Add some newer versions of a couple of object IDs in the stix2

test data corpus. Updated filesystem store tests accordingly: - Remove comments from all_versions tests stating that multiple versions are not supported. Improve the tests to ensure that all versions are in fact retrieved. - Update the get() test to assure that it gets only the latest version, when there is more than one version. - Update some count checks, since there are more objects now - Fix some typos
2018-11-01 19:58:34 -04:00 · 2018-11-01 19:58:34 -04:00 · a8d9aef673
parent e2f5d60b51
commit a8d9aef673
4 changed files with 85 additions and 14 deletions
--- a/stix2/test/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json
+++ b/stix2/test/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json
@ -0,0 +1,11 @@
+{
+    "type": "identity",
+    "id": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+    "created": "2017-06-01T00:00:00.000Z",
+    "modified": "2018-11-01T23:24:48.446Z",
+    "name": "The MITRE Corporation",
+    "identity_class": "organization",
+    "labels": [
+        "version two"
+    ]
+}
--- a/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json
+++ b/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json
@ -0,0 +1,27 @@
+{
+    "type": "malware",
+    "id": "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38",
+    "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+    "created": "2017-05-31T21:32:58.226Z",
+    "modified": "2018-11-01T23:24:48.456Z",
+    "name": "Rover",
+    "description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]",
+    "labels": [
+        "version two"
+    ],
+    "external_references": [
+        {
+            "source_name": "mitre-attack",
+            "url": "https://attack.mitre.org/wiki/Software/S0090",
+            "external_id": "S0090"
+        },
+        {
+            "source_name": "Palo Alto Rover",
+            "description": "Ray, V., Hayashi, K. (2016, February 29). New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.",
+            "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/"
+        }
+    ],
+    "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+    ]
+}
--- a/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json
+++ b/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json
@ -0,0 +1,27 @@
+{
+    "type": "malware",
+    "id": "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38",
+    "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+    "created": "2017-05-31T21:32:58.226Z",
+    "modified": "2018-11-01T23:24:48.457Z",
+    "name": "Rover",
+    "description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]",
+    "labels": [
+        "version three"
+    ],
+    "external_references": [
+        {
+            "source_name": "mitre-attack",
+            "url": "https://attack.mitre.org/wiki/Software/S0090",
+            "external_id": "S0090"
+        },
+        {
+            "source_name": "Palo Alto Rover",
+            "description": "Ray, V., Hayashi, K. (2016, February 29). New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.",
+            "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/"
+        }
+    ],
+    "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+    ]
+}
--- a/stix2/test/test_datastore_filesystem.py
+++ b/stix2/test/test_datastore_filesystem.py
@ -152,27 +152,32 @@ def test_filesystem_source_bad_stix_file(fs_source, bad_stix_files):
        assert "could either not be parsed to JSON or was not valid STIX JSON" in str(e)


-def test_filesytem_source_get_object(fs_source):
-    # get object
+def test_filesystem_source_get_object(fs_source):
+    # get (latest) object
    mal = fs_source.get("malware--6b616fc1-1505-48e3-8b2c-0d19337bff38")
    assert mal.id == "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38"
    assert mal.name == "Rover"
+    assert mal.modified == datetime.datetime(2018, 11, 1, 23, 24, 48, 457000,
+                                             pytz.utc)


-def test_filesytem_source_get_nonexistent_object(fs_source):
+def test_filesystem_source_get_nonexistent_object(fs_source):
    ind = fs_source.get("indicator--6b616fc1-1505-48e3-8b2c-0d19337bff38")
    assert ind is None


-def test_filesytem_source_all_versions(fs_source):
-    # all versions - (currently not a true all versions call as FileSystem cant have multiple versions)
-    id_ = fs_source.get("identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5")
-    assert id_.id == "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    assert id_.name == "The MITRE Corporation"
-    assert id_.type == "identity"
+def test_filesystem_source_all_versions(fs_source):
+    ids = fs_source.all_versions(
+        "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    )
+    assert len(ids) == 2
+    assert all(id_.id == "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+               for id_ in ids)
+    assert all(id_.name == "The MITRE Corporation" for id_ in ids)
+    assert all(id_.type == "identity" for id_ in ids)


-def test_filesytem_source_query_single(fs_source):
+def test_filesystem_source_query_single(fs_source):
    # query2
    is_2 = fs_source.query([Filter("external_references.external_id", '=', "T1027")])
    assert len(is_2) == 1
@ -387,8 +392,9 @@ def test_filesystem_store_get_stored_as_object(fs_store):


 def test_filesystem_store_all_versions(fs_store):
-    # all versions() - (note at this time, all_versions() is still not applicable to FileSystem, as only one version is ever stored)
-    rel = fs_store.all_versions("relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1")[0]
+    rels = fs_store.all_versions("relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1")
+    assert len(rels) == 1
+    rel = rels[0]
    assert rel.id == "relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1"
    assert rel.type == "relationship"

@ -411,7 +417,7 @@ def test_filesystem_store_query_single_filter(fs_store):

 def test_filesystem_store_empty_query(fs_store):
    results = fs_store.query()  # returns all
-    assert len(results) == 26
+    assert len(results) == 29
    assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [obj.id for obj in results]
    assert "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" in [obj.id for obj in results]

@ -425,7 +431,7 @@ def test_filesystem_store_query_multiple_filters(fs_store):

 def test_filesystem_store_query_dont_include_type_folder(fs_store):
    results = fs_store.query(Filter("type", "!=", "tool"))
-    assert len(results) == 24
+    assert len(results) == 27


 def test_filesystem_store_add(fs_store):