fix ordering problem with Class definitions

pull/1/head
Emmanuelle Vargas-Gonzalez 2020-11-18 19:01:12 -05:00
parent 3cef32edb2
commit 49985cc51d
5 changed files with 69 additions and 69 deletions

View File

@ -10,13 +10,9 @@ MALWARE_ANALYSIS_JSON = """{
"type": "malware-analysis", "type": "malware-analysis",
"spec_version": "2.1", "spec_version": "2.1",
"id": "malware-analysis--f8afc020-f92f-4906-a971-88ee5882eb46", "id": "malware-analysis--f8afc020-f92f-4906-a971-88ee5882eb46",
"created_by_ref": "identity--e0353ed3-991e-4f71-a332-114c2f10b84f",
"created": "2017-11-28T09:44:58.418Z", "created": "2017-11-28T09:44:58.418Z",
"modified": "2017-12-31T21:27:49.754Z", "modified": "2017-12-31T21:27:49.754Z",
"created_by_ref": "identity--e0353ed3-991e-4f71-a332-114c2f10b84f",
"labels": [
"label1",
"label2"
],
"product": "Acme Malware Analyzer", "product": "Acme Malware Analyzer",
"version": "2.5", "version": "2.5",
"host_vm_ref": "software--1bda7336-fe67-469f-a8ca-ab6268b0449b", "host_vm_ref": "software--1bda7336-fe67-469f-a8ca-ab6268b0449b",
@ -40,7 +36,11 @@ MALWARE_ANALYSIS_JSON = """{
"file--fc27e371-6c88-4c5c-868a-4dda0e60b167", "file--fc27e371-6c88-4c5c-868a-4dda0e60b167",
"url--6f7a74cd-8eb2-4b88-a4da-aa878e50ac2e" "url--6f7a74cd-8eb2-4b88-a4da-aa878e50ac2e"
], ],
"sample_ref": "email-addr--499a32d7-74c1-4276-ace9-725ac933e243" "sample_ref": "email-addr--499a32d7-74c1-4276-ace9-725ac933e243",
"labels": [
"label1",
"label2"
]
}""" }"""

View File

@ -124,11 +124,11 @@ class MarkingDefinition(_STIXBase20, _MarkingsMixin):
('id', IDProperty(_type, spec_version='2.0')), ('id', IDProperty(_type, spec_version='2.0')),
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.0')), ('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.0')),
('created', TimestampProperty(default=lambda: NOW)), ('created', TimestampProperty(default=lambda: NOW)),
('definition_type', StringProperty(required=True)),
('definition', MarkingProperty(required=True)),
('external_references', ListProperty(ExternalReference)), ('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.0'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.0'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('definition_type', StringProperty(required=True)),
('definition', MarkingProperty(required=True)),
]) ])
def __init__(self, **kwargs): def __init__(self, **kwargs):

View File

@ -94,7 +94,7 @@ class LanguageContent(_STIXBase21):
('object_modified', TimestampProperty(precision='millisecond')), ('object_modified', TimestampProperty(precision='millisecond')),
# TODO: 'contents' https://docs.google.com/document/d/1ShNq4c3e1CkfANmD9O--mdZ5H0O_GLnjN28a_yrEaco/edit#heading=h.cfz5hcantmvx # TODO: 'contents' https://docs.google.com/document/d/1ShNq4c3e1CkfANmD9O--mdZ5H0O_GLnjN28a_yrEaco/edit#heading=h.cfz5hcantmvx
('contents', DictionaryProperty(spec_version='2.1', required=True)), ('contents', DictionaryProperty(spec_version='2.1', required=True)),
('revoked', BooleanProperty()), ('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)), ('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()), ('confidence', IntegerProperty()),
('external_references', ListProperty(ExternalReference)), ('external_references', ListProperty(ExternalReference)),
@ -156,12 +156,12 @@ class MarkingDefinition(_STIXBase21, _MarkingsMixin):
('id', IDProperty(_type)), ('id', IDProperty(_type)),
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')), ('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)),
('definition_type', StringProperty(required=True)), ('definition_type', StringProperty(required=True)),
('name', StringProperty()), ('name', StringProperty()),
('definition', MarkingProperty(required=True)), ('definition', MarkingProperty(required=True)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)),
]) ])
def __init__(self, **kwargs): def __init__(self, **kwargs):

