MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Update SCO specs per WD 05 specs

master
Desai, Kartikey H 2019-07-17 15:48:09 -04:00
parent b1fa177f07
commit 4660d5ea28
2 changed files with 42 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
stix2/test/v21/test_observed_data.py
View File

@ -693,16 +693,16 @@ def test_directory_example():
dir = stix2.v21.Directory( dir = stix2.v21.Directory(
_valid_refs={"1": "file"}, _valid_refs={"1": "file"},
path='/usr/lib', path='/usr/lib',
created="2015-12-21T19:00:00Z", ctime="2015-12-21T19:00:00Z",
modified="2015-12-24T19:00:00Z", mtime="2015-12-24T19:00:00Z",
accessed="2015-12-21T20:00:00Z", atime="2015-12-21T20:00:00Z",
contains_refs=["1"], contains_refs=["1"],
) )
assert dir.path == '/usr/lib' assert dir.path == '/usr/lib'
assert dir.created == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert dir.ctime == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc)
assert dir.modified == dt.datetime(2015, 12, 24, 19, 0, 0, tzinfo=pytz.utc) assert dir.mtime == dt.datetime(2015, 12, 24, 19, 0, 0, tzinfo=pytz.utc)
assert dir.accessed == dt.datetime(2015, 12, 21, 20, 0, 0, tzinfo=pytz.utc) assert dir.atime == dt.datetime(2015, 12, 21, 20, 0, 0, tzinfo=pytz.utc)
assert dir.contains_refs == ["1"] assert dir.contains_refs == ["1"]
@ -711,9 +711,9 @@ def test_directory_example_ref_error():
stix2.v21.Directory( stix2.v21.Directory(
_valid_refs=[], _valid_refs=[],
path='/usr/lib', path='/usr/lib',
created="2015-12-21T19:00:00Z", ctime="2015-12-21T19:00:00Z",
modified="2015-12-24T19:00:00Z", mtime="2015-12-24T19:00:00Z",
accessed="2015-12-21T20:00:00Z", atime="2015-12-21T20:00:00Z",
contains_refs=["1"], contains_refs=["1"],
) )
@ -753,9 +753,9 @@ def test_file_example():
size=100, size=100,
magic_number_hex="1C", magic_number_hex="1C",
mime_type="application/msword", mime_type="application/msword",
created="2016-12-21T19:00:00Z", ctime="2016-12-21T19:00:00Z",
modified="2016-12-24T19:00:00Z", mtime="2016-12-24T19:00:00Z",
accessed="2016-12-21T20:00:00Z", atime="2016-12-21T20:00:00Z",
) )
assert f.name == "qwerty.dll" assert f.name == "qwerty.dll"
@ -763,9 +763,9 @@ def test_file_example():
assert f.magic_number_hex == "1C" assert f.magic_number_hex == "1C"
assert f.hashes["SHA-256"] == "ceafbfd424be2ca4a5f0402cae090dda2fb0526cf521b60b60077c0f622b285a" assert f.hashes["SHA-256"] == "ceafbfd424be2ca4a5f0402cae090dda2fb0526cf521b60b60077c0f622b285a"
assert f.mime_type == "application/msword" assert f.mime_type == "application/msword"
assert f.created == dt.datetime(2016, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert f.ctime == dt.datetime(2016, 12, 21, 19, 0, 0, tzinfo=pytz.utc)
assert f.modified == dt.datetime(2016, 12, 24, 19, 0, 0, tzinfo=pytz.utc) assert f.mtime == dt.datetime(2016, 12, 24, 19, 0, 0, tzinfo=pytz.utc)
assert f.accessed == dt.datetime(2016, 12, 21, 20, 0, 0, tzinfo=pytz.utc) assert f.atime == dt.datetime(2016, 12, 21, 20, 0, 0, tzinfo=pytz.utc)
def test_file_example_with_NTFSExt(): def test_file_example_with_NTFSExt():

36
stix2/v21/observables.py
View File

@ -14,7 +14,7 @@ from ..exceptions import AtLeastOnePropertyError, DependentPropertiesError
from ..properties import ( from ..properties import (
BinaryProperty, BooleanProperty, CallableValues, DictionaryProperty, BinaryProperty, BooleanProperty, CallableValues, DictionaryProperty,
EmbeddedObjectProperty, EnumProperty, ExtensionsProperty, FloatProperty, EmbeddedObjectProperty, EnumProperty, ExtensionsProperty, FloatProperty,
HashesProperty, HexProperty, IntegerProperty, ListProperty, HashesProperty, HexProperty, IDProperty, IntegerProperty, ListProperty,
ObjectReferenceProperty, StringProperty, TimestampProperty, TypeProperty, ObjectReferenceProperty, StringProperty, TimestampProperty, TypeProperty,
) )
@ -28,6 +28,7 @@ class Artifact(_Observable):
_type = 'artifact' _type = 'artifact'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('mime_type', StringProperty()), ('mime_type', StringProperty()),
('payload_bin', BinaryProperty()), ('payload_bin', BinaryProperty()),
('url', StringProperty()), ('url', StringProperty()),
@ -52,6 +53,7 @@ class AutonomousSystem(_Observable):
_type = 'autonomous-system' _type = 'autonomous-system'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('number', IntegerProperty(required=True)), ('number', IntegerProperty(required=True)),
('name', StringProperty()), ('name', StringProperty()),
('rir', StringProperty()), ('rir', StringProperty()),
@ -68,12 +70,13 @@ class Directory(_Observable):
_type = 'directory' _type = 'directory'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('path', StringProperty(required=True)), ('path', StringProperty(required=True)),
('path_enc', StringProperty()), ('path_enc', StringProperty()),
# these are not the created/modified timestamps of the object itself # these are not the created/modified timestamps of the object itself
('created', TimestampProperty()), ('ctime', TimestampProperty()),
('modified', TimestampProperty()), ('mtime', TimestampProperty()),
('accessed', TimestampProperty()), ('atime', TimestampProperty()),
('contains_refs', ListProperty(ObjectReferenceProperty(valid_types=['file', 'directory']))), ('contains_refs', ListProperty(ObjectReferenceProperty(valid_types=['file', 'directory']))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
@ -88,6 +91,7 @@ class DomainName(_Observable):
_type = 'domain-name' _type = 'domain-name'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('resolves_to_refs', ListProperty(ObjectReferenceProperty(valid_types=['ipv4-addr', 'ipv6-addr', 'domain-name']))), ('resolves_to_refs', ListProperty(ObjectReferenceProperty(valid_types=['ipv4-addr', 'ipv6-addr', 'domain-name']))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
@ -103,6 +107,7 @@ class EmailAddress(_Observable):
_type = 'email-addr' _type = 'email-addr'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('display_name', StringProperty()), ('display_name', StringProperty()),
('belongs_to_ref', ObjectReferenceProperty(valid_types='user-account')), ('belongs_to_ref', ObjectReferenceProperty(valid_types='user-account')),
@ -137,6 +142,7 @@ class EmailMessage(_Observable):
_type = 'email-message' _type = 'email-message'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('is_multipart', BooleanProperty(required=True)), ('is_multipart', BooleanProperty(required=True)),
('date', TimestampProperty()), ('date', TimestampProperty()),
('content_type', StringProperty()), ('content_type', StringProperty()),
@ -170,7 +176,7 @@ class ArchiveExt(_Extension):
_type = 'archive-ext' _type = 'archive-ext'
_properties = OrderedDict([ _properties = OrderedDict([
('contains_refs', ListProperty(ObjectReferenceProperty(valid_types='file'), required=True)), ('contains_refs', ListProperty(ObjectReferenceProperty(valid_types=['file', 'directory']), required=True)),
('comment', StringProperty()), ('comment', StringProperty()),
]) ])
@ -323,6 +329,7 @@ class File(_Observable):
_type = 'file' _type = 'file'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('hashes', HashesProperty(spec_version='2.1')), ('hashes', HashesProperty(spec_version='2.1')),
('size', IntegerProperty(min=0)), ('size', IntegerProperty(min=0)),
('name', StringProperty()), ('name', StringProperty()),
@ -330,9 +337,9 @@ class File(_Observable):
('magic_number_hex', HexProperty()), ('magic_number_hex', HexProperty()),
('mime_type', StringProperty()), ('mime_type', StringProperty()),
# these are not the created/modified timestamps of the object itself # these are not the created/modified timestamps of the object itself
('created', TimestampProperty()), ('ctime', TimestampProperty()),
('modified', TimestampProperty()), ('mtime', TimestampProperty()),
('accessed', TimestampProperty()), ('atime', TimestampProperty()),
('parent_directory_ref', ObjectReferenceProperty(valid_types='directory')), ('parent_directory_ref', ObjectReferenceProperty(valid_types='directory')),
('contains_refs', ListProperty(ObjectReferenceProperty)), ('contains_refs', ListProperty(ObjectReferenceProperty)),
('content_ref', ObjectReferenceProperty(valid_types='artifact')), ('content_ref', ObjectReferenceProperty(valid_types='artifact')),
@ -353,6 +360,7 @@ class IPv4Address(_Observable):
_type = 'ipv4-addr' _type = 'ipv4-addr'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('resolves_to_refs', ListProperty(ObjectReferenceProperty(valid_types='mac-addr'))), ('resolves_to_refs', ListProperty(ObjectReferenceProperty(valid_types='mac-addr'))),
('belongs_to_refs', ListProperty(ObjectReferenceProperty(valid_types='autonomous-system'))), ('belongs_to_refs', ListProperty(ObjectReferenceProperty(valid_types='autonomous-system'))),
@ -369,6 +377,7 @@ class IPv6Address(_Observable):
_type = 'ipv6-addr' _type = 'ipv6-addr'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('resolves_to_refs', ListProperty(ObjectReferenceProperty(valid_types='mac-addr'))), ('resolves_to_refs', ListProperty(ObjectReferenceProperty(valid_types='mac-addr'))),
('belongs_to_refs', ListProperty(ObjectReferenceProperty(valid_types='autonomous-system'))), ('belongs_to_refs', ListProperty(ObjectReferenceProperty(valid_types='autonomous-system'))),
@ -385,6 +394,7 @@ class MACAddress(_Observable):
_type = 'mac-addr' _type = 'mac-addr'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
@ -399,6 +409,7 @@ class Mutex(_Observable):
_type = 'mutex' _type = 'mutex'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('name', StringProperty(required=True)), ('name', StringProperty(required=True)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
@ -505,6 +516,7 @@ class NetworkTraffic(_Observable):
_type = 'network-traffic' _type = 'network-traffic'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('start', TimestampProperty()), ('start', TimestampProperty()),
('end', TimestampProperty()), ('end', TimestampProperty()),
('is_active', BooleanProperty()), ('is_active', BooleanProperty()),
@ -624,6 +636,7 @@ class Process(_Observable):
_type = 'process' _type = 'process'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('is_hidden', BooleanProperty()), ('is_hidden', BooleanProperty()),
('pid', IntegerProperty()), ('pid', IntegerProperty()),
# this is not the created timestamps of the object itself # this is not the created timestamps of the object itself
@ -663,6 +676,7 @@ class Software(_Observable):
_type = 'software' _type = 'software'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('name', StringProperty(required=True)), ('name', StringProperty(required=True)),
('cpe', StringProperty()), ('cpe', StringProperty()),
('languages', ListProperty(StringProperty)), ('languages', ListProperty(StringProperty)),
@ -681,6 +695,7 @@ class URL(_Observable):
_type = 'url' _type = 'url'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
@ -710,6 +725,7 @@ class UserAccount(_Observable):
_type = 'user-account' _type = 'user-account'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('user_id', StringProperty()), ('user_id', StringProperty()),
('credential', StringProperty()), ('credential', StringProperty()),
('account_login', StringProperty()), ('account_login', StringProperty()),
@ -767,10 +783,11 @@ class WindowsRegistryKey(_Observable):
_type = 'windows-registry-key' _type = 'windows-registry-key'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('key', StringProperty()), ('key', StringProperty()),
('values', ListProperty(EmbeddedObjectProperty(type=WindowsRegistryValueType))), ('values', ListProperty(EmbeddedObjectProperty(type=WindowsRegistryValueType))),
# this is not the modified timestamps of the object itself # this is not the modified timestamps of the object itself
('modified', TimestampProperty()), ('modified_time', TimestampProperty()),
('creator_user_ref', ObjectReferenceProperty(valid_types='user-account')), ('creator_user_ref', ObjectReferenceProperty(valid_types='user-account')),
('number_of_subkeys', IntegerProperty()), ('number_of_subkeys', IntegerProperty()),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
@ -818,6 +835,7 @@ class X509Certificate(_Observable):
_type = 'x509-certificate' _type = 'x509-certificate'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type)),
('is_self_signed', BooleanProperty()), ('is_self_signed', BooleanProperty()),
('hashes', HashesProperty(spec_version='2.1')), ('hashes', HashesProperty(spec_version='2.1')),
('version', StringProperty()), ('version', StringProperty()),