From 3891595250d14f5cf8bab6e97a9913c3a8870ab4 Mon Sep 17 00:00:00 2001 From: Richard Piazza Date: Wed, 4 Oct 2017 10:27:06 -0400 Subject: [PATCH 1/3] Use t prefix for timestamp constant --- stix2/patterns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stix2/patterns.py b/stix2/patterns.py index 7858146..03b7657 100644 --- a/stix2/patterns.py +++ b/stix2/patterns.py @@ -24,7 +24,7 @@ class TimestampConstant(_Constant): self.value = value def __str__(self): - return "'%s'" % escape_quotes_and_backslashes(self.value) + return "t'%s'" % escape_quotes_and_backslashes(self.value) class IntegerConstant(_Constant): From 0dc3226048e84b6585e5c851825746cd61ee5214 Mon Sep 17 00:00:00 2001 From: Richard Piazza Date: Thu, 5 Oct 2017 13:43:56 -0400 Subject: [PATCH 2/3] added test for Timestamp_Constant --- stix2/test/test_pattern_expressions.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/stix2/test/test_pattern_expressions.py b/stix2/test/test_pattern_expressions.py index e806aa6..d918cfe 100644 --- a/stix2/test/test_pattern_expressions.py +++ b/stix2/test/test_pattern_expressions.py @@ -170,3 +170,18 @@ def test_set_op(): exp = stix2.ObservationExpression(stix2.IsSubsetComparisonExpression("network-traffic:dst_ref.value", "2001:0db8:dead:beef:0000:0000:0000:0000/64")) assert str(exp) == "[network-traffic:dst_ref.value ISSUBSET '2001:0db8:dead:beef:0000:0000:0000:0000/64']" + + +# [(file:name = 'pdf.exe' OR file:size = '371712') AND file:created = t'2014-01-13T07:03:17Z'] +def test_timestamp(): + exp_or = stix2.OrBooleanExpression([stix2.EqualityComparisonExpression("file:name", + "pdf.exe"), + stix2.EqualityComparisonExpression("file:size", + stix2.IntegerConstant('371712'))]) + exp_paren = stix2.ParentheticalExpression(exp_or) + exp_and = stix2.AndBooleanExpression([exp_paren, + stix2.EqualityComparisonExpression("file:created", + stix2.TimestampConstant('2014-01-13T07:03:17Z'))]) + exp = stix2.ObservationExpression(exp_and) + assert str(exp) == "[(file:name = 'pdf.exe' OR file:size = 371712) AND file:created = t'2014-01-13T07:03:17Z']" + From 1414035e8dcbcee9ab5299b8801d242ef775c0ad Mon Sep 17 00:00:00 2001 From: Greg Back Date: Thu, 5 Oct 2017 21:54:58 +0000 Subject: [PATCH 3/3] Isolate TimestampConstant in test. --- stix2/test/test_pattern_expressions.py | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/stix2/test/test_pattern_expressions.py b/stix2/test/test_pattern_expressions.py index d918cfe..0db1083 100644 --- a/stix2/test/test_pattern_expressions.py +++ b/stix2/test/test_pattern_expressions.py @@ -172,16 +172,6 @@ def test_set_op(): assert str(exp) == "[network-traffic:dst_ref.value ISSUBSET '2001:0db8:dead:beef:0000:0000:0000:0000/64']" -# [(file:name = 'pdf.exe' OR file:size = '371712') AND file:created = t'2014-01-13T07:03:17Z'] def test_timestamp(): - exp_or = stix2.OrBooleanExpression([stix2.EqualityComparisonExpression("file:name", - "pdf.exe"), - stix2.EqualityComparisonExpression("file:size", - stix2.IntegerConstant('371712'))]) - exp_paren = stix2.ParentheticalExpression(exp_or) - exp_and = stix2.AndBooleanExpression([exp_paren, - stix2.EqualityComparisonExpression("file:created", - stix2.TimestampConstant('2014-01-13T07:03:17Z'))]) - exp = stix2.ObservationExpression(exp_and) - assert str(exp) == "[(file:name = 'pdf.exe' OR file:size = 371712) AND file:created = t'2014-01-13T07:03:17Z']" - + ts = stix2.TimestampConstant('2014-01-13T07:03:17Z') + assert str(ts) == "t'2014-01-13T07:03:17Z'"