From c8c4e89415ef273841b5ddc6a9b46cbd1af58f0d Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Fri, 10 Jul 2020 16:57:22 -0400 Subject: [PATCH] Add back usage of spec_version where HashesProperty is used for various STIX objects. Also pre-commit stylistic fixes... --- stix2/test/test_hashes.py | 79 +++++++++++++++++++++------------------ stix2/v20/observables.py | 14 +++---- stix2/v21/common.py | 2 +- stix2/v21/observables.py | 14 +++---- 4 files changed, 57 insertions(+), 52 deletions(-) diff --git a/stix2/test/test_hashes.py b/stix2/test/test_hashes.py index f3445e1..40ace38 100644 --- a/stix2/test/test_hashes.py +++ b/stix2/test/test_hashes.py @@ -1,25 +1,28 @@ -from stix2.hashes import Hash, infer_hash_algorithm, check_hash import pytest +from stix2.hashes import Hash, check_hash, infer_hash_algorithm -@pytest.mark.parametrize("hash_name, expected_alg", [ - ("md5", Hash.MD5), - ("md6", Hash.MD6), - ("ripemd160", Hash.RIPEMD160), - ("sha1", Hash.SHA1), - ("sha224", Hash.SHA224), - ("sha256", Hash.SHA256), - ("sha384", Hash.SHA384), - ("sha512", Hash.SHA512), - ("sha3224", Hash.SHA3224), - ("sha3256", Hash.SHA3256), - ("sha3384", Hash.SHA3384), - ("sha3512", Hash.SHA3512), - ("ssdeep", Hash.SSDEEP), - ("whirlpool", Hash.WHIRLPOOL), - ("tlsh", Hash.TLSH), - ("xxxx", None), -]) + +@pytest.mark.parametrize( + "hash_name, expected_alg", [ + ("md5", Hash.MD5), + ("md6", Hash.MD6), + ("ripemd160", Hash.RIPEMD160), + ("sha1", Hash.SHA1), + ("sha224", Hash.SHA224), + ("sha256", Hash.SHA256), + ("sha384", Hash.SHA384), + ("sha512", Hash.SHA512), + ("sha3224", Hash.SHA3224), + ("sha3256", Hash.SHA3256), + ("sha3384", Hash.SHA3384), + ("sha3512", Hash.SHA3512), + ("ssdeep", Hash.SSDEEP), + ("whirlpool", Hash.WHIRLPOOL), + ("tlsh", Hash.TLSH), + ("xxxx", None), + ], +) def test_hash_inference(hash_name, expected_alg): alg = infer_hash_algorithm(hash_name) assert alg == expected_alg @@ -32,24 +35,26 @@ def test_hash_inference(hash_name, expected_alg): assert alg == expected_alg -@pytest.mark.parametrize("hash_alg, hash_value", [ - (Hash.MD5, "f9e40b9aa5464f3dae711ca524fceb63"), - (Hash.MD6, "f9e40b9aa5464f3dae711ca524fceb63"), - (Hash.RIPEMD160, "8ae5d2e6b1f3a514257f2469b637454931844aeb"), - (Hash.SHA1, "f2c7d4185880c0adcbb4a01d020a69498b16210e"), - (Hash.SHA224, "6743ed70cc26e750ad0108b6b8ad7fc2780c550f7d78adefa04dda05"), - (Hash.SHA256, "a2d1c2081aa932fe72307ab076b9739455bc7a21b3bed367bd9a86ae27af5a40"), - (Hash.SHA384, "bc846457de707f97bce93cca23b5ea58c0326fd8b79ef7b523ba1d0a792f22868732e53a5dcf2f9e3b89eecca9c9b4e3"), - (Hash.SHA512, "896e45c82f9d8ba917d4f95891c967b88304b0a67ccc59aac813ee7ab3bc700bf9ce559e283c35ddba619755f6b70bdff2a07dc9cd337576a143a2aa361d08b1"), - (Hash.SHA3224, "37cb283bc9f6ecf0f94e92d5bd4c1e061ae00d7ed85804d18f981f53"), - (Hash.SHA3256, "d5fc146e37d4fddaeaa57aa88390be5c9ca6bcb18ae1bf2346cbfc36d3310ea2"), - (Hash.SHA3384, "ac97414589b2ef59a87dc5277d156b6cfc8f6b92b7c0e889d8f38a235dd9c1ba4030321beddd13f29519390ba914f70f"), - (Hash.SHA3512, "8dc580ad3abc6305ce5ada7c5920c763720c7733c2a94d28dd5351ffbc162b6b6d21371d91d6559124159025172e19896e09889047aac4ef555cc55456e14b0a"), - (Hash.SSDEEP, "3:AXGBicFlgVNhBGcL6wCrFQEv:AXGHsNhxLsr2C"), - (Hash.WHIRLPOOL, "b752b6eeb497a8bebfc1be1649ca41d57fd1973bffc2261ca196b5474e0f353762f354c1d743581f61c51f4d86921360bc2e8ad35e830578b68b12e884a50894"), - (Hash.TLSH, "6FF02BEF718027B0160B4391212923ED7F1A463D563B1549B86CF62973B197AD2731F8"), - ("foo", "bar"), # unrecognized