MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Update all tests. Re-organize EXPECTED values, update some regex expressions.

stix2.1
Emmanuelle Vargas-Gonzalez 2017-08-15 13:41:51 -04:00
parent 1b48ad9778
commit 4ffc8edeeb
18 changed files with 162 additions and 155 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
stix2/test/test_attack_pattern.py
View File

@ -9,18 +9,18 @@ from .constants import ATTACK_PATTERN_ID
EXPECTED = """{ EXPECTED = """{
"type": "attack-pattern",
"id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created": "2016-05-12T08:17:27.000Z", "created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"name": "Spear Phishing",
"description": "...", "description": "...",
"external_references": [ "external_references": [
{ {
"external_id": "CAPEC-163", "source_name": "capec",
"source_name": "capec" "external_id": "CAPEC-163"
} }
], ]
"id": "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"modified": "2016-05-12T08:17:27.000Z",
"name": "Spear Phishing",
"type": "attack-pattern"
}""" }"""

30
stix2/test/test_bundle.py
View File

@ -4,41 +4,41 @@ import stix2
EXPECTED_BUNDLE = """{ EXPECTED_BUNDLE = """{
"type": "bundle",
"id": "bundle--00000000-0000-0000-0000-000000000004", "id": "bundle--00000000-0000-0000-0000-000000000004",
"spec_version": "2.0",
"objects": [ "objects": [
{ {
"created": "2017-01-01T12:34:56.000Z", "type": "indicator",
"id": "indicator--00000000-0000-0000-0000-000000000001", "id": "indicator--00000000-0000-0000-0000-000000000001",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"labels": [ "labels": [
"malicious-activity" "malicious-activity"
], ],
"modified": "2017-01-01T12:34:56.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"type": "indicator",
"valid_from": "2017-01-01T12:34:56Z" "valid_from": "2017-01-01T12:34:56Z"
}, },
{ {
"created": "2017-01-01T12:34:56.000Z", "type": "malware",
"id": "malware--00000000-0000-0000-0000-000000000002", "id": "malware--00000000-0000-0000-0000-000000000002",
"labels": [ "created": "2017-01-01T12:34:56.000Z",
"ransomware"
],
"modified": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z",
"name": "Cryptolocker", "name": "Cryptolocker",
"type": "malware" "labels": [
"ransomware"
]
}, },
{ {
"created": "2017-01-01T12:34:56.000Z", "type": "relationship",
"id": "relationship--00000000-0000-0000-0000-000000000003", "id": "relationship--00000000-0000-0000-0000-000000000003",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z",
"relationship_type": "indicates", "relationship_type": "indicates",
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210", "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
"type": "relationship"
} }
], ]
"spec_version": "2.0",
"type": "bundle"
}""" }"""
@ -84,7 +84,7 @@ def test_bundle_with_wrong_spec_version():
def test_create_bundle(indicator, malware, relationship): def test_create_bundle(indicator, malware, relationship):
bundle = stix2.Bundle(objects=[indicator, malware, relationship]) bundle = stix2.Bundle(objects=[indicator, malware, relationship])
print(bundle)
assert str(bundle) == EXPECTED_BUNDLE assert str(bundle) == EXPECTED_BUNDLE

8
stix2/test/test_campaign.py
View File

@ -9,13 +9,13 @@ from .constants import CAMPAIGN_ID
EXPECTED = """{ EXPECTED = """{
"created": "2016-04-06T20:03:00.000Z", "type": "campaign",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"description": "Campaign by Green Group against a series of targets in the financial services sector.",
"id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:03:00.000Z",
"modified": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z",
"name": "Green Group Attacks Against Finance", "name": "Green Group Attacks Against Finance",
"type": "campaign" "description": "Campaign by Green Group against a series of targets in the financial services sector."
}""" }"""

8
stix2/test/test_course_of_action.py
View File

@ -9,13 +9,13 @@ from .constants import COURSE_OF_ACTION_ID
EXPECTED = """{ EXPECTED = """{
"created": "2016-04-06T20:03:48.000Z", "type": "course-of-action",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ...",
"id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "id": "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z",
"name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter", "name": "Add TCP port 80 Filter Rule to the existing Block UDP 1434 Filter",
"type": "course-of-action" "description": "This is how to add a filter rule to block inbound access to TCP port 80 to the existing UDP 1434 filter ..."
}""" }"""