View File

@ -28,6 +28,7 @@ class Artifact(_Observable):
_type = 'artifact' _type = 'artifact'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('mime_type', StringProperty()), ('mime_type', StringProperty()),
('payload_bin', BinaryProperty()), ('payload_bin', BinaryProperty()),
@ -35,11 +36,10 @@ class Artifact(_Observable):
('hashes', HashesProperty(spec_version='2.1')), ('hashes', HashesProperty(spec_version='2.1')),
('encryption_algorithm', StringProperty()), ('encryption_algorithm', StringProperty()),
('decryption_key', StringProperty()), ('decryption_key', StringProperty()),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["hashes", "payload_bin"] _id_contributing_properties = ["hashes", "payload_bin"]
@ -57,15 +57,15 @@ class AutonomousSystem(_Observable):
_type = 'autonomous-system' _type = 'autonomous-system'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('number', IntegerProperty(required=True)), ('number', IntegerProperty(required=True)),
('name', StringProperty()), ('name', StringProperty()),
('rir', StringProperty()), ('rir', StringProperty()),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["number"] _id_contributing_properties = ["number"]
@ -78,6 +78,7 @@ class Directory(_Observable):
_type = 'directory' _type = 'directory'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('path', StringProperty(required=True)), ('path', StringProperty(required=True)),
('path_enc', StringProperty()), ('path_enc', StringProperty()),
@ -86,11 +87,10 @@ class Directory(_Observable):
('mtime', TimestampProperty()), ('mtime', TimestampProperty()),
('atime', TimestampProperty()), ('atime', TimestampProperty()),
('contains_refs', ListProperty(ReferenceProperty(valid_types=['file', 'directory'], spec_version='2.1'))), ('contains_refs', ListProperty(ReferenceProperty(valid_types=['file', 'directory'], spec_version='2.1'))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["path"] _id_contributing_properties = ["path"]
@ -103,14 +103,14 @@ class DomainName(_Observable):
_type = 'domain-name' _type = 'domain-name'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('resolves_to_refs', ListProperty(ReferenceProperty(valid_types=['ipv4-addr', 'ipv6-addr', 'domain-name'], spec_version='2.1'))), ('resolves_to_refs', ListProperty(ReferenceProperty(valid_types=['ipv4-addr', 'ipv6-addr', 'domain-name'], spec_version='2.1'))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["value"] _id_contributing_properties = ["value"]
@ -123,15 +123,15 @@ class EmailAddress(_Observable):
_type = 'email-addr' _type = 'email-addr'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('display_name', StringProperty()), ('display_name', StringProperty()),
('belongs_to_ref', ReferenceProperty(valid_types='user-account', spec_version='2.1')), ('belongs_to_ref', ReferenceProperty(valid_types='user-account', spec_version='2.1')),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["value"] _id_contributing_properties = ["value"]
@ -161,6 +161,7 @@ class EmailMessage(_Observable):
_type = 'email-message' _type = 'email-message'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('is_multipart', BooleanProperty(required=True)), ('is_multipart', BooleanProperty(required=True)),
('date', TimestampProperty()), ('date', TimestampProperty()),
@ -177,11 +178,10 @@ class EmailMessage(_Observable):
('body', StringProperty()), ('body', StringProperty()),
('body_multipart', ListProperty(EmbeddedObjectProperty(type=EmailMIMEComponent))), ('body_multipart', ListProperty(EmbeddedObjectProperty(type=EmailMIMEComponent))),
('raw_email_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')), ('raw_email_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["from_ref", "subject", "body"] _id_contributing_properties = ["from_ref", "subject", "body"]
@ -345,6 +345,7 @@ class File(_Observable):
_type = 'file' _type = 'file'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('hashes', HashesProperty(spec_version='2.1')), ('hashes', HashesProperty(spec_version='2.1')),
('size', IntegerProperty(min=0)), ('size', IntegerProperty(min=0)),
@ -358,11 +359,10 @@ class File(_Observable):
('parent_directory_ref', ReferenceProperty(valid_types='directory', spec_version='2.1')), ('parent_directory_ref', ReferenceProperty(valid_types='directory', spec_version='2.1')),
('contains_refs', ListProperty(ReferenceProperty(valid_types=["SCO"], spec_version='2.1'))), ('contains_refs', ListProperty(ReferenceProperty(valid_types=["SCO"], spec_version='2.1'))),
('content_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')), ('content_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["hashes", "name", "parent_directory_ref", "extensions"] _id_contributing_properties = ["hashes", "name", "parent_directory_ref", "extensions"]
@ -379,15 +379,15 @@ class IPv4Address(_Observable):
_type = 'ipv4-addr' _type = 'ipv4-addr'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('resolves_to_refs', ListProperty(ReferenceProperty(valid_types='mac-addr', spec_version='2.1'))), ('resolves_to_refs', ListProperty(ReferenceProperty(valid_types='mac-addr', spec_version='2.1'))),
('belongs_to_refs', ListProperty(ReferenceProperty(valid_types='autonomous-system', spec_version='2.1'))), ('belongs_to_refs', ListProperty(ReferenceProperty(valid_types='autonomous-system', spec_version='2.1'))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["value"] _id_contributing_properties = ["value"]
@ -400,15 +400,15 @@ class IPv6Address(_Observable):
_type = 'ipv6-addr' _type = 'ipv6-addr'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('resolves_to_refs', ListProperty(ReferenceProperty(valid_types='mac-addr', spec_version='2.1'))), ('resolves_to_refs', ListProperty(ReferenceProperty(valid_types='mac-addr', spec_version='2.1'))),
('belongs_to_refs', ListProperty(ReferenceProperty(valid_types='autonomous-system', spec_version='2.1'))), ('belongs_to_refs', ListProperty(ReferenceProperty(valid_types='autonomous-system', spec_version='2.1'))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["value"] _id_contributing_properties = ["value"]
@ -421,13 +421,13 @@ class MACAddress(_Observable):
