MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #201 from oasis-open/188-uuidv4 

Ensure all UUIDs are V4
stix2.0
Greg Back 2018-07-05 11:46:44 -05:00 committed by GitHub
parent 0f5d35f82d 25409b2099
commit 7c8113a4d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 267 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/guide/custom.ipynb
View File

@ -415,7 +415,7 @@
"\n",
"input_string = \"\"\"{\n",
" \"type\": \"identity\",\n",
" \"id\": \"identity--311b2d2d-f010-5473-83ec-1edf84858f4c\",\n",
" \"id\": \"identity--311b2d2d-f010-4473-83ec-1edf84858f4c\",\n",
" \"created\": \"2015-12-21T19:59:11Z\",\n",
" \"modified\": \"2015-12-21T19:59:11Z\",\n",
" \"name\": \"John Smith\",\n",

16
docs/guide/environment.ipynb
View File

@ -112,7 +112,7 @@
"source": [
"from stix2 import Indicator\n",
"\n",
"indicator = Indicator(id=\"indicator--01234567-89ab-cdef-0123-456789abcdef\",\n",
"indicator = Indicator(id=\"indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7\",\n",
" labels=[\"malicious-activity\"],\n",
" pattern=\"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\")\n",
"env.add(indicator)"
@ -203,7 +203,7 @@
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
" <span class=\"nt\">&quot;type&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator--01234567-89ab-cdef-0123-456789abcdef&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2018-04-05T19:27:53.923Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;modified&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2018-04-05T19:27:53.923Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;pattern&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;[file:hashes.md5 = &#39;d41d8cd98f00b204e9800998ecf8427e&#39;]&quot;</span><span class=\"p\">,</span>\n",
@ -224,7 +224,7 @@
}
],
"source": [
"print(env.get(\"indicator--01234567-89ab-cdef-0123-456789abcdef\"))"
"print(env.get(\"indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7\"))"
]
},
{
@ -244,7 +244,7 @@
"source": [
"from stix2 import Indicator, ObjectFactory\n",
"\n",
"factory = ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-5473-83ec-1edf84858f4c\")"
"factory = ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-4473-83ec-1edf84858f4c\")"
]
},
{
@ -335,7 +335,7 @@
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
" <span class=\"nt\">&quot;type&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator--c1b421c0-9c6b-4276-9b73-1b8684a5a0d2&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created_by_ref&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;identity--311b2d2d-f010-5473-83ec-1edf84858f4c&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created_by_ref&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;identity--311b2d2d-f010-4473-83ec-1edf84858f4c&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2018-04-05T19:28:48.776Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;modified&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2018-04-05T19:28:48.776Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;pattern&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;[file:hashes.md5 = &#39;d41d8cd98f00b204e9800998ecf8427e&#39;]&quot;</span><span class=\"p\">,</span>\n",
@ -477,7 +477,7 @@
}
],
"source": [
"factory2 = ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-5473-83ec-1edf84858f4c\",\n",
"factory2 = ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-4473-83ec-1edf84858f4c\",\n",
" created=\"2017-09-25T18:07:46.255472Z\")\n",
"env2 = Environment(factory=factory2)\n",
"\n",
@ -683,7 +683,7 @@
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
" <span class=\"nt\">&quot;type&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator--d1b8c3f6-1de1-44c1-b079-3df307224a0d&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created_by_ref&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;identity--311b2d2d-f010-5473-83ec-1edf84858f4c&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created_by_ref&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;identity--311b2d2d-f010-4473-83ec-1edf84858f4c&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2018-04-05T19:29:59.605Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;modified&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2018-04-05T19:29:59.605Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;pattern&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;[file:hashes.md5 = &#39;d41d8cd98f00b204e9800998ecf8427e&#39;]&quot;</span><span class=\"p\">,</span>\n",
@ -704,7 +704,7 @@
}
],
"source": [
"environ = Environment(ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-5473-83ec-1edf84858f4c\"),\n",
"environ = Environment(ObjectFactory(created_by_ref=\"identity--311b2d2d-f010-4473-83ec-1edf84858f4c\"),\n",
" MemoryStore())\n",
"\n",
"i = environ.create(Indicator,\n",

4
docs/guide/parsing.ipynb
View File

@ -447,7 +447,7 @@
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
" <span class=\"nt\">&quot;type&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;identity&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;identity--311b2d2d-f010-5473-83ec-1edf84858f4c&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;identity--311b2d2d-f010-4473-83ec-1edf84858f4c&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2015-12-21T19:59:11.000Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;modified&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2015-12-21T19:59:11.000Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;name&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;Cole Powers&quot;</span><span class=\"p\">,</span>\n",
@ -467,7 +467,7 @@
"source": [
"input_dict = {\n",
" \"type\": \"identity\",\n",
" \"id\": \"identity--311b2d2d-f010-5473-83ec-1edf84858f4c\",\n",
" \"id\": \"identity--311b2d2d-f010-4473-83ec-1edf84858f4c\",\n",
" \"created\": \"2015-12-21T19:59:11Z\",\n",
" \"modified\": \"2015-12-21T19:59:11Z\",\n",
" \"name\": \"Cole Powers\",\n",

14
docs/guide/taxii.ipynb
View File

@ -82,7 +82,7 @@
"text": [
"{\n",
" \"type\": \"malware\",\n",
" \"id\": \"malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\",\n",
" \"id\": \"malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111\",\n",
" \"created\": \"2017-01-27T13:49:53.997Z\",\n",
" \"modified\": \"2017-01-27T13:49:53.997Z\",\n",
" \"name\": \"Poison Ivy\",\n",
@ -94,7 +94,7 @@
"-------\n",
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a932fcc6-e032-176c-126f-cb970a5a1ade\",\n",
" \"id\": \"indicator--a932fcc6-e032-476c-826f-cb970a5a1ade\",\n",
" \"created\": \"2014-05-08T09:00:00.000Z\",\n",
" \"modified\": \"2014-05-08T09:00:00.000Z\",\n",
" \"name\": \"File hash for Poison Ivy variant\",\n",
@ -117,8 +117,8 @@
"tc_source = TAXIICollectionSource(collection)\n",
"\n",
"#retrieve STIX objects by id\n",
"stix_obj = tc_source.get(\"malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\")\n",
"stix_obj_versions = tc_source.all_versions(\"indicator--a932fcc6-e032-176c-126f-cb970a5a1ade\")\n",
"stix_obj = tc_source.get(\"malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111\")\n",
"stix_obj_versions = tc_source.all_versions(\"indicator--a932fcc6-e032-476c-826f-cb970a5a1ade\")\n",
"\n",
"#for visual purposes\n",
"print(stix_obj)\n",
@ -138,7 +138,7 @@
"text": [
"{\n",
" \"type\": \"indicator\",\n",
" \"id\": \"indicator--a932fcc6-e032-176c-126f-cb970a5a1ade\",\n",
" \"id\": \"indicator--a932fcc6-e032-476c-826f-cb970a5a1ade\",\n",
" \"created\": \"2014-05-08T09:00:00.000Z\",\n",
" \"modified\": \"2014-05-08T09:00:00.000Z\",\n",
" \"name\": \"File hash for Poison Ivy variant\",\n",
@ -220,7 +220,7 @@
"text": [
"{\n",
" \"type\": \"malware\",\n",
" \"id\": \"malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\",\n",
" \"id\": \"malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111\",\n",
" \"created\": \"2017-01-27T13:49:53.997Z\",\n",
" \"modified\": \"2017-01-27T13:49:53.997Z\",\n",
" \"name\": \"Poison Ivy\",\n",
@ -241,7 +241,7 @@
"\n",
"# retrieve STIX object by id from TAXII Collection through\n",
"# TAXIICollectionStore\n",
"stix_obj2 = tc_source.get(\"malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\")\n",
"stix_obj2 = tc_source.get(\"malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111\")\n",
"\n",
"print(stix_obj2)"
]