23
stix2/test/test_custom.py
View File

@ -74,11 +74,11 @@ def test_parse_identity_custom_property(data):
assert identity.foo == "bar" assert identity.foo == "bar"
@stix2.sdo.CustomObject('x-new-type', { @stix2.sdo.CustomObject('x-new-type', [
'property1': stix2.properties.StringProperty(required=True), ('property1', stix2.properties.StringProperty(required=True)),
'property2': stix2.properties.IntegerProperty(), ('property2', stix2.properties.IntegerProperty()),
}) ])
class NewType(): class NewType(object):
def __init__(self, property2=None, **kwargs): def __init__(self, property2=None, **kwargs):
if property2 and property2 < 10: if property2 and property2 < 10:
raise ValueError("'property2' is too small.") raise ValueError("'property2' is too small.")
@ -106,11 +106,12 @@ def test_parse_custom_object_type():
assert nt.property1 == 'something' assert nt.property1 == 'something'
@stix2.observables.CustomObservable('x-new-observable', { @stix2.observables.CustomObservable('x-new-observable', [
'property1': stix2.properties.StringProperty(required=True), ('property1', stix2.properties.StringProperty(required=True)),
'property2': stix2.properties.IntegerProperty(), ('property2', stix2.properties.IntegerProperty()),
}) ('x_property3', stix2.properties.BooleanProperty()),
class NewObservable(): ])
class NewObservable(object):
def __init__(self, property2=None, **kwargs): def __init__(self, property2=None, **kwargs):
if property2 and property2 < 10: if property2 and property2 < 10:
raise ValueError("'property2' is too small.") raise ValueError("'property2' is too small.")
@ -133,7 +134,7 @@ def test_parse_custom_observable_object():
"property1": "something" "property1": "something"
}""" }"""
nt = stix2.parse_observable(nt_string) nt = stix2.parse_observable(nt_string, [])
assert nt.property1 == 'something' assert nt.property1 == 'something'

32
stix2/test/test_external_reference.py
View File

@ -8,9 +8,12 @@ import stix2
VERIS = """{ VERIS = """{
"external_id": "0001AA7F-C601-424A-B2B8-BE6C9F5164E7",
"source_name": "veris", "source_name": "veris",
"url": "https://github.com/vz-risk/VCDB/blob/master/data/json/0001AA7F-C601-424A-B2B8-BE6C9F5164E7.json" "url": "https://github.com/vz-risk/VCDB/blob/master/data/json/0001AA7F-C601-424A-B2B8-BE6C9F5164E7.json",
"hashes": {
"SHA-256": "6db12788c37247f2316052e142f42f4b259d6561751e5f401a1ae2a6df9c674b"
},
"external_id": "0001AA7F-C601-424A-B2B8-BE6C9F5164E7"
}""" }"""
@ -18,6 +21,9 @@ def test_external_reference_veris():
ref = stix2.ExternalReference( ref = stix2.ExternalReference(
source_name="veris", source_name="veris",
external_id="0001AA7F-C601-424A-B2B8-BE6C9F5164E7", external_id="0001AA7F-C601-424A-B2B8-BE6C9F5164E7",
hashes={
"SHA-256": "6db12788c37247f2316052e142f42f4b259d6561751e5f401a1ae2a6df9c674b"
},
url="https://github.com/vz-risk/VCDB/blob/master/data/json/0001AA7F-C601-424A-B2B8-BE6C9F5164E7.json", url="https://github.com/vz-risk/VCDB/blob/master/data/json/0001AA7F-C601-424A-B2B8-BE6C9F5164E7.json",
) )
@ -25,8 +31,8 @@ def test_external_reference_veris():
CAPEC = """{ CAPEC = """{
"external_id": "CAPEC-550", "source_name": "capec",
"source_name": "capec" "external_id": "CAPEC-550"
}""" }"""
@ -37,13 +43,13 @@ def test_external_reference_capec():
) )
assert str(ref) == CAPEC assert str(ref) == CAPEC
assert re.match("ExternalReference\(external_id=u?'CAPEC-550', source_name=u?'capec'\)", repr(ref)) assert re.match("ExternalReference\(source_name=u?'capec', external_id=u?'CAPEC-550'\)", repr(ref))
CAPEC_URL = """{ CAPEC_URL = """{
"external_id": "CAPEC-550",
"source_name": "capec", "source_name": "capec",
"url": "http://capec.mitre.org/data/definitions/550.html" "url": "http://capec.mitre.org/data/definitions/550.html",
"external_id": "CAPEC-550"
}""" }"""
@ -58,8 +64,8 @@ def test_external_reference_capec_url():
THREAT_REPORT = """{ THREAT_REPORT = """{
"description": "Threat report",
"source_name": "ACME Threat Intel", "source_name": "ACME Threat Intel",
"description": "Threat report",
"url": "http://www.example.com/threat-report.pdf" "url": "http://www.example.com/threat-report.pdf"
}""" }"""
@ -75,9 +81,9 @@ def test_external_reference_threat_report():
BUGZILLA = """{ BUGZILLA = """{
"external_id": "1370",
"source_name": "ACME Bugzilla", "source_name": "ACME Bugzilla",
"url": "https://www.example.com/bugs/1370" "url": "https://www.example.com/bugs/1370",
"external_id": "1370"
}""" }"""
@ -92,8 +98,8 @@ def test_external_reference_bugzilla():
OFFLINE = """{ OFFLINE = """{
"description": "Threat report", "source_name": "ACME Threat Intel",
"source_name": "ACME Threat Intel" "description": "Threat report"
}""" }"""
@ -104,7 +110,7 @@ def test_external_reference_offline():
) )
assert str(ref) == OFFLINE assert str(ref) == OFFLINE
assert re.match("ExternalReference\(description=u?'Threat report', source_name=u?'ACME Threat Intel'\)", repr(ref)) assert re.match("ExternalReference\(source_name=u?'ACME Threat Intel', description=u?'Threat report'\)", repr(ref))
# Yikes! This works # Yikes! This works
assert eval("stix2." + repr(ref)) == ref assert eval("stix2." + repr(ref)) == ref

