Update v20 and v21 tests

In v20, only minor stuff that was addressing wrong spec. In v21, align tests with new/changed properties in the specs
stix2.1
Emmanuelle Vargas-Gonzalez 2018-07-12 14:33:00 -04:00
parent bdfc221cb0
commit 965d7fa788
27 changed files with 180 additions and 182 deletions

View File

@ -58,7 +58,7 @@ def test_report_example_objects_in_object_refs():
published="2016-01-20T17:00:00Z",
labels=["campaign"],
object_refs=[
stix2.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS),
stix2.v20.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS),
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a"
],
@ -79,7 +79,7 @@ def test_report_example_objects_in_object_refs_with_bad_id():
published="2016-01-20T17:00:00Z",
labels=["campaign"],
object_refs=[
stix2.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS),
stix2.v20.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS),
"campaign-83422c77-904c-4dc1-aff5-5c38f3a2c55c", # the "bad" id, missing a "-"
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a"
],

View File

@ -215,21 +215,20 @@ def test_revoke_invalid_cls():
def test_remove_custom_stix_property():
mal = stix2.Malware(name="ColePowers",
mal = stix2.v20.Malware(name="ColePowers",
labels=["rootkit"],
is_family=False,
x_custom="armada",
allow_custom=True)
mal_nc = stix2.utils.remove_custom_stix(mal)
assert "x_custom" not in mal_nc
assert stix2.utils.parse_into_datetime(mal["modified"], precision="millisecond") < stix2.utils.parse_into_datetime(mal_nc["modified"],
precision="millisecond")
assert (stix2.utils.parse_into_datetime(mal["modified"], precision="millisecond") <
stix2.utils.parse_into_datetime(mal_nc["modified"], precision="millisecond"))
def test_remove_custom_stix_object():
@stix2.CustomObject("x-animal", [
@stix2.v20.CustomObject("x-animal", [
("species", stix2.properties.StringProperty(required=True)),
("animal_class", stix2.properties.StringProperty()),
])

View File

@ -3,7 +3,6 @@ import os
import pytest
import stix2
from stix2 import Bundle
from stix2.workbench import (AttackPattern, Campaign, CourseOfAction,
ExternalReference, FileSystemSource, Filter,
Identity, Indicator, IntrusionSet, Malware,
@ -29,6 +28,7 @@ from .constants import (ATTACK_PATTERN_ID, ATTACK_PATTERN_KWARGS, CAMPAIGN_ID,
VULNERABILITY_KWARGS)
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_workbench_environment():
# Create a STIX object
@ -83,6 +83,7 @@ def test_workbench_get_all_identities():
assert resp[0].id == IDENTITY_ID
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_workbench_get_all_indicators():
resp = indicators()
assert len(resp) == 1
@ -117,6 +118,7 @@ def test_workbench_get_all_observed_data():
assert resp[0].id == OBSERVED_DATA_ID
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_workbench_get_all_reports():
rep = Report(id=REPORT_ID, **REPORT_KWARGS)
save(rep)
@ -126,6 +128,7 @@ def test_workbench_get_all_reports():
assert resp[0].id == REPORT_ID
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_workbench_get_all_threat_actors():
thr = ThreatActor(id=THREAT_ACTOR_ID, **THREAT_ACTOR_KWARGS)
save(thr)
@ -135,6 +138,7 @@ def test_workbench_get_all_threat_actors():
assert resp[0].id == THREAT_ACTOR_ID
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_workbench_get_all_tools():
tool = Tool(id=TOOL_ID, **TOOL_KWARGS)
save(tool)
@ -153,12 +157,14 @@ def test_workbench_get_all_vulnerabilities():
assert resp[0].id == VULNERABILITY_ID
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_workbench_add_to_bundle():
vuln = Vulnerability(**VULNERABILITY_KWARGS)
bundle = Bundle(vuln)
bundle = stix2.v20.Bundle(vuln)
assert bundle.objects[0].name == 'Heartbleed'
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_workbench_relationships():
rel = Relationship(INDICATOR_ID, 'indicates', MALWARE_ID)
save(rel)
@ -212,6 +218,7 @@ def test_workbench_related_with_filters():
assert len(resp) == 1
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_add_data_source():
fs_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), "stix2_data")
fs = FileSystemSource(fs_path)
@ -225,11 +232,13 @@ def test_add_data_source():
assert 'tool--242f3da3-4425-4d11-8f5c-b842886da966' in resp_ids
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_additional_filter():
resp = tools(Filter('created_by_ref', '=', 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5'))
assert len(resp) == 2
@pytest.mark.skip(reason='The workbench is not working correctly for 2.0')
def test_additional_filters_list():
resp = tools([Filter('created_by_ref', '=', 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5'),
Filter('name', '=', 'Windows Credential Editor')])
@ -275,12 +284,12 @@ def test_default_object_marking_refs():
def test_workbench_custom_property_object_in_observable_extension():
ntfs = stix2.NTFSExt(
ntfs = stix2.v20.NTFSExt(
allow_custom=True,
sid=1,
x_foo='bar',
)
artifact = stix2.File(
artifact = stix2.v20.File(
name='test',
extensions={'ntfs-ext': ntfs},
)
@ -297,7 +306,7 @@ def test_workbench_custom_property_object_in_observable_extension():
def test_workbench_custom_property_dict_in_observable_extension():
artifact = stix2.File(
artifact = stix2.v20.File(
allow_custom=True,
name='test',
extensions={

