MALWARE RESTORE POINT - Reverted changes to Malware based on STIX 2.1 CSD01

Use this commit to restore Malware changes.
stix2.1
Emmanuelle Vargas-Gonzalez 2018-07-25 13:34:56 -04:00
parent 303159a818
commit ad76e7155c
9 changed files with 12 additions and 60 deletions

View File

@ -81,7 +81,6 @@ INTRUSION_SET_KWARGS = dict(
MALWARE_KWARGS = dict(
malware_types=['ransomware'],
name="Cryptolocker",
is_family=True,
)
MALWARE_MORE_KWARGS = dict(
@ -92,7 +91,6 @@ MALWARE_MORE_KWARGS = dict(
malware_types=['ransomware'],
name="Cryptolocker",
description="A ransomware related to ...",
is_family=False,
)
OBSERVED_DATA_KWARGS = dict(

View File

@ -26,7 +26,6 @@ EXPECTED_BUNDLE = """{
"id": "malware--00000000-0000-4000-8000-000000000003",
"created": "2017-01-01T12:34:56.000Z",
"modified": "2017-01-01T12:34:56.000Z",
"is_family": true,
"name": "Cryptolocker",
"malware_types": [
"ransomware"
@ -71,7 +70,6 @@ EXPECTED_BUNDLE_DICT = {
"malware_types": [
"ransomware",
],
"is_family": True,
},
{
"type": "relationship",

View File

@ -16,7 +16,6 @@ stix_objs = [
"modified": "2017-01-27T13:49:53.997Z",
"name": "Poison Ivy",
"type": "malware",
"is_family": False,
},
{
"created": "2014-05-08T09:00:00.000Z",

View File

@ -219,8 +219,7 @@ def test_parse_malware():
"name": "Cryptolocker",
"malware_types": [
"ransomware"
],
"is_family": false
]
}"""
mal = env.parse(data, version="2.1")

View File

@ -14,7 +14,6 @@ EXPECTED_MALWARE = """{
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
"created": "2016-05-12T08:17:27.000Z",
"modified": "2016-05-12T08:17:27.000Z",
"is_family": true,
"name": "Cryptolocker",
"malware_types": [
"ransomware"
@ -32,7 +31,6 @@ def test_malware_with_all_required_properties():
modified=now,
malware_types=["ransomware"],
name="Cryptolocker",
is_family=True,
)
assert str(mal) == EXPECTED_MALWARE
@ -79,12 +77,12 @@ def test_malware_required_properties():
stix2.v21.Malware()
assert excinfo.value.cls == stix2.v21.Malware
assert excinfo.value.properties == ["is_family", "malware_types", "name"]
assert excinfo.value.properties == ["malware_types", "name"]
def test_malware_required_property_name():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v21.Malware(malware_types=['ransomware'], is_family=False)
stix2.v21.Malware(malware_types=['ransomware'])
assert excinfo.value.cls == stix2.v21.Malware
assert excinfo.value.properties == ["name"]
@ -117,7 +115,6 @@ def test_invalid_kwarg_to_malware():
"modified": "2016-05-12T08:17:27.000Z",
"malware_types": ["ransomware"],
"name": "Cryptolocker",
"is_family": True,
},
],
)
@ -131,7 +128,6 @@ def test_parse_malware(data):
assert mal.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert mal.malware_types == ['ransomware']
assert mal.name == 'Cryptolocker'
assert mal.is_family is True
def test_parse_malware_invalid_labels():

