diff --git a/stix2/test/v20/test_markings.py b/stix2/test/v20/test_markings.py index c461e23..d3a3a1f 100644 --- a/stix2/test/v20/test_markings.py +++ b/stix2/test/v20/test_markings.py @@ -194,14 +194,14 @@ def test_registered_custom_marking(): nm = NewMarking(property1='something', property2=55) marking_def = stix2.v20.MarkingDefinition( - id="marking-definition--00000000-0000-0000-0000-000000000012", + id="marking-definition--00000000-0000-4000-8000-000000000012", created="2017-01-22T00:00:00.000Z", definition_type="x-new-marking-type", definition=nm ) assert marking_def.type == "marking-definition" - assert marking_def.id == "marking-definition--00000000-0000-0000-0000-000000000012" + assert marking_def.id == "marking-definition--00000000-0000-4000-8000-000000000012" assert marking_def.created == dt.datetime(2017, 1, 22, 0, 0, 0, tzinfo=pytz.utc) assert marking_def.definition.property1 == "something" assert marking_def.definition.property2 == 55 @@ -229,7 +229,7 @@ def test_not_registered_marking_raises_exception(): no = NewObject2(property1='something', property2=55) stix2.v20.MarkingDefinition( - id="marking-definition--00000000-0000-0000-0000-000000000012", + id="marking-definition--00000000-0000-4000-8000-000000000012", created="2017-01-22T00:00:00.000Z", definition_type="x-new-marking-type2", definition=no diff --git a/stix2/test/v21/conftest.py b/stix2/test/v21/conftest.py index 2c7f641..60633ec 100644 --- a/stix2/test/v21/conftest.py +++ b/stix2/test/v21/conftest.py @@ -27,7 +27,7 @@ def uuid4(monkeypatch): def wrapped(): data[0] += 1 - return "00000000-0000-0000-0000-00000000%04x" % data[0] + return "00000000-0000-4000-8000-00000000%04x" % data[0] return wrapped monkeypatch.setattr(uuid, "uuid4", wrapper()) @@ -52,7 +52,7 @@ def relationship(uuid4, clock): def stix_objs1(): ind1 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000001", "labels": [ "url-watchlist" ], @@ -65,7 +65,7 @@ def stix_objs1(): } ind2 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000001", "labels": [ "url-watchlist" ], @@ -78,7 +78,7 @@ def stix_objs1(): } ind3 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000001", "labels": [ "url-watchlist" ], @@ -91,7 +91,7 @@ def stix_objs1(): } ind4 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000002", "labels": [ "url-watchlist" ], @@ -104,7 +104,7 @@ def stix_objs1(): } ind5 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000002", "labels": [ "url-watchlist" ], @@ -122,7 +122,7 @@ def stix_objs1(): def stix_objs2(): ind6 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000001", "labels": [ "url-watchlist" ], @@ -135,7 +135,7 @@ def stix_objs2(): } ind7 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000002", "labels": [ "url-watchlist" ], @@ -148,7 +148,7 @@ def stix_objs2(): } ind8 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000002", "labels": [ "url-watchlist" ], diff --git a/stix2/test/v21/constants.py b/stix2/test/v21/constants.py index c49629d..b095187 100644 --- a/stix2/test/v21/constants.py +++ b/stix2/test/v21/constants.py @@ -7,17 +7,17 @@ FAKE_TIME = dt.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc) ATTACK_PATTERN_ID = "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061" CAMPAIGN_ID = "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" COURSE_OF_ACTION_ID = "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" -IDENTITY_ID = "identity--311b2d2d-f010-5473-83ec-1edf84858f4c" -INDICATOR_ID = "indicator--01234567-89ab-cdef-0123-456789abcdef" +IDENTITY_ID = "identity--311b2d2d-f010-4473-83ec-1edf84858f4c" +INDICATOR_ID = "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" INTRUSION_SET_ID = "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29" LOCATION_ID = "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64" -MALWARE_ID = "malware--fedcba98-7654-3210-fedc-ba9876543210" +MALWARE_ID = "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" MARKING_DEFINITION_ID = "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" NOTE_ID = "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061" OBSERVED_DATA_ID = "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf" OPINION_ID = "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7" REPORT_ID = "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3" -RELATIONSHIP_ID = "relationship--00000000-1111-2222-3333-444444444444" +RELATIONSHIP_ID = "relationship--df7c87eb-75d2-4948-af81-9d49d246f301" THREAT_ACTOR_ID = "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" TOOL_ID = "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" SIGHTING_ID = "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb" diff --git a/stix2/test/v21/test_bundle.py b/stix2/test/v21/test_bundle.py index b22fa64..5627b38 100644 --- a/stix2/test/v21/test_bundle.py +++ b/stix2/test/v21/test_bundle.py @@ -6,12 +6,12 @@ import stix2 EXPECTED_BUNDLE = """{ "type": "bundle", - "id": "bundle--00000000-0000-0000-0000-000000000007", + "id": "bundle--00000000-0000-4000-8000-000000000007", "objects": [ { "type": "indicator", "spec_version": "2.1", - "id": "indicator--00000000-0000-0000-0000-000000000001", + "id": "indicator--00000000-0000-4000-8000-000000000001", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", @@ -23,7 +23,7 @@ EXPECTED_BUNDLE = """{ { "type": "malware", "spec_version": "2.1", - "id": "malware--00000000-0000-0000-0000-000000000003", + "id": "malware--00000000-0000-4000-8000-000000000003", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "name": "Cryptolocker", @@ -35,24 +35,24 @@ EXPECTED_BUNDLE = """{ { "type": "relationship", "spec_version": "2.1", - "id": "relationship--00000000-0000-0000-0000-000000000005", + "id": "relationship--00000000-0000-4000-8000-000000000005", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "relationship_type": "indicates", - "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", - "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210" + "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", + "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" } ] }""" EXPECTED_BUNDLE_DICT = { "type": "bundle", - "id": "bundle--00000000-0000-0000-0000-000000000007", + "id": "bundle--00000000-0000-4000-8000-000000000007", "objects": [ { "type": "indicator", "spec_version": "2.1", - "id": "indicator--00000000-0000-0000-0000-000000000001", + "id": "indicator--00000000-0000-4000-8000-000000000001", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", @@ -64,7 +64,7 @@ EXPECTED_BUNDLE_DICT = { { "type": "malware", "spec_version": "2.1", - "id": "malware--00000000-0000-0000-0000-000000000003", + "id": "malware--00000000-0000-4000-8000-000000000003", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "name": "Cryptolocker", @@ -76,12 +76,12 @@ EXPECTED_BUNDLE_DICT = { { "type": "relationship", "spec_version": "2.1", - "id": "relationship--00000000-0000-0000-0000-000000000005", + "id": "relationship--00000000-0000-4000-8000-000000000005", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "relationship_type": "indicates", - "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", - "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210" + "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", + "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" } ] } diff --git a/stix2/test/v21/test_custom.py b/stix2/test/v21/test_custom.py index c9b972e..c5d8c5f 100644 --- a/stix2/test/v21/test_custom.py +++ b/stix2/test/v21/test_custom.py @@ -16,7 +16,7 @@ IDENTITY_CUSTOM_PROP = stix2.v21.Identity( def test_identity_custom_property(): with pytest.raises(ValueError) as excinfo: stix2.v21.Identity( - id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -27,7 +27,7 @@ def test_identity_custom_property(): with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: stix2.v21.Identity( - id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -40,7 +40,7 @@ def test_identity_custom_property(): assert "Unexpected properties for Identity" in str(excinfo.value) identity = stix2.v21.Identity( - id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -55,7 +55,7 @@ def test_identity_custom_property(): def test_identity_custom_property_invalid(): with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: stix2.v21.Identity( - id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -69,7 +69,7 @@ def test_identity_custom_property_invalid(): def test_identity_custom_property_allowed(): identity = stix2.v21.Identity( - id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -84,7 +84,7 @@ def test_identity_custom_property_allowed(): """{ "type": "identity", "spec_version": "2.1", - "id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + "id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2015-12-21T19:59:11Z", "modified": "2015-12-21T19:59:11Z", "name": "John Smith", @@ -128,7 +128,7 @@ def test_custom_property_dict_in_bundled_object(): custom_identity = { 'type': 'identity', 'spec_version': '2.1', - 'id': 'identity--311b2d2d-f010-5473-83ec-1edf84858f4c', + 'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c', 'created': '2015-12-21T19:59:11Z', 'name': 'John Smith', 'identity_class': 'individual', @@ -146,7 +146,7 @@ def test_custom_properties_dict_in_bundled_object(): custom_identity = { 'type': 'identity', 'spec_version': '2.1', - 'id': 'identity--311b2d2d-f010-5473-83ec-1edf84858f4c', + 'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c', 'created': '2015-12-21T19:59:11Z', 'name': 'John Smith', 'identity_class': 'individual', diff --git a/stix2/test/v21/test_datastore.py b/stix2/test/v21/test_datastore.py index 0744438..0374ac9 100644 --- a/stix2/test/v21/test_datastore.py +++ b/stix2/test/v21/test_datastore.py @@ -22,13 +22,13 @@ def test_datastore_smoke(): def test_datastore_get_raises(): with pytest.raises(AttributeError) as excinfo: - DataStoreMixin().get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + DataStoreMixin().get("indicator--00000000-0000-4000-8000-000000000001") assert "DataStoreMixin has no data source to query" == str(excinfo.value) def test_datastore_all_versions_raises(): with pytest.raises(AttributeError) as excinfo: - DataStoreMixin().all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + DataStoreMixin().all_versions("indicator--00000000-0000-4000-8000-000000000001") assert "DataStoreMixin has no data source to query" == str(excinfo.value) @@ -46,14 +46,14 @@ def test_datastore_creator_of_raises(): def test_datastore_relationships_raises(): with pytest.raises(AttributeError) as excinfo: - DataStoreMixin().relationships(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + DataStoreMixin().relationships(obj="indicator--00000000-0000-4000-8000-000000000001", target_only=True) assert "DataStoreMixin has no data source to query" == str(excinfo.value) def test_datastore_related_to_raises(): with pytest.raises(AttributeError) as excinfo: - DataStoreMixin().related_to(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + DataStoreMixin().related_to(obj="indicator--00000000-0000-4000-8000-000000000001", target_only=True) assert "DataStoreMixin has no data source to query" == str(excinfo.value) @@ -66,13 +66,13 @@ def test_datastore_add_raises(): def test_composite_datastore_get_raises_error(): with pytest.raises(AttributeError) as excinfo: - CompositeDataSource().get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + CompositeDataSource().get("indicator--00000000-0000-4000-8000-000000000001") assert "CompositeDataSource has no data sources" == str(excinfo.value) def test_composite_datastore_all_versions_raises_error(): with pytest.raises(AttributeError) as excinfo: - CompositeDataSource().all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + CompositeDataSource().all_versions("indicator--00000000-0000-4000-8000-000000000001") assert "CompositeDataSource has no data sources" == str(excinfo.value) @@ -84,28 +84,28 @@ def test_composite_datastore_query_raises_error(): def test_composite_datastore_relationships_raises_error(): with pytest.raises(AttributeError) as excinfo: - CompositeDataSource().relationships(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + CompositeDataSource().relationships(obj="indicator--00000000-0000-4000-8000-000000000001", target_only=True) assert "CompositeDataSource has no data sources" == str(excinfo.value) def test_composite_datastore_related_to_raises_error(): with