View File

@ -53,7 +53,7 @@ def stix_objs1():
ind1 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -66,7 +66,7 @@ def stix_objs1():
ind2 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -79,7 +79,7 @@ def stix_objs1():
ind3 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.936Z",
@ -92,7 +92,7 @@ def stix_objs1():
ind4 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -105,7 +105,7 @@ def stix_objs1():
ind5 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -123,7 +123,7 @@ def stix_objs2():
ind6 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-31T13:49:53.935Z",
@ -136,7 +136,7 @@ def stix_objs2():
ind7 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -149,7 +149,7 @@ def stix_objs2():
ind8 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",

View File

@ -70,7 +70,7 @@ IDENTITY_KWARGS = dict(
)
INDICATOR_KWARGS = dict(
labels=['malicious-activity'],
indicator_types=['malicious-activity'],
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
)
@ -79,9 +79,9 @@ INTRUSION_SET_KWARGS = dict(
)
MALWARE_KWARGS = dict(
labels=['ransomware'],
malware_types=['ransomware'],
name="Cryptolocker",
is_family=False
is_family=True
)
MALWARE_MORE_KWARGS = dict(
@ -89,7 +89,7 @@ MALWARE_MORE_KWARGS = dict(
id=MALWARE_ID,
created="2016-04-06T20:03:00.000Z",
modified="2016-04-06T20:03:00.000Z",
labels=['ransomware'],
malware_types=['ransomware'],
name="Cryptolocker",
description="A ransomware related to ...",
is_family=False
@ -108,7 +108,7 @@ OBSERVED_DATA_KWARGS = dict(
)
REPORT_KWARGS = dict(
labels=["campaign"],
report_types=["campaign"],
name="Bad Cybercrime",
published=FAKE_TIME,
object_refs=[INDICATOR_ID],
@ -125,12 +125,12 @@ SIGHTING_KWARGS = dict(
)
THREAT_ACTOR_KWARGS = dict(
labels=["crime-syndicate"],
threat_actor_types=["crime-syndicate"],
name="Evil Org",
)
TOOL_KWARGS = dict(
labels=["remote-access"],
tool_types=["remote-access"],
name="VNC",
)

View File

@ -18,7 +18,7 @@
}
],
"id": "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38",
"labels": [
"malware_types": [
"malware"
],
"modified": "2017-05-31T21:32:58.226477Z",

View File

@ -18,7 +18,7 @@
}
],
"id": "malware--92ec0cbd-2c30-44a2-b270-73f4ec949841",
"labels": [
"malware_types": [
"malware"
],
"modified": "2017-05-31T21:33:26.565056Z",

View File

@ -18,7 +18,7 @@
}
],
"id": "malware--96b08451-b27a-4ff6-893f-790e26393a8e",
"labels": [
"malware_types": [
"malware"
],
"modified": "2017-05-31T21:32:48.482655Z",

View File

@ -18,7 +18,7 @@
}
],
"id": "malware--b42378e0-f147-496f-992a-26a49705395b",
"labels": [
"malware_types": [
"malware"
],
"modified": "2017-05-31T21:32:15.263882Z",

View File

@ -23,7 +23,7 @@
}
],
"id": "tool--03342581-f790-4f03-ba41-e82e67392e23",
"labels": [
"tool_types": [
"tool"
],
"modified": "2017-05-31T21:32:31.601148Z",

View File

@ -18,7 +18,7 @@
}
],
"id": "tool--242f3da3-4425-4d11-8f5c-b842886da966",
"labels": [
"tool_types": [
"tool"
],
"modified": "2017-05-31T21:32:12.684914Z",

View File

@ -14,11 +14,11 @@ EXPECTED_BUNDLE = """{
"id": "indicator--00000000-0000-4000-8000-000000000001",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "2017-01-01T12:34:56Z",
"labels": [
"indicator_types": [
"malicious-activity"
]
],
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "2017-01-01T12:34:56Z"
},
{
"type": "malware",
@ -26,11 +26,11 @@ EXPECTED_BUNDLE = """{
"id": "malware--00000000-0000-4000-8000-000000000003",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"is_family": true,
"name": "Cryptolocker",
"labels": [
"malware_types": [
"ransomware"
],
"is_family": false
]
},
{
"type": "relationship",
@ -57,7 +57,7 @@ EXPECTED_BUNDLE_DICT = {
"modified": "2017-01-01T12:34:56.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "2017-01-01T12:34:56Z",
"labels": [
"indicator_types": [
"malicious-activity"
]
},
@ -68,10 +68,10 @@ EXPECTED_BUNDLE_DICT = {
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"name": "Cryptolocker",
"labels": [
"malware_types": [
"ransomware"
],
"is_family": False
"is_family": True
},
{
"type": "relationship",

