Merge pull request #360 from chisholm/enforce_hash_keys

Enforce hash keys on 2.1 external-references
master
Chris Lenk 2020-03-11 23:13:55 -04:00 committed by GitHub
commit 94e3cd7ca6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 0 deletions

View File

@ -120,3 +120,14 @@ def test_external_reference_source_required():
assert excinfo.value.cls == stix2.v21.ExternalReference
assert excinfo.value.properties == ["source_name"]
def test_external_reference_bad_hash():
with pytest.raises(stix2.exceptions.InvalidValueError):
stix2.v21.ExternalReference(
source_name="ACME Threat Intel",
description="Threat report",
hashes={
"SHA-123": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
},
)

View File

@ -4,6 +4,7 @@ from collections import OrderedDict
from ..base import _STIXBase
from ..custom import _custom_marking_builder
from ..exceptions import InvalidValueError
from ..markings import _MarkingsMixin
from ..markings.utils import check_tlp_marking
from ..properties import (
@ -28,10 +29,26 @@ class ExternalReference(_STIXBase):
('external_id', StringProperty()),
])
# This is hash-algorithm-ov
_LEGAL_HASHES = {
"MD5", "SHA-1", "SHA-256", "SHA-512", "SHA3-256", "SHA3-512", "SSDEEP",
"TLSH",
}
def _check_object_constraints(self):
super(ExternalReference, self)._check_object_constraints()
self._check_at_least_one_property(['description', 'external_id', 'url'])
if "hashes" in self:
if any(
hash_ not in self._LEGAL_HASHES
for hash_ in self["hashes"]
):
raise InvalidValueError(
ExternalReference, "hashes",
"Hash algorithm names must be members of hash-algorithm-ov",
)
class KillChainPhase(_STIXBase):
# TODO: Add link