From 5658cebf57e38c2ba614303354b5d2b7f68df33a Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Fri, 18 Jan 2019 13:28:37 -0500 Subject: [PATCH 01/10] Update JSON files so timestamps are only precise to the millisecond (3 decimal points), per the specs --- .../20170531213019735010.json | 4 ++-- .../20170531213026496201.json | 4 ++-- .../20170531213029458940.json | 4 ++-- .../20170531213045139269.json | 4 ++-- .../20170531213041022897.json | 4 ++-- .../20170531213032662702.json | 4 ++-- .../20170531213026495974.json | 4 ++-- .../20170531213041022744.json | 4 ++-- .../20170531213149412497.json | 4 ++-- .../20170531213153197755.json | 4 ++-- .../20170531213258226477.json | 4 ++-- .../20170531213326565056.json | 4 ++-- .../20170531213248482655.json | 4 ++-- .../20170531213215263882.json | 4 ++-- .../20170531213327182784.json | 4 ++-- .../20170531213327082801.json | 4 ++-- .../20170531213327018782.json | 4 ++-- .../20170531213327100701.json | 4 ++-- .../20170531213327143973.json | 4 ++-- .../20170531213327021562.json | 4 ++-- .../20170531213327044387.json | 4 ++-- .../20170531213327051532.json | 4 ++-- .../20170531213231601148.json | 4 ++-- .../20170531213212684914.json | 4 ++-- 24 files changed, 48 insertions(+), 48 deletions(-) diff --git a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json index ccbe2cc..f9fdf75 100644 --- a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json +++ b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json @@ -2,7 +2,7 @@ "id": "bundle--f68640b4-0cdc-42ae-b176-def1754a1ea0", "objects": [ { - "created": "2017-05-31T21:30:19.73501Z", + "created": "2017-05-31T21:30:19.735Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Credential dumping is the process of obtaining account login and password information from the operating system and software. Credentials can be used to perform Windows Credential Editor, Mimikatz, and gsecdump. These tools are in use by both professional security testers and adversaries.\n\nPlaintext passwords can be obtained using tools such as Mimikatz to extract passwords stored by the Local Security Authority (LSA). If smart cards are used to authenticate to a domain using a personal identification number (PIN), then that PIN is also cached as a result and may be dumped.Mimikatz access the LSA Subsystem Service (LSASS) process by opening the process, locating the LSA secrets key, and decrypting the sections in memory where credential details are stored. Credential dumpers may also use methods for reflective DLL Injection to reduce potential indicators of malicious activity.\n\nNTLM hash dumpers open the Security Accounts Manager (SAM) on the local file system (%SystemRoot%/system32/config/SAM) or create a dump of the Registry SAM key to access stored account password hashes. Some hash dumpers will open the local file system as a device and parse to the SAM table to avoid file access defenses. Others will make an in-memory copy of the SAM table before reading hashes. Detection of compromised Legitimate Credentials in-use by adversaries may help as well. \n\nOn Windows 8.1 and Windows Server 2012 R2, monitor Windows Logs for LSASS.exe creation to verify that LSASS started as a protected process.\n\nMonitor processes and command-line arguments for program execution that may be indicative of credential dumping. Remote access tools may contain built-in features or incorporate existing tools like Mimikatz. PowerShell scripts also exist that contain credential dumping functionality, such as PowerSploit's Invoke-Mimikatz module,[[Citation: Powersploit]] which may require additional logging features to be configured in the operating system to collect necessary information for analysis.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: API monitoring, Process command-line parameters, Process monitoring, PowerShell logs", "external_references": [ @@ -29,7 +29,7 @@ "phase_name": "credential-access" } ], - "modified": "2017-05-31T21:30:19.73501Z", + "modified": "2017-05-31T21:30:19.735Z", "name": "Credential Dumping", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json index c36831e..abc6725 100644 --- a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json +++ b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json @@ -2,7 +2,7 @@ "id": "bundle--b07d6fd6-7cc5-492d-a1eb-9ba956b329d5", "objects": [ { - "created": "2017-05-31T21:30:26.496201Z", + "created": "2017-05-31T21:30:26.496Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Rootkits are programs that hide the existence of malware by intercepting and modifying operating system API calls that supply system information. Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, to include a Hypervisor, Master Boot Record, or the Basic Input/Output System.[[Citation: Wikipedia Rootkit]]\n\nAdversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components.\n\nDetection: Some rootkit protections may be built into anti-virus or operating system software. There are dedicated rootkit detection tools that look for specific types of rootkit behavior. Monitor for the existence of unrecognized DLLs, devices, services, and changes to the MBR.[[Citation: Wikipedia Rootkit]]\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: BIOS, MBR, System calls", "external_references": [ @@ -24,7 +24,7 @@ "phase_name": "defense-evasion" } ], - "modified": "2017-05-31T21:30:26.496201Z", + "modified": "2017-05-31T21:30:26.496Z", "name": "Rootkit", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json index 0504875..4bde369 100644 --- a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json +++ b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json @@ -2,7 +2,7 @@ "id": "bundle--1a854c96-639e-4771-befb-e7b960a65974", "objects": [ { - "created": "2017-05-31T21:30:29.45894Z", + "created": "2017-05-31T21:30:29.458Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Data, such as sensitive documents, may be exfiltrated through the use of automated processing or Scripting after being gathered during Exfiltration Over Command and Control Channel and Exfiltration Over Alternative Protocol.\n\nDetection: Monitor process file access patterns and network behavior. Unrecognized processes or scripts that appear to be traversing file systems and sending network traffic may be suspicious.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: File monitoring, Process monitoring, Process use of network", "external_references": [ @@ -19,7 +19,7 @@ "phase_name": "exfiltration" } ], - "modified": "2017-05-31T21:30:29.45894Z", + "modified": "2017-05-31T21:30:29.458Z", "name": "Automated Exfiltration", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json index 2e3b622..582a935 100644 --- a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json +++ b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json @@ -2,7 +2,7 @@ "id": "bundle--33e3e33a-38b8-4a37-9455-5b8c82d3b10a", "objects": [ { - "created": "2017-05-31T21:30:45.139269Z", + "created": "2017-05-31T21:30:45.139Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Adversaries may attempt to get a listing of network connections to or from the compromised system.\nUtilities and commands that acquire this information include netstat, \"net use,\" and \"net session\" with Net.\n\nDetection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Windows Management Instrumentation and PowerShell.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: Process command-line parameters, Process monitoring", "external_references": [ @@ -19,7 +19,7 @@ "phase_name": "discovery" } ], - "modified": "2017-05-31T21:30:45.139269Z", + "modified": "2017-05-31T21:30:45.139Z", "name": "Local Network Connections Discovery", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json index 8819fcb..8827c4b 100644 --- a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json +++ b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json @@ -2,7 +2,7 @@ "id": "bundle--a87938c5-cc1e-4e06-a8a3-b10243ae397d", "objects": [ { - "created": "2017-05-31T21:30:41.022897Z", + "created": "2017-05-31T21:30:41.022Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Sensitive data can be collected from remote systems via shared network drives (host shared directory, network file server, etc.) that are accessible from the current system prior to cmd may be used to gather information.\n\nDetection: Monitor processes and command-line arguments for actions that could be taken to collect files from a network share. Remote access tools with built-in features may interact directly with the Windows API to gather data. Data may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: File monitoring, Process monitoring, Process command-line parameters", "external_references": [ @@ -19,7 +19,7 @@ "phase_name": "collection" } ], - "modified": "2017-05-31T21:30:41.022897Z", + "modified": "2017-05-31T21:30:41.022Z", "name": "Data from Network Shared Drive", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json index 7d2b58e..219ce46 100644 --- a/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json +++ b/stix2/test/v21/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json @@ -2,7 +2,7 @@ "id": "bundle--5ddaeff9-eca7-4094-9e65-4f53da21a444", "objects": [ { - "created": "2017-05-31T21:30:32.662702Z", + "created": "2017-05-31T21:30:32.662Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system.\n\nDetection: Detection of file obfuscation is difficult unless artifacts are left behind by the obfuscation process that are uniquely detectable with a signature. If detection of the obfuscation itself is not possible, it may be possible to detect the malicious activity that caused the obfuscated file (for example, the method that was used to write, read, or modify the file on the file system).\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: Network protocol analysis, Process use of network, Binary file metadata, File monitoring, Malware reverse engineering", "external_references": [ @@ -19,7 +19,7 @@ "phase_name": "defense-evasion" } ], - "modified": "2017-05-31T21:30:32.662702Z", + "modified": "2017-05-31T21:30:32.662Z", "name": "Obfuscated Files or Information", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json b/stix2/test/v21/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json index 3117103..b59ae52 100644 --- a/stix2/test/v21/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json +++ b/stix2/test/v21/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json @@ -2,11 +2,11 @@ "id": "bundle--a42d26fe-c938-4074-a1b3-50d852e6f0bd", "objects": [ { - "created": "2017-05-31T21:30:26.495974Z", + "created": "2017-05-31T21:30:26.495Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Identify potentially malicious software that may contain rootkit functionality, and audit and/or block it by using whitelisting[[CiteRef::Beechey 2010]] tools, like AppLocker,[[CiteRef::Windows Commands JPCERT]][[CiteRef::NSA MS AppLocker]] or Software Restriction Policies[[CiteRef::Corio 2008]] where appropriate.[[CiteRef::TechNet Applocker vs SRP]]", "id": "course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f", - "modified": "2017-05-31T21:30:26.495974Z", + "modified": "2017-05-31T21:30:26.495Z", "name": "Rootkit Mitigation", "spec_version": "2.1", "type": "course-of-action" diff --git a/stix2/test/v21/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json b/stix2/test/v21/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json index dcc5b0d..1c05407 100644 --- a/stix2/test/v21/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json +++ b/stix2/test/v21/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json @@ -1,9 +1,9 @@ { - "created": "2017-05-31T21:30:41.022744Z", + "created": "2017-05-31T21:30:41.022Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Identify unnecessary system utilities or potentially malicious software that may be used to collect data from a network share, and audit and/or block them by using whitelisting[[CiteRef::Beechey 2010]] tools, like AppLocker,[[CiteRef::Windows Commands JPCERT]][[CiteRef::NSA MS AppLocker]] or Software Restriction Policies[[CiteRef::Corio 2008]] where appropriate.[[CiteRef::TechNet Applocker vs SRP]]", "id": "course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd", - "modified": "2017-05-31T21:30:41.022744Z", + "modified": "2017-05-31T21:30:41.022Z", "name": "Data from Network Shared Drive Mitigation", "spec_version": "2.1", "type": "course-of-action" diff --git a/stix2/test/v21/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json b/stix2/test/v21/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json index b8372aa..c7947e8 100644 --- a/stix2/test/v21/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json +++ b/stix2/test/v21/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json @@ -10,7 +10,7 @@ "PinkPanther", "Black Vine" ], - "created": "2017-05-31T21:31:49.412497Z", + "created": "2017-05-31T21:31:49.412Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Deep Panda is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications.Deep Panda.Deep Panda also appears to be known as Black Vine based on the attribution of both group names to the Anthem intrusion.[[Citation: Symantec Black Vine]]", "external_references": [ @@ -41,7 +41,7 @@ } ], "id": "intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064", - "modified": "2017-05-31T21:31:49.412497Z", + "modified": "2017-05-31T21:31:49.412Z", "name": "Deep Panda", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json b/stix2/test/v21/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json index 2fe46f1..b48a477 100644 --- a/stix2/test/v21/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json +++ b/stix2/test/v21/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json @@ -5,7 +5,7 @@ "aliases": [ "DragonOK" ], - "created": "2017-05-31T21:31:53.197755Z", + "created": "2017-05-31T21:31:53.197Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. [[Citation: Operation Quantum Entanglement]][[Citation: Symbiotic APT Groups]] It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. [[Citation: New DragonOK]]", "external_references": [ @@ -31,7 +31,7 @@ } ], "id": "intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a", - "modified": "2017-05-31T21:31:53.197755Z", + "modified": "2017-05-31T21:31:53.197Z", "name": "DragonOK", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json b/stix2/test/v21/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json index 8ea538e..1bedc5b 100644 --- a/stix2/test/v21/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json +++ b/stix2/test/v21/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json @@ -2,7 +2,7 @@ "id": "bundle--f64de948-7067-4534-8018-85f03d470625", "objects": [ { - "created": "2017-05-31T21:32:58.226477Z", + "created": "2017-05-31T21:32:58.226Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]", "external_references": [ @@ -21,7 +21,7 @@ "malware_types": [ "malware" ], - "modified": "2017-05-31T21:32:58.226477Z", + "modified": "2017-05-31T21:32:58.226Z", "name": "Rover", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json b/stix2/test/v21/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json index 9f51a11..0b7c01e 100644 --- a/stix2/test/v21/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json +++ b/stix2/test/v21/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json @@ -2,7 +2,7 @@ "id": "bundle--c633942b-545c-4c87-91b7-9fe5740365e0", "objects": [ { - "created": "2017-05-31T21:33:26.565056Z", + "created": "2017-05-31T21:33:26.565Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "RTM is custom malware written in Delphi. It is used by the group of the same name (RTM).[[Citation: ESET RTM Feb 2017]]", "external_references": [ @@ -21,7 +21,7 @@ "malware_types": [ "malware" ], - "modified": "2017-05-31T21:33:26.565056Z", + "modified": "2017-05-31T21:33:26.565Z", "name": "RTM", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json b/stix2/test/v21/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json index 2808866..195c973 100644 --- a/stix2/test/v21/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json +++ b/stix2/test/v21/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json @@ -2,7 +2,7 @@ "id": "bundle--09ce4338-8741-4fcf-9738-d216c8e40974", "objects": [ { - "created": "2017-05-31T21:32:48.482655Z", + "created": "2017-05-31T21:32:48.482Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Sakula is a remote access tool (RAT) that first surfaced in 2012 and was used in intrusions throughout 2015.[[Citation: Dell Sakula]]\n\nAliases: Sakula, Sakurel, VIPER", "external_references": [ @@ -21,7 +21,7 @@ "malware_types": [ "malware" ], - "modified": "2017-05-31T21:32:48.482655Z", + "modified": "2017-05-31T21:32:48.482Z", "name": "Sakula", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json b/stix2/test/v21/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json index 3e1c870..4d57db5 100644 --- a/stix2/test/v21/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json +++ b/stix2/test/v21/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json @@ -2,7 +2,7 @@ "id": "bundle--611947ce-ae3b-4fdb-b297-aed8eab22e4f", "objects": [ { - "created": "2017-05-31T21:32:15.263882Z", + "created": "2017-05-31T21:32:15.263Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "PoisonIvy is a popular remote access tool (RAT) that has been used by many groups.[[Citation: FireEye Poison Ivy]]\n\nAliases: PoisonIvy, Poison Ivy", "external_references": [ @@ -21,7 +21,7 @@ "labels": [ "malware" ], - "modified": "2017-05-31T21:32:15.263882Z", + "modified": "2017-05-31T21:32:15.263Z", "name": "PoisonIvy", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json b/stix2/test/v21/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json index 915b126..b428b3b 100644 --- a/stix2/test/v21/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json +++ b/stix2/test/v21/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json @@ -2,10 +2,10 @@ "id": "bundle--7e715462-dd9d-40b9-968a-10ef0ecf126d", "objects": [ { - "created": "2017-05-31T21:33:27.182784Z", + "created": "2017-05-31T21:33:27.182Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--0d4a7788-7f3b-4df8-a498-31a38003c883", - "modified": "2017-05-31T21:33:27.182784Z", + "modified": "2017-05-31T21:33:27.182Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v21/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json b/stix2/test/v21/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json index 478ca3a..ca0d1f0 100644 --- a/stix2/test/v21/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json +++ b/stix2/test/v21/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json @@ -2,10 +2,10 @@ "id": "bundle--a53eef35-abfc-4bcd-b84e-a048f7b4a9bf", "objects": [ { - "created": "2017-05-31T21:33:27.082801Z", + "created": "2017-05-31T21:33:27.082Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227", - "modified": "2017-05-31T21:33:27.082801Z", + "modified": "2017-05-31T21:33:27.082Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v21/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json b/stix2/test/v21/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json index 2ea9d22..5087f28 100644 --- a/stix2/test/v21/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json +++ b/stix2/test/v21/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json @@ -2,10 +2,10 @@ "id": "bundle--0b9f6412-314f-44e3-8779-9738c9578ef5", "objects": [ { - "created": "2017-05-31T21:33:27.018782Z", + "created": "2017-05-31T21:33:27.018Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--1e91cd45-a725-4965-abe3-700694374432", - "modified": "2017-05-31T21:33:27.018782Z", + "modified": "2017-05-31T21:33:27.018Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v21/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json b/stix2/test/v21/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json index d0a2a50..6d73f52 100644 --- a/stix2/test/v21/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json +++ b/stix2/test/v21/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json @@ -2,10 +2,10 @@ "id": "bundle--6d5b04a8-efb2-4179-990e-74f1dcc76e0c", "objects": [ { - "created": "2017-05-31T21:33:27.100701Z", + "created": "2017-05-31T21:33:27.100Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e", - "modified": "2017-05-31T21:33:27.100701Z", + "modified": "2017-05-31T21:33:27.100Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v21/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json b/stix2/test/v21/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json index 0ff1d5a..5d4594c 100644 --- a/stix2/test/v21/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json +++ b/stix2/test/v21/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json @@ -2,10 +2,10 @@ "id": "bundle--a7efc025-040d-49c7-bf97-e5a1120ecacc", "objects": [ { - "created": "2017-05-31T21:33:27.143973Z", + "created": "2017-05-31T21:33:27.143Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1", - "modified": "2017-05-31T21:33:27.143973Z", + "modified": "2017-05-31T21:33:27.143Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v21/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json b/stix2/test/v21/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json index 640be0c..c18ade2 100644 --- a/stix2/test/v21/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json +++ b/stix2/test/v21/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json @@ -2,10 +2,10 @@ "id": "bundle--9f013d47-7704-41c2-9749-23d0d94af94d", "objects": [ { - "created": "2017-05-31T21:33:27.021562Z", + "created": "2017-05-31T21:33:27.021Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--592d0c31-e61f-495e-a60e-70d7be59a719", - "modified": "2017-05-31T21:33:27.021562Z", + "modified": "2017-05-31T21:33:27.021Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v21/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json b/stix2/test/v21/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json index 41be9df..d7a1fc2 100644 --- a/stix2/test/v21/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json +++ b/stix2/test/v21/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json @@ -2,10 +2,10 @@ "id": "bundle--15167b24-4cee-4c96-a140-32a6c37df4b4", "objects": [ { - "created": "2017-05-31T21:33:27.044387Z", + "created": "2017-05-31T21:33:27.044Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1", - "modified": "2017-05-31T21:33:27.044387Z", + "modified": "2017-05-31T21:33:27.044Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v21/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json b/stix2/test/v21/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json index ce33f67..f406224 100644 --- a/stix2/test/v21/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json +++ b/stix2/test/v21/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json @@ -2,10 +2,10 @@ "id": "bundle--ff845dca-7036-416f-aae0-95030994c49f", "objects": [ { - "created": "2017-05-31T21:33:27.051532Z", + "created": "2017-05-31T21:33:27.051Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--8797579b-e3be-4209-a71b-255a4d08243d", - "modified": "2017-05-31T21:33:27.051532Z", + "modified": "2017-05-31T21:33:27.051Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v21/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json b/stix2/test/v21/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json index 103e8ec..a8a9455 100644 --- a/stix2/test/v21/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json +++ b/stix2/test/v21/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json @@ -2,7 +2,7 @@ "id": "bundle--d8826afc-1561-4362-a4e3-05a4c2c3ac3c", "objects": [ { - "created": "2017-05-31T21:32:31.601148Z", + "created": "2017-05-31T21:32:31.601Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "The Net utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections.Net has a great deal of functionality,[[Citation: Savill 1999]] much of which is useful for an adversary, such as gathering system and network information for [[Discovery]], moving laterally through [[Windows admin shares]] using net use commands, and interacting with services.