MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Fix tests and ReferenceProperty

master
Desai, Kartikey H 2019-09-04 19:08:34 -04:00
parent 44ebd64a16
commit abf2980336
9 changed files with 138 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
stix2/base.py
View File

@ -115,15 +115,15 @@ class _STIXBase(collections.Mapping):
def _check_at_least_one_property(self, list_of_properties=None): def _check_at_least_one_property(self, list_of_properties=None):
if not list_of_properties: if not list_of_properties:
list_of_properties = sorted(list(self.__class__._properties.keys())) list_of_properties = sorted(list(self.__class__._properties.keys()))
if 'type' in list_of_properties: if isinstance(self, _Observable):
list_of_properties.remove('type') props_to_remove = ["type", "id", "defanged", "spec_version"]
else:
props_to_remove = ["type"]
list_of_properties = [prop for prop in list_of_properties if prop not in props_to_remove]
current_properties = self.properties_populated() current_properties = self.properties_populated()
list_of_properties_populated = set(list_of_properties).intersection(current_properties) list_of_properties_populated = set(list_of_properties).intersection(current_properties)
if list_of_properties_populated == set(['id']) and isinstance(self, _Observable):
# Do not count the auto-generated id as a user-specified property
list_of_properties_populated = None
if list_of_properties and (not list_of_properties_populated or list_of_properties_populated == set(['extensions'])): if list_of_properties and (not list_of_properties_populated or list_of_properties_populated == set(['extensions'])):
raise AtLeastOnePropertyError(self.__class__, list_of_properties) raise AtLeastOnePropertyError(self.__class__, list_of_properties)
@ -327,8 +327,7 @@ class _Observable(_STIXBase):
return # don't check if refs are valid return # don't check if refs are valid
if ref not in self._STIXBase__valid_refs: if ref not in self._STIXBase__valid_refs:
if ref[:ref.index('--') + 2] not in self._STIXBase__valid_refs: raise InvalidObjRefError(self.__class__, prop_name, "'%s' is not a valid object in local scope" % ref)
raise InvalidObjRefError(self.__class__, prop_name, "'%s' is not a valid object in local scope" % ref)
try: try:
allowed_types = prop.contained.valid_types allowed_types = prop.contained.valid_types
@ -352,12 +351,14 @@ class _Observable(_STIXBase):
if prop_name not in kwargs: if prop_name not in kwargs:
return return
if prop_name.endswith('_ref'): from .properties import ObjectReferenceProperty
ref = kwargs[prop_name] if isinstance(prop, ObjectReferenceProperty):
self._check_ref(ref, prop, prop_name) if prop_name.endswith('_ref'):
elif prop_name.endswith('_refs'): ref = kwargs[prop_name]
for ref in kwargs[prop_name]:
self._check_ref(ref, prop, prop_name) self._check_ref(ref, prop, prop_name)
elif prop_name.endswith('_refs'):
for ref in kwargs[prop_name]:
self._check_ref(ref, prop, prop_name)
def _generate_id(self, kwargs): def _generate_id(self, kwargs):
required_prefix = self._type + "--" required_prefix = self._type + "--"
@ -376,6 +377,11 @@ class _Observable(_STIXBase):
temp_deep_copy = copy.deepcopy(dict(kwargs[key])) temp_deep_copy = copy.deepcopy(dict(kwargs[key]))
_recursive_stix_to_dict(temp_deep_copy) _recursive_stix_to_dict(temp_deep_copy)
streamlined_obj_vals.append(temp_deep_copy) streamlined_obj_vals.append(temp_deep_copy)
elif isinstance(kwargs[key], list) and isinstance(kwargs[key][0], _STIXBase):
for obj in kwargs[key]:
temp_deep_copy = copy.deepcopy(dict(obj))
_recursive_stix_to_dict(temp_deep_copy)
streamlined_obj_vals.append(temp_deep_copy)
else: else:
streamlined_obj_vals.append(kwargs[key]) streamlined_obj_vals.append(kwargs[key])

4
stix2/properties.py
View File

@ -462,12 +462,12 @@ class ReferenceProperty(Property):
if possible_prefix[:-2] in self.valid_types: if possible_prefix[:-2] in self.valid_types:
required_prefix = possible_prefix required_prefix = possible_prefix
else: else:
raise ValueError("The type-specifying prefix for this identifier is not valid") raise ValueError("The type-specifying prefix '%s' for the identifier '%s' is not valid" % (possible_prefix, value))
elif self.invalid_types: elif self.invalid_types:
if possible_prefix[:-2] not in self.invalid_types: if possible_prefix[:-2] not in self.invalid_types:
required_prefix = possible_prefix required_prefix = possible_prefix
else: else:
raise ValueError("An invalid type-specifying prefix was specified for this identifier") raise ValueError("An invalid type-specifying prefix '%s' was specified for the identifier '%s'" % (possible_prefix, value))
_validate_id(value, self.spec_version, required_prefix) _validate_id(value, self.spec_version, required_prefix)