10
docs/guide/workbench.ipynb
View File

@ -218,7 +218,7 @@
".highlight .vg { color: #19177C } /* Name.Variable.Global */\n",
".highlight .vi { color: #19177C } /* Name.Variable.Instance */\n",
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span>indicator--a932fcc6-e032-176c-126f-cb970a5a1ade\n",
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span>indicator--a932fcc6-e032-476c-826f-cb970a5a1ade\n",
"</pre></div>\n"
],
"text/plain": [
@ -382,7 +382,7 @@
".highlight .vg { color: #19177C } /* Name.Variable.Global */\n",
".highlight .vi { color: #19177C } /* Name.Variable.Instance */\n",
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span>malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111\n",
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span>malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111\n",
"</pre></div>\n"
],
"text/plain": [
@ -480,7 +480,7 @@
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
" <span class=\"nt\">&quot;type&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;malware&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2017-01-27T13:49:53.997Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;modified&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2017-01-27T13:49:53.997Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;name&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;Poison Ivy&quot;</span><span class=\"p\">,</span>\n",
@ -591,7 +591,7 @@
".highlight .vm { color: #19177C } /* Name.Variable.Magic */\n",
".highlight .il { color: #666666 } /* Literal.Number.Integer.Long */</style><div class=\"highlight\"><pre><span></span><span class=\"p\">{</span>\n",
" <span class=\"nt\">&quot;type&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator--a932fcc6-e032-176c-126f-cb970a5a1ade&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;id&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;indicator--a932fcc6-e032-476c-826f-cb970a5a1ade&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;created&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2014-05-08T09:00:00.000Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;modified&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;2014-05-08T09:00:00.000Z&quot;</span><span class=\"p\">,</span>\n",
" <span class=\"nt\">&quot;name&quot;</span><span class=\"p\">:</span> <span class=\"s2\">&quot;File hash for Poison Ivy variant&quot;</span><span class=\"p\">,</span>\n",
@ -613,7 +613,7 @@
}
],
"source": [
"malware = get('malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111')\n",
"malware = get('malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111')\n",
"indicator = malware.related(filters=Filter('type', '=', 'indicator'))\n",
"print(indicator[0])"
]

4
examples/taxii_example.py
View File

@ -14,12 +14,12 @@ def main():
taxii = stix2.TAXIICollectionSource(collection)
# get (url watch indicator)
indicator_fw = taxii.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
indicator_fw = taxii.get("indicator--00000000-0000-4000-8000-000000000001")
print("\n\n-------Queried for Indicator - got:")
print(indicator_fw.serialize(indent=4))
# all versions (url watch indicator - currently two)
indicator_fw_versions = taxii.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
indicator_fw_versions = taxii.all_versions("indicator--00000000-0000-4000-8000-000000000001")
print("\n\n------Queried for indicator (all_versions()) - got:")
for indicator in indicator_fw_versions:
print(indicator.serialize(indent=4))

29
stix2/properties.py
View File

@ -14,6 +14,21 @@ from .base import _STIXBase
from .exceptions import DictionaryKeyError
from .utils import _get_dict, parse_into_datetime
# This uses the regular expression for a RFC 4122, Version 4 UUID. In the
# 8-4-4-4-12 hexadecimal representation, the first hex digit of the third
# component must be a 4, and the first hex digit of the fourth component must be
# 8, 9, a, or b (10xx bit pattern).
ID_REGEX = re.compile("^[a-z0-9][a-z0-9-]+[a-z0-9]--" # object type
"[0-9a-fA-F]{8}-"
"[0-9a-fA-F]{4}-"
"4[0-9a-fA-F]{3}-"
"[89abAB][0-9a-fA-F]{3}-"
"[0-9a-fA-F]{12}$")
ERROR_INVALID_ID = (
"not a valid STIX identifier, must match <object-type>--<UUIDv4>"
)
class Property(object):
"""Represent a property of STIX data type.
@ -171,10 +186,8 @@ class IDProperty(Property):
def clean(self, value):
if not value.startswith(self.required_prefix):
raise ValueError("must start with '{0}'.".format(self.required_prefix))
try:
uuid.UUID(value.split('--', 1)[1])
except Exception:
raise ValueError("must have a valid UUID after the prefix.")
if not ID_REGEX.match(value):
raise ValueError(ERROR_INVALID_ID)
return value
def default(self):
@ -305,10 +318,6 @@ class HexProperty(Property):
return value
REF_REGEX = re.compile("^[a-z][a-z-]+[a-z]--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}"
"-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$")
class ReferenceProperty(Property):
def __init__(self, required=False, type=None):
@ -325,8 +334,8 @@ class ReferenceProperty(Property):
if self.type:
if not value.startswith(self.type):
raise ValueError("must start with '{0}'.".format(self.type))
if not REF_REGEX.match(value):
raise ValueError("must match <object-type>--<guid>.")
if not ID_REGEX.match(value):
raise ValueError(ERROR_INVALID_ID)
return value

18
stix2/test/conftest.py
View File

@ -27,7 +27,7 @@ def uuid4(monkeypatch):
def wrapped():
data[0] += 1
return "00000000-0000-0000-0000-00000000%04x" % data[0]
return "00000000-0000-4000-8000-00000000%04x" % data[0]
return wrapped
monkeypatch.setattr(uuid, "uuid4", wrapper())
@ -52,7 +52,7 @@ def relationship(uuid4, clock):
def stix_objs1():
ind1 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"url-watchlist"
],
@ -64,7 +64,7 @@ def stix_objs1():
}
ind2 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"url-watchlist"
],
@ -76,7 +76,7 @@ def stix_objs1():
}
ind3 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"url-watchlist"
],
@ -88,7 +88,7 @@ def stix_objs1():
}
ind4 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"url-watchlist"
],
@ -100,7 +100,7 @@ def stix_objs1():
}
ind5 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"url-watchlist"
],
@ -117,7 +117,7 @@ def stix_objs1():
def stix_objs2():
ind6 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"url-watchlist"
],
@ -129,7 +129,7 @@ def stix_objs2():
}
ind7 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"url-watchlist"
],
@ -141,7 +141,7 @@ def stix_objs2():
}
ind8 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"url-watchlist"
],