pytest.raises(AttributeError) as excinfo: - CompositeDataSource().related_to(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + CompositeDataSource().related_to(obj="indicator--00000000-0000-4000-8000-000000000001", target_only=True) assert "CompositeDataSource has no data sources" == str(excinfo.value) def test_composite_datastore_add_data_source_raises_error(): with pytest.raises(TypeError) as excinfo: - ind = "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f" + ind = "indicator--00000000-0000-4000-8000-000000000001" CompositeDataSource().add_data_source(ind) assert "DataSource (to be added) is not of type stix2.DataSource. DataSource type is '{}'".format(type(ind)) == str(excinfo.value) def test_composite_datastore_add_data_sources_raises_error(): with pytest.raises(TypeError) as excinfo: - ind = "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f" + ind = "indicator--00000000-0000-4000-8000-000000000001" CompositeDataSource().add_data_sources(ind) assert "DataSource (to be added) is not of type stix2.DataSource. DataSource type is '{}'".format(type(ind)) == str(excinfo.value) @@ -113,5 +113,5 @@ def test_composite_datastore_add_data_sources_raises_error(): def test_composite_datastore_no_datasource(): cds = CompositeDataSource() with pytest.raises(AttributeError) as excinfo: - cds.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + cds.get("indicator--00000000-0000-4000-8000-000000000001") assert 'CompositeDataSource has no data source' in str(excinfo.value) diff --git a/stix2/test/v21/test_datastore_composite.py b/stix2/test/v21/test_datastore_composite.py index cdcfa21..c4f39a3 100644 --- a/stix2/test/v21/test_datastore_composite.py +++ b/stix2/test/v21/test_datastore_composite.py @@ -40,16 +40,16 @@ def test_composite_datasource_operations(stix_objs1, stix_objs2): cds1.add_data_sources([ds1_1, ds1_2]) cds2.add_data_sources([ds2_1, ds2_2]) - indicators = cds1.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + indicators = cds1.all_versions("indicator--00000000-0000-4000-8000-000000000001") # In STIX_OBJS2 changed the 'modified' property to a later time... assert len(indicators) == 2 cds1.add_data_sources([cds2]) - indicator = cds1.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + indicator = cds1.get("indicator--00000000-0000-4000-8000-000000000001") - assert indicator["id"] == "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f" + assert indicator["id"] == "indicator--00000000-0000-4000-8000-000000000001" assert indicator["modified"] == "2017-01-31T13:49:53.935Z" assert indicator["type"] == "indicator" @@ -69,15 +69,15 @@ def test_composite_datasource_operations(stix_objs1, stix_objs2): # original time in STIX_OBJS1 assert len(results) == 3 - indicator = cds1.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + indicator = cds1.get("indicator--00000000-0000-4000-8000-000000000001") - assert indicator["id"] == "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f" + assert indicator["id"] == "indicator--00000000-0000-4000-8000-000000000001" assert indicator["modified"] == "2017-01-31T13:49:53.935Z" assert indicator["type"] == "indicator" # There is only one indicator with different ID. Since we use the same data # when deduplicated, only two indicators (one with different modified). - results = cds1.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + results = cds1.all_versions("indicator--00000000-0000-4000-8000-000000000001") assert len(results) == 2 # Since we have filters already associated with our CompositeSource providing diff --git a/stix2/test/v21/test_datastore_filesystem.py b/stix2/test/v21/test_datastore_filesystem.py index 7666611..408c23a 100644 --- a/stix2/test/v21/test_datastore_filesystem.py +++ b/stix2/test/v21/test_datastore_filesystem.py @@ -198,7 +198,7 @@ def test_filesystem_sink_add_stix_object_dict(fs_sink, fs_source): "type": "campaign", "objective": "German and French Intelligence Services", "aliases": ["Purple Robes"], - "id": "campaign--111111b6-1112-4fb0-111b-b111107ca70a", + "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created": "2017-05-31T21:31:53.197755Z" } @@ -218,14 +218,14 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source): # add stix bundle dict bund = { "type": "bundle", - "id": "bundle--112211b6-1112-4fb0-111b-b111107ca70a", + "id": "bundle--040ae5ec-2e91-4e94-b075-bc8b368e8ca3", "objects": [ { "name": "Atilla", "type": "campaign", "objective": "Bulgarian, Albanian and Romanian Intelligence Services", "aliases": ["Huns"], - "id": "campaign--133111b6-1112-4fb0-111b-b111107ca70a", + "id": "campaign--b8f86161-ccae-49de-973a-4ca320c62478", "created": "2017-05-31T21:31:53.197755Z" } ] @@ -245,15 +245,15 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source): def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source): # add json-encoded stix obj - camp4 = '{"type": "campaign", "id":"campaign--144111b6-1112-4fb0-111b-b111107ca70a",'\ + camp4 = '{"type": "campaign", "id":"campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d",'\ ' "created":"2017-05-31T21:31:53.197755Z", "name": "Ghengis Khan", "objective": "China and Russian infrastructure"}' fs_sink.add(camp4) - assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--144111b6-1112-4fb0-111b-b111107ca70a" + ".json")) + assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d" + ".json")) - camp4_r = fs_source.get("campaign--144111b6-1112-4fb0-111b-b111107ca70a") - assert camp4_r.id == "campaign--144111b6-1112-4fb0-111b-b111107ca70a" + camp4_r = fs_source.get("campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d") + assert camp4_r.id == "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d" assert camp4_r.name == "Ghengis Khan" os.remove(os.path.join(FS_PATH, "campaign", camp4_r.id + ".json")) @@ -261,15 +261,15 @@ def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source): def test_filesystem_sink_json_stix_bundle(fs_sink, fs_source): # add json-encoded stix bundle - bund2 = '{"type": "bundle", "id": "bundle--332211b6-1132-4fb0-111b-b111107ca70a",' \ - ' "objects": [{"type": "campaign", "spec_version": "2.1", "id": "campaign--155155b6-1112-4fb0-111b-b111107ca70a",' \ + bund2 = '{"type": "bundle", "id": "bundle--3d267103-8475-4d8f-b321-35ec6eccfa37",' \ + ' "objects": [{"type": "campaign", "spec_version": "2.1", "id": "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b",' \ ' "created":"2017-05-31T21:31:53.197755Z", "name": "Spartacus", "objective": "Oppressive regimes of Africa and Middle East"}]}' fs_sink.add(bund2) - assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--155155b6-1112-4fb0-111b-b111107ca70a" + ".json")) + assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b" + ".json")) - camp5_r = fs_source.get("campaign--155155b6-1112-4fb0-111b-b111107ca70a") - assert camp5_r.id == "campaign--155155b6-1112-4fb0-111b-b111107ca70a" + camp5_r = fs_source.get("campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b") + assert camp5_r.id == "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b" assert camp5_r.name == "Spartacus" os.remove(os.path.join(FS_PATH, "campaign", camp5_r.id + ".json")) @@ -287,14 +287,14 @@ def test_filesystem_sink_add_objects_list(fs_sink, fs_source): "spec_version": "2.1", "objective": "Central and Eastern Europe military commands and departments", "aliases": ["The Frenchmen"], - "id": "campaign--122818b6-1112-4fb0-111b-b111107ca70a", + "id": "campaign--122818b6-1112-4fb0-b11b-b111107ca70a", "created": "2017-05-31T21:31:53.197755Z" } fs_sink.add([camp6, camp7]) assert os.path.exists(os.path.join(FS_PATH, "campaign", camp6.id + ".json")) - assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--122818b6-1112-4fb0-111b-b111107ca70a" + ".json")) + assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--122818b6-1112-4fb0-b11b-b111107ca70a" + ".json")) camp6_r = fs_source.get(camp6.id) assert camp6_r.id == camp6.id @@ -402,7 +402,7 @@ def test_filesystem_add_bundle_object(fs_store): def test_filesystem_store_add_invalid_object(fs_store): - ind = ('campaign', 'campaign--111111b6-1112-4fb0-111b-b111107ca70a') # tuple isn't valid + ind = ('campaign', 'campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f') # tuple isn't valid with pytest.raises(TypeError) as excinfo: fs_store.add(ind) assert 'stix_data must be' in str(excinfo.value) diff --git a/stix2/test/v21/test_datastore_filters.py b/stix2/test/v21/test_datastore_filters.py index a51a4d7..1e13bec 100644 --- a/stix2/test/v21/test_datastore_filters.py +++ b/stix2/test/v21/test_datastore_filters.py @@ -8,7 +8,7 @@ stix_objs = [ { "created": "2017-01-27T13:49:53.997Z", "description": "\n\nTITLE:\n\tPoison Ivy", - "id": "malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111", + "id": "malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111", "spec_version": "2.1", "labels": [ "remote-access-trojan" @@ -20,7 +20,7 @@ stix_objs = [ }, { "created": "2014-05-08T09:00:00.000Z", - "id": "indicator--a932fcc6-e032-176c-126f-cb970a5a1ade", + "id": "indicator--a932fcc6-e032-476c-826f-cb970a5a1ade", "labels": [ "file-hash-watchlist" ], @@ -48,16 +48,16 @@ stix_objs = [ ], "relationship_type": "indicates", "revoked": True, - "source_ref": "indicator--a932fcc6-e032-176c-126f-cb970a5a1ade", + "source_ref": "indicator--a932fcc6-e032-476c-826f-cb970a5a1ade", "spec_version": "2.1", - "target_ref": "malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111", + "target_ref": "malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111", "type": "relationship" }, { "id": "vulnerability--ee916c28-c7a4-4d0d-ad56-a8d357f89fef", "spec_version": "2.1", "created": "2016-02-14T00:00:00.000Z", - "created_by_ref": "identity--00000000-0000-0000-0000-b8e91df99dc9", + "created_by_ref": "identity--f1350682-3290-4e0d-be58-69e290537647", "modified": "2016-02-14T00:00:00.000Z", "type": "vulnerability", "name": "CVE-2014-0160", @@ -102,11 +102,13 @@ filters = [ Filter("granular_markings.selectors", "in", "relationship_type"), Filter("granular_markings.marking_ref", "=", "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed"), Filter("external_references.external_id", "in", "CVE-2014-0160,CVE-2017-6608"), - Filter("created_by_ref", "=", "identity--00000000-0000-0000-0000-b8e91df99dc9"), - Filter("object_marking_refs", "=", "marking-definition--613f2e26-0000-0000-0000-b8e91df99dc9"), + Filter("created_by_ref", "=", "identity--f1350682-3290-4e0d-be58-69e290537647"), + Filter("object_marking_refs", "=", "marking-definition--613f2e26-0000-4000-8000-b8e91df99dc9"), Filter("granular_markings.selectors", "in", "description"), Filter("external_references.source_name", "=", "CVE"), - Filter("objects", "=", {"0": {"type": "file", "name": "HAL 9000.exe"}}) + Filter("objects", "=", {"0": {"type": "file", "name": "HAL 9000.exe"}}), + Filter("objects", "contains", {"type": "file", "name": "HAL 9000.exe"}), + Filter("labels", "contains", "heartbleed"), ] # same as above objects but converted to real Python STIX2 objects @@ -268,7 +270,7 @@ def test_apply_common_filters9(): def test_apply_common_filters10(): - # "Return any object that matches marking-definition--613f2e26-0000-0000-0000-b8e91df99dc9 in object_marking_refs" (None) + # "Return any object that matches marking-definition--613f2e26-0000-4000-8000-b8e91df99dc9 in object_marking_refs" (None) resp = list(apply_common_filters(stix_objs, [filters[11]])) assert len(resp) == 0 @@ -308,6 +310,28 @@ def test_apply_common_filters13(): assert len(resp) == 1 +def test_apply_common_filters14(): + # Return any object that contains a specific File Cyber Observable Object + resp = list(apply_common_filters(stix_objs, [filters[15]])) + assert resp[0]['id'] == stix_objs[4]['id'] + assert len(resp) == 1 + + resp = list(apply_common_filters(real_stix_objs, [filters[15]])) + assert resp[0].id == real_stix_objs[4].id + assert len(resp) == 1 + + +def test_apply_common_filters15(): + # Return any object that contains 'heartbleed' in "labels" + resp = list(apply_common_filters(stix_objs, [filters[16]])) + assert resp[0]['id'] == stix_objs[3]['id'] + assert len(resp) == 1 + + resp = list(apply_common_filters(real_stix_objs, [filters[16]])) + assert resp[0].id == real_stix_objs[3].id + assert len(resp) == 1 + + def test_datetime_filter_behavior(): """if a filter is initialized with its value being a datetime object OR the STIX object property being filtered on is a datetime object, all @@ -401,12 +425,12 @@ def test_filters4(): def test_filters5(stix_objs2, real_stix_objs2): - # "Return any object whose id is not indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f" - resp = list(apply_common_filters(stix_objs2, [Filter("id", "!