View File

@ -123,14 +123,14 @@ def test_create_relationship_from_objects_rather_than_ids1(indicator, malware):
relationship_type="indicates",
source_ref=indicator,
target_ref=malware,
stop_time="2018-04-06T20:06:37Z",
stop_time="2016-04-06T20:03:48Z",
)
assert rel.relationship_type == 'indicates'
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
assert rel.stop_time == '2018-04-06T20:06:37Z'
assert rel.stop_time == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
def test_create_relationship_from_objects_rather_than_ids2(indicator, malware):
@ -138,14 +138,14 @@ def test_create_relationship_from_objects_rather_than_ids2(indicator, malware):
relationship_type="indicates",
source_ref=indicator,
target_ref=malware,
start_time="2018-04-06T20:06:37Z",
start_time="2016-04-06T20:03:48Z",
)
assert rel.relationship_type == 'indicates'
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
assert rel.start_time == '2018-04-06T20:06:37Z'
assert rel.start_time == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
def test_create_relationship_with_positional_args(indicator, malware):

View File

@ -228,7 +228,6 @@ def test_remove_custom_stix_property():
mal = stix2.v21.Malware(
name="ColePowers",
malware_types=["rootkit"],
is_family=False,
x_custom="armada",
allow_custom=True,
)

View File

@ -188,7 +188,7 @@ def test_workbench_related():
def test_workbench_related_with_filters():
malware = Malware(
malware_types=["ransomware"], name="CryptorBit",
created_by_ref=IDENTITY_ID, is_family=False,
created_by_ref=IDENTITY_ID,
)
rel = Relationship(malware.id, 'variant-of', MALWARE_ID)
save([malware, rel])

View File

@ -1,17 +1,15 @@
"""STIX 2.1 Domain Objects"""
from collections import OrderedDict
from math import fabs
import itertools
from math import fabs
from ..base import _STIXBase
from ..core import STIXDomainObject
from ..custom import _custom_object_builder
from ..properties import (
BooleanProperty, DictionaryProperty, EmbeddedObjectProperty, EnumProperty,
FloatProperty, IDProperty, IntegerProperty, ListProperty,
ObservableProperty, PatternProperty, ReferenceProperty, StringProperty,
TimestampProperty, TypeProperty,
BooleanProperty, EnumProperty, FloatProperty, IDProperty, IntegerProperty,
ListProperty, ObservableProperty, PatternProperty, ReferenceProperty,
StringProperty, TimestampProperty, TypeProperty,
)
from ..utils import NOW
from .common import ExternalReference, GranularMarking, KillChainPhase
@ -254,30 +252,6 @@ class Location(STIXDomainObject):
raise ValueError(msg.format(self))
class AnalysisType(_STIXBase):
_properties = OrderedDict([
('start_time', TimestampProperty()),
('end_time', TimestampProperty()),
('analysis_tools', ObservableProperty(spec_version='2.1')),
('analysis_environment', DictionaryProperty(spec_version='2.1')),
('results', DictionaryProperty(spec_version='2.1', required=True)),
])
class AVResultsType(_STIXBase):
_properties = OrderedDict([
('product', StringProperty()),
('engine_version', StringProperty()),
('definition_version', StringProperty()),
('submitted', TimestampProperty()),
('scanned', TimestampProperty()),
('result', StringProperty()),
('details', StringProperty()),
])
class Malware(STIXDomainObject):
# TODO: Add link
"""For more detailed information on this object's properties, see
@ -292,21 +266,10 @@ class Malware(STIXDomainObject):
('created_by_ref', ReferenceProperty(type='identity')),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
('is_family', BooleanProperty(required=True)),
('name', StringProperty(required=True)),
('malware_types', ListProperty(StringProperty, required=True)),
('description', StringProperty()),
('kill_chain_phases', ListProperty(KillChainPhase)),
('first_seen', TimestampProperty()),
('last_seen', TimestampProperty()),
('os_execution_envs', ListProperty(StringProperty)),
('architecture_execution_envs', ListProperty(StringProperty)),
('implementation_languages', ListProperty(StringProperty)),
('samples', ObservableProperty(spec_version='2.1')),
('static_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))),
('dynamic_analysis_results', ListProperty(EmbeddedObjectProperty(AnalysisType))),
('av_results', ListProperty(EmbeddedObjectProperty(AVResultsType))),
('capabilities', ListProperty(StringProperty)),
('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)),
('confidence', IntegerProperty()),