\n\nAliases: Net, net.exe", "external_references": [ @@ -26,7 +26,7 @@ "tool_types": [ "tool" ], - "modified": "2017-05-31T21:32:31.601148Z", + "modified": "2017-05-31T21:32:31.601Z", "name": "Net", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json b/stix2/test/v21/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json index 32ea7ba..b3c9451 100644 --- a/stix2/test/v21/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json +++ b/stix2/test/v21/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json @@ -2,7 +2,7 @@ "id": "bundle--7dbde18f-6f14-4bf0-8389-505c89d6d5a6", "objects": [ { - "created": "2017-05-31T21:32:12.684914Z", + "created": "2017-05-31T21:32:12.684Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Windows Credential Editor is a password dumping tool.[[Citation: Amplia WCE]]\n\nAliases: Windows Credential Editor, WCE", "external_references": [ @@ -21,7 +21,7 @@ "tool_types": [ "tool" ], - "modified": "2017-05-31T21:32:12.684914Z", + "modified": "2017-05-31T21:32:12.684Z", "name": "Windows Credential Editor", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" From dda8a7f724e172fdff63fdecfe935c0ee639544a Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Tue, 22 Jan 2019 10:05:22 -0500 Subject: [PATCH 02/10] Add two tests to ensure millisecond precision is used in timestamps irrespective of user-provided precision --- stix2/test/v21/test_attack_pattern.py | 37 ++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/stix2/test/v21/test_attack_pattern.py b/stix2/test/v21/test_attack_pattern.py index 9c13a12..1d6649b 100644 --- a/stix2/test/v21/test_attack_pattern.py +++ b/stix2/test/v21/test_attack_pattern.py @@ -5,8 +5,6 @@ import pytz import stix2 -from .constants import ATTACK_PATTERN_ID - EXPECTED = """{ "type": "attack-pattern", "spec_version": "2.1", @@ -65,7 +63,7 @@ def test_parse_attack_pattern(data): assert ap.type == 'attack-pattern' assert ap.spec_version == '2.1' - assert ap.id == ATTACK_PATTERN_ID + assert ap.id == "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061" assert ap.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert ap.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert ap.description == "..." @@ -84,4 +82,37 @@ def test_attack_pattern_invalid_labels(): labels=1, ) + +def test_overly_precise_timestamps(): + ap = stix2.v21.AttackPattern( + id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + created="2016-05-12T08:17:27.0000342Z", + modified="2016-05-12T08:17:27.000287Z", + name="Spear Phishing", + external_references=[{ + "source_name": "capec", + "external_id": "CAPEC-163", + }], + description="...", + ) + + assert str(ap) == EXPECTED + + +def test_less_precise_timestamps(): + ap = stix2.v21.AttackPattern( + id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + created="2016-05-12T08:17:27.00Z", + modified="2016-05-12T08:17:27.0Z", + name="Spear Phishing", + external_references=[{ + "source_name": "capec", + "external_id": "CAPEC-163", + }], + description="...", + ) + + assert str(ap) == EXPECTED + + # TODO: Add other examples From f59db77352acdb3829c9a3b1849d85dde6b9644b Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Tue, 22 Jan 2019 12:42:47 -0500 Subject: [PATCH 03/10] Update v21 tests and add them to v20 test suite --- stix2/test/v20/test_attack_pattern.py | 38 ++++++++++++++++++++++++--- stix2/test/v21/test_attack_pattern.py | 14 +++++----- 2 files changed, 43 insertions(+), 9 deletions(-) diff --git a/stix2/test/v20/test_attack_pattern.py b/stix2/test/v20/test_attack_pattern.py index f071d3a..caeb46e 100644 --- a/stix2/test/v20/test_attack_pattern.py +++ b/stix2/test/v20/test_attack_pattern.py @@ -25,7 +25,7 @@ EXPECTED = """{ def test_attack_pattern_example(): ap = stix2.v20.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27.000Z", modified="2016-05-12T08:17:27.000Z", name="Spear Phishing", @@ -44,7 +44,7 @@ def test_attack_pattern_example(): EXPECTED, { "type": "attack-pattern", - "id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "id": ATTACK_PATTERN_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "description": "...", @@ -74,11 +74,43 @@ def test_parse_attack_pattern(data): def test_attack_pattern_invalid_labels(): with pytest.raises(stix2.exceptions.InvalidValueError): stix2.v20.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27Z", modified="2016-05-12T08:17:27Z", name="Spear Phishing", labels=1, ) + +def test_overly_precise_timestamps(): + ap = stix2.v21.AttackPattern( + id=ATTACK_PATTERN_ID, + created="2016-05-12T08:17:27.0000342Z", + modified="2016-05-12T08:17:27.000287Z", + name="Spear Phishing", + external_references=[{ + "source_name": "capec", + "external_id": "CAPEC-163", + }], + description="...", + ) + + assert str(ap) == EXPECTED + + +def test_less_precise_timestamps(): + ap = stix2.v21.AttackPattern( + id=ATTACK_PATTERN_ID, + created="2016-05-12T08:17:27.00Z", + modified="2016-05-12T08:17:27.0Z", + name="Spear Phishing", + external_references=[{ + "source_name": "capec", + "external_id": "CAPEC-163", + }], + description="...", + ) + + assert str(ap) == EXPECTED + # TODO: Add other examples diff --git a/stix2/test/v21/test_attack_pattern.py b/stix2/test/v21/test_attack_pattern.py index 1d6649b..165581c 100644 --- a/stix2/test/v21/test_attack_pattern.py +++ b/stix2/test/v21/test_attack_pattern.py @@ -5,6 +5,8 @@ import pytz import stix2 +from .constants import ATTACK_PATTERN_ID + EXPECTED = """{ "type": "attack-pattern", "spec_version": "2.1", @@ -24,7 +26,7 @@ EXPECTED = """{ def test_attack_pattern_example(): ap = stix2.v21.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27.000Z", modified="2016-05-12T08:17:27.000Z", name="Spear Phishing", @@ -44,7 +46,7 @@ def test_attack_pattern_example(): { "type": "attack-pattern", "spec_version": "2.1", - "id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "id": ATTACK_PATTERN_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "description": "...", @@ -63,7 +65,7 @@ def test_parse_attack_pattern(data): assert ap.type == 'attack-pattern' assert ap.spec_version == '2.1' - assert ap.id == "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061" + assert ap.id == ATTACK_PATTERN_ID assert ap.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert ap.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert ap.description == "..." @@ -75,7 +77,7 @@ def test_parse_attack_pattern(data): def test_attack_pattern_invalid_labels(): with pytest.raises(stix2.exceptions.InvalidValueError): stix2.v21.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27Z", modified="2016-05-12T08:17:27Z", name="Spear Phishing", @@ -85,7 +87,7 @@ def test_attack_pattern_invalid_labels(): def test_overly_precise_timestamps(): ap = stix2.v21.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27.0000342Z", modified="2016-05-12T08:17:27.000287Z", name="Spear Phishing", @@ -101,7 +103,7 @@ def test_overly_precise_timestamps(): def test_less_precise_timestamps(): ap = stix2.v21.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27.00Z", modified="2016-05-12T08:17:27.0Z", name="Spear Phishing", From 59ec498fa08ee027814873629c4eec2433f40171 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Tue, 22 Jan 2019 12:55:19 -0500 Subject: [PATCH 04/10] Fix test cases in v20 --- stix2/test/v20/test_attack_pattern.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stix2/test/v20/test_attack_pattern.py b/stix2/test/v20/test_attack_pattern.py index caeb46e..8d35e52 100644 --- a/stix2/test/v20/test_attack_pattern.py +++ b/stix2/test/v20/test_attack_pattern.py @@ -83,7 +83,7 @@ def test_attack_pattern_invalid_labels(): def test_overly_precise_timestamps(): - ap = stix2.v21.AttackPattern( + ap = stix2.v20.AttackPattern( id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27.0000342Z", modified="2016-05-12T08:17:27.000287Z", @@ -99,7 +99,7 @@ def test_overly_precise_timestamps(): def test_less_precise_timestamps(): - ap = stix2.v21.AttackPattern( + ap = stix2.v20.AttackPattern( id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27.00Z", modified="2016-05-12T08:17:27.0Z", From 5fb69e1d44a38c5f5b4281708326eebf67aefe35 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Tue, 22 Jan 2019 21:25:09 -0500 Subject: [PATCH 05/10] Start updating test suites to fix issue 245 --- stix2/test/v20/test_attack_pattern.py | 6 +++--- stix2/test/v20/test_campaign.py | 13 +++---------- stix2/test/v20/test_course_of_action.py | 2 +- stix2/test/v20/test_identity.py | 4 ++-- stix2/test/v21/test_attack_pattern.py | 6 +++--- 5 files changed, 12 insertions(+), 19 deletions(-) diff --git a/stix2/test/v20/test_attack_pattern.py b/stix2/test/v20/test_attack_pattern.py index f071d3a..be291c5 100644 --- a/stix2/test/v20/test_attack_pattern.py +++ b/stix2/test/v20/test_attack_pattern.py @@ -25,7 +25,7 @@ EXPECTED = """{ def test_attack_pattern_example(): ap = stix2.v20.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27.000Z", modified="2016-05-12T08:17:27.000Z", name="Spear Phishing", @@ -44,7 +44,7 @@ def test_attack_pattern_example(): EXPECTED, { "type": "attack-pattern", - "id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "id": ATTACK_PATTERN_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "description": "...", @@ -74,7 +74,7 @@ def test_parse_attack_pattern(data): def test_attack_pattern_invalid_labels(): with pytest.raises(stix2.exceptions.InvalidValueError): stix2.v20.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27Z", modified="2016-05-12T08:17:27Z", name="Spear Phishing", diff --git a/stix2/test/v20/test_campaign.py b/stix2/test/v20/test_campaign.py index 57dbfd2..746d560 100644 --- a/stix2/test/v20/test_campaign.py +++ b/stix2/test/v20/test_campaign.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import CAMPAIGN_ID +from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS EXPECTED = """{ "type": "campaign", @@ -19,14 +19,7 @@ EXPECTED = """{ def test_campaign_example(): - campaign = stix2.v20.Campaign( - id="campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", - created="2016-04-06T20:03:00Z", - modified="2016-04-06T20:03:00Z", - name="Green Group Attacks Against Finance", - description="Campaign by Green Group against a series of targets in the financial services sector.", - ) + campaign = stix2.v20.Campaign(**CAMPAIGN_MORE_KWARGS) assert str(campaign) == EXPECTED @@ -36,7 +29,7 @@ def test_campaign_example(): EXPECTED, { "type": "campaign", - "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + "id": CAMPAIGN_ID, "created": "2016-04-06T20:03:00Z", "modified": "2016-04-06T20:03:00Z", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", diff --git a/stix2/test/v20/test_course_of_action.py b/stix2/test/v20/test_course_of_action.py index d1c0fb7..3064e26 100644 --- a/stix2/test/v20/test_course_of_action.py +++ b/stix2/test/v20/test_course_of_action.py @@ -20,7 +20,7 @@ EXPECTED = """{ def test_course_of_action_example(): coa = stix2.v20.CourseOfAction( - id="course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + id=COURSE_OF_ACTION_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", diff --git a/stix2/test/v20/test_identity.py b/stix2/test/v20/test_identity.py index 4a88a8a..750c6f2 100644 --- a/stix2/test/v20/test_identity.py +++ b/stix2/test/v20/test_identity.py @@ -19,7 +19,7 @@ EXPECTED = """{ def test_identity_example(): identity = stix2.v20.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="John Smith", @@ -34,7 +34,7 @@ def test_identity_example(): EXPECTED, { "created": "2015-12-21T19:59:11.000Z", - "id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + "id": IDENTITY_ID, "identity_class": "individual", "modified": "2015-12-21T19:59:11.000Z", "name": "John Smith", diff --git a/stix2/test/v21/test_attack_pattern.py b/stix2/test/v21/test_attack_pattern.py index 9c13a12..f0e88ee 100644 --- a/stix2/test/v21/test_attack_pattern.py +++ b/stix2/test/v21/test_attack_pattern.py @@ -26,7 +26,7 @@ EXPECTED = """{ def test_attack_pattern_example(): ap = stix2.v21.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27.000Z", modified="2016-05-12T08:17:27.000Z", name="Spear Phishing", @@ -46,7 +46,7 @@ def test_attack_pattern_example(): { "type": "attack-pattern", "spec_version": "2.1", - "id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "id": ATTACK_PATTERN_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "description": "...", @@ -77,7 +77,7 @@ def test_parse_attack_pattern(data): def test_attack_pattern_invalid_labels(): with pytest.raises(stix2.exceptions.InvalidValueError): stix2.v21.AttackPattern( - id="attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=ATTACK_PATTERN_ID, created="2016-05-12T08:17:27Z", modified="2016-05-12T08:17:27Z", name="Spear Phishing", From 9941014f3a7f6448081bdf32d309eebe0e784133 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Tue, 22 Jan 2019 23:07:20 -0500 Subject: [PATCH 06/10] Update v20 test suite to fix issue 245 --- stix2/test/v20/constants.py | 1 + stix2/test/v20/test_bundle.py | 4 ++- stix2/test/v20/test_campaign.py | 4 +-- stix2/test/v20/test_core.py | 6 +++-- stix2/test/v20/test_course_of_action.py | 10 ++++---- stix2/test/v20/test_datastore_filters.py | 6 +++-- stix2/test/v20/test_indicator.py | 2 +- stix2/test/v20/test_intrusion_set.py | 10 ++++---- stix2/test/v20/test_malware.py | 2 +- stix2/test/v20/test_markings.py | 32 +++++++++++++----------- stix2/test/v20/test_observed_data.py | 32 ++++++++++++------------ stix2/test/v20/test_relationship.py | 12 ++++----- stix2/test/v20/test_report.py | 8 +++--- stix2/test/v20/test_sighting.py | 4 +-- stix2/test/v20/test_threat_actor.py | 18 ++++++------- stix2/test/v20/test_tool.py | 24 ++++++++---------- stix2/test/v20/test_utils.py | 4 ++- stix2/test/v20/test_vulnerability.py | 4 +-- 18 files changed, 95 insertions(+), 88 deletions(-) diff --git a/stix2/test/v20/constants.py b/stix2/test/v20/constants.py index 8d439f1..1baeb25 100644 --- a/stix2/test/v20/constants.py +++ b/stix2/test/v20/constants.py @@ -8,6 +8,7 @@ ATTACK_PATTERN_ID = "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061" CAMPAIGN_ID = "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" COURSE_OF_ACTION_ID = "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" IDENTITY_ID = "identity--311b2d2d-f010-4473-83ec-1edf84858f4c" +IDENTITY_ALT_ID = "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" INDICATOR_ID = "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" INTRUSION_SET_ID = "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29" MALWARE_ID = "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" diff --git a/stix2/test/v20/test_bundle.py b/stix2/test/v20/test_bundle.py index 907f632..1a135ac 100644 --- a/stix2/test/v20/test_bundle.py +++ b/stix2/test/v20/test_bundle.py @@ -4,6 +4,8 @@ import pytest import stix2 +from .constants import IDENTITY_ALT_ID + EXPECTED_BUNDLE = """{ "type": "bundle", "id": "bundle--00000000-0000-4000-8000-000000000007", @@ -185,7 +187,7 @@ def test_parse_unknown_type(): "id": "other--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created": "2016-04-06T20:03:00Z", "modified": "2016-04-06T20:03:00Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ALT_ID, "description": "Campaign by Green Group against a series of targets in the financial services sector.", "name": "Green Group Attacks Against Finance", } diff --git a/stix2/test/v20/test_campaign.py b/stix2/test/v20/test_campaign.py index 746d560..0ccfd37 100644 --- a/stix2/test/v20/test_campaign.py +++ b/stix2/test/v20/test_campaign.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS +from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS, IDENTITY_ALT_ID EXPECTED = """{ "type": "campaign", @@ -45,7 +45,7 @@ def test_parse_campaign(data): assert cmpn.id == CAMPAIGN_ID assert cmpn.created == dt.datetime(2016, 4, 6, 20, 3, 0, tzinfo=pytz.utc) assert cmpn.modified == dt.datetime(2016, 4, 6, 20, 3, 0, tzinfo=pytz.utc) - assert cmpn.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert cmpn.created_by_ref == IDENTITY_ALT_ID assert cmpn.description == "Campaign by Green Group against a series of targets in the financial services sector." assert cmpn.name == "Green Group Attacks Against Finance" diff --git a/stix2/test/v20/test_core.py b/stix2/test/v20/test_core.py index 017344f..e9ec399 100644 --- a/stix2/test/v20/test_core.py +++ b/stix2/test/v20/test_core.py @@ -3,6 +3,8 @@ import pytest import stix2 from stix2 import core, exceptions +from .constants import IDENTITY_ALT_ID + BUNDLE = { "type": "bundle", "spec_version": "2.0", @@ -96,7 +98,7 @@ def test_register_marking_with_no_version(): def test_register_observable_with_version(): observed_data = stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -134,7 +136,7 @@ def test_register_observable_with_version(): def test_register_observable_extension_with_version(): observed_data = stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_course_of_action.py b/stix2/test/v20/test_course_of_action.py index 3064e26..b247fe2 100644 --- a/stix2/test/v20/test_course_of_action.py +++ b/stix2/test/v20/test_course_of_action.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import COURSE_OF_ACTION_ID +from .constants import COURSE_OF_ACTION_ID, IDENTITY_ALT_ID EXPECTED = """{ "type": "course-of-action", @@ -21,7 +21,7 @@ EXPECTED = """{ def test_course_of_action_example(): coa = stix2.v20.CourseOfAction( id=COURSE_OF_ACTION_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", @@ -36,9 +36,9 @@ def test_course_of_action_example(): EXPECTED, { "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ALT_ID, "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ...", - "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + "id": COURSE_OF_ACTION_ID, "modified": "2016-04-06T20:03:48.000Z", "name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", "type": "course-of-action", @@ -52,7 +52,7 @@ def test_parse_course_of_action(data): assert coa.id == COURSE_OF_ACTION_ID assert coa.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert coa.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert coa.