From 31c37a9b122048b38013e7427af54090086c21ae Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Tue, 25 Feb 2020 20:07:47 -0500 Subject: [PATCH] Changed several *_types properties which were formerly required, to be optional, due to a STIX spec change. Updated unit tests accordingly. --- stix2/test/v21/test_indicator.py | 13 ++----------- stix2/test/v21/test_infrastructure.py | 10 ++-------- stix2/test/v21/test_malware.py | 15 ++++++--------- stix2/v21/sdo.py | 14 +++++++------- 4 files changed, 17 insertions(+), 35 deletions(-) diff --git a/stix2/test/v21/test_indicator.py b/stix2/test/v21/test_indicator.py index 152f253..6965989 100644 --- a/stix2/test/v21/test_indicator.py +++ b/stix2/test/v21/test_indicator.py @@ -14,9 +14,6 @@ EXPECTED_INDICATOR = """{ "id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "created": "2017-01-01T00:00:01.000Z", "modified": "2017-01-01T00:00:01.000Z", - "indicator_types": [ - "malicious-activity" - ], "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", "pattern_type": "stix", "pattern_version": "2.1", @@ -29,7 +26,6 @@ EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join(""" id='indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7', created='2017-01-01T00:00:01.000Z', modified='2017-01-01T00:00:01.000Z', - indicator_types=['malicious-activity'], pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", pattern_type='stix', pattern_version='2.1', @@ -49,7 +45,6 @@ def test_indicator_with_all_required_properties(): pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", pattern_type="stix", valid_from=epoch, - indicator_types=['malicious-activity'], ) assert ind.revoked is False @@ -103,8 +98,8 @@ def test_indicator_required_properties(): stix2.v21.Indicator() assert excinfo.value.cls == stix2.v21.Indicator - assert excinfo.value.properties == ["indicator_types", "pattern", "pattern_type", "valid_from"] - assert str(excinfo.value) == "No values for required properties for Indicator: (indicator_types, pattern, pattern_type, valid_from)." + assert excinfo.value.properties == ["pattern", "pattern_type", "valid_from"] + assert str(excinfo.value) == "No values for required properties for Indicator: (pattern, pattern_type, valid_from)." def test_indicator_required_property_pattern(): @@ -163,9 +158,6 @@ def test_created_modified_time_are_identical_by_default(): "id": INDICATOR_ID, "created": "2017-01-01T00:00:01Z", "modified": "2017-01-01T00:00:01Z", - "indicator_types": [ - "malicious-activity", - ], "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", "pattern_type": "stix", "valid_from": "1970-01-01T00:00:01Z", @@ -181,7 +173,6 @@ def test_parse_indicator(data): assert idctr.created == dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc) assert idctr.modified == dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc) assert idctr.valid_from == dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc) - assert idctr.indicator_types[0] == "malicious-activity" assert idctr.pattern == "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']" diff --git a/stix2/test/v21/test_infrastructure.py b/stix2/test/v21/test_infrastructure.py index 30632bb..3e9feb7 100644 --- a/stix2/test/v21/test_infrastructure.py +++ b/stix2/test/v21/test_infrastructure.py @@ -13,10 +13,7 @@ EXPECTED_INFRASTRUCTURE = """{ "id": "infrastructure--3000ae1b-784c-f03d-8abc-0a625b2ff018", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", - "name": "Poison Ivy C2", - "infrastructure_types": [ - "command-and-control" - ] + "name": "Poison Ivy C2" }""" @@ -29,7 +26,6 @@ def test_infrastructure_with_all_required_properties(): created=now, modified=now, name="Poison Ivy C2", - infrastructure_types=["command-and-control"], ) assert str(infra) == EXPECTED_INFRASTRUCTURE @@ -76,7 +72,7 @@ def test_infrastructure_required_properties(): stix2.v21.Infrastructure() assert excinfo.value.cls == stix2.v21.Infrastructure - assert excinfo.value.properties == ["infrastructure_types", "name"] + assert excinfo.value.properties == ["name"] def test_infrastructure_required_property_name(): @@ -105,7 +101,6 @@ def test_invalid_kwarg_to_infrastructure(): "id": INFRASTRUCTURE_ID, "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", - "infrastructure_types": ["command-and-control"], "name": "Poison Ivy C2", }, ], @@ -118,7 +113,6 @@ def test_parse_infrastructure(data): assert infra.id == INFRASTRUCTURE_ID assert infra.created == dt.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc) assert infra.modified == dt.