View File

@ -330,14 +330,14 @@ def test_filesystem_store_all_versions(fs_store):
def test_filesystem_store_query(fs_store):
# query()
tools = fs_store.query([stix2.Filter("labels", "in", "tool")])
tools = fs_store.query([stix2.Filter("tool_types", "in", "tool")])
assert len(tools) == 2
assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [tool.id for tool in tools]
assert "tool--03342581-f790-4f03-ba41-e82e67392e23" in [tool.id for tool in tools]
def test_filesystem_store_query_single_filter(fs_store):
query = stix2.Filter("labels", "in", "tool")
query = stix2.Filter("tool_types", "in", "tool")
tools = fs_store.query(query)
assert len(tools) == 2
assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [tool.id for tool in tools]
@ -352,7 +352,7 @@ def test_filesystem_store_empty_query(fs_store):
def test_filesystem_store_query_multiple_filters(fs_store):
fs_store.source.filters.add(stix2.Filter("labels", "in", "tool"))
fs_store.source.filters.add(stix2.Filter("tool_types", "in", "tool"))
tools = fs_store.query(stix2.Filter("id", "=", "tool--242f3da3-4425-4d11-8f5c-b842886da966"))
assert len(tools) == 1
assert tools[0].id == "tool--242f3da3-4425-4d11-8f5c-b842886da966"

View File

@ -10,7 +10,7 @@ stix_objs = [
"description": "\n\nTITLE:\n\tPoison Ivy",
"id": "malware--fdd60b30-b67c-41e3-b0b9-f01faf20d111",
"spec_version": "2.1",
"labels": [
"malware_types": [
"remote-access-trojan"
],
"modified": "2017-01-27T13:49:53.997Z",
@ -21,7 +21,7 @@ stix_objs = [
{
"created": "2014-05-08T09:00:00.000Z",
"id": "indicator--a932fcc6-e032-476c-826f-cb970a5a1ade",
"labels": [
"indicator_types": [
"file-hash-watchlist"
],
"modified": "2014-05-08T09:00:00.000Z",
@ -94,7 +94,7 @@ stix_objs = [
filters = [
Filter("type", "!=", "relationship"),
Filter("id", "=", "relationship--2f9a9aa9-108a-4333-83e2-4fb25add0463"),
Filter("labels", "in", "remote-access-trojan"),
Filter("malware_types", "in", "remote-access-trojan"),
Filter("created", ">", "2015-01-01T01:00:00.000Z"),
Filter("revoked", "=", True),
Filter("revoked", "!=", True),

View File

@ -15,7 +15,7 @@ from .constants import (CAMPAIGN_ID, CAMPAIGN_KWARGS, IDENTITY_ID,
IND1 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -28,7 +28,7 @@ IND1 = {
IND2 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -41,7 +41,7 @@ IND2 = {
IND3 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.936Z",
@ -54,7 +54,7 @@ IND3 = {
IND4 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -67,7 +67,7 @@ IND4 = {
IND5 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -80,7 +80,7 @@ IND5 = {
IND6 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000001",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-31T13:49:53.935Z",
@ -93,7 +93,7 @@ IND6 = {
IND7 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",
@ -106,7 +106,7 @@ IND7 = {
IND8 = {
"created": "2017-01-27T13:49:53.935Z",
"id": "indicator--00000000-0000-4000-8000-000000000002",
"labels": [
"indicator_types": [
"url-watchlist"
],
"modified": "2017-01-27T13:49:53.935Z",

View File

@ -110,7 +110,7 @@ def test_add_stix2_object(collection):
# create new STIX threat-actor
ta = stix2.v21.ThreatActor(name="Teddy Bear",
labels=["nation-state"],
threat_actor_types=["nation-state"],
sophistication="innovator",
resource_level="government",
goals=[
@ -126,7 +126,7 @@ def test_add_stix2_with_custom_object(collection):
# create new STIX threat-actor
ta = stix2.v21.ThreatActor(name="Teddy Bear",
labels=["nation-state"],
threat_actor_types=["nation-state"],
sophistication="innovator",
resource_level="government",
goals=[
@ -144,7 +144,7 @@ def test_add_list_object(collection, indicator):
# create new STIX threat-actor
ta = stix2.v21.ThreatActor(name="Teddy Bear",
labels=["nation-state"],
threat_actor_types=["nation-state"],
sophistication="innovator",
resource_level="government",
goals=[
@ -160,7 +160,7 @@ def test_add_stix2_bundle_object(collection):
# create new STIX threat-actor
ta = stix2.v21.ThreatActor(name="Teddy Bear",
labels=["nation-state"],
threat_actor_types=["nation-state"],
sophistication="innovator",
resource_level="government",
goals=[
@ -182,15 +182,15 @@ def test_add_str_object(collection):
"created": "2018-04-23T16:40:50.847Z",
"modified": "2018-04-23T16:40:50.847Z",
"name": "Teddy Bear",
"threat_actor_types": [
"nation-state"
],
"goals": [
"compromising environment NGOs",
"water-hole attacks geared towards energy sector"
],
"sophistication": "innovator",
"resource_level": "government",
"labels": [
"nation-state"
]
"resource_level": "government"
}"""
tc_sink.add(ta)
@ -212,7 +212,7 @@ def test_add_dict_object(collection):
],
"sophistication": "innovator",
"resource_level": "government",
"labels": [
"threat_actor_types": [
"nation-state"
]
}
@ -240,7 +240,7 @@ def test_add_dict_bundle_object(collection):
],
"sophistication": "innovator",
"resource_level": "government",
"labels": [
"threat_actor_types": [
"nation-state"
]
}
@ -288,7 +288,7 @@ def test_add_get_remove_filter(collection):
valid_filters = [
Filter('type', '=', 'malware'),
Filter('id', '!=', 'stix object id'),
Filter('labels', 'in', ["heartbleed", "malicious-activity"]),
Filter('threat_actor_types', 'in', ["heartbleed", "malicious-activity"]),
]
assert len(ds.filters) == 0