10
stix2/test/constants.py
View File

@ -7,17 +7,17 @@ FAKE_TIME = dt.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc)
ATTACK_PATTERN_ID = "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061"
CAMPAIGN_ID = "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
COURSE_OF_ACTION_ID = "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
IDENTITY_ID = "identity--311b2d2d-f010-5473-83ec-1edf84858f4c"
INDICATOR_ID = "indicator--01234567-89ab-cdef-0123-456789abcdef"
IDENTITY_ID = "identity--311b2d2d-f010-4473-83ec-1edf84858f4c"
INDICATOR_ID = "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"
INTRUSION_SET_ID = "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29"
MALWARE_ID = "malware--fedcba98-7654-3210-fedc-ba9876543210"
MALWARE_ID = "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
MARKING_DEFINITION_ID = "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
OBSERVED_DATA_ID = "observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf"
RELATIONSHIP_ID = "relationship--df7c87eb-75d2-4948-af81-9d49d246f301"
REPORT_ID = "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3"
RELATIONSHIP_ID = "relationship--00000000-1111-2222-3333-444444444444"
SIGHTING_ID = "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb"
THREAT_ACTOR_ID = "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
TOOL_ID = "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
SIGHTING_ID = "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb"
VULNERABILITY_ID = "vulnerability--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061"
MARKING_IDS = [

24
stix2/test/test_bundle.py
View File

@ -6,12 +6,12 @@ import stix2
EXPECTED_BUNDLE = """{
"type": "bundle",
"id": "bundle--00000000-0000-0000-0000-000000000007",
"id": "bundle--00000000-0000-4000-8000-000000000007",
"spec_version": "2.0",
"objects": [
{
"type": "indicator",
"id": "indicator--00000000-0000-0000-0000-000000000001",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
@ -22,7 +22,7 @@ EXPECTED_BUNDLE = """{
},
{
"type": "malware",
"id": "malware--00000000-0000-0000-0000-000000000003",
"id": "malware--00000000-0000-4000-8000-000000000003",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"name": "Cryptolocker",
@ -32,24 +32,24 @@ EXPECTED_BUNDLE = """{
},
{
"type": "relationship",
"id": "relationship--00000000-0000-0000-0000-000000000005",
"id": "relationship--00000000-0000-4000-8000-000000000005",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"relationship_type": "indicates",
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
}
]
}"""
EXPECTED_BUNDLE_DICT = {
"type": "bundle",
"id": "bundle--00000000-0000-0000-0000-000000000007",
"id": "bundle--00000000-0000-4000-8000-000000000007",
"spec_version": "2.0",
"objects": [
{
"type": "indicator",
"id": "indicator--00000000-0000-0000-0000-000000000001",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
@ -60,7 +60,7 @@ EXPECTED_BUNDLE_DICT = {
},
{
"type": "malware",
"id": "malware--00000000-0000-0000-0000-000000000003",
"id": "malware--00000000-0000-4000-8000-000000000003",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"name": "Cryptolocker",
@ -70,12 +70,12 @@ EXPECTED_BUNDLE_DICT = {
},
{
"type": "relationship",
"id": "relationship--00000000-0000-0000-0000-000000000005",
"id": "relationship--00000000-0000-4000-8000-000000000005",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"relationship_type": "indicates",
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
}
]
}

16
stix2/test/test_custom.py
View File

@ -15,7 +15,7 @@ IDENTITY_CUSTOM_PROP = stix2.Identity(
def test_identity_custom_property():
with pytest.raises(ValueError) as excinfo:
stix2.Identity(
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z",
name="John Smith",
@ -26,7 +26,7 @@ def test_identity_custom_property():
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo:
stix2.Identity(
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z",
name="John Smith",
@ -39,7 +39,7 @@ def test_identity_custom_property():
assert "Unexpected properties for Identity" in str(excinfo.value)
identity = stix2.Identity(
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z",
name="John Smith",
@ -54,7 +54,7 @@ def test_identity_custom_property():
def test_identity_custom_property_invalid():
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo:
stix2.Identity(
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z",
name="John Smith",
@ -68,7 +68,7 @@ def test_identity_custom_property_invalid():
def test_identity_custom_property_allowed():
identity = stix2.Identity(
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z",
name="John Smith",
@ -82,7 +82,7 @@ def test_identity_custom_property_allowed():
@pytest.mark.parametrize("data", [
"""{
"type": "identity",
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
"created": "2015-12-21T19:59:11Z",
"modified": "2015-12-21T19:59:11Z",
"name": "John Smith",
@ -125,7 +125,7 @@ def test_custom_properties_object_in_bundled_object():
def test_custom_property_dict_in_bundled_object():
custom_identity = {
'type': 'identity',
'id': 'identity--311b2d2d-f010-5473-83ec-1edf84858f4c',
'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c',
'created': '2015-12-21T19:59:11Z',
'name': 'John Smith',
'identity_class': 'individual',
@ -142,7 +142,7 @@ def test_custom_property_dict_in_bundled_object():
def test_custom_properties_dict_in_bundled_object():
custom_identity = {
'type': 'identity',
'id': 'identity--311b2d2d-f010-5473-83ec-1edf84858f4c',
'id': 'identity--311b2d2d-f010-4473-83ec-1edf84858f4c',
'created': '2015-12-21T19:59:11Z',
'name': 'John Smith',
'identity_class': 'individual',

