Merge branch 'khdesai-fix_issue_307'

Closes #317.
2020-01-04 10:24:51 -05:00 · 2020-01-04 10:24:51 -05:00 · 2d3afb2a27
parent 25eb3bdb0c d50792b4d2
commit 2d3afb2a27
5 changed files with 82 additions and 10 deletions
--- a/stix2/properties.py
+++ b/stix2/properties.py
@ -9,7 +9,6 @@ import re
 import uuid

 from six import string_types, text_type
-from stix2patterns.validator import run_validator

 import stix2

@ -557,14 +556,7 @@ class EnumProperty(StringProperty):


 class PatternProperty(StringProperty):
-
-    def clean(self, value):
-        cleaned_value = super(PatternProperty, self).clean(value)
-        errors = run_validator(cleaned_value)
-        if errors:
-            raise ValueError(str(errors[0]))
-
-        return cleaned_value
+    pass


 class ObservableProperty(Property):
--- a/stix2/test/v20/test_indicator.py
+++ b/stix2/test/v20/test_indicator.py
@ -192,3 +192,23 @@ def test_invalid_indicator_pattern():
    assert excinfo.value.cls == stix2.v20.Indicator
    assert excinfo.value.prop_name == 'pattern'
    assert 'mismatched input' in excinfo.value.reason
+
+
+def test_indicator_stix21_invalid_pattern():
+    now = dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
+    epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
+    patrn = "[EXISTS windows-registry-key:values]"
+
+    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
+        stix2.v20.Indicator(
+            type="indicator",
+            id=INDICATOR_ID,
+            created=now,
+            modified=now,
+            pattern=patrn,
+            valid_from=epoch,
+            labels=["malicious-activity"],
+        )
+
+    assert excinfo.value.cls == stix2.v20.Indicator
+    assert "FAIL: Error found at line 1:8. no viable alternative at input 'EXISTS" in str(excinfo.value)
--- a/stix2/test/v21/test_indicator.py
+++ b/stix2/test/v21/test_indicator.py
@ -251,3 +251,42 @@ def test_indicator_with_custom_embed_objs_extra_props_error():
    assert excinfo.value.cls == stix2.v21.Indicator
    assert excinfo.value.properties == ['bad_custom_prop']
    assert str(excinfo.value) == "Unexpected properties for Indicator: (bad_custom_prop)."
+
+
+def test_indicator_stix20_invalid_pattern():
+    now = dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
+    epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
+    patrn = "[win-registry-key:key = 'hkey_local_machine\\\\foo\\\\bar'] WITHIN 5 SECONDS WITHIN 6 SECONDS"
+
+    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
+        stix2.v21.Indicator(
+            type="indicator",
+            id=INDICATOR_ID,
+            created=now,
+            modified=now,
+            pattern=patrn,
+            pattern_type="stix",
+            valid_from=epoch,
+            indicator_types=['malicious-activity'],
+        )
+
+    assert excinfo.value.cls == stix2.v21.Indicator
+    assert "FAIL: The same qualifier is used more than once" in str(excinfo.value)
+
+    ind = stix2.v21.Indicator(
+        type="indicator",
+        id=INDICATOR_ID,
+        created=now,
+        modified=now,
+        pattern=patrn,
+        pattern_type="stix",
+        pattern_version="2.0",
+        valid_from=epoch,
+        indicator_types=['malicious-activity'],
+    )
+
+    assert ind.id == INDICATOR_ID
+    assert ind.indicator_types == ['malicious-activity']
+    assert ind.pattern == patrn
+    assert ind.pattern_type == "stix"
+    assert ind.pattern_version == "2.0"
--- a/stix2/v20/sdo.py
+++ b/stix2/v20/sdo.py
@ -3,8 +3,11 @@
 from collections import OrderedDict
 import itertools

+from stix2patterns.validator import run_validator
+
 from ..core import STIXDomainObject
 from ..custom import _custom_object_builder
+from ..exceptions import InvalidValueError
 from ..properties import (
    BooleanProperty, IDProperty, IntegerProperty, ListProperty,
    ObservableProperty, PatternProperty, ReferenceProperty, StringProperty,
@ -135,6 +138,11 @@ class Indicator(STIXDomainObject):
        ('granular_markings', ListProperty(GranularMarking)),
    ])

+    def _check_object_constraints(self):
+        errors = run_validator(self.get('pattern'), '2.0')
+        if errors:
+            raise InvalidValueError(self.__class__, 'pattern', str(errors[0]))
+

 class IntrusionSet(STIXDomainObject):
    """For more detailed information on this object's properties, see
--- a/stix2/v21/sdo.py
+++ b/stix2/v21/sdo.py
@ -5,10 +5,13 @@ import itertools
 import warnings

 from six.moves.urllib.parse import quote_plus
+from stix2patterns.validator import run_validator

 from ..core import STIXDomainObject
 from ..custom import _custom_object_builder
-from ..exceptions import PropertyPresenceError, STIXDeprecationWarning
+from ..exceptions import (
+    InvalidValueError, PropertyPresenceError, STIXDeprecationWarning,
+)
 from ..properties import (
    BinaryProperty, BooleanProperty, EmbeddedObjectProperty, EnumProperty,
    FloatProperty, IDProperty, IntegerProperty, ListProperty,
@ -232,6 +235,16 @@ class Indicator(STIXDomainObject):
            msg = "{0.id} 'valid_until' must be greater than 'valid_from'"
            raise ValueError(msg.format(self))

+        if self.get('pattern_type') == "stix":
+            try:
+                pat_ver = self.get('pattern_version')
+            except AttributeError:
+                pat_ver = '2.1'
+
+            errors = run_validator(self.get('pattern'), pat_ver)
+            if errors:
+                raise InvalidValueError(self.__class__, 'pattern', str(errors[0]))
+

 class Infrastructure(STIXDomainObject):
    # TODO: Add link