_type = 'mac-addr' _type = 'mac-addr'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["value"] _id_contributing_properties = ["value"]
@ -440,13 +440,13 @@ class Mutex(_Observable):
_type = 'mutex' _type = 'mutex'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('name', StringProperty(required=True)), ('name', StringProperty(required=True)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["name"] _id_contributing_properties = ["name"]
@ -551,6 +551,7 @@ class NetworkTraffic(_Observable):
_type = 'network-traffic' _type = 'network-traffic'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('start', TimestampProperty()), ('start', TimestampProperty()),
('end', TimestampProperty()), ('end', TimestampProperty()),
@ -569,11 +570,10 @@ class NetworkTraffic(_Observable):
('dst_payload_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')), ('dst_payload_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')),
('encapsulates_refs', ListProperty(ReferenceProperty(valid_types='network-traffic', spec_version='2.1'))), ('encapsulates_refs', ListProperty(ReferenceProperty(valid_types='network-traffic', spec_version='2.1'))),
('encapsulated_by_ref', ReferenceProperty(valid_types='network-traffic', spec_version='2.1')), ('encapsulated_by_ref', ReferenceProperty(valid_types='network-traffic', spec_version='2.1')),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["start", "src_ref", "dst_ref", "src_port", "dst_port", "protocols"] _id_contributing_properties = ["start", "src_ref", "dst_ref", "src_port", "dst_port", "protocols"]
@ -673,6 +673,7 @@ class Process(_Observable):
_type = 'process' _type = 'process'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('is_hidden', BooleanProperty()), ('is_hidden', BooleanProperty()),
('pid', IntegerProperty()), ('pid', IntegerProperty()),
@ -686,11 +687,10 @@ class Process(_Observable):
('image_ref', ReferenceProperty(valid_types='file', spec_version='2.1')), ('image_ref', ReferenceProperty(valid_types='file', spec_version='2.1')),
('parent_ref', ReferenceProperty(valid_types='process', spec_version='2.1')), ('parent_ref', ReferenceProperty(valid_types='process', spec_version='2.1')),
('child_refs', ListProperty(ReferenceProperty(valid_types='process', spec_version='2.1'))), ('child_refs', ListProperty(ReferenceProperty(valid_types='process', spec_version='2.1'))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = [] _id_contributing_properties = []
@ -717,6 +717,7 @@ class Software(_Observable):
_type = 'software' _type = 'software'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('name', StringProperty(required=True)), ('name', StringProperty(required=True)),
('cpe', StringProperty()), ('cpe', StringProperty()),
@ -724,11 +725,10 @@ class Software(_Observable):
('languages', ListProperty(StringProperty)), ('languages', ListProperty(StringProperty)),
('vendor', StringProperty()), ('vendor', StringProperty()),
('version', StringProperty()), ('version', StringProperty()),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["name", "cpe", "swid", "vendor", "version"] _id_contributing_properties = ["name", "cpe", "swid", "vendor", "version"]
@ -741,13 +741,13 @@ class URL(_Observable):
_type = 'url' _type = 'url'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["value"] _id_contributing_properties = ["value"]
@ -774,6 +774,7 @@ class UserAccount(_Observable):
_type = 'user-account' _type = 'user-account'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('user_id', StringProperty()), ('user_id', StringProperty()),
('credential', StringProperty()), ('credential', StringProperty()),
@ -789,11 +790,10 @@ class UserAccount(_Observable):
('credential_last_changed', TimestampProperty()), ('credential_last_changed', TimestampProperty()),
('account_first_login', TimestampProperty()), ('account_first_login', TimestampProperty()),
('account_last_login', TimestampProperty()), ('account_last_login', TimestampProperty()),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["account_type", "user_id", "account_login"] _id_contributing_properties = ["account_type", "user_id", "account_login"]
@ -835,6 +835,7 @@ class WindowsRegistryKey(_Observable):
_type = 'windows-registry-key' _type = 'windows-registry-key'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('key', StringProperty()), ('key', StringProperty()),
('values', ListProperty(EmbeddedObjectProperty(type=WindowsRegistryValueType))), ('values', ListProperty(EmbeddedObjectProperty(type=WindowsRegistryValueType))),
@ -842,11 +843,10 @@ class WindowsRegistryKey(_Observable):
('modified_time', TimestampProperty()), ('modified_time', TimestampProperty()),
('creator_user_ref', ReferenceProperty(valid_types='user-account', spec_version='2.1')), ('creator_user_ref', ReferenceProperty(valid_types='user-account', spec_version='2.1')),
('number_of_subkeys', IntegerProperty()), ('number_of_subkeys', IntegerProperty()),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["key", "values"] _id_contributing_properties = ["key", "values"]
@ -885,6 +885,7 @@ class X509Certificate(_Observable):
_type = 'x509-certificate' _type = 'x509-certificate'
_properties = OrderedDict([ _properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('is_self_signed', BooleanProperty()), ('is_self_signed', BooleanProperty()),
('hashes', HashesProperty(spec_version='2.1')), ('hashes', HashesProperty(spec_version='2.1')),
@ -899,11 +900,10 @@ class X509Certificate(_Observable):
('subject_public_key_modulus', StringProperty()), ('subject_public_key_modulus', StringProperty()),
('subject_public_key_exponent', IntegerProperty()), ('subject_public_key_exponent', IntegerProperty()),
('x509_v3_extensions', EmbeddedObjectProperty(type=X509V3ExtenstionsType)), ('x509_v3_extensions', EmbeddedObjectProperty(type=X509V3ExtenstionsType)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)), ('defanged', BooleanProperty(default=lambda: False)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
]) ])
_id_contributing_properties = ["hashes", "serial_number"] _id_contributing_properties = ["hashes", "serial_number"]