6
stix2/test/test_identity.py
View File

@ -9,12 +9,12 @@ from .constants import IDENTITY_ID
EXPECTED = """{ EXPECTED = """{
"created": "2015-12-21T19:59:11.000Z", "type": "identity",
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c", "id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
"identity_class": "individual", "created": "2015-12-21T19:59:11.000Z",
"modified": "2015-12-21T19:59:11.000Z", "modified": "2015-12-21T19:59:11.000Z",
"name": "John Smith", "name": "John Smith",
"type": "identity" "identity_class": "individual"
}""" }"""

18
stix2/test/test_indicator.py
View File

@ -10,25 +10,25 @@ from .constants import FAKE_TIME, INDICATOR_ID, INDICATOR_KWARGS
EXPECTED_INDICATOR = """{ EXPECTED_INDICATOR = """{
"created": "2017-01-01T00:00:01.000Z", "type": "indicator",
"id": "indicator--01234567-89ab-cdef-0123-456789abcdef", "id": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"created": "2017-01-01T00:00:01.000Z",
"modified": "2017-01-01T00:00:01.000Z",
"labels": [ "labels": [
"malicious-activity" "malicious-activity"
], ],
"modified": "2017-01-01T00:00:01.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"type": "indicator",
"valid_from": "1970-01-01T00:00:01Z" "valid_from": "1970-01-01T00:00:01Z"
}""" }"""
EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join(""" EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join("""
created=STIXdatetime(2017, 1, 1, 0, 0, 1, tzinfo=<UTC>),
id='indicator--01234567-89ab-cdef-0123-456789abcdef',
labels=['malicious-activity'],
modified=STIXdatetime(2017, 1, 1, 0, 0, 1, tzinfo=<UTC>),
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
type='indicator', type='indicator',
valid_from=datetime.datetime(1970, 1, 1, 0, 0, 1, tzinfo=<UTC>) id='indicator--01234567-89ab-cdef-0123-456789abcdef',
created='2017-01-01T00:00:01.000Z',
modified='2017-01-01T00:00:01.000Z',
labels=['malicious-activity'],
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
valid_from='1970-01-01T00:00:01Z'
""".split()) + ")" """.split()) + ")"

