From 5e4ca9e882417f95819e8b1d87657bd0182a6e93 Mon Sep 17 00:00:00 2001 From: clenk Date: Wed, 5 Apr 2017 17:12:44 -0400 Subject: [PATCH] Add parsing of Malware objects --- .gitignore | 2 ++ stix2/__init__.py | 19 +++++++++++++++++++ stix2/test/test_malware.py | 11 +++++++++++ 3 files changed, 32 insertions(+) diff --git a/.gitignore b/.gitignore index e50675e..e75def5 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,5 @@ docs/_build/ # PyBuilder target/ +# Vim +*.swp diff --git a/stix2/__init__.py b/stix2/__init__.py index 7762890..0e6dd94 100644 --- a/stix2/__init__.py +++ b/stix2/__init__.py @@ -2,9 +2,28 @@ # flake8: noqa +import json + from .bundle import Bundle from .common import ExternalReference, KillChainPhase from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \ IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \ Vulnerability from .sro import Relationship + + +def parse(data): + """Deserialize a string or file-like object into a STIX object""" + + try: + obj = json.loads(data) + except TypeError: + obj = json.load(data) + + if 'type' not in obj: + # TODO parse external references, kill chain phases, and granular markings + pass + elif obj['type'] == 'malware': + return sdo.Malware(**obj) + + return obj diff --git a/stix2/test/test_malware.py b/stix2/test/test_malware.py index 0538920..8e628ab 100644 --- a/stix2/test/test_malware.py +++ b/stix2/test/test_malware.py @@ -88,3 +88,14 @@ def test_invalid_kwarg_to_malware(): with pytest.raises(TypeError) as excinfo: stix2.Malware(my_custom_property="foo", **MALWARE_KWARGS) assert str(excinfo.value) == "unexpected keyword arguments: ['my_custom_property']" + + +def test_parse_malware(): + mal = stix2.parse(EXPECTED_MALWARE) + + assert mal.type == 'malware' + assert mal.id == MALWARE_ID + assert mal.created == "2016-05-12T08:17:27Z" + assert mal.modified == "2016-05-12T08:17:27Z" + assert mal.labels == ['ransomware'] + assert mal.name == "Cryptolocker"