4
stix2/test/v20/test_utils.py
View File

@ -144,8 +144,8 @@ def test_deduplicate(stix_objs1):
"type": "network-traffic", "type": "network-traffic",
"src_ref": "1", "src_ref": "1",
"protocols": [ "protocols": [
"tcp", "tcp",
"http", "http",
], ],
"extensions": { "extensions": {
"http-request-ext": { "http-request-ext": {

4
stix2/test/v21/test_core.py
View File

@ -127,7 +127,7 @@ def test_register_observable_with_default_version():
"1": { "1": {
"type": "directory", "type": "directory",
"path": "/usr/home", "path": "/usr/home",
"contains_refs": ["0"], "contains_refs": ["file--420bc087-8b53-5ae9-8210-20d27d5e96c8"],
}, },
}, },
) )
@ -165,7 +165,7 @@ def test_register_observable_extension_with_default_version():
"1": { "1": {
"type": "directory", "type": "directory",
"path": "/usr/home", "path": "/usr/home",
"contains_refs": ["0"], "contains_refs": ["file--420bc087-8b53-5ae9-8210-20d27d5e96c8"],
}, },
}, },
) )

6
stix2/test/v21/test_datastore_filters.py
View File

@ -86,7 +86,7 @@ stix_objs = [
"objects": { "objects": {
"0": { "0": {
"type": "file", "type": "file",
"id": "file--fa1b868c-5fe2-5c85-8197-9674548379ec", "id": "file--42a7175a-42cc-508f-8fa7-23b330aff876",
"name": "HAL 9000.exe", "name": "HAL 9000.exe",
}, },
}, },
@ -110,8 +110,8 @@ filters = [
Filter("object_marking_refs", "=", "marking-definition--613f2e26-0000-4000-8000-b8e91df99dc9"), Filter("object_marking_refs", "=", "marking-definition--613f2e26-0000-4000-8000-b8e91df99dc9"),
Filter("granular_markings.selectors", "in", "description"), Filter("granular_markings.selectors", "in", "description"),
Filter("external_references.source_name", "=", "CVE"), Filter("external_references.source_name", "=", "CVE"),
Filter("objects", "=", {"0": {"type": "file", "name": "HAL 9000.exe", "id": "file--fa1b868c-5fe2-5c85-8197-9674548379ec"}}), Filter("objects", "=", {"0": {"type": "file", "name": "HAL 9000.exe", "id": "file--42a7175a-42cc-508f-8fa7-23b330aff876"}}),
Filter("objects", "contains", {"type": "file", "name": "HAL 9000.exe", "id": "file--fa1b868c-5fe2-5c85-8197-9674548379ec"}), Filter("objects", "contains", {"type": "file", "name": "HAL 9000.exe", "id": "file--42a7175a-42cc-508f-8fa7-23b330aff876"}),
Filter("labels", "contains", "heartbleed"), Filter("labels", "contains", "heartbleed"),
] ]

