIME
|
||||
from . import constants
|
||||
|
||||
|
||||
def test_property():
|
||||
|
@ -86,18 +89,68 @@ def test_type_property():
|
|||
assert prop.clean(prop.default())
|
||||
|
||||
|
||||
def test_id_property():
|
||||
idprop = IDProperty('my-type')
|
||||
ID_PROP = IDProperty('my-type')
|
||||
MY_ID = 'my-type--232c9d3f-49fc-4440-bb01-607f638778e7'
|
||||
|
||||
assert idprop.clean('my-type--90aaca8a-1110-5d32-956d-ac2f34a1bd8c')
|
||||
|
||||
@pytest.mark.parametrize("value", [
|
||||
MY_ID,
|
||||
'my-type--00000000-0000-4000-8000-000000000000',
|
||||
])
|
||||
def test_id_property_valid(value):
|
||||
assert ID_PROP.clean(value) == value
|
||||
|
||||
|
||||
CONSTANT_IDS = [
|
||||
constants.ATTACK_PATTERN_ID,
|
||||
constants.CAMPAIGN_ID,
|
||||
constants.COURSE_OF_ACTION_ID,
|
||||
constants.IDENTITY_ID,
|
||||
constants.INDICATOR_ID,
|
||||
constants.INTRUSION_SET_ID,
|
||||
constants.MALWARE_ID,
|
||||
constants.MARKING_DEFINITION_ID,
|
||||
constants.OBSERVED_DATA_ID,
|
||||
constants.RELATIONSHIP_ID,
|
||||
constants.REPORT_ID,
|
||||
constants.SIGHTING_ID,
|
||||
constants.THREAT_ACTOR_ID,
|
||||
constants.TOOL_ID,
|
||||
constants.VULNERABILITY_ID,
|
||||
]
|
||||
CONSTANT_IDS.extend(constants.MARKING_IDS)
|
||||
CONSTANT_IDS.extend(constants.RELATIONSHIP_IDS)
|
||||
|
||||
|
||||
@pytest.mark.parametrize("value", CONSTANT_IDS)
|
||||
def test_id_property_valid_for_type(value):
|
||||
type = value.split('--', 1)[0]
|
||||
assert IDProperty(type=type).clean(value) == value
|
||||
|
||||
|
||||
def test_id_property_wrong_type():
|
||||
with pytest.raises(ValueError) as excinfo:
|
||||
idprop.clean('not-my-type--90aaca8a-1110-5d32-956d-ac2f34a1bd8c')
|
||||
ID_PROP.clean('not-my-type--232c9d3f-49fc-4440-bb01-607f638778e7')
|
||||
assert str(excinfo.value) == "must start with 'my-type--'."
|
||||
with pytest.raises(ValueError) as excinfo:
|
||||
idprop.clean('my-type--foo')
|
||||
assert str(excinfo.value) == "must have a valid UUID after the prefix."
|
||||
|
||||
assert idprop.clean(idprop.default())
|
||||
|
||||
@pytest.mark.parametrize("value", [
|
||||
'my-type--foo',
|
||||
# Not a v4 UUID
|
||||
'my-type--00000000-0000-0000-0000-000000000000',
|
||||
'my-type--' + str(uuid.uuid1()),
|
||||
'my-type--' + str(uuid.uuid3(uuid.NAMESPACE_DNS, "example.org")),
|
||||
'my-type--' + str(uuid.uuid5(uuid.NAMESPACE_DNS, "example.org")),
|
||||
])
|
||||
def test_id_property_not_a_valid_hex_uuid(value):
|
||||
with pytest.raises(ValueError) as excinfo:
|
||||
ID_PROP.clean(value)
|
||||
assert str(excinfo.value) == ERROR_INVALID_ID
|
||||
|
||||
|
||||
def test_id_property_default():
|
||||
default = ID_PROP.default()
|
||||
assert ID_PROP.clean(default) == default
|
||||
|
||||
|
||||
@pytest.mark.parametrize("value", [
|
||||
|
@ -180,10 +233,14 @@ def test_boolean_property_invalid(value):
|
|||
def test_reference_property():
|
||||
ref_prop = ReferenceProperty()
|
||||
|
||||
assert ref_prop.clean("my-type--3a331bfe-0566-55e1-a4a0-9a2cd355a300")
|
||||
assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000")
|
||||
with pytest.raises(ValueError):
|
||||
ref_prop.clean("foo")
|
||||
|
||||
# This is not a valid V4 UUID
|
||||
with pytest.raises(ValueError):
|
||||
ref_prop.clean("my-type--00000000-0000-0000-0000-000000000000")
|
||||
|
||||
|
||||
@pytest.mark.parametrize("value", [
|
||||
'2017-01-01T12:34:56Z',
|
||||
|
@ -192,7 +249,7 @@ def test_reference_property():
|
|||
])
|
||||
def test_timestamp_property_valid(value):
|
||||
ts_prop = TimestampProperty()
|
||||
assert ts_prop.clean(value) == FAKE_TIME
|
||||
assert ts_prop.clean(value) == constants.FAKE_TIME
|
||||
|
||||
|
||||
def test_timestamp_property_invalid():
|
||||
|
|
|
@ -11,12 +11,12 @@ from .constants import (FAKE_TIME, INDICATOR_ID, MALWARE_ID, RELATIONSHIP_ID,
|
|||
EXPECTED_RELATIONSHIP = """{
|
||||
"type": "relationship",
|
||||
"spec_version": "2.1",
|
||||
"id": "relationship--00000000-1111-2222-3333-444444444444",
|
||||
"id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301",