22
stix2/test/test_datastore.py
View File

@ -22,13 +22,13 @@ def test_datastore_smoke():
def test_datastore_get_raises():
with pytest.raises(AttributeError) as excinfo:
DataStoreMixin().get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
DataStoreMixin().get("indicator--00000000-0000-4000-8000-000000000001")
assert "DataStoreMixin has no data source to query" == str(excinfo.value)
def test_datastore_all_versions_raises():
with pytest.raises(AttributeError) as excinfo:
DataStoreMixin().all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
DataStoreMixin().all_versions("indicator--00000000-0000-4000-8000-000000000001")
assert "DataStoreMixin has no data source to query" == str(excinfo.value)
@ -46,14 +46,14 @@ def test_datastore_creator_of_raises():
def test_datastore_relationships_raises():
with pytest.raises(AttributeError) as excinfo:
DataStoreMixin().relationships(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
DataStoreMixin().relationships(obj="indicator--00000000-0000-4000-8000-000000000001",
target_only=True)
assert "DataStoreMixin has no data source to query" == str(excinfo.value)
def test_datastore_related_to_raises():
with pytest.raises(AttributeError) as excinfo:
DataStoreMixin().related_to(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
DataStoreMixin().related_to(obj="indicator--00000000-0000-4000-8000-000000000001",
target_only=True)
assert "DataStoreMixin has no data source to query" == str(excinfo.value)
@ -66,13 +66,13 @@ def test_datastore_add_raises():
def test_composite_datastore_get_raises_error():
with pytest.raises(AttributeError) as excinfo:
CompositeDataSource().get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
CompositeDataSource().get("indicator--00000000-0000-4000-8000-000000000001")
assert "CompositeDataSource has no data sources" == str(excinfo.value)
def test_composite_datastore_all_versions_raises_error():
with pytest.raises(AttributeError) as excinfo:
CompositeDataSource().all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
CompositeDataSource().all_versions("indicator--00000000-0000-4000-8000-000000000001")
assert "CompositeDataSource has no data sources" == str(excinfo.value)
@ -84,28 +84,28 @@ def test_composite_datastore_query_raises_error():
def test_composite_datastore_relationships_raises_error():
with pytest.raises(AttributeError) as excinfo:
CompositeDataSource().relationships(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
CompositeDataSource().relationships(obj="indicator--00000000-0000-4000-8000-000000000001",
target_only=True)
assert "CompositeDataSource has no data sources" == str(excinfo.value)
def test_composite_datastore_related_to_raises_error():
with pytest.raises(AttributeError) as excinfo:
CompositeDataSource().related_to(obj="indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
CompositeDataSource().related_to(obj="indicator--00000000-0000-4000-8000-000000000001",
target_only=True)
assert "CompositeDataSource has no data sources" == str(excinfo.value)
def test_composite_datastore_add_data_source_raises_error():
with pytest.raises(TypeError) as excinfo:
ind = "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f"
ind = "indicator--00000000-0000-4000-8000-000000000001"
CompositeDataSource().add_data_source(ind)
assert "DataSource (to be added) is not of type stix2.DataSource. DataSource type is '{}'".format(type(ind)) == str(excinfo.value)
def test_composite_datastore_add_data_sources_raises_error():
with pytest.raises(TypeError) as excinfo:
ind = "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f"
ind = "indicator--00000000-0000-4000-8000-000000000001"
CompositeDataSource().add_data_sources(ind)
assert "DataSource (to be added) is not of type stix2.DataSource. DataSource type is '{}'".format(type(ind)) == str(excinfo.value)
@ -113,5 +113,5 @@ def test_composite_datastore_add_data_sources_raises_error():
def test_composite_datastore_no_datasource():
cds = CompositeDataSource()
with pytest.raises(AttributeError) as excinfo:
cds.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
cds.get("indicator--00000000-0000-4000-8000-000000000001")
assert 'CompositeDataSource has no data source' in str(excinfo.value)

30
stix2/test/test_datastore_filesystem.py
View File

@ -199,7 +199,7 @@ def test_filesystem_sink_add_stix_object_dict(fs_sink, fs_source):
"type": "campaign",
"objective": "German and French Intelligence Services",
"aliases": ["Purple Robes"],
"id": "campaign--111111b6-1112-4fb0-111b-b111107ca70a",
"id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"created": "2017-05-31T21:31:53.197755Z"
}
@ -219,7 +219,7 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source):
# add stix bundle dict
bund = {
"type": "bundle",
"id": "bundle--112211b6-1112-4fb0-111b-b111107ca70a",
"id": "bundle--040ae5ec-2e91-4e94-b075-bc8b368e8ca3",
"spec_version": "2.0",
"objects": [
{
@ -227,7 +227,7 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source):
"type": "campaign",
"objective": "Bulgarian, Albanian and Romanian Intelligence Services",
"aliases": ["Huns"],
"id": "campaign--133111b6-1112-4fb0-111b-b111107ca70a",
"id": "campaign--b8f86161-ccae-49de-973a-4ca320c62478",
"created": "2017-05-31T21:31:53.197755Z"
}
]
@ -247,15 +247,15 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source):
def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source):
# add json-encoded stix obj
camp4 = '{"type": "campaign", "id":"campaign--144111b6-1112-4fb0-111b-b111107ca70a",'\
camp4 = '{"type": "campaign", "id":"campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d",'\
' "created":"2017-05-31T21:31:53.197755Z", "name": "Ghengis Khan", "objective": "China and Russian infrastructure"}'
fs_sink.add(camp4)
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--144111b6-1112-4fb0-111b-b111107ca70a" + ".json"))
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d" + ".json"))
camp4_r = fs_source.get("campaign--144111b6-1112-4fb0-111b-b111107ca70a")
assert camp4_r.id == "campaign--144111b6-1112-4fb0-111b-b111107ca70a"
camp4_r = fs_source.get("campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d")
assert camp4_r.id == "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d"
assert camp4_r.name == "Ghengis Khan"
os.remove(os.path.join(FS_PATH, "campaign", camp4_r.id + ".json"))
@ -263,15 +263,15 @@ def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source):
def test_filesystem_sink_json_stix_bundle(fs_sink, fs_source):
# add json-encoded stix bundle
bund2 = '{"type": "bundle", "id": "bundle--332211b6-1132-4fb0-111b-b111107ca70a",' \
' "spec_version": "2.0", "objects": [{"type": "campaign", "id": "campaign--155155b6-1112-4fb0-111b-b111107ca70a",' \
bund2 = '{"type": "bundle", "id": "bundle--3d267103-8475-4d8f-b321-35ec6eccfa37",' \
' "spec_version": "2.0", "objects": [{"type": "campaign", "id": "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b",' \
' "created":"2017-05-31T21:31:53.197755Z", "name": "Spartacus", "objective": "Oppressive regimes of Africa and Middle East"}]}'
fs_sink.add(bund2)
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--155155b6-1112-4fb0-111b-b111107ca70a" + ".json"))
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b" + ".json"))
camp5_r = fs_source.get("campaign--155155b6-1112-4fb0-111b-b111107ca70a")
assert camp5_r.id == "campaign--155155b6-1112-4fb0-111b-b111107ca70a"
camp5_r = fs_source.get("campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b")
assert camp5_r.id == "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b"
assert camp5_r.name == "Spartacus"
os.remove(os.path.join(FS_PATH, "campaign", camp5_r.id + ".json"))
@ -288,14 +288,14 @@ def test_filesystem_sink_add_objects_list(fs_sink, fs_source):
"type": "campaign",
"objective": "Central and Eastern Europe military commands and departments",
"aliases": ["The Frenchmen"],
"id": "campaign--122818b6-1112-4fb0-111b-b111107ca70a",
"id": "campaign--122818b6-1112-4fb0-b11b-b111107ca70a",
"created": "2017-05-31T21:31:53.197755Z"
}
fs_sink.add([camp6, camp7])
assert os.path.exists(os.path.join(FS_PATH, "campaign", camp6.id + ".json"))
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--122818b6-1112-4fb0-111b-b111107ca70a" + ".json"))
assert os.path.exists(os.path.join(FS_PATH, "campaign", "campaign--122818b6-1112-4fb0-b11b-b111107ca70a" + ".json"))
camp6_r = fs_source.get(camp6.id)
assert camp6_r.id == camp6.id
@ -403,7 +403,7 @@ def test_filesystem_add_bundle_object(fs_store):
def test_filesystem_store_add_invalid_object(fs_store):
ind = ('campaign', 'campaign--111111b6-1112-4fb0-111b-b111107ca70a') # tuple isn't valid
ind = ('campaign', 'campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f') # tuple isn't valid
with pytest.raises(TypeError) as excinfo:
fs_store.add(ind)
assert 'stix_data must be' in str(excinfo.value)

