diff --git a/stix2/test/v21/test_custom.py b/stix2/test/v21/test_custom.py index 807e158..6750634 100644 --- a/stix2/test/v21/test_custom.py +++ b/stix2/test/v21/test_custom.py @@ -172,7 +172,7 @@ def test_custom_property_in_observed_data(): allow_custom=True, first_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z", - number_observed=0, + number_observed=1, objects={"0": artifact}, ) @@ -194,7 +194,7 @@ def test_custom_property_object_in_observable_extension(): allow_custom=True, first_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z", - number_observed=0, + number_observed=1, objects={"0": artifact}, ) @@ -229,7 +229,7 @@ def test_custom_property_dict_in_observable_extension(): allow_custom=True, first_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z", - number_observed=0, + number_observed=1, objects={"0": artifact}, ) diff --git a/stix2/test/v21/test_datastore_memory.py b/stix2/test/v21/test_datastore_memory.py index 5233d69..2bc4730 100644 --- a/stix2/test/v21/test_datastore_memory.py +++ b/stix2/test/v21/test_datastore_memory.py @@ -174,7 +174,6 @@ def test_memory_store_all_versions(mem_store): mem_store.add(dict( id="bundle--%s" % make_id(), objects=STIX_OBJS2, - spec_version="2.0", type="bundle", )) diff --git a/stix2/test/v21/test_location.py b/stix2/test/v21/test_location.py index abcb046..526bbc6 100644 --- a/stix2/test/v21/test_location.py +++ b/stix2/test/v21/test_location.py @@ -115,7 +115,7 @@ def test_location_bad_latitude(data): with pytest.raises(ValueError) as excinfo: stix2.parse(data) - assert str(excinfo.value) == "{id} 'latitude' must be between -90 and 90. Received {latitude}".format(**data) + assert "Invalid value for Location 'latitude'" in str(excinfo.value) @pytest.mark.parametrize( @@ -144,7 +144,7 @@ def test_location_bad_longitude(data): with pytest.raises(ValueError) as excinfo: stix2.parse(data) - assert str(excinfo.value) == "{id} 'longitude' must be between -180 and 180. Received {longitude}".format(**data) + assert "Invalid value for Location 'longitude'" in str(excinfo.value) @pytest.mark.parametrize( @@ -194,4 +194,72 @@ def test_location_negative_precision(data): with pytest.raises(ValueError) as excinfo: stix2.parse(data) - assert str(excinfo.value) == "{id} 'precision' must be a positive value. Received {precision}".format(**data) + assert "Invalid value for Location 'precision'" in str(excinfo.value) + + +@pytest.mark.parametrize( + "data,msg", [ + ( + { + "type": "location", + "spec_version": "2.1", + "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "created": "2016-04-06T20:03:00.000Z", + "modified": "2016-04-06T20:03:00.000Z", + "latitude": 18.468842, + "precision": 5.0, + }, + "(longitude, precision) are not met." + ), + ( + { + "type": "location", + "spec_version": "2.1", + "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "created": "2016-04-06T20:03:00.000Z", + "modified": "2016-04-06T20:03:00.000Z", + "longitude": 160.7, + "precision": 5.0, + }, + "(latitude, precision) are not met." + ), + ], +) +def test_location_precision_dependency_missing(data, msg): + with pytest.raises(stix2.exceptions.DependentPropertiesError) as excinfo: + stix2.parse(data) + + assert msg in str(excinfo.value) + + +@pytest.mark.parametrize( + "data,msg", [ + ( + { + "type": "location", + "spec_version": "2.1", + "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "created": "2016-04-06T20:03:00.000Z", + "modified": "2016-04-06T20:03:00.000Z", + "latitude": 18.468842, + }, + "(longitude, latitude) are not met." + ), + ( + { + "type": "location", + "spec_version": "2.1", + "id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64", + "created": "2016-04-06T20:03:00.000Z", + "modified": "2016-04-06T20:03:00.000Z", + "longitude": 160.7, + }, + "(latitude, longitude) are not met." + ), + ], +) +def test_location_precision_dependency_missing(data, msg): + with pytest.raises(stix2.exceptions.DependentPropertiesError) as excinfo: + stix2.parse(data) + + assert msg in str(excinfo.value) diff --git a/stix2/test/v21/test_note.py b/stix2/test/v21/test_note.py index a9594cf..a9807e8 100644 --- a/stix2/test/v21/test_note.py +++ b/stix2/test/v21/test_note.py @@ -8,7 +8,7 @@ import stix2 from .constants import CAMPAIGN_ID, NOTE_ID -DESCRIPTION = ( +CONTENT = ( 'This note indicates the various steps taken by the threat' ' analyst team to investigate this specific campaign. Step' ' 1) Do a scan 2) Review scanned results for identified ' @@ -21,8 +21,8 @@ EXPECTED_NOTE = """{ "id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", - "summary": "Tracking Team Note#1", - "description": "%s", + "abstract": "Tracking Team Note#1", + "content": "%s", "authors": [ "John Doe" ], @@ -35,7 +35,7 @@ EXPECTED_NOTE = """{ "external_id": "job-id-1234" } ] -}""" % DESCRIPTION +}""" % CONTENT EXPECTED_OPINION_REPR = "Note(" + " ".join(( """ @@ -44,12 +44,12 @@ EXPECTED_OPINION_REPR = "Note(" + " ".join(( id='note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061', created='2016-05-12T08:17:27.000Z', modified='2016-05-12T08:17:27.000Z', - summary='Tracking Team Note#1', - description='%s', + abstract='Tracking Team Note#1', + content='%s', authors=['John Doe'], object_refs=['campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f'], external_references=[ExternalReference(source_name='job-tracker', external_id='job-id-1234')] -""" % DESCRIPTION +""" % CONTENT ).split()) + ")" @@ -61,10 +61,10 @@ def test_note_with_required_properties(): id=NOTE_ID, created=now, modified=now, - summary='Tracking Team Note#1', + abstract='Tracking Team Note#1', object_refs=[CAMPAIGN_ID], authors=['John Doe'], - description=DESCRIPTION, + content=CONTENT, external_references=[ { 'source_name': 'job-tracker', @@ -87,8 +87,8 @@ def test_note_with_required_properties(): "id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", - "summary": "Tracking Team Note#1", - "description": DESCRIPTION, + "abstract": "Tracking Team Note#1", + "content": CONTENT, "authors": [ "John Doe", ], @@ -114,7 +114,7 @@ def test_parse_note(data): assert note.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert note.object_refs[0] == CAMPAIGN_ID assert note.authors[0] == 'John Doe' - assert note.summary == 'Tracking Team Note#1' - assert note.description == DESCRIPTION + assert note.abstract == 'Tracking Team Note#1' + assert note.content == CONTENT rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(note)) assert rep == EXPECTED_OPINION_REPR diff --git a/stix2/test/v21/test_observed_data.py b/stix2/test/v21/test_observed_data.py index a37bec3..18beaf0 100644 --- a/stix2/test/v21/test_observed_data.py +++ b/stix2/test/v21/test_observed_data.py @@ -409,8 +409,7 @@ def test_parse_email_message_not_multipart(data): "0", "1", "2" - ], - "version": "5.0" + ] } } }""", @@ -419,7 +418,8 @@ def test_parse_email_message_not_multipart(data): def test_parse_file_archive(data): odata_str = OBJECTS_REGEX.sub('"objects": { %s }' % data, EXPECTED) odata = stix2.parse(odata_str, version="2.1") - assert odata.objects["3"].extensions['archive-ext'].version == "5.0" + assert all(x in odata.objects["3"].extensions['archive-ext'].contains_refs + for x in ["0", "1", "2"]) @pytest.mark.parametrize( @@ -553,11 +553,8 @@ EXPECTED_PROCESS_OD = """{ "1": { "type": "process", "pid": 1221, - "name": "gedit-bin", "created": "2016-01-20T14:11:25.55Z", - "arguments" :[ - "--new-window" - ], + "command_line": "./gedit-bin --new-window", "binary_ref": "0" } }, @@ -585,11 +582,8 @@ def test_observed_data_with_process_example(): "1": { "type": "process", "pid": 1221, - "name": "gedit-bin", "created": "2016-01-20T14:11:25.55Z", - "arguments": [ - "--new-window", - ], + "command_line": "./gedit-bin --new-window", "image_ref": "0", }, }, @@ -599,8 +593,7 @@ def test_observed_data_with_process_example(): assert observed_data.objects["0"].hashes["SHA-256"] == "35a01331e9ad96f751278b891b6ea09699806faedfa237d40513d92ad1b7100f" assert observed_data.objects["1"].type == "process" assert observed_data.objects["1"].pid == 1221 - assert observed_data.objects["1"].name == "gedit-bin" - assert observed_data.objects["1"].arguments[0] == "--new-window" + assert observed_data.objects["1"].command_line == "./gedit-bin --new-window" # creating cyber observables directly @@ -834,7 +827,6 @@ RASTER_IMAGE_EXT = """{ "image_height": 768, "image_width": 1024, "bits_per_pixel": 72, - "image_compression_algorithm": "JPEG", "exif_tags": { "Make": "Nikon", "Model": "D7000", @@ -1055,14 +1047,12 @@ def test_process_example(): p = stix2.v21.Process( _valid_refs={"0": "file"}, pid=1221, - name="gedit-bin", created="2016-01-20T14:11:25.55Z", - arguments=["--new-window"], + command_line="./gedit-bin --new-window", image_ref="0", ) - assert p.name == "gedit-bin" - assert p.arguments == ["--new-window"] + assert p.command_line == "./gedit-bin --new-window" def test_process_example_empty_error(): @@ -1095,7 +1085,6 @@ def test_process_example_empty_with_extensions(): def