Fixes #307

2019-12-20 14:34:49 -05:00 · 2019-12-20 14:34:49 -05:00 · a18612bdfb
parent 25eb3bdb0c
commit a18612bdfb
5 changed files with 73 additions and 3 deletions
--- a/stix2/properties.py
+++ b/stix2/properties.py
@ -558,9 +558,13 @@ class EnumProperty(StringProperty):

 class PatternProperty(StringProperty):

+    def __init__(self, spec_version=stix2.DEFAULT_VERSION, **kwargs):
+        self.spec_version = spec_version
+        super(PatternProperty, self).__init__(**kwargs)
+
    def clean(self, value):
        cleaned_value = super(PatternProperty, self).clean(value)
-        errors = run_validator(cleaned_value)
+        errors = run_validator(cleaned_value, self.spec_version)
        if errors:
            raise ValueError(str(errors[0]))

--- a/stix2/test/v20/test_indicator.py
+++ b/stix2/test/v20/test_indicator.py
@ -192,3 +192,36 @@ def test_invalid_indicator_pattern():
    assert excinfo.value.cls == stix2.v20.Indicator
    assert excinfo.value.prop_name == 'pattern'
    assert 'mismatched input' in excinfo.value.reason
+
+
+def test_indicator_stix21_invalid_pattern():
+    now = dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
+    epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
+
+    ind1 = stix2.v21.Indicator(
+        type="indicator",
+        id=INDICATOR_ID,
+        created=now,
+        modified=now,
+        pattern="[EXISTS windows-registry-key:values]",
+        pattern_type="stix",
+        valid_from=epoch,
+        indicator_types=['malicious-activity'],
+    )
+
+    assert ind1.id == INDICATOR_ID
+    assert ind1.pattern == "[EXISTS windows-registry-key:values]"
+
+    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
+        stix2.v20.Indicator(
+            type="indicator",
+            id=INDICATOR_ID,
+            created=now,
+            modified=now,
+            pattern="[EXISTS windows-registry-key:values]",
+            valid_from=epoch,
+            labels=["malicious-activity"],
+        )
+
+    assert excinfo.value.cls == stix2.v20.Indicator
+    assert "FAIL: Error found at line 1:8. no viable alternative at input 'EXISTS" in str(excinfo.value)
--- a/stix2/test/v21/test_indicator.py
+++ b/stix2/test/v21/test_indicator.py
@ -251,3 +251,36 @@ def test_indicator_with_custom_embed_objs_extra_props_error():
    assert excinfo.value.cls == stix2.v21.Indicator
    assert excinfo.value.properties == ['bad_custom_prop']
    assert str(excinfo.value) == "Unexpected properties for Indicator: (bad_custom_prop)."
+
+
+def test_indicator_stix20_invalid_pattern():
+    now = dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
+    epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
+
+    ind1 = stix2.v20.Indicator(
+        type="indicator",
+        id=INDICATOR_ID,
+        created=now,
+        modified=now,
+        pattern="[win-registry-key:key = 'hkey_local_machine\\\\foo\\\\bar'] WITHIN 5 SECONDS WITHIN 6 SECONDS",
+        valid_from=epoch,
+        labels=["malicious-activity"],
+    )
+
+    assert ind1.id == INDICATOR_ID
+    assert ind1.pattern == "[win-registry-key:key = 'hkey_local_machine\\\\foo\\\\bar'] WITHIN 5 SECONDS WITHIN 6 SECONDS"
+
+    with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
+        stix2.v21.Indicator(
+            type="indicator",
+            id=INDICATOR_ID,
+            created=now,
+            modified=now,
+            pattern="[win-registry-key:key = 'hkey_local_machine\\\\foo\\\\bar'] WITHIN 5 SECONDS WITHIN 6 SECONDS",
+            pattern_type="stix",
+            valid_from=epoch,
+            indicator_types=['malicious-activity'],
+        )
+
+    assert excinfo.value.cls == stix2.v21.Indicator
+    assert "FAIL: The same qualifier is used more than once" in str(excinfo.value)
--- a/stix2/v20/sdo.py
+++ b/stix2/v20/sdo.py
@ -124,7 +124,7 @@ class Indicator(STIXDomainObject):
        ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
        ('name', StringProperty()),
        ('description', StringProperty()),
-        ('pattern', PatternProperty(required=True)),
+        ('pattern', PatternProperty(required=True, spec_version='2.0')),
        ('valid_from', TimestampProperty(default=lambda: NOW)),
        ('valid_until', TimestampProperty()),
        ('kill_chain_phases', ListProperty(KillChainPhase)),
--- a/stix2/v21/sdo.py
+++ b/stix2/v21/sdo.py
@ -200,7 +200,7 @@ class Indicator(STIXDomainObject):
        ('name', StringProperty()),
        ('description', StringProperty()),
        ('indicator_types', ListProperty(StringProperty, required=True)),
-        ('pattern', PatternProperty(required=True)),
+        ('pattern', PatternProperty(required=True, spec_version='2.1')),
        ('pattern_type', StringProperty(required=True)),
        ('pattern_version', StringProperty()),
        ('valid_from', TimestampProperty(default=lambda: NOW, required=True)),