diff --git a/stix2/__init__.py b/stix2/__init__.py index 13b1916..a1929ab 100644 --- a/stix2/__init__.py +++ b/stix2/__init__.py @@ -1,7 +1,7 @@ """Python APIs for STIX 2.""" from .bundle import Bundle -from .common import ExternalReference +from .common import ExternalReference, KillChainPhase from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \ IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \ Vulnerability diff --git a/stix2/test/test_kill_chain_phases.py b/stix2/test/test_kill_chain_phases.py new file mode 100644 index 0000000..425c4b2 --- /dev/null +++ b/stix2/test/test_kill_chain_phases.py @@ -0,0 +1,58 @@ +"""Tests for stix.ExternalReference""" + +import pytest + +import stix2 + +LMCO_RECON = """{ + "kill_chain_name": "lockheed-martin-cyber-kill-chain", + "phase_name": "reconnaissance" +}""" + + +def test_lockheed_martin_cyber_kill_chain(): + recon = stix2.KillChainPhase( + kill_chain_name="lockheed-martin-cyber-kill-chain", + phase_name="reconnaissance", + ) + + assert str(recon) == LMCO_RECON + + +FOO_PRE_ATTACK = """{ + "kill_chain_name": "foo", + "phase_name": "pre-attack" +}""" + + +def test_lockheed_martin_cyber_kill_chain(): + preattack = stix2.KillChainPhase( + kill_chain_name="foo", + phase_name="pre-attack", + ) + + assert str(preattack) == FOO_PRE_ATTACK + + +def test_kill_chain_required_fields(): + + with pytest.raises(ValueError) as excinfo: + stix2.KillChainPhase() + + assert str(excinfo.value) == "Missing required field(s) for KillChainPhase: (kill_chain_name, phase_name)." + + +def test_kill_chain_required_field_chain_name(): + + with pytest.raises(ValueError) as excinfo: + stix2.KillChainPhase(phase_name="weaponization") + + assert str(excinfo.value) == "Missing required field(s) for KillChainPhase: (kill_chain_name)." + + +def test_kill_chain_required_field_phase_name(): + + with pytest.raises(ValueError) as excinfo: + stix2.KillChainPhase(kill_chain_name="lockheed-martin-cyber-kill-chain") + + assert str(excinfo.value) == "Missing required field(s) for KillChainPhase: (phase_name)."