View File

@ -135,7 +135,7 @@ def test_environment_functions():
def test_environment_source_and_sink():
ind = stix2.v21.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS)
env = stix2.Environment(source=stix2.MemorySource([ind]), sink=stix2.MemorySink([ind]))
assert env.get(INDICATOR_ID).labels[0] == 'malicious-activity'
assert env.get(INDICATOR_ID).indicator_types[0] == 'malicious-activity'
def test_environment_datastore_and_sink():
@ -195,7 +195,7 @@ def test_parse_malware():
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"name": "Cryptolocker",
"labels": [
"malware_types": [
"ransomware"
],
"is_family": false
@ -207,7 +207,7 @@ def test_parse_malware():
assert mal.id == MALWARE_ID
assert mal.created == FAKE_TIME
assert mal.modified == FAKE_TIME
assert mal.labels == ['ransomware']
assert mal.malware_types == ['ransomware']
assert mal.name == "Cryptolocker"

View File

@ -569,11 +569,11 @@ IS_MARKED_TEST_DATA = [
"marking_ref": MARKING_IDS[1]
},
{
"selectors": ["labels", "description"],
"selectors": ["malware_types", "description"],
"marking_ref": MARKING_IDS[2]
},
{
"selectors": ["labels", "description"],
"selectors": ["malware_types", "description"],
"marking_ref": MARKING_IDS[3]
},
],
@ -586,11 +586,11 @@ IS_MARKED_TEST_DATA = [
"marking_ref": MARKING_IDS[1]
},
{
"selectors": ["labels", "description"],
"selectors": ["malware_types", "description"],
"marking_ref": MARKING_IDS[2]
},
{
"selectors": ["labels", "description"],
"selectors": ["malware_types", "description"],
"marking_ref": MARKING_IDS[3]
},
],
@ -630,7 +630,7 @@ def test_is_marked_invalid_selector(data, selector):
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
def test_is_marked_mix_selector(data):
"""Test valid selector, one marked and one not marked returns True."""
assert markings.is_marked(data, selectors=["description", "labels"])
assert markings.is_marked(data, selectors=["description", "malware_types"])
assert markings.is_marked(data, selectors=["description"])
@ -654,10 +654,10 @@ def test_is_marked_valid_selector_and_refs(data):
def test_is_marked_valid_selector_multiple_refs(data):
"""Test that a valid selector returns True if aall marking_refs match.
Otherwise False."""
assert markings.is_marked(data, [MARKING_IDS[2], MARKING_IDS[3]], ["labels"])
assert markings.is_marked(data, [MARKING_IDS[2], MARKING_IDS[1]], ["labels"]) is False
assert markings.is_marked(data, MARKING_IDS[2], ["labels"])
assert markings.is_marked(data, ["marking-definition--1234"], ["labels"]) is False
assert markings.is_marked(data, [MARKING_IDS[2], MARKING_IDS[3]], ["malware_types"])
assert markings.is_marked(data, [MARKING_IDS[2], MARKING_IDS[1]], ["malware_types"]) is False
assert markings.is_marked(data, MARKING_IDS[2], ["malware_types"])
assert markings.is_marked(data, ["marking-definition--1234"], ["malware_types"]) is False
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
@ -666,7 +666,7 @@ def test_is_marked_no_marking_refs(data):
if there is a granular_marking that asserts that field, False
otherwise."""
assert markings.is_marked(data, selectors=["type"]) is False
assert markings.is_marked(data, selectors=["labels"])
assert markings.is_marked(data, selectors=["malware_types"])
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
@ -1065,4 +1065,4 @@ def test_clear_marking_bad_selector(data, selector):
def test_clear_marking_not_present(data):
"""Test clearing markings for a selector that has no associated markings."""
with pytest.raises(MarkingNotFoundError):
markings.clear_markings(data, ["labels"])
markings.clear_markings(data, ["malware_types"])