156
stix2/test/v21/test_observed_data.py
View File

@ -26,7 +26,7 @@ EXPECTED = """{
"objects": { "objects": {
"0": { "0": {
"type": "file", "type": "file",
"id": "file--500d9a03-9d03-5c31-82b2-2be8aacec481", "id": "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f",
"name": "foo.exe" "name": "foo.exe"
} }
} }
@ -45,6 +45,7 @@ def test_observed_data_example():
objects={ objects={
"0": { "0": {
"name": "foo.exe", "name": "foo.exe",
"id": "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f",
"type": "file", "type": "file",
}, },
}, },
@ -66,15 +67,15 @@ EXPECTED_WITH_REF = """{
"objects": { "objects": {
"0": { "0": {
"type": "file", "type": "file",
"id": "file--500d9a03-9d03-5c31-82b2-2be8aacec481", "id": "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f",
"name": "foo.exe" "name": "foo.exe"
}, },
"1": { "1": {
"type": "directory", "type": "directory",
"id": "directory--ed959127-2df3-5999-99b6-df7614398c1c", "id": "directory--536a61a4-0934-516b-9aad-fcbb75e0583a",
"path": "/usr/home", "path": "/usr/home",
"contains_refs": [ "contains_refs": [
"0" "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f"
] ]
} }
} }
@ -93,12 +94,14 @@ def test_observed_data_example_with_refs():
objects={ objects={
"0": { "0": {
"name": "foo.exe", "name": "foo.exe",
"id": "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f",
"type": "file", "type": "file",
}, },
"1": { "1": {
"type": "directory", "type": "directory",
"id": "directory--536a61a4-0934-516b-9aad-fcbb75e0583a",
"path": "/usr/home", "path": "/usr/home",
"contains_refs": ["0"], "contains_refs": ["file--5956efbb-a7b0-566d-a7f9-a202eb05c70f"],
}, },
}, },
) )
@ -117,9 +120,9 @@ EXPECTED_OBJECT_REFS = """{
"last_observed": "2015-12-21T19:00:00Z", "last_observed": "2015-12-21T19:00:00Z",
"number_observed": 50, "number_observed": 50,
"object_refs": [ "object_refs": [
"foo--758bf2c0-a6f1-56d1-872e-6b727467739a", "file--758bf2c0-a6f1-56d1-872e-6b727467739a",
"bar--d97ed5c4-3f33-46d9-b25b-c3d7b94d1457", "url--d97ed5c4-3f33-46d9-b25b-c3d7b94d1457",
"baz--eca0b3ba-8d76-11e9-a1fd-34415dabec0c" "mutex--eca0b3ba-8d76-11e9-a1fd-34415dabec0c"
] ]
}""" }"""
@ -134,9 +137,9 @@ def test_observed_data_example_with_object_refs():
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
number_observed=50, number_observed=50,
object_refs=[ object_refs=[
"foo--758bf2c0-a6f1-56d1-872e-6b727467739a", "file--758bf2c0-a6f1-56d1-872e-6b727467739a",
"bar--d97ed5c4-3f33-46d9-b25b-c3d7b94d1457", "url--d97ed5c4-3f33-46d9-b25b-c3d7b94d1457",
"baz--eca0b3ba-8d76-11e9-a1fd-34415dabec0c", "mutex--eca0b3ba-8d76-11e9-a1fd-34415dabec0c",
], ],
) )
@ -160,15 +163,15 @@ def test_observed_data_object_constraint():
}, },
}, },
object_refs=[ object_refs=[
"foo--758bf2c0-a6f1-56d1-872e-6b727467739a", "file--758bf2c0-a6f1-56d1-872e-6b727467739a",
"bar--d97ed5c4-3f33-46d9-b25b-c3d7b94d1457", "url--d97ed5c4-3f33-46d9-b25b-c3d7b94d1457",
"baz--eca0b3ba-8d76-11e9-a1fd-34415dabec0c", "mutex--eca0b3ba-8d76-11e9-a1fd-34415dabec0c",
], ],
) )
def test_observed_data_example_with_bad_refs(): def test_observed_data_example_with_bad_refs():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
stix2.v21.ObservedData( stix2.v21.ObservedData(
id=OBSERVED_DATA_ID, id=OBSERVED_DATA_ID,
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
@ -180,19 +183,20 @@ def test_observed_data_example_with_bad_refs():
objects={ objects={
"0": { "0": {
"type": "file", "type": "file",
"id": "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f",
"name": "foo.exe", "name": "foo.exe",
}, },
"1": { "1": {
"type": "directory", "type": "directory",
"path": "/usr/home", "path": "/usr/home",
"contains_refs": ["2"], "contains_refs": ["monkey--5956efbb-a7b0-566d-a7f9-a202eb05c70f"],
}, },
}, },
) )
assert excinfo.value.cls == stix2.v21.ObservedData assert excinfo.value.cls == stix2.v21.Directory
assert excinfo.value.prop_name == "objects" assert excinfo.value.prop_name == "contains_refs"
