Changed several *_types properties which were formerly required,

to be optional, due to a STIX spec change.  Updated unit tests
accordingly.

stix2/test/v21/test_indicator.py

@@ -14,9 +14,6 @@ EXPECTED_INDICATOR = """{
     "id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
     "created": "2017-01-01T00:00:01.000Z",
     "modified": "2017-01-01T00:00:01.000Z",
-    "indicator_types": [
-        "malicious-activity"
-    ],
     "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
     "pattern_type": "stix",
     "pattern_version": "2.1",
@@ -29,7 +26,6 @@ EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join("""
     id='indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7',
     created='2017-01-01T00:00:01.000Z',
     modified='2017-01-01T00:00:01.000Z',
-    indicator_types=['malicious-activity'],
     pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
     pattern_type='stix',
     pattern_version='2.1',
@@ -49,7 +45,6 @@ def test_indicator_with_all_required_properties():
         pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
         pattern_type="stix",
         valid_from=epoch,
-        indicator_types=['malicious-activity'],
     )
 
     assert ind.revoked is False
@@ -103,8 +98,8 @@ def test_indicator_required_properties():
         stix2.v21.Indicator()
 
     assert excinfo.value.cls == stix2.v21.Indicator
-    assert excinfo.value.properties == ["indicator_types", "pattern", "pattern_type", "valid_from"]
-    assert str(excinfo.value) == "No values for required properties for Indicator: (indicator_types, pattern, pattern_type, valid_from)."
+    assert excinfo.value.properties == ["pattern", "pattern_type", "valid_from"]
+    assert str(excinfo.value) == "No values for required properties for Indicator: (pattern, pattern_type, valid_from)."
 
 
 def test_indicator_required_property_pattern():
@@ -163,9 +158,6 @@ def test_created_modified_time_are_identical_by_default():
             "id": INDICATOR_ID,
             "created": "2017-01-01T00:00:01Z",
             "modified": "2017-01-01T00:00:01Z",
-            "indicator_types": [
-                "malicious-activity",
-            ],
             "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
             "pattern_type": "stix",
             "valid_from": "1970-01-01T00:00:01Z",
@@ -181,7 +173,6 @@ def test_parse_indicator(data):
     assert idctr.created == dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
     assert idctr.modified == dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
     assert idctr.valid_from == dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
-    assert idctr.indicator_types[0] == "malicious-activity"
     assert idctr.pattern == "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']"
 
 

stix2/test/v21/test_infrastructure.py

@@ -13,10 +13,7 @@ EXPECTED_INFRASTRUCTURE = """{
     "id": "infrastructure--3000ae1b-784c-f03d-8abc-0a625b2ff018",
     "created": "2017-01-01T12:34:56.000Z",
     "modified": "2017-01-01T12:34:56.000Z",
-    "name": "Poison Ivy C2",
-    "infrastructure_types": [
-        "command-and-control"
-    ]
+    "name": "Poison Ivy C2"
 }"""
 
 
@@ -29,7 +26,6 @@ def test_infrastructure_with_all_required_properties():
         created=now,
         modified=now,
         name="Poison Ivy C2",
-        infrastructure_types=["command-and-control"],
     )
 
     assert str(infra) == EXPECTED_INFRASTRUCTURE
@@ -76,7 +72,7 @@ def test_infrastructure_required_properties():
         stix2.v21.Infrastructure()
 
     assert excinfo.value.cls == stix2.v21.Infrastructure
-    assert excinfo.value.properties == ["infrastructure_types", "name"]
+    assert excinfo.value.properties == ["name"]
 
 
 def test_infrastructure_required_property_name():
@@ -105,7 +101,6 @@ def test_invalid_kwarg_to_infrastructure():
             "id": INFRASTRUCTURE_ID,
             "created": "2017-01-01T12:34:56.000Z",
             "modified": "2017-01-01T12:34:56.000Z",
-            "infrastructure_types": ["command-and-control"],
             "name": "Poison Ivy C2",
         },
     ],
@@ -118,7 +113,6 @@ def test_parse_infrastructure(data):
     assert infra.id == INFRASTRUCTURE_ID
     assert infra.created == dt.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc)
     assert infra.modified == dt.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc)
-    assert infra.infrastructure_types == ['command-and-control']
     assert infra.name == 'Poison Ivy C2'
 
 

stix2/test/v21/test_malware.py

@@ -1,4 +1,5 @@
 import datetime as dt
+import json
 import re
 
 import pytest
@@ -16,9 +17,6 @@ EXPECTED_MALWARE = """{
     "created": "2016-05-12T08:17:27.000Z",
     "modified": "2016-05-12T08:17:27.000Z",
     "name": "Cryptolocker",
-    "malware_types": [
-        "ransomware"
-    ],
     "is_family": false
 }"""
 
