MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Making python imports happy in travis

master
chrisr3d 2019-10-14 14:41:17 +02:00
parent bdba2c0a63
commit 4f1d68065a
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
2 changed files with 60 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
stix2/test/v20/test_interoperability.py
View File

@ -1,5 +1,7 @@
import datetime import datetime
import pytz import pytz
import stix2 import stix2
FAKE_TIME = datetime.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc) FAKE_TIME = datetime.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc)
@ -21,21 +23,23 @@ THREAT_ACTOR_ID = "threat-actor--e5313ad6-6b11-3c07-8ace-7dc52824e063"
TOOL_ID = "tool--bf0895d6-7626-361f-89dd-d404aa340bc2" TOOL_ID = "tool--bf0895d6-7626-361f-89dd-d404aa340bc2"
VULNERABILITY_ID = "vulnerability--20296e55-98b9-5988-851a-51eddd5022c8" VULNERABILITY_ID = "vulnerability--20296e55-98b9-5988-851a-51eddd5022c8"
OBJECT_REFS = [ATTACK_PATTERN_ID, CAMPAIGN_ID, COURSE_OF_ACTION_ID, INDICATOR_ID, INTRUSION_SET_ID, OBJECT_REFS = [
MALWARE_ID, MARKING_DEFINITION_ID, OBSERVED_DATA_ID, RELATIONSHIP_ID, SIGHTING_ID, ATTACK_PATTERN_ID, CAMPAIGN_ID, COURSE_OF_ACTION_ID, INDICATOR_ID, INTRUSION_SET_ID,
THREAT_ACTOR_ID, TOOL_ID, VULNERABILITY_ID] MALWARE_ID, MARKING_DEFINITION_ID, OBSERVED_DATA_ID, RELATIONSHIP_ID, SIGHTING_ID,
THREAT_ACTOR_ID, TOOL_ID, VULNERABILITY_ID,
]
ATTACK_PATTERN_KWARGS = dict( ATTACK_PATTERN_KWARGS = dict(
type='attack-pattern', type='attack-pattern',
id=ATTACK_PATTERN_ID, id=ATTACK_PATTERN_ID,
name="Phishing", name="Phishing",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
BUNDLE_KWARGS = dict( BUNDLE_KWARGS = dict(
type='bundle', type='bundle',
id=BUNDLE_ID, id=BUNDLE_ID,
spec_version='2.0' spec_version='2.0',
) )
CAMPAIGN_KWARGS = dict( CAMPAIGN_KWARGS = dict(
@ -52,7 +56,7 @@ COURSE_OF_ACTION_KWARGS = dict(
type='course-of-action', type='course-of-action',
id=COURSE_OF_ACTION_ID, id=COURSE_OF_ACTION_ID,
name="Block", name="Block",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
IDENTITY_KWARGS = dict( IDENTITY_KWARGS = dict(
@ -67,14 +71,14 @@ INDICATOR_KWARGS = dict(
id=INDICATOR_ID, id=INDICATOR_ID,
labels=['malicious-activity'], labels=['malicious-activity'],
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
INTRUSION_SET_KWARGS = dict( INTRUSION_SET_KWARGS = dict(
type='intrusion-set', type='intrusion-set',
id=INTRUSION_SET_ID, id=INTRUSION_SET_ID,
name="Bobcat Breakin", name="Bobcat Breakin",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
MALWARE_KWARGS = dict( MALWARE_KWARGS = dict(
@ -85,7 +89,7 @@ MALWARE_KWARGS = dict(
labels=['ransomware'], labels=['ransomware'],
name="Cryptolocker", name="Cryptolocker",
description="A ransomware related to ...", description="A ransomware related to ...",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
MARKING_DEFINITION_KWARGS = dict( MARKING_DEFINITION_KWARGS = dict(
@ -93,7 +97,7 @@ MARKING_DEFINITION_KWARGS = dict(
id=MARKING_DEFINITION_ID, id=MARKING_DEFINITION_ID,
definition_type='statement', definition_type='statement',
definition={'statement': "Copyright 2016, Example Corp"}, definition={'statement': "Copyright 2016, Example Corp"},
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
