MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Update tests to new object constraints

stix2.1
Emmanuelle Vargas-Gonzalez 2018-10-15 14:48:52 -04:00
parent 120e897e9b
commit acd86c80dd
9 changed files with 108 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
stix2/test/v21/test_custom.py
View File

@ -172,7 +172,7 @@ def test_custom_property_in_observed_data():
allow_custom=True, allow_custom=True,
first_observed="2015-12-21T19:00:00Z", first_observed="2015-12-21T19:00:00Z",
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
number_observed=0, number_observed=1,
objects={"0": artifact}, objects={"0": artifact},
) )
@ -194,7 +194,7 @@ def test_custom_property_object_in_observable_extension():
allow_custom=True, allow_custom=True,
first_observed="2015-12-21T19:00:00Z", first_observed="2015-12-21T19:00:00Z",
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
number_observed=0, number_observed=1,
objects={"0": artifact}, objects={"0": artifact},
) )
@ -229,7 +229,7 @@ def test_custom_property_dict_in_observable_extension():
allow_custom=True, allow_custom=True,
first_observed="2015-12-21T19:00:00Z", first_observed="2015-12-21T19:00:00Z",
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
number_observed=0, number_observed=1,
objects={"0": artifact}, objects={"0": artifact},
) )

1
stix2/test/v21/test_datastore_memory.py
View File

@ -174,7 +174,6 @@ def test_memory_store_all_versions(mem_store):
mem_store.add(dict( mem_store.add(dict(
id="bundle--%s" % make_id(), id="bundle--%s" % make_id(),
objects=STIX_OBJS2, objects=STIX_OBJS2,
spec_version="2.0",
type="bundle", type="bundle",
)) ))

74
stix2/test/v21/test_location.py
View File

@ -115,7 +115,7 @@ def test_location_bad_latitude(data):
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
stix2.parse(data) stix2.parse(data)
assert str(excinfo.value) == "{id} 'latitude' must be between -90 and 90. Received {latitude}".format(**data) assert "Invalid value for Location 'latitude'" in str(excinfo.value)
@pytest.mark.parametrize( @pytest.mark.parametrize(
@ -144,7 +144,7 @@ def test_location_bad_longitude(data):
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
stix2.parse(data) stix2.parse(data)
assert str(excinfo.value) == "{id} 'longitude' must be between -180 and 180. Received {longitude}".format(**data) assert "Invalid value for Location 'longitude'" in str(excinfo.value)
@pytest.mark.parametrize( @pytest.mark.parametrize(
@ -194,4 +194,72 @@ def test_location_negative_precision(data):
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
stix2.parse(data) stix2.parse(data)
assert str(excinfo.value) == "{id} 'precision' must be a positive value. Received {precision}".format(**data) assert "Invalid value for Location 'precision'" in str(excinfo.value)
@pytest.mark.parametrize(
"data,msg", [
(
{
"type": "location",
"spec_version": "2.1",
"id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64",
"created": "2016-04-06T20:03:00.000Z",
"modified": "2016-04-06T20:03:00.000Z",
"latitude": 18.468842,
"precision": 5.0,
},
"(longitude, precision) are not met."
),
(
{
"type": "location",
"spec_version": "2.1",
"id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64",
"created": "2016-04-06T20:03:00.000Z",
"modified": "2016-04-06T20:03:00.000Z",
"longitude": 160.7,
"precision": 5.0,
},
"(latitude, precision) are not met."
),
],
)
def test_location_precision_dependency_missing(data, msg):
with pytest.raises(stix2.exceptions.DependentPropertiesError) as excinfo:
stix2.parse(data)
assert msg in str(excinfo.value)
@pytest.mark.parametrize(
"data,msg", [
(
{
"type": "location",
"spec_version": "2.1",
"id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64",
"created": "2016-04-06T20:03:00.000Z",
"modified": "2016-04-06T20:03:00.000Z",
"latitude": 18.468842,
},
"(longitude, latitude) are not met."
),
(
{
"type": "location",
"spec_version": "2.1",
"id": "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64",
"created": "2016-04-06T20:03:00.000Z",
"modified": "2016-04-06T20:03:00.000Z",
"longitude": 160.7,
},
"(latitude, longitude) are not met."
),
],
)
def test_location_precision_dependency_missing(data, msg):
with pytest.raises(stix2.exceptions.DependentPropertiesError) as excinfo:
stix2.parse(data)
assert msg in str(excinfo.value)