hash type is accepted as-is -]) +@pytest.mark.parametrize( + "hash_alg, hash_value", [ + (Hash.MD5, "f9e40b9aa5464f3dae711ca524fceb63"), + (Hash.MD6, "f9e40b9aa5464f3dae711ca524fceb63"), + (Hash.RIPEMD160, "8ae5d2e6b1f3a514257f2469b637454931844aeb"), + (Hash.SHA1, "f2c7d4185880c0adcbb4a01d020a69498b16210e"), + (Hash.SHA224, "6743ed70cc26e750ad0108b6b8ad7fc2780c550f7d78adefa04dda05"), + (Hash.SHA256, "a2d1c2081aa932fe72307ab076b9739455bc7a21b3bed367bd9a86ae27af5a40"), + (Hash.SHA384, "bc846457de707f97bce93cca23b5ea58c0326fd8b79ef7b523ba1d0a792f22868732e53a5dcf2f9e3b89eecca9c9b4e3"), + (Hash.SHA512, "896e45c82f9d8ba917d4f95891c967b88304b0a67ccc59aac813ee7ab3bc700bf9ce559e283c35ddba619755f6b70bdff2a07dc9cd337576a143a2aa361d08b1"), + (Hash.SHA3224, "37cb283bc9f6ecf0f94e92d5bd4c1e061ae00d7ed85804d18f981f53"), + (Hash.SHA3256, "d5fc146e37d4fddaeaa57aa88390be5c9ca6bcb18ae1bf2346cbfc36d3310ea2"), + (Hash.SHA3384, "ac97414589b2ef59a87dc5277d156b6cfc8f6b92b7c0e889d8f38a235dd9c1ba4030321beddd13f29519390ba914f70f"), + (Hash.SHA3512, "8dc580ad3abc6305ce5ada7c5920c763720c7733c2a94d28dd5351ffbc162b6b6d21371d91d6559124159025172e19896e09889047aac4ef555cc55456e14b0a"), + (Hash.SSDEEP, "3:AXGBicFlgVNhBGcL6wCrFQEv:AXGHsNhxLsr2C"), + (Hash.WHIRLPOOL, "b752b6eeb497a8bebfc1be1649ca41d57fd1973bffc2261ca196b5474e0f353762f354c1d743581f61c51f4d86921360bc2e8ad35e830578b68b12e884a50894"), + (Hash.TLSH, "6FF02BEF718027B0160B4391212923ED7F1A463D563B1549B86CF62973B197AD2731F8"), + ("foo", "bar"), # unrecognized hash type is accepted as-is + ], +) def test_hash_check(hash_alg, hash_value): assert check_hash(hash_alg, hash_value) assert check_hash(hash_alg, hash_value.upper()) # check case sensitivity diff --git a/stix2/v20/observables.py b/stix2/v20/observables.py index 793b683..af445a4 100644 --- a/stix2/v20/observables.py +++ b/stix2/v20/observables.py @@ -31,7 +31,7 @@ class Artifact(_Observable): ('mime_type', StringProperty()), ('payload_bin', BinaryProperty()), ('url', StringProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.0")), ('extensions', ExtensionsProperty(spec_version="2.0", enclosing_type=_type)), ]) @@ -174,7 +174,7 @@ class AlternateDataStream(_STIXBase20): _properties = OrderedDict([ ('name', StringProperty(required=True)), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.0")), ('size', IntegerProperty()), ]) @@ -257,7 +257,7 @@ class WindowsPEOptionalHeaderType(_STIXBase20): ('size_of_heap_commit', IntegerProperty()), ('loader_flags_hex', HexProperty()), ('number_of_rva_and_sizes', IntegerProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.0")), ]) def _check_object_constraints(self): @@ -274,7 +274,7 @@ class WindowsPESection(_STIXBase20): ('name', StringProperty(required=True)), ('size', IntegerProperty()), ('entropy', FloatProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.0")), ]) @@ -294,7 +294,7 @@ class WindowsPEBinaryExt(_Extension): ('number_of_symbols', IntegerProperty()), ('size_of_optional_header', IntegerProperty()), ('characteristics_hex', HexProperty()), - ('file_header_hashes', HashesProperty(HASHING_ALGORITHM)), + ('file_header_hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.0")), ('optional_header', EmbeddedObjectProperty(type=WindowsPEOptionalHeaderType)), ('sections', ListProperty(EmbeddedObjectProperty(type=WindowsPESection))), ]) @@ -308,7 +308,7 @@ class File(_Observable): _type = 