Add new STIX2.1 SDOs and additional properties

stix2/__init__.py

@@ -42,8 +42,9 @@ from .patterns import (AndBooleanExpression, AndObservationExpression,
                        StartStopQualifier, StringConstant, TimestampConstant,
                        WithinQualifier)
 from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,
-                  Identity, Indicator, IntrusionSet, Malware, ObservedData,
+                  Identity, Indicator, IntrusionSet, Location, Malware, Note,
-                  Report, ThreatActor, Tool, Vulnerability)
+                  ObservedData, Opinion, Report, ThreatActor, Tool,
+                  Vulnerability)
 from .sources import CompositeDataSource
 from .sources.filesystem import (FileSystemSink, FileSystemSource,
                                  FileSystemStore)

stix2/common.py

@@ -11,6 +11,7 @@ from .utils import NOW, get_dict
 
 
 class ExternalReference(_STIXBase):
+
     _properties = OrderedDict()
     _properties.update([
         ('source_name', StringProperty(required=True)),
@@ -26,6 +27,7 @@ class ExternalReference(_STIXBase):
 
 
 class KillChainPhase(_STIXBase):
+
     _properties = OrderedDict()
     _properties.update([
         ('kill_chain_name', StringProperty(required=True)),
@@ -34,6 +36,7 @@ class KillChainPhase(_STIXBase):
 
 
 class GranularMarking(_STIXBase):
+
     _properties = OrderedDict()
     _properties.update([
         ('marking_ref', ReferenceProperty(required=True, type="marking-definition")),
@@ -42,7 +45,7 @@ class GranularMarking(_STIXBase):
 
 
 class TLPMarking(_STIXBase):
-    # TODO: don't allow the creation of any other TLPMarkings than the ones below
+
     _type = 'tlp'
     _properties = OrderedDict()
     _properties.update([
@@ -51,6 +54,7 @@ class TLPMarking(_STIXBase):
 
 
 class StatementMarking(_STIXBase):
+
     _type = 'statement'
     _properties = OrderedDict()
     _properties.update([
@@ -78,6 +82,7 @@ class MarkingProperty(Property):
 
 
 class MarkingDefinition(_STIXBase, MarkingsMixin):
+
     _type = 'marking-definition'
     _properties = OrderedDict()
     _properties.update([
@@ -137,6 +142,7 @@ def CustomMarking(type='x-custom-marking', properties=None):
     def custom_builder(cls):
 
         class _Custom(cls, _STIXBase):
+
             _type = type
             _properties = OrderedDict()
 
@@ -155,6 +161,8 @@ def CustomMarking(type='x-custom-marking', properties=None):
     return custom_builder
 
 
+# TODO: don't allow the creation of any other TLPMarkings than the ones below
+
 TLP_WHITE = MarkingDefinition(
     id="marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
     created="2017-01-20T00:00:00.000Z",

stix2/core.py

@@ -7,8 +7,8 @@ from .base import _STIXBase
 from .common import MarkingDefinition
 from .properties import IDProperty, ListProperty, Property, TypeProperty
 from .sdo import (AttackPattern, Campaign, CourseOfAction, Identity, Indicator,
-                  IntrusionSet, Malware, ObservedData, Report, ThreatActor,
+                  IntrusionSet, Location, Malware, Note, ObservedData, Opinion,
-                  Tool, Vulnerability)
+                  Report, ThreatActor, Tool, Vulnerability)
 from .sro import Relationship, Sighting
 from .utils import get_dict
 
@@ -59,9 +59,12 @@ OBJ_MAP = {
     'identity': Identity,
     'indicator': Indicator,
     'intrusion-set': IntrusionSet,
+    'location': Location,
     'malware': Malware,
+    'note': Note,
     'marking-definition': MarkingDefinition,
     'observed-data': ObservedData,
+    'opinion': Opinion,
     'report': Report,
     'relationship': Relationship,
     'threat-actor': ThreatActor,

stix2/sdo.py

@@ -8,9 +8,10 @@ from .base import _STIXBase
 from .common import ExternalReference, GranularMarking, KillChainPhase
 from .markings import MarkingsMixin
 from .observables import ObservableProperty
-from .properties import (BooleanProperty, IDProperty, IntegerProperty,
+from .properties import (BooleanProperty, EnumProperty, FloatProperty,
-                         ListProperty, PatternProperty, ReferenceProperty,
+                         IDProperty, IntegerProperty, ListProperty,
-                         StringProperty, TimestampProperty, TypeProperty)
+                         PatternProperty, ReferenceProperty, StringProperty,
+                         TimestampProperty, TypeProperty)
 from .utils import NOW
 