26
stix2/test/v21/test_note.py
View File

@ -8,7 +8,7 @@ import stix2
from .constants import CAMPAIGN_ID, NOTE_ID from .constants import CAMPAIGN_ID, NOTE_ID
DESCRIPTION = ( CONTENT = (
'This note indicates the various steps taken by the threat' 'This note indicates the various steps taken by the threat'
' analyst team to investigate this specific campaign. Step' ' analyst team to investigate this specific campaign. Step'
' 1) Do a scan 2) Review scanned results for identified ' ' 1) Do a scan 2) Review scanned results for identified '
@ -21,8 +21,8 @@ EXPECTED_NOTE = """{
"id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", "id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created": "2016-05-12T08:17:27.000Z", "created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z",
"summary": "Tracking Team Note#1", "abstract": "Tracking Team Note#1",
"description": "%s", "content": "%s",
"authors": [ "authors": [
"John Doe" "John Doe"
], ],
@ -35,7 +35,7 @@ EXPECTED_NOTE = """{
"external_id": "job-id-1234" "external_id": "job-id-1234"
} }
] ]
}""" % DESCRIPTION }""" % CONTENT
EXPECTED_OPINION_REPR = "Note(" + " ".join(( EXPECTED_OPINION_REPR = "Note(" + " ".join((
""" """
@ -44,12 +44,12 @@ EXPECTED_OPINION_REPR = "Note(" + " ".join((
id='note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061', id='note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061',
created='2016-05-12T08:17:27.000Z', created='2016-05-12T08:17:27.000Z',
modified='2016-05-12T08:17:27.000Z', modified='2016-05-12T08:17:27.000Z',
summary='Tracking Team Note#1', abstract='Tracking Team Note#1',
description='%s', content='%s',
authors=['John Doe'], authors=['John Doe'],
object_refs=['campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f'], object_refs=['campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f'],
external_references=[ExternalReference(source_name='job-tracker', external_id='job-id-1234')] external_references=[ExternalReference(source_name='job-tracker', external_id='job-id-1234')]
""" % DESCRIPTION """ % CONTENT
).split()) + ")" ).split()) + ")"
@ -61,10 +61,10 @@ def test_note_with_required_properties():
id=NOTE_ID, id=NOTE_ID,
created=now, created=now,
modified=now, modified=now,
summary='Tracking Team Note#1', abstract='Tracking Team Note#1',
object_refs=[CAMPAIGN_ID], object_refs=[CAMPAIGN_ID],
authors=['John Doe'], authors=['John Doe'],
description=DESCRIPTION, content=CONTENT,
external_references=[ external_references=[
{ {
'source_name': 'job-tracker', 'source_name': 'job-tracker',
@ -87,8 +87,8 @@ def test_note_with_required_properties():
"id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061", "id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
"created": "2016-05-12T08:17:27.000Z", "created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z",
"summary": "Tracking Team Note#1", "abstract": "Tracking Team Note#1",
"description": DESCRIPTION, "content": CONTENT,
"authors": [ "authors": [
"John Doe", "John Doe",
], ],
@ -114,7 +114,7 @@ def test_parse_note(data):
assert note.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert note.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert note.object_refs[0] == CAMPAIGN_ID assert note.object_refs[0] == CAMPAIGN_ID
assert note.authors[0] == 'John Doe' assert note.authors[0] == 'John Doe'
assert note.summary == 'Tracking Team Note#1' assert note.abstract == 'Tracking Team Note#1'
assert note.description == DESCRIPTION assert note.content == CONTENT
rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(note)) rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(note))
assert rep == EXPECTED_OPINION_REPR assert rep == EXPECTED_OPINION_REPR