assert excinfo.value.reason == "Invalid object reference for 'Directory:contains_refs': '2' is not a valid object in local scope" assert "The type-specifying prefix 'monkey--' for the identifier" in excinfo.value.reason
def test_observed_data_example_with_non_dictionary(): def test_observed_data_example_with_non_dictionary():
@ -248,6 +252,7 @@ def test_observed_data_example_with_empty_dictionary():
"0": { "0": {
"name": "foo.exe", "name": "foo.exe",
"type": "file", "type": "file",
"id": "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f",
}, },
}, },
}, },
@ -640,16 +645,18 @@ def test_observed_data_with_process_example():
objects={ objects={
"0": { "0": {
"type": "file", "type": "file",
"id": "file--0d16c8d3-c177-5f5d-a022-b1bdac329bea",
"hashes": { "hashes": {
"SHA-256": "35a01331e9ad96f751278b891b6ea09699806faedfa237d40513d92ad1b7100f", "SHA-256": "35a01331e9ad96f751278b891b6ea09699806faedfa237d40513d92ad1b7100f",
}, },
}, },
"1": { "1": {
"type": "process", "type": "process",
"id": "process--f6c4a02c-23e1-4a6d-a0d7-d862e893817a",
"pid": 1221, "pid": 1221,
"created": "2016-01-20T14:11:25.55Z", "created_time": "2016-01-20T14:11:25.55Z",
"command_line": "./gedit-bin --new-window", "command_line": "./gedit-bin --new-window",
"image_ref": "0", "image_ref": "file--0d16c8d3-c177-5f5d-a022-b1bdac329bea",
}, },
}, },
) )
@ -693,31 +700,33 @@ def test_artifact_mutual_exclusion_error():
def test_directory_example(): def test_directory_example():
dir = stix2.v21.Directory( f = stix2.v21.File(
_valid_refs={"1": "file"}, name="penguin.exe",
)
dir1 = stix2.v21.Directory(
path='/usr/lib', path='/usr/lib',
ctime="2015-12-21T19:00:00Z", ctime="2015-12-21T19:00:00Z",
mtime="2015-12-24T19:00:00Z", mtime="2015-12-24T19:00:00Z",
atime="2015-12-21T20:00:00Z", atime="2015-12-21T20:00:00Z",
contains_refs=["1"], contains_refs=[str(f.id)],
) )
assert dir.path == '/usr/lib' assert dir1.path == '/usr/lib'
assert dir.ctime == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert dir1.ctime == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc)
assert dir.mtime == dt.datetime(2015, 12, 24, 19, 0, 0, tzinfo=pytz.utc) assert dir1.mtime == dt.datetime(2015, 12, 24, 19, 0, 0, tzinfo=pytz.utc)
assert dir.atime == dt.datetime(2015, 12, 21, 20, 0, 0, tzinfo=pytz.utc) assert dir1.atime == dt.datetime(2015, 12, 21, 20, 0, 0, tzinfo=pytz.utc)
assert dir.contains_refs == ["1"] assert dir1.contains_refs == ["file--9d050a3b-72cd-5b57-bf18-024e74e1e5eb"]
def test_directory_example_ref_error(): def test_directory_example_ref_error():
with pytest.raises(stix2.exceptions.InvalidObjRefError) as excinfo: with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.v21.Directory( stix2.v21.Directory(
_valid_refs=[],
path='/usr/lib', path='/usr/lib',
ctime="2015-12-21T19:00:00Z", ctime="2015-12-21T19:00:00Z",
mtime="2015-12-24T19:00:00Z", mtime="2015-12-24T19:00:00Z",
atime="2015-12-21T20:00:00Z", atime="2015-12-21T20:00:00Z",
contains_refs=["1"], contains_refs=["domain-name--02af94ea-7e38-5718-87c3-5cc023e3d49d"],
) )
assert excinfo.value.cls == stix2.v21.Directory assert excinfo.value.cls == stix2.v21.Directory
@ -725,22 +734,24 @@ def test_directory_example_ref_error():
def test_domain_name_example(): def test_domain_name_example():
dn = stix2.v21.DomainName( dn1 = stix2.v21.DomainName(
_valid_refs={"1": 'domain-name'}, value="mitre.org",
value="example.com",
resolves_to_refs=["1"],
) )
assert dn.value == "example.com" dn2 = stix2.v21.DomainName(
assert dn.resolves_to_refs == ["1"] value="example.com",
resolves_to_refs=[str(dn1.id)],
)
assert dn2.value == "example.com"
assert dn2.resolves_to_refs == ["domain-name--02af94ea-7e38-5718-87c3-5cc023e3d49d"]
def test_domain_name_example_invalid_ref_type(): def test_domain_name_example_invalid_ref_type():
with pytest.raises(stix2.exceptions.InvalidObjRefError) as excinfo: with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.v21.DomainName( stix2.v21.DomainName(
_valid_refs={"1": "file"},
value="example.com", value="example.com",
resolves_to_refs=["1"], resolves_to_refs=["file--44a431e6-764b-5556-a3f5-bf655930a581"],