@@ -31,7 +29,6 @@ def test_malware_with_all_required_properties():
         id=MALWARE_ID,
         created=now,
         modified=now,
-        malware_types=["ransomware"],
         name="Cryptolocker",
         is_family=False,
     )
@@ -80,7 +77,7 @@ def test_malware_required_properties():
         stix2.v21.Malware()
 
     assert excinfo.value.cls == stix2.v21.Malware
-    assert excinfo.value.properties == ["is_family", "malware_types"]
+    assert excinfo.value.properties == ["is_family"]
 
 
 def test_malware_required_property_name():
@@ -116,7 +113,6 @@ def test_invalid_kwarg_to_malware():
             "id": MALWARE_ID,
             "created": "2016-05-12T08:17:27.000Z",
             "modified": "2016-05-12T08:17:27.000Z",
-            "malware_types": ["ransomware"],
             "name": "Cryptolocker",
             "is_family": False,
         },
@@ -130,13 +126,14 @@ def test_parse_malware(data):
     assert mal.id == MALWARE_ID
     assert mal.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
     assert mal.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
-    assert mal.malware_types == ['ransomware']
     assert mal.name == 'Cryptolocker'
     assert not mal.is_family
 
 
-def test_parse_malware_invalid_labels():
-    data = re.compile('\\[.+\\]', re.DOTALL).sub('1', EXPECTED_MALWARE)
+def test_parse_malware_invalid_types():
+    data = json.loads(EXPECTED_MALWARE)
+    data["malware_types"] = 1  # Oops, not a list
+    data = json.dumps(data)
     with pytest.raises(InvalidValueError) as excinfo:
         stix2.parse(data)
     assert "Invalid value for Malware 'malware_types'" in str(excinfo.value)

stix2/v21/sdo.py

@@ -173,7 +173,7 @@ class Identity(STIXDomainObject):
         ('name', StringProperty(required=True)),
         ('description', StringProperty()),
         ('roles', ListProperty(StringProperty)),
-        ('identity_class', StringProperty(required=True)),
+        ('identity_class', StringProperty()),
         ('sectors', ListProperty(StringProperty)),
         ('contact_information', StringProperty()),
         ('revoked', BooleanProperty(default=lambda: False)),
@@ -202,7 +202,7 @@ class Indicator(STIXDomainObject):
         ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
         ('name', StringProperty()),
         ('description', StringProperty()),
-        ('indicator_types', ListProperty(StringProperty, required=True)),
+        ('indicator_types', ListProperty(StringProperty)),
         ('pattern', PatternProperty(required=True)),
         ('pattern_type', StringProperty(required=True)),
         ('pattern_version', StringProperty()),
@@ -269,7 +269,7 @@ class Infrastructure(STIXDomainObject):
         ('granular_markings', ListProperty(GranularMarking)),
         ('name', StringProperty(required=True)),
         ('description', StringProperty()),
-        ('infrastructure_types', ListProperty(StringProperty, required=True)),
+        ('infrastructure_types', ListProperty(StringProperty)),
         ('aliases', ListProperty(StringProperty)),
         ('kill_chain_phases', ListProperty(KillChainPhase)),
         ('first_seen', TimestampProperty()),
@@ -454,7 +454,7 @@ class Malware(STIXDomainObject):
         ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
         ('name', StringProperty()),
         ('description', StringProperty()),
-        ('malware_types', ListProperty(StringProperty, required=True)),
+        ('malware_types', ListProperty(StringProperty)),
         ('is_family', BooleanProperty(required=True)),
         ('aliases', ListProperty(StringProperty)),
         ('kill_chain_phases', ListProperty(KillChainPhase)),
@@ -672,7 +672,7 @@ class Report(STIXDomainObject):
         ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
         ('name', StringProperty(required=True)),
         ('description', StringProperty()),
-        ('report_types', ListProperty(StringProperty, required=True)),
+        ('report_types', ListProperty(StringProperty)),
         ('published', TimestampProperty(required=True)),
         ('object_refs', ListProperty(ReferenceProperty(valid_types=["SCO", "SDO", "SRO"], spec_version='2.1'), required=True)),
         ('revoked', BooleanProperty(default=lambda: False)),
@@ -701,7 +701,7 @@ class ThreatActor(STIXDomainObject):
         ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
         ('name', StringProperty(required=True)),
         ('description', StringProperty()),
-        ('threat_actor_types', ListProperty(StringProperty, required=True)),
+        ('threat_actor_types', ListProperty(StringProperty)),
         ('aliases', ListProperty(StringProperty)),
         ('first_seen', TimestampProperty()),
         ('last_seen', TimestampProperty()),
@@ -748,7 +748,7 @@ class Tool(STIXDomainObject):
         ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
         ('name', StringProperty(required=True)),
         ('description', StringProperty()),
-        ('tool_types', ListProperty(StringProperty, required=True)),
+        ('tool_types', ListProperty(StringProperty)),
         ('aliases', ListProperty(StringProperty)),
         ('kill_chain_phases', ListProperty(KillChainPhase)),
         ('tool_version', StringProperty()),