OBSERVED_DATA_KWARGS = dict( OBSERVED_DATA_KWARGS = dict(
@ -106,9 +110,9 @@ OBSERVED_DATA_KWARGS = dict(
"0": { "0": {
"type": "windows-registry-key", "type": "windows-registry-key",
"key": "HKEY_LOCAL_MACHINE\\System\\Foo\\Bar", "key": "HKEY_LOCAL_MACHINE\\System\\Foo\\Bar",
} },
}, },
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
REPORT_KWARGS = dict( REPORT_KWARGS = dict(
@ -118,7 +122,7 @@ REPORT_KWARGS = dict(
name="Bad Cybercrime", name="Bad Cybercrime",
published=FAKE_TIME, published=FAKE_TIME,
object_refs=OBJECT_REFS, object_refs=OBJECT_REFS,
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
RELATIONSHIP_KWARGS = dict( RELATIONSHIP_KWARGS = dict(
@ -127,7 +131,7 @@ RELATIONSHIP_KWARGS = dict(
relationship_type="indicates", relationship_type="indicates",
source_ref=INDICATOR_ID, source_ref=INDICATOR_ID,
target_ref=MALWARE_ID, target_ref=MALWARE_ID,
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
SIGHTING_KWARGS = dict( SIGHTING_KWARGS = dict(
@ -136,7 +140,7 @@ SIGHTING_KWARGS = dict(
sighting_of_ref=INDICATOR_ID, sighting_of_ref=INDICATOR_ID,
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
observed_data_refs=[OBSERVED_DATA_ID], observed_data_refs=[OBSERVED_DATA_ID],
where_sighted_refs=[IDENTITY_ID] where_sighted_refs=[IDENTITY_ID],
) )
THREAT_ACTOR_KWARGS = dict( THREAT_ACTOR_KWARGS = dict(
@ -144,7 +148,7 @@ THREAT_ACTOR_KWARGS = dict(
id=THREAT_ACTOR_ID, id=THREAT_ACTOR_ID,
labels=["crime-syndicate"], labels=["crime-syndicate"],
name="Evil Org", name="Evil Org",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
TOOL_KWARGS = dict( TOOL_KWARGS = dict(
@ -153,14 +157,14 @@ TOOL_KWARGS = dict(
labels=["remote-access"], labels=["remote-access"],
name="VNC", name="VNC",
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
interoperability=True interoperability=True,
) )
VULNERABILITY_KWARGS = dict( VULNERABILITY_KWARGS = dict(
type='vulnerability', type='vulnerability',
id=VULNERABILITY_ID, id=VULNERABILITY_ID,
name="Heartbleed", name="Heartbleed",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
@ -180,9 +184,13 @@ if __name__ == '__main__':
tool = stix2.v20.Tool(**TOOL_KWARGS) tool = stix2.v20.Tool(**TOOL_KWARGS)
vulnerability = stix2.v20.Vulnerability(**VULNERABILITY_KWARGS, interoperability=True) vulnerability = stix2.v20.Vulnerability(**VULNERABILITY_KWARGS, interoperability=True)
report = stix2.v20.Report(**REPORT_KWARGS, interoperability=True) report = stix2.v20.Report(**REPORT_KWARGS, interoperability=True)
bundle = stix2.v20.Bundle(**BUNDLE_KWARGS, interoperability=True, bundle = stix2.v20.Bundle(
objects=[attack_pattern, campaign, course_of_action, identity, indicator, **BUNDLE_KWARGS, interoperability=True,
intrusion_set, malware, marking_definition, observed_data, tool, objects=[
relationship, sighting, threat_actor, vulnerability, report]) attack_pattern, campaign, course_of_action, identity, indicator,
intrusion_set, malware, marking_definition, observed_data, tool,
relationship, sighting, threat_actor, vulnerability, report,
]
)
stix2.parse(dict(bundle), interoperability=True) stix2.parse(dict(bundle), interoperability=True)
print("All interoperability tests passed !") print("All interoperability tests passed !")