24
stix2/test/test_datastore_filters.py
View File

@ -8,7 +8,7 @@ stix_objs = [
{
"created": "2017-01-27T13:49:53.997Z",
"description": "\n\nTITLE:\n\tPoison Ivy",
"id": "malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111",
"id": "malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111",
"labels": [
"remote-access-trojan"
],
@ -18,7 +18,7 @@ stix_objs = [
},
{
"created": "2014-05-08T09:00:00.000Z",
"id": "indicator--a932fcc6-e032-176c-126f-cb970a5a1ade",
"id": "indicator--a932fcc6-e032-476c-826f-cb970a5a1ade",
"labels": [
"file-hash-watchlist"
],
@ -45,14 +45,14 @@ stix_objs = [
],
"relationship_type": "indicates",
"revoked": True,
"source_ref": "indicator--a932fcc6-e032-176c-126f-cb970a5a1ade",
"target_ref": "malware--fdd60b30-b67c-11e3-b0b9-f01faf20d111",
"source_ref": "indicator--a932fcc6-e032-476c-826f-cb970a5a1ade",
"target_ref": "malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111",
"type": "relationship"
},
{
"id": "vulnerability--ee916c28-c7a4-4d0d-ad56-a8d357f89fef",
"created": "2016-02-14T00:00:00.000Z",
"created_by_ref": "identity--00000000-0000-0000-0000-b8e91df99dc9",
"created_by_ref": "identity--f1350682-3290-4e0d-be58-69e290537647",
"modified": "2016-02-14T00:00:00.000Z",
"type": "vulnerability",
"name": "CVE-2014-0160",
@ -96,8 +96,8 @@ filters = [
Filter("granular_markings.selectors", "in", "relationship_type"),
Filter("granular_markings.marking_ref", "=", "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed"),
Filter("external_references.external_id", "in", "CVE-2014-0160,CVE-2017-6608"),
Filter("created_by_ref", "=", "identity--00000000-0000-0000-0000-b8e91df99dc9"),
Filter("object_marking_refs", "=", "marking-definition--613f2e26-0000-0000-0000-b8e91df99dc9"),
Filter("created_by_ref", "=", "identity--f1350682-3290-4e0d-be58-69e290537647"),
Filter("object_marking_refs", "=", "marking-definition--613f2e26-0000-4000-8000-b8e91df99dc9"),
Filter("granular_markings.selectors", "in", "description"),
Filter("external_references.source_name", "=", "CVE"),
Filter("objects", "=", {"0": {"type": "file", "name": "HAL 9000.exe"}})
@ -253,7 +253,7 @@ def test_apply_common_filters8():
def test_apply_common_filters9():
# "Return any object that matches created_by_ref identity--00000000-0000-0000-0000-b8e91df99dc9"
# "Return any object that matches created_by_ref identity--f1350682-3290-4e0d-be58-69e290537647"
resp = list(apply_common_filters(stix_objs, [filters[10]]))
assert len(resp) == 1
@ -262,7 +262,7 @@ def test_apply_common_filters9():
def test_apply_common_filters10():
# "Return any object that matches marking-definition--613f2e26-0000-0000-0000-b8e91df99dc9 in object_marking_refs" (None)
# "Return any object that matches marking-definition--613f2e26-0000-4000-8000-b8e91df99dc9 in object_marking_refs" (None)
resp = list(apply_common_filters(stix_objs, [filters[11]]))
assert len(resp) == 0
@ -395,12 +395,12 @@ def test_filters4():
def test_filters5(stix_objs2, real_stix_objs2):
# "Return any object whose id is not indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f"
resp = list(apply_common_filters(stix_objs2, [Filter("id", "!=", "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")]))
# "Return any object whose id is not indicator--00000000-0000-4000-8000-000000000002"
resp = list(apply_common_filters(stix_objs2, [Filter("id", "!=", "indicator--00000000-0000-4000-8000-000000000002")]))
assert resp[0]['id'] == stix_objs2[0]['id']
assert len(resp) == 1
resp = list(apply_common_filters(real_stix_objs2, [Filter("id", "!=", "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")]))
resp = list(apply_common_filters(real_stix_objs2, [Filter("id", "!=", "indicator--00000000-0000-4000-8000-000000000002")]))
assert resp[0].id == real_stix_objs2[0].id
assert len(resp) == 1

12
stix2/test/test_datastore_memory.py
View File

@ -41,16 +41,16 @@ def test_composite_datasource_operations(stix_objs1, stix_objs2):
cds1.add_data_sources([ds1_1, ds1_2])
cds2.add_data_sources([ds2_1, ds2_2])
indicators = cds1.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
indicators = cds1.all_versions("indicator--00000000-0000-4000-8000-000000000001")
# In STIX_OBJS2 changed the 'modified' property to a later time...
assert len(indicators) == 2
cds1.add_data_sources([cds2])
indicator = cds1.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
indicator = cds1.get("indicator--00000000-0000-4000-8000-000000000001")
assert indicator["id"] == "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f"
assert indicator["id"] == "indicator--00000000-0000-4000-8000-000000000001"
assert indicator["modified"] == "2017-01-31T13:49:53.935Z"
assert indicator["type"] == "indicator"
@ -70,15 +70,15 @@ def test_composite_datasource_operations(stix_objs1, stix_objs2):
# original time in STIX_OBJS1
assert len(results) == 3
indicator = cds1.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
indicator = cds1.get("indicator--00000000-0000-4000-8000-000000000001")
assert indicator["id"] == "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f"
assert indicator["id"] == "indicator--00000000-0000-4000-8000-000000000001"
assert indicator["modified"] == "2017-01-31T13:49:53.935Z"
assert indicator["type"] == "indicator"
# There is only one indicator with different ID. Since we use the same data
# when deduplicated, only two indicators (one with different modified).
results = cds1.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
results = cds1.all_versions("indicator--00000000-0000-4000-8000-000000000001")
assert len(results) == 2
# Since we have filters already associated with our CompositeSource providing

4
stix2/test/test_datastore_taxii.py
View File

@ -251,7 +251,7 @@ def test_add_dict_bundle_object(collection):
def test_get_stix2_object(collection):
tc_sink = TAXIICollectionSource(collection)
objects = tc_sink.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
objects = tc_sink.get("indicator--00000000-0000-4000-8000-000000000001")
assert objects
@ -318,7 +318,7 @@ def test_add_get_remove_filter(collection):
def test_get_all_versions(collection):
ds = TAXIICollectionStore(collection)
indicators = ds.all_versions('indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f')
indicators = ds.all_versions('indicator--00000000-0000-4000-8000-000000000001')
# There are 3 indicators but 2 share the same 'modified' timestamp
assert len(indicators) == 2

2
stix2/test/test_environment.py
View File

@ -190,7 +190,7 @@ def test_parse_malware():
env = stix2.Environment()
data = """{
"type": "malware",
"id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"name": "Cryptolocker",

8
stix2/test/test_fixtures.py
View File

@ -10,9 +10,9 @@ def test_clock(clock):
def test_my_uuid4_fixture(uuid4):
assert uuid.uuid4() == "00000000-0000-0000-0000-000000000001"
assert uuid.uuid4() == "00000000-0000-0000-0000-000000000002"
assert uuid.uuid4() == "00000000-0000-0000-0000-000000000003"
assert uuid.uuid4() == "00000000-0000-4000-8000-000000000001"
assert uuid.uuid4() == "00000000-0000-4000-8000-000000000002"
assert uuid.uuid4() == "00000000-0000-4000-8000-000000000003"
for _ in range(256):
uuid.uuid4()
assert uuid.uuid4() == "00000000-0000-0000-0000-000000000104"
assert uuid.uuid4() == "00000000-0000-4000-8000-000000000104"