=", "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")])) + # "Return any object whose id is not indicator--00000000-0000-4000-8000-000000000002" + resp = list(apply_common_filters(stix_objs2, [Filter("id", "!=", "indicator--00000000-0000-4000-8000-000000000002")])) assert resp[0]['id'] == stix_objs2[0]['id'] assert len(resp) == 1 - resp = list(apply_common_filters(real_stix_objs2, [Filter("id", "!=", "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")])) + resp = list(apply_common_filters(real_stix_objs2, [Filter("id", "!=", "indicator--00000000-0000-4000-8000-000000000002")])) assert resp[0].id == real_stix_objs2[0].id assert len(resp) == 1 diff --git a/stix2/test/v21/test_datastore_memory.py b/stix2/test/v21/test_datastore_memory.py index 74dac2e..c8fce0f 100644 --- a/stix2/test/v21/test_datastore_memory.py +++ b/stix2/test/v21/test_datastore_memory.py @@ -14,7 +14,7 @@ from .constants import (CAMPAIGN_ID, CAMPAIGN_KWARGS, IDENTITY_ID, IND1 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000001", "labels": [ "url-watchlist" ], @@ -27,7 +27,7 @@ IND1 = { } IND2 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000001", "labels": [ "url-watchlist" ], @@ -40,7 +40,7 @@ IND2 = { } IND3 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000001", "labels": [ "url-watchlist" ], @@ -53,7 +53,7 @@ IND3 = { } IND4 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000002", "labels": [ "url-watchlist" ], @@ -66,7 +66,7 @@ IND4 = { } IND5 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000002", "labels": [ "url-watchlist" ], @@ -79,7 +79,7 @@ IND5 = { } IND6 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000001", "labels": [ "url-watchlist" ], @@ -92,7 +92,7 @@ IND6 = { } IND7 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000002", "labels": [ "url-watchlist" ], @@ -105,7 +105,7 @@ IND7 = { } IND8 = { "created": "2017-01-27T13:49:53.935Z", - "id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f", + "id": "indicator--00000000-0000-4000-8000-000000000002", "labels": [ "url-watchlist" ], @@ -158,12 +158,12 @@ def fs_mem_store(request, mem_store): def test_memory_source_get(mem_source): - resp = mem_source.get("indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f") - assert resp["id"] == "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f" + resp = mem_source.get("indicator--00000000-0000-4000-8000-000000000001") + assert resp["id"] == "indicator--00000000-0000-4000-8000-000000000001" def test_memory_source_get_nonexistant_object(mem_source): - resp = mem_source.get("tool--d81f86b8-975b-bc0b-775e-810c5ad45a4f") + resp = mem_source.get("tool--8d0b222c-7a3b-44a0-b9c6-31b051efb32e") assert resp is None @@ -174,7 +174,7 @@ def test_memory_store_all_versions(mem_store): spec_version="2.0", type="bundle")) - resp = mem_store.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + resp = mem_store.all_versions("indicator--00000000-0000-4000-8000-000000000001") assert len(resp) == 1 # MemoryStore can only store 1 version of each object @@ -185,7 +185,7 @@ def test_memory_store_query(mem_store): def test_memory_store_query_single_filter(mem_store): - query = Filter('id', '=', 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f') + query = Filter('id', '=', 'indicator--00000000-0000-4000-8000-000000000001') resp = mem_store.query(query) assert len(resp) == 1 @@ -195,15 +195,15 @@ def test_memory_store_query_empty_query(mem_store): # sort since returned in random order resp = sorted(resp, key=lambda k: k['id']) assert len(resp) == 2 - assert resp[0]['id'] == 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f' - assert resp[0]['modified'] == '2017-01-27T13:49:53.935Z' - assert resp[1]['id'] == 'indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f' - assert resp[1]['modified'] == '2017-01-27T13:49:53.936Z' + assert resp[0]['id'] == 'indicator--00000000-0000-4000-8000-000000000001' + assert resp[0]['modified'] == '2017-01-27T13:49:53.936Z' + assert resp[1]['id'] == 'indicator--00000000-0000-4000-8000-000000000002' + assert resp[1]['modified'] == '2017-01-27T13:49:53.935Z' def test_memory_store_query_multiple_filters(mem_store): mem_store.source.filters.add(Filter('type', '=', 'indicator')) - query = Filter('id', '=', 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f') + query = Filter('id', '=', 'indicator--00000000-0000-4000-8000-000000000001') resp = mem_store.query(query) assert len(resp) == 1 @@ -215,13 +215,13 @@ def test_memory_store_save_load_file(mem_store, fs_mem_store): # (this is done in fixture 'fs_mem_store'), so can already read-in here contents = open(os.path.abspath(filename)).read() - assert '"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",' in contents - assert '"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",' in contents + assert '"id": "indicator--00000000-0000-4000-8000-000000000001",' in contents + assert '"id": "indicator--00000000-0000-4000-8000-000000000001",' in contents mem_store2 = MemoryStore() mem_store2.load_from_file(filename) - assert mem_store2.get("indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f") - assert mem_store2.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + assert mem_store2.get("indicator--00000000-0000-4000-8000-000000000001") + assert mem_store2.get("indicator--00000000-0000-4000-8000-000000000001") def test_memory_store_add_invalid_object(mem_store): diff --git a/stix2/test/v21/test_datastore_taxii.py b/stix2/test/v21/test_datastore_taxii.py index cc78c2a..96040e0 100644 --- a/stix2/test/v21/test_datastore_taxii.py +++ b/stix2/test/v21/test_datastore_taxii.py @@ -253,7 +253,7 @@ def test_add_dict_bundle_object(collection): def test_get_stix2_object(collection): tc_sink = stix2.TAXIICollectionSource(collection) - objects = tc_sink.