) )
assert excinfo.value.cls == stix2.v21.DomainName assert excinfo.value.cls == stix2.v21.DomainName
@ -882,6 +893,7 @@ RASTER_IMAGE_EXT = """{
"objects": { "objects": {
"0": { "0": {
"type": "file", "type": "file",
"id": "file--44a431e6-764b-5556-a3f5-bf655930a581",
"name": "picture.jpg", "name": "picture.jpg",
"hashes": { "hashes": {
"SHA-256": "35a01331e9ad96f751278b891b6ea09699806faedfa237d40513d92ad1b7100f" "SHA-256": "35a01331e9ad96f751278b891b6ea09699806faedfa237d40513d92ad1b7100f"
@ -993,18 +1005,17 @@ def test_file_example_encryption_error():
assert "At least one of the (hashes, name)" in str(excinfo.value) assert "At least one of the (hashes, name)" in str(excinfo.value)
def test_ip4_address_example(): def test_ipv4_address_example():
ip4 = stix2.v21.IPv4Address( ip4 = stix2.v21.IPv4Address(
_valid_refs={"4": "mac-addr", "5": "mac-addr"},
value="198.51.100.3", value="198.51.100.3",
resolves_to_refs=["4", "5"], resolves_to_refs=["mac-addr--a85820f7-d9b7-567a-a3a6-dedc34139342", "mac-addr--9a59b496-fdeb-510f-97b5-7137210bc699"],
) )
assert ip4.value == "198.51.100.3" assert ip4.value == "198.51.100.3"
assert ip4.resolves_to_refs == ["4", "5"] assert ip4.resolves_to_refs == ["mac-addr--a85820f7-d9b7-567a-a3a6-dedc34139342", "mac-addr--9a59b496-fdeb-510f-97b5-7137210bc699"]
def test_ip4_address_valid_refs(): def test_ipv4_address_valid_refs():
mac1 = stix2.v21.MACAddress( mac1 = stix2.v21.MACAddress(
value="a1:b2:c3:d4:e5:f6", value="a1:b2:c3:d4:e5:f6",
) )
@ -1013,22 +1024,21 @@ def test_ip4_address_valid_refs():
) )
ip4 = stix2.v21.IPv4Address( ip4 = stix2.v21.IPv4Address(
_valid_refs={"1": mac1, "2": mac2},
value="177.60.40.7", value="177.60.40.7",
resolves_to_refs=["1", "2"], resolves_to_refs=[str(mac1.id), str(mac2.id)],
) )
assert ip4.value == "177.60.40.7" assert ip4.value == "177.60.40.7"
assert ip4.resolves_to_refs == ["1", "2"] assert ip4.resolves_to_refs == ["mac-addr--a85820f7-d9b7-567a-a3a6-dedc34139342", "mac-addr--9a59b496-fdeb-510f-97b5-7137210bc699"]
def test_ip4_address_example_cidr(): def test_ipv4_address_example_cidr():
ip4 = stix2.v21.IPv4Address(value="198.51.100.0/24") ip4 = stix2.v21.IPv4Address(value="198.51.100.0/24")
assert ip4.value == "198.51.100.0/24" assert ip4.value == "198.51.100.0/24"
def test_ip6_address_example(): def test_ipv6_address_example():
ip6 = stix2.v21.IPv6Address(value="2001:0db8:85a3:0000:0000:8a2e:0370:7334") ip6 = stix2.v21.IPv6Address(value="2001:0db8:85a3:0000:0000:8a2e:0370:7334")
assert ip6.value == "2001:0db8:85a3:0000:0000:8a2e:0370:7334" assert ip6.value == "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
@ -1042,14 +1052,13 @@ def test_mac_address_example():
def test_network_traffic_example(): def test_network_traffic_example():
nt = stix2.v21.NetworkTraffic( nt = stix2.v21.NetworkTraffic(
_valid_refs={"0": "ipv4-addr", "1": "ipv4-addr"}, protocols=["tcp"],
protocols="tcp", src_ref="ipv4-addr--29a591d9-533a-5ecd-a5a1-cadee4411e88",
src_ref="0", dst_ref="ipv4-addr--6d39dd0b-1f74-5faf-8d76-d8762c2a57cb",
dst_ref="1",
) )
assert nt.protocols == ["tcp"] assert nt.protocols == ["tcp"]
assert nt.src_ref == "0" assert nt.src_ref == "ipv4-addr--29a591d9-533a-5ecd-a5a1-cadee4411e88"
assert nt.dst_ref == "1" assert nt.dst_ref == "ipv4-addr--6d39dd0b-1f74-5faf-8d76-d8762c2a57cb"
def test_network_traffic_http_request_example(): def test_network_traffic_http_request_example():
@ -1064,9 +1073,8 @@ def test_network_traffic_http_request_example():
}, },
) )
nt = stix2.v21.NetworkTraffic( nt = stix2.v21.NetworkTraffic(
_valid_refs={"0": "ipv4-addr"}, protocols=["tcp"],
protocols="tcp", src_ref="ipv4-addr--29a591d9-533a-5ecd-a5a1-cadee4411e88",
src_ref="0",
extensions={'http-request-ext': h}, extensions={'http-request-ext': h},
) )
assert nt.extensions['http-request-ext'].request_method == "get" assert nt.extensions['http-request-ext'].request_method == "get"
@ -1080,9 +1088,8 @@ def test_network_traffic_http_request_example():