'file' _properties = OrderedDict([ ('type', TypeProperty(_type, spec_version='2.0')), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.0")), ('size', IntegerProperty()), ('name', StringProperty()), ('name_enc', StringProperty()), @@ -772,7 +772,7 @@ class X509Certificate(_Observable): _properties = OrderedDict([ ('type', TypeProperty(_type, spec_version='2.0')), ('is_self_signed', BooleanProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.0")), ('version', StringProperty()), ('serial_number', StringProperty()), ('signature_algorithm', StringProperty()), diff --git a/stix2/v21/common.py b/stix2/v21/common.py index 49fdf87..0622ef1 100644 --- a/stix2/v21/common.py +++ b/stix2/v21/common.py @@ -25,7 +25,7 @@ class ExternalReference(_STIXBase21): ('source_name', StringProperty(required=True)), ('description', StringProperty()), ('url', StringProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.1")), ('external_id', StringProperty()), ]) diff --git a/stix2/v21/observables.py b/stix2/v21/observables.py index 9963d49..bdd0640 100644 --- a/stix2/v21/observables.py +++ b/stix2/v21/observables.py @@ -40,7 +40,7 @@ class Artifact(_Observable): ('mime_type', StringProperty()), ('payload_bin', BinaryProperty()), ('url', StringProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.1")), ('encryption_algorithm', EnumProperty(ENCRYPTION_ALGORITHM)), ('decryption_key', StringProperty()), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), @@ -219,7 +219,7 @@ class AlternateDataStream(_STIXBase21): _properties = OrderedDict([ ('name', StringProperty(required=True)), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.1")), ('size', IntegerProperty()), ]) @@ -301,7 +301,7 @@ class WindowsPEOptionalHeaderType(_STIXBase21): ('size_of_heap_commit', IntegerProperty()), ('loader_flags_hex', HexProperty()), ('number_of_rva_and_sizes', IntegerProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.1")), ]) def _check_object_constraints(self): @@ -318,7 +318,7 @@ class WindowsPESection(_STIXBase21): ('name', StringProperty(required=True)), ('size', IntegerProperty(min=0)), ('entropy', FloatProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.1")), ]) @@ -338,7 +338,7 @@ class WindowsPEBinaryExt(_Extension): ('number_of_symbols', IntegerProperty(min=0)), ('size_of_optional_header', IntegerProperty(min=0)), ('characteristics_hex', HexProperty()), - ('file_header_hashes', HashesProperty(HASHING_ALGORITHM)), + ('file_header_hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.1")), ('optional_header', EmbeddedObjectProperty(type=WindowsPEOptionalHeaderType)), ('sections', ListProperty(EmbeddedObjectProperty(type=WindowsPESection))), ]) @@ -354,7 +354,7 @@ class File(_Observable): ('type', TypeProperty(_type, spec_version='2.1')), ('spec_version', StringProperty(fixed='2.1')), ('id', IDProperty(_type, spec_version='2.1')), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.1")), ('size', IntegerProperty(min=0)), ('name', StringProperty()), ('name_enc', StringProperty()), @@ -826,7 +826,7 @@ class X509Certificate(_Observable): ('spec_version', StringProperty(fixed='2.1')), ('id', IDProperty(_type, spec_version='2.1')), ('is_self_signed', BooleanProperty()), - ('hashes', HashesProperty(HASHING_ALGORITHM)), + ('hashes', HashesProperty(HASHING_ALGORITHM, spec_version="2.1")), ('version', StringProperty()), ('serial_number', StringProperty()), ('signature_algorithm', StringProperty()),