From de3fa99a12bbab06f34f7655c8d223df210def77 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Wed, 13 May 2020 11:20:16 -0500 Subject: [PATCH 1/5] Add property names to canonicalization for deterministic id gen --- stix2/base.py | 3 +++ stix2/test/v21/test_observed_data.py | 16 ++++++++-------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/stix2/base.py b/stix2/base.py index a1229ca..151eb48 100644 --- a/stix2/base.py +++ b/stix2/base.py @@ -405,9 +405,12 @@ class _Observable(_STIXBase): if "hashes" in kwargs and "hashes" in properties_to_use: possible_hash = _choose_one_hash(kwargs["hashes"]) if possible_hash: + streamlined_obj_vals.append("hashes") streamlined_obj_vals.append(possible_hash) for key in properties_to_use: if key != "hashes" and key in kwargs: + streamlined_obj_vals.append(key) + if isinstance(kwargs[key], dict) or isinstance(kwargs[key], _STIXBase): temp_deep_copy = copy.deepcopy(dict(kwargs[key])) _recursive_stix_to_dict(temp_deep_copy) diff --git a/stix2/test/v21/test_observed_data.py b/stix2/test/v21/test_observed_data.py index abcbb7b..0f1ebef 100644 --- a/stix2/test/v21/test_observed_data.py +++ b/stix2/test/v21/test_observed_data.py @@ -46,7 +46,7 @@ def test_observed_data_example(): objects={ "0": { "type": "file", - "id": "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f", + "id": "file--7dcb7293-9421-567d-8369-97cffc3bea2f", "name": "foo.exe", }, }, @@ -102,12 +102,12 @@ def test_observed_data_example_with_refs(): objects={ "0": { "type": "file", - "id": "file--5956efbb-a7b0-566d-a7f9-a202eb05c70f", + "id": "file--7dcb7293-9421-567d-8369-97cffc3bea2f", "name": "foo.exe", }, "1": { "type": "directory", - "id": "directory--536a61a4-0934-516b-9aad-fcbb75e0583a", + "id": "directory--4518b7a7-570f-57cf-b6a2-3a315153b87d", "path": "/usr/home", "contains_refs": ["file--5956efbb-a7b0-566d-a7f9-a202eb05c70f"], }, @@ -719,7 +719,7 @@ def test_directory_example(): assert dir1.ctime == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert dir1.mtime == dt.datetime(2015, 12, 24, 19, 0, 0, tzinfo=pytz.utc) assert dir1.atime == dt.datetime(2015, 12, 21, 20, 0, 0, tzinfo=pytz.utc) - assert dir1.contains_refs == ["file--9d050a3b-72cd-5b57-bf18-024e74e1e5eb"] + assert dir1.contains_refs == ["file--6243c574-81bb-543e-905b-c7d5a41b669f"] def test_directory_example_ref_error(): @@ -747,7 +747,7 @@ def test_domain_name_example(): ) assert dn2.value == "example.com" - assert dn2.resolves_to_refs == ["domain-name--02af94ea-7e38-5718-87c3-5cc023e3d49d"] + assert dn2.resolves_to_refs == ["domain-name--70d23664-ef5f-52de-8929-75d96a5ae978"] def test_domain_name_example_invalid_ref_type(): @@ -1032,7 +1032,7 @@ def test_ipv4_address_valid_refs(): ) assert ip4.value == "177.60.40.7" - assert ip4.resolves_to_refs == ["mac-addr--a85820f7-d9b7-567a-a3a6-dedc34139342", "mac-addr--9a59b496-fdeb-510f-97b5-7137210bc699"] + assert ip4.resolves_to_refs == ["mac-addr--12c703aa-f094-57f4-bb3e-44da7dc16ece", "mac-addr--eeea0789-44f7-5661-911c-ea55ea60222e"] def test_ipv4_address_example_cidr(): @@ -1565,7 +1565,7 @@ def test_id_gen_recursive_dict_conversion_1(): }, ) - assert file_observable.id == "file--5219d93d-13c1-5f1f-896b-039f10ec67ea" + assert file_observable.id == "file--88165833-e8a4-5eee-9407-8c3d17821b8b" def test_id_gen_recursive_dict_conversion_2(): @@ -1582,4 +1582,4 @@ def test_id_gen_recursive_dict_conversion_2(): ], ) - assert