Convert rest of code to use namedtuple Filters
Greg Back
parent
87f7503c0a
commit
961dfdc984
|
|
@ -289,17 +289,17 @@ class DataSource(object):
|
||||||
|
|
||||||
# skip filter as filter was identified (when added) as
|
# skip filter as filter was identified (when added) as
|
||||||
# not a common filter
|
# not a common filter
|
||||||
if 'id' in filter_ and self.filter_allowed[filter_['id']] is False:
|
if filter_.field not in STIX_COMMON_FIELDS:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
# check filter "field" is in STIX object - if cant be applied
|
# check filter "field" is in STIX object - if cant be applied
|
||||||
# due to STIX object, STIX object is discarded (i.e. did not
|
# due to STIX object, STIX object is discarded (i.e. did not
|
||||||
# make it through the filter)
|
# make it through the filter)
|
||||||
if filter_['field'] not in stix_obj.keys():
|
if filter_.field not in stix_obj.keys():
|
||||||
clean = False
|
clean = False
|
||||||
break
|
break
|
||||||
try:
|
try:
|
||||||
match = getattr(STIXCommonPropertyFilters, filter_['field'])(filter_, stix_obj)
|
match = getattr(STIXCommonPropertyFilters, filter_.field)(filter_, stix_obj)
|
||||||
if not match:
|
if not match:
|
||||||
clean = False
|
clean = False
|
||||||
break
|
break
|
||||||
|
|
@ -553,39 +553,39 @@ class STIXCommonPropertyFilters():
|
||||||
@classmethod
|
@classmethod
|
||||||
def _all(cls, filter_, stix_obj_field):
|
def _all(cls, filter_, stix_obj_field):
|
||||||
"""all filter operations (for filters whose value type can be applied to any operation type)"""
|
"""all filter operations (for filters whose value type can be applied to any operation type)"""
|
||||||
if filter_["op"] == '=':
|
if filter_.op == '=':
|
||||||
return stix_obj_field == filter_["value"]
|
return stix_obj_field == filter_.value
|
||||||
elif filter_["op"] == "!=":
|
elif filter_.op == "!=":
|
||||||
return stix_obj_field != filter_["value"]
|
return stix_obj_field != filter_.value
|
||||||
elif filter_["op"] == "in":
|
elif filter_.op == "in":
|
||||||
return stix_obj_field in filter_["value"]
|
return stix_obj_field in filter_.value
|
||||||
elif filter_["op"] == ">":
|
elif filter_.op == ">":
|
||||||
return stix_obj_field > filter_["value"]
|
return stix_obj_field > filter_.value
|
||||||
elif filter_["op"] == "<":
|
elif filter_.op == "<":
|
||||||
return stix_obj_field < filter_["value"]
|
return stix_obj_field < filter_.value
|
||||||
elif filter_["op"] == ">=":
|
elif filter_.op == ">=":
|
||||||
return stix_obj_field >= filter_["value"]
|
return stix_obj_field >= filter_.value
|
||||||
elif filter_["op"] == "<=":
|
elif filter_.op == "<=":
|
||||||
return stix_obj_field <= filter_["value"]
|
return stix_obj_field <= filter_.value
|
||||||
else:
|
else:
|
||||||
return -1
|
return -1
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _id(cls, filter_, stix_obj_id):
|
def _id(cls, filter_, stix_obj_id):
|
||||||
"""base filter types"""
|
"""base filter types"""
|
||||||
if filter_["op"] == "=":
|
if filter_.op == "=":
|
||||||
return stix_obj_id == filter_["value"]
|
return stix_obj_id == filter_.value
|
||||||
elif filter_["op"] == "!=":
|
elif filter_.op == "!=":
|
||||||
return stix_obj_id != filter_["value"]
|
return stix_obj_id != filter_.value
|
||||||
else:
|
else:
|
||||||
return -1
|
return -1
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def _boolean(cls, filter_, stix_obj_field):
|