16
stix2/test/test_intrusion_set.py
View File

@ -9,21 +9,21 @@ from .constants import INTRUSION_SET_ID
EXPECTED = """{ EXPECTED = """{
"type": "intrusion-set",
"id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z",
"name": "Bobcat Breakin",
"description": "Incidents usually feature a shared TTP of a bobcat being released...",
"aliases": [ "aliases": [
"Zookeeper" "Zookeeper"
], ],
"created": "2016-04-06T20:03:48.000Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"description": "Incidents usually feature a shared TTP of a bobcat being released...",
"goals": [ "goals": [
"acquisition-theft", "acquisition-theft",
"harassment", "harassment",
"damage" "damage"
], ]
"id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29",
"modified": "2016-04-06T20:03:48.000Z",
"name": "Bobcat Breakin",
"type": "intrusion-set"
}""" }"""

10
stix2/test/test_malware.py
View File

@ -10,14 +10,14 @@ from .constants import FAKE_TIME, MALWARE_ID, MALWARE_KWARGS
EXPECTED_MALWARE = """{ EXPECTED_MALWARE = """{
"created": "2016-05-12T08:17:27.000Z", "type": "malware",
"id": "malware--fedcba98-7654-3210-fedc-ba9876543210", "id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
"labels": [ "created": "2016-05-12T08:17:27.000Z",
"ransomware"
],
"modified": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z",
"name": "Cryptolocker", "name": "Cryptolocker",
"type": "malware" "labels": [
"ransomware"
]
}""" }"""

38
stix2/test/test_markings.py
View File

@ -10,36 +10,36 @@ from .constants import MARKING_DEFINITION_ID
EXPECTED_TLP_MARKING_DEFINITION = """{ EXPECTED_TLP_MARKING_DEFINITION = """{
"type": "marking-definition",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00Z", "created": "2017-01-20T00:00:00Z",
"definition_type": "tlp",
"definition": { "definition": {
"tlp": "white" "tlp": "white"
}, }
"definition_type": "tlp",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"type": "marking-definition"
}""" }"""
EXPECTED_STATEMENT_MARKING_DEFINITION = """{ EXPECTED_STATEMENT_MARKING_DEFINITION = """{
"type": "marking-definition",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00Z", "created": "2017-01-20T00:00:00Z",
"definition_type": "statement",
"definition": { "definition": {
"statement": "Copyright 2016, Example Corp" "statement": "Copyright 2016, Example Corp"
}, }
"definition_type": "statement",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"type": "marking-definition"
}""" }"""
EXPECTED_CAMPAIGN_WITH_OBJECT_MARKING = """{ EXPECTED_CAMPAIGN_WITH_OBJECT_MARKING = """{
"created": "2016-04-06T20:03:00.000Z", "type": "campaign",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"description": "Campaign by Green Group against a series of targets in the financial services sector.",
"id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:03:00.000Z",
"modified": "2016-04-06T20:03:00.000Z", "modified": "2016-04-06T20:03:00.000Z",
"name": "Green Group Attacks Against Finance", "name": "Green Group Attacks Against Finance",
"description": "Campaign by Green Group against a series of targets in the financial services sector.",
"object_marking_refs": [ "object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
], ]
"type": "campaign"
}""" }"""
EXPECTED_GRANULAR_MARKING = """{ EXPECTED_GRANULAR_MARKING = """{
@ -53,8 +53,12 @@ EXPECTED_GRANULAR_MARKING = """{
}""" }"""
EXPECTED_CAMPAIGN_WITH_GRANULAR_MARKINGS = """{ EXPECTED_CAMPAIGN_WITH_GRANULAR_MARKINGS = """{
"created": "2016-04-06T20:03:00.000Z", "type": "campaign",
"id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T20:03:00.000Z",
"modified": "2016-04-06T20:03:00.000Z",
"name": "Green Group Attacks Against Finance",
"description": "Campaign by Green Group against a series of targets in the financial services sector.", "description": "Campaign by Green Group against a series of targets in the financial services sector.",
"granular_markings": [ "granular_markings": [
{ {
@ -63,11 +67,7 @@ EXPECTED_CAMPAIGN_WITH_GRANULAR_MARKINGS = """{
"description" "description"
] ]
} }
], ]
"id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"modified": "2016-04-06T20:03:00.000Z",
"name": "Green Group Attacks Against Finance",
"type": "campaign"
}""" }"""

