Add parsing of Malware objects

.gitignore

@@ -57,3 +57,5 @@ docs/_build/
 # PyBuilder
 target/
 
+# Vim
+*.swp

stix2/__init__.py

@@ -2,9 +2,28 @@
 
 # flake8: noqa
 
+import json
+
 from .bundle import Bundle
 from .common import ExternalReference, KillChainPhase
 from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \
     IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \
     Vulnerability
 from .sro import Relationship
+
+
+def parse(data):
+    """Deserialize a string or file-like object into a STIX object"""
+
+    try:
+        obj = json.loads(data)
+    except TypeError:
+        obj = json.load(data)
+
+    if 'type' not in obj:
+        # TODO parse external references, kill chain phases, and granular markings
+        pass
+    elif obj['type'] == 'malware':
+        return sdo.Malware(**obj)
+
+    return obj

stix2/test/test_malware.py

@@ -88,3 +88,14 @@ def test_invalid_kwarg_to_malware():
     with pytest.raises(TypeError) as excinfo:
         stix2.Malware(my_custom_property="foo", **MALWARE_KWARGS)
     assert str(excinfo.value) == "unexpected keyword arguments: ['my_custom_property']"
+
+
+def test_parse_malware():
+    mal = stix2.parse(EXPECTED_MALWARE)
+
+    assert mal.type == 'malware'
+    assert mal.id == MALWARE_ID
+    assert mal.created == "2016-05-12T08:17:27Z"
+    assert mal.modified == "2016-05-12T08:17:27Z"
+    assert mal.labels == ['ransomware']
+    assert mal.name == "Cryptolocker"