MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Update tests to address conformance to WD04 specs

master
Desai, Kartikey H 2019-07-01 15:26:30 -04:00
parent ef408e1971
commit c98fcafb1a
10 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
stix2/test/v21/constants.py
View File

@ -78,6 +78,7 @@ IDENTITY_KWARGS = dict(
INDICATOR_KWARGS = dict( INDICATOR_KWARGS = dict(
indicator_types=['malicious-activity'], indicator_types=['malicious-activity'],
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
valid_from="2017-01-01T12:34:56Z",
) )
INTRUSION_SET_KWARGS = dict( INTRUSION_SET_KWARGS = dict(
@ -87,6 +88,7 @@ INTRUSION_SET_KWARGS = dict(
MALWARE_KWARGS = dict( MALWARE_KWARGS = dict(
malware_types=['ransomware'], malware_types=['ransomware'],
name="Cryptolocker", name="Cryptolocker",
is_family=False,
) )
MALWARE_MORE_KWARGS = dict( MALWARE_MORE_KWARGS = dict(
@ -97,6 +99,7 @@ MALWARE_MORE_KWARGS = dict(
malware_types=['ransomware'], malware_types=['ransomware'],
name="Cryptolocker", name="Cryptolocker",
description="A ransomware related to ...", description="A ransomware related to ...",
is_family=False,
) )
OBSERVED_DATA_KWARGS = dict( OBSERVED_DATA_KWARGS = dict(

6
stix2/test/v21/test_bundle.py
View File

@ -31,7 +31,8 @@ EXPECTED_BUNDLE = """{
"name": "Cryptolocker", "name": "Cryptolocker",
"malware_types": [ "malware_types": [
"ransomware" "ransomware"
] ],
"is_family": False
}, },
{ {
"type": "relationship", "type": "relationship",
@ -72,6 +73,7 @@ EXPECTED_BUNDLE_DICT = {
"malware_types": [ "malware_types": [
"ransomware", "ransomware",
], ],
"is_family": False,
}, },
{ {
"type": "relationship", "type": "relationship",
@ -244,6 +246,7 @@ def test_bundle_obj_id_found():
"malware_types": [ "malware_types": [
"ransomware", "ransomware",
], ],
"is_family": False,
}, },
{ {
"type": "malware", "type": "malware",
@ -255,6 +258,7 @@ def test_bundle_obj_id_found():
"malware_types": [ "malware_types": [
"ransomware", "ransomware",
], ],
"is_family": False,
}, },
{ {
"type": "relationship", "type": "relationship",

1
stix2/test/v21/test_core.py
View File

@ -31,6 +31,7 @@ BUNDLE = {
"malware_types": [ "malware_types": [
"ransomware", "ransomware",
], ],
"is_family": False,
}, },
{ {
"type": "relationship", "type": "relationship",

1
stix2/test/v21/test_datastore_filters.py
View File

@ -16,6 +16,7 @@ stix_objs = [
"remote-access-trojan", "remote-access-trojan",
], ],
"modified": "2017-01-27T13:49:53.997Z", "modified": "2017-01-27T13:49:53.997Z",
"is_family": False,
"name": "Poison Ivy", "name": "Poison Ivy",
"type": "malware", "type": "malware",
}, },

5
stix2/test/v21/test_environment.py
View File

@ -219,7 +219,8 @@ def test_parse_malware():
"name": "Cryptolocker", "name": "Cryptolocker",
"malware_types": [ "malware_types": [
"ransomware" "ransomware"
] ],
"is_family": False
}""" }"""
mal = env.parse(data, version="2.1") mal = env.parse(data, version="2.1")
@ -230,6 +231,7 @@ def test_parse_malware():
assert mal.modified == FAKE_TIME assert mal.modified == FAKE_TIME
assert mal.malware_types == ['ransomware'] assert mal.malware_types == ['ransomware']
assert mal.name == "Cryptolocker" assert mal.name == "Cryptolocker"
assert not mal.is_family
def test_creator_of(): def test_creator_of():
@ -351,6 +353,7 @@ def test_related_to_no_id(ds):
mal = { mal = {
"type": "malware", "type": "malware",
"name": "some variant", "name": "some variant",
"is_family": False,
} }
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
env.related_to(mal) env.related_to(mal)

5
stix2/test/v21/test_indicator.py
View File

@ -98,7 +98,7 @@ def test_indicator_required_properties():
stix2.v21.Indicator() stix2.v21.Indicator()
assert excinfo.value.cls == stix2.v21.Indicator assert excinfo.value.cls == stix2.v21.Indicator
assert excinfo.value.properties == ["indicator_types", "pattern"] assert excinfo.value.properties == ["indicator_types", "pattern", "valid_from"]
assert str(excinfo.value) == "No values for required properties for Indicator: (indicator_types, pattern)." assert str(excinfo.value) == "No values for required properties for Indicator: (indicator_types, pattern)."
@ -107,7 +107,7 @@ def test_indicator_required_property_pattern():
stix2.v21.Indicator(indicator_types=['malicious-activity']) stix2.v21.Indicator(indicator_types=['malicious-activity'])
assert excinfo.value.cls == stix2.v21.Indicator assert excinfo.value.cls == stix2.v21.Indicator
assert excinfo.value.properties == ["pattern"] assert excinfo.value.properties == ["pattern", "valid_from"]
def test_indicator_created_ref_invalid_format(): def test_indicator_created_ref_invalid_format():
@ -184,6 +184,7 @@ def test_invalid_indicator_pattern():
stix2.v21.Indicator( stix2.v21.Indicator(
indicator_types=['malicious-activity'], indicator_types=['malicious-activity'],
pattern="file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e'", pattern="file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e'",
valid_from="2017-01-01T12:34:56Z",
) )
assert excinfo.value.cls == stix2.v21.Indicator assert excinfo.value.cls == stix2.v21.Indicator
assert excinfo.value.prop_name == 'pattern' assert excinfo.value.prop_name == 'pattern'

