From 9e707a3a81007ff697918e16cb56e7c65f1fb827 Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Fri, 14 Aug 2020 19:55:00 -0400 Subject: [PATCH] Add stix_version kwargs to the pattern equivalence functions. This allows the patterns to be parsed using either 2.0 or 2.1+ syntax. --- stix2/equivalence/patterns/__init__.py | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/stix2/equivalence/patterns/__init__.py b/stix2/equivalence/patterns/__init__.py index c371ca3..c792574 100644 --- a/stix2/equivalence/patterns/__init__.py +++ b/stix2/equivalence/patterns/__init__.py @@ -1,3 +1,4 @@ +import stix2 from stix2.equivalence.patterns.compare.observation import ( observation_expression_cmp, ) @@ -48,16 +49,22 @@ def _get_pattern_canonicalizer(): return _pattern_canonicalizer -def equivalent_patterns(pattern1, pattern2): +def equivalent_patterns(pattern1, pattern2, stix_version=stix2.DEFAULT_VERSION): """ Determine whether two STIX patterns are semantically equivalent. :param pattern1: The first STIX pattern :param pattern2: The second STIX pattern + :param stix_version: The STIX version to use for pattern parsing, as a + string ("2.0", "2.1", etc). Defaults to library-wide default version. :return: True if the patterns are semantically equivalent; False if not """ - patt_ast1 = stix2.pattern_visitor.create_pattern_object(pattern1) - patt_ast2 = stix2.pattern_visitor.create_pattern_object(pattern2) + patt_ast1 = stix2.pattern_visitor.create_pattern_object( + pattern1, version=stix_version, + ) + patt_ast2 = stix2.pattern_visitor.create_pattern_object( + pattern2, version=stix_version, + ) pattern_canonicalizer = _get_pattern_canonicalizer() canon_patt1, _ = pattern_canonicalizer.transform(patt_ast1) @@ -68,7 +75,9 @@ def equivalent_patterns(pattern1, pattern2): return result == 0 -def find_equivalent_patterns(search_pattern, patterns): +def find_equivalent_patterns( + search_pattern, patterns, stix_version=stix2.DEFAULT_VERSION, +): """ Find patterns from a sequence which are equivalent to a given pattern. This is more efficient than using equivalent_patterns() in a loop, because @@ -78,11 +87,13 @@ def find_equivalent_patterns(search_pattern, patterns): :param search_pattern: A search pattern as a string :param patterns: An iterable over patterns as strings + :param stix_version: The STIX version to use for pattern parsing, as a + string ("2.0", "2.1", etc). Defaults to library-wide default version. :return: A generator iterator producing the semantically equivalent patterns """ search_pattern_ast = stix2.pattern_visitor.create_pattern_object( - search_pattern, + search_pattern, version=stix_version, ) pattern_canonicalizer = _get_pattern_canonicalizer() @@ -91,7 +102,9 @@ def find_equivalent_patterns(search_pattern, patterns): ) for pattern in patterns: - pattern_ast = stix2.pattern_visitor.create_pattern_object(pattern) + pattern_ast = stix2.pattern_visitor.create_pattern_object( + pattern, version=stix_version, + ) canon_pattern_ast, _ = pattern_canonicalizer.transform(pattern_ast) result = observation_expression_cmp(