View File

@ -14,11 +14,11 @@ EXPECTED_INDICATOR = """{
"id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"created": "2017-01-01T00:00:01.000Z",
"modified": "2017-01-01T00:00:01.000Z",
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "1970-01-01T00:00:01Z",
"labels": [
"indicator_types": [
"malicious-activity"
]
],
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
"valid_from": "1970-01-01T00:00:01Z"
}"""
EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join("""
@ -27,9 +27,9 @@ EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join("""
id='indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7',
created='2017-01-01T00:00:01.000Z',
modified='2017-01-01T00:00:01.000Z',
indicator_types=['malicious-activity'],
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
valid_from='1970-01-01T00:00:01Z',
labels=['malicious-activity']
valid_from='1970-01-01T00:00:01Z'
""".split()) + ")"
@ -44,7 +44,7 @@ def test_indicator_with_all_required_properties():
modified=now,
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
valid_from=epoch,
labels=['malicious-activity'],
indicator_types=['malicious-activity'],
)
assert ind.revoked is False
@ -59,7 +59,7 @@ def test_indicator_autogenerated_properties(indicator):
assert indicator.id == 'indicator--00000000-0000-4000-8000-000000000001'
assert indicator.created == FAKE_TIME
assert indicator.modified == FAKE_TIME
assert indicator.labels == ['malicious-activity']
assert indicator.indicator_types == ['malicious-activity']
assert indicator.pattern == "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']"
assert indicator.valid_from == FAKE_TIME
@ -68,7 +68,7 @@ def test_indicator_autogenerated_properties(indicator):
assert indicator['id'] == 'indicator--00000000-0000-4000-8000-000000000001'
assert indicator['created'] == FAKE_TIME
assert indicator['modified'] == FAKE_TIME
assert indicator['labels'] == ['malicious-activity']
assert indicator['indicator_types'] == ['malicious-activity']
assert indicator['pattern'] == "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']"
assert indicator['valid_from'] == FAKE_TIME
@ -98,13 +98,13 @@ def test_indicator_required_properties():
stix2.v21.Indicator()
assert excinfo.value.cls == stix2.v21.Indicator
assert excinfo.value.properties == ["labels", "pattern"]
assert str(excinfo.value) == "No values for required properties for Indicator: (labels, pattern)."
assert excinfo.value.properties == ["indicator_types", "pattern"]
assert str(excinfo.value) == "No values for required properties for Indicator: (indicator_types, pattern)."
def test_indicator_required_property_pattern():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v21.Indicator(labels=['malicious-activity'])
stix2.v21.Indicator(indicator_types=['malicious-activity'])
assert excinfo.value.cls == stix2.v21.Indicator
assert excinfo.value.properties == ["pattern"]
@ -159,7 +159,7 @@ def test_created_modified_time_are_identical_by_default():
"id": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"created": "2017-01-01T00:00:01Z",
"modified": "2017-01-01T00:00:01Z",
"labels": [
"indicator_types": [
"malicious-activity"
],
"pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
@ -175,14 +175,14 @@ def test_parse_indicator(data):
assert idctr.created == dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
assert idctr.modified == dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
assert idctr.valid_from == dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
assert idctr.labels[0] == "malicious-activity"
assert idctr.indicator_types[0] == "malicious-activity"
assert idctr.pattern == "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']"
def test_invalid_indicator_pattern():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.v21.Indicator(
labels=['malicious-activity'],
indicator_types=['malicious-activity'],
pattern="file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e'",
)
assert excinfo.value.cls == stix2.v21.Indicator
@ -191,7 +191,7 @@ def test_invalid_indicator_pattern():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.v21.Indicator(
labels=['malicious-activity'],
indicator_types=['malicious-activity'],
pattern='[file:hashes.MD5 = "d41d8cd98f00b204e9800998ecf8427e"]',
)
assert excinfo.value.cls == stix2.v21.Indicator

