diff --git a/stix2/test/v21/constants.py b/stix2/test/v21/constants.py index d90b25c..e03c610 100644 --- a/stix2/test/v21/constants.py +++ b/stix2/test/v21/constants.py @@ -81,7 +81,6 @@ INTRUSION_SET_KWARGS = dict( MALWARE_KWARGS = dict( malware_types=['ransomware'], name="Cryptolocker", - is_family=True, ) MALWARE_MORE_KWARGS = dict( @@ -92,7 +91,6 @@ MALWARE_MORE_KWARGS = dict( malware_types=['ransomware'], name="Cryptolocker", description="A ransomware related to ...", - is_family=False, ) OBSERVED_DATA_KWARGS = dict( diff --git a/stix2/test/v21/test_bundle.py b/stix2/test/v21/test_bundle.py index 2657958..86c2d00 100644 --- a/stix2/test/v21/test_bundle.py +++ b/stix2/test/v21/test_bundle.py @@ -26,7 +26,6 @@ EXPECTED_BUNDLE = """{ "id": "malware--00000000-0000-4000-8000-000000000003", "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", - "is_family": true, "name": "Cryptolocker", "malware_types": [ "ransomware" @@ -71,7 +70,6 @@ EXPECTED_BUNDLE_DICT = { "malware_types": [ "ransomware", ], - "is_family": True, }, { "type": "relationship", diff --git a/stix2/test/v21/test_datastore_filters.py b/stix2/test/v21/test_datastore_filters.py index dbd15fb..0185bb5 100644 --- a/stix2/test/v21/test_datastore_filters.py +++ b/stix2/test/v21/test_datastore_filters.py @@ -16,7 +16,6 @@ stix_objs = [ "modified": "2017-01-27T13:49:53.997Z", "name": "Poison Ivy", "type": "malware", - "is_family": False, }, { "created": "2014-05-08T09:00:00.000Z", diff --git a/stix2/test/v21/test_environment.py b/stix2/test/v21/test_environment.py index e1b3157..21f0d7c 100644 --- a/stix2/test/v21/test_environment.py +++ b/stix2/test/v21/test_environment.py @@ -219,8 +219,7 @@ def test_parse_malware(): "name": "Cryptolocker", "malware_types": [ "ransomware" - ], - "is_family": false + ] }""" mal = env.parse(data, version="2.1") diff --git a/stix2/test/v21/test_malware.py b/stix2/test/v21/test_malware.py index cf113da..3ae96d9 100644 --- a/stix2/test/v21/test_malware.py +++ b/stix2/test/v21/test_malware.py @@ -14,7 +14,6 @@ EXPECTED_MALWARE = """{ "id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", - "is_family": true, "name": "Cryptolocker", "malware_types": [ "ransomware" @@ -32,7 +31,6 @@ def test_malware_with_all_required_properties(): modified=now, malware_types=["ransomware"], name="Cryptolocker", - is_family=True, ) assert str(mal) == EXPECTED_MALWARE @@ -79,12 +77,12 @@ def test_malware_required_properties(): stix2.v21.Malware() assert excinfo.value.cls == stix2.v21.Malware - assert excinfo.value.properties == ["is_family", "malware_types", "name"] + assert excinfo.value.properties == ["malware_types", "name"] def test_malware_required_property_name(): with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo: - stix2.v21.Malware(malware_types=['ransomware'], is_family=False) + stix2.v21.Malware(malware_types=['ransomware']) assert excinfo.value.cls == stix2.v21.Malware assert excinfo.value.properties == ["name"] @@ -117,7 +115,6 @@ def test_invalid_kwarg_to_malware(): "modified": "2016-05-12T08:17:27.000Z", "malware_types": ["ransomware"], "name": "Cryptolocker", - "is_family": True, }, ], ) @@ -131,7 +128,6 @@ def test_parse_malware(data): assert mal.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert mal.malware_types == ['ransomware'] assert mal.name == 'Cryptolocker' - assert mal.is_family is True def test_parse_malware_invalid_labels(): diff --git a/stix2/test/v21/test_relationship.py b/stix2/test/v21/test_relationship.py index c3207cf..0ec3e08 100644 --- a/stix2/test/v21/test_relationship.py +++ b/stix2/test/v21/test_relationship.py @@ -123,14 +123,14 @@ def test_create_relationship_from_objects_rather_than_ids1(indicator, malware): relationship_type="indicates", source_ref=indicator, target_ref=malware, - stop_time="2018-04-06T20:06:37Z", + stop_time="2016-04-06T20:03:48Z", ) assert rel.relationship_type == 'indicates' assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001' assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003' assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005' - assert rel.stop_time == '2018-04-06T20:06:37Z' + assert rel.stop_time == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) def test_create_relationship_from_objects_rather_than_ids2(indicator, malware): @@ -138,14 +138,14 @@ def test_create_relationship_from_objects_rather_than_ids2(indicator, malware): relationship_type="indicates", source_ref=indicator, target_ref=malware, - start_time="2018-04-06T20:06:37Z", + start_time="2016-04-06T20:03:48Z", ) assert rel.relationship_type == 'indicates' assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001' assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003' assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005' - assert rel.start_time == '2018-04-06T20:06:37Z' + assert rel.start_time == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc) def test_create_relationship_with_positional_args(indicator, malware): diff --git a/stix2/test/v21/test_versioning.py b/stix2/test/v21/test_versioning.py index d11fb4f..a7f4a2f 100644 --- a/stix2/test/v21/test_versioning.py +++ b/stix2/test/v21/test_versioning.py @@ -228,7 +228,6 @@ def test_remove_custom_stix_property(): mal = stix2.v21.Malware( name="ColePowers", malware_types=["rootkit"], - is_family=False, x_custom="armada", allow_custom=True, ) diff --git a/stix2/test/v21/test_workbench.py b/stix2/test/v21/test_workbench.py index 6892c84..646ec19 100644 --- a/stix2/test/v21/test_workbench.py +++ b/stix2/test/v21/test_workbench.py @@ -188,7 +188,7 @@ def test_workbench_related(): def test_workbench_related_with_filters(): malware = Malware( malware_types=["ransomware"], name="CryptorBit", - created_by_ref=IDENTITY_ID, is_family=False, + created_by_ref=IDENTITY_ID, ) rel = Relationship(malware.id, 'variant-of', MALWARE_ID) save([malware, rel]) diff --git a/stix2/v21/sdo.py b/stix2/v21/sdo.py index f26bb9a..cdc2b88 100644 --- a/stix2/v21/sdo.py +++ b/stix2/v21/sdo.py @@ -1,17 +1,15 @@ """STIX 2.1 Domain Objects""" from collections import OrderedDict -from math import fabs import itertools +from math import fabs -from ..base import _STIXBase from ..core import STIXDomainObject from ..custom import _custom_object_builder from ..properties import ( - BooleanProperty, DictionaryProperty, EmbeddedObjectProperty, EnumProperty, - FloatProperty, IDProperty, IntegerProperty, ListProperty, - ObservableProperty, PatternProperty, ReferenceProperty, StringProperty, - TimestampProperty, TypeProperty, + BooleanProperty, EnumProperty, FloatProperty, IDProperty, IntegerProperty, + ListProperty, ObservableProperty, PatternProperty, ReferenceProperty, + StringProperty, TimestampProperty, TypeProperty, ) from ..utils import NOW from .common import ExternalReference, GranularMarking, KillChainPhase @@ -254,30 +252,6 @@ class Location(STIXDomainObject): raise ValueError(msg.format(self)) -class AnalysisType(_STIXBase): - - _properties = OrderedDict([ - ('start_time', TimestampProperty()), - ('end_time', TimestampProperty()), - ('analysis_tools', ObservableProperty(spec_version='2.1')), - ('analysis_environment', DictionaryProperty(spec_version='2.1')), - ('results', DictionaryProperty(spec_version='2.1', required=True)), - ]) - - -class AVResultsType(_STIXBase): - - _properties = OrderedDict([ - ('product', StringProperty()), - ('engine_version', StringProperty()), - ('definition_version', StringProperty()), - ('submitted', TimestampProperty()), - ('scanned', TimestampProperty()), - ('result', StringProperty()), - ('details', StringProperty()), - ]) - - class Malware(STIXDomainObject): # TODO: Add link """For more detailed information on this object's properties, see @@ -292,21 +266,10 @@ class Malware(STIXDomainObject): ('created_by_ref', ReferenceProperty(type='identity')), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')), - ('is_family', BooleanProperty(required=True)), ('name', StringProperty(required=True)), ('malware_types', ListProperty(StringProperty, required=True)), ('description', StringProperty()), ('kill_chain_phases', ListProperty(KillChainPhase)), - ('first_seen', TimestampProperty()), - ('last_seen', TimestampProperty()), - ('os_execution_envs', ListProperty(StringProperty)), - ('architecture_execution_envs', ListProperty(StringProperty)), - ('implementation_languages', ListProperty(StringProperty)), - ('samples', ObservableProperty(spec_version='2.1')), - ('static_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))), - ('dynamic_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))), - ('av_results', ListProperty(EmbeddedObjectProperty(AVResultsType))), - ('capabilities', ListProperty(StringProperty)), ('revoked', BooleanProperty(default=lambda: False)), ('labels', ListProperty(StringProperty)), ('confidence', IntegerProperty()),