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert coa.created_by_ref == IDENTITY_ALT_ID assert coa.description == "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..." assert coa.name == "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter" diff --git a/stix2/test/v20/test_datastore_filters.py b/stix2/test/v20/test_datastore_filters.py index c5d26c1..415109a 100644 --- a/stix2/test/v20/test_datastore_filters.py +++ b/stix2/test/v20/test_datastore_filters.py @@ -4,6 +4,8 @@ from stix2 import parse from stix2.datastore.filters import Filter, apply_common_filters from stix2.utils import STIXdatetime, parse_into_datetime +from .constants import IDENTITY_ALT_ID + stix_objs = [ { "created": "2017-01-27T13:49:53.997Z", @@ -68,7 +70,7 @@ stix_objs = [ { "type": "observed-data", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ALT_ID, "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", "first_observed": "2015-12-21T19:00:00Z", @@ -439,7 +441,7 @@ def test_filters7(stix_objs2, real_stix_objs2): obsvd_data_obj = { "type": "observed-data", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ALT_ID, "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", "first_observed": "2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_indicator.py b/stix2/test/v20/test_indicator.py index f8c3a91..0d062bd 100644 --- a/stix2/test/v20/test_indicator.py +++ b/stix2/test/v20/test_indicator.py @@ -153,7 +153,7 @@ def test_created_modified_time_are_identical_by_default(): EXPECTED_INDICATOR, { "type": "indicator", - "id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", + "id": INDICATOR_ID, "created": "2017-01-01T00:00:01Z", "modified": "2017-01-01T00:00:01Z", "labels": [ diff --git a/stix2/test/v20/test_intrusion_set.py b/stix2/test/v20/test_intrusion_set.py index bf4a7d5..8dbff0d 100644 --- a/stix2/test/v20/test_intrusion_set.py +++ b/stix2/test/v20/test_intrusion_set.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import INTRUSION_SET_ID +from .constants import IDENTITY_ALT_ID, INTRUSION_SET_ID EXPECTED = """{ "type": "intrusion-set", @@ -28,8 +28,8 @@ EXPECTED = """{ def test_intrusion_set_example(): intrusion_set = stix2.v20.IntrusionSet( - id="intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=INTRUSION_SET_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Bobcat Breakin", @@ -49,14 +49,14 @@ def test_intrusion_set_example(): "Zookeeper", ], "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ALT_ID, "description": "Incidents usually feature a shared TTP of a bobcat being released...", "goals": [ "acquisition-theft", "harassment", "damage", ], - "id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29", + "id": INTRUSION_SET_ID, "modified": "2016-04-06T20:03:48.000Z", "name": "Bobcat Breakin", "type": "intrusion-set", diff --git a/stix2/test/v20/test_malware.py b/stix2/test/v20/test_malware.py index 844c7d9..d0c6d7e 100644 --- a/stix2/test/v20/test_malware.py +++ b/stix2/test/v20/test_malware.py @@ -108,7 +108,7 @@ def test_invalid_kwarg_to_malware(): EXPECTED_MALWARE, { "type": "malware", - "id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", + "id": MALWARE_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "labels": ["ransomware"], diff --git a/stix2/test/v20/test_markings.py b/stix2/test/v20/test_markings.py index cbf1f5b..d011959 100644 --- a/stix2/test/v20/test_markings.py +++ b/stix2/test/v20/test_markings.py @@ -6,7 +6,7 @@ import pytz import stix2 from stix2.v20 import TLP_WHITE -from .constants import MARKING_DEFINITION_ID +from .constants import CAMPAIGN_ID, MARKING_DEFINITION_ID EXPECTED_TLP_MARKING_DEFINITION = """{ "type": "marking-definition", @@ -76,7 +76,7 @@ def test_marking_def_example_with_tlp(): def test_marking_def_example_with_statement_positional_argument(): marking_definition = stix2.v20.MarkingDefinition( - id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + id=MARKING_DEFINITION_ID, created="2017-01-20T00:00:00.000Z", definition_type="statement", definition=stix2.v20.StatementMarking(statement="Copyright 2016, Example Corp"), @@ -88,7 +88,7 @@ def test_marking_def_example_with_statement_positional_argument(): def test_marking_def_example_with_kwargs_statement(): kwargs = dict(statement="Copyright 2016, Example Corp") marking_definition = stix2.v20.MarkingDefinition( - id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + id=MARKING_DEFINITION_ID, created="2017-01-20T00:00:00.000Z", definition_type="statement", definition=stix2.v20.StatementMarking(**kwargs), @@ -100,7 +100,7 @@ def test_marking_def_example_with_kwargs_statement(): def test_marking_def_invalid_type(): with pytest.raises(ValueError): stix2.v20.MarkingDefinition( - id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + id=MARKING_DEFINITION_ID, created="2017-01-20T00:00:00.000Z", definition_type="my-definition-type", definition=stix2.v20.StatementMarking("Copyright 2016, Example Corp"), @@ -109,10 +109,11 @@ def test_marking_def_invalid_type(): def test_campaign_with_markings_example(): campaign = stix2.v20.Campaign( - id="campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + type='campaign', + id=CAMPAIGN_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", - created="2016-04-06T20:03:00Z", - modified="2016-04-06T20:03:00Z", + created="2016-04-06T20:03:00.000Z", + modified="2016-04-06T20:03:00.000Z", name="Green Group Attacks Against Finance", description="Campaign by Green Group against a series of targets in the financial services sector.", object_marking_refs=TLP_WHITE, @@ -122,7 +123,7 @@ def test_campaign_with_markings_example(): def test_granular_example(): granular_marking = stix2.v20.GranularMarking( - marking_ref="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + marking_ref=MARKING_DEFINITION_ID, selectors=["abc", "abc.[23]", "abc.def", "abc.[2].efg"], ) @@ -132,7 +133,7 @@ def test_granular_example(): def test_granular_example_with_bad_selector(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.GranularMarking( - marking_ref="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + marking_ref=MARKING_DEFINITION_ID, selectors=["abc[0]"], # missing "." ) @@ -144,15 +145,16 @@ def test_granular_example_with_bad_selector(): def test_campaign_with_granular_markings_example(): campaign = stix2.v20.Campaign( - id="campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + type='campaign', + id=CAMPAIGN_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", - created="2016-04-06T20:03:00Z", - modified="2016-04-06T20:03:00Z", + created="2016-04-06T20:03:00.000Z", + modified="2016-04-06T20:03:00.000Z", name="Green Group Attacks Against Finance", description="Campaign by Green Group against a series of targets in the financial services sector.", granular_markings=[ stix2.v20.GranularMarking( - marking_ref="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + marking_ref=MARKING_DEFINITION_ID, selectors=["description"], ), ], @@ -164,7 +166,7 @@ def test_campaign_with_granular_markings_example(): "data", [ EXPECTED_TLP_MARKING_DEFINITION, { - "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + "id": MARKING_DEFINITION_ID, "type": "marking-definition", "created": "2017-01-20T00:00:00Z", "definition": { @@ -258,7 +260,7 @@ def test_marking_wrong_type_construction(): def test_campaign_add_markings(): campaign = stix2.v20.Campaign( - id="campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + id=CAMPAIGN_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:00Z", modified="2016-04-06T20:03:00Z", diff --git a/stix2/test/v20/test_observed_data.py b/stix2/test/v20/test_observed_data.py index c186361..d30a407 100644 --- a/stix2/test/v20/test_observed_data.py +++ b/stix2/test/v20/test_observed_data.py @@ -6,7 +6,7 @@ import pytz import stix2 -from .constants import OBSERVED_DATA_ID +from .constants import IDENTITY_ALT_ID, OBSERVED_DATA_ID OBJECTS_REGEX = re.compile('\"objects\": {(?:.*?)(?:(?:[^{]*?)|(?:{[^{]*?}))*}', re.DOTALL) @@ -31,8 +31,8 @@ EXPECTED = """{ def test_observed_data_example(): observed_data = stix2.v20.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=OBSERVED_DATA_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -76,8 +76,8 @@ EXPECTED_WITH_REF = """{ def test_observed_data_example_with_refs(): observed_data = stix2.v20.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=OBSERVED_DATA_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -102,8 +102,8 @@ def test_observed_data_example_with_refs(): def test_observed_data_example_with_bad_refs(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=OBSERVED_DATA_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -130,8 +130,8 @@ def test_observed_data_example_with_bad_refs(): def test_observed_data_example_with_non_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=OBSERVED_DATA_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -148,8 +148,8 @@ def test_observed_data_example_with_non_dictionary(): def test_observed_data_example_with_empty_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=OBSERVED_DATA_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -168,9 +168,9 @@ def test_observed_data_example_with_empty_dictionary(): EXPECTED, { "type": "observed-data", - "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + "id": OBSERVED_DATA_ID, "created": "2016-04-06T19:58:16.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ALT_ID, "first_observed": "2015-12-21T19:00:00Z", "last_observed": "2015-12-21T19:00:00Z", "modified": "2016-04-06T19:58:16.000Z", @@ -193,7 +193,7 @@ def test_parse_observed_data(data): assert odata.modified == dt.datetime(2016, 4, 6, 19, 58, 16, tzinfo=pytz.utc) assert odata.first_observed == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert odata.last_observed == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) - assert odata.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert odata.created_by_ref == IDENTITY_ALT_ID assert odata.objects["0"].type == "file" @@ -563,8 +563,8 @@ EXPECTED_PROCESS_OD = """{ def test_observed_data_with_process_example(): observed_data = stix2.v20.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=OBSERVED_DATA_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_relationship.py b/stix2/test/v20/test_relationship.py index 4dc1de8..a0fccf4 100644 --- a/stix2/test/v20/test_relationship.py +++ b/stix2/test/v20/test_relationship.py @@ -142,12 +142,12 @@ def test_create_relationship_with_positional_args(indicator, malware): EXPECTED_RELATIONSHIP, { "created": "2016-04-06T20:06:37Z", - "id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301", + "id": RELATIONSHIP_ID, "modified": "2016-04-06T20:06:37Z", - "relationship_type": "indicates", - "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", - "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", "type": "relationship", + "relationship_type": "indicates", + "source_ref": INDICATOR_ID, + "target_ref": MALWARE_ID, }, ], ) @@ -159,5 +159,5 @@ def test_parse_relationship(data): assert rel.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert rel.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert rel.relationship_type == "indicates" - assert rel.source_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" - assert rel.target_ref == "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" + assert rel.source_ref == INDICATOR_ID + assert rel.target_ref == MALWARE_ID diff --git a/stix2/test/v20/test_report.py b/stix2/test/v20/test_report.py index 072fc95..49fc5ac 100644 --- a/stix2/test/v20/test_report.py +++ b/stix2/test/v20/test_report.py @@ -29,7 +29,7 @@ EXPECTED = """{ def test_report_example(): report = stix2.v20.Report( - id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", + id=REPORT_ID, created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", @@ -49,7 +49,7 @@ def test_report_example(): def test_report_example_objects_in_object_refs(): report = stix2.v20.Report( - id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", + id=REPORT_ID, created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", @@ -70,7 +70,7 @@ def test_report_example_objects_in_object_refs(): def test_report_example_objects_in_object_refs_with_bad_id(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.Report( - id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", + id=REPORT_ID, created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", @@ -98,7 +98,7 @@ def test_report_example_objects_in_object_refs_with_bad_id(): "created": "2015-12-21T19:59:11.000Z", "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", "description": "A simple report with an indicator and campaign", - "id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", + "id": REPORT_ID, "labels": [ "campaign", ], diff --git a/stix2/test/v20/test_sighting.py b/stix2/test/v20/test_sighting.py index e93ca7e..e0c9b3b 100644 --- a/stix2/test/v20/test_sighting.py +++ b/stix2/test/v20/test_sighting.py @@ -94,7 +94,7 @@ def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811 EXPECTED_SIGHTING, { "created": "2016-04-06T20:06:37Z", - "id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb", + "id": SIGHTING_ID, "modified": "2016-04-06T20:06:37Z", "sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "type": "sighting", @@ -111,5 +111,5 @@ def test_parse_sighting(data): assert sighting.id == SIGHTING_ID assert sighting.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert sighting.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) - assert sighting.sighting_of_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" + assert sighting.sighting_of_ref == INDICATOR_ID assert sighting.where_sighted_refs == ["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"] diff --git a/stix2/test/v20/test_threat_actor.py b/stix2/test/v20/test_threat_actor.py index f7ef843..d8b73fc 100644 --- a/stix2/test/v20/test_threat_actor.py +++ b/stix2/test/v20/test_threat_actor.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import THREAT_ACTOR_ID +from .constants import IDENTITY_ALT_ID, THREAT_ACTOR_ID EXPECTED = """{ "type": "threat-actor", @@ -23,13 +23,13 @@ EXPECTED = """{ def test_threat_actor_example(): threat_actor = stix2.v20.ThreatActor( - id="threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=THREAT_ACTOR_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", - name="Evil Org", description="The Evil Org threat actor group", labels=["crime-syndicate"], + name="Evil Org", ) assert str(threat_actor) == EXPECTED @@ -40,13 +40,11 @@ def test_threat_actor_example(): EXPECTED, { "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ALT_ID, "description": "The Evil Org threat actor group", - "id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "labels": [ - "crime-syndicate", - ], + "id": THREAT_ACTOR_ID, "modified": "2016-04-06T20:03:48.000Z", + "labels": ["crime-syndicate"], "name": "Evil Org", "type": "threat-actor", }, @@ -59,7 +57,7 @@ def test_parse_threat_actor(data): assert actor.id == THREAT_ACTOR_ID assert actor.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert actor.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert actor.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert actor.created_by_ref == IDENTITY_ALT_ID assert actor.description == "The Evil Org threat actor group" assert actor.name == "Evil Org" assert actor.labels == ["crime-syndicate"] diff --git a/stix2/test/v20/test_tool.py b/stix2/test/v20/test_tool.py index e0c7082..be44a32 100644 --- a/stix2/test/v20/test_tool.py +++ b/stix2/test/v20/test_tool.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import TOOL_ID +from .constants import IDENTITY_ALT_ID, TOOL_ID EXPECTED = """{ "type": "tool", @@ -35,12 +35,12 @@ EXPECTED_WITH_REVOKED = """{ def test_tool_example(): tool = stix2.v20.Tool( - id="tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=TOOL_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", - name="VNC", labels=["remote-access"], + name="VNC", ) assert str(tool) == EXPECTED @@ -51,12 +51,10 @@ def test_tool_example(): EXPECTED, { "created": "2016-04-06T20:03:48Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", - "id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "labels": [ - "remote-access", - ], + "created_by_ref": IDENTITY_ALT_ID, + "id": TOOL_ID, "modified": "2016-04-06T20:03:48Z", + "labels": ["remote-access"], "name": "VNC", "type": "tool", }, @@ -69,7 +67,7 @@ def test_parse_tool(data): assert tool.id == TOOL_ID assert tool.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert tool.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert tool.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert tool.created_by_ref == IDENTITY_ALT_ID assert tool.labels == ["remote-access"] assert tool.name == "VNC" @@ -82,12 +80,12 @@ def test_tool_no_workbench_wrappers(): def test_tool_serialize_with_defaults(): tool = stix2.v20.Tool( - id="tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + id=TOOL_ID, + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", - name="VNC", labels=["remote-access"], + name="VNC", ) assert tool.serialize(pretty=True, include_optional_defaults=True) == EXPECTED_WITH_REVOKED diff --git a/stix2/test/v20/test_utils.py b/stix2/test/v20/test_utils.py index 1aa85b1..30872d5 100644 --- a/stix2/test/v20/test_utils.py +++ b/stix2/test/v20/test_utils.py @@ -8,6 +8,8 @@ import pytz import stix2.utils +from .constants import IDENTITY_ALT_ID + amsterdam = pytz.timezone('Europe/Amsterdam') eastern = pytz.timezone('US/Eastern') @@ -123,7 +125,7 @@ def test_deduplicate(stix_objs1): ( stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ALT_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_vulnerability.py b/stix2/test/v20/test_vulnerability.py index 7ce05ef..5a69d82 100644 --- a/stix2/test/v20/test_vulnerability.py +++ b/stix2/test/v20/test_vulnerability.py @@ -24,7 +24,7 @@ EXPECTED = """{ def test_vulnerability_example(): vulnerability = stix2.v20.Vulnerability( - id="vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=VULNERABILITY_ID, created="2016-05-12T08:17:27.000Z", modified="2016-05-12T08:17:27.000Z", name="CVE-2016-1234", @@ -50,7 +50,7 @@ def test_vulnerability_example(): "source_name": "cve", }, ], - "id": "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "id": VULNERABILITY_ID, "modified": "2016-05-12T08:17:27Z", "name": "CVE-2016-1234", "type": "vulnerability", From cdac66c04dbec3c67709e9de8630d50bcc1c8bd9 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Wed, 23 Jan 2019 10:56:20 -0500 Subject: [PATCH 07/10] Update v21 test suite. Fixes #245 --- stix2/test/v20/constants.py | 1 - stix2/test/v20/test_bundle.py | 4 +--- stix2/test/v20/test_campaign.py | 4 ++-- stix2/test/v20/test_core.py | 6 ++---- stix2/test/v20/test_course_of_action.py | 8 ++++---- stix2/test/v20/test_datastore_filters.py | 6 ++---- stix2/test/v20/test_intrusion_set.py | 6 +++--- stix2/test/v20/test_observed_data.py | 18 +++++++++--------- stix2/test/v20/test_threat_actor.py | 8 ++++---- stix2/test/v20/test_tool.py | 10 +++++----- stix2/test/v20/test_utils.py | 4 +--- stix2/test/v21/test_campaign.py | 11 +++-------- stix2/test/v21/test_core.py | 6 ++++-- stix2/test/v21/test_course_of_action.py | 4 ++-- stix2/test/v21/test_custom.py | 16 ++++++++-------- stix2/test/v21/test_datastore_filters.py | 6 ++++-- stix2/test/v21/test_identity.py | 4 ++-- stix2/test/v21/test_indicator.py | 2 +- stix2/test/v21/test_intrusion_set.py | 4 ++-- stix2/test/v21/test_location.py | 24 ++++++++++++------------ stix2/test/v21/test_malware.py | 2 +- stix2/test/v21/test_markings.py | 14 +++++++------- stix2/test/v21/test_note.py | 4 ++-- stix2/test/v21/test_observed_data.py | 14 +++++++------- stix2/test/v21/test_opinion.py | 2 +- stix2/test/v21/test_relationship.py | 16 ++++++++-------- stix2/test/v21/test_report.py | 8 ++++---- stix2/test/v21/test_sighting.py | 4 ++-- stix2/test/v21/test_threat_actor.py | 4 ++-- stix2/test/v21/test_tool.py | 6 +++--- stix2/test/v21/test_vulnerability.py | 4 ++-- 31 files changed, 110 insertions(+), 120 deletions(-) diff --git a/stix2/test/v20/constants.py b/stix2/test/v20/constants.py index 1baeb25..8d439f1 100644 --- a/stix2/test/v20/constants.py +++ b/stix2/test/v20/constants.py @@ -8,7 +8,6 @@ ATTACK_PATTERN_ID = "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061" CAMPAIGN_ID = "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" COURSE_OF_ACTION_ID = "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f" IDENTITY_ID = "identity--311b2d2d-f010-4473-83ec-1edf84858f4c" -IDENTITY_ALT_ID = "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" INDICATOR_ID = "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" INTRUSION_SET_ID = "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29" MALWARE_ID = "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" diff --git a/stix2/test/v20/test_bundle.py b/stix2/test/v20/test_bundle.py index 1a135ac..907f632 100644 --- a/stix2/test/v20/test_bundle.py +++ b/stix2/test/v20/test_bundle.py @@ -4,8 +4,6 @@ import pytest import stix2 -from .constants import IDENTITY_ALT_ID - EXPECTED_BUNDLE = """{ "type": "bundle", "id": "bundle--00000000-0000-4000-8000-000000000007", @@ -187,7 +185,7 @@ def test_parse_unknown_type(): "id": "other--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created": "2016-04-06T20:03:00Z", "modified": "2016-04-06T20:03:00Z", - "created_by_ref": IDENTITY_ALT_ID, + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "description": "Campaign by Green Group against a series of targets in the financial services sector.", "name": "Green Group Attacks Against Finance", } diff --git a/stix2/test/v20/test_campaign.py b/stix2/test/v20/test_campaign.py index 0ccfd37..746d560 100644 --- a/stix2/test/v20/test_campaign.py +++ b/stix2/test/v20/test_campaign.