test_process_example_windows_process_ext(): proc = stix2.v21.Process( pid=314, - name="foobar.exe", extensions={ "windows-process-ext": { "aslr_enabled": True, @@ -1115,7 +1104,6 @@ def test_process_example_windows_process_ext_empty(): with pytest.raises(stix2.exceptions.AtLeastOnePropertyError) as excinfo: stix2.v21.Process( pid=1221, - name="gedit-bin", extensions={ "windows-process-ext": {}, }, diff --git a/stix2/test/v21/test_opinion.py b/stix2/test/v21/test_opinion.py index 38001f3..79e97ca 100644 --- a/stix2/test/v21/test_opinion.py +++ b/stix2/test/v21/test_opinion.py @@ -8,7 +8,7 @@ import stix2 from .constants import OPINION_ID -DESCRIPTION = ( +EXPLANATION = ( 'This doesn\'t seem like it is feasible. We\'ve seen how ' 'PandaCat has attacked Spanish infrastructure over the ' 'last 3 years, so this change in targeting seems too great' @@ -22,12 +22,12 @@ EXPECTED_OPINION = """{ "id": "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7", "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", - "description": "%s", + "explanation": "%s", "object_refs": [ "relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471" ], "opinion": "strongly-disagree" -}""" % DESCRIPTION +}""" % EXPLANATION EXPECTED_OPINION_REPR = "Opinion(" + " ".join(( """ @@ -36,9 +36,9 @@ EXPECTED_OPINION_REPR = "Opinion(" + " ".join(( id='opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7', created='2016-05-12T08:17:27.000Z', modified='2016-05-12T08:17:27.000Z', - description="%s", + explanation="%s", object_refs=['relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'], - opinion='strongly-disagree'""" % DESCRIPTION + opinion='strongly-disagree'""" % EXPLANATION ).split()) + ")" @@ -52,7 +52,7 @@ def test_opinion_with_required_properties(): modified=now, object_refs=['relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'], opinion='strongly-disagree', - description=DESCRIPTION, + explanation=EXPLANATION, ) assert str(opi) == EXPECTED_OPINION @@ -69,7 +69,7 @@ def test_opinion_with_required_properties(): "id": "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7", "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", - "description": DESCRIPTION, + "explanation": EXPLANATION, "object_refs": [ "relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471", ], @@ -87,6 +87,6 @@ def test_parse_opinion(data): assert opinion.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert opinion.opinion == 'strongly-disagree' assert opinion.object_refs[0] == 'relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471' - assert opinion.description == DESCRIPTION + assert opinion.explanation == EXPLANATION rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(opinion)) assert rep == EXPECTED_OPINION_REPR diff --git a/stix2/test/v21/test_report.py b/stix2/test/v21/test_report.py index baf3911..c9d790e 100644 --- a/stix2/test/v21/test_report.py +++ b/stix2/test/v21/test_report.py @@ -15,10 +15,10 @@ EXPECTED = """{ "created": "2015-12-21T19:59:11.000Z", "modified": "2015-12-21T19:59:11.000Z", "name": "The Black Vine Cyberespionage Group", + "description": "A simple report with an indicator and campaign", "report_types": [ "campaign" ], - "description": "A simple report with an indicator and campaign", "published": "2016-01-20T17:00:00Z", "object_refs": [ "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", diff --git a/stix2/test/v21/test_threat_actor.py b/stix2/test/v21/test_threat_actor.py index 8ca31f1..a7a29f8 100644 --- a/stix2/test/v21/test_threat_actor.py +++ b/stix2/test/v21/test_threat_actor.py @@ -15,10 +15,10 @@ EXPECTED = """{ "created": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z", "name": "Evil Org", + "description": "The Evil Org threat actor group", "threat_actor_types": [ "crime-syndicate" - ], - "description": "The Evil Org threat actor group" + ] }""" diff --git a/stix2/test/v21/test_workbench.py b/stix2/test/v21/test_workbench.py index 646ec19..ea107db 100644 --- a/stix2/test/v21/test_workbench.py +++ b/stix2/test/v21/test_workbench.py @@ -287,7 +287,7 @@ def test_workbench_custom_property_object_in_observable_extension(): allow_custom=True, first_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z", - number_observed=0, + number_observed=1, objects={"0": artifact}, ) @@ -311,7 +311,7 @@ def test_workbench_custom_property_dict_in_observable_extension(): allow_custom=True, first_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z", - number_observed=0, + number_observed=1, objects={"0": artifact}, )