MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Fixes #307

master
Desai, Kartikey H 2019-12-20 14:34:49 -05:00 committed by Chris Lenk
parent 25eb3bdb0c
commit a18612bdfb
5 changed files with 73 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
stix2/properties.py
View File

@ -558,9 +558,13 @@ class EnumProperty(StringProperty):
class PatternProperty(StringProperty): class PatternProperty(StringProperty):
def __init__(self, spec_version=stix2.DEFAULT_VERSION, **kwargs):
self.spec_version = spec_version
super(PatternProperty, self).__init__(**kwargs)
def clean(self, value): def clean(self, value):
cleaned_value = super(PatternProperty, self).clean(value) cleaned_value = super(PatternProperty, self).clean(value)
errors = run_validator(cleaned_value) errors = run_validator(cleaned_value, self.spec_version)
if errors: if errors:
raise ValueError(str(errors[0])) raise ValueError(str(errors[0]))

33
stix2/test/v20/test_indicator.py
View File

@ -192,3 +192,36 @@ def test_invalid_indicator_pattern():
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == stix2.v20.Indicator
assert excinfo.value.prop_name == 'pattern' assert excinfo.value.prop_name == 'pattern'
assert 'mismatched input' in excinfo.value.reason assert 'mismatched input' in excinfo.value.reason
def test_indicator_stix21_invalid_pattern():
now = dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
ind1 = stix2.v21.Indicator(
type="indicator",
id=INDICATOR_ID,
created=now,
modified=now,
pattern="[EXISTS windows-registry-key:values]",
pattern_type="stix",
valid_from=epoch,
indicator_types=['malicious-activity'],
)
assert ind1.id == INDICATOR_ID
assert ind1.pattern == "[EXISTS windows-registry-key:values]"
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Indicator(
type="indicator",
id=INDICATOR_ID,
created=now,
modified=now,
pattern="[EXISTS windows-registry-key:values]",
valid_from=epoch,
labels=["malicious-activity"],
)
assert excinfo.value.cls == stix2.v20.Indicator
assert "FAIL: Error found at line 1:8. no viable alternative at input 'EXISTS" in str(excinfo.value)

33
stix2/test/v21/test_indicator.py
View File

@ -251,3 +251,36 @@ def test_indicator_with_custom_embed_objs_extra_props_error():
assert excinfo.value.cls == stix2.v21.Indicator assert excinfo.value.cls == stix2.v21.Indicator
assert excinfo.value.properties == ['bad_custom_prop'] assert excinfo.value.properties == ['bad_custom_prop']
assert str(excinfo.value) == "Unexpected properties for Indicator: (bad_custom_prop)." assert str(excinfo.value) == "Unexpected properties for Indicator: (bad_custom_prop)."
def test_indicator_stix20_invalid_pattern():
now = dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
ind1 = stix2.v20.Indicator(
type="indicator",
id=INDICATOR_ID,
created=now,
modified=now,
pattern="[win-registry-key:key = 'hkey_local_machine\\\\foo\\\\bar'] WITHIN 5 SECONDS WITHIN 6 SECONDS",
valid_from=epoch,
labels=["malicious-activity"],
)
assert ind1.id == INDICATOR_ID
assert ind1.pattern == "[win-registry-key:key = 'hkey_local_machine\\\\foo\\\\bar'] WITHIN 5 SECONDS WITHIN 6 SECONDS"
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.v21.Indicator(
type="indicator",
id=INDICATOR_ID,
created=now,
modified=now,
pattern="[win-registry-key:key = 'hkey_local_machine\\\\foo\\\\bar'] WITHIN 5 SECONDS WITHIN 6 SECONDS",
pattern_type="stix",
valid_from=epoch,
indicator_types=['malicious-activity'],
)
assert excinfo.value.cls == stix2.v21.Indicator
assert "FAIL: The same qualifier is used more than once" in str(excinfo.value)

2
stix2/v20/sdo.py
View File

@ -124,7 +124,7 @@ class Indicator(STIXDomainObject):
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
('name', StringProperty()), ('name', StringProperty()),
('description', StringProperty()), ('description', StringProperty()),
('pattern', PatternProperty(required=True)), ('pattern', PatternProperty(required=True, spec_version='2.0')),
('valid_from', TimestampProperty(default=lambda: NOW)), ('valid_from', TimestampProperty(default=lambda: NOW)),
('valid_until', TimestampProperty()), ('valid_until', TimestampProperty()),
('kill_chain_phases', ListProperty(KillChainPhase)), ('kill_chain_phases', ListProperty(KillChainPhase)),

2
stix2/v21/sdo.py
View File

@ -200,7 +200,7 @@ class Indicator(STIXDomainObject):
('name', StringProperty()), ('name', StringProperty()),
('description', StringProperty()), ('description', StringProperty()),
('indicator_types', ListProperty(StringProperty, required=True)), ('indicator_types', ListProperty(StringProperty, required=True)),
('pattern', PatternProperty(required=True)), ('pattern', PatternProperty(required=True, spec_version='2.1')),
('pattern_type', StringProperty(required=True)), ('pattern_type', StringProperty(required=True)),
('pattern_version', StringProperty()), ('pattern_version', StringProperty()),
('valid_from', TimestampProperty(default=lambda: NOW, required=True)), ('valid_from', TimestampProperty(default=lambda: NOW, required=True)),