def test_network_traffic_icmp_example(): def test_network_traffic_icmp_example():
h = stix2.v21.ICMPExt(icmp_type_hex="08", icmp_code_hex="00") h = stix2.v21.ICMPExt(icmp_type_hex="08", icmp_code_hex="00")
nt = stix2.v21.NetworkTraffic( nt = stix2.v21.NetworkTraffic(
_valid_refs={"0": "ipv4-addr"}, protocols=["tcp"],
protocols="tcp", src_ref="ipv4-addr--29a591d9-533a-5ecd-a5a1-cadee4411e88",
src_ref="0",
extensions={'icmp-ext': h}, extensions={'icmp-ext': h},
) )
assert nt.extensions['icmp-ext'].icmp_type_hex == "08" assert nt.extensions['icmp-ext'].icmp_type_hex == "08"
@ -1097,9 +1104,8 @@ def test_network_traffic_socket_example():
socket_type="SOCK_STREAM", socket_type="SOCK_STREAM",
) )
nt = stix2.v21.NetworkTraffic( nt = stix2.v21.NetworkTraffic(
_valid_refs={"0": "ipv4-addr"}, protocols=["tcp"],
protocols="tcp", src_ref="ipv4-addr--29a591d9-533a-5ecd-a5a1-cadee4411e88",
src_ref="0",
extensions={'socket-ext': h}, extensions={'socket-ext': h},
) )
assert nt.extensions['socket-ext'].is_listening assert nt.extensions['socket-ext'].is_listening
@ -1111,9 +1117,8 @@ def test_network_traffic_socket_example():
def test_network_traffic_tcp_example(): def test_network_traffic_tcp_example():
h = stix2.v21.TCPExt(src_flags_hex="00000002") h = stix2.v21.TCPExt(src_flags_hex="00000002")
nt = stix2.v21.NetworkTraffic( nt = stix2.v21.NetworkTraffic(
_valid_refs={"0": "ipv4-addr"}, protocols=["tcp"],
protocols="tcp", src_ref="ipv4-addr--29a591d9-533a-5ecd-a5a1-cadee4411e88",
src_ref="0",
extensions={'tcp-ext': h}, extensions={'tcp-ext': h},
) )
assert nt.extensions['tcp-ext'].src_flags_hex == "00000002" assert nt.extensions['tcp-ext'].src_flags_hex == "00000002"
@ -1127,11 +1132,10 @@ def test_mutex_example():
def test_process_example(): def test_process_example():
p = stix2.v21.Process( p = stix2.v21.Process(
_valid_refs={"0": "file"},
pid=1221, pid=1221,
created="2016-01-20T14:11:25.55Z", created_time="2016-01-20T14:11:25.55Z",
command_line="./gedit-bin --new-window", command_line="./gedit-bin --new-window",
image_ref="0", image_ref="file--ea587d87-5ed2-5625-a9ac-01fd64161fd8",
) )
assert p.command_line == "./gedit-bin --new-window" assert p.command_line == "./gedit-bin --new-window"
@ -1143,7 +1147,7 @@ def test_process_example_empty_error():
assert excinfo.value.cls == stix2.v21.Process assert excinfo.value.cls == stix2.v21.Process
properties_of_process = list(stix2.v21.Process._properties.keys()) properties_of_process = list(stix2.v21.Process._properties.keys())
properties_of_process.remove("type") properties_of_process = [prop for prop in properties_of_process if prop not in ["type", "id", "defanged", "spec_version"]]
assert excinfo.value.properties == sorted(properties_of_process) assert excinfo.value.properties == sorted(properties_of_process)
msg = "At least one of the ({1}) properties for {0} must be populated." msg = "At least one of the ({1}) properties for {0} must be populated."
msg = msg.format( msg = msg.format(
@ -1367,18 +1371,20 @@ def test_new_version_with_related_objects():
objects={ objects={
'src_ip': { 'src_ip': {
'type': 'ipv4-addr', 'type': 'ipv4-addr',
'id': 'ipv4-addr--2b94bc65-17d4-54f6-9ffe-7d103551bb9f',
'value': '127.0.0.1/32', 'value': '127.0.0.1/32',
}, },
'domain': { 'domain': {
'type': 'domain-name', 'type': 'domain-name',
'id': 'domain-name--220a2699-5ebf-5b57-bf02-424964bb19c0',
'value': 'example.com', 'value': 'example.com',
'resolves_to_refs': ['src_ip'], 'resolves_to_refs': ['ipv4-addr--2b94bc65-17d4-54f6-9ffe-7d103551bb9f'],
}, },
}, },
) )
new_version = data.new_version(last_observed="2017-12-12T12:00:00Z") new_version = data.new_version(last_observed="2017-12-12T12:00:00Z")
assert new_version.last_observed.year == 2017 assert new_version.last_observed.year == 2017
assert new_version.objects['domain'].resolves_to_refs[0] == 'src_ip' assert new_version.objects['domain'].resolves_to_refs[0] == 'ipv4-addr--2b94bc65-17d4-54f6-9ffe-7d103551bb9f'
def test_objects_deprecation(): def test_objects_deprecation():

2
stix2/v20/sdo.py
View File

@ -233,7 +233,7 @@ class Report(STIXDomainObject):
('name', StringProperty(required=True)), ('name', StringProperty(required=True)),
('description', StringProperty()), ('description', StringProperty()),
('published', TimestampProperty(required=True)), ('published', TimestampProperty(required=True)),
('object_refs', ListProperty(ReferenceProperty(invalid_types="", spec_version='2.0'), required=True)), ('object_refs', ListProperty(ReferenceProperty(invalid_types=[""], spec_version='2.0'), required=True)),
('revoked', BooleanProperty(default=lambda: False)), ('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty, required=True)), ('labels', ListProperty(StringProperty, required=True)),
('external_references', ListProperty(ExternalReference)), ('external_references', ListProperty(ExternalReference)),

46
stix2/v21/observables.py
View File

@ -184,18 +184,18 @@ class EmailMessage(_Observable):
('is_multipart', BooleanProperty(required=True)), ('is_multipart', BooleanProperty(required=True)),
('date', TimestampProperty()), ('date', TimestampProperty()),
('content_type', StringProperty()), ('content_type', StringProperty()),
('from_ref', ReferenceProperty(valid_types='email-addr')), ('from_ref', ReferenceProperty(valid_types='email-addr', spec_version='2.1')),
('sender_ref', ReferenceProperty(valid_types='email-addr')), ('sender_ref', ReferenceProperty(valid_types='email-addr', spec_version='2.1')),
('to_refs', ListProperty(ReferenceProperty(valid_types='email-addr'))), ('to_refs', ListProperty(ReferenceProperty(valid_types='email-addr', spec_version='2.1'))),
('cc_refs', ListProperty(ReferenceProperty(valid_types='email-addr'))), ('cc_refs', ListProperty(ReferenceProperty(valid_types='email-addr', spec_version='2.1'))),
('bcc_refs', ListProperty(ReferenceProperty(valid_types='email-addr'))), ('bcc_refs', ListProperty(ReferenceProperty(valid_types='email-addr', spec_version='2.1'))),
('message_id', StringProperty()), ('message_id', StringProperty()),
('subject', StringProperty()), ('subject', StringProperty()),
('received_lines', ListProperty(StringProperty)), ('received_lines', ListProperty(StringProperty)),
('additional_header_fields', DictionaryProperty(spec_version='2.1')), ('additional_header_fields', DictionaryProperty(spec_version='2.1')),
('body', StringProperty()), ('body', StringProperty()),
('body_multipart', ListProperty(EmbeddedObjectProperty(type=EmailMIMEComponent))), ('body_multipart', ListProperty(EmbeddedObjectProperty(type=EmailMIMEComponent))),
('raw_email_ref', ReferenceProperty(valid_types='artifact')), ('raw_email_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
@ -384,9 +384,9 @@ class File(_Observable):
('ctime', TimestampProperty()), ('ctime', TimestampProperty()),
('mtime', TimestampProperty()), ('mtime', TimestampProperty()),
('atime', TimestampProperty()), ('atime', TimestampProperty()),
('parent_directory_ref', ReferenceProperty(valid_types='directory')), ('parent_directory_ref', ReferenceProperty(valid_types='directory', spec_version='2.1')),
('contains_refs', ListProperty(ReferenceProperty(invalid_types=[""]))), ('contains_refs', ListProperty(ReferenceProperty(invalid_types=[""], spec_version='2.1'))),
('content_ref', ReferenceProperty(valid_types='artifact')), ('content_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
@ -411,8 +411,8 @@ class IPv4Address(_Observable):
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('resolves_to_refs', ListProperty(ReferenceProperty(valid_types='mac-addr'))), ('resolves_to_refs', ListProperty(ReferenceProperty(valid_types='mac-addr', spec_version='2.1'))),
('belongs_to_refs', ListProperty(ReferenceProperty(valid_types='autonomous-system'))), ('belongs_to_refs', ListProperty(ReferenceProperty(valid_types='autonomous-system', spec_version='2.1'))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
@ -448,8 +448,8 @@ class IPv6Address(_Observable):
('type', TypeProperty(_type)), ('type', TypeProperty(_type)),
('id', IDProperty(_type, spec_version='2.1')), ('id', IDProperty(_type, spec_version='2.1')),
('value', StringProperty(required=True)), ('value', StringProperty(required=True)),
('resolves_to_refs', ListProperty(ReferenceProperty(valid_types='mac-addr'))), ('resolves_to_refs', ListProperty(ReferenceProperty(valid_types='mac-addr', spec_version='2.1'))),
('belongs_to_refs', ListProperty(ReferenceProperty(valid_types='autonomous-system'))), ('belongs_to_refs', ListProperty(ReferenceProperty(valid_types='autonomous-system', spec_version='2.1'))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
@ -629,10 +629,10 @@ class NetworkTraffic(_Observable):
('src_packets', IntegerProperty(min=0)), ('src_packets', IntegerProperty(min=0)),
('dst_packets', IntegerProperty(min=0)), ('dst_packets', IntegerProperty(min=0)),
('ipfix', DictionaryProperty(spec_version='2.1')), ('ipfix', DictionaryProperty(spec_version='2.1')),
('src_payload_ref', ReferenceProperty(valid_types='artifact')), ('src_payload_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')),
('dst_payload_ref', ReferenceProperty(valid_types='artifact')), ('dst_payload_ref', ReferenceProperty(valid_types='artifact', spec_version='2.1')),
('encapsulates_refs', ListProperty(ReferenceProperty(valid_types='network-traffic'))), ('encapsulates_refs', ListProperty(ReferenceProperty(valid_types='network-traffic', spec_version='2.1'))),
('encapsulated_by_ref', ReferenceProperty(valid_types='network-traffic')), ('encapsulated_by_ref', ReferenceProperty(valid_types='network-traffic', spec_version='2.1')),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
@ -748,11 +748,11 @@ class Process(_Observable):
('cwd', StringProperty()), ('cwd', StringProperty()),
('command_line', StringProperty()), ('command_line', StringProperty()),
('environment_variables', DictionaryProperty(spec_version='2.1')), ('environment_variables', DictionaryProperty(spec_version='2.1')),
('opened_connection_refs', ListProperty(ReferenceProperty(valid_types='network-traffic'))), ('opened_connection_refs', ListProperty(ReferenceProperty(valid_types='network-traffic', spec_version='2.1'))),
('creator_user_ref', ReferenceProperty(valid_types='user-account')), ('creator_user_ref', ReferenceProperty(valid_types='user-account', spec_version='2.1')),
('image_ref', ReferenceProperty(valid_types='file')), ('image_ref', ReferenceProperty(valid_types='file', spec_version='2.1')),
('parent_ref', ReferenceProperty(valid_types='process')), ('parent_ref', ReferenceProperty(valid_types='process', spec_version='2.1')),
('child_refs', ListProperty(ReferenceProperty(valid_types='process'))), ('child_refs', ListProperty(ReferenceProperty(valid_types='process', spec_version='2.1'))),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
@ -912,7 +912,7 @@ class WindowsRegistryKey(_Observable):
('values', ListProperty(EmbeddedObjectProperty(type=WindowsRegistryValueType))), ('values', ListProperty(EmbeddedObjectProperty(type=WindowsRegistryValueType))),
# this is not the modified timestamps of the object itself # this is not the modified timestamps of the object itself
('modified_time', TimestampProperty()), ('modified_time', TimestampProperty()),
('creator_user_ref', ReferenceProperty(valid_types='user-account')), ('creator_user_ref', ReferenceProperty(valid_types='user-account', spec_version='2.1')),
('number_of_subkeys', IntegerProperty()), ('number_of_subkeys', IntegerProperty()),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)), ('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')), ('spec_version', StringProperty(fixed='2.1')),