10
stix2/test/v21/test_malware.py
View File

@ -17,7 +17,8 @@ EXPECTED_MALWARE = """{
"name": "Cryptolocker", "name": "Cryptolocker",
"malware_types": [ "malware_types": [
"ransomware" "ransomware"
] ],
"is_family": False
}""" }"""
@ -31,6 +32,7 @@ def test_malware_with_all_required_properties():
modified=now, modified=now,
malware_types=["ransomware"], malware_types=["ransomware"],
name="Cryptolocker", name="Cryptolocker",
is_family=False,
) )
assert str(mal) == EXPECTED_MALWARE assert str(mal) == EXPECTED_MALWARE
@ -77,7 +79,7 @@ def test_malware_required_properties():
stix2.v21.Malware() stix2.v21.Malware()
assert excinfo.value.cls == stix2.v21.Malware assert excinfo.value.cls == stix2.v21.Malware
assert excinfo.value.properties == ["malware_types", "name"] assert excinfo.value.properties == ["is_family", "malware_types", "name"]
def test_malware_required_property_name(): def test_malware_required_property_name():
@ -85,7 +87,7 @@ def test_malware_required_property_name():
stix2.v21.Malware(malware_types=['ransomware']) stix2.v21.Malware(malware_types=['ransomware'])
assert excinfo.value.cls == stix2.v21.Malware assert excinfo.value.cls == stix2.v21.Malware
assert excinfo.value.properties == ["name"] assert excinfo.value.properties == ["is_family", "name"]
def test_cannot_assign_to_malware_attributes(malware): def test_cannot_assign_to_malware_attributes(malware):
@ -115,6 +117,7 @@ def test_invalid_kwarg_to_malware():
"modified": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z",
"malware_types": ["ransomware"], "malware_types": ["ransomware"],
"name": "Cryptolocker", "name": "Cryptolocker",
"is_family": False,
}, },
], ],
) )
@ -128,6 +131,7 @@ def test_parse_malware(data):
assert mal.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc) assert mal.modified == dt.datetime(2016, 5, 12, 8, 17, 27, tzinfo=pytz.utc)
assert mal.malware_types == ['ransomware'] assert mal.malware_types == ['ransomware']
assert mal.name == 'Cryptolocker' assert mal.name == 'Cryptolocker'
assert not mal.is_family
def test_parse_malware_invalid_labels(): def test_parse_malware_invalid_labels():

1
stix2/test/v21/test_versioning.py
View File

@ -230,6 +230,7 @@ def test_remove_custom_stix_property():
malware_types=["rootkit"], malware_types=["rootkit"],
x_custom="armada", x_custom="armada",
allow_custom=True, allow_custom=True,
is_family=False,
) )
mal_nc = stix2.utils.remove_custom_stix(mal) mal_nc = stix2.utils.remove_custom_stix(mal)

2
stix2/test/v21/test_workbench.py
View File

@ -199,7 +199,7 @@ def test_workbench_related():
def test_workbench_related_with_filters(): def test_workbench_related_with_filters():
malware = Malware( malware = Malware(
malware_types=["ransomware"], name="CryptorBit", malware_types=["ransomware"], name="CryptorBit",
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID, is_family=False,
) )
rel = Relationship(malware.id, 'variant-of', MALWARE_ID) rel = Relationship(malware.id, 'variant-of', MALWARE_ID)
save([malware, rel]) save([malware, rel])

3
stix2/v21/sdo.py
View File

@ -198,7 +198,7 @@ class Indicator(STIXDomainObject):
('description', StringProperty()), ('description', StringProperty()),
('indicator_types', ListProperty(StringProperty, required=True)), ('indicator_types', ListProperty(StringProperty, required=True)),
('pattern', PatternProperty(required=True)), ('pattern', PatternProperty(required=True)),
('valid_from', TimestampProperty(default=lambda: NOW)), ('valid_from', TimestampProperty(default=lambda: NOW, required=True)),
('valid_until', TimestampProperty()), ('valid_until', TimestampProperty()),
('kill_chain_phases', ListProperty(KillChainPhase)), ('kill_chain_phases', ListProperty(KillChainPhase)),
('revoked', BooleanProperty(default=lambda: False)), ('revoked', BooleanProperty(default=lambda: False)),
@ -683,6 +683,7 @@ class Tool(STIXDomainObject):
('name', StringProperty(required=True)), ('name', StringProperty(required=True)),
('description', StringProperty()), ('description', StringProperty()),
('tool_types', ListProperty(StringProperty, required=True)), ('tool_types', ListProperty(StringProperty, required=True)),
('aliases', ListProperty(StringProperty)),
('kill_chain_phases', ListProperty(KillChainPhase)), ('kill_chain_phases', ListProperty(KillChainPhase)),
('tool_version', StringProperty()), ('tool_version', StringProperty()),
('revoked', BooleanProperty(default=lambda: False)), ('revoked', BooleanProperty(default=lambda: False)),