8
stix2/test/test_identity.py
View File

@ -9,7 +9,7 @@ from .constants import IDENTITY_ID
EXPECTED = """{
"type": "identity",
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
"created": "2015-12-21T19:59:11.000Z",
"modified": "2015-12-21T19:59:11.000Z",
"name": "John Smith",
@ -19,7 +19,7 @@ EXPECTED = """{
def test_identity_example():
identity = stix2.Identity(
id="identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
id="identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
created="2015-12-21T19:59:11.000Z",
modified="2015-12-21T19:59:11.000Z",
name="John Smith",
@ -33,7 +33,7 @@ def test_identity_example():
EXPECTED,
{
"created": "2015-12-21T19:59:11.000Z",
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
"identity_class": "individual",
"modified": "2015-12-21T19:59:11.000Z",
"name": "John Smith",
@ -54,7 +54,7 @@ def test_parse_no_type():
with pytest.raises(stix2.exceptions.ParseError):
stix2.parse("""
{
"id": "identity--311b2d2d-f010-5473-83ec-1edf84858f4c",
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
"created": "2015-12-21T19:59:11.000Z",
"modified": "2015-12-21T19:59:11.000Z",
"name": "John Smith",

10
stix2/test/test_indicator.py
View File

@ -10,7 +10,7 @@ from .constants import FAKE_TIME, INDICATOR_ID, INDICATOR_KWARGS
EXPECTED_INDICATOR = """{
"type": "indicator",
"id": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"created": "2017-01-01T00:00:01.000Z",
"modified": "2017-01-01T00:00:01.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
@ -22,7 +22,7 @@ EXPECTED_INDICATOR = """{
EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join("""
type='indicator',
id='indicator--01234567-89ab-cdef-0123-456789abcdef',
id='indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7',
created='2017-01-01T00:00:01.000Z',
modified='2017-01-01T00:00:01.000Z',
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
@ -53,7 +53,7 @@ def test_indicator_with_all_required_properties():
def test_indicator_autogenerated_properties(indicator):
assert indicator.type == 'indicator'
assert indicator.id == 'indicator--00000000-0000-0000-0000-000000000001'
assert indicator.id == 'indicator--00000000-0000-4000-8000-000000000001'
assert indicator.created == FAKE_TIME
assert indicator.modified == FAKE_TIME
assert indicator.labels == ['malicious-activity']
@ -61,7 +61,7 @@ def test_indicator_autogenerated_properties(indicator):
assert indicator.valid_from == FAKE_TIME
assert indicator['type'] == 'indicator'
assert indicator['id'] == 'indicator--00000000-0000-0000-0000-000000000001'
assert indicator['id'] == 'indicator--00000000-0000-4000-8000-000000000001'
assert indicator['created'] == FAKE_TIME
assert indicator['modified'] == FAKE_TIME
assert indicator['labels'] == ['malicious-activity']
@ -152,7 +152,7 @@ def test_created_modified_time_are_identical_by_default():
EXPECTED_INDICATOR,
{
"type": "indicator",
"id": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"created": "2017-01-01T00:00:01Z",
"modified": "2017-01-01T00:00:01Z",
"labels": [

8
stix2/test/test_malware.py
View File

@ -10,7 +10,7 @@ from .constants import FAKE_TIME, MALWARE_ID, MALWARE_KWARGS
EXPECTED_MALWARE = """{
"type": "malware",
"id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"name": "Cryptolocker",
@ -37,14 +37,14 @@ def test_malware_with_all_required_properties():
def test_malware_autogenerated_properties(malware):
assert malware.type == 'malware'
assert malware.id == 'malware--00000000-0000-0000-0000-000000000001'
assert malware.id == 'malware--00000000-0000-4000-8000-000000000001'
assert malware.created == FAKE_TIME
assert malware.modified == FAKE_TIME
assert malware.labels == ['ransomware']
assert malware.name == "Cryptolocker"
assert malware['type'] == 'malware'
assert malware['id'] == 'malware--00000000-0000-0000-0000-000000000001'
assert malware['id'] == 'malware--00000000-0000-4000-8000-000000000001'
assert malware['created'] == FAKE_TIME
assert malware['modified'] == FAKE_TIME
assert malware['labels'] == ['ransomware']
@ -107,7 +107,7 @@ def test_invalid_kwarg_to_malware():
EXPECTED_MALWARE,
{
"type": "malware",
"id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"labels": ["ransomware"],

6
stix2/test/test_markings.py
View File

@ -194,14 +194,14 @@ def test_registered_custom_marking():
nm = NewMarking(property1='something', property2=55)
marking_def = stix2.MarkingDefinition(
id="marking-definition--00000000-0000-0000-0000-000000000012",
id="marking-definition--00000000-0000-4000-8000-000000000012",
created="2017-01-22T00:00:00.000Z",
definition_type="x-new-marking-type",
definition=nm
)
assert marking_def.type == "marking-definition"
assert marking_def.id == "marking-definition--00000000-0000-0000-0000-000000000012"
assert marking_def.id == "marking-definition--00000000-0000-4000-8000-000000000012"
assert marking_def.created == dt.datetime(2017, 1, 22, 0, 0, 0, tzinfo=pytz.utc)
assert marking_def.definition.property1 == "something"
assert marking_def.definition.property2 == 55
@ -229,7 +229,7 @@ def test_not_registered_marking_raises_exception():
no = NewObject2(property1='something', property2=55)
stix2.MarkingDefinition(
id="marking-definition--00000000-0000-0000-0000-000000000012",
id="marking-definition--00000000-0000-4000-8000-000000000012",
created="2017-01-22T00:00:00.000Z",
definition_type="x-new-marking-type2",
definition=no