def _boolean(cls, filter_, stix_obj_field):
|
||||||
if filter_["op"] == "=":
|
if filter_.op == "=":
|
||||||
return stix_obj_field == filter_["value"]
|
return stix_obj_field == filter_.value
|
||||||
elif filter_["op"] == "!=":
|
elif filter_.op == "!=":
|
||||||
return stix_obj_field != filter_["value"]
|
return stix_obj_field != filter_.value
|
||||||
else:
|
else:
|
||||||
return -1
|
return -1
|
||||||
|
|
||||||
|
|
@ -620,7 +620,7 @@ class STIXCommonPropertyFilters():
|
||||||
"""
|
"""
|
||||||
for er in stix_obj["external_references"]:
|
for er in stix_obj["external_references"]:
|
||||||
# grab er property name from filter field
|
# grab er property name from filter field
|
||||||
filter_field = filter_["field"].split(".")[1]
|
filter_field = filter_.field.split(".")[1]
|
||||||
r = cls._string(filter_, er[filter_field])
|
r = cls._string(filter_, er[filter_field])
|
||||||
if r:
|
if r:
|
||||||
return r
|
return r
|
||||||
|
|
@ -637,7 +637,7 @@ class STIXCommonPropertyFilters():
|
||||||
"""
|
"""
|
||||||
for gm in stix_obj["granular_markings"]:
|
for gm in stix_obj["granular_markings"]:
|
||||||
# grab gm property name from filter field
|
# grab gm property name from filter field
|
||||||
filter_field = filter_["field"].split(".")[1]
|
filter_field = filter_.field.split(".")[1]
|
||||||
|
|
||||||
if filter_field == "marking_ref":
|
if filter_field == "marking_ref":
|
||||||
return cls._id(filter_, gm[filter_field])
|
return cls._id(filter_, gm[filter_field])
|
||||||
|
|
|
||||||
|
|
@ -12,8 +12,8 @@ TODO: Test everything
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from stix2.sources import DataSink, DataSource, DataStore, make_id
|
|
||||||
from stix2 import Bundle
|
from stix2 import Bundle
|
||||||
|
from stix2.sources import DataSink, DataSource, DataStore, make_id
|
||||||
|
|
||||||
|
|
||||||
class FileSystemStore(DataStore):
|
class FileSystemStore(DataStore):
|
||||||
|
|
@ -136,13 +136,13 @@ class FileSystemSource(DataSource):
|
||||||
# the corresponding subdirectories as well
|
# the corresponding subdirectories as well
|
||||||
include_paths = []
|
include_paths = []
|
||||||
declude_paths = []
|
declude_paths = []
|
||||||
if "type" in [filter_["field"] for filter_ in file_filters]:
|
if "type" in [filter_.field for filter_ in file_filters]:
|
||||||
for filter_ in file_filters:
|
for filter_ in file_filters:
|
||||||
if filter_["field"] == "type":
|
if filter_.field == "type":
|
||||||
if filter_["op"] == '=':
|
if filter_.op == '=':
|
||||||
include_paths.append(os.path.join(self.stix_dir, filter_["value"]))
|
include_paths.append(os.path.join(self.stix_dir, filter_.value))
|
||||||
elif filter_["op"] == "!=":
|
elif filter_.op == "!=":
|
||||||
declude_paths.append(os.path.join(self.stix_dir, filter_["value"]))
|
declude_paths.append(os.path.join(self.stix_dir, filter_.value))
|
||||||
else:
|
else:
|
||||||
# have to walk entire STIX directory
|
# have to walk entire STIX directory
|
||||||
include_paths.append(self.stix_dir)
|
include_paths.append(self.stix_dir)
|
||||||
|
|
@ -165,10 +165,10 @@ class FileSystemSource(DataSource):
|
||||||
|
|
||||||
# grab stix object ID as well - if present in filters, as
|
# grab stix object ID as well - if present in filters, as
|
||||||
# may forgo the loading of STIX content into memory
|
# may forgo the loading of STIX content into memory
|
||||||
if "id" in [filter_["field"] for filter_ in file_filters]:
|