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f") + objects = tc_sink.get("indicator--00000000-0000-4000-8000-000000000001") assert objects @@ -320,7 +320,7 @@ def test_add_get_remove_filter(collection): def test_get_all_versions(collection): ds = stix2.TAXIICollectionStore(collection) - indicators = ds.all_versions('indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f') + indicators = ds.all_versions('indicator--00000000-0000-4000-8000-000000000001') # There are 3 indicators but 2 share the same 'modified' timestamp assert len(indicators) == 2 diff --git a/stix2/test/v21/test_environment.py b/stix2/test/v21/test_environment.py index f455f6a..7f839e3 100644 --- a/stix2/test/v21/test_environment.py +++ b/stix2/test/v21/test_environment.py @@ -191,7 +191,7 @@ def test_parse_malware(): data = """{ "type": "malware", "spec_version": "2.1", - "id": "malware--fedcba98-7654-3210-fedc-ba9876543210", + "id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "name": "Cryptolocker", diff --git a/stix2/test/v21/test_fixtures.py b/stix2/test/v21/test_fixtures.py index 83d5f85..23ad8a4 100644 --- a/stix2/test/v21/test_fixtures.py +++ b/stix2/test/v21/test_fixtures.py @@ -10,9 +10,9 @@ def test_clock(clock): def test_my_uuid4_fixture(uuid4): - assert uuid.uuid4() == "00000000-0000-0000-0000-000000000001" - assert uuid.uuid4() == "00000000-0000-0000-0000-000000000002" - assert uuid.uuid4() == "00000000-0000-0000-0000-000000000003" + assert uuid.uuid4() == "00000000-0000-4000-8000-000000000001" + assert uuid.uuid4() == "00000000-0000-4000-8000-000000000002" + assert uuid.uuid4() == "00000000-0000-4000-8000-000000000003" for _ in range(256): uuid.uuid4() - assert uuid.uuid4() == "00000000-0000-0000-0000-000000000104" + assert uuid.uuid4() == "00000000-0000-4000-8000-000000000104" diff --git a/stix2/test/v21/test_identity.py b/stix2/test/v21/test_identity.py index 13225e4..0a3399b 100644 --- a/stix2/test/v21/test_identity.py +++ b/stix2/test/v21/test_identity.py @@ -10,7 +10,7 @@ from .constants import IDENTITY_ID EXPECTED = """{ "type": "identity", "spec_version": "2.1", - "id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + "id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2015-12-21T19:59:11.000Z", "modified": "2015-12-21T19:59:11.000Z", "name": "John Smith", @@ -20,7 +20,7 @@ EXPECTED = """{ def test_identity_example(): identity = stix2.v21.Identity( - id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="John Smith", @@ -34,7 +34,7 @@ def test_identity_example(): EXPECTED, { "created": "2015-12-21T19:59:11.000Z", - "id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + "id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "identity_class": "individual", "modified": "2015-12-21T19:59:11.000Z", "name": "John Smith", @@ -57,7 +57,7 @@ def test_parse_no_type(): with pytest.raises(stix2.exceptions.ParseError): stix2.parse(""" { - "id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c", + "id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2015-12-21T19:59:11.000Z", "modified": "2015-12-21T19:59:11.000Z", "name": "John Smith", diff --git a/stix2/test/v21/test_indicator.py b/stix2/test/v21/test_indicator.py index 71685cd..de777ee 100644 --- a/stix2/test/v21/test_indicator.py +++ b/stix2/test/v21/test_indicator.py @@ -11,7 +11,7 @@ from .constants import FAKE_TIME, INDICATOR_ID, INDICATOR_KWARGS EXPECTED_INDICATOR = """{ "type": "indicator", "spec_version": "2.1", - "id": "indicator--01234567-89ab-cdef-0123-456789abcdef", + "id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "created": "2017-01-01T00:00:01.000Z", "modified": "2017-01-01T00:00:01.000Z", "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", @@ -24,7 +24,7 @@ EXPECTED_INDICATOR = """{ EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join(""" type='indicator', spec_version='2.1', - id='indicator--01234567-89ab-cdef-0123-456789abcdef', + id='indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7', created='2017-01-01T00:00:01.000Z', modified='2017-01-01T00:00:01.000Z', pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", @@ -56,7 +56,7 @@ def test_indicator_with_all_required_properties(): def test_indicator_autogenerated_properties(indicator): assert indicator.type == 'indicator' assert indicator.spec_version == '2.1' - assert indicator.id == 'indicator--00000000-0000-0000-0000-000000000001' + assert indicator.id == 'indicator--00000000-0000-4000-8000-000000000001' assert indicator.created == FAKE_TIME assert indicator.modified == FAKE_TIME assert indicator.labels == ['malicious-activity'] @@ -65,7 +65,7 @@ def test_indicator_autogenerated_properties(indicator): assert indicator['type'] == 'indicator' assert indicator['spec_version'] == '2.1' - assert indicator['id'] == 'indicator--00000000-0000-0000-0000-000000000001' + assert indicator['id'] == 'indicator--00000000-0000-4000-8000-000000000001' assert indicator['created'] == FAKE_TIME assert indicator['modified'] == FAKE_TIME assert indicator['labels'] == ['malicious-activity'] @@ -156,7 +156,7 @@ def test_created_modified_time_are_identical_by_default(): EXPECTED_INDICATOR, { "type": "indicator", - "id": "indicator--01234567-89ab-cdef-0123-456789abcdef", + "id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "created": "2017-01-01T00:00:01Z", "modified": "2017-01-01T00:00:01Z", "labels": [ diff --git a/stix2/test/v21/test_malware.py b/stix2/test/v21/test_malware.py index 01e0da9..c218bbb 100644 --- a/stix2/test/v21/test_malware.py +++ b/stix2/test/v21/test_malware.py @@ -11,7 +11,7 @@ from .constants import FAKE_TIME, MALWARE_ID, MALWARE_KWARGS EXPECTED_MALWARE = """{ "type": "malware", "spec_version": "2.1", - "id": "malware--fedcba98-7654-3210-fedc-ba9876543210", + "id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "name": "Cryptolocker", @@ -40,14 +40,14 @@ def test_malware_with_all_required_properties(): def test_malware_autogenerated_properties(malware): assert malware.type == 'malware' - assert malware.id == 'malware--00000000-0000-0000-0000-000000000001' + assert malware.id == 'malware--00000000-0000-4000-8000-000000000001' assert malware.created == FAKE_TIME assert malware.modified == FAKE_TIME assert malware.labels == ['ransomware'] assert malware.name == "Cryptolocker" assert malware['type'] == 'malware' - assert malware['id'] == 'malware--00000000-0000-0000-0000-000000000001' + assert malware['id'] == 'malware--00000000-0000-4000-8000-000000000001' assert malware['created'] == FAKE_TIME assert malware['modified'] == FAKE_TIME assert malware['labels'] == ['ransomware'] @@ -111,7 +111,7 @@ def test_invalid_kwarg_to_malware(): { "type": "malware", "spec_version": "2.1", - "id": "malware--fedcba98-7654-3210-fedc-ba9876543210", + "id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "labels": ["ransomware"], diff --git a/stix2/test/v21/test_properties.py b/stix2/test/v21/test_properties.py index 3653540..3ad7126 100644 --- a/stix2/test/v21/test_properties.py +++ b/stix2/test/v21/test_properties.py @@ -1,16 +1,19 @@ +import uuid + import pytest import stix2 from stix2.exceptions import AtLeastOnePropertyError, DictionaryKeyError -from stix2.properties import (BinaryProperty, BooleanProperty, - DictionaryProperty, EmbeddedObjectProperty, - EnumProperty, ExtensionsProperty, FloatProperty, +from stix2.properties import (ERROR_INVALID_ID, BinaryProperty, + BooleanProperty, DictionaryProperty, + EmbeddedObjectProperty, EnumProperty, + ExtensionsProperty, FloatProperty, HashesProperty, HexProperty, IDProperty, IntegerProperty, ListProperty, Property, ReferenceProperty, StringProperty, TimestampProperty, TypeProperty) -from .constants import FAKE_TIME +from . import constants def test_property(): @@ -86,18 +89,68 @@ def test_type_property(): assert prop.clean(prop.default()) -def test_id_property(): - idprop = IDProperty('my-type') +ID_PROP = IDProperty('my-type') +MY_ID = 'my-type--232c9d3f-49fc-4440-bb01-607f638778e7' - assert idprop.clean('my-type--90aaca8a-1110-5d32-956d-ac2f34a1bd8c') + +@pytest.mark.parametrize("value", [ + MY_ID, + 'my-type--00000000-0000-4000-8000-000000000000', +]) +def test_id_property_valid(value): + assert ID_PROP.clean(value) == value + + +CONSTANT_IDS = [ + constants.ATTACK_PATTERN_ID, + constants.CAMPAIGN_ID, + constants.COURSE_OF_ACTION_ID, + constants.IDENTITY_ID, + constants.INDICATOR_ID, + constants.INTRUSION_SET_ID, + constants.MALWARE_ID, + constants.MARKING_DEFINITION_ID, + constants.OBSERVED_DATA_ID, + constants.RELATIONSHIP_ID, + constants.REPORT_ID, + constants.SIGHTING_ID, + constants.THREAT_ACTOR_ID, + constants.TOOL_ID, + constants.VULNERABILITY_ID, +] +CONSTANT_IDS.extend(constants.MARKING_IDS) +CONSTANT_IDS.extend(constants.RELATIONSHIP_IDS) + + +@pytest.mark.parametrize("value", CONSTANT_IDS) +def test_id_property_valid_for_type(value): + type = value.split('--', 1)[0] + assert IDProperty(type=type).clean(value) == value + + +def test_id_property_wrong_type(): with pytest.raises(ValueError) as excinfo: - idprop.clean('not-my-type--90aaca8a-1110-5d32-956d-ac2f34a1bd8c') + ID_PROP.clean('not-my-type--232c9d3f-49fc-4440-bb01-607f638778e7') assert str(excinfo.value) == "must start with 'my-type--'." - with pytest.raises(ValueError) as excinfo: - idprop.clean('my-type--foo') - assert str(excinfo.value) == "must have a valid UUID after the prefix." - assert idprop.clean(idprop.default()) + +@pytest.mark.parametrize("value", [ + 'my-type--foo', + # Not a v4 UUID + 'my-type--00000000-0000-0000-0000-000000000000', + 'my-type--' + str(uuid.uuid1()), + 'my-type--' + str(uuid.uuid3(uuid.NAMESPACE_DNS, "example.org")), + 'my-type--' + str(uuid.uuid5(uuid.NAMESPACE_DNS, "example.org")), +]) +def test_id_property_not_a_valid_hex_uuid(value): + with pytest.raises(ValueError) as excinfo: + ID_PROP.clean(value) + assert str(excinfo.value) == ERROR_INVALID_ID + + +def test_id_property_default(): + default = ID_PROP.default() + assert ID_PROP.clean(default) == default @pytest.mark.parametrize("value", [ @@ -180,10 +233,14 @@ def test_boolean_property_invalid(value): def test_reference_property(): ref_prop = ReferenceProperty() - assert ref_prop.clean("my-type--3a331bfe-0566-55e1-a4a0-9a2cd355a300") + assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000") with pytest.raises(ValueError): ref_prop.clean("foo") + # This is not a valid V4 UUID + with pytest.raises(ValueError): + ref_prop.clean("my-type--00000000-0000-0000-0000-000000000000") + @pytest.mark.parametrize("value", [ '2017-01-01T12:34:56Z', @@ -192,7 +249,7 @@ def test_reference_property(): ]) def test_timestamp_property_valid(value): ts_prop = TimestampProperty() - assert ts_prop.clean(value) == FAKE_TIME + assert ts_prop.clean(value) == constants.FAKE_TIME def test_timestamp_property_invalid(): diff --git a/stix2/test/v21/test_relationship.py b/stix2/test/v21/test_relationship.py index 51e03ff..fe76f17 100644 --- a/stix2/test/v21/test_relationship.py +++ b/stix2/test/v21/test_relationship.py @@ -11,12 +11,12 @@ from .constants import (FAKE_TIME, INDICATOR_ID, MALWARE_ID, RELATIONSHIP_ID, EXPECTED_RELATIONSHIP = """{ "type": "relationship", "spec_version": "2.1", - "id": "relationship--00000000-1111-2222-3333-444444444444", + "id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301", "created": "2016-04-06T20:06:37.000Z", "modified": "2016-04-06T20:06:37.000Z", "relationship_type": "indicates", - "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", - "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210" + "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", + "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" }""" @@ -38,7 +38,7 @@ def test_relationship_all_required_properties(): def test_relationship_autogenerated_properties(relationship): assert relationship.type == 'relationship' assert relationship.spec_version == '2.1' - assert relationship.id == 'relationship--00000000-0000-0000-0000-000000000001' + assert relationship.id == 'relationship--00000000-0000-4000-8000-000000000001' assert relationship.created == FAKE_TIME assert relationship.modified == FAKE_TIME assert relationship.relationship_type == 'indicates' @@ -47,7 +47,7 @@ def test_relationship_autogenerated_properties(relationship): assert relationship['type'] == 'relationship' assert relationship['spec_version'] == '2.1' - assert relationship['id'] == 'relationship--00000000-0000-0000-0000-000000000001' + assert