wrko.id == "windows-registry-key--c087d9fe-a03e-5922-a1cd-da116e5b8a7b" + assert wrko.id == "windows-registry-key--ff420059-9af4-58c5-a3ba-daafc86c5166" From 0b1297b14adb33c9104127757edec4be6ce110ab Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Wed, 13 May 2020 11:22:51 -0500 Subject: [PATCH 2/5] Fixes #389 --- stix2/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stix2/base.py b/stix2/base.py index 151eb48..75c12f1 100644 --- a/stix2/base.py +++ b/stix2/base.py @@ -422,7 +422,7 @@ class _Observable(_STIXBase): else: streamlined_obj_vals.append(kwargs[key]) if streamlined_obj_vals: - data = canonicalize(streamlined_obj_vals, utf8=False) + data = canonicalize(streamlined_obj_vals, utf8=False) # The situation is complicated w.r.t. python 2/3 behavior, so # I'd rather not rely on particular exceptions being raised to From 65d4060e6a1dee86952d04f6d7cea38835ae6988 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Wed, 13 May 2020 11:23:26 -0500 Subject: [PATCH 3/5] Fixes #389 --- stix2/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stix2/base.py b/stix2/base.py index 75c12f1..151eb48 100644 --- a/stix2/base.py +++ b/stix2/base.py @@ -422,7 +422,7 @@ class _Observable(_STIXBase): else: streamlined_obj_vals.append(kwargs[key]) if streamlined_obj_vals: - data = canonicalize(streamlined_obj_vals, utf8=False) + data = canonicalize(streamlined_obj_vals, utf8=False) # The situation is complicated w.r.t. python 2/3 behavior, so # I'd rather not rely on particular exceptions being raised to From 9ce299b66084bf51e7eea4c8368dfbf87b139ee1 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Wed, 13 May 2020 11:40:37 -0500 Subject: [PATCH 4/5] Fixes #389 --- stix2/properties.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stix2/properties.py b/stix2/properties.py index 060d9ca..a1bab6d 100644 --- a/stix2/properties.py +++ b/stix2/properties.py @@ -503,7 +503,7 @@ class ReferenceProperty(Property): if possible_prefix not in ref_invalid_types: required_prefix = possible_prefix else: - raise ValueError("An invalid type-specifying prefix '%s' was specified for this property" % (possible_prefix, value)) + raise ValueError("An invalid type-specifying prefix '%s' was specified for this property" % (possible_prefix)) _validate_id(value, self.spec_version, required_prefix) From 998b4c0725a5f6797a806517a29ecc9556e66cfb Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Wed, 13 May 2020 12:45:16 -0500 Subject: [PATCH 5/5] Change streamlined_obj_vals list to streamlined_object dict --- stix2/base.py | 17 +++++++---------- stix2/test/v21/test_observed_data.py | 16 ++++++++-------- 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/stix2/base.py b/stix2/base.py index 151eb48..ef3fcb8 100644 --- a/stix2/base.py +++ b/stix2/base.py @@ -401,28 +401,25 @@ class _Observable(_STIXBase): properties_to_use = self._id_contributing_properties if properties_to_use: - streamlined_obj_vals = [] + streamlined_object = {} if "hashes" in kwargs and "hashes" in properties_to_use: possible_hash = _choose_one_hash(kwargs["hashes"]) if possible_hash: - streamlined_obj_vals.append("hashes") - streamlined_obj_vals.append(possible_hash) + streamlined_object["hashes"] = possible_hash for key in properties_to_use: if key != "hashes" and key in kwargs: - streamlined_obj_vals.append(key) - if isinstance(kwargs[key], dict) or