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc) - assert infra.infrastructure_types == ['command-and-control'] assert infra.name == 'Poison Ivy C2' diff --git a/stix2/test/v21/test_malware.py b/stix2/test/v21/test_malware.py index 53838c9..98e8d37 100644 --- a/stix2/test/v21/test_malware.py +++ b/stix2/test/v21/test_malware.py @@ -1,4 +1,5 @@ import datetime as dt +import json import re import pytest @@ -16,9 +17,6 @@ EXPECTED_MALWARE = """{ "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "name": "Cryptolocker", - "malware_types": [ - "ransomware" - ], "is_family": false }""" @@ -31,7 +29,6 @@ def test_malware_with_all_required_properties(): id=MALWARE_ID, created=now, modified=now, - malware_types=["ransomware"], name="Cryptolocker", is_family=False, ) @@ -80,7 +77,7 @@ def test_malware_required_properties(): stix2.v21.Malware() assert excinfo.value.cls == stix2.v21.Malware - assert excinfo.value.properties == ["is_family", "malware_types"] + assert excinfo.value.properties == ["is_family"] def test_malware_required_property_name(): @@ -116,7 +113,6 @@ def test_invalid_kwarg_to_malware(): "id": MALWARE_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", - "malware_types": ["ransomware"], "name": "Cryptolocker", "is_family": False, }, @@ -130,13 +126,14 @@ def test_parse_malware(data): assert mal.id == MALWARE_ID assert mal.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert mal.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) - assert mal.malware_types == ['ransomware'] assert mal.name == 'Cryptolocker' assert not mal.is_family -def test_parse_malware_invalid_labels(): - data = re.compile('\\[.+\\]', re.DOTALL).sub('1', EXPECTED_MALWARE) +def test_parse_malware_invalid_types(): + data = json.loads(EXPECTED_MALWARE) + data["malware_types"] = 1 # Oops, not a list + data = json.dumps(data) with pytest.raises(InvalidValueError) as excinfo: stix2.parse(data) assert "Invalid value for Malware 'malware_types'" in str(excinfo.value) diff --git a/stix2/v21/sdo.py b/stix2/v21/sdo.py index 1d97261..0f4a5a7 100644 --- a/stix2/v21/sdo.py +++ b/stix2/v21/sdo.py @@ -173,7 +173,7 @@ class Identity(STIXDomainObject): ('name', StringProperty(required=True)), ('description', StringProperty()), ('roles', ListProperty(StringProperty)), - ('identity_class', StringProperty(required=True)), + ('identity_class', StringProperty()), ('sectors', ListProperty(StringProperty)), ('contact_information', StringProperty()), ('revoked', BooleanProperty(default=lambda: False)), @@ -202,7 +202,7 @@ class Indicator(STIXDomainObject): ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('name', StringProperty()), ('description', StringProperty()), - ('indicator_types', ListProperty(StringProperty, required=True)), + ('indicator_types', ListProperty(StringProperty)), ('pattern', PatternProperty(required=True)), ('pattern_type', StringProperty(required=True)), ('pattern_version', StringProperty()), @@ -269,7 +269,7 @@ class Infrastructure(STIXDomainObject): ('granular_markings', ListProperty(GranularMarking)), ('name', StringProperty(required=True)), ('description', StringProperty()), - ('infrastructure_types', ListProperty(StringProperty, required=True)), + ('infrastructure_types', ListProperty(StringProperty)), ('aliases', ListProperty(StringProperty)), ('kill_chain_phases', ListProperty(KillChainPhase)), ('first_seen', TimestampProperty()), @@ -454,7 +454,7 @@ class Malware(STIXDomainObject): ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('name', StringProperty()), ('description', StringProperty()), - ('malware_types', ListProperty(StringProperty, required=True)), + ('malware_types', ListProperty(StringProperty)), ('is_family', BooleanProperty(required=True)), ('aliases', ListProperty(StringProperty)), ('kill_chain_phases', ListProperty(KillChainPhase)), @@ -672,7 +672,7 @@ class Report(STIXDomainObject): ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('name', StringProperty(required=True)), ('description', StringProperty()), - ('report_types', ListProperty(StringProperty, required=True)), + ('report_types', ListProperty(StringProperty)), ('published', TimestampProperty(required=True)), ('object_refs', ListProperty(ReferenceProperty(valid_types=["SCO", "SDO", "SRO"], spec_version='2.1'), required=True)), ('revoked', BooleanProperty(default=lambda: False)), @@ -701,7 +701,7 @@ class ThreatActor(STIXDomainObject): ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('name', StringProperty(required=True)), ('description', StringProperty()), - ('threat_actor_types', ListProperty(StringProperty, required=True)), + ('threat_actor_types', ListProperty(StringProperty)), ('aliases', ListProperty(StringProperty)), ('first_seen', TimestampProperty()), ('last_seen', TimestampProperty()), @@ -748,7 +748,7 @@ class Tool(STIXDomainObject): ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('name', StringProperty(required=True)), ('description', StringProperty()), - ('tool_types', ListProperty(StringProperty, required=True)), + ('tool_types', ListProperty(StringProperty)), ('aliases', ListProperty(StringProperty)), ('kill_chain_phases', ListProperty(KillChainPhase)), ('tool_version', StringProperty()),