44
stix2/test/test_memory.py
View File

@ -14,7 +14,7 @@ from .constants import (CAMPAIGN_ID, CAMPAIGN_KWARGS, IDENTITY_ID,
IND1 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"url-watchlist"
],
@ -26,7 +26,7 @@ IND1 = {
}
IND2 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"url-watchlist"
],
@ -38,7 +38,7 @@ IND2 = {
}
IND3 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"url-watchlist"
],
@ -50,7 +50,7 @@ IND3 = {
}
IND4 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"url-watchlist"
],
@ -62,7 +62,7 @@ IND4 = {
}
IND5 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"url-watchlist"
],
@ -74,7 +74,7 @@ IND5 = {
}
IND6 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"url-watchlist"
],
@ -86,7 +86,7 @@ IND6 = {
}
IND7 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"url-watchlist"
],
@ -98,7 +98,7 @@ IND7 = {
}
IND8 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"url-watchlist"
],
@ -150,12 +150,12 @@ def fs_mem_store(request, mem_store):
def test_memory_source_get(mem_source):
resp = mem_source.get("indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")
assert resp["id"] == "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f"
resp = mem_source.get("indicator--00000000-0000-4000-8000-000000000001")
assert resp["id"] == "indicator--00000000-0000-4000-8000-000000000001"
def test_memory_source_get_nonexistant_object(mem_source):
resp = mem_source.get("tool--d81f86b8-975b-bc0b-775e-810c5ad45a4f")
resp = mem_source.get("tool--8d0b222c-7a3b-44a0-b9c6-31b051efb32e")
assert resp is None
@ -166,7 +166,7 @@ def test_memory_store_all_versions(mem_store):
spec_version="2.0",
type="bundle"))
resp = mem_store.all_versions("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
resp = mem_store.all_versions("indicator--00000000-0000-4000-8000-000000000001")
assert len(resp) == 1 # MemoryStore can only store 1 version of each object
@ -177,7 +177,7 @@ def test_memory_store_query(mem_store):
def test_memory_store_query_single_filter(mem_store):
query = Filter('id', '=', 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f')
query = Filter('id', '=', 'indicator--00000000-0000-4000-8000-000000000001')
resp = mem_store.query(query)
assert len(resp) == 1
@ -187,15 +187,15 @@ def test_memory_store_query_empty_query(mem_store):
# sort since returned in random order
resp = sorted(resp, key=lambda k: k['id'])
assert len(resp) == 2
assert resp[0]['id'] == 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f'
assert resp[0]['modified'] == '2017-01-27T13:49:53.935Z'
assert resp[1]['id'] == 'indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f'
assert resp[1]['modified'] == '2017-01-27T13:49:53.936Z'
assert resp[0]['id'] == 'indicator--00000000-0000-4000-8000-000000000001'
assert resp[0]['modified'] == '2017-01-27T13:49:53.936Z'
assert resp[1]['id'] == 'indicator--00000000-0000-4000-8000-000000000002'
assert resp[1]['modified'] == '2017-01-27T13:49:53.935Z'
def test_memory_store_query_multiple_filters(mem_store):
mem_store.source.filters.add(Filter('type', '=', 'indicator'))
query = Filter('id', '=', 'indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f')
query = Filter('id', '=', 'indicator--00000000-0000-4000-8000-000000000001')
resp = mem_store.query(query)
assert len(resp) == 1
@ -207,13 +207,13 @@ def test_memory_store_save_load_file(mem_store, fs_mem_store):
# (this is done in fixture 'fs_mem_store'), so can already read-in here
contents = open(os.path.abspath(filename)).read()
assert '"id": "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f",' in contents
assert '"id": "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f",' in contents
assert '"id": "indicator--00000000-0000-4000-8000-000000000001",' in contents
assert '"id": "indicator--00000000-0000-4000-8000-000000000001",' in contents
mem_store2 = MemoryStore()
mem_store2.load_from_file(filename)
assert mem_store2.get("indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f")
assert mem_store2.get("indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f")
assert mem_store2.get("indicator--00000000-0000-4000-8000-000000000001")
assert mem_store2.get("indicator--00000000-0000-4000-8000-000000000001")
def test_memory_store_add_invalid_object(mem_store):

91
stix2/test/test_properties.py
View File

@ -1,15 +1,18 @@
import uuid
import pytest
from stix2 import CustomObject, EmailMIMEComponent, ExtensionsProperty, TCPExt
from stix2.exceptions import AtLeastOnePropertyError, DictionaryKeyError
from stix2.properties import (BinaryProperty, BooleanProperty,
DictionaryProperty, EmbeddedObjectProperty,
EnumProperty, FloatProperty, HashesProperty,
HexProperty, IDProperty, IntegerProperty,
ListProperty, Property, ReferenceProperty,
StringProperty, TimestampProperty, TypeProperty)
from stix2.properties import (ERROR_INVALID_ID, BinaryProperty,
BooleanProperty, DictionaryProperty,
EmbeddedObjectProperty, EnumProperty,
FloatProperty, HashesProperty, HexProperty,
IDProperty, IntegerProperty, ListProperty,
Property, ReferenceProperty, StringProperty,
TimestampProperty, TypeProperty)
from .constants import FAKE_TIME
from . import constants
def test_property():
@ -85,18 +88,68 @@ def test_type_property():
assert prop.clean(prop.default())
def test_id_property():
idprop = IDProperty('my-type')
ID_PROP = IDProperty('my-type')
MY_ID = 'my-type--232c9d3f-49fc-4440-bb01-607f638778e7'
assert idprop.clean('my-type--90aaca8a-1110-5d32-956d-ac2f34a1bd8c')
@pytest.mark.parametrize("value", [
MY_ID,
'my-type--00000000-0000-4000-8000-000000000000',
])
def test_id_property_valid(value):
assert ID_PROP.clean(value) == value
CONSTANT_IDS = [
constants.ATTACK_PATTERN_ID,
constants.CAMPAIGN_ID,
constants.COURSE_OF_ACTION_ID,
constants.IDENTITY_ID,
constants.INDICATOR_ID,
constants.INTRUSION_SET_ID,
constants.MALWARE_ID,
constants.MARKING_DEFINITION_ID,
constants.OBSERVED_DATA_ID,
constants.RELATIONSHIP_ID,
constants.REPORT_ID,
constants.SIGHTING_ID,
constants.THREAT_ACTOR_ID,
constants.TOOL_ID,
constants.VULNERABILITY_ID,
]
CONSTANT_IDS.extend(constants.MARKING_IDS)
CONSTANT_IDS.extend(constants.RELATIONSHIP_IDS)
@pytest.mark.parametrize("value", CONSTANT_IDS)
def test_id_property_valid_for_type(value):
type = value.split('--', 1)[0]
assert IDProperty(type=type).clean(value) == value
def test_id_property_wrong_type():
with pytest.raises(ValueError) as excinfo:
idprop.clean('not-my-type--90aaca8a-1110-5d32-956d-ac2f34a1bd8c')
ID_PROP.clean('not-my-type--232c9d3f-49fc-4440-bb01-607f638778e7')
assert str(excinfo.value) == "must start with 'my-type--'."
with pytest.raises(ValueError) as excinfo:
idprop.clean('my-type--foo')
assert str(excinfo.value) == "must have a valid UUID after the prefix."
assert idprop.clean(idprop.default())
@pytest.mark.parametrize("value", [
'my-type--foo',
# Not a v4 UUID
'my-type--00000000-0000-0000-0000-000000000000',
'my-type--' + str(uuid.uuid1()),
'my-type--' + str(uuid.uuid3(uuid.NAMESPACE_DNS, "example.org")),
'my-type--' + str(uuid.uuid5(uuid.NAMESPACE_DNS, "example.org")),
])
def test_id_property_not_a_valid_hex_uuid(value):
with pytest.raises(ValueError) as excinfo:
ID_PROP.clean(value)
assert str(excinfo.value) == ERROR_INVALID_ID
def test_id_property_default():
default = ID_PROP.default()
assert ID_PROP.clean(default) == default
@pytest.mark.parametrize("value", [
@ -179,10 +232,14 @@ def test_boolean_property_invalid(value):
def test_reference_property():
ref_prop = ReferenceProperty()
assert ref_prop.clean("my-type--3a331bfe-0566-55e1-a4a0-9a2cd355a300")
assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000")
with pytest.raises(ValueError):
ref_prop.clean("foo")
# This is not a valid V4 UUID
with pytest.raises(ValueError):
ref_prop.clean("my-type--00000000-0000-0000-0000-000000000000")
@pytest.mark.parametrize("value", [
'2017-01-01T12:34:56Z',
@ -191,7 +248,7 @@ def test_reference_property():
])
def test_timestamp_property_valid(value):
ts_prop = TimestampProperty()
assert ts_prop.clean(value) == FAKE_TIME
assert ts_prop.clean(value) == constants.FAKE_TIME
def test_timestamp_property_invalid():

