MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Change SDOs to OrderedDict approach. Removed COMMON_PROPERTIES.

stix2.1
Emmanuelle Vargas-Gonzalez 2017-08-11 15:12:45 -04:00
parent 228f488f5b
commit 8086447fce
1 changed files with 242 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

376
stix2/sdo.py
View File

@ -1,201 +1,293 @@
"""STIX 2.0 Domain Objects""" """STIX 2.0 Domain Objects"""
from collections import OrderedDict
import stix2 import stix2
from .base import _STIXBase from .base import _STIXBase
from .common import COMMON_PROPERTIES
from .observables import ObservableProperty from .observables import ObservableProperty
from .other import KillChainPhase from .other import ExternalReference, GranularMarking, KillChainPhase
from .properties import (IDProperty, IntegerProperty, ListProperty, from .properties import (BooleanProperty, IDProperty, IntegerProperty,
ReferenceProperty, StringProperty, TimestampProperty, ListProperty, ReferenceProperty, StringProperty,
TypeProperty) TimestampProperty, TypeProperty)
from .utils import NOW from .utils import NOW
class AttackPattern(_STIXBase): class AttackPattern(_STIXBase):
_type = 'attack-pattern' _type = 'attack-pattern'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'name': StringProperty(required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'description': StringProperty(), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'kill_chain_phases': ListProperty(KillChainPhase), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
}) ('name', StringProperty(required=True)),
('description', StringProperty()),
('kill_chain_phases', ListProperty(KillChainPhase)),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class Campaign(_STIXBase): class Campaign(_STIXBase):
_type = 'campaign' _type = 'campaign'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'name': StringProperty(required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'description': StringProperty(), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'aliases': ListProperty(StringProperty), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'first_seen': TimestampProperty(), ('name', StringProperty(required=True)),
'last_seen': TimestampProperty(), ('description', StringProperty()),
'objective': StringProperty(), ('aliases', ListProperty(StringProperty)),
}) ('first_seen', TimestampProperty()),
('last_seen', TimestampProperty()),
('objective', StringProperty()),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class CourseOfAction(_STIXBase): class CourseOfAction(_STIXBase):
_type = 'course-of-action' _type = 'course-of-action'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'name': StringProperty(required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'description': StringProperty(), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
}) ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
('name', StringProperty(required=True)),
('description', StringProperty()),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class Identity(_STIXBase): class Identity(_STIXBase):
_type = 'identity' _type = 'identity'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'name': StringProperty(required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'description': StringProperty(), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'identity_class': StringProperty(required=True), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'sectors': ListProperty(StringProperty), ('name', StringProperty(required=True)),
'contact_information': StringProperty(), ('description', StringProperty()),
}) ('identity_class', StringProperty(required=True)),
('sectors', ListProperty(StringProperty)),
('contact_information', StringProperty()),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class Indicator(_STIXBase): class Indicator(_STIXBase):
_type = 'indicator' _type = 'indicator'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'labels': ListProperty(StringProperty, required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'name': StringProperty(), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'description': StringProperty(), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'pattern': StringProperty(required=True), ('labels', ListProperty(StringProperty, required=True)),
'valid_from': TimestampProperty(default=lambda: NOW), ('name', StringProperty()),
'valid_until': TimestampProperty(), ('description', StringProperty()),
'kill_chain_phases': ListProperty(KillChainPhase), ('pattern', StringProperty(required=True)),
}) ('valid_from', TimestampProperty(default=lambda: NOW)),
('valid_until', TimestampProperty()),
('kill_chain_phases', ListProperty(KillChainPhase)),
('revoked', BooleanProperty()),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class IntrusionSet(_STIXBase): class IntrusionSet(_STIXBase):
_type = 'intrusion-set' _type = 'intrusion-set'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'name': StringProperty(required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'description': StringProperty(), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'aliases': ListProperty(StringProperty), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'first_seen': TimestampProperty(), ('name', StringProperty(required=True)),
'last_seen ': TimestampProperty(), ('description', StringProperty()),
'goals': ListProperty(StringProperty), ('aliases', ListProperty(StringProperty)),
'resource_level': StringProperty(), ('first_seen', TimestampProperty()),
'primary_motivation': StringProperty(), ('last_seen ', TimestampProperty()),
'secondary_motivations': ListProperty(StringProperty), ('goals', ListProperty(StringProperty)),
}) ('resource_level', StringProperty()),
('primary_motivation', StringProperty()),
('secondary_motivations', ListProperty(StringProperty)),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class Malware(_STIXBase): class Malware(_STIXBase):