28
stix2/test/v21/test_observed_data.py
View File

@ -409,8 +409,7 @@ def test_parse_email_message_not_multipart(data):
"0", "0",
"1", "1",
"2" "2"
], ]
"version": "5.0"
} }
} }
}""", }""",
@ -419,7 +418,8 @@ def test_parse_email_message_not_multipart(data):
def test_parse_file_archive(data): def test_parse_file_archive(data):
odata_str = OBJECTS_REGEX.sub('"objects": { %s }' % data, EXPECTED) odata_str = OBJECTS_REGEX.sub('"objects": { %s }' % data, EXPECTED)
odata = stix2.parse(odata_str, version="2.1") odata = stix2.parse(odata_str, version="2.1")
assert odata.objects["3"].extensions['archive-ext'].version == "5.0" assert all(x in odata.objects["3"].extensions['archive-ext'].contains_refs
for x in ["0", "1", "2"])
@pytest.mark.parametrize( @pytest.mark.parametrize(
@ -553,11 +553,8 @@ EXPECTED_PROCESS_OD = """{
"1": { "1": {
"type": "process", "type": "process",
"pid": 1221, "pid": 1221,
"name": "gedit-bin",
"created": "2016-01-20T14:11:25.55Z", "created": "2016-01-20T14:11:25.55Z",
"arguments" :[ "command_line": "./gedit-bin --new-window",
"--new-window"
],
"binary_ref": "0" "binary_ref": "0"
} }
}, },
@ -585,11 +582,8 @@ def test_observed_data_with_process_example():
"1": { "1": {
"type": "process", "type": "process",
"pid": 1221, "pid": 1221,
"name": "gedit-bin",
"created": "2016-01-20T14:11:25.55Z", "created": "2016-01-20T14:11:25.55Z",
"arguments": [ "command_line": "./gedit-bin --new-window",
"--new-window",
],
"image_ref": "0", "image_ref": "0",
}, },
}, },
@ -599,8 +593,7 @@ def test_observed_data_with_process_example():
assert observed_data.objects["0"].hashes["SHA-256"] == "35a01331e9ad96f751278b891b6ea09699806faedfa237d40513d92ad1b7100f" assert observed_data.objects["0"].hashes["SHA-256"] == "35a01331e9ad96f751278b891b6ea09699806faedfa237d40513d92ad1b7100f"
assert observed_data.objects["1"].type == "process" assert observed_data.objects["1"].type == "process"
assert observed_data.objects["1"].pid == 1221 assert observed_data.objects["1"].pid == 1221
assert observed_data.objects["1"].name == "gedit-bin" assert observed_data.objects["1"].command_line == "./gedit-bin --new-window"
assert observed_data.objects["1"].arguments[0] == "--new-window"
# creating cyber observables directly # creating cyber observables directly
@ -834,7 +827,6 @@ RASTER_IMAGE_EXT = """{
"image_height": 768, "image_height": 768,
"image_width": 1024, "image_width": 1024,
"bits_per_pixel": 72, "bits_per_pixel": 72,
"image_compression_algorithm": "JPEG",
"exif_tags": { "exif_tags": {
"Make": "Nikon", "Make": "Nikon",
"Model": "D7000", "Model": "D7000",
@ -1055,14 +1047,12 @@ def test_process_example():
p = stix2.v21.Process( p = stix2.v21.Process(
_valid_refs={"0": "file"}, _valid_refs={"0": "file"},
pid=1221, pid=1221,
name="gedit-bin",
created="2016-01-20T14:11:25.55Z", created="2016-01-20T14:11:25.55Z",
arguments=["--new-window"], command_line="./gedit-bin --new-window",
image_ref="0", image_ref="0",
) )
assert p.name == "gedit-bin" assert p.command_line == "./gedit-bin --new-window"
assert p.arguments == ["--new-window"]
def test_process_example_empty_error(): def test_process_example_empty_error():
@ -1095,7 +1085,6 @@ def test_process_example_empty_with_extensions():
def test_process_example_windows_process_ext(): def test_process_example_windows_process_ext():
proc = stix2.v21.Process( proc = stix2.v21.Process(
pid=314, pid=314,
name="foobar.exe",
extensions={ extensions={
"windows-process-ext": { "windows-process-ext": {
"aslr_enabled": True, "aslr_enabled": True,
@ -1115,7 +1104,6 @@ def test_process_example_windows_process_ext_empty():
with pytest.raises(stix2.exceptions.AtLeastOnePropertyError) as excinfo: with pytest.raises(stix2.exceptions.AtLeastOnePropertyError) as excinfo:
stix2.v21.Process( stix2.v21.Process(
pid=1221, pid=1221,
name="gedit-bin",
extensions={ extensions={
"windows-process-ext": {}, "windows-process-ext": {},
}, },