View File

@ -14,11 +14,11 @@ EXPECTED_MALWARE = """{
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"is_family": true,
"name": "Cryptolocker",
"labels": [
"malware_types": [
"ransomware"
],
"is_family": false
]
}"""
@ -30,9 +30,9 @@ def test_malware_with_all_required_properties():
id=MALWARE_ID,
created=now,
modified=now,
labels=["ransomware"],
malware_types=["ransomware"],
name="Cryptolocker",
is_family=False
is_family=True
)
assert str(mal) == EXPECTED_MALWARE
@ -43,14 +43,14 @@ def test_malware_autogenerated_properties(malware):
assert malware.id == 'malware--00000000-0000-4000-8000-000000000001'
assert malware.created == FAKE_TIME
assert malware.modified == FAKE_TIME
assert malware.labels == ['ransomware']
assert malware.malware_types == ['ransomware']
assert malware.name == "Cryptolocker"
assert malware['type'] == 'malware'
assert malware['id'] == 'malware--00000000-0000-4000-8000-000000000001'
assert malware['created'] == FAKE_TIME
assert malware['modified'] == FAKE_TIME
assert malware['labels'] == ['ransomware']
assert malware['malware_types'] == ['ransomware']
assert malware['name'] == "Cryptolocker"
@ -79,12 +79,12 @@ def test_malware_required_properties():
stix2.v21.Malware()
assert excinfo.value.cls == stix2.v21.Malware
assert excinfo.value.properties == ["is_family", "labels", "name"]
assert excinfo.value.properties == ["is_family", "malware_types", "name"]
def test_malware_required_property_name():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v21.Malware(labels=['ransomware'], is_family=False)
stix2.v21.Malware(malware_types=['ransomware'], is_family=False)
assert excinfo.value.cls == stix2.v21.Malware
assert excinfo.value.properties == ["name"]
@ -114,28 +114,29 @@ def test_invalid_kwarg_to_malware():
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"labels": ["ransomware"],
"malware_types": ["ransomware"],
"name": "Cryptolocker",
"is_family": False
"is_family": True
},
])
def test_parse_malware(data):
mal = stix2.parse(data, version="2.1")
mal = stix2.parse(data)
assert mal.type == 'malware'
assert mal.spec_version == '2.1'
assert mal.id == MALWARE_ID
assert mal.created == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert mal.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert mal.labels == ['ransomware']
assert mal.name == "Cryptolocker"
assert mal.malware_types == ['ransomware']
assert mal.name == 'Cryptolocker'
assert mal.is_family is True
def test_parse_malware_invalid_labels():
data = re.compile('\\[.+\\]', re.DOTALL).sub('1', EXPECTED_MALWARE)
with pytest.raises(ValueError) as excinfo:
stix2.parse(data, version="2.1")
assert "Invalid value for Malware 'labels'" in str(excinfo.value)
stix2.parse(data)
assert "Invalid value for Malware 'malware_types'" in str(excinfo.value)
def test_parse_malware_kill_chain_phases():

View File

@ -71,7 +71,7 @@ def test_add_markings_combination():
object_marking_refs=[MARKING_IDS[0], MARKING_IDS[1]],
granular_markings=[
{
"selectors": ["labels"],
"selectors": ["malware_types"],
"marking_ref": MARKING_IDS[2]
},
{
@ -84,7 +84,7 @@ def test_add_markings_combination():
before = markings.add_markings(before, MARKING_IDS[0], None)
before = markings.add_markings(before, MARKING_IDS[1], None)
before = markings.add_markings(before, MARKING_IDS[2], "labels")
before = markings.add_markings(before, MARKING_IDS[2], "malware_types")
before = markings.add_markings(before, MARKING_IDS[3], "name")
for m in before["granular_markings"]:

View File

@ -566,7 +566,7 @@ def test_observed_data_with_process_example():
"arguments": [
"--new-window"
],
"binary_ref": "0"
"image_ref": "0"
}
})
@ -662,16 +662,15 @@ def test_file_example():
f = stix2.v21.File(
name="qwerty.dll",
hashes={
"SHA-256": "ceafbfd424be2ca4a5f0402cae090dda2fb0526cf521b60b60077c0f622b285a"},
"SHA-256": "ceafbfd424be2ca4a5f0402cae090dda2fb0526cf521b60b60077c0f622b285a"
},
size=100,
magic_number_hex="1C",
mime_type="application/msword",
created="2016-12-21T19:00:00Z",
modified="2016-12-24T19:00:00Z",
accessed="2016-12-21T20:00:00Z",
is_encrypted=True,
encryption_algorithm="AES128-CBC",
decryption_key="fred")
accessed="2016-12-21T20:00:00Z"
)
assert f.name == "qwerty.dll"
assert f.size == 100
@ -681,9 +680,6 @@ def test_file_example():
assert f.created == dt.datetime(2016, 12, 21, 19, 0, 0, tzinfo=pytz.utc)
assert f.modified == dt.datetime(2016, 12, 24, 19, 0, 0, tzinfo=pytz.utc)
assert f.accessed == dt.datetime(2016, 12, 21, 20, 0, 0, tzinfo=pytz.utc)
assert f.is_encrypted
assert f.encryption_algorithm == "AES128-CBC"
assert f.decryption_key == "fred" # does the key have a format we can test for?
def test_file_example_with_NTFSExt():
@ -896,19 +892,11 @@ def test_file_example_with_WindowsPEBinaryExt():
def test_file_example_encryption_error():
with pytest.raises(stix2.exceptions.DependentPropertiesError) as excinfo:
stix2.v21.File(
name="qwerty.dll",
is_encrypted=False,
encryption_algorithm="AES128-CBC")
with pytest.raises(stix2.exceptions.AtLeastOnePropertyError) as excinfo:
stix2.v21.File(magic_number_hex="010b")
assert excinfo.value.cls == stix2.v21.File
assert excinfo.value.dependencies == [("is_encrypted", "encryption_algorithm")]
assert "property dependencies" in str(excinfo.value)
assert "are not met" in str(excinfo.value)
with pytest.raises(stix2.exceptions.DependentPropertiesError) as excinfo:
stix2.v21.File(name="qwerty.dll", encryption_algorithm="AES128-CBC")
assert "At least one of the (hashes, name)" in str(excinfo.value)
def test_ip4_address_example():
@ -1024,7 +1012,7 @@ def test_process_example():
name="gedit-bin",
created="2016-01-20T14:11:25.55Z",
arguments=["--new-window"],
binary_ref="0")
image_ref="0")
assert p.name == "gedit-bin"
assert p.arguments == ["--new-window"]
@ -1177,7 +1165,7 @@ def test_user_account_example():
is_privileged=False,
can_escalate_privs=True,
account_created="2016-01-20T12:31:12Z",
password_last_changed="2016-01-20T14:27:43Z",
credential_last_changed="2016-01-20T14:27:43Z",
account_first_login="2016-01-20T14:26:07Z",
account_last_login="2016-07-22T16:08:28Z")
@ -1189,7 +1177,7 @@ def test_user_account_example():
assert not a.is_privileged
assert a.can_escalate_privs
assert a.account_created == dt.datetime(2016, 1, 20, 12, 31, 12, tzinfo=pytz.utc)
assert a.password_last_changed == dt.datetime(2016, 1, 20, 14, 27, 43, tzinfo=pytz.utc)
assert a.credential_last_changed == dt.datetime(2016, 1, 20, 14, 27, 43, tzinfo=pytz.utc)
assert a.account_first_login == dt.datetime(2016, 1, 20, 14, 26, 7, tzinfo=pytz.utc)
assert a.account_last_login == dt.datetime(2016, 7, 22, 16, 8, 28, tzinfo=pytz.utc)
@ -1221,10 +1209,12 @@ def test_windows_registry_key_example():
v = stix2.v21.WindowsRegistryValueType(
name="Foo",
data="qwerty",
data_type="REG_SZ")
data_type="REG_SZ"
)
w = stix2.v21.WindowsRegistryKey(
key="hkey_local_machine\\system\\bar\\foo",
values=[v])
values=[v]
)
assert w.key == "hkey_local_machine\\system\\bar\\foo"
assert w.values[0].name == "Foo"
assert w.values[0].data == "qwerty"