if "id" in [filter_.field for filter_ in file_filters]:
|
||||||
for filter_ in file_filters:
|
for filter_ in file_filters:
|
||||||
if filter_["field"] == "id" and filter_["field"] == '=':
|
if filter_.field == "id" and filter_.field == '=':
|
||||||
id_ = filter_["value"]
|
id_ = filter_.value
|
||||||
else:
|
else:
|
||||||
id_ = None
|
id_ = None
|
||||||
|
|
||||||
|
|
@ -196,6 +196,6 @@ class FileSystemSource(DataSource):
|
||||||
"""
|
"""
|
||||||
file_filters = []
|
file_filters = []
|
||||||
for filter_ in query:
|
for filter_ in query:
|
||||||
if filter_["field"] == "id" or filter_["field"] == "type":
|
if filter_.field == "id" or filter_.field == "type":
|
||||||
file_filters.append(filter_)
|
file_filters.append(filter_)
|
||||||
return file_filters
|
return file_filters
|
||||||
|
|
|
||||||
|
|
@ -159,10 +159,10 @@ class TAXIICollectionSource(DataSource):
|
||||||
params = {}
|
params = {}
|
||||||
|
|
||||||
for filter_ in query:
|
for filter_ in query:
|
||||||
if filter_["field"] in TAXII_FILTERS:
|
if filter_.field in TAXII_FILTERS:
|
||||||
if filter_["field"] == "added_after":
|
if filter_.field == "added_after":
|
||||||
params[filter_["field"]] = filter_["value"]
|
params[filter_.field] = filter_.value
|
||||||
else:
|
else:
|
||||||
taxii_field = "match[" + filter_["field"] + ']'
|
taxii_field = "match[" + filter_.field + ']'
|
||||||
params[taxii_field] = filter_["value"]
|
params[taxii_field] = filter_.value
|
||||||
return params
|
return params
|
||||||
|
|
|
||||||
|
|
@ -33,31 +33,11 @@ def test_ds_taxii_name(collection):
|
||||||
|
|
||||||
def test_parse_taxii_filters():
|
def test_parse_taxii_filters():
|
||||||
query = [
|
query = [
|
||||||
{
|
Filter("added_after", "=", "2016-02-01T00:00:01.000Z"),
|
||||||
"field": "added_after",
|
Filter("id", "=", "taxii stix object ID"),
|
||||||
"op": "=",
|
Filter("type", "=", "taxii stix object ID"),
|
||||||
"value": "2016-02-01T00:00:01.000Z"
|
Filter("version", "=", "first"),
|
||||||
},
|
Filter("created_by_ref", "=", "Bane"),
|
||||||
{
|
|
||||||
"field": "id",
|
|
||||||
"op": "=",
|
|
||||||
"value": "taxii stix object ID"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"field": "type",
|
|
||||||
"op": "=",
|
|
||||||
"value": "taxii stix object ID"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"field": "version",
|
|
||||||
"op": "=",
|
|
||||||
"value": "first"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"field": "created_by_ref",
|
|
||||||
"op": "=",
|
|
||||||
"value": "Bane"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
|
|
||||||
expected_params = {
|
expected_params = {
|
||||||
|
|
@ -162,21 +142,9 @@ def test_apply_common_filters():
|
||||||
]
|
]
|
||||||
|
|
||||||
filters = [
|
filters = [
|
||||||
{
|
Filter("type", "!=", "relationship"),
|
||||||
"field": "type",
|
Filter("id", "=", "relationship--2f9a9aa9-108a-4333-83e2-4fb25add0463"),
|
||||||
"op": "!=",
|
Filter("labels", "in", "remote-access-trojan"),
|
||||||
"value": "relationship"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"field": "id",
|
|
||||||
"op": "=",
|
|
||||||
"value": "relationship--2f9a9aa9-108a-4333-83e2-4fb25add0463"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"field": "labels",
|
|
||||||
"op": "in",
|
|
||||||
"value": "remote-access-trojan"
|
|
||||||
}
|
|
||||||
]
|
]
|
||||||
|
|
||||||
ds = DataSource()
|
ds = DataSource()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue