MALWARE RESTORE POINT - Reverted changes to Malware based on STIX 2.1 CSD01

Use this commit to restore Malware changes.
2018-07-25 13:34:56 -04:00 · 2018-07-25 13:34:56 -04:00 · ad76e7155c
parent 303159a818
commit ad76e7155c
9 changed files with 12 additions and 60 deletions
--- a/stix2/test/v21/constants.py
+++ b/stix2/test/v21/constants.py
@ -81,7 +81,6 @@ INTRUSION_SET_KWARGS = dict(
 MALWARE_KWARGS = dict(
    malware_types=['ransomware'],
    name="Cryptolocker",
-    is_family=True,
 )

 MALWARE_MORE_KWARGS = dict(
@ -92,7 +91,6 @@ MALWARE_MORE_KWARGS = dict(
    malware_types=['ransomware'],
    name="Cryptolocker",
    description="A ransomware related to ...",
-    is_family=False,
 )

 OBSERVED_DATA_KWARGS = dict(
--- a/stix2/test/v21/test_bundle.py
+++ b/stix2/test/v21/test_bundle.py
@ -26,7 +26,6 @@ EXPECTED_BUNDLE = """{
            "id": "malware--00000000-0000-4000-8000-000000000003",
            "created": "2017-01-01T12:34:56.000Z",
            "modified": "2017-01-01T12:34:56.000Z",
-            "is_family": true,
            "name": "Cryptolocker",
            "malware_types": [
                "ransomware"
@ -71,7 +70,6 @@ EXPECTED_BUNDLE_DICT = {
            "malware_types": [
                "ransomware",
            ],
-            "is_family": True,
        },
        {
            "type": "relationship",
--- a/stix2/test/v21/test_datastore_filters.py
+++ b/stix2/test/v21/test_datastore_filters.py
@ -16,7 +16,6 @@ stix_objs = [
        "modified": "2017-01-27T13:49:53.997Z",
        "name": "Poison Ivy",
        "type": "malware",
-        "is_family": False,
    },
    {
        "created": "2014-05-08T09:00:00.000Z",
--- a/stix2/test/v21/test_environment.py
+++ b/stix2/test/v21/test_environment.py
@ -219,8 +219,7 @@ def test_parse_malware():
        "name": "Cryptolocker",
        "malware_types": [
            "ransomware"
-        ],
-        "is_family": false
+        ]
    }"""
    mal = env.parse(data, version="2.1")

--- a/stix2/test/v21/test_malware.py
+++ b/stix2/test/v21/test_malware.py
@ -14,7 +14,6 @@ EXPECTED_MALWARE = """{
    "id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
    "created": "2016-05-12T08:17:27.000Z",
    "modified": "2016-05-12T08:17:27.000Z",
-    "is_family": true,
    "name": "Cryptolocker",
    "malware_types": [
        "ransomware"
@ -32,7 +31,6 @@ def test_malware_with_all_required_properties():
        modified=now,
        malware_types=["ransomware"],
        name="Cryptolocker",
-        is_family=True,
    )

    assert str(mal) == EXPECTED_MALWARE
@ -79,12 +77,12 @@ def test_malware_required_properties():
        stix2.v21.Malware()

    assert excinfo.value.cls == stix2.v21.Malware
-    assert excinfo.value.properties == ["is_family", "malware_types", "name"]
+    assert excinfo.value.properties == ["malware_types", "name"]


 def test_malware_required_property_name():
    with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo:
-        stix2.v21.Malware(malware_types=['ransomware'], is_family=False)
+        stix2.v21.Malware(malware_types=['ransomware'])

    assert excinfo.value.cls == stix2.v21.Malware
    assert excinfo.value.properties == ["name"]
@ -117,7 +115,6 @@ def test_invalid_kwarg_to_malware():
            "modified": "2016-05-12T08:17:27.000Z",
            "malware_types": ["ransomware"],
            "name": "Cryptolocker",
-            "is_family": True,
        },
    ],
 )
@ -131,7 +128,6 @@ def test_parse_malware(data):
    assert mal.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
    assert mal.malware_types == ['ransomware']
    assert mal.name == 'Cryptolocker'
-    assert mal.is_family is True


 def test_parse_malware_invalid_labels():
--- a/stix2/test/v21/test_relationship.py
+++ b/stix2/test/v21/test_relationship.py
@ -123,14 +123,14 @@ def test_create_relationship_from_objects_rather_than_ids1(indicator, malware):
        relationship_type="indicates",
        source_ref=indicator,
        target_ref=malware,
-        stop_time="2018-04-06T20:06:37Z",
+        stop_time="2016-04-06T20:03:48Z",
    )

    assert rel.relationship_type == 'indicates'
    assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
    assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
    assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
-    assert rel.stop_time == '2018-04-06T20:06:37Z'
+    assert rel.stop_time == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)


 def test_create_relationship_from_objects_rather_than_ids2(indicator, malware):
@ -138,14 +138,14 @@ def test_create_relationship_from_objects_rather_than_ids2(indicator, malware):
        relationship_type="indicates",
        source_ref=indicator,
        target_ref=malware,
-        start_time="2018-04-06T20:06:37Z",
+        start_time="2016-04-06T20:03:48Z",
    )

    assert rel.relationship_type == 'indicates'
    assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
    assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
    assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
-    assert rel.start_time == '2018-04-06T20:06:37Z'
+    assert rel.start_time == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)


 def test_create_relationship_with_positional_args(indicator, malware):
--- a/stix2/test/v21/test_versioning.py
+++ b/stix2/test/v21/test_versioning.py
@ -228,7 +228,6 @@ def test_remove_custom_stix_property():
    mal = stix2.v21.Malware(
        name="ColePowers",
        malware_types=["rootkit"],
-        is_family=False,
        x_custom="armada",
        allow_custom=True,
    )
--- a/stix2/test/v21/test_workbench.py
+++ b/stix2/test/v21/test_workbench.py
@ -188,7 +188,7 @@ def test_workbench_related():
 def test_workbench_related_with_filters():
    malware = Malware(
        malware_types=["ransomware"], name="CryptorBit",
-        created_by_ref=IDENTITY_ID, is_family=False,
+        created_by_ref=IDENTITY_ID,
    )
    rel = Relationship(malware.id, 'variant-of', MALWARE_ID)
    save([malware, rel])
--- a/stix2/v21/sdo.py
+++ b/stix2/v21/sdo.py
@ -1,17 +1,15 @@
 """STIX 2.1 Domain Objects"""

 from collections import OrderedDict
-from math import fabs
 import itertools
+from math import fabs

-from ..base import _STIXBase
 from ..core import STIXDomainObject
 from ..custom import _custom_object_builder
 from ..properties import (
-    BooleanProperty, DictionaryProperty, EmbeddedObjectProperty, EnumProperty,
-    FloatProperty, IDProperty, IntegerProperty, ListProperty,
-    ObservableProperty, PatternProperty, ReferenceProperty, StringProperty,
-    TimestampProperty, TypeProperty,
+    BooleanProperty, EnumProperty, FloatProperty, IDProperty, IntegerProperty,
+    ListProperty, ObservableProperty, PatternProperty, ReferenceProperty,
+    StringProperty, TimestampProperty, TypeProperty,
 )
 from ..utils import NOW
 from .common import ExternalReference, GranularMarking, KillChainPhase
@ -254,30 +252,6 @@ class Location(STIXDomainObject):
            raise ValueError(msg.format(self))


-class AnalysisType(_STIXBase):
-
-    _properties = OrderedDict([
-        ('start_time', TimestampProperty()),
-        ('end_time', TimestampProperty()),
-        ('analysis_tools', ObservableProperty(spec_version='2.1')),
-        ('analysis_environment', DictionaryProperty(spec_version='2.1')),
-        ('results', DictionaryProperty(spec_version='2.1', required=True)),
-    ])
-
-
-class AVResultsType(_STIXBase):
-
-    _properties = OrderedDict([
-        ('product', StringProperty()),
-        ('engine_version', StringProperty()),
-        ('definition_version', StringProperty()),
-        ('submitted', TimestampProperty()),
-        ('scanned', TimestampProperty()),
-        ('result', StringProperty()),
-        ('details', StringProperty()),
-    ])
-
-
 class Malware(STIXDomainObject):
    # TODO: Add link
    """For more detailed information on this object's properties, see
@ -292,21 +266,10 @@ class Malware(STIXDomainObject):
        ('created_by_ref', ReferenceProperty(type='identity')),
        ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
        ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
-        ('is_family', BooleanProperty(required=True)),
        ('name', StringProperty(required=True)),
        ('malware_types', ListProperty(StringProperty, required=True)),
        ('description', StringProperty()),
        ('kill_chain_phases', ListProperty(KillChainPhase)),
-        ('first_seen', TimestampProperty()),
-        ('last_seen', TimestampProperty()),
-        ('os_execution_envs', ListProperty(StringProperty)),
-        ('architecture_execution_envs', ListProperty(StringProperty)),
-        ('implementation_languages', ListProperty(StringProperty)),
-        ('samples', ObservableProperty(spec_version='2.1')),
-        ('static_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))),
-        ('dynamic_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))),
-        ('av_results', ListProperty(EmbeddedObjectProperty(AVResultsType))),
-        ('capabilities', ListProperty(StringProperty)),
        ('revoked', BooleanProperty(default=lambda: False)),
        ('labels', ListProperty(StringProperty)),
        ('confidence', IntegerProperty()),