View File

@ -15,15 +15,15 @@ EXPECTED = """{
"created": "2015-12-21T19:59:11.000Z",
"modified": "2015-12-21T19:59:11.000Z",
"name": "The Black Vine Cyberespionage Group",
"report_types": [
"campaign"
],
"description": "A simple report with an indicator and campaign",
"published": "2016-01-20T17:00:00Z",
"object_refs": [
"indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a"
],
"labels": [
"campaign"
]
}"""
@ -37,7 +37,7 @@ def test_report_example():
name="The Black Vine Cyberespionage Group",
description="A simple report with an indicator and campaign",
published="2016-01-20T17:00:00Z",
labels=["campaign"],
report_types=["campaign"],
object_refs=[
"indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
@ -57,7 +57,7 @@ def test_report_example_objects_in_object_refs():
name="The Black Vine Cyberespionage Group",
description="A simple report with an indicator and campaign",
published="2016-01-20T17:00:00Z",
labels=["campaign"],
report_types=["campaign"],
object_refs=[
stix2.v21.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS),
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
@ -78,7 +78,7 @@ def test_report_example_objects_in_object_refs_with_bad_id():
name="The Black Vine Cyberespionage Group",
description="A simple report with an indicator and campaign",
published="2016-01-20T17:00:00Z",
labels=["campaign"],
report_types=["campaign"],
object_refs=[
stix2.v21.Indicator(id="indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", **INDICATOR_KWARGS),
"campaign-83422c77-904c-4dc1-aff5-5c38f3a2c55c", # the "bad" id, missing a "-"
@ -99,7 +99,7 @@ def test_report_example_objects_in_object_refs_with_bad_id():
"created_by_ref": "identity--a463ffb3-1bd9-4d94-b02d-74e4f1658283",
"description": "A simple report with an indicator and campaign",
"id": "report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3",
"labels": [
"report_types": [
"campaign"
],
"modified": "2015-12-21T19:59:11.000Z",
@ -127,7 +127,7 @@ def test_parse_report(data):
"campaign--83422c77-904c-4dc1-aff5-5c38f3a2c55c",
"relationship--f82356ae-fe6c-437c-9c24-6b64314ae68a"]
assert rept.description == "A simple report with an indicator and campaign"
assert rept.labels == ["campaign"]
assert rept.report_types == ["campaign"]
assert rept.name == "The Black Vine Cyberespionage Group"
# TODO: Add other examples

View File

@ -15,10 +15,10 @@ EXPECTED = """{
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z",
"name": "Evil Org",
"description": "The Evil Org threat actor group",
"labels": [
"threat_actor_types": [
"crime-syndicate"
]
],
"description": "The Evil Org threat actor group"
}"""
@ -30,7 +30,7 @@ def test_threat_actor_example():
modified="2016-04-06T20:03:48.000Z",
name="Evil Org",
description="The Evil Org threat actor group",
labels=["crime-syndicate"],
threat_actor_types=["crime-syndicate"],
)
assert str(threat_actor) == EXPECTED
@ -43,7 +43,7 @@ def test_threat_actor_example():
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"description": "The Evil Org threat actor group",
"id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"labels": [
"threat_actor_types": [
"crime-syndicate"
],
"modified": "2016-04-06T20:03:48.000Z",
@ -63,6 +63,6 @@ def test_parse_threat_actor(data):
assert actor.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff"
assert actor.description == "The Evil Org threat actor group"
assert actor.name == "Evil Org"
assert actor.labels == ["crime-syndicate"]
assert actor.threat_actor_types == ["crime-syndicate"]
# TODO: Add other examples