|
||||
"created": "2016-04-06T20:06:37.000Z",
|
||||
"modified": "2016-04-06T20:06:37.000Z",
|
||||
"relationship_type": "indicates",
|
||||
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
|
||||
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
|
||||
}"""
|
||||
|
||||
|
||||
|
@ -38,7 +38,7 @@ def test_relationship_all_required_properties():
|
|||
def test_relationship_autogenerated_properties(relationship):
|
||||
assert relationship.type == 'relationship'
|
||||
assert relationship.spec_version == '2.1'
|
||||
assert relationship.id == 'relationship--00000000-0000-0000-0000-000000000001'
|
||||
assert relationship.id == 'relationship--00000000-0000-4000-8000-000000000001'
|
||||
assert relationship.created == FAKE_TIME
|
||||
assert relationship.modified == FAKE_TIME
|
||||
assert relationship.relationship_type == 'indicates'
|
||||
|
@ -47,7 +47,7 @@ def test_relationship_autogenerated_properties(relationship):
|
|||
|
||||
assert relationship['type'] == 'relationship'
|
||||
assert relationship['spec_version'] == '2.1'
|
||||
assert relationship['id'] == 'relationship--00000000-0000-0000-0000-000000000001'
|
||||
assert relationship['id'] == 'relationship--00000000-0000-4000-8000-000000000001'
|
||||
assert relationship['created'] == FAKE_TIME
|
||||
assert relationship['modified'] == FAKE_TIME
|
||||
assert relationship['relationship_type'] == 'indicates'
|
||||
|
@ -125,29 +125,29 @@ def test_create_relationship_from_objects_rather_than_ids(indicator, malware):
|
|||
)
|
||||
|
||||
assert rel.relationship_type == 'indicates'
|
||||
assert rel.source_ref == 'indicator--00000000-0000-0000-0000-000000000001'
|
||||
assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000003'
|
||||
assert rel.id == 'relationship--00000000-0000-0000-0000-000000000005'
|
||||
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
|
||||
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
|
||||
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
|
||||
|
||||
|
||||
def test_create_relationship_with_positional_args(indicator, malware):
|
||||
rel = stix2.v21.Relationship(indicator, 'indicates', malware)
|
||||
|
||||
assert rel.relationship_type == 'indicates'
|
||||
assert rel.source_ref == 'indicator--00000000-0000-0000-0000-000000000001'
|
||||
assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000003'
|
||||
assert rel.id == 'relationship--00000000-0000-0000-0000-000000000005'
|
||||
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
|
||||
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
|
||||
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
|
||||
|
||||
|
||||
@pytest.mark.parametrize("data", [
|
||||
EXPECTED_RELATIONSHIP,
|
||||
{
|
||||
"created": "2016-04-06T20:06:37Z",
|
||||
"id": "relationship--00000000-1111-2222-3333-444444444444",
|
||||
"id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301",
|
||||
"modified": "2016-04-06T20:06:37Z",
|
||||
"relationship_type": "indicates",
|
||||
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210",
|
||||
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
|
||||
"spec_version": "2.1",
|
||||
"type": "relationship"
|
||||
},
|
||||
|
@ -161,5 +161,5 @@ def test_parse_relationship(data):
|
|||
assert rel.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
|
||||
assert rel.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
|
||||
assert rel.relationship_type == "indicates"
|
||||
assert rel.source_ref == "indicator--01234567-89ab-cdef-0123-456789abcdef"
|
||||
assert rel.target_ref == "malware--fedcba98-7654-3210-fedc-ba9876543210"
|
||||
assert rel.source_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"
|
||||
assert rel.target_ref == "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
|
||||
|
|
|
@ -88,8 +88,8 @@ def test_report_example_objects_in_object_refs_with_bad_id():
|
|||
|
||||
assert excinfo.value.cls == stix2.v21.Report
|
||||
assert excinfo.value.prop_name == "object_refs"
|
||||
assert excinfo.value.reason == "must match <object-type>--<guid>."