52
stix2/test/v21/test_interoperability.py
View File

@ -1,5 +1,7 @@
import datetime import datetime
import pytz import pytz
import stix2 import stix2
FAKE_TIME = datetime.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc) FAKE_TIME = datetime.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc)
@ -21,20 +23,22 @@ THREAT_ACTOR_ID = "threat-actor--e5313ad6-6b11-3c07-8ace-7dc52824e063"
TOOL_ID = "tool--bf0895d6-7626-361f-89dd-d404aa340bc2" TOOL_ID = "tool--bf0895d6-7626-361f-89dd-d404aa340bc2"
VULNERABILITY_ID = "vulnerability--20296e55-98b9-5988-851a-51eddd5022c8" VULNERABILITY_ID = "vulnerability--20296e55-98b9-5988-851a-51eddd5022c8"
OBJECT_REFS = [ATTACK_PATTERN_ID, CAMPAIGN_ID, COURSE_OF_ACTION_ID, INDICATOR_ID, INTRUSION_SET_ID, OBJECT_REFS = [
MALWARE_ID, MARKING_DEFINITION_ID, OBSERVED_DATA_ID, RELATIONSHIP_ID, SIGHTING_ID, ATTACK_PATTERN_ID, CAMPAIGN_ID, COURSE_OF_ACTION_ID, INDICATOR_ID, INTRUSION_SET_ID,
THREAT_ACTOR_ID, TOOL_ID, VULNERABILITY_ID] MALWARE_ID, MARKING_DEFINITION_ID, OBSERVED_DATA_ID, RELATIONSHIP_ID, SIGHTING_ID,
THREAT_ACTOR_ID, TOOL_ID, VULNERABILITY_ID,
]
ATTACK_PATTERN_KWARGS = dict( ATTACK_PATTERN_KWARGS = dict(
type='attack-pattern', type='attack-pattern',
id=ATTACK_PATTERN_ID, id=ATTACK_PATTERN_ID,
name="Phishing", name="Phishing",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
BUNDLE_KWARGS = dict( BUNDLE_KWARGS = dict(
type='bundle', type='bundle',
id=BUNDLE_ID id=BUNDLE_ID,
) )
CAMPAIGN_KWARGS = dict( CAMPAIGN_KWARGS = dict(
@ -51,7 +55,7 @@ COURSE_OF_ACTION_KWARGS = dict(
type='course-of-action', type='course-of-action',
id=COURSE_OF_ACTION_ID, id=COURSE_OF_ACTION_ID,
name="Block", name="Block",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
IDENTITY_KWARGS = dict( IDENTITY_KWARGS = dict(
@ -69,14 +73,14 @@ INDICATOR_KWARGS = dict(
pattern_type="stix", pattern_type="stix",
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
indicator_types=["malicious-activity"], indicator_types=["malicious-activity"],
valid_from="2016-04-06T20:03:00.000Z" valid_from="2016-04-06T20:03:00.000Z",
) )
INTRUSION_SET_KWARGS = dict( INTRUSION_SET_KWARGS = dict(
type='intrusion-set', type='intrusion-set',
id=INTRUSION_SET_ID, id=INTRUSION_SET_ID,
name="Bobcat Breakin", name="Bobcat Breakin",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
MALWARE_KWARGS = dict( MALWARE_KWARGS = dict(
@ -89,7 +93,7 @@ MALWARE_KWARGS = dict(
description="A ransomware related to ...", description="A ransomware related to ...",
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
malware_types=["malicious-activity"], malware_types=["malicious-activity"],
is_family=False is_family=False,
) )
MARKING_DEFINITION_KWARGS = dict( MARKING_DEFINITION_KWARGS = dict(
@ -97,7 +101,7 @@ MARKING_DEFINITION_KWARGS = dict(
id=MARKING_DEFINITION_ID, id=MARKING_DEFINITION_ID,
definition_type='statement', definition_type='statement',
definition={'statement': "Copyright 2016, Example Corp"}, definition={'statement': "Copyright 2016, Example Corp"},
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
OBSERVED_DATA_KWARGS = dict( OBSERVED_DATA_KWARGS = dict(
@ -110,9 +114,9 @@ OBSERVED_DATA_KWARGS = dict(
"0": { "0": {