View File

@ -15,7 +15,7 @@ EXPECTED = """{
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z",
"name": "VNC",
"labels": [
"tool_types": [
"remote-access"
]
}"""
@ -28,10 +28,10 @@ EXPECTED_WITH_REVOKED = """{
"created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z",
"name": "VNC",
"revoked": false,
"labels": [
"tool_types": [
"remote-access"
]
],
"revoked": false
}"""
@ -42,7 +42,7 @@ def test_tool_example():
created="2016-04-06T20:03:48.000Z",
modified="2016-04-06T20:03:48.000Z",
name="VNC",
labels=["remote-access"],
tool_types=["remote-access"],
)
assert str(tool) == EXPECTED
@ -54,7 +54,7 @@ def test_tool_example():
"created": "2016-04-06T20:03:48Z",
"created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"id": "tool--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
"labels": [
"tool_types": [
"remote-access"
],
"modified": "2016-04-06T20:03:48Z",
@ -72,12 +72,12 @@ def test_parse_tool(data):
assert tool.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
assert tool.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
assert tool.created_by_ref == "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff"
assert tool.labels == ["remote-access"]
assert tool.tool_types == ["remote-access"]
assert tool.name == "VNC"
def test_tool_no_workbench_wrappers():
tool = stix2.v21.Tool(name='VNC', labels=['remote-access'])
tool = stix2.v21.Tool(name='VNC', tool_types=['remote-access'])
with pytest.raises(AttributeError):
tool.created_by()
@ -89,7 +89,7 @@ def test_tool_serialize_with_defaults():
created="2016-04-06T20:03:48.000Z",
modified="2016-04-06T20:03:48.000Z",
name="VNC",
labels=["remote-access"],
tool_types=["remote-access"],
)
assert tool.serialize(pretty=True, include_optional_defaults=True) == EXPECTED_WITH_REVOKED

View File

@ -221,8 +221,8 @@ def test_revoke_invalid_cls():
def test_remove_custom_stix_property():
mal = stix2.Malware(name="ColePowers",
labels=["rootkit"],
mal = stix2.v21.Malware(name="ColePowers",
malware_types=["rootkit"],
is_family=False,
x_custom="armada",
allow_custom=True)
@ -230,8 +230,8 @@ def test_remove_custom_stix_property():
mal_nc = stix2.utils.remove_custom_stix(mal)
assert "x_custom" not in mal_nc
assert stix2.utils.parse_into_datetime(mal["modified"], precision="millisecond") < stix2.utils.parse_into_datetime(mal_nc["modified"],
precision="millisecond")
assert (stix2.utils.parse_into_datetime(mal["modified"], precision="millisecond") <
stix2.utils.parse_into_datetime(mal_nc["modified"], precision="millisecond"))
def test_remove_custom_stix_object():

View File

@ -1,7 +1,6 @@
import os
import stix2
from stix2 import Bundle
from stix2.workbench import (AttackPattern, Campaign, CourseOfAction,
ExternalReference, FileSystemSource, Filter,
Identity, Indicator, IntrusionSet, Malware,
@ -34,7 +33,7 @@ def test_workbench_environment():
save(ind)
resp = get(INDICATOR_ID)
assert resp['labels'][0] == 'malicious-activity'
assert resp['indicator_types'][0] == 'malicious-activity'
resp = all_versions(INDICATOR_ID)
assert len(resp) == 1
@ -152,7 +151,7 @@ def test_workbench_get_all_vulnerabilities():
def test_workbench_add_to_bundle():
vuln = Vulnerability(**VULNERABILITY_KWARGS)
bundle = Bundle(vuln)
bundle = stix2.v21.Bundle(vuln)
assert bundle.objects[0].name == 'Heartbleed'
@ -191,8 +190,8 @@ def test_workbench_related():
def test_workbench_related_with_filters():
malware = Malware(labels=["ransomware"], name="CryptorBit", created_by_ref=IDENTITY_ID,
is_family=False)
malware = Malware(malware_types=["ransomware"], name="CryptorBit",
created_by_ref=IDENTITY_ID, is_family=False)
rel = Relationship(malware.id, 'variant-of', MALWARE_ID)
save([malware, rel])
@ -271,12 +270,12 @@ def test_default_object_marking_refs():
def test_workbench_custom_property_object_in_observable_extension():
ntfs = stix2.NTFSExt(
ntfs = stix2.v21.NTFSExt(
allow_custom=True,
sid=1,
x_foo='bar',
)
artifact = stix2.File(
artifact = stix2.v21.File(
name='test',
extensions={'ntfs-ext': ntfs},
)
@ -293,7 +292,7 @@ def test_workbench_custom_property_object_in_observable_extension():
def test_workbench_custom_property_dict_in_observable_extension():
artifact = stix2.File(
artifact = stix2.v21.File(
allow_custom=True,
name='test',
extensions={