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS, IDENTITY_ALT_ID +from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS EXPECTED = """{ "type": "campaign", @@ -45,7 +45,7 @@ def test_parse_campaign(data): assert cmpn.id == CAMPAIGN_ID assert cmpn.created == dt.datetime(2016, 4, 6, 20, 3, 0, tzinfo=pytz.utc) assert cmpn.modified == dt.datetime(2016, 4, 6, 20, 3, 0, tzinfo=pytz.utc) - assert cmpn.created_by_ref == IDENTITY_ALT_ID + assert cmpn.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" assert cmpn.description == "Campaign by Green Group against a series of targets in the financial services sector." assert cmpn.name == "Green Group Attacks Against Finance" diff --git a/stix2/test/v20/test_core.py b/stix2/test/v20/test_core.py index e9ec399..017344f 100644 --- a/stix2/test/v20/test_core.py +++ b/stix2/test/v20/test_core.py @@ -3,8 +3,6 @@ import pytest import stix2 from stix2 import core, exceptions -from .constants import IDENTITY_ALT_ID - BUNDLE = { "type": "bundle", "spec_version": "2.0", @@ -98,7 +96,7 @@ def test_register_marking_with_no_version(): def test_register_observable_with_version(): observed_data = stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -136,7 +134,7 @@ def test_register_observable_with_version(): def test_register_observable_extension_with_version(): observed_data = stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_course_of_action.py b/stix2/test/v20/test_course_of_action.py index b247fe2..ee722fe 100644 --- a/stix2/test/v20/test_course_of_action.py +++ b/stix2/test/v20/test_course_of_action.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import COURSE_OF_ACTION_ID, IDENTITY_ALT_ID +from .constants import COURSE_OF_ACTION_ID EXPECTED = """{ "type": "course-of-action", @@ -21,7 +21,7 @@ EXPECTED = """{ def test_course_of_action_example(): coa = stix2.v20.CourseOfAction( id=COURSE_OF_ACTION_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", @@ -36,7 +36,7 @@ def test_course_of_action_example(): EXPECTED, { "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": IDENTITY_ALT_ID, + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ...", "id": COURSE_OF_ACTION_ID, "modified": "2016-04-06T20:03:48.000Z", @@ -52,7 +52,7 @@ def test_parse_course_of_action(data): assert coa.id == COURSE_OF_ACTION_ID assert coa.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert coa.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert coa.created_by_ref == IDENTITY_ALT_ID + assert coa.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" assert coa.description == "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..." assert coa.name == "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter" diff --git a/stix2/test/v20/test_datastore_filters.py b/stix2/test/v20/test_datastore_filters.py index 415109a..c5d26c1 100644 --- a/stix2/test/v20/test_datastore_filters.py +++ b/stix2/test/v20/test_datastore_filters.py @@ -4,8 +4,6 @@ from stix2 import parse from stix2.datastore.filters import Filter, apply_common_filters from stix2.utils import STIXdatetime, parse_into_datetime -from .constants import IDENTITY_ALT_ID - stix_objs = [ { "created": "2017-01-27T13:49:53.997Z", @@ -70,7 +68,7 @@ stix_objs = [ { "type": "observed-data", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - "created_by_ref": IDENTITY_ALT_ID, + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", "first_observed": "2015-12-21T19:00:00Z", @@ -441,7 +439,7 @@ def test_filters7(stix_objs2, real_stix_objs2): obsvd_data_obj = { "type": "observed-data", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - "created_by_ref": IDENTITY_ALT_ID, + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", "first_observed": "2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_intrusion_set.py b/stix2/test/v20/test_intrusion_set.py index 8dbff0d..f02fbcb 100644 --- a/stix2/test/v20/test_intrusion_set.py +++ b/stix2/test/v20/test_intrusion_set.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import IDENTITY_ALT_ID, INTRUSION_SET_ID +from .constants import INTRUSION_SET_ID EXPECTED = """{ "type": "intrusion-set", @@ -29,7 +29,7 @@ EXPECTED = """{ def test_intrusion_set_example(): intrusion_set = stix2.v20.IntrusionSet( id=INTRUSION_SET_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Bobcat Breakin", @@ -49,7 +49,7 @@ def test_intrusion_set_example(): "Zookeeper", ], "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": IDENTITY_ALT_ID, + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "description": "Incidents usually feature a shared TTP of a bobcat being released...", "goals": [ "acquisition-theft", diff --git a/stix2/test/v20/test_observed_data.py b/stix2/test/v20/test_observed_data.py index d30a407..223184f 100644 --- a/stix2/test/v20/test_observed_data.py +++ b/stix2/test/v20/test_observed_data.py @@ -6,7 +6,7 @@ import pytz import stix2 -from .constants import IDENTITY_ALT_ID, OBSERVED_DATA_ID +from .constants import OBSERVED_DATA_ID OBJECTS_REGEX = re.compile('\"objects\": {(?:.*?)(?:(?:[^{]*?)|(?:{[^{]*?}))*}', re.DOTALL) @@ -32,7 +32,7 @@ EXPECTED = """{ def test_observed_data_example(): observed_data = stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -77,7 +77,7 @@ EXPECTED_WITH_REF = """{ def test_observed_data_example_with_refs(): observed_data = stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -103,7 +103,7 @@ def test_observed_data_example_with_bad_refs(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -131,7 +131,7 @@ def test_observed_data_example_with_non_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -149,7 +149,7 @@ def test_observed_data_example_with_empty_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -170,7 +170,7 @@ def test_observed_data_example_with_empty_dictionary(): "type": "observed-data", "id": OBSERVED_DATA_ID, "created": "2016-04-06T19:58:16.000Z", - "created_by_ref": IDENTITY_ALT_ID, + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "first_observed": "2015-12-21T19:00:00Z", "last_observed": "2015-12-21T19:00:00Z", "modified": "2016-04-06T19:58:16.000Z", @@ -193,7 +193,7 @@ def test_parse_observed_data(data): assert odata.modified == dt.datetime(2016, 4, 6, 19, 58, 16, tzinfo=pytz.utc) assert odata.first_observed == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert odata.last_observed == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) - assert odata.created_by_ref == IDENTITY_ALT_ID + assert odata.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" assert odata.objects["0"].type == "file" @@ -564,7 +564,7 @@ EXPECTED_PROCESS_OD = """{ def test_observed_data_with_process_example(): observed_data = stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_threat_actor.py b/stix2/test/v20/test_threat_actor.py index d8b73fc..20cb26e 100644 --- a/stix2/test/v20/test_threat_actor.py +++ b/stix2/test/v20/test_threat_actor.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import IDENTITY_ALT_ID, THREAT_ACTOR_ID +from .constants import THREAT_ACTOR_ID EXPECTED = """{ "type": "threat-actor", @@ -24,7 +24,7 @@ EXPECTED = """{ def test_threat_actor_example(): threat_actor = stix2.v20.ThreatActor( id=THREAT_ACTOR_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", description="The Evil Org threat actor group", @@ -40,7 +40,7 @@ def test_threat_actor_example(): EXPECTED, { "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": IDENTITY_ALT_ID, + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "description": "The Evil Org threat actor group", "id": THREAT_ACTOR_ID, "modified": "2016-04-06T20:03:48.000Z", @@ -57,7 +57,7 @@ def test_parse_threat_actor(data): assert actor.id == THREAT_ACTOR_ID assert actor.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert actor.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert actor.created_by_ref == IDENTITY_ALT_ID + assert actor.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" assert actor.description == "The Evil Org threat actor group" assert actor.name == "Evil Org" assert actor.labels == ["crime-syndicate"] diff --git a/stix2/test/v20/test_tool.py b/stix2/test/v20/test_tool.py index be44a32..257b787 100644 --- a/stix2/test/v20/test_tool.py +++ b/stix2/test/v20/test_tool.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import IDENTITY_ALT_ID, TOOL_ID +from .constants import TOOL_ID EXPECTED = """{ "type": "tool", @@ -36,7 +36,7 @@ EXPECTED_WITH_REVOKED = """{ def test_tool_example(): tool = stix2.v20.Tool( id=TOOL_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", labels=["remote-access"], @@ -51,7 +51,7 @@ def test_tool_example(): EXPECTED, { "created": "2016-04-06T20:03:48Z", - "created_by_ref": IDENTITY_ALT_ID, + "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "id": TOOL_ID, "modified": "2016-04-06T20:03:48Z", "labels": ["remote-access"], @@ -67,7 +67,7 @@ def test_parse_tool(data): assert tool.id == TOOL_ID assert tool.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert tool.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert tool.created_by_ref == IDENTITY_ALT_ID + assert tool.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" assert tool.labels == ["remote-access"] assert tool.name == "VNC" @@ -81,7 +81,7 @@ def test_tool_no_workbench_wrappers(): def test_tool_serialize_with_defaults(): tool = stix2.v20.Tool( id=TOOL_ID, - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", labels=["remote-access"], diff --git a/stix2/test/v20/test_utils.py b/stix2/test/v20/test_utils.py index 30872d5..1aa85b1 100644 --- a/stix2/test/v20/test_utils.py +++ b/stix2/test/v20/test_utils.py @@ -8,8 +8,6 @@ import pytz import stix2.utils -from .constants import IDENTITY_ALT_ID - amsterdam = pytz.timezone('Europe/Amsterdam') eastern = pytz.timezone('US/Eastern') @@ -125,7 +123,7 @@ def test_deduplicate(stix_objs1): ( stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref=IDENTITY_ALT_ID, + created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v21/test_campaign.py b/stix2/test/v21/test_campaign.py index ad7e753..e4c1707 100644 --- a/stix2/test/v21/test_campaign.py +++ b/stix2/test/v21/test_campaign.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import CAMPAIGN_ID +from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS EXPECTED = """{ "type": "campaign", @@ -21,12 +21,7 @@ EXPECTED = """{ def test_campaign_example(): campaign = stix2.v21.Campaign( - id="campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", - created="2016-04-06T20:03:00Z", - modified="2016-04-06T20:03:00Z", - name="Green Group Attacks Against Finance", - description="Campaign by Green Group against a series of targets in the financial services sector.", + **CAMPAIGN_MORE_KWARGS ) assert str(campaign) == EXPECTED @@ -38,7 +33,7 @@ def test_campaign_example(): { "type": "campaign", "spec_version": "2.1", - "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + "id": CAMPAIGN_ID, "created": "2016-04-06T20:03:00Z", "modified": "2016-04-06T20:03:00Z", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", diff --git a/stix2/test/v21/test_core.py b/stix2/test/v21/test_core.py index 19aa275..c90592b 100644 --- a/stix2/test/v21/test_core.py +++ b/stix2/test/v21/test_core.py @@ -3,6 +3,8 @@ import pytest import stix2 from stix2 import core, exceptions +from .constants import OBSERVED_DATA_ID + BUNDLE = { "type": "bundle", "id": "bundle--00000000-0000-4000-8000-000000000007", @@ -98,7 +100,7 @@ def test_register_marking_with_no_version(): def test_register_observable_with_default_version(): observed_data = stix2.v21.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + id=OBSERVED_DATA_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", @@ -136,7 +138,7 @@ def test_register_observable_with_default_version(): def test_register_observable_extension_with_default_version(): observed_data = stix2.v21.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + id=OBSERVED_DATA_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", diff --git a/stix2/test/v21/test_course_of_action.py b/stix2/test/v21/test_course_of_action.py index 73e8eca..c27b20d 100644 --- a/stix2/test/v21/test_course_of_action.py +++ b/stix2/test/v21/test_course_of_action.py @@ -21,7 +21,7 @@ EXPECTED = """{ def test_course_of_action_example(): coa = stix2.v21.CourseOfAction( - id="course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + id=COURSE_OF_ACTION_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", @@ -39,7 +39,7 @@ def test_course_of_action_example(): "created": "2016-04-06T20:03:48.000Z", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ...", - "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + "id": COURSE_OF_ACTION_ID, "modified": "2016-04-06T20:03:48.000Z", "name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", "spec_version": "2.1", diff --git a/stix2/test/v21/test_custom.py b/stix2/test/v21/test_custom.py index 295520e..6e1e585 100644 --- a/stix2/test/v21/test_custom.py +++ b/stix2/test/v21/test_custom.py @@ -3,7 +3,7 @@ import pytest import stix2 import stix2.base -from .constants import FAKE_TIME, MARKING_DEFINITION_ID +from .constants import FAKE_TIME, IDENTITY_ID, MARKING_DEFINITION_ID IDENTITY_CUSTOM_PROP = stix2.v21.Identity( name="John Smith", @@ -16,7 +16,7 @@ IDENTITY_CUSTOM_PROP = stix2.v21.Identity( def test_identity_custom_property(): with pytest.raises(ValueError) as excinfo: stix2.v21.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -27,7 +27,7 @@ def test_identity_custom_property(): with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: stix2.v21.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -40,7 +40,7 @@ def test_identity_custom_property(): assert "Unexpected properties for Identity" in str(excinfo.value) identity = stix2.v21.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -55,7 +55,7 @@ def test_identity_custom_property(): def test_identity_custom_property_invalid(): with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: stix2.v21.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -69,7 +69,7 @@ def test_identity_custom_property_invalid(): def test_identity_custom_property_allowed(): identity = stix2.v21.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -130,7 +130,7 @@ def test_custom_property_dict_in_bundled_object(): custom_identity = { 'type': 'identity', 'spec_version': '2.1', - 'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c', + 'id': IDENTITY_ID, 'created': '2015-12-21T19:59:11Z', 'name': 'John Smith', 'identity_class': 'individual', @@ -148,7 +148,7 @@ def test_custom_properties_dict_in_bundled_object(): custom_identity = { 'type': 'identity', 'spec_version': '2.1', - 'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c', + 'id': IDENTITY_ID, 'created': '2015-12-21T19:59:11Z', 'name': 'John Smith', 'identity_class': 'individual', diff --git a/stix2/test/v21/test_datastore_filters.py b/stix2/test/v21/test_datastore_filters.py index 466d304..4b9878a 100644 --- a/stix2/test/v21/test_datastore_filters.py +++ b/stix2/test/v21/test_datastore_filters.py @@ -4,6 +4,8 @@ from stix2 import parse from stix2.datastore.filters import Filter, apply_common_filters from stix2.utils import STIXdatetime, parse_into_datetime +from .constants import OBSERVED_DATA_ID + stix_objs = [ { "created": "2017-01-27T13:49:53.997Z", @@ -72,7 +74,7 @@ stix_objs = [ { "type": "observed-data", "spec_version": "2.1", - "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + "id": OBSERVED_DATA_ID, "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", @@ -444,7 +446,7 @@ def test_filters7(stix_objs2, real_stix_objs2): obsvd_data_obj = { "type": "observed-data", "spec_version": "2.1", - "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + "id": OBSERVED_DATA_ID, "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", diff --git a/stix2/test/v21/test_identity.py b/stix2/test/v21/test_identity.py index da99de4..9d17723 100644 --- a/stix2/test/v21/test_identity.py +++ b/stix2/test/v21/test_identity.py @@ -20,7 +20,7 @@ EXPECTED = """{ def test_identity_example(): identity = stix2.v21.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="John Smith", @@ -35,7 +35,7 @@ def test_identity_example(): EXPECTED, { "created": "2015-12-21T19:59:11.000Z", - "id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + "id": IDENTITY_ID, "identity_class": "individual", "modified": "2015-12-21T19:59:11.000Z", "name": "John Smith", diff --git a/stix2/test/v21/test_indicator.py b/stix2/test/v21/test_indicator.py index 628bdff..fe8f0ce 100644 --- a/stix2/test/v21/test_indicator.py +++ b/stix2/test/v21/test_indicator.py @@ -157,7 +157,7 @@ def test_created_modified_time_are_identical_by_default(): EXPECTED_INDICATOR, { "type": "indicator", - "id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", + "id": INDICATOR_ID, "created": "2017-01-01T00:00:01Z", "modified": "2017-01-01T00:00:01Z", "indicator_types": [ diff --git a/stix2/test/v21/test_intrusion_set.py b/stix2/test/v21/test_intrusion_set.py index d87780c..f8d5dc2 100644 --- a/stix2/test/v21/test_intrusion_set.py +++ b/stix2/test/v21/test_intrusion_set.py @@ -29,7 +29,7 @@ EXPECTED = """{ def test_intrusion_set_example(): intrusion_set = stix2.v21.IntrusionSet( - id="intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29", + id=INTRUSION_SET_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", @@ -57,7 +57,7 @@ def test_intrusion_set_example(): "harassment", "damage", ], - "id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29", + "id": INTRUSION_SET_ID, "modified": "2016-04-06T20:03:48.000Z", "name": "Bobcat Breakin", "spec_version": "2.1", diff --git a/stix2/test/v21/test_location.py b/stix2/test/v21/test_location.py index 62fd9e0..5a4e17a 100644 --- a/stix2/test/v21/test_location.py +++ b/stix2/test/v21/test_location.py @@ -69,7 +69,7 @@ def test_location_with_some_required_properties(): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "region": "north-america", @@ -94,7 +94,7 @@ def test_parse_location(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "latitude": 90.01, @@ -103,7 +103,7 @@ def test_parse_location(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "latitude": -90.1, @@ -123,7 +123,7 @@ def test_location_bad_latitude(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "latitude": 80, @@ -132,7 +132,7 @@ def test_location_bad_latitude(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "latitude": 80, @@ -152,7 +152,7 @@ def test_location_bad_longitude(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "longitude": 175.7, @@ -161,7 +161,7 @@ def test_location_bad_longitude(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "latitude": 80, @@ -181,7 +181,7 @@ def test_location_properties_missing_when_precision_is_present(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "latitude": 18.468842, @@ -203,7 +203,7 @@ def test_location_negative_precision(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "latitude": 18.468842, @@ -215,7 +215,7 @@ def test_location_negative_precision(data): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "longitude": 160.7, @@ -238,7 +238,7 @@ def test_location_latitude_dependency_missing(data, msg): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "latitude": 18.468842, @@ -249,7 +249,7 @@ def test_location_latitude_dependency_missing(data, msg): { "type": "location", "spec_version": "2.1", - "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "id": LOCATION_ID, "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "longitude": 160.7, diff --git a/stix2/test/v21/test_malware.py b/stix2/test/v21/test_malware.py index 3ae96d9..c55bfa9 100644 --- a/stix2/test/v21/test_malware.py +++ b/stix2/test/v21/test_malware.py @@ -110,7 +110,7 @@ def test_invalid_kwarg_to_malware(): { "type": "malware", "spec_version": "2.1", - "id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", + "id": MALWARE_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "malware_types": ["ransomware"], diff --git a/stix2/test/v21/test_markings.py b/stix2/test/v21/test_markings.py index 7782236..11b6a95 100644 --- a/stix2/test/v21/test_markings.py +++ b/stix2/test/v21/test_markings.py @@ -80,7 +80,7 @@ def test_marking_def_example_with_tlp(): def test_marking_def_example_with_statement_positional_argument(): marking_definition = stix2.v21.MarkingDefinition( - id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + id=MARKING_DEFINITION_ID, created="2017-01-20T00:00:00.000Z", definition_type="statement", definition=stix2.StatementMarking(statement="Copyright 2016, Example Corp"), @@ -92,7 +92,7 @@ def test_marking_def_example_with_statement_positional_argument(): def test_marking_def_example_with_kwargs_statement(): kwargs = dict(statement="Copyright 2016, Example Corp") marking_definition = stix2.v21.MarkingDefinition( - id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + id=MARKING_DEFINITION_ID, created="2017-01-20T00:00:00.000Z", definition_type="statement", definition=stix2.StatementMarking(**kwargs), @@ -104,7 +104,7 @@ def test_marking_def_example_with_kwargs_statement(): def test_marking_def_invalid_type(): with pytest.raises(ValueError): stix2.v21.MarkingDefinition( - id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + id=MARKING_DEFINITION_ID, created="2017-01-20T00:00:00.000Z", definition_type="my-definition-type", definition=stix2.StatementMarking("Copyright 2016, Example Corp"), @@ -126,7 +126,7 @@ def test_campaign_with_markings_example(): def test_granular_example(): granular_marking = stix2.v21.GranularMarking( - marking_ref="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + marking_ref=MARKING_DEFINITION_ID, selectors=["abc", "abc.[23]", "abc.def", "abc.[2].efg"], ) @@ -136,7 +136,7 @@ def test_granular_example(): def test_granular_example_with_bad_selector(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.GranularMarking( - marking_ref="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + marking_ref=MARKING_DEFINITION_ID, selectors=["abc[0]"], # missing "." ) @@ -156,7 +156,7 @@ def test_campaign_with_granular_markings_example(): description="Campaign by Green Group against a series of targets in the financial services sector.", granular_markings=[ stix2.v21.GranularMarking( - marking_ref="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + marking_ref=MARKING_DEFINITION_ID, selectors=["description"], ), ], @@ -168,7 +168,7 @@ def test_campaign_with_granular_markings_example(): "data", [ EXPECTED_TLP_MARKING_DEFINITION, { - "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", + "id": MARKING_DEFINITION_ID, "spec_version": "2.1", "type": "marking-definition", "created": "2017-01-20T00:00:00Z", diff --git a/stix2/test/v21/test_note.py b/stix2/test/v21/test_note.py index a9807e8..47a191e 100644 --- a/stix2/test/v21/test_note.py +++ b/stix2/test/v21/test_note.py @@ -84,7 +84,7 @@ def test_note_with_required_properties(): { "type": "note", "spec_version": "2.1", - "id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "id": NOTE_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "abstract": "Tracking Team Note#1", @@ -93,7 +93,7 @@ def test_note_with_required_properties(): "John Doe", ], "object_refs": [ - "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + CAMPAIGN_ID, ], "external_references": [ { diff --git a/stix2/test/v21/test_observed_data.py b/stix2/test/v21/test_observed_data.py index eb811b2..3dde027 100644 --- a/stix2/test/v21/test_observed_data.py +++ b/stix2/test/v21/test_observed_data.py @@ -32,7 +32,7 @@ EXPECTED = """{ def test_observed_data_example(): observed_data = stix2.v21.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + id=OBSERVED_DATA_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", @@ -78,7 +78,7 @@ EXPECTED_WITH_REF = """{ def test_observed_data_example_with_refs(): observed_data = stix2.v21.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + id=OBSERVED_DATA_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", @@ -104,7 +104,7 @@ def test_observed_data_example_with_refs(): def test_observed_data_example_with_bad_refs(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + id=OBSERVED_DATA_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", @@ -132,7 +132,7 @@ def test_observed_data_example_with_bad_refs(): def test_observed_data_example_with_non_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + id=OBSERVED_DATA_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", @@ -150,7 +150,7 @@ def test_observed_data_example_with_non_dictionary(): def test_observed_data_example_with_empty_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + id=OBSERVED_DATA_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", @@ -171,7 +171,7 @@ def test_observed_data_example_with_empty_dictionary(): { "type": "observed-data", "spec_version": "2.1", - "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + "id": OBSERVED_DATA_ID, "created": "2016-04-06T19:58:16.000Z", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "first_observed": "2015-12-21T19:00:00Z", @@ -565,7 +565,7 @@ EXPECTED_PROCESS_OD = """{ def test_observed_data_with_process_example(): observed_data = stix2.v21.ObservedData( - id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", + id=OBSERVED_DATA_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", diff --git a/stix2/test/v21/test_opinion.py b/stix2/test/v21/test_opinion.py index 79e97ca..b2f6dc0 100644 --- a/stix2/test/v21/test_opinion.py +++ b/stix2/test/v21/test_opinion.py @@ -66,7 +66,7 @@ def test_opinion_with_required_properties(): { "type": "opinion", "spec_version": "2.1", - "id": "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7", + "id": OPINION_ID, "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "explanation": EXPLANATION, diff --git a/stix2/test/v21/test_relationship.py b/stix2/test/v21/test_relationship.py index 0ec3e08..386e24b 100644 --- a/stix2/test/v21/test_relationship.py +++ b/stix2/test/v21/test_relationship.py @@ -162,11 +162,11 @@ def test_create_relationship_with_positional_args(indicator, malware): EXPECTED_RELATIONSHIP, { "created": "2016-04-06T20:06:37Z", - "id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301", + "id": RELATIONSHIP_ID, "modified": "2016-04-06T20:06:37Z", "relationship_type": "indicates", - "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", - "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", + "source_ref": INDICATOR_ID, + "target_ref": MALWARE_ID, "spec_version": "2.1", "type": "relationship", }, @@ -181,19 +181,19 @@ def test_parse_relationship(data): assert rel.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert rel.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert rel.relationship_type == "indicates" - assert rel.source_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" - assert rel.target_ref == "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e" + assert rel.source_ref == INDICATOR_ID + assert rel.target_ref == MALWARE_ID @pytest.mark.parametrize( "data", [ { "created": "2016-04-06T20:06:37Z", - "id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301", + "id": RELATIONSHIP_ID, "modified": "2016-04-06T20:06:37Z", "relationship_type": "indicates", - "source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", - "target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", + "source_ref": INDICATOR_ID, + "target_ref": MALWARE_ID, "start_time": "2018-04-06T20:06:37Z", "stop_time": "2016-04-06T20:06:37Z", "spec_version": "2.1", diff --git a/stix2/test/v21/test_report.py b/stix2/test/v21/test_report.py index c9d790e..22b5fb8 100644 --- a/stix2/test/v21/test_report.py +++ b/stix2/test/v21/test_report.py @@ -30,7 +30,7 @@ EXPECTED = """{ def test_report_example(): report = stix2.v21.Report( - id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", + id=REPORT_ID, created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", @@ -50,7 +50,7 @@ def test_report_example(): def test_report_example_objects_in_object_refs(): report = stix2.v21.Report( - id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", + id=REPORT_ID, created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", @@ -71,7 +71,7 @@ def test_report_example_objects_in_object_refs(): def test_report_example_objects_in_object_refs_with_bad_id(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.Report( - id="report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", + id=REPORT_ID, created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", @@ -99,7 +99,7 @@ def test_report_example_objects_in_object_refs_with_bad_id(): "created": "2015-12-21T19:59:11.000Z", "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", "description": "A simple report with an indicator and campaign", - "id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", + "id": REPORT_ID, "report_types": [ "campaign", ], diff --git a/stix2/test/v21/test_sighting.py b/stix2/test/v21/test_sighting.py index 8fcbb6d..c0fa7c3 100644 --- a/stix2/test/v21/test_sighting.py +++ b/stix2/test/v21/test_sighting.py @@ -96,7 +96,7 @@ def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811 EXPECTED_SIGHTING, { "created": "2016-04-06T20:06:37Z", - "id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb", + "id": SIGHTING_ID, "modified": "2016-04-06T20:06:37Z", "sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "spec_version": "2.1", @@ -115,5 +115,5 @@ def test_parse_sighting(data): assert sighting.id == SIGHTING_ID assert sighting.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert sighting.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) - assert sighting.sighting_of_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7" + assert sighting.sighting_of_ref == INDICATOR_ID assert sighting.where_sighted_refs == ["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"] diff --git a/stix2/test/v21/test_threat_actor.py b/stix2/test/v21/test_threat_actor.py index a7a29f8..fd4dcf7 100644 --- a/stix2/test/v21/test_threat_actor.py +++ b/stix2/test/v21/test_threat_actor.py @@ -24,7 +24,7 @@ EXPECTED = """{ def test_threat_actor_example(): threat_actor = stix2.v21.ThreatActor( - id="threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + id=THREAT_ACTOR_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", @@ -43,7 +43,7 @@ def test_threat_actor_example(): "created": "2016-04-06T20:03:48.000Z", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "description": "The Evil Org threat actor group", - "id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + "id": THREAT_ACTOR_ID, "threat_actor_types": [ "crime-syndicate", ], diff --git a/stix2/test/v21/test_tool.py b/stix2/test/v21/test_tool.py index 9258a23..e0ec6b0 100644 --- a/stix2/test/v21/test_tool.py +++ b/stix2/test/v21/test_tool.py @@ -37,7 +37,7 @@ EXPECTED_WITH_REVOKED = """{ def test_tool_example(): tool = stix2.v21.Tool( - id="tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + id=TOOL_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", @@ -54,7 +54,7 @@ def test_tool_example(): { "created": "2016-04-06T20:03:48Z", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", - "id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + "id": TOOL_ID, "tool_types": [ "remote-access", ], @@ -86,7 +86,7 @@ def test_tool_no_workbench_wrappers(): def test_tool_serialize_with_defaults(): tool = stix2.v21.Tool( - id="tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + id=TOOL_ID, created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", diff --git a/stix2/test/v21/test_vulnerability.py b/stix2/test/v21/test_vulnerability.py index 9c618e5..ee63a0e 100644 --- a/stix2/test/v21/test_vulnerability.py +++ b/stix2/test/v21/test_vulnerability.py @@ -25,7 +25,7 @@ EXPECTED = """{ def test_vulnerability_example(): vulnerability = stix2.v21.Vulnerability( - id="vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + id=VULNERABILITY_ID, created="2016-05-12T08:17:27.000Z", modified="2016-05-12T08:17:27.000Z", name="CVE-2016-1234", @@ -51,7 +51,7 @@ def test_vulnerability_example(): "source_name": "cve", }, ], - "id": "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", + "id": VULNERABILITY_ID, "modified": "2016-05-12T08:17:27Z", "name": "CVE-2016-1234", "spec_version": "2.1", From b4d4a582cefd32719e13de1b76de9e32d8b656b7 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Wed, 23 Jan 2019 13:42:25 -0500 Subject: [PATCH 08/10] Update timestamps in v20 testsuite JSON files --- .../20170531213019735010.json | 4 ++-- .../20170531213026496201.json | 4 ++-- .../20170531213029458940.json | 4 ++-- .../20170531213045139269.json | 4 ++-- .../20170531213041022897.json | 4 ++-- .../20170531213032662702.json | 4 ++-- .../20170531213026495974.json | 4 ++-- .../20170531213041022744.json | 4 ++-- .../20170601000000000000.json | 4 ++-- .../20170531213149412497.json | 4 ++-- .../20170531213153197755.json | 4 ++-- .../20170531213258226477.json | 4 ++-- .../20170531213326565056.json | 4 ++-- .../20170531213248482655.json | 4 ++-- .../20170531213215263882.json | 4 ++-- .../20170531213327182784.json | 4 ++-- .../20170531213327082801.json | 4 ++-- .../20170531213327018782.json | 4 ++-- .../20170531213327100701.json | 4 ++-- .../20170531213327143973.json | 4 ++-- .../20170531213327021562.json | 4 ++-- .../20170531213327044387.json | 4 ++-- .../20170531213327051532.json | 4 ++-- .../20170531213231601148.json | 4 ++-- .../20170531213212684914.json | 4 ++-- .../20170601000000000000.json | 4 ++-- 26 files changed, 52 insertions(+), 52 deletions(-) diff --git a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json index 47dd5f8..98521dc 100644 --- a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json +++ b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json @@ -2,7 +2,7 @@ "id": "bundle--f68640b4-0cdc-42ae-b176-def1754a1ea0", "objects": [ { - "created": "2017-05-31T21:30:19.73501Z", + "created": "2017-05-31T21:30:19.735Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Credential dumping is the process of obtaining account login and password information from the operating system and software. Credentials can be used to perform Windows Credential Editor, Mimikatz, and gsecdump. These tools are in use by both professional security testers and adversaries.\n\nPlaintext passwords can be obtained using tools such as Mimikatz to extract passwords stored by the Local Security Authority (LSA). If smart cards are used to authenticate to a domain using a personal identification number (PIN), then that PIN is also cached as a result and may be dumped.Mimikatz access the LSA Subsystem Service (LSASS) process by opening the process, locating the LSA secrets key, and decrypting the sections in memory where credential details are stored. Credential dumpers may also use methods for reflective DLL Injection to reduce potential indicators of malicious activity.\n\nNTLM hash dumpers open the Security Accounts Manager (SAM) on the local file system (%SystemRoot%/system32/config/SAM) or create a dump of the Registry SAM key to access stored account password hashes. Some hash dumpers will open the local file system as a device and parse to the SAM table to avoid file access defenses. Others will make an in-memory copy of the SAM table before reading hashes. Detection of compromised Legitimate Credentials in-use by adversaries may help as well. \n\nOn Windows 8.1 and Windows Server 2012 R2, monitor Windows Logs for LSASS.exe creation to verify that LSASS started as a protected process.\n\nMonitor processes and command-line arguments for program execution that may be indicative of credential dumping. Remote access tools may contain built-in features or incorporate existing tools like Mimikatz. PowerShell scripts also exist that contain credential dumping functionality, such as PowerSploit's Invoke-Mimikatz module,[[Citation: Powersploit]] which may require additional logging features to be configured in the operating system to collect necessary information for analysis.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: API monitoring, Process command-line parameters, Process monitoring, PowerShell logs", "external_references": [ @@ -29,7 +29,7 @@ "phase_name": "credential-access" } ], - "modified": "2017-05-31T21:30:19.73501Z", + "modified": "2017-05-31T21:30:19.735Z", "name": "Credential Dumping", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json index 13f900f..da4e238 100644 --- a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json +++ b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json @@ -2,7 +2,7 @@ "id": "bundle--b07d6fd6-7cc5-492d-a1eb-9ba956b329d5", "objects": [ { - "created": "2017-05-31T21:30:26.496201Z", + "created": "2017-05-31T21:30:26.496Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Rootkits are programs that hide the existence of malware by intercepting and modifying operating system API calls that supply system information. Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower, to include a Hypervisor, Master Boot Record, or the Basic Input/Output System.[[Citation: Wikipedia Rootkit]]\n\nAdversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components.\n\nDetection: Some rootkit protections may be built into anti-virus or operating system software. There are dedicated rootkit detection tools that look for specific types of rootkit behavior. Monitor for the existence of unrecognized DLLs, devices, services, and changes to the MBR.[[Citation: Wikipedia Rootkit]]\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: BIOS, MBR, System calls", "external_references": [ @@ -24,7 +24,7 @@ "phase_name": "defense-evasion" } ], - "modified": "2017-05-31T21:30:26.496201Z", + "modified": "2017-05-31T21:30:26.496Z", "name": "Rootkit", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json index db57e2c..1c8e76c 100644 --- a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json +++ b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json @@ -2,7 +2,7 @@ "id": "bundle--1a854c96-639e-4771-befb-e7b960a65974", "objects": [ { - "created": "2017-05-31T21:30:29.45894Z", + "created": "2017-05-31T21:30:29.458Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Data, such as sensitive documents, may be exfiltrated through the use of automated processing or Scripting after being gathered during Exfiltration Over Command and Control Channel and Exfiltration Over Alternative Protocol.\n\nDetection: Monitor process file access patterns and network behavior. Unrecognized processes or scripts that appear to be traversing file systems and sending network traffic may be suspicious.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: File monitoring, Process monitoring, Process use of network", "external_references": [ @@ -19,7 +19,7 @@ "phase_name": "exfiltration" } ], - "modified": "2017-05-31T21:30:29.45894Z", + "modified": "2017-05-31T21:30:29.458Z", "name": "Automated Exfiltration", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json index d48092d..c4f2436 100644 --- a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json +++ b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json @@ -2,7 +2,7 @@ "id": "bundle--33e3e33a-38b8-4a37-9455-5b8c82d3b10a", "objects": [ { - "created": "2017-05-31T21:30:45.139269Z", + "created": "2017-05-31T21:30:45.139Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Adversaries may attempt to get a listing of network connections to or from the compromised system.\nUtilities and commands that acquire this information include netstat, \"net use,\" and \"net session\" with Net.\n\nDetection: System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation, but as part of a chain of behavior that could lead to other activities, such as Windows Management Instrumentation and PowerShell.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: Process command-line parameters, Process monitoring", "external_references": [ @@ -19,7 +19,7 @@ "phase_name": "discovery" } ], - "modified": "2017-05-31T21:30:45.139269Z", + "modified": "2017-05-31T21:30:45.139Z", "name": "Local Network Connections Discovery", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json index 031419e..1a64591 100644 --- a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json +++ b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json @@ -2,7 +2,7 @@ "id": "bundle--a87938c5-cc1e-4e06-a8a3-b10243ae397d", "objects": [ { - "created": "2017-05-31T21:30:41.022897Z", + "created": "2017-05-31T21:30:41.022Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Sensitive data can be collected from remote systems via shared network drives (host shared directory, network file server, etc.) that are accessible from the current system prior to cmd may be used to gather information.\n\nDetection: Monitor processes and command-line arguments for actions that could be taken to collect files from a network share. Remote access tools with built-in features may interact directly with the Windows API to gather data. Data may also be acquired through Windows system management tools such as Windows Management Instrumentation and PowerShell.\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: File monitoring, Process monitoring, Process command-line parameters", "external_references": [ @@ -19,7 +19,7 @@ "phase_name": "collection" } ], - "modified": "2017-05-31T21:30:41.022897Z", + "modified": "2017-05-31T21:30:41.022Z", "name": "Data from Network Shared Drive", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json index 67c380c..e968c1f 100644 --- a/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json +++ b/stix2/test/v20/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json @@ -2,7 +2,7 @@ "id": "bundle--5ddaeff9-eca7-4094-9e65-4f53da21a444", "objects": [ { - "created": "2017-05-31T21:30:32.662702Z", + "created": "2017-05-31T21:30:32.662Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system.