View File

@ -122,9 +122,13 @@ class Grouping(_DomainObject):
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')), ('name', StringProperty()),
('description', StringProperty()),
('context', StringProperty(required=True)),
('object_refs', ListProperty(ReferenceProperty(valid_types=["SCO", "SDO", "SRO"], spec_version='2.1'), required=True)),
('revoked', BooleanProperty(default=lambda: False)), ('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)), ('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()), ('confidence', IntegerProperty()),
@ -132,10 +136,6 @@ class Grouping(_DomainObject):
('external_references', ListProperty(ExternalReference)), ('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('name', StringProperty()),
('description', StringProperty()),
('context', StringProperty(required=True)),
('object_refs', ListProperty(ReferenceProperty(valid_types=["SCO", "SDO", "SRO"], spec_version='2.1'), required=True)),
]) ])
@ -240,13 +240,6 @@ class Infrastructure(_DomainObject):
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')), ('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()),
('lang', StringProperty()),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)),
('name', StringProperty(required=True)), ('name', StringProperty(required=True)),
('description', StringProperty()), ('description', StringProperty()),
('infrastructure_types', ListProperty(StringProperty)), ('infrastructure_types', ListProperty(StringProperty)),
@ -254,6 +247,13 @@ class Infrastructure(_DomainObject):
('kill_chain_phases', ListProperty(KillChainPhase)), ('kill_chain_phases', ListProperty(KillChainPhase)),
('first_seen', TimestampProperty()), ('first_seen', TimestampProperty()),
('last_seen', TimestampProperty()), ('last_seen', TimestampProperty()),
('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()),
('lang', StringProperty()),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)),
]) ])
def _check_object_constraints(self): def _check_object_constraints(self):
@ -478,16 +478,9 @@ class MalwareAnalysis(_DomainObject):
('type', TypeProperty(_type, spec_version='2.1')), ('type', TypeProperty(_type, spec_version='2.1')),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond', precision_constraint='min')),
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.1')),
('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()),
('lang', StringProperty()),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)),
('product', StringProperty(required=True)), ('product', StringProperty(required=True)),
('version', StringProperty()), ('version', StringProperty()),
('host_vm_ref', ReferenceProperty(valid_types='software', spec_version='2.1')), ('host_vm_ref', ReferenceProperty(valid_types='software', spec_version='2.1')),
@ -503,7 +496,14 @@ class MalwareAnalysis(_DomainObject):
('result_name', StringProperty()), ('result_name', StringProperty()),
('result', StringProperty()), ('result', StringProperty()),
('analysis_sco_refs', ListProperty(ReferenceProperty(valid_types="SCO", spec_version='2.1'))), ('analysis_sco_refs', ListProperty(ReferenceProperty(valid_types="SCO", spec_version='2.1'))),
('sample_ref', ReferenceProperty(valid_types="SCO", spec_version="2.1")), ('sample_ref', ReferenceProperty(valid_types="SCO", spec_version='2.1')),
('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()),
('lang', StringProperty()),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)),
]) ])
def _check_object_constraints(self): def _check_object_constraints(self):