 
@@ -33,6 +34,8 @@ class AttackPattern(STIXDomainObject):
         ('kill_chain_phases', ListProperty(KillChainPhase)),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -57,6 +60,8 @@ class Campaign(STIXDomainObject):
         ('objective', StringProperty()),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -77,6 +82,8 @@ class CourseOfAction(STIXDomainObject):
         ('description', StringProperty()),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -100,6 +107,8 @@ class Identity(STIXDomainObject):
         ('contact_information', StringProperty()),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -124,6 +133,8 @@ class Indicator(STIXDomainObject):
         ('kill_chain_phases', ListProperty(KillChainPhase)),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty, required=True)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -151,6 +162,38 @@ class IntrusionSet(STIXDomainObject):
         ('secondary_motivations', ListProperty(StringProperty)),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
+        ('external_references', ListProperty(ExternalReference)),
+        ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
+        ('granular_markings', ListProperty(GranularMarking)),
+    ])
+
+
+class Location(STIXDomainObject):
+
+    _type = 'location'
+    _properties = OrderedDict()
+    _properties.update([
+        ('type', TypeProperty(_type)),
+        ('id', IDProperty(_type)),
+        ('created_by_ref', ReferenceProperty(type="identity")),
+        ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
+        ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
+        ('description', StringProperty()),
+        ('latitude', FloatProperty()),
+        ('longitude', FloatProperty()),
+        ('precision', FloatProperty()),
+        ('region', StringProperty()),
+        ('country', StringProperty()),
+        ('administrative_area', StringProperty()),
+        ('city', StringProperty()),
+        ('street_address', StringProperty()),
+        ('postal_code', StringProperty()),
+        ('revoked', BooleanProperty()),
+        ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -172,6 +215,32 @@ class Malware(STIXDomainObject):
         ('kill_chain_phases', ListProperty(KillChainPhase)),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty, required=True)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
+        ('external_references', ListProperty(ExternalReference)),
+        ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
+        ('granular_markings', ListProperty(GranularMarking)),
+    ])
+
+
+class Note(STIXDomainObject):
+
+    _type = 'note'
+    _properties = OrderedDict()
+    _properties.update([
+        ('type', TypeProperty(_type)),
+        ('id', IDProperty(_type)),
+        ('created_by_ref', ReferenceProperty(type="identity")),
+        ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
+        ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
+        ('summary', StringProperty()),
+        ('description', StringProperty(required=True)),
+        ('authors', ListProperty(StringProperty)),
+        ('object_refs', ListProperty(ReferenceProperty, required=True)),
+        ('revoked', BooleanProperty()),
+        ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -194,6 +263,38 @@ class ObservedData(STIXDomainObject):
         ('objects', ObservableProperty(required=True)),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
+        ('external_references', ListProperty(ExternalReference)),
+        ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
+        ('granular_markings', ListProperty(GranularMarking)),
+    ])
+
+
+class Opinion(STIXDomainObject):
+
+    _type = 'opinion'
+    _properties = OrderedDict()
+    _properties.update([
+        ('type', TypeProperty(_type)),
+        ('id', IDProperty(_type)),
+        ('created_by_ref', ReferenceProperty(type="identity")),
+        ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
+        ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
+        ('description', StringProperty),
+        ('authors', ListProperty(StringProperty)),
+        ('object_refs', ListProperty(ReferenceProperty, required=True)),
+        ('opinion', EnumProperty(allowed=[
+            'strongly-disagree',
+            'disagree',
+            'neutral',
+            'agree',
+            'strongly-agree'
+        ], required=True)),
+        ('revoked', BooleanProperty()),
+        ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -216,6 +317,8 @@ class Report(STIXDomainObject):
         ('object_refs', ListProperty(ReferenceProperty, required=True)),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty, required=True)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -244,6 +347,8 @@ class ThreatActor(STIXDomainObject):
         ('personal_motivations', ListProperty(StringProperty)),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty, required=True)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -266,6 +371,8 @@ class Tool(STIXDomainObject):
         ('tool_version', StringProperty()),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty, required=True)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -286,6 +393,8 @@ class Vulnerability(STIXDomainObject):
         ('description', StringProperty()),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -322,6 +431,7 @@ def CustomObject(type='x-custom-type', properties=None):
     def custom_builder(cls):
 
         class _Custom(cls, STIXDomainObject):
+
             _type = type
             _properties = OrderedDict()
             _properties.update([
@@ -341,6 +451,8 @@ def CustomObject(type='x-custom-type', properties=None):
             _properties.update([
                 ('revoked', BooleanProperty()),
                 ('labels', ListProperty(StringProperty)),
+                ('confidence', IntegerProperty()),
+                ('lang', StringProperty()),
                 ('external_references', ListProperty(ExternalReference)),
                 ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
                 ('granular_markings', ListProperty(GranularMarking)),

stix2/sro.py

@@ -31,6 +31,8 @@ class Relationship(STIXRelationshipObject):
         ('target_ref', ReferenceProperty(required=True)),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),
@@ -51,6 +53,7 @@ class Relationship(STIXRelationshipObject):
 
 
 class Sighting(STIXRelationshipObject):
+
     _type = 'sighting'
     _properties = OrderedDict()
     _properties.update([
@@ -68,6 +71,8 @@ class Sighting(STIXRelationshipObject):
         ('summary', BooleanProperty()),
         ('revoked', BooleanProperty()),
         ('labels', ListProperty(StringProperty)),
+        ('confidence', IntegerProperty()),
+        ('lang', StringProperty()),
         ('external_references', ListProperty(ExternalReference)),
         ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
         ('granular_markings', ListProperty(GranularMarking)),