\n\nDetection: Detection of file obfuscation is difficult unless artifacts are left behind by the obfuscation process that are uniquely detectable with a signature. If detection of the obfuscation itself is not possible, it may be possible to detect the malicious activity that caused the obfuscated file (for example, the method that was used to write, read, or modify the file on the file system).\n\nPlatforms: Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows XP, Windows 7, Windows 8, Windows Server 2003 R2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Vista, Windows 8.1\n\nData Sources: Network protocol analysis, Process use of network, Binary file metadata, File monitoring, Malware reverse engineering", "external_references": [ @@ -19,7 +19,7 @@ "phase_name": "defense-evasion" } ], - "modified": "2017-05-31T21:30:32.662702Z", + "modified": "2017-05-31T21:30:32.662Z", "name": "Obfuscated Files or Information", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json b/stix2/test/v20/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json index 541ede1..9a7e4f5 100644 --- a/stix2/test/v20/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json +++ b/stix2/test/v20/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json @@ -2,11 +2,11 @@ "id": "bundle--a42d26fe-c938-4074-a1b3-50d852e6f0bd", "objects": [ { - "created": "2017-05-31T21:30:26.495974Z", + "created": "2017-05-31T21:30:26.495Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Identify potentially malicious software that may contain rootkit functionality, and audit and/or block it by using whitelisting[[CiteRef::Beechey 2010]] tools, like AppLocker,[[CiteRef::Windows Commands JPCERT]][[CiteRef::NSA MS AppLocker]] or Software Restriction Policies[[CiteRef::Corio 2008]] where appropriate.[[CiteRef::TechNet Applocker vs SRP]]", "id": "course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f", - "modified": "2017-05-31T21:30:26.495974Z", + "modified": "2017-05-31T21:30:26.495Z", "name": "Rootkit Mitigation", "type": "course-of-action" } diff --git a/stix2/test/v20/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json b/stix2/test/v20/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json index 669aae5..902cf1b 100644 --- a/stix2/test/v20/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json +++ b/stix2/test/v20/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json @@ -1,9 +1,9 @@ { - "created": "2017-05-31T21:30:41.022744Z", + "created": "2017-05-31T21:30:41.022Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Identify unnecessary system utilities or potentially malicious software that may be used to collect data from a network share, and audit and/or block them by using whitelisting[[CiteRef::Beechey 2010]] tools, like AppLocker,[[CiteRef::Windows Commands JPCERT]][[CiteRef::NSA MS AppLocker]] or Software Restriction Policies[[CiteRef::Corio 2008]] where appropriate.[[CiteRef::TechNet Applocker vs SRP]]", "id": "course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd", - "modified": "2017-05-31T21:30:41.022744Z", + "modified": "2017-05-31T21:30:41.022Z", "name": "Data from Network Shared Drive Mitigation", "type": "course-of-action" } diff --git a/stix2/test/v20/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json b/stix2/test/v20/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json index d110a09..9b86896 100644 --- a/stix2/test/v20/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json +++ b/stix2/test/v20/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json @@ -2,10 +2,10 @@ "id": "bundle--81884287-2548-47fc-a997-39489ddd5462", "objects": [ { - "created": "2017-06-01T00:00:00Z", + "created": "2017-06-01T00:00:00.000Z", "id": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "identity_class": "organization", - "modified": "2017-06-01T00:00:00Z", + "modified": "2017-06-01T00:00:00.000Z", "name": "The MITRE Corporation", "type": "identity" } diff --git a/stix2/test/v20/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json b/stix2/test/v20/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json index 648ed94..b1adad5 100644 --- a/stix2/test/v20/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json +++ b/stix2/test/v20/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json @@ -10,7 +10,7 @@ "PinkPanther", "Black Vine" ], - "created": "2017-05-31T21:31:49.412497Z", + "created": "2017-05-31T21:31:49.412Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Deep Panda is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications.Deep Panda.Deep Panda also appears to be known as Black Vine based on the attribution of both group names to the Anthem intrusion.[[Citation: Symantec Black Vine]]", "external_references": [ @@ -41,7 +41,7 @@ } ], "id": "intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064", - "modified": "2017-05-31T21:31:49.412497Z", + "modified": "2017-05-31T21:31:49.412Z", "name": "Deep Panda", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json b/stix2/test/v20/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json index bf3daa6..db2e43e 100644 --- a/stix2/test/v20/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json +++ b/stix2/test/v20/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json @@ -5,7 +5,7 @@ "aliases": [ "DragonOK" ], - "created": "2017-05-31T21:31:53.197755Z", + "created": "2017-05-31T21:31:53.197Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "DragonOK is a threat group that has targeted Japanese organizations with phishing emails. Due to overlapping TTPs, including similar custom tools, DragonOK is thought to have a direct or indirect relationship with the threat group Moafee. [[Citation: Operation Quantum Entanglement]][[Citation: Symbiotic APT Groups]] It is known to use a variety of malware, including Sysget/HelloBridge, PlugX, PoisonIvy, FormerFirstRat, NFlog, and NewCT. [[Citation: New DragonOK]]", "external_references": [ @@ -31,7 +31,7 @@ } ], "id": "intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a", - "modified": "2017-05-31T21:31:53.197755Z", + "modified": "2017-05-31T21:31:53.197Z", "name": "DragonOK", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json b/stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json index c60200b..63f6f55 100644 --- a/stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json +++ b/stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json @@ -2,7 +2,7 @@ "id": "bundle--f64de948-7067-4534-8018-85f03d470625", "objects": [ { - "created": "2017-05-31T21:32:58.226477Z", + "created": "2017-05-31T21:32:58.226Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]", "external_references": [ @@ -21,7 +21,7 @@ "labels": [ "malware" ], - "modified": "2017-05-31T21:32:58.226477Z", + "modified": "2017-05-31T21:32:58.226Z", "name": "Rover", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json b/stix2/test/v20/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json index 50c8a5d..f354e6c 100644 --- a/stix2/test/v20/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json +++ b/stix2/test/v20/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json @@ -2,7 +2,7 @@ "id": "bundle--c633942b-545c-4c87-91b7-9fe5740365e0", "objects": [ { - "created": "2017-05-31T21:33:26.565056Z", + "created": "2017-05-31T21:33:26.565Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "RTM is custom malware written in Delphi. It is used by the group of the same name (RTM).[[Citation: ESET RTM Feb 2017]]", "external_references": [ @@ -21,7 +21,7 @@ "labels": [ "malware" ], - "modified": "2017-05-31T21:33:26.565056Z", + "modified": "2017-05-31T21:33:26.565Z", "name": "RTM", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json b/stix2/test/v20/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json index 224f6a9..efbd6ca 100644 --- a/stix2/test/v20/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json +++ b/stix2/test/v20/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json @@ -2,7 +2,7 @@ "id": "bundle--09ce4338-8741-4fcf-9738-d216c8e40974", "objects": [ { - "created": "2017-05-31T21:32:48.482655Z", + "created": "2017-05-31T21:32:48.482Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Sakula is a remote access tool (RAT) that first surfaced in 2012 and was used in intrusions throughout 2015.[[Citation: Dell Sakula]]\n\nAliases: Sakula, Sakurel, VIPER", "external_references": [ @@ -21,7 +21,7 @@ "labels": [ "malware" ], - "modified": "2017-05-31T21:32:48.482655Z", + "modified": "2017-05-31T21:32:48.482Z", "name": "Sakula", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json b/stix2/test/v20/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json index 3e1c870..4d57db5 100644 --- a/stix2/test/v20/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json +++ b/stix2/test/v20/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json @@ -2,7 +2,7 @@ "id": "bundle--611947ce-ae3b-4fdb-b297-aed8eab22e4f", "objects": [ { - "created": "2017-05-31T21:32:15.263882Z", + "created": "2017-05-31T21:32:15.263Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "PoisonIvy is a popular remote access tool (RAT) that has been used by many groups.[[Citation: FireEye Poison Ivy]]\n\nAliases: PoisonIvy, Poison Ivy", "external_references": [ @@ -21,7 +21,7 @@ "labels": [ "malware" ], - "modified": "2017-05-31T21:32:15.263882Z", + "modified": "2017-05-31T21:32:15.263Z", "name": "PoisonIvy", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json b/stix2/test/v20/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json index 0f4a32a..22d3fc9 100644 --- a/stix2/test/v20/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json +++ b/stix2/test/v20/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json @@ -2,10 +2,10 @@ "id": "bundle--7e715462-dd9d-40b9-968a-10ef0ecf126d", "objects": [ { - "created": "2017-05-31T21:33:27.182784Z", + "created": "2017-05-31T21:33:27.182Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--0d4a7788-7f3b-4df8-a498-31a38003c883", - "modified": "2017-05-31T21:33:27.182784Z", + "modified": "2017-05-31T21:33:27.182Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v20/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json b/stix2/test/v20/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json index e5e1e87..68a8c8f 100644 --- a/stix2/test/v20/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json +++ b/stix2/test/v20/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json @@ -2,10 +2,10 @@ "id": "bundle--a53eef35-abfc-4bcd-b84e-a048f7b4a9bf", "objects": [ { - "created": "2017-05-31T21:33:27.082801Z", + "created": "2017-05-31T21:33:27.082Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227", - "modified": "2017-05-31T21:33:27.082801Z", + "modified": "2017-05-31T21:33:27.082Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v20/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json b/stix2/test/v20/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json index 9651425..1d5112d 100644 --- a/stix2/test/v20/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json +++ b/stix2/test/v20/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json @@ -2,10 +2,10 @@ "id": "bundle--0b9f6412-314f-44e3-8779-9738c9578ef5", "objects": [ { - "created": "2017-05-31T21:33:27.018782Z", + "created": "2017-05-31T21:33:27.018Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--1e91cd45-a725-4965-abe3-700694374432", - "modified": "2017-05-31T21:33:27.018782Z", + "modified": "2017-05-31T21:33:27.018Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v20/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json b/stix2/test/v20/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json index 7e355fc..671f905 100644 --- a/stix2/test/v20/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json +++ b/stix2/test/v20/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json @@ -2,10 +2,10 @@ "id": "bundle--6d5b04a8-efb2-4179-990e-74f1dcc76e0c", "objects": [ { - "created": "2017-05-31T21:33:27.100701Z", + "created": "2017-05-31T21:33:27.100Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e", - "modified": "2017-05-31T21:33:27.100701Z", + "modified": "2017-05-31T21:33:27.100Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v20/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json b/stix2/test/v20/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json index f537309..5392ff8 100644 --- a/stix2/test/v20/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json +++ b/stix2/test/v20/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json @@ -2,10 +2,10 @@ "id": "bundle--a7efc025-040d-49c7-bf97-e5a1120ecacc", "objects": [ { - "created": "2017-05-31T21:33:27.143973Z", + "created": "2017-05-31T21:33:27.143Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1", - "modified": "2017-05-31T21:33:27.143973Z", + "modified": "2017-05-31T21:33:27.143Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v20/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json b/stix2/test/v20/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json index 47008f0..d91e48c 100644 --- a/stix2/test/v20/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json +++ b/stix2/test/v20/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json @@ -2,10 +2,10 @@ "id": "bundle--9f013d47-7704-41c2-9749-23d0d94af94d", "objects": [ { - "created": "2017-05-31T21:33:27.021562Z", + "created": "2017-05-31T21:33:27.021Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--592d0c31-e61f-495e-a60e-70d7be59a719", - "modified": "2017-05-31T21:33:27.021562Z", + "modified": "2017-05-31T21:33:27.021Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v20/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json b/stix2/test/v20/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json index d697277..21cd833 100644 --- a/stix2/test/v20/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json +++ b/stix2/test/v20/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json @@ -2,10 +2,10 @@ "id": "bundle--15167b24-4cee-4c96-a140-32a6c37df4b4", "objects": [ { - "created": "2017-05-31T21:33:27.044387Z", + "created": "2017-05-31T21:33:27.044Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1", - "modified": "2017-05-31T21:33:27.044387Z", + "modified": "2017-05-31T21:33:27.044Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v20/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json b/stix2/test/v20/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json index d7f2ff7..ef0ad24 100644 --- a/stix2/test/v20/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json +++ b/stix2/test/v20/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json @@ -2,10 +2,10 @@ "id": "bundle--ff845dca-7036-416f-aae0-95030994c49f", "objects": [ { - "created": "2017-05-31T21:33:27.051532Z", + "created": "2017-05-31T21:33:27.051Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "id": "relationship--8797579b-e3be-4209-a71b-255a4d08243d", - "modified": "2017-05-31T21:33:27.051532Z", + "modified": "2017-05-31T21:33:27.051Z", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], diff --git a/stix2/test/v20/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json b/stix2/test/v20/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json index 9d47880..02df113 100644 --- a/stix2/test/v20/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json +++ b/stix2/test/v20/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json @@ -2,7 +2,7 @@ "id": "bundle--d8826afc-1561-4362-a4e3-05a4c2c3ac3c", "objects": [ { - "created": "2017-05-31T21:32:31.601148Z", + "created": "2017-05-31T21:32:31.601Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "The Net utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections.Net has a great deal of functionality,[[Citation: Savill 1999]] much of which is useful for an adversary, such as gathering system and network information for [[Discovery]], moving laterally through [[Windows admin shares]] using net use commands, and interacting with services.\n\nAliases: Net, net.exe", "external_references": [ @@ -26,7 +26,7 @@ "labels": [ "tool" ], - "modified": "2017-05-31T21:32:31.601148Z", + "modified": "2017-05-31T21:32:31.601Z", "name": "Net", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v20/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json b/stix2/test/v20/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json index 281888e..2480a80 100644 --- a/stix2/test/v20/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json +++ b/stix2/test/v20/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json @@ -2,7 +2,7 @@ "id": "bundle--7dbde18f-6f14-4bf0-8389-505c89d6d5a6", "objects": [ { - "created": "2017-05-31T21:32:12.684914Z", + "created": "2017-05-31T21:32:12.684Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Windows Credential Editor is a password dumping tool.[[Citation: Amplia WCE]]\n\nAliases: Windows Credential Editor, WCE", "external_references": [ @@ -21,7 +21,7 @@ "labels": [ "tool" ], - "modified": "2017-05-31T21:32:12.684914Z", + "modified": "2017-05-31T21:32:12.684Z", "name": "Windows Credential Editor", "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" diff --git a/stix2/test/v21/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json b/stix2/test/v21/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json index 368273d..e235745 100644 --- a/stix2/test/v21/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json +++ b/stix2/test/v21/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json @@ -2,10 +2,10 @@ "id": "bundle--81884287-2548-47fc-a997-39489ddd5462", "objects": [ { - "created": "2017-06-01T00:00:00Z", + "created": "2017-06-01T00:00:00.000Z", "id": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "identity_class": "organization", - "modified": "2017-06-01T00:00:00Z", + "modified": "2017-06-01T00:00:00.000Z", "name": "The MITRE Corporation", "spec_version": "2.1", "type": "identity" From a788dbb64ce9f70ef16062a5242015baf11d0bd9 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Tue, 29 Jan 2019 10:52:59 -0500 Subject: [PATCH 09/10] Replace most SDO/SRO values in tests with IDs from constants.py --- stix2/test/v20/constants.py | 2 +- stix2/test/v20/test_bundle.py | 4 +- stix2/test/v20/test_campaign.py | 8 ++-- stix2/test/v20/test_core.py | 6 ++- stix2/test/v20/test_course_of_action.py | 10 ++--- stix2/test/v20/test_custom.py | 16 ++++---- stix2/test/v20/test_datastore_memory.py | 4 +- stix2/test/v20/test_intrusion_set.py | 8 ++-- stix2/test/v20/test_markings.py | 12 +++--- stix2/test/v20/test_observed_data.py | 24 ++++++------ stix2/test/v20/test_pickle.py | 4 +- stix2/test/v20/test_report.py | 51 +++++++++++++------------ stix2/test/v20/test_sighting.py | 10 ++--- stix2/test/v20/test_threat_actor.py | 10 ++--- stix2/test/v20/test_tool.py | 14 +++---- stix2/test/v20/test_utils.py | 4 +- stix2/test/v21/constants.py | 2 +- stix2/test/v21/test_bundle.py | 4 +- stix2/test/v21/test_campaign.py | 8 ++-- stix2/test/v21/test_core.py | 6 +-- stix2/test/v21/test_course_of_action.py | 10 ++--- stix2/test/v21/test_datastore_memory.py | 4 +- stix2/test/v21/test_intrusion_set.py | 8 ++-- stix2/test/v21/test_markings.py | 12 +++--- stix2/test/v21/test_observed_data.py | 24 ++++++------ stix2/test/v21/test_pickle.py | 4 +- stix2/test/v21/test_report.py | 51 +++++++++++++------------ stix2/test/v21/test_sighting.py | 10 ++--- stix2/test/v21/test_threat_actor.py | 10 ++--- stix2/test/v21/test_tool.py | 14 +++---- stix2/test/v21/test_utils.py | 4 +- 31 files changed, 189 insertions(+), 169 deletions(-) diff --git a/stix2/test/v20/constants.py b/stix2/test/v20/constants.py index 8d439f1..37b9da2 100644 --- a/stix2/test/v20/constants.py +++ b/stix2/test/v20/constants.py @@ -50,7 +50,7 @@ CAMPAIGN_KWARGS = dict( CAMPAIGN_MORE_KWARGS = dict( type='campaign', id=CAMPAIGN_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:00.000Z", modified="2016-04-06T20:03:00.000Z", name="Green Group Attacks Against Finance", diff --git a/stix2/test/v20/test_bundle.py b/stix2/test/v20/test_bundle.py index 907f632..72523bb 100644 --- a/stix2/test/v20/test_bundle.py +++ b/stix2/test/v20/test_bundle.py @@ -4,6 +4,8 @@ import pytest import stix2 +from .constants import IDENTITY_ID + EXPECTED_BUNDLE = """{ "type": "bundle", "id": "bundle--00000000-0000-4000-8000-000000000007", @@ -185,7 +187,7 @@ def test_parse_unknown_type(): "id": "other--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created": "2016-04-06T20:03:00Z", "modified": "2016-04-06T20:03:00Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "Campaign by Green Group against a series of targets in the financial services sector.", "name": "Green Group Attacks Against Finance", } diff --git a/stix2/test/v20/test_campaign.py b/stix2/test/v20/test_campaign.py index 746d560..0d4a202 100644 --- a/stix2/test/v20/test_campaign.py +++ b/stix2/test/v20/test_campaign.py @@ -5,12 +5,12 @@ import pytz import stix2 -from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS +from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS, IDENTITY_ID EXPECTED = """{ "type": "campaign", "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "name": "Green Group Attacks Against Finance", @@ -32,7 +32,7 @@ def test_campaign_example(): "id": CAMPAIGN_ID, "created": "2016-04-06T20:03:00Z", "modified": "2016-04-06T20:03:00Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "Campaign by Green Group against a series of targets in the financial services sector.", "name": "Green Group Attacks Against Finance", }, @@ -45,7 +45,7 @@ def test_parse_campaign(data): assert cmpn.id == CAMPAIGN_ID assert cmpn.created == dt.datetime(2016, 4, 6, 20, 3, 0, tzinfo=pytz.utc) assert cmpn.modified == dt.datetime(2016, 4, 6, 20, 3, 0, tzinfo=pytz.utc) - assert cmpn.