MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Rework kill chain phases

stix2.1
clenk 2017-04-07 17:34:06 -04:00
parent 93b8076ae3
commit bab8d187c9
5 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
stix2/base.py
View File

@ -58,6 +58,7 @@ class _STIXBase(collections.Mapping):
if extra_kwargs: if extra_kwargs:
raise TypeError("unexpected keyword arguments: " + str(extra_kwargs)) raise TypeError("unexpected keyword arguments: " + str(extra_kwargs))
# Detect any missing required fields
required_fields = get_required_properties(cls._properties) required_fields = get_required_properties(cls._properties)
missing_kwargs = set(required_fields) - set(kwargs) missing_kwargs = set(required_fields) - set(kwargs)
if missing_kwargs: if missing_kwargs:

7
stix2/common.py
View File

@ -1,7 +1,8 @@
"""STIX 2 Common Data Types and Properties""" """STIX 2 Common Data Types and Properties"""
from .base import _STIXBase from .base import _STIXBase
from .properties import Property, BooleanProperty, ReferenceProperty from .properties import (Property, BooleanProperty, ReferenceProperty,
StringProperty)
from .utils import NOW from .utils import NOW
COMMON_PROPERTIES = { COMMON_PROPERTIES = {
@ -28,6 +29,6 @@ class ExternalReference(_STIXBase):
class KillChainPhase(_STIXBase): class KillChainPhase(_STIXBase):
_properties = { _properties = {
'kill_chain_name': Property(required=True), 'kill_chain_name': StringProperty(required=True),
'phase_name': Property(required=True), 'phase_name': StringProperty(required=True),
} }

2
stix2/properties.py
View File

@ -110,7 +110,7 @@ class ListProperty(Property):
def clean(self, value): def clean(self, value):
try: try:
return [self.contained(x) for x in value] return [self.contained(**x) if type(x) is dict else self.contained(x) for x in value]
except TypeError: except TypeError:
raise ValueError("must be an iterable over a type whose constructor creates an object from the value.") raise ValueError("must be an iterable over a type whose constructor creates an object from the value.")

4
stix2/sdo.py
View File

@ -1,7 +1,7 @@
"""STIX 2.0 Domain Objects""" """STIX 2.0 Domain Objects"""
from .base import _STIXBase from .base import _STIXBase
from .common import COMMON_PROPERTIES from .common import COMMON_PROPERTIES, KillChainPhase
from .properties import (StringProperty, IDProperty, ListProperty, from .properties import (StringProperty, IDProperty, ListProperty,
TypeProperty, Property) TypeProperty, Property)
from .utils import NOW from .utils import NOW
@ -109,7 +109,7 @@ class Malware(_STIXBase):
'labels': ListProperty(StringProperty, required=True), 'labels': ListProperty(StringProperty, required=True),
'name': StringProperty(required=True), 'name': StringProperty(required=True),
'description': StringProperty(), 'description': StringProperty(),
'kill_chain_phases': Property(), 'kill_chain_phases': ListProperty(KillChainPhase),
}) })

16
stix2/test/test_malware.py
View File

@ -107,3 +107,19 @@ def test_parse_malware_invalid_labels():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
stix2.parse(data) stix2.parse(data)
assert "Invalid value for Malware 'labels'" in str(excinfo.value) assert "Invalid value for Malware 'labels'" in str(excinfo.value)
def test_parse_malware_kill_chain_phases():
kill_chain = """
"kill_chain_phases": [
{
"kill_chain_name": "lockheed-martin-cyber-kill-chain",
"phase_name": "reconnaissance"
}
]"""
data = EXPECTED_MALWARE.replace('malware"', 'malware",%s' % kill_chain)
mal = stix2.parse(data)
assert mal.kill_chain_phases[0].kill_chain_name == "lockheed-martin-cyber-kill-chain"
assert mal.kill_chain_phases[0].phase_name == "reconnaissance"
assert mal['kill_chain_phases'][0]['kill_chain_name'] == "lockheed-martin-cyber-kill-chain"
assert mal['kill_chain_phases'][0]['phase_name'] == "reconnaissance"