32
stix2/test/test_relationship.py
View File

@ -10,12 +10,12 @@ from .constants import (FAKE_TIME, INDICATOR_ID, MALWARE_ID, RELATIONSHIP_ID,
EXPECTED_RELATIONSHIP = """{
"type": "relationship",
"id": "relationship--00000000-1111-2222-3333-444444444444",
"id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301",
"created": "2016-04-06T20:06:37.000Z",
"modified": "2016-04-06T20:06:37.000Z",
"relationship_type": "indicates",
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210"
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
}"""
@ -36,7 +36,7 @@ def test_relationship_all_required_properties():
def test_relationship_autogenerated_properties(relationship):
assert relationship.type == 'relationship'
assert relationship.id == 'relationship--00000000-0000-0000-0000-000000000001'
assert relationship.id == 'relationship--00000000-0000-4000-8000-000000000001'
assert relationship.created == FAKE_TIME
assert relationship.modified == FAKE_TIME
assert relationship.relationship_type == 'indicates'
@ -44,7 +44,7 @@ def test_relationship_autogenerated_properties(relationship):
assert relationship.target_ref == MALWARE_ID
assert relationship['type'] == 'relationship'
assert relationship['id'] == 'relationship--00000000-0000-0000-0000-000000000001'
assert relationship['id'] == 'relationship--00000000-0000-4000-8000-000000000001'
assert relationship['created'] == FAKE_TIME
assert relationship['modified'] == FAKE_TIME
assert relationship['relationship_type'] == 'indicates'
@ -122,29 +122,29 @@ def test_create_relationship_from_objects_rather_than_ids(indicator, malware):
)
assert rel.relationship_type == 'indicates'
assert rel.source_ref == 'indicator--00000000-0000-0000-0000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000003'
assert rel.id == 'relationship--00000000-0000-0000-0000-000000000005'
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
def test_create_relationship_with_positional_args(indicator, malware):
rel = stix2.Relationship(indicator, 'indicates', malware)
assert rel.relationship_type == 'indicates'
assert rel.source_ref == 'indicator--00000000-0000-0000-0000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-0000-0000-000000000003'
assert rel.id == 'relationship--00000000-0000-0000-0000-000000000005'
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
@pytest.mark.parametrize("data", [
EXPECTED_RELATIONSHIP,
{
"created": "2016-04-06T20:06:37Z",
"id": "relationship--00000000-1111-2222-3333-444444444444",
"id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301",
"modified": "2016-04-06T20:06:37Z",
"relationship_type": "indicates",
"source_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"target_ref": "malware--fedcba98-7654-3210-fedc-ba9876543210",
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
"type": "relationship"
},
])
@ -156,5 +156,5 @@ def test_parse_relationship(data):
assert rel.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
assert rel.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
assert rel.relationship_type == "indicates"
assert rel.source_ref == "indicator--01234567-89ab-cdef-0123-456789abcdef"
assert rel.target_ref == "malware--fedcba98-7654-3210-fedc-ba9876543210"
assert rel.source_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"
assert rel.target_ref == "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"

4
stix2/test/test_report.py
View File

@ -87,8 +87,8 @@ def test_report_example_objects_in_object_refs_with_bad_id():
assert excinfo.value.cls == stix2.Report
assert excinfo.value.prop_name == "object_refs"
assert excinfo.value.reason == "must match <object-type>--<guid>."
assert str(excinfo.value) == "Invalid value for Report 'object_refs': must match <object-type>--<guid>."
assert excinfo.value.reason == stix2.properties.ERROR_INVALID_ID
assert str(excinfo.value) == "Invalid value for Report 'object_refs': " + stix2.properties.ERROR_INVALID_ID
@pytest.mark.parametrize("data", [

12
stix2/test/test_sighting.py
View File

@ -12,7 +12,7 @@ EXPECTED_SIGHTING = """{
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
"created": "2016-04-06T20:06:37.000Z",
"modified": "2016-04-06T20:06:37.000Z",
"sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"where_sighted_refs": [
"identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"
]
@ -22,7 +22,7 @@ BAD_SIGHTING = """{
"created": "2016-04-06T20:06:37.000Z",
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
"modified": "2016-04-06T20:06:37.000Z",
"sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"type": "sighting",
"where_sighted_refs": [
"malware--8cc7afd6-5455-4d2b-a736-e614ee631d99"
@ -85,8 +85,8 @@ def test_invalid_kwarg_to_sighting():
def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811
rel = stix2.Sighting(sighting_of_ref=malware)
assert rel.sighting_of_ref == 'malware--00000000-0000-0000-0000-000000000001'
assert rel.id == 'sighting--00000000-0000-0000-0000-000000000003'
assert rel.sighting_of_ref == 'malware--00000000-0000-4000-8000-000000000001'
assert rel.id == 'sighting--00000000-0000-4000-8000-000000000003'
@pytest.mark.parametrize("data", [
@ -95,7 +95,7 @@ def test_create_sighting_from_objects_rather_than_ids(malware): # noqa: F811
"created": "2016-04-06T20:06:37Z",
"id": "sighting--bfbc19db-ec35-4e45-beed-f8bde2a772fb",
"modified": "2016-04-06T20:06:37Z",
"sighting_of_ref": "indicator--01234567-89ab-cdef-0123-456789abcdef",
"sighting_of_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"type": "sighting",
"where_sighted_refs": [
"identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"
@ -109,5 +109,5 @@ def test_parse_sighting(data):
assert sighting.id == SIGHTING_ID
assert sighting.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
assert sighting.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
assert sighting.sighting_of_ref == "indicator--01234567-89ab-cdef-0123-456789abcdef"
assert sighting.sighting_of_ref == "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"
assert sighting.where_sighted_refs == ["identity--8cc7afd6-5455-4d2b-a736-e614ee631d99"]

4
stix2/test/test_utils.py
View File

@ -98,8 +98,8 @@ def test_deduplicate(stix_objs1):
ids = [obj['id'] for obj in unique]
mods = [obj['modified'] for obj in unique]
assert "indicator--d81f86b8-975b-bc0b-775e-810c5ad45a4f" in ids
assert "indicator--d81f86b9-975b-bc0b-775e-810c5ad45a4f" in ids
assert "indicator--00000000-0000-4000-8000-000000000001" in ids
assert "indicator--00000000-0000-4000-8000-000000000001" in ids
assert "2017-01-27T13:49:53.935Z" in mods
assert "2017-01-27T13:49:53.936Z" in mods