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert cmpn.created_by_ref == IDENTITY_ID assert cmpn.description == "Campaign by Green Group against a series of targets in the financial services sector." assert cmpn.name == "Green Group Attacks Against Finance" diff --git a/stix2/test/v20/test_core.py b/stix2/test/v20/test_core.py index 017344f..c2056b8 100644 --- a/stix2/test/v20/test_core.py +++ b/stix2/test/v20/test_core.py @@ -3,6 +3,8 @@ import pytest import stix2 from stix2 import core, exceptions +from .constants import IDENTITY_ID + BUNDLE = { "type": "bundle", "spec_version": "2.0", @@ -96,7 +98,7 @@ def test_register_marking_with_no_version(): def test_register_observable_with_version(): observed_data = stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -134,7 +136,7 @@ def test_register_observable_with_version(): def test_register_observable_extension_with_version(): observed_data = stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_course_of_action.py b/stix2/test/v20/test_course_of_action.py index ee722fe..f648907 100644 --- a/stix2/test/v20/test_course_of_action.py +++ b/stix2/test/v20/test_course_of_action.py @@ -5,12 +5,12 @@ import pytz import stix2 -from .constants import COURSE_OF_ACTION_ID +from .constants import COURSE_OF_ACTION_ID, IDENTITY_ID EXPECTED = """{ "type": "course-of-action", "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", @@ -21,7 +21,7 @@ EXPECTED = """{ def test_course_of_action_example(): coa = stix2.v20.CourseOfAction( id=COURSE_OF_ACTION_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", @@ -36,7 +36,7 @@ def test_course_of_action_example(): EXPECTED, { "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ...", "id": COURSE_OF_ACTION_ID, "modified": "2016-04-06T20:03:48.000Z", @@ -52,7 +52,7 @@ def test_parse_course_of_action(data): assert coa.id == COURSE_OF_ACTION_ID assert coa.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert coa.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert coa.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert coa.created_by_ref == IDENTITY_ID assert coa.description == "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..." assert coa.name == "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter" diff --git a/stix2/test/v20/test_custom.py b/stix2/test/v20/test_custom.py index 40ffa88..32632b9 100644 --- a/stix2/test/v20/test_custom.py +++ b/stix2/test/v20/test_custom.py @@ -2,7 +2,7 @@ import pytest import stix2 -from .constants import FAKE_TIME, MARKING_DEFINITION_ID +from .constants import FAKE_TIME, IDENTITY_ID, MARKING_DEFINITION_ID IDENTITY_CUSTOM_PROP = stix2.v20.Identity( name="John Smith", @@ -15,7 +15,7 @@ IDENTITY_CUSTOM_PROP = stix2.v20.Identity( def test_identity_custom_property(): with pytest.raises(ValueError) as excinfo: stix2.v20.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -26,7 +26,7 @@ def test_identity_custom_property(): with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: stix2.v20.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -39,7 +39,7 @@ def test_identity_custom_property(): assert "Unexpected properties for Identity" in str(excinfo.value) identity = stix2.v20.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -54,7 +54,7 @@ def test_identity_custom_property(): def test_identity_custom_property_invalid(): with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: stix2.v20.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -68,7 +68,7 @@ def test_identity_custom_property_invalid(): def test_identity_custom_property_allowed(): identity = stix2.v20.Identity( - id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c", + id=IDENTITY_ID, created="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z", name="John Smith", @@ -127,7 +127,7 @@ def test_custom_properties_object_in_bundled_object(): def test_custom_property_dict_in_bundled_object(): custom_identity = { 'type': 'identity', - 'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c', + 'id': IDENTITY_ID, 'created': '2015-12-21T19:59:11Z', 'name': 'John Smith', 'identity_class': 'individual', @@ -144,7 +144,7 @@ def test_custom_property_dict_in_bundled_object(): def test_custom_properties_dict_in_bundled_object(): custom_identity = { 'type': 'identity', - 'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c', + 'id': IDENTITY_ID, 'created': '2015-12-21T19:59:11Z', 'name': 'John Smith', 'identity_class': 'individual', diff --git a/stix2/test/v20/test_datastore_memory.py b/stix2/test/v20/test_datastore_memory.py index 495652b..fba96dd 100644 --- a/stix2/test/v20/test_datastore_memory.py +++ b/stix2/test/v20/test_datastore_memory.py @@ -275,13 +275,13 @@ def test_memory_store_object_creator_of_present(mem_store): camp = Campaign( name="Scipio Africanus", objective="Defeat the Carthaginians", - created_by_ref="identity--e4196283-7420-4277-a7a3-d57f61ef1389", + created_by_ref=IDENTITY_ID, x_empire="Roman", allow_custom=True, ) iden = Identity( - id="identity--e4196283-7420-4277-a7a3-d57f61ef1389", + id=IDENTITY_ID, name="Foo Corp.", identity_class="corporation", ) diff --git a/stix2/test/v20/test_intrusion_set.py b/stix2/test/v20/test_intrusion_set.py index f02fbcb..69b336e 100644 --- a/stix2/test/v20/test_intrusion_set.py +++ b/stix2/test/v20/test_intrusion_set.py @@ -5,12 +5,12 @@ import pytz import stix2 -from .constants import INTRUSION_SET_ID +from .constants import IDENTITY_ID, INTRUSION_SET_ID EXPECTED = """{ "type": "intrusion-set", "id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Bobcat Breakin", @@ -29,7 +29,7 @@ EXPECTED = """{ def test_intrusion_set_example(): intrusion_set = stix2.v20.IntrusionSet( id=INTRUSION_SET_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Bobcat Breakin", @@ -49,7 +49,7 @@ def test_intrusion_set_example(): "Zookeeper", ], "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "Incidents usually feature a shared TTP of a bobcat being released...", "goals": [ "acquisition-theft", diff --git a/stix2/test/v20/test_markings.py b/stix2/test/v20/test_markings.py index d011959..b34ef43 100644 --- a/stix2/test/v20/test_markings.py +++ b/stix2/test/v20/test_markings.py @@ -6,7 +6,7 @@ import pytz import stix2 from stix2.v20 import TLP_WHITE -from .constants import CAMPAIGN_ID, MARKING_DEFINITION_ID +from .constants import CAMPAIGN_ID, IDENTITY_ID, MARKING_DEFINITION_ID EXPECTED_TLP_MARKING_DEFINITION = """{ "type": "marking-definition", @@ -31,7 +31,7 @@ EXPECTED_STATEMENT_MARKING_DEFINITION = """{ EXPECTED_CAMPAIGN_WITH_OBJECT_MARKING = """{ "type": "campaign", "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "name": "Green Group Attacks Against Finance", @@ -54,7 +54,7 @@ EXPECTED_GRANULAR_MARKING = """{ EXPECTED_CAMPAIGN_WITH_GRANULAR_MARKINGS = """{ "type": "campaign", "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "name": "Green Group Attacks Against Finance", @@ -111,7 +111,7 @@ def test_campaign_with_markings_example(): campaign = stix2.v20.Campaign( type='campaign', id=CAMPAIGN_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:00.000Z", modified="2016-04-06T20:03:00.000Z", name="Green Group Attacks Against Finance", @@ -147,7 +147,7 @@ def test_campaign_with_granular_markings_example(): campaign = stix2.v20.Campaign( type='campaign', id=CAMPAIGN_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:00.000Z", modified="2016-04-06T20:03:00.000Z", name="Green Group Attacks Against Finance", @@ -261,7 +261,7 @@ def test_marking_wrong_type_construction(): def test_campaign_add_markings(): campaign = stix2.v20.Campaign( id=CAMPAIGN_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:00Z", modified="2016-04-06T20:03:00Z", name="Green Group Attacks Against Finance", diff --git a/stix2/test/v20/test_observed_data.py b/stix2/test/v20/test_observed_data.py index 223184f..1c3cad4 100644 --- a/stix2/test/v20/test_observed_data.py +++ b/stix2/test/v20/test_observed_data.py @@ -6,7 +6,7 @@ import pytz import stix2 -from .constants import OBSERVED_DATA_ID +from .constants import IDENTITY_ID, OBSERVED_DATA_ID OBJECTS_REGEX = re.compile('\"objects\": {(?:.*?)(?:(?:[^{]*?)|(?:{[^{]*?}))*}', re.DOTALL) @@ -14,7 +14,7 @@ OBJECTS_REGEX = re.compile('\"objects\": {(?:.*?)(?:(?:[^{]*?)|(?:{[^{]*?}))*}', EXPECTED = """{ "type": "observed-data", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", "first_observed": "2015-12-21T19:00:00Z", @@ -32,7 +32,7 @@ EXPECTED = """{ def test_observed_data_example(): observed_data = stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -52,7 +52,7 @@ def test_observed_data_example(): EXPECTED_WITH_REF = """{ "type": "observed-data", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", "first_observed": "2015-12-21T19:00:00Z", @@ -77,7 +77,7 @@ EXPECTED_WITH_REF = """{ def test_observed_data_example_with_refs(): observed_data = stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -103,7 +103,7 @@ def test_observed_data_example_with_bad_refs(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -131,7 +131,7 @@ def test_observed_data_example_with_non_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -149,7 +149,7 @@ def test_observed_data_example_with_empty_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -170,7 +170,7 @@ def test_observed_data_example_with_empty_dictionary(): "type": "observed-data", "id": OBSERVED_DATA_ID, "created": "2016-04-06T19:58:16.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "first_observed": "2015-12-21T19:00:00Z", "last_observed": "2015-12-21T19:00:00Z", "modified": "2016-04-06T19:58:16.000Z", @@ -193,7 +193,7 @@ def test_parse_observed_data(data): assert odata.modified == dt.datetime(2016, 4, 6, 19, 58, 16, tzinfo=pytz.utc) assert odata.first_observed == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert odata.last_observed == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) - assert odata.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert odata.created_by_ref == IDENTITY_ID assert odata.objects["0"].type == "file" @@ -533,7 +533,7 @@ def test_parse_basic_tcp_traffic_with_error(data): EXPECTED_PROCESS_OD = """{ "created": "2016-04-06T19:58:16.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "first_observed": "2015-12-21T19:00:00Z", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", "last_observed": "2015-12-21T19:00:00Z", @@ -564,7 +564,7 @@ EXPECTED_PROCESS_OD = """{ def test_observed_data_with_process_example(): observed_data = stix2.v20.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v20/test_pickle.py b/stix2/test/v20/test_pickle.py index 6c65d8f..416341c 100644 --- a/stix2/test/v20/test_pickle.py +++ b/stix2/test/v20/test_pickle.py @@ -2,13 +2,15 @@ import pickle import stix2 +from .constants import IDENTITY_ID + def test_pickling(): """ Ensure a pickle/unpickle cycle works okay. """ identity = stix2.v20.Identity( - id="identity--d66cb89d-5228-4983-958c-fa84ef75c88c", + id=IDENTITY_ID, name="alice", description="this is a pickle test", identity_class="some_class", diff --git a/stix2/test/v20/test_report.py b/stix2/test/v20/test_report.py index 49fc5ac..7f93511 100644 --- a/stix2/test/v20/test_report.py +++ b/stix2/test/v20/test_report.py @@ -5,21 +5,24 @@ import pytz import stix2 -from .constants import INDICATOR_KWARGS, REPORT_ID +from .constants import ( + CAMPAIGN_ID, IDENTITY_ID, INDICATOR_ID, INDICATOR_KWARGS, RELATIONSHIP_ID, + REPORT_ID, +) EXPECTED = """{ "type": "report", "id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", - "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2015-12-21T19:59:11.000Z", "modified": "2015-12-21T19:59:11.000Z", "name": "The Black Vine Cyberespionage Group", "description": "A simple report with an indicator and campaign", "published": "2016-01-20T17:00:00Z", "object_refs": [ - "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a" + "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", + "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + "relationship--df7c87eb-75d2-4948-af81-9d49d246f301" ], "labels": [ "campaign" @@ -30,7 +33,7 @@ EXPECTED = """{ def test_report_example(): report = stix2.v20.Report( id=REPORT_ID, - created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + created_by_ref=IDENTITY_ID, created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="The Black Vine Cyberespionage Group", @@ -38,9 +41,9 @@ def test_report_example(): published="2016-01-20T17:00:00Z", labels=["campaign"], object_refs=[ - "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + INDICATOR_ID, + CAMPAIGN_ID, + RELATIONSHIP_ID, ], ) @@ -50,7 +53,7 @@ def test_report_example(): def test_report_example_objects_in_object_refs(): report = stix2.v20.Report( id=REPORT_ID, - created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + created_by_ref=IDENTITY_ID, created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="The Black Vine Cyberespionage Group", @@ -58,9 +61,9 @@ def test_report_example_objects_in_object_refs(): published="2016-01-20T17:00:00Z", labels=["campaign"], object_refs=[ - stix2.v20.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS), - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + stix2.v20.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS), + CAMPAIGN_ID, + RELATIONSHIP_ID, ], ) @@ -71,7 +74,7 @@ def test_report_example_objects_in_object_refs_with_bad_id(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v20.Report( id=REPORT_ID, - created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + created_by_ref=IDENTITY_ID, created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="The Black Vine Cyberespionage Group", @@ -79,9 +82,9 @@ def test_report_example_objects_in_object_refs_with_bad_id(): published="2016-01-20T17:00:00Z", labels=["campaign"], object_refs=[ - stix2.v20.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS), + stix2.v20.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS), "campaign-83422c77-904c-4dc1-aff5-5c38f3a2c55c", # the "bad" id, missing a "-" - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + RELATIONSHIP_ID, ], ) @@ -96,7 +99,7 @@ def test_report_example_objects_in_object_refs_with_bad_id(): EXPECTED, { "created": "2015-12-21T19:59:11.000Z", - "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + "created_by_ref": IDENTITY_ID, "description": "A simple report with an indicator and campaign", "id": REPORT_ID, "labels": [ @@ -105,9 +108,9 @@ def test_report_example_objects_in_object_refs_with_bad_id(): "modified": "2015-12-21T19:59:11.000Z", "name": "The Black Vine Cyberespionage Group", "object_refs": [ - "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + INDICATOR_ID, + CAMPAIGN_ID, + RELATIONSHIP_ID, ], "published": "2016-01-20T17:00:00Z", "type": "report", @@ -121,11 +124,11 @@ def test_parse_report(data): assert rept.id == REPORT_ID assert rept.created == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc) assert rept.modified == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc) - assert rept.created_by_ref == "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283" + assert rept.created_by_ref == IDENTITY_ID assert rept.object_refs == [ - "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + INDICATOR_ID, + CAMPAIGN_ID, + RELATIONSHIP_ID, ] assert rept.description == "A simple report with an indicator and campaign" assert rept.labels == ["campaign"] diff --git a/stix2/test/v20/test_sighting.py b/stix2/test/v20/test_sighting.py index e0c9b3b..994335c 100644 --- a/stix2/test/v20/test_sighting.py +++ b/stix2/test/v20/test_sighting.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import INDICATOR_ID, SIGHTING_ID, SIGHTING_KWARGS +from .constants import IDENTITY_ID, INDICATOR_ID, SIGHTING_ID, SIGHTING_KWARGS EXPECTED_SIGHTING = """{ "type": "sighting", @@ -14,7 +14,7 @@ EXPECTED_SIGHTING = """{ "modified": "2016-04-06T20:06:37.000Z", "sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "where_sighted_refs": [ - "identity--8cc7afd6-5455-4d2b-a736-e614ee631d99" + "identity--311b2d2d-f010-4473-83ec-1edf84858f4c" ] }""" @@ -39,7 +39,7 @@ def test_sighting_all_required_properties(): created=now, modified=now, sighting_of_ref=INDICATOR_ID, - where_sighted_refs=["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"], + where_sighted_refs=[IDENTITY_ID], ) assert str(s) == EXPECTED_SIGHTING @@ -99,7 +99,7 @@ def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811 "sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "type": "sighting", "where_sighted_refs": [ - "identity--8cc7afd6-5455-4d2b-a736-e614ee631d99", + IDENTITY_ID, ], }, ], @@ -112,4 +112,4 @@ def test_parse_sighting(data): assert sighting.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert sighting.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert sighting.sighting_of_ref == INDICATOR_ID - assert sighting.where_sighted_refs == ["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"] + assert sighting.where_sighted_refs == [IDENTITY_ID] diff --git a/stix2/test/v20/test_threat_actor.py b/stix2/test/v20/test_threat_actor.py index 20cb26e..854e77a 100644 --- a/stix2/test/v20/test_threat_actor.py +++ b/stix2/test/v20/test_threat_actor.py @@ -5,12 +5,12 @@ import pytz import stix2 -from .constants import THREAT_ACTOR_ID +from .constants import IDENTITY_ID, THREAT_ACTOR_ID EXPECTED = """{ "type": "threat-actor", "id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Evil Org", @@ -24,7 +24,7 @@ EXPECTED = """{ def test_threat_actor_example(): threat_actor = stix2.v20.ThreatActor( id=THREAT_ACTOR_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", description="The Evil Org threat actor group", @@ -40,7 +40,7 @@ def test_threat_actor_example(): EXPECTED, { "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "The Evil Org threat actor group", "id": THREAT_ACTOR_ID, "modified": "2016-04-06T20:03:48.000Z", @@ -57,7 +57,7 @@ def test_parse_threat_actor(data): assert actor.id == THREAT_ACTOR_ID assert actor.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert actor.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert actor.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert actor.created_by_ref == IDENTITY_ID assert actor.description == "The Evil Org threat actor group" assert actor.name == "Evil Org" assert actor.labels == ["crime-syndicate"] diff --git a/stix2/test/v20/test_tool.py b/stix2/test/v20/test_tool.py index 257b787..435b85e 100644 --- a/stix2/test/v20/test_tool.py +++ b/stix2/test/v20/test_tool.py @@ -5,12 +5,12 @@ import pytz import stix2 -from .constants import TOOL_ID +from .constants import IDENTITY_ID, TOOL_ID EXPECTED = """{ "type": "tool", "id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "VNC", @@ -22,7 +22,7 @@ EXPECTED = """{ EXPECTED_WITH_REVOKED = """{ "type": "tool", "id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "VNC", @@ -36,7 +36,7 @@ EXPECTED_WITH_REVOKED = """{ def test_tool_example(): tool = stix2.v20.Tool( id=TOOL_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", labels=["remote-access"], @@ -51,7 +51,7 @@ def test_tool_example(): EXPECTED, { "created": "2016-04-06T20:03:48Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "id": TOOL_ID, "modified": "2016-04-06T20:03:48Z", "labels": ["remote-access"], @@ -67,7 +67,7 @@ def test_parse_tool(data): assert tool.id == TOOL_ID assert tool.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert tool.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert tool.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert tool.created_by_ref == IDENTITY_ID assert tool.labels == ["remote-access"] assert tool.name == "VNC" @@ -81,7 +81,7 @@ def test_tool_no_workbench_wrappers(): def test_tool_serialize_with_defaults(): tool = stix2.v20.Tool( id=TOOL_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", labels=["remote-access"], diff --git a/stix2/test/v20/test_utils.py b/stix2/test/v20/test_utils.py index 1aa85b1..ee011c1 100644 --- a/stix2/test/v20/test_utils.py +++ b/stix2/test/v20/test_utils.py @@ -8,6 +8,8 @@ import pytz import stix2.utils +from .constants import IDENTITY_ID + amsterdam = pytz.timezone('Europe/Amsterdam') eastern = pytz.timezone('US/Eastern') @@ -123,7 +125,7 @@ def test_deduplicate(stix_objs1): ( stix2.v20.