46
stix2/test/test_observed_data.py
View File

@ -10,20 +10,20 @@ from .constants import OBSERVED_DATA_ID
EXPECTED = """{ EXPECTED = """{
"created": "2016-04-06T19:58:16.000Z", "type": "observed-data",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"first_observed": "2015-12-21T19:00:00Z",
"id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
"last_observed": "2015-12-21T19:00:00Z", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T19:58:16.000Z",
"modified": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z",
"first_observed": "2015-12-21T19:00:00Z",
"last_observed": "2015-12-21T19:00:00Z",
"number_observed": 50, "number_observed": 50,
"objects": { "objects": {
"0": { "0": {
"name": "foo.exe", "type": "file",
"type": "file" "name": "foo.exe"
}
} }
},
"type": "observed-data"
}""" }"""
@ -48,27 +48,27 @@ def test_observed_data_example():
EXPECTED_WITH_REF = """{ EXPECTED_WITH_REF = """{
"created": "2016-04-06T19:58:16.000Z", "type": "observed-data",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"first_observed": "2015-12-21T19:00:00Z",
"id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf", "id": "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf",
"last_observed": "2015-12-21T19:00:00Z", "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"created": "2016-04-06T19:58:16.000Z",
"modified": "2016-04-06T19:58:16.000Z", "modified": "2016-04-06T19:58:16.000Z",
"first_observed": "2015-12-21T19:00:00Z",
"last_observed": "2015-12-21T19:00:00Z",
"number_observed": 50, "number_observed": 50,
"objects": { "objects": {
"0": { "0": {
"name": "foo.exe", "type": "file",
"type": "file" "name": "foo.exe"
}, },
"1": { "1": {
"type": "directory",
"path": "/usr/home",
"contains_refs": [ "contains_refs": [
"0" "0"
], ]
"path": "/usr/home", }
"type": "directory"
} }
},
"type": "observed-data"
}""" }"""
@ -173,7 +173,7 @@ def test_parse_observed_data(data):
}""", }""",
]) ])
def test_parse_artifact_valid(data): def test_parse_artifact_valid(data):
odata_str = re.compile('"objects".+\},', re.DOTALL).sub('"objects": { %s },' % data, EXPECTED) odata_str = re.compile('"objects".+\}', re.DOTALL).sub('"objects": { %s }\n}' % data, EXPECTED)
odata = stix2.parse(odata_str) odata = stix2.parse(odata_str)
assert odata.objects["0"].type == "artifact" assert odata.objects["0"].type == "artifact"
@ -194,7 +194,7 @@ def test_parse_artifact_valid(data):
}""", }""",
]) ])
def test_parse_artifact_invalid(data): def test_parse_artifact_invalid(data):
odata_str = re.compile('"objects".+\},', re.DOTALL).sub('"objects": { %s },' % data, EXPECTED) odata_str = re.compile('"objects".+\}', re.DOTALL).sub('"objects": { %s }\n}' % data, EXPECTED)
with pytest.raises(ValueError): with pytest.raises(ValueError):
stix2.parse(odata_str) stix2.parse(odata_str)
@ -215,7 +215,7 @@ def test_artifact_example_dependency_error():
}""", }""",
]) ])
def test_parse_autonomous_system_valid(data): def test_parse_autonomous_system_valid(data):
odata_str = re.compile('"objects".+\},', re.DOTALL).sub('"objects": { %s },' % data, EXPECTED) odata_str = re.compile('"objects".+\}', re.DOTALL).sub('"objects": { %s }\n}' % data, EXPECTED)
odata = stix2.parse(odata_str) odata = stix2.parse(odata_str)
assert odata.objects["0"].type == "autonomous-system" assert odata.objects["0"].type == "autonomous-system"
assert odata.objects["0"].number == 15139 assert odata.objects["0"].number == 15139
@ -358,7 +358,7 @@ def test_parse_email_message_not_multipart(data):
}""", }""",
]) ])
def test_parse_file_archive(data): def test_parse_file_archive(data):
odata_str = re.compile('"objects".+\},', re.DOTALL).sub('"objects": { %s },' % data, EXPECTED) odata_str = re.compile('"objects".+\}', re.DOTALL).sub('"objects": { %s }\n}' % data, EXPECTED)
odata = stix2.parse(odata_str) odata = stix2.parse(odata_str)
assert odata.objects["3"].extensions['archive-ext'].version == "5.0" assert odata.objects["3"].extensions['archive-ext'].version == "5.0"

