From bdb91c6ac4e5a7758b5df86ee70eba4eb877756b Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Thu, 2 Nov 2017 07:21:24 -0400 Subject: [PATCH] Update STIX 2.1 structure --- stix2/v21/__init__.py | 49 ++++++++++++++++++++++++++++++++++ stix2/{ => v21}/common.py | 16 +++++------ stix2/{ => v21}/observables.py | 20 +++++++------- stix2/{ => v21}/sdo.py | 18 ++++++------- stix2/{ => v21}/sro.py | 14 +++++----- 5 files changed, 83 insertions(+), 34 deletions(-) create mode 100644 stix2/v21/__init__.py rename stix2/{ => v21}/common.py (94%) rename stix2/{ => v21}/observables.py (98%) rename stix2/{ => v21}/sdo.py (97%) rename stix2/{ => v21}/sro.py (91%) diff --git a/stix2/v21/__init__.py b/stix2/v21/__init__.py new file mode 100644 index 0000000..dad0785 --- /dev/null +++ b/stix2/v21/__init__.py @@ -0,0 +1,49 @@ + +# flake8: noqa + +from ..core import Bundle +from .common import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, CustomMarking, + ExternalReference, GranularMarking, KillChainPhase, + LanguageContent, MarkingDefinition, StatementMarking, + TLPMarking) +from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact, + AutonomousSystem, CustomExtension, CustomObservable, + Directory, DomainName, EmailAddress, EmailMessage, + EmailMIMEComponent, File, HTTPRequestExt, ICMPExt, + IPv4Address, IPv6Address, MACAddress, Mutex, + NetworkTraffic, NTFSExt, PDFExt, Process, + RasterImageExt, SocketExt, Software, TCPExt, + UNIXAccountExt, UserAccount, WindowsPEBinaryExt, + WindowsPEOptionalHeaderType, WindowsPESection, + WindowsProcessExt, WindowsRegistryKey, + WindowsRegistryValueType, WindowsServiceExt, + X509Certificate, X509V3ExtenstionsType, + parse_observable) +from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject, + Identity, Indicator, IntrusionSet, Location, Malware, Note, + ObservedData, Opinion, Report, ThreatActor, Tool, + Vulnerability) +from .sro import Relationship, Sighting + +OBJ_MAP = { + 'attack-pattern': AttackPattern, + 'bundle': Bundle, + 'campaign': Campaign, + 'course-of-action': CourseOfAction, + 'identity': Identity, + 'indicator': Indicator, + 'intrusion-set': IntrusionSet, + 'language-content': LanguageContent, + 'location': Location, + 'malware': Malware, + 'note': Note, + 'marking-definition': MarkingDefinition, + 'observed-data': ObservedData, + 'opinion': Opinion, + 'report': Report, + 'relationship': Relationship, + 'threat-actor': ThreatActor, + 'tool': Tool, + 'sighting': Sighting, + 'vulnerability': Vulnerability, +} diff --git a/stix2/common.py b/stix2/v21/common.py similarity index 94% rename from stix2/common.py rename to stix2/v21/common.py index fdeef03..7a7feb0 100644 --- a/stix2/common.py +++ b/stix2/v21/common.py @@ -1,14 +1,14 @@ -"""STIX 2 Common Data Types and Properties.""" +"""STIX 2.1 Common Data Types and Properties.""" from collections import OrderedDict -from .base import _STIXBase -from .markings import _MarkingsMixin -from .properties import (BooleanProperty, DictionaryProperty, HashesProperty, - IDProperty, ListProperty, Property, ReferenceProperty, - SelectorProperty, StringProperty, TimestampProperty, - TypeProperty) -from .utils import NOW, get_dict +from ..base import _STIXBase +from ..markings import _MarkingsMixin +from ..properties import (BooleanProperty, DictionaryProperty, HashesProperty, + IDProperty, ListProperty, Property, + ReferenceProperty, SelectorProperty, StringProperty, + TimestampProperty, TypeProperty) +from ..utils import NOW, get_dict class ExternalReference(_STIXBase): diff --git a/stix2/observables.py b/stix2/v21/observables.py similarity index 98% rename from stix2/observables.py rename