_type = 'malware' _type = 'malware'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'labels': ListProperty(StringProperty, required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'name': StringProperty(required=True), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'description': StringProperty(), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'kill_chain_phases': ListProperty(KillChainPhase), ('name', StringProperty(required=True)),
}) ('description', StringProperty()),
('kill_chain_phases', ListProperty(KillChainPhase)),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty, required=True)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class ObservedData(_STIXBase): class ObservedData(_STIXBase):
_type = 'observed-data' _type = 'observed-data'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'first_observed': TimestampProperty(required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'last_observed': TimestampProperty(required=True), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'number_observed': IntegerProperty(required=True), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'objects': ObservableProperty(), ('first_observed', TimestampProperty(required=True)),
}) ('last_observed', TimestampProperty(required=True)),
('number_observed', IntegerProperty(required=True)),
('objects', ObservableProperty()),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class Report(_STIXBase): class Report(_STIXBase):
_type = 'report' _type = 'report'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'labels': ListProperty(StringProperty, required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'name': StringProperty(required=True), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'description': StringProperty(), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'published': TimestampProperty(), ('name', StringProperty(required=True)),
'object_refs': ListProperty(ReferenceProperty), ('description', StringProperty()),
}) ('published', TimestampProperty()),
('object_refs', ListProperty(ReferenceProperty)),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty, required=True)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class ThreatActor(_STIXBase): class ThreatActor(_STIXBase):
_type = 'threat-actor' _type = 'threat-actor'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'labels': ListProperty(StringProperty, required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'name': StringProperty(required=True), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'description': StringProperty(), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'aliases': ListProperty(StringProperty), ('name', StringProperty(required=True)),
'roles': ListProperty(StringProperty), ('description', StringProperty()),
'goals': ListProperty(StringProperty), ('aliases', ListProperty(StringProperty)),
'sophistication': StringProperty(), ('roles', ListProperty(StringProperty)),
'resource_level': StringProperty(), ('goals', ListProperty(StringProperty)),
'primary_motivation': StringProperty(), ('sophistication', StringProperty()),
'secondary_motivations': ListProperty(StringProperty), ('resource_level', StringProperty()),
'personal_motivations': ListProperty(StringProperty), ('primary_motivation', StringProperty()),
}) ('secondary_motivations', ListProperty(StringProperty)),
('personal_motivations', ListProperty(StringProperty)),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty, required=True)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class Tool(_STIXBase): class Tool(_STIXBase):
_type = 'tool' _type = 'tool'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'labels': ListProperty(StringProperty, required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'name': StringProperty(required=True), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'description': StringProperty(), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
'kill_chain_phases': ListProperty(KillChainPhase), ('name', StringProperty(required=True)),
'tool_version': StringProperty(), ('description', StringProperty()),
}) ('kill_chain_phases', ListProperty(KillChainPhase)),
('tool_version', StringProperty()),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty, required=True)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
class Vulnerability(_STIXBase): class Vulnerability(_STIXBase):
_type = 'vulnerability' _type = 'vulnerability'
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'type': TypeProperty(_type), ('type', TypeProperty(_type)),
'id': IDProperty(_type), ('id', IDProperty(_type)),
'name': StringProperty(required=True), ('created_by_ref', ReferenceProperty(type="identity")),
'description': StringProperty(), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
}) ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
('name', StringProperty(required=True)),
('description', StringProperty()),
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
def CustomObject(type='x-custom-type', properties={}): def CustomObject(type='x-custom-type', properties=None):
"""Custom STIX Object type decorator """Custom STIX Object type decorator
Example 1: Example 1:
@ -226,13 +318,29 @@ def CustomObject(type='x-custom-type', properties={}):
class _Custom(cls, _STIXBase): class _Custom(cls, _STIXBase):
_type = type _type = type
_properties = COMMON_PROPERTIES.copy() _properties = OrderedDict()
_properties.update({ _properties.update([
'id': IDProperty(_type), ('type', TypeProperty(_type)),
'type': TypeProperty(_type), ('id', IDProperty(_type)),
}) ('created_by_ref', ReferenceProperty(type="identity")),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
])
if properties is None:
raise ValueError("Must supply a list, containing tuples. For example, [('property1', IntegerProperty())]")
_properties.update(properties) _properties.update(properties)
# This is to follow the general properties structure.
_properties.update([
('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
])
def __init__(self, **kwargs): def __init__(self, **kwargs):
_STIXBase.__init__(self, **kwargs) _STIXBase.__init__(self, **kwargs)
cls.__init__(self, **kwargs) cls.__init__(self, **kwargs)