"type": "windows-registry-key", "type": "windows-registry-key",
"key": "HKEY_LOCAL_MACHINE\\System\\Foo\\Bar", "key": "HKEY_LOCAL_MACHINE\\System\\Foo\\Bar",
} },
}, },
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
REPORT_KWARGS = dict( REPORT_KWARGS = dict(
@ -123,7 +127,7 @@ REPORT_KWARGS = dict(
published=FAKE_TIME, published=FAKE_TIME,
object_refs=OBJECT_REFS, object_refs=OBJECT_REFS,
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
report_types=["malicious-activity"] report_types=["malicious-activity"],
) )
RELATIONSHIP_KWARGS = dict( RELATIONSHIP_KWARGS = dict(
@ -132,7 +136,7 @@ RELATIONSHIP_KWARGS = dict(
relationship_type="indicates", relationship_type="indicates",
source_ref=INDICATOR_ID, source_ref=INDICATOR_ID,
target_ref=MALWARE_ID, target_ref=MALWARE_ID,
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
SIGHTING_KWARGS = dict( SIGHTING_KWARGS = dict(
@ -141,7 +145,7 @@ SIGHTING_KWARGS = dict(
sighting_of_ref=INDICATOR_ID, sighting_of_ref=INDICATOR_ID,
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
observed_data_refs=[OBSERVED_DATA_ID], observed_data_refs=[OBSERVED_DATA_ID],
where_sighted_refs=[IDENTITY_ID] where_sighted_refs=[IDENTITY_ID],
) )
THREAT_ACTOR_KWARGS = dict( THREAT_ACTOR_KWARGS = dict(
@ -150,7 +154,7 @@ THREAT_ACTOR_KWARGS = dict(
labels=["crime-syndicate"], labels=["crime-syndicate"],
name="Evil Org", name="Evil Org",
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
threat_actor_types=["malicious-activity"] threat_actor_types=["malicious-activity"],
) )
TOOL_KWARGS = dict( TOOL_KWARGS = dict(
@ -160,14 +164,14 @@ TOOL_KWARGS = dict(
name="VNC", name="VNC",
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
interoperability=True, interoperability=True,
tool_types=["malicious-activity"] tool_types=["malicious-activity"],
) )
VULNERABILITY_KWARGS = dict( VULNERABILITY_KWARGS = dict(
type='vulnerability', type='vulnerability',
id=VULNERABILITY_ID, id=VULNERABILITY_ID,
name="Heartbleed", name="Heartbleed",
created_by_ref=IDENTITY_ID created_by_ref=IDENTITY_ID,
) )
@ -187,9 +191,13 @@ if __name__ == '__main__':
tool = stix2.v21.Tool(**TOOL_KWARGS) tool = stix2.v21.Tool(**TOOL_KWARGS)
vulnerability = stix2.v21.Vulnerability(**VULNERABILITY_KWARGS, interoperability=True) vulnerability = stix2.v21.Vulnerability(**VULNERABILITY_KWARGS, interoperability=True)
report = stix2.v21.Report(**REPORT_KWARGS, interoperability=True) report = stix2.v21.Report(**REPORT_KWARGS, interoperability=True)
bundle = stix2.v21.Bundle(**BUNDLE_KWARGS, interoperability=True, bundle = stix2.v21.Bundle(
objects=[attack_pattern, campaign, course_of_action, identity, indicator, **BUNDLE_KWARGS, interoperability=True,
intrusion_set, malware, marking_definition, observed_data, tool, objects=[
relationship, sighting, threat_actor, vulnerability, report]) attack_pattern, campaign, course_of_action, identity, indicator,
intrusion_set, malware, marking_definition, observed_data, tool,
relationship, sighting, threat_actor, vulnerability, report,
]
)
stix2.parse(dict(bundle), interoperability=True) stix2.parse(dict(bundle), interoperability=True)
print("All interoperability tests passed !") print("All interoperability tests passed !")