|
||||
assert str(excinfo.value) == "Invalid value for Report 'object_refs': must match <object-type>--<guid>."
|
||||
assert excinfo.value.reason == stix2.properties.ERROR_INVALID_ID
|
||||
assert str(excinfo.value) == "Invalid value for Report 'object_refs': " + stix2.properties.ERROR_INVALID_ID
|
||||
|
||||
|
||||
@pytest.mark.parametrize("data", [
|
||||
|
|
|
@ -13,7 +13,7 @@ EXPECTED_SIGHTING = """{
|
|||
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
|
||||
"created": "2016-04-06T20:06:37.000Z",
|
||||
"modified": "2016-04-06T20:06:37.000Z",
|
||||
"sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"where_sighted_refs": [
|
||||
"identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"
|
||||
]
|
||||
|
@ -23,7 +23,7 @@ BAD_SIGHTING = """{
|
|||
"created": "2016-04-06T20:06:37.000Z",
|
||||
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
|
||||
"modified": "2016-04-06T20:06:37.000Z",
|
||||
"sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"spec_version": "2.1",
|
||||
"type": "sighting",
|
||||
"where_sighted_refs": [
|
||||
|
@ -87,8 +87,8 @@ def test_invalid_kwarg_to_sighting():
|
|||
def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811
|
||||
rel = stix2.v21.Sighting(sighting_of_ref=malware)
|
||||
|
||||
assert rel.sighting_of_ref == 'malware--00000000-0000-0000-0000-000000000001'
|
||||
assert rel.id == 'sighting--00000000-0000-0000-0000-000000000003'
|
||||
assert rel.sighting_of_ref == 'malware--00000000-0000-4000-8000-000000000001'
|
||||
assert rel.id == 'sighting--00000000-0000-4000-8000-000000000003'
|
||||
|
||||
|
||||
@pytest.mark.parametrize("data", [
|
||||
|
@ -97,7 +97,7 @@ def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811
|
|||
"created": "2016-04-06T20:06:37Z",
|
||||
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
|
||||
"modified": "2016-04-06T20:06:37Z",
|
||||
"sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
|
||||
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
|
||||
"spec_version": "2.1",
|
||||
"type": "sighting",
|
||||
"where_sighted_refs": [
|
||||
|
@ -113,5 +113,5 @@ def test_parse_sighting(data):
|
|||
assert sighting.id == SIGHTING_ID
|
||||
assert sighting.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
|
||||
assert sighting.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
|
||||
assert sighting.sighting_of_ref == "indicator--01234567-89ab-cdef-0123-456789abcdef"
|
||||
assert sighting.sighting_of_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"
|
||||
assert sighting.where_sighted_refs == ["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"]
|
||||
|
|
|
@ -98,8 +98,8 @@ def test_deduplicate(stix_objs1):
|
|||
ids = [obj['id'] for obj in unique]
|
||||
mods = [obj['modified'] for obj in unique]
|
||||
|
||||
assert "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f" in ids
|
||||
assert "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f" in ids
|
||||
assert "indicator--00000000-0000-4000-8000-000000000001" in ids
|
||||
assert "indicator--00000000-0000-4000-8000-000000000001" in ids
|
||||
assert "2017-01-27T13:49:53.935Z" in mods
|
||||
assert "2017-01-27T13:49:53.936Z" in mods
|
||||
|
||||
|
|
Loading…
Reference in New Issue