Add stix_version kwargs to the pattern equivalence functions.
This allows the patterns to be parsed using either 2.0 or 2.1+ syntax.pull/1/head
Michael Chisholm
parent
320129e26c
commit
9e707a3a81
|
|
@ -1,3 +1,4 @@
|
|||
import stix2
|
||||
from stix2.equivalence.patterns.compare.observation import (
|
||||
observation_expression_cmp,
|
||||
)
|
||||
|
|
@ -48,16 +49,22 @@ def _get_pattern_canonicalizer():
|
|||
return _pattern_canonicalizer
|
||||
|
||||
|
||||
def equivalent_patterns(pattern1, pattern2):
|
||||
def equivalent_patterns(pattern1, pattern2, stix_version=stix2.DEFAULT_VERSION):
|
||||
"""
|
||||
Determine whether two STIX patterns are semantically equivalent.
|
||||
|
||||
:param pattern1: The first STIX pattern
|
||||
:param pattern2: The second STIX pattern
|
||||
:param stix_version: The STIX version to use for pattern parsing, as a
|
||||
string ("2.0", "2.1", etc). Defaults to library-wide default version.
|
||||
:return: True if the patterns are semantically equivalent; False if not
|
||||
"""
|
||||
patt_ast1 = stix2.pattern_visitor.create_pattern_object(pattern1)
|
||||
patt_ast2 = stix2.pattern_visitor.create_pattern_object(pattern2)
|
||||
patt_ast1 = stix2.pattern_visitor.create_pattern_object(
|
||||
pattern1, version=stix_version,
|
||||
)
|
||||
patt_ast2 = stix2.pattern_visitor.create_pattern_object(
|
||||
pattern2, version=stix_version,
|
||||
)
|
||||
|
||||
pattern_canonicalizer = _get_pattern_canonicalizer()
|
||||
canon_patt1, _ = pattern_canonicalizer.transform(patt_ast1)
|
||||
|
|
@ -68,7 +75,9 @@ def equivalent_patterns(pattern1, pattern2):
|
|||
return result == 0
|
||||
|
||||
|
||||
def find_equivalent_patterns(search_pattern, patterns):
|
||||
def find_equivalent_patterns(
|
||||
search_pattern, patterns, stix_version=stix2.DEFAULT_VERSION,
|
||||
):
|
||||
"""
|
||||
Find patterns from a sequence which are equivalent to a given pattern.
|
||||
This is more efficient than using equivalent_patterns() in a loop, because
|
||||
|
|
@ -78,11 +87,13 @@ def find_equivalent_patterns(search_pattern, patterns):
|
|||
|
||||
:param search_pattern: A search pattern as a string
|
||||
:param patterns: An iterable over patterns as strings
|
||||
:param stix_version: The STIX version to use for pattern parsing, as a
|
||||
string ("2.0", "2.1", etc). Defaults to library-wide default version.
|
||||
:return: A generator iterator producing the semantically equivalent
|
||||
patterns
|
||||
"""
|
||||
search_pattern_ast = stix2.pattern_visitor.create_pattern_object(
|
||||
search_pattern,
|
||||
search_pattern, version=stix_version,
|
||||
)
|
||||
|
||||
pattern_canonicalizer = _get_pattern_canonicalizer()
|
||||
|
|
@ -91,7 +102,9 @@ def find_equivalent_patterns(search_pattern, patterns):
|
|||
)
|
||||
|
||||
for pattern in patterns:
|
||||
pattern_ast = stix2.pattern_visitor.create_pattern_object(pattern)
|
||||
pattern_ast = stix2.pattern_visitor.create_pattern_object(
|
||||
pattern, version=stix_version,
|
||||
)
|
||||
canon_pattern_ast, _ = pattern_canonicalizer.transform(pattern_ast)
|
||||
|
||||
result = observation_expression_cmp(
|
||||
|
|
|
|||
Loading…
Reference in New Issue