From 7ef6e20e9a71cf12c7556d0878bae81fd988579a Mon Sep 17 00:00:00 2001 From: Greg Back Date: Fri, 24 Feb 2017 12:51:21 -0600 Subject: [PATCH] Add tests for kill chain phases. --- stix2/__init__.py | 2 +- stix2/test/test_kill_chain_phases.py | 58 ++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 stix2/test/test_kill_chain_phases.py diff --git a/stix2/__init__.py b/stix2/__init__.py index 13b1916..a1929ab 100644 --- a/stix2/__init__.py +++ b/stix2/__init__.py @@ -1,7 +1,7 @@ """Python APIs for STIX 2.""" from .bundle import Bundle -from .common import ExternalReference +from .common import ExternalReference, KillChainPhase from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \ IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \ Vulnerability diff --git a/stix2/test/test_kill_chain_phases.py b/stix2/test/test_kill_chain_phases.py new file mode 100644 index 0000000..425c4b2 --- /dev/null +++ b/stix2/test/test_kill_chain_phases.py @@ -0,0 +1,58 @@ +"""Tests for stix.ExternalReference""" + +import pytest + +import stix2 + +LMCO_RECON = """{ + "kill_chain_name": "lockheed-martin-cyber-kill-chain", + "phase_name": "reconnaissance" +}""" + + +def test_lockheed_martin_cyber_kill_chain(): + recon = stix2.KillChainPhase( + kill_chain_name="lockheed-martin-cyber-kill-chain", + phase_name="reconnaissance", + ) + + assert str(recon) == LMCO_RECON + + +FOO_PRE_ATTACK = """{ + "kill_chain_name": "foo", + "phase_name": "pre-attack" +}""" + + +def test_lockheed_martin_cyber_kill_chain(): + preattack = stix2.KillChainPhase( + kill_chain_name="foo", + phase_name="pre-attack", + ) + + assert str(preattack) == FOO_PRE_ATTACK + + +def test_kill_chain_required_fields(): + + with pytest.raises(ValueError) as excinfo: + stix2.KillChainPhase() + + assert str(excinfo.value) == "Missing required field(s) for KillChainPhase: (kill_chain_name, phase_name)." + + +def test_kill_chain_required_field_chain_name(): + + with pytest.raises(ValueError) as excinfo: + stix2.KillChainPhase(phase_name="weaponization") + + assert str(excinfo.value) == "Missing required field(s) for KillChainPhase: (kill_chain_name)." + + +def test_kill_chain_required_field_phase_name(): + + with pytest.raises(ValueError) as excinfo: + stix2.KillChainPhase(kill_chain_name="lockheed-martin-cyber-kill-chain") + + assert str(excinfo.value) == "Missing required field(s) for KillChainPhase: (phase_name)."