relationship['id'] == 'relationship--00000000-0000-4000-8000-000000000001' assert relationship['created'] == FAKE_TIME assert relationship['modified'] == FAKE_TIME assert relationship['relationship_type'] == 'indicates' @@ -125,29 +125,29 @@ def test_create_relationship_from_objects_rather_than_ids(indicator, malware): ) assert rel.relationship_type == 'indicates' - assert rel.source_ref == 'indicator--00000000-0000-0000-0000-000000000001' - assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000003' - assert rel.id == 'relationship--00000000-0000-0000-0000-000000000005' + assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001' + assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003' + assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005' def test_create_relationship_with_positional_args(indicator, malware): rel = stix2.v21.Relationship(indicator, 'indicates', malware) assert rel.relationship_type == 'indicates' - assert rel.source_ref == 'indicator--00000000-0000-0000-0000-000000000001' - assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000003' - assert rel.id == 'relationship--00000000-0000-0000-0000-000000000005' + assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001' + assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003' + assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005' @pytest.mark.parametrize("data", [ EXPECTED_RELATIONSHIP, { "created": "2016-04-06T20:06:37Z", - "id": "relationship--00000000-1111-2222-3333-444444444444", + "id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301", "modified": "2016-04-06T20:06:37Z", "relationship_type": "indicates", - "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", - "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210", + "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", + "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", "spec_version": "2.1", "type": "relationship" }, @@ -161,5 +161,5 @@ def test_parse_relationship(data): assert rel.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert rel.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert rel.relationship_type == "indicates" - assert rel.source_ref == "indicator--01234567-89ab-cdef-0123-456789abcdef" - assert rel.target_ref == "malware--fedcba98-7654-3210-fedc-ba9876543210" + assert rel.source_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" + assert rel.target_ref == "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" diff --git a/stix2/test/v21/test_report.py b/stix2/test/v21/test_report.py index d9e2d49..22aec2e 100644 --- a/stix2/test/v21/test_report.py +++ b/stix2/test/v21/test_report.py @@ -88,8 +88,8 @@ def test_report_example_objects_in_object_refs_with_bad_id(): assert excinfo.value.cls == stix2.v21.Report assert excinfo.value.prop_name == "object_refs" - assert excinfo.value.reason == "must match --." - assert str(excinfo.value) == "Invalid value for Report 'object_refs': must match --." + assert excinfo.value.reason == stix2.properties.ERROR_INVALID_ID + assert str(excinfo.value) == "Invalid value for Report 'object_refs': " + stix2.properties.ERROR_INVALID_ID @pytest.mark.parametrize("data", [ diff --git a/stix2/test/v21/test_sighting.py b/stix2/test/v21/test_sighting.py index baec1d9..79f3031 100644 --- a/stix2/test/v21/test_sighting.py +++ b/stix2/test/v21/test_sighting.py @@ -13,7 +13,7 @@ EXPECTED_SIGHTING = """{ "id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb", "created": "2016-04-06T20:06:37.000Z", "modified": "2016-04-06T20:06:37.000Z", - "sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", + "sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "where_sighted_refs": [ "identity--8cc7afd6-5455-4d2b-a736-e614ee631d99" ] @@ -23,7 +23,7 @@ BAD_SIGHTING = """{ "created": "2016-04-06T20:06:37.000Z", "id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb", "modified": "2016-04-06T20:06:37.000Z", - "sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", + "sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "spec_version": "2.1", "type": "sighting", "where_sighted_refs": [ @@ -87,8 +87,8 @@ def test_invalid_kwarg_to_sighting(): def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811 rel = stix2.v21.Sighting(sighting_of_ref=malware) - assert rel.sighting_of_ref == 'malware--00000000-0000-0000-0000-000000000001' - assert rel.id == 'sighting--00000000-0000-0000-0000-000000000003' + assert rel.sighting_of_ref == 'malware--00000000-0000-4000-8000-000000000001' + assert rel.id == 'sighting--00000000-0000-4000-8000-000000000003' @pytest.mark.parametrize("data", [ @@ -97,7 +97,7 @@ def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811 "created": "2016-04-06T20:06:37Z", "id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb", "modified": "2016-04-06T20:06:37Z", - "sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", + "sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "spec_version": "2.1", "type": "sighting", "where_sighted_refs": [ @@ -113,5 +113,5 @@ def test_parse_sighting(data): assert sighting.id == SIGHTING_ID assert sighting.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert sighting.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) - assert sighting.sighting_of_ref == "indicator--01234567-89ab-cdef-0123-456789abcdef" + assert sighting.sighting_of_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" assert sighting.where_sighted_refs == ["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"] diff --git a/stix2/test/v21/test_utils.py b/stix2/test/v21/test_utils.py index 8b368d3..1f8d8e2 100644 --- a/stix2/test/v21/test_utils.py +++ b/stix2/test/v21/test_utils.py @@ -98,8 +98,8 @@ def test_deduplicate(stix_objs1): ids = [obj['id'] for obj in unique] mods = [obj['modified'] for obj in unique] - assert "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f" in ids - assert "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f" in ids + assert "indicator--00000000-0000-4000-8000-000000000001" in ids + assert "indicator--00000000-0000-4000-8000-000000000001" in ids assert "2017-01-27T13:49:53.935Z" in mods assert "2017-01-27T13:49:53.936Z" in mods