16
stix2/test/v21/test_opinion.py
View File

@ -8,7 +8,7 @@ import stix2
from .constants import OPINION_ID from .constants import OPINION_ID
DESCRIPTION = ( EXPLANATION = (
'This doesn\'t seem like it is feasible. We\'ve seen how ' 'This doesn\'t seem like it is feasible. We\'ve seen how '
'PandaCat has attacked Spanish infrastructure over the ' 'PandaCat has attacked Spanish infrastructure over the '
'last 3 years, so this change in targeting seems too great' 'last 3 years, so this change in targeting seems too great'
@ -22,12 +22,12 @@ EXPECTED_OPINION = """{
"id": "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7", "id": "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7",
"created": "2016-05-12T08:17:27.000Z", "created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z",
"description": "%s", "explanation": "%s",
"object_refs": [ "object_refs": [
"relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471" "relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471"
], ],
"opinion": "strongly-disagree" "opinion": "strongly-disagree"
}""" % DESCRIPTION }""" % EXPLANATION
EXPECTED_OPINION_REPR = "Opinion(" + " ".join(( EXPECTED_OPINION_REPR = "Opinion(" + " ".join((
""" """
@ -36,9 +36,9 @@ EXPECTED_OPINION_REPR = "Opinion(" + " ".join((
id='opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7', id='opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7',
created='2016-05-12T08:17:27.000Z', created='2016-05-12T08:17:27.000Z',
modified='2016-05-12T08:17:27.000Z', modified='2016-05-12T08:17:27.000Z',
description="%s", explanation="%s",
object_refs=['relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'], object_refs=['relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'],
opinion='strongly-disagree'""" % DESCRIPTION opinion='strongly-disagree'""" % EXPLANATION
).split()) + ")" ).split()) + ")"
@ -52,7 +52,7 @@ def test_opinion_with_required_properties():
modified=now, modified=now,
object_refs=['relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'], object_refs=['relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'],
opinion='strongly-disagree', opinion='strongly-disagree',
description=DESCRIPTION, explanation=EXPLANATION,
) )
assert str(opi) == EXPECTED_OPINION assert str(opi) == EXPECTED_OPINION
@ -69,7 +69,7 @@ def test_opinion_with_required_properties():
"id": "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7", "id": "opinion--b01efc25-77b4-4003-b18b-f6e24b5cd9f7",
"created": "2016-05-12T08:17:27.000Z", "created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z",
"description": DESCRIPTION, "explanation": EXPLANATION,
"object_refs": [ "object_refs": [
"relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471", "relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471",
], ],
@ -87,6 +87,6 @@ def test_parse_opinion(data):
assert opinion.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert opinion.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert opinion.opinion == 'strongly-disagree' assert opinion.opinion == 'strongly-disagree'
assert opinion.object_refs[0] == 'relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471' assert opinion.object_refs[0] == 'relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'
assert opinion.description == DESCRIPTION assert opinion.explanation == EXPLANATION
rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(opinion)) rep = re.sub(r"(\[|=| )u('|\"|\\\'|\\\")", r"\g<1>\g<2>", repr(opinion))
assert rep == EXPECTED_OPINION_REPR assert rep == EXPECTED_OPINION_REPR

2
stix2/test/v21/test_report.py
View File

@ -15,10 +15,10 @@ EXPECTED = """{
"created": "2015-12-21T19:59:11.000Z", "created": "2015-12-21T19:59:11.000Z",
"modified": "2015-12-21T19:59:11.000Z", "modified": "2015-12-21T19:59:11.000Z",
"name": "The Black Vine Cyberespionage Group", "name": "The Black Vine Cyberespionage Group",
"description": "A simple report with an indicator and campaign",
"report_types": [ "report_types": [
"campaign" "campaign"
], ],
"description": "A simple report with an indicator and campaign",
"published": "2016-01-20T17:00:00Z", "published": "2016-01-20T17:00:00Z",
"object_refs": [ "object_refs": [
"indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2", "indicator--26ffb872-1dd9-446e-b6f5-d58527e5b5d2",

4
stix2/test/v21/test_threat_actor.py
View File

@ -15,10 +15,10 @@ EXPECTED = """{
"created": "2016-04-06T20:03:48.000Z", "created": "2016-04-06T20:03:48.000Z",
"modified": "2016-04-06T20:03:48.000Z", "modified": "2016-04-06T20:03:48.000Z",
"name": "Evil Org", "name": "Evil Org",
"description": "The Evil Org threat actor group",
"threat_actor_types": [ "threat_actor_types": [
"crime-syndicate" "crime-syndicate"
], ]
"description": "The Evil Org threat actor group"
}""" }"""

4
stix2/test/v21/test_workbench.py
View File

@ -287,7 +287,7 @@ def test_workbench_custom_property_object_in_observable_extension():
allow_custom=True, allow_custom=True,
first_observed="2015-12-21T19:00:00Z", first_observed="2015-12-21T19:00:00Z",
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
number_observed=0, number_observed=1,
objects={"0": artifact}, objects={"0": artifact},
) )
@ -311,7 +311,7 @@ def test_workbench_custom_property_dict_in_observable_extension():
allow_custom=True, allow_custom=True,
first_observed="2015-12-21T19:00:00Z", first_observed="2015-12-21T19:00:00Z",
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
number_observed=0, number_observed=1,
objects={"0": artifact}, objects={"0": artifact},
) )