From b2ee33208f3e78b9a8043d3bbc61bb51fe44fa79 Mon Sep 17 00:00:00 2001 From: Chris Lenk Date: Fri, 12 Jun 2020 14:31:01 -0400 Subject: [PATCH] Set STIX 2.1 as default, fix indicator.valid_from --- README.rst | 3 ++- stix2/__init__.py | 4 ++-- stix2/properties.py | 7 ++++++- stix2/test/v21/test_indicator.py | 6 +++--- stix2/v21/sdo.py | 2 +- 5 files changed, 14 insertions(+), 8 deletions(-) diff --git a/README.rst b/README.rst index 0bf30fd..37890da 100644 --- a/README.rst +++ b/README.rst @@ -33,7 +33,8 @@ be set automatically if not provided as keyword arguments. from stix2 import Indicator indicator = Indicator(name="File hash for malware variant", - labels=["malicious-activity"], + indicator_types=["malicious-activity"], + pattern_type="stix", pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']") To parse a STIX JSON string into a Python STIX object, use ``parse()``: diff --git a/stix2/__init__.py b/stix2/__init__.py index 26eed6f..10384b1 100644 --- a/stix2/__init__.py +++ b/stix2/__init__.py @@ -20,7 +20,7 @@ # flake8: noqa -DEFAULT_VERSION = '2.0' # Default version will always be the latest STIX 2.X version +DEFAULT_VERSION = '2.1' # Default version will always be the latest STIX 2.X version from .confidence import scales from .datastore import CompositeDataSource @@ -53,7 +53,7 @@ from .patterns import ( RepeatQualifier, StartStopQualifier, StringConstant, TimestampConstant, WithinQualifier, ) -from .v20 import * # This import will always be the latest STIX 2.X version +from .v21 import * # This import will always be the latest STIX 2.X version from .version import __version__ from .versioning import new_version, revoke diff --git a/stix2/properties.py b/stix2/properties.py index 8bb0636..9da5c29 100644 --- a/stix2/properties.py +++ b/stix2/properties.py @@ -14,7 +14,7 @@ import stix2 from .base import _STIXBase from .exceptions import ( CustomContentError, DictionaryKeyError, MissingPropertiesError, - MutuallyExclusivePropertiesError, + MutuallyExclusivePropertiesError, STIXError, ) from .parsing import STIX2_OBJ_MAPS, parse, parse_observable from .utils import _get_dict, get_class_hierarchy_names, parse_into_datetime @@ -168,6 +168,11 @@ class Property(object): def __init__(self, required=False, fixed=None, default=None): self.required = required + + if required and default: + raise STIXError("Cant't use 'required' and 'default' together. 'required'" + "really means 'the user must provide this.'") + if fixed: self._fixed_value = fixed self.clean = self._default_clean diff --git a/stix2/test/v21/test_indicator.py b/stix2/test/v21/test_indicator.py index 76fe86b..8452f70 100644 --- a/stix2/test/v21/test_indicator.py +++ b/stix2/test/v21/test_indicator.py @@ -98,8 +98,8 @@ def test_indicator_required_properties(): stix2.v21.Indicator() assert excinfo.value.cls == stix2.v21.Indicator - assert excinfo.value.properties == ["pattern", "pattern_type", "valid_from"] - assert str(excinfo.value) == "No values for required properties for Indicator: (pattern, pattern_type, valid_from)." + assert excinfo.value.properties == ["pattern", "pattern_type"] + assert str(excinfo.value) == "No values for required properties for Indicator: (pattern, pattern_type)." def test_indicator_required_property_pattern(): @@ -107,7 +107,7 @@ def test_indicator_required_property_pattern(): stix2.v21.Indicator(indicator_types=['malicious-activity']) assert excinfo.value.cls == stix2.v21.Indicator - assert excinfo.value.properties == ["pattern", "pattern_type", "valid_from"] + assert excinfo.value.properties == ["pattern", "pattern_type"] def test_indicator_created_ref_invalid_format(): diff --git a/stix2/v21/sdo.py b/stix2/v21/sdo.py index 6961423..9418c40 100644 --- a/stix2/v21/sdo.py +++ b/stix2/v21/sdo.py @@ -187,7 +187,7 @@ class Indicator(_DomainObject): ('pattern', PatternProperty(required=True)), ('pattern_type', StringProperty(required=True)), ('pattern_version', StringProperty()), - ('valid_from', TimestampProperty(default=lambda: NOW, required=True)), + ('valid_from', TimestampProperty(default=lambda: NOW)), ('valid_until', TimestampProperty()), ('kill_chain_phases', ListProperty(KillChainPhase)), ('revoked', BooleanProperty(default=lambda: False)),