isinstance(kwargs[key], _STIXBase): temp_deep_copy = copy.deepcopy(dict(kwargs[key])) _recursive_stix_to_dict(temp_deep_copy) - streamlined_obj_vals.append(temp_deep_copy) + streamlined_object[key] = temp_deep_copy elif isinstance(kwargs[key], list): temp_deep_copy = copy.deepcopy(kwargs[key]) _recursive_stix_list_to_dict(temp_deep_copy) - streamlined_obj_vals.append(temp_deep_copy) + streamlined_object[key] = temp_deep_copy else: - streamlined_obj_vals.append(kwargs[key]) - if streamlined_obj_vals: - data = canonicalize(streamlined_obj_vals, utf8=False) + streamlined_object[key] = kwargs[key] + if streamlined_object: + data = canonicalize(streamlined_object, utf8=False) # The situation is complicated w.r.t. python 2/3 behavior, so # I'd rather not rely on particular exceptions being raised to diff --git a/stix2/test/v21/test_observed_data.py b/stix2/test/v21/test_observed_data.py index 0f1ebef..b8732be 100644 --- a/stix2/test/v21/test_observed_data.py +++ b/stix2/test/v21/test_observed_data.py @@ -46,7 +46,7 @@ def test_observed_data_example(): objects={ "0": { "type": "file", - "id": "file--7dcb7293-9421-567d-8369-97cffc3bea2f", + "id": "file--7af1312c-4402-5d2f-b169-b118d73b85c4", "name": "foo.exe", }, }, @@ -102,12 +102,12 @@ def test_observed_data_example_with_refs(): objects={ "0": { "type": "file", - "id": "file--7dcb7293-9421-567d-8369-97cffc3bea2f", + "id": "file--7af1312c-4402-5d2f-b169-b118d73b85c4", "name": "foo.exe", }, "1": { "type": "directory", - "id": "directory--4518b7a7-570f-57cf-b6a2-3a315153b87d", + "id": "directory--ee97f78e-7e2b-5b3d-bcbd-5692968cacea", "path": "/usr/home", "contains_refs": ["file--5956efbb-a7b0-566d-a7f9-a202eb05c70f"], }, @@ -719,7 +719,7 @@ def test_directory_example(): assert dir1.ctime == dt.datetime(2015, 12, 21, 19, 0, 0, tzinfo=pytz.utc) assert dir1.mtime == dt.datetime(2015, 12, 24, 19, 0, 0, tzinfo=pytz.utc) assert dir1.atime == dt.datetime(2015, 12, 21, 20, 0, 0, tzinfo=pytz.utc) - assert dir1.contains_refs == ["file--6243c574-81bb-543e-905b-c7d5a41b669f"] + assert dir1.contains_refs == ["file--c6ae2cf8-92d3-56d0-a25f-713efad643a7"] def test_directory_example_ref_error(): @@ -747,7 +747,7 @@ def test_domain_name_example(): ) assert dn2.value == "example.com" - assert dn2.resolves_to_refs == ["domain-name--70d23664-ef5f-52de-8929-75d96a5ae978"] + assert dn2.resolves_to_refs == ["domain-name--5b5803bf-a7eb-5076-b799-96aa574c44eb"] def test_domain_name_example_invalid_ref_type(): @@ -1032,7 +1032,7 @@ def test_ipv4_address_valid_refs(): ) assert ip4.value == "177.60.40.7" - assert ip4.resolves_to_refs == ["mac-addr--12c703aa-f094-57f4-bb3e-44da7dc16ece", "mac-addr--eeea0789-44f7-5661-911c-ea55ea60222e"] + assert ip4.resolves_to_refs == ["mac-addr--f72d7d00-86bd-5cd2-8c86-52f7a83bef62", "mac-addr--875ad625-177b-5c2a-9101-d44b0ad55938"] def test_ipv4_address_example_cidr(): @@ -1565,7 +1565,7 @@ def test_id_gen_recursive_dict_conversion_1(): }, ) - assert file_observable.id == "file--88165833-e8a4-5eee-9407-8c3d17821b8b" + assert file_observable.id == "file--ced31cd4-bdcb-537d-aefa-92d291bfc11d" def test_id_gen_recursive_dict_conversion_2(): @@ -1582,4 +1582,4 @@ def test_id_gen_recursive_dict_conversion_2(): ], ) - assert wrko.id == "windows-registry-key--ff420059-9af4-58c5-a3ba-daafc86c5166" + assert wrko.id == "windows-registry-key--36594eba-bcc7-5014-9835-0e154264e588"