to stix2/v21/observables.py index aaec2d7..008f8e2 100644 --- a/stix2/observables.py +++ b/stix2/v21/observables.py @@ -1,4 +1,4 @@ -"""STIX 2.0 Cyber Observable Objects. +"""STIX 2.1 Cyber Observable Objects. Embedded observable object types, such as Email MIME Component, which is embedded in Email Message objects, inherit from ``_STIXBase`` instead of @@ -7,15 +7,15 @@ Observable and do not have a ``_type`` attribute. from collections import OrderedDict -from .base import _Extension, _Observable, _STIXBase -from .exceptions import (AtLeastOnePropertyError, DependentPropertiesError, - ParseError) -from .properties import (BinaryProperty, BooleanProperty, DictionaryProperty, - EmbeddedObjectProperty, EnumProperty, FloatProperty, - HashesProperty, HexProperty, IntegerProperty, - ListProperty, ObjectReferenceProperty, Property, - StringProperty, TimestampProperty, TypeProperty) -from .utils import get_dict +from ..base import _Extension, _Observable, _STIXBase +from ..exceptions import (AtLeastOnePropertyError, DependentPropertiesError, + ParseError) +from ..properties import (BinaryProperty, BooleanProperty, DictionaryProperty, + EmbeddedObjectProperty, EnumProperty, FloatProperty, + HashesProperty, HexProperty, IntegerProperty, + ListProperty, ObjectReferenceProperty, Property, + StringProperty, TimestampProperty, TypeProperty) +from ..utils import get_dict class ObservableProperty(Property): diff --git a/stix2/sdo.py b/stix2/v21/sdo.py similarity index 97% rename from stix2/sdo.py rename to stix2/v21/sdo.py index da8fa65..3c46fa1 100644 --- a/stix2/sdo.py +++ b/stix2/v21/sdo.py @@ -1,18 +1,18 @@ -"""STIX 2.0 Domain Objects""" +"""STIX 2.1 Domain Objects""" from collections import OrderedDict import stix2 -from .base import _STIXBase +from ..base import _STIXBase +from ..markings import _MarkingsMixin +from ..properties import (BooleanProperty, EnumProperty, FloatProperty, + IDProperty, IntegerProperty, ListProperty, + PatternProperty, ReferenceProperty, StringProperty, + TimestampProperty, TypeProperty) +from ..utils import NOW from .common import ExternalReference, GranularMarking, KillChainPhase -from .markings import _MarkingsMixin from .observables import ObservableProperty -from .properties import (BooleanProperty, EnumProperty, FloatProperty, - IDProperty, IntegerProperty, ListProperty, - PatternProperty, ReferenceProperty, StringProperty, - TimestampProperty, TypeProperty) -from .utils import NOW class STIXDomainObject(_STIXBase, _MarkingsMixin): @@ -470,7 +470,7 @@ def CustomObject(type='x-custom-type', properties=None): return raise e - stix2._register_type(_Custom) + stix2._register_type(_Custom, version="2.1") return _Custom return custom_builder diff --git a/stix2/sro.py b/stix2/v21/sro.py similarity index 91% rename from stix2/sro.py rename to stix2/v21/sro.py index 6e86d59..03f08b7 100644 --- a/stix2/sro.py +++ b/stix2/v21/sro.py @@ -1,14 +1,14 @@ -"""STIX 2.0 Relationship Objects.""" +"""STIX 2.1 Relationship Objects.""" from collections import OrderedDict -from .base import _STIXBase +from ..base import _STIXBase +from ..markings import _MarkingsMixin +from ..properties import (BooleanProperty, IDProperty, IntegerProperty, + ListProperty, ReferenceProperty, StringProperty, + TimestampProperty, TypeProperty) +from ..utils import NOW from .common import ExternalReference, GranularMarking -from .markings import _MarkingsMixin -from .properties import (BooleanProperty, IDProperty, IntegerProperty, - ListProperty, ReferenceProperty, StringProperty, - TimestampProperty, TypeProperty) -from .utils import NOW class STIXRelationshipObject(_STIXBase, _MarkingsMixin):