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v21/constants.py b/stix2/test/v21/constants.py index e03c610..bbce32c 100644 --- a/stix2/test/v21/constants.py +++ b/stix2/test/v21/constants.py @@ -53,7 +53,7 @@ CAMPAIGN_MORE_KWARGS = dict( type='campaign', spec_version='2.1', id=CAMPAIGN_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:00.000Z", modified="2016-04-06T20:03:00.000Z", name="Green Group Attacks Against Finance", diff --git a/stix2/test/v21/test_bundle.py b/stix2/test/v21/test_bundle.py index 86c2d00..7adea92 100644 --- a/stix2/test/v21/test_bundle.py +++ b/stix2/test/v21/test_bundle.py @@ -4,6 +4,8 @@ import pytest import stix2 +from .constants import IDENTITY_ID + EXPECTED_BUNDLE = """{ "type": "bundle", "id": "bundle--00000000-0000-4000-8000-000000000007", @@ -190,7 +192,7 @@ def test_parse_unknown_type(): "id": "other--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created": "2016-04-06T20:03:00Z", "modified": "2016-04-06T20:03:00Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "Campaign by Green Group against a series of targets in the financial services sector.", "name": "Green Group Attacks Against Finance", } diff --git a/stix2/test/v21/test_campaign.py b/stix2/test/v21/test_campaign.py index e4c1707..10f5d7b 100644 --- a/stix2/test/v21/test_campaign.py +++ b/stix2/test/v21/test_campaign.py @@ -5,13 +5,13 @@ import pytz import stix2 -from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS +from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS, IDENTITY_ID EXPECTED = """{ "type": "campaign", "spec_version": "2.1", "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "name": "Green Group Attacks Against Finance", @@ -36,7 +36,7 @@ def test_campaign_example(): "id": CAMPAIGN_ID, "created": "2016-04-06T20:03:00Z", "modified": "2016-04-06T20:03:00Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "Campaign by Green Group against a series of targets in the financial services sector.", "name": "Green Group Attacks Against Finance", }, @@ -50,7 +50,7 @@ def test_parse_campaign(data): assert cmpn.id == CAMPAIGN_ID assert cmpn.created == dt.datetime(2016, 4, 6, 20, 3, 0, tzinfo=pytz.utc) assert cmpn.modified == dt.datetime(2016, 4, 6, 20, 3, 0, tzinfo=pytz.utc) - assert cmpn.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert cmpn.created_by_ref == IDENTITY_ID assert cmpn.description == "Campaign by Green Group against a series of targets in the financial services sector." assert cmpn.name == "Green Group Attacks Against Finance" diff --git a/stix2/test/v21/test_core.py b/stix2/test/v21/test_core.py index c90592b..bf45f32 100644 --- a/stix2/test/v21/test_core.py +++ b/stix2/test/v21/test_core.py @@ -3,7 +3,7 @@ import pytest import stix2 from stix2 import core, exceptions -from .constants import OBSERVED_DATA_ID +from .constants import IDENTITY_ID, OBSERVED_DATA_ID BUNDLE = { "type": "bundle", @@ -101,7 +101,7 @@ def test_register_marking_with_no_version(): def test_register_observable_with_default_version(): observed_data = stix2.v21.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -139,7 +139,7 @@ def test_register_observable_with_default_version(): def test_register_observable_extension_with_default_version(): observed_data = stix2.v21.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v21/test_course_of_action.py b/stix2/test/v21/test_course_of_action.py index c27b20d..7cbaed2 100644 --- a/stix2/test/v21/test_course_of_action.py +++ b/stix2/test/v21/test_course_of_action.py @@ -5,13 +5,13 @@ import pytz import stix2 -from .constants import COURSE_OF_ACTION_ID +from .constants import COURSE_OF_ACTION_ID, IDENTITY_ID EXPECTED = """{ "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", @@ -22,7 +22,7 @@ EXPECTED = """{ def test_course_of_action_example(): coa = stix2.v21.CourseOfAction( id=COURSE_OF_ACTION_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", @@ -37,7 +37,7 @@ def test_course_of_action_example(): EXPECTED, { "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ...", "id": COURSE_OF_ACTION_ID, "modified": "2016-04-06T20:03:48.000Z", @@ -55,7 +55,7 @@ def test_parse_course_of_action(data): assert coa.id == COURSE_OF_ACTION_ID assert coa.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert coa.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert coa.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert coa.created_by_ref == IDENTITY_ID assert coa.description == "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..." assert coa.name == "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter" diff --git a/stix2/test/v21/test_datastore_memory.py b/stix2/test/v21/test_datastore_memory.py index eb30f07..b69d4d6 100644 --- a/stix2/test/v21/test_datastore_memory.py +++ b/stix2/test/v21/test_datastore_memory.py @@ -282,13 +282,13 @@ def test_memory_store_object_creator_of_present(mem_store): camp = Campaign( name="Scipio Africanus", objective="Defeat the Carthaginians", - created_by_ref="identity--e4196283-7420-4277-a7a3-d57f61ef1389", + created_by_ref=IDENTITY_ID, x_empire="Roman", allow_custom=True, ) iden = Identity( - id="identity--e4196283-7420-4277-a7a3-d57f61ef1389", + id=IDENTITY_ID, name="Foo Corp.", identity_class="corporation", ) diff --git a/stix2/test/v21/test_intrusion_set.py b/stix2/test/v21/test_intrusion_set.py index f8d5dc2..778eda7 100644 --- a/stix2/test/v21/test_intrusion_set.py +++ b/stix2/test/v21/test_intrusion_set.py @@ -5,13 +5,13 @@ import pytz import stix2 -from .constants import INTRUSION_SET_ID +from .constants import IDENTITY_ID, INTRUSION_SET_ID EXPECTED = """{ "type": "intrusion-set", "spec_version": "2.1", "id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Bobcat Breakin", @@ -30,7 +30,7 @@ EXPECTED = """{ def test_intrusion_set_example(): intrusion_set = stix2.v21.IntrusionSet( id=INTRUSION_SET_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Bobcat Breakin", @@ -50,7 +50,7 @@ def test_intrusion_set_example(): "Zookeeper", ], "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "Incidents usually feature a shared TTP of a bobcat being released...", "goals": [ "acquisition-theft", diff --git a/stix2/test/v21/test_markings.py b/stix2/test/v21/test_markings.py index 11b6a95..7793889 100644 --- a/stix2/test/v21/test_markings.py +++ b/stix2/test/v21/test_markings.py @@ -6,7 +6,7 @@ import pytz import stix2 from stix2.v21 import TLP_WHITE -from .constants import MARKING_DEFINITION_ID +from .constants import IDENTITY_ID, MARKING_DEFINITION_ID EXPECTED_TLP_MARKING_DEFINITION = """{ "type": "marking-definition", @@ -34,7 +34,7 @@ EXPECTED_CAMPAIGN_WITH_OBJECT_MARKING = """{ "type": "campaign", "spec_version": "2.1", "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "name": "Green Group Attacks Against Finance", @@ -58,7 +58,7 @@ EXPECTED_CAMPAIGN_WITH_GRANULAR_MARKINGS = """{ "type": "campaign", "spec_version": "2.1", "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z", "name": "Green Group Attacks Against Finance", @@ -114,7 +114,7 @@ def test_marking_def_invalid_type(): def test_campaign_with_markings_example(): campaign = stix2.v21.Campaign( id="campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:00Z", modified="2016-04-06T20:03:00Z", name="Green Group Attacks Against Finance", @@ -149,7 +149,7 @@ def test_granular_example_with_bad_selector(): def test_campaign_with_granular_markings_example(): campaign = stix2.v21.Campaign( id="campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:00Z", modified="2016-04-06T20:03:00Z", name="Green Group Attacks Against Finance", @@ -265,7 +265,7 @@ def test_marking_wrong_type_construction(): def test_campaign_add_markings(): campaign = stix2.v21.Campaign( id="campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:00Z", modified="2016-04-06T20:03:00Z", name="Green Group Attacks Against Finance", diff --git a/stix2/test/v21/test_observed_data.py b/stix2/test/v21/test_observed_data.py index 3dde027..f3e1ea0 100644 --- a/stix2/test/v21/test_observed_data.py +++ b/stix2/test/v21/test_observed_data.py @@ -6,7 +6,7 @@ import pytz import stix2 -from .constants import OBSERVED_DATA_ID +from .constants import IDENTITY_ID, OBSERVED_DATA_ID OBJECTS_REGEX = re.compile('\"objects\": {(?:.*?)(?:(?:[^{]*?)|(?:{[^{]*?}))*}', re.DOTALL) @@ -15,7 +15,7 @@ EXPECTED = """{ "type": "observed-data", "spec_version": "2.1", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", "first_observed": "2015-12-21T19:00:00Z", @@ -33,7 +33,7 @@ EXPECTED = """{ def test_observed_data_example(): observed_data = stix2.v21.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -54,7 +54,7 @@ EXPECTED_WITH_REF = """{ "type": "observed-data", "spec_version": "2.1", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z", "first_observed": "2015-12-21T19:00:00Z", @@ -79,7 +79,7 @@ EXPECTED_WITH_REF = """{ def test_observed_data_example_with_refs(): observed_data = stix2.v21.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -105,7 +105,7 @@ def test_observed_data_example_with_bad_refs(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -133,7 +133,7 @@ def test_observed_data_example_with_non_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -151,7 +151,7 @@ def test_observed_data_example_with_empty_dictionary(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", @@ -173,7 +173,7 @@ def test_observed_data_example_with_empty_dictionary(): "spec_version": "2.1", "id": OBSERVED_DATA_ID, "created": "2016-04-06T19:58:16.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "first_observed": "2015-12-21T19:00:00Z", "last_observed": "2015-12-21T19:00:00Z", "modified": "2016-04-06T19:58:16.000Z", @@ -197,7 +197,7 @@ def test_parse_observed_data(data): assert odata.modified == dt.datetime(2016, 4, 6, 19, 58, 16, tzinfo=pytz.utc) assert odata.first_observed == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert odata.last_observed == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) - assert odata.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert odata.created_by_ref == IDENTITY_ID assert odata.objects["0"].type == "file" @@ -537,7 +537,7 @@ def test_parse_basic_tcp_traffic_with_error(data): EXPECTED_PROCESS_OD = """{ "created": "2016-04-06T19:58:16.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "first_observed": "2015-12-21T19:00:00Z", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", "last_observed": "2015-12-21T19:00:00Z", @@ -566,7 +566,7 @@ EXPECTED_PROCESS_OD = """{ def test_observed_data_with_process_example(): observed_data = stix2.v21.ObservedData( id=OBSERVED_DATA_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", diff --git a/stix2/test/v21/test_pickle.py b/stix2/test/v21/test_pickle.py index 0dc1c4c..faef4c4 100644 --- a/stix2/test/v21/test_pickle.py +++ b/stix2/test/v21/test_pickle.py @@ -2,13 +2,15 @@ import pickle import stix2 +from .constants import IDENTITY_ID + def test_pickling(): """ Ensure a pickle/unpickle cycle works okay. """ identity = stix2.v21.Identity( - id="identity--d66cb89d-5228-4983-958c-fa84ef75c88c", + id=IDENTITY_ID, name="alice", description="this is a pickle test", identity_class="some_class", diff --git a/stix2/test/v21/test_report.py b/stix2/test/v21/test_report.py index 22b5fb8..d6aa288 100644 --- a/stix2/test/v21/test_report.py +++ b/stix2/test/v21/test_report.py @@ -5,13 +5,16 @@ import pytz import stix2 -from .constants import INDICATOR_KWARGS, REPORT_ID +from .constants import ( + CAMPAIGN_ID, IDENTITY_ID, INDICATOR_ID, INDICATOR_KWARGS, RELATIONSHIP_ID, + REPORT_ID, +) EXPECTED = """{ "type": "report", "spec_version": "2.1", "id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", - "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2015-12-21T19:59:11.000Z", "modified": "2015-12-21T19:59:11.000Z", "name": "The Black Vine Cyberespionage Group", @@ -21,9 +24,9 @@ EXPECTED = """{ ], "published": "2016-01-20T17:00:00Z", "object_refs": [ - "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a" + "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", + "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", + "relationship--df7c87eb-75d2-4948-af81-9d49d246f301" ] }""" @@ -31,7 +34,7 @@ EXPECTED = """{ def test_report_example(): report = stix2.v21.Report( id=REPORT_ID, - created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + created_by_ref=IDENTITY_ID, created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="The Black Vine Cyberespionage Group", @@ -39,9 +42,9 @@ def test_report_example(): published="2016-01-20T17:00:00Z", report_types=["campaign"], object_refs=[ - "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + INDICATOR_ID, + CAMPAIGN_ID, + RELATIONSHIP_ID, ], ) @@ -51,7 +54,7 @@ def test_report_example(): def test_report_example_objects_in_object_refs(): report = stix2.v21.Report( id=REPORT_ID, - created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + created_by_ref=IDENTITY_ID, created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="The Black Vine Cyberespionage Group", @@ -59,9 +62,9 @@ def test_report_example_objects_in_object_refs(): published="2016-01-20T17:00:00Z", report_types=["campaign"], object_refs=[ - stix2.v21.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS), - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + stix2.v21.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS), + CAMPAIGN_ID, + RELATIONSHIP_ID, ], ) @@ -72,7 +75,7 @@ def test_report_example_objects_in_object_refs_with_bad_id(): with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: stix2.v21.Report( id=REPORT_ID, - created_by_ref="identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + created_by_ref=IDENTITY_ID, created="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z", name="The Black Vine Cyberespionage Group", @@ -80,9 +83,9 @@ def test_report_example_objects_in_object_refs_with_bad_id(): published="2016-01-20T17:00:00Z", report_types=["campaign"], object_refs=[ - stix2.v21.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS), + stix2.v21.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS), "campaign-83422c77-904c-4dc1-aff5-5c38f3a2c55c", # the "bad" id, missing a "-" - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + RELATIONSHIP_ID, ], ) @@ -97,7 +100,7 @@ def test_report_example_objects_in_object_refs_with_bad_id(): EXPECTED, { "created": "2015-12-21T19:59:11.000Z", - "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283", + "created_by_ref": IDENTITY_ID, "description": "A simple report with an indicator and campaign", "id": REPORT_ID, "report_types": [ @@ -106,9 +109,9 @@ def test_report_example_objects_in_object_refs_with_bad_id(): "modified": "2015-12-21T19:59:11.000Z", "name": "The Black Vine Cyberespionage Group", "object_refs": [ - "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + INDICATOR_ID, + CAMPAIGN_ID, + RELATIONSHIP_ID, ], "published": "2016-01-20T17:00:00Z", "spec_version": "2.1", @@ -124,11 +127,11 @@ def test_parse_report(data): assert rept.id == REPORT_ID assert rept.created == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc) assert rept.modified == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc) - assert rept.created_by_ref == "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283" + assert rept.created_by_ref == IDENTITY_ID assert rept.object_refs == [ - "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", - "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", - "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a", + INDICATOR_ID, + CAMPAIGN_ID, + RELATIONSHIP_ID, ] assert rept.description == "A simple report with an indicator and campaign" assert rept.report_types == ["campaign"] diff --git a/stix2/test/v21/test_sighting.py b/stix2/test/v21/test_sighting.py index c0fa7c3..950aebb 100644 --- a/stix2/test/v21/test_sighting.py +++ b/stix2/test/v21/test_sighting.py @@ -5,7 +5,7 @@ import pytz import stix2 -from .constants import INDICATOR_ID, SIGHTING_ID, SIGHTING_KWARGS +from .constants import IDENTITY_ID, INDICATOR_ID, SIGHTING_ID, SIGHTING_KWARGS EXPECTED_SIGHTING = """{ "type": "sighting", @@ -15,7 +15,7 @@ EXPECTED_SIGHTING = """{ "modified": "2016-04-06T20:06:37.000Z", "sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7", "where_sighted_refs": [ - "identity--8cc7afd6-5455-4d2b-a736-e614ee631d99" + "identity--311b2d2d-f010-4473-83ec-1edf84858f4c" ] }""" @@ -41,7 +41,7 @@ def test_sighting_all_required_properties(): created=now, modified=now, sighting_of_ref=INDICATOR_ID, - where_sighted_refs=["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"], + where_sighted_refs=[IDENTITY_ID], ) assert str(s) == EXPECTED_SIGHTING @@ -102,7 +102,7 @@ def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811 "spec_version": "2.1", "type": "sighting", "where_sighted_refs": [ - "identity--8cc7afd6-5455-4d2b-a736-e614ee631d99", + IDENTITY_ID, ], }, ], @@ -116,4 +116,4 @@ def test_parse_sighting(data): assert sighting.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert sighting.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc) assert sighting.sighting_of_ref == INDICATOR_ID - assert sighting.where_sighted_refs == ["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"] + assert sighting.where_sighted_refs == [IDENTITY_ID] diff --git a/stix2/test/v21/test_threat_actor.py b/stix2/test/v21/test_threat_actor.py index fd4dcf7..5468731 100644 --- a/stix2/test/v21/test_threat_actor.py +++ b/stix2/test/v21/test_threat_actor.py @@ -5,13 +5,13 @@ import pytz import stix2 -from .constants import THREAT_ACTOR_ID +from .constants import IDENTITY_ID, THREAT_ACTOR_ID EXPECTED = """{ "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Evil Org", @@ -25,7 +25,7 @@ EXPECTED = """{ def test_threat_actor_example(): threat_actor = stix2.v21.ThreatActor( id=THREAT_ACTOR_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="Evil Org", @@ -41,7 +41,7 @@ def test_threat_actor_example(): EXPECTED, { "created": "2016-04-06T20:03:48.000Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "description": "The Evil Org threat actor group", "id": THREAT_ACTOR_ID, "threat_actor_types": [ @@ -62,7 +62,7 @@ def test_parse_threat_actor(data): assert actor.id == THREAT_ACTOR_ID assert actor.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert actor.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert actor.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert actor.created_by_ref == IDENTITY_ID assert actor.description == "The Evil Org threat actor group" assert actor.name == "Evil Org" assert actor.threat_actor_types == ["crime-syndicate"] diff --git a/stix2/test/v21/test_tool.py b/stix2/test/v21/test_tool.py index e0ec6b0..6a7d89c 100644 --- a/stix2/test/v21/test_tool.py +++ b/stix2/test/v21/test_tool.py @@ -5,13 +5,13 @@ import pytz import stix2 -from .constants import TOOL_ID +from .constants import IDENTITY_ID, TOOL_ID EXPECTED = """{ "type": "tool", "spec_version": "2.1", "id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "VNC", @@ -24,7 +24,7 @@ EXPECTED_WITH_REVOKED = """{ "type": "tool", "spec_version": "2.1", "id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "VNC", @@ -38,7 +38,7 @@ EXPECTED_WITH_REVOKED = """{ def test_tool_example(): tool = stix2.v21.Tool( id=TOOL_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="VNC", @@ -53,7 +53,7 @@ def test_tool_example(): EXPECTED, { "created": "2016-04-06T20:03:48Z", - "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + "created_by_ref": IDENTITY_ID, "id": TOOL_ID, "tool_types": [ "remote-access", @@ -73,7 +73,7 @@ def test_parse_tool(data): assert tool.id == TOOL_ID assert tool.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) assert tool.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) - assert tool.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff" + assert tool.created_by_ref == IDENTITY_ID assert tool.tool_types == ["remote-access"] assert tool.name == "VNC" @@ -87,7 +87,7 @@ def test_tool_no_workbench_wrappers(): def test_tool_serialize_with_defaults(): tool = stix2.v21.Tool( id=TOOL_ID, - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T20:03:48.000Z", modified="2016-04-06T20:03:48.000Z", name="VNC", diff --git a/stix2/test/v21/test_utils.py b/stix2/test/v21/test_utils.py index 96a06d3..dec3294 100644 --- a/stix2/test/v21/test_utils.py +++ b/stix2/test/v21/test_utils.py @@ -8,6 +8,8 @@ import pytz import stix2.utils +from .constants import IDENTITY_ID + amsterdam = pytz.timezone('Europe/Amsterdam') eastern = pytz.timezone('US/Eastern') @@ -123,7 +125,7 @@ def test_deduplicate(stix_objs1): ( stix2.v21.ObservedData( id="observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", - created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", + created_by_ref=IDENTITY_ID, created="2016-04-06T19:58:16.000Z", modified="2016-04-06T19:58:16.000Z", first_observed="2015-12-21T19:00:00Z", From 1c03b4a1f09b2b27731765dacfd4b0b59adb7f63 Mon Sep 17 00:00:00 2001 From: John-Mark Gurney Date: Mon, 4 Feb 2019 13:58:33 -0800 Subject: [PATCH 10/10] minor grammar fix --- stix2/datastore/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stix2/datastore/__init__.py b/stix2/datastore/__init__.py index 561fe9e..57cb513 100644 --- a/stix2/datastore/__init__.py +++ b/stix2/datastore/__init__.py @@ -420,7 +420,7 @@ class CompositeDataSource(DataSource): """Controller for all the attached DataSources. A user can have a single CompositeDataSource as an interface - the a set of DataSources. When an API call is made to the + to a set of DataSources. When an API call is made to the CompositeDataSource, it is delegated to each of the (real) DataSources that are attached to it.