6
stix2/test/test_relationship.py
View File

@ -10,13 +10,13 @@ from .constants import (FAKE_TIME, INDICATOR_ID, MALWARE_ID, RELATIONSHIP_ID,
EXPECTED_RELATIONSHIP = """{ EXPECTED_RELATIONSHIP = """{
"created": "2016-04-06T20:06:37.000Z", "type": "relationship",
"id": "relationship--00000000-1111-2222-3333-444444444444", "id": "relationship--00000000-1111-2222-3333-444444444444",
"created": "2016-04-06T20:06:37.000Z",
"modified": "2016-04-06T20:06:37.000Z", "modified": "2016-04-06T20:06:37.000Z",
"relationship_type": "indicates", "relationship_type": "indicates",
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", "source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210", "target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
"type": "relationship"
}""" }"""

16
stix2/test/test_report.py
View File

@ -9,22 +9,22 @@ from .constants import INDICATOR_KWARGS, REPORT_ID
EXPECTED = """{ EXPECTED = """{
"created": "2015-12-21T19:59:11.000Z", "type": "report",
"created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
"description": "A simple report with an indicator and campaign",
"id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3", "id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3",
"labels": [ "created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
"campaign" "created": "2015-12-21T19:59:11.000Z",
],
"modified": "2015-12-21T19:59:11.000Z", "modified": "2015-12-21T19:59:11.000Z",
"name": "The Black Vine Cyberespionage Group", "name": "The Black Vine Cyberespionage Group",
"description": "A simple report with an indicator and campaign",
"published": "2016-01-20T17:00:00Z",
"object_refs": [ "object_refs": [
"indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c", "campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a" "relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a"
], ],
"published": "2016-01-20T17:00:00Z", "labels": [
"type": "report" "campaign"
]
}""" }"""

4
stix2/test/test_sighting.py
View File

@ -9,11 +9,11 @@ from .constants import INDICATOR_ID, SIGHTING_ID, SIGHTING_KWARGS
EXPECTED_SIGHTING = """{ EXPECTED_SIGHTING = """{
"created": "2016-04-06T20:06:37.000Z", "type": "sighting",
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb", "id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
"created": "2016-04-06T20:06:37.000Z",
"modified": "2016-04-06T20:06:37.000Z", "modified": "2016-04-06T20:06:37.000Z",
"sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef", "sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"type": "sighting",
"where_sighted_refs": [ "where_sighted_refs": [
"identity--8cc7afd6-5455-4d2b-a736-e614ee631d99" "identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"
] ]

14
stix2/test/test_threat_actor.py
View File

@ -9,16 +9,16 @@ from .constants import THREAT_ACTOR_ID
EXPECTED = """{ EXPECTED = """{
"created": "2016-04-06T20:03:48.000Z", "type": "threat-actor",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"description": "The Evil Org threat actor group",
"id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"labels": [ "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"crime-syndicate" "created": "2016-04-06T20:03:48.000Z",
],
"modified": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z",
"name": "Evil Org", "name": "Evil Org",
"type": "threat-actor" "description": "The Evil Org threat actor group",
"labels": [
"crime-syndicate"
]
}""" }"""

12
stix2/test/test_tool.py
View File

@ -9,15 +9,15 @@ from .constants import TOOL_ID
EXPECTED = """{ EXPECTED = """{
"created": "2016-04-06T20:03:48.000Z", "type": "tool",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"labels": [ "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"remote-access" "created": "2016-04-06T20:03:48.000Z",
],
"modified": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z",
"name": "VNC", "name": "VNC",
"type": "tool" "labels": [
"remote-access"
]
}""" }"""

16
stix2/test/test_vulnerability.py
View File

@ -9,17 +9,17 @@ from .constants import VULNERABILITY_ID
EXPECTED = """{ EXPECTED = """{
"created": "2016-05-12T08:17:27.000Z", "type": "vulnerability",
"external_references": [
{
"external_id": "CVE-2016-1234",
"source_name": "cve"
}
],
"id": "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", "id": "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z",
"name": "CVE-2016-1234", "name": "CVE-2016-1234",
"type": "vulnerability" "external_references": [
{
"source_name": "cve",
"external_id": "CVE-2016-1234"
}
]
}""" }"""