10
stix2/v21/sdo.py
View File

@ -151,7 +151,7 @@ class Grouping(STIXDomainObject):
('name', StringProperty()), ('name', StringProperty()),
('description', StringProperty()), ('description', StringProperty()),
('context', StringProperty(required=True)), ('context', StringProperty(required=True)),
('object_refs', ListProperty(ReferenceProperty(invalid_types=[""]), required=True)), ('object_refs', ListProperty(ReferenceProperty(invalid_types=[""], spec_version='2.1'), required=True)),
]) ])
@ -533,7 +533,7 @@ class Note(STIXDomainObject):
('abstract', StringProperty()), ('abstract', StringProperty()),
('content', StringProperty(required=True)), ('content', StringProperty(required=True)),
('authors', ListProperty(StringProperty)), ('authors', ListProperty(StringProperty)),
('object_refs', ListProperty(ReferenceProperty(invalid_types=[""]), required=True)), ('object_refs', ListProperty(ReferenceProperty(invalid_types=[""], spec_version='2.1'), required=True)),
('revoked', BooleanProperty(default=lambda: False)), ('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)), ('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()), ('confidence', IntegerProperty()),
@ -601,7 +601,7 @@ class ObservedData(STIXDomainObject):
if self.get('object_refs'): if self.get('object_refs'):
for identifier in self.get('object_refs'): for identifier in self.get('object_refs'):
identifier_prefix = identifier[:identifier.index('--') + 2] identifier_prefix = identifier[:identifier.index('--')]
if identifier_prefix in STIX2_OBJ_MAPS['v21']['observables'].keys(): if identifier_prefix in STIX2_OBJ_MAPS['v21']['observables'].keys():
break break
else: else:
@ -635,7 +635,7 @@ class Opinion(STIXDomainObject):
], required=True, ], required=True,
), ),
), ),
('object_refs', ListProperty(ReferenceProperty(invalid_types=[""]), required=True)), ('object_refs', ListProperty(ReferenceProperty(invalid_types=[""], spec_version='2.1'), required=True)),
('revoked', BooleanProperty(default=lambda: False)), ('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)), ('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()), ('confidence', IntegerProperty()),
@ -664,7 +664,7 @@ class Report(STIXDomainObject):
('description', StringProperty()), ('description', StringProperty()),
('report_types', ListProperty(StringProperty, required=True)), ('report_types', ListProperty(StringProperty, required=True)),
('published', TimestampProperty(required=True)), ('published', TimestampProperty(required=True)),
('object_refs', ListProperty(ReferenceProperty(invalid_types=[""]), required=True)), ('object_refs', ListProperty(ReferenceProperty(invalid_types=[""], spec_version='2.1'), required=True)),
('revoked', BooleanProperty(default=lambda: False)), ('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)), ('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()), ('confidence', IntegerProperty()),