From cd0c4984fa8683d52f01790c328224a9a6bdecab Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Tue, 16 Jul 2019 16:10:25 -0400 Subject: [PATCH] Fix most unit tests to pass again. Awaiting feedback regarding possible library bugs, before I fix the remaining unit tests. --- stix2/test/v21/conftest.py | 8 ++++++++ stix2/test/v21/constants.py | 5 +++++ stix2/test/v21/test_bundle.py | 3 +++ stix2/test/v21/test_core.py | 1 + stix2/test/v21/test_datastore_filters.py | 1 + stix2/test/v21/test_datastore_memory.py | 8 ++++++++ stix2/test/v21/test_grouping.py | 20 ++++++++++++++++++-- stix2/test/v21/test_indicator.py | 12 +++++++++--- stix2/test/v21/test_malware.py | 4 ++-- stix2/test/v21/test_malware_analysis.py | 4 +++- stix2/test/v21/test_opinion.py | 9 +++++---- 11 files changed, 63 insertions(+), 12 deletions(-) diff --git a/stix2/test/v21/conftest.py b/stix2/test/v21/conftest.py index ea2853d..103db34 100644 --- a/stix2/test/v21/conftest.py +++ b/stix2/test/v21/conftest.py @@ -71,6 +71,7 @@ def stix_objs1(): "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -84,6 +85,7 @@ def stix_objs1(): "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -97,6 +99,7 @@ def stix_objs1(): "modified": "2017-01-27T13:49:53.936Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -110,6 +113,7 @@ def stix_objs1(): "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -123,6 +127,7 @@ def stix_objs1(): "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -140,6 +145,7 @@ def stix_objs2(): ], "modified": "2017-01-31T13:49:53.935Z", "name": "Malicious site hosting downloader", + "pattern_type": "stix", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", "spec_version": "2.1", "type": "indicator", @@ -153,6 +159,7 @@ def stix_objs2(): ], "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", + "pattern_type": "stix", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", "spec_version": "2.1", "type": "indicator", @@ -166,6 +173,7 @@ def stix_objs2(): ], "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", + "pattern_type": "stix", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", "spec_version": "2.1", "type": "indicator", diff --git a/stix2/test/v21/constants.py b/stix2/test/v21/constants.py index 40a2bb5..fd1ff38 100644 --- a/stix2/test/v21/constants.py +++ b/stix2/test/v21/constants.py @@ -75,6 +75,10 @@ COURSE_OF_ACTION_KWARGS = dict( GROUPING_KWARGS = dict( name="Harry Potter and the Leet Hackers", context="suspicious-activity", + object_refs=[ + "malware--c8d2fae5-7271-400c-b81d-931a4caf20b9", + "identity--988145ed-a3b4-4421-b7a7-273376be67ce" + ], ) IDENTITY_KWARGS = dict( @@ -84,6 +88,7 @@ IDENTITY_KWARGS = dict( INDICATOR_KWARGS = dict( indicator_types=['malicious-activity'], + pattern_type="stix", pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", valid_from="2017-01-01T12:34:56Z", ) diff --git a/stix2/test/v21/test_bundle.py b/stix2/test/v21/test_bundle.py index 7ba0729..58d3b3f 100644 --- a/stix2/test/v21/test_bundle.py +++ b/stix2/test/v21/test_bundle.py @@ -20,6 +20,7 @@ EXPECTED_BUNDLE = """{ "malicious-activity" ], "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", + "pattern_type": "stix", "valid_from": "2017-01-01T12:34:56Z" }, { @@ -58,6 +59,7 @@ EXPECTED_BUNDLE_DICT = { "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", + "pattern_type": "stix", "valid_from": "2017-01-01T12:34:56Z", "indicator_types": [ "malicious-activity", @@ -234,6 +236,7 @@ def test_bundle_obj_id_found(): "malicious-activity", ], "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", + "pattern_type": "stix", "valid_from": "2017-01-01T12:34:56Z", }, { diff --git a/stix2/test/v21/test_core.py b/stix2/test/v21/test_core.py index 06a829c..f04e600 100644 --- a/stix2/test/v21/test_core.py +++ b/stix2/test/v21/test_core.py @@ -16,6 +16,7 @@ BUNDLE = { "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", + "pattern_type": "stix", "valid_from": "2017-01-01T12:34:56Z", "indicator_types": [ "malicious-activity", diff --git a/stix2/test/v21/test_datastore_filters.py b/stix2/test/v21/test_datastore_filters.py index cbe3fe4..b96aa4d 100644 --- a/stix2/test/v21/test_datastore_filters.py +++ b/stix2/test/v21/test_datastore_filters.py @@ -29,6 +29,7 @@ stix_objs = [ "modified": "2014-05-08T09:00:00.000Z", "name": "File hash for Poison Ivy variant", "pattern": "[file:hashes.'SHA-256' = 'ef537f25c895bfa782526529a9b63d97aa631564d5d789c2b765448c8635fb6c']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2014-05-08T09:00:00.000000Z", diff --git a/stix2/test/v21/test_datastore_memory.py b/stix2/test/v21/test_datastore_memory.py index b69d4d6..4f63a06 100644 --- a/stix2/test/v21/test_datastore_memory.py +++ b/stix2/test/v21/test_datastore_memory.py @@ -24,6 +24,7 @@ IND1 = { "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -37,6 +38,7 @@ IND2 = { "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -50,6 +52,7 @@ IND3 = { "modified": "2017-01-27T13:49:53.936Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -63,6 +66,7 @@ IND4 = { "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -76,6 +80,7 @@ IND5 = { "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -89,6 +94,7 @@ IND6 = { "modified": "2017-01-31T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -102,6 +108,7 @@ IND7 = { "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", @@ -115,6 +122,7 @@ IND8 = { "modified": "2017-01-27T13:49:53.935Z", "name": "Malicious site hosting downloader", "pattern": "[url:value = 'http://x4z9arb.cn/4712']", + "pattern_type": "stix", "spec_version": "2.1", "type": "indicator", "valid_from": "2017-01-27T13:49:53.935382Z", diff --git a/stix2/test/v21/test_grouping.py b/stix2/test/v21/test_grouping.py index 405a80c..449400b 100644 --- a/stix2/test/v21/test_grouping.py +++ b/stix2/test/v21/test_grouping.py @@ -14,7 +14,11 @@ EXPECTED_GROUPING = """{ "created": "2017-01-01T12:34:56.000Z", "modified": "2017-01-01T12:34:56.000Z", "name": "Harry Potter and the Leet Hackers", - "context": "suspicious-activity" + "context": "suspicious-activity", + "object_refs": [ + "malware--c8d2fae5-7271-400c-b81d-931a4caf20b9", + "identity--988145ed-a3b4-4421-b7a7-273376be67ce" + ] }""" @@ -28,6 +32,10 @@ def test_grouping_with_all_required_properties(): modified=now, name="Harry Potter and the Leet Hackers", context="suspicious-activity", + object_refs=[ + "malware--c8d2fae5-7271-400c-b81d-931a4caf20b9", + "identity--988145ed-a3b4-4421-b7a7-273376be67ce", + ], ) assert str(grp) == EXPECTED_GROUPING @@ -74,7 +82,7 @@ def test_grouping_required_properties(): stix2.v21.Grouping() assert excinfo.value.cls == stix2.v21.Grouping - assert excinfo.value.properties == ["context"] + assert excinfo.value.properties == ["context", "object_refs"] def test_invalid_kwarg_to_grouping(): @@ -97,6 +105,10 @@ def test_invalid_kwarg_to_grouping(): "modified": "2017-01-01T12:34:56.000Z", "name": "Harry Potter and the Leet Hackers", "context": "suspicious-activity", + "object_refs": [ + "malware--c8d2fae5-7271-400c-b81d-931a4caf20b9", + "identity--988145ed-a3b4-4421-b7a7-273376be67ce", + ], }, ], ) @@ -110,3 +122,7 @@ def test_parse_grouping(data): assert grp.modified == dt.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc) assert grp.name == "Harry Potter and the Leet Hackers" assert grp.context == "suspicious-activity" + assert grp.object_refs == [ + "malware--c8d2fae5-7271-400c-b81d-931a4caf20b9", + "identity--988145ed-a3b4-4421-b7a7-273376be67ce" + ] diff --git a/stix2/test/v21/test_indicator.py b/stix2/test/v21/test_indicator.py index b68b887..ea46d6d 100644 --- a/stix2/test/v21/test_indicator.py +++ b/stix2/test/v21/test_indicator.py @@ -18,6 +18,7 @@ EXPECTED_INDICATOR = """{ "malicious-activity" ], "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", + "pattern_type": "stix", "valid_from": "1970-01-01T00:00:01Z" }""" @@ -29,6 +30,7 @@ EXPECTED_INDICATOR_REPR = "Indicator(" + " ".join(""" modified='2017-01-01T00:00:01.000Z', indicator_types=['malicious-activity'], pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", + pattern_type='stix', valid_from='1970-01-01T00:00:01Z' """.split()) + ")" @@ -43,6 +45,7 @@ def test_indicator_with_all_required_properties(): created=now, modified=now, pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", + pattern_type="stix", valid_from=epoch, indicator_types=['malicious-activity'], ) @@ -98,8 +101,8 @@ def test_indicator_required_properties(): stix2.v21.Indicator() assert excinfo.value.cls == stix2.v21.Indicator - assert excinfo.value.properties == ["indicator_types", "pattern", "valid_from"] - assert str(excinfo.value) == "No values for required properties for Indicator: (indicator_types, pattern, valid_from)." + assert excinfo.value.properties == ["indicator_types", "pattern", "pattern_type", "valid_from"] + assert str(excinfo.value) == "No values for required properties for Indicator: (indicator_types, pattern, pattern_type, valid_from)." def test_indicator_required_property_pattern(): @@ -107,7 +110,7 @@ def test_indicator_required_property_pattern(): stix2.v21.Indicator(indicator_types=['malicious-activity']) assert excinfo.value.cls == stix2.v21.Indicator - assert excinfo.value.properties == ["pattern", "valid_from"] + assert excinfo.value.properties == ["pattern", "pattern_type", "valid_from"] def test_indicator_created_ref_invalid_format(): @@ -162,6 +165,7 @@ def test_created_modified_time_are_identical_by_default(): "malicious-activity", ], "pattern": "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", + "pattern_type": "stix", "valid_from": "1970-01-01T00:00:01Z", }, ], @@ -184,6 +188,7 @@ def test_invalid_indicator_pattern(): stix2.v21.Indicator( indicator_types=['malicious-activity'], pattern="file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e'", + pattern_type="stix", valid_from="2017-01-01T12:34:56Z", ) assert excinfo.value.cls == stix2.v21.Indicator @@ -194,6 +199,7 @@ def test_invalid_indicator_pattern(): stix2.v21.Indicator( indicator_types=['malicious-activity'], pattern='[file:hashes.MD5 = "d41d8cd98f00b204e9800998ecf8427e"]', + pattern_type="stix", valid_from="2017-01-01T12:34:56Z", ) assert excinfo.value.cls == stix2.v21.Indicator diff --git a/stix2/test/v21/test_malware.py b/stix2/test/v21/test_malware.py index 1817c63..9ae0ed2 100644 --- a/stix2/test/v21/test_malware.py +++ b/stix2/test/v21/test_malware.py @@ -79,7 +79,7 @@ def test_malware_required_properties(): stix2.v21.Malware() assert excinfo.value.cls == stix2.v21.Malware - assert excinfo.value.properties == ["is_family", "malware_types", "name"] + assert excinfo.value.properties == ["is_family", "malware_types"] def test_malware_required_property_name(): @@ -87,7 +87,7 @@ def test_malware_required_property_name(): stix2.v21.Malware(malware_types=['ransomware']) assert excinfo.value.cls == stix2.v21.Malware - assert excinfo.value.properties == ["is_family", "name"] + assert excinfo.value.properties == ["is_family"] def test_cannot_assign_to_malware_attributes(malware): diff --git a/stix2/test/v21/test_malware_analysis.py b/stix2/test/v21/test_malware_analysis.py index 42db919..bfb4ff4 100644 --- a/stix2/test/v21/test_malware_analysis.py +++ b/stix2/test/v21/test_malware_analysis.py @@ -26,7 +26,9 @@ MALWARE_ANALYSIS_JSON = """{ "software--46a6a91d-1160-4867-a4d1-b14e080e4e5b" ], "configuration_version": "1.7", - "module": "Super Analyzer", + "modules": [ + "Super Analyzer" + ], "analysis_engine_version": "1.2", "analysis_definition_version": "3.4", "submitted": "2018-11-23T06:45:55.747Z", diff --git a/stix2/test/v21/test_opinion.py b/stix2/test/v21/test_opinion.py index b2f6dc0..9634d6e 100644 --- a/stix2/test/v21/test_opinion.py +++ b/stix2/test/v21/test_opinion.py @@ -23,10 +23,10 @@ EXPECTED_OPINION = """{ "created": "2016-05-12T08:17:27.000Z", "modified": "2016-05-12T08:17:27.000Z", "explanation": "%s", + "opinion": "strongly-disagree", "object_refs": [ "relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471" - ], - "opinion": "strongly-disagree" + ] }""" % EXPLANATION EXPECTED_OPINION_REPR = "Opinion(" + " ".join(( @@ -37,8 +37,9 @@ EXPECTED_OPINION_REPR = "Opinion(" + " ".join(( created='2016-05-12T08:17:27.000Z', modified='2016-05-12T08:17:27.000Z', explanation="%s", - object_refs=['relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'], - opinion='strongly-disagree'""" % EXPLANATION + opinion='strongly-disagree', + object_refs=['relationship--16d2358f-3b0d-4c88-b047-0da2f7ed4471'] + """ % EXPLANATION ).split()) + ")"