diff --git a/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38.json b/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38.json new file mode 100644 index 0000000..728fff0 --- /dev/null +++ b/stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38.json @@ -0,0 +1,27 @@ +{ + "type": "malware", + "id": "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38", + "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", + "created": "2017-05-31T21:32:58.226Z", + "modified": "2018-11-16T22:54:20.390Z", + "name": "Rover", + "description": "Rover is malware suspected of being used for espionage purposes. It was used in 2015 in a targeted email sent to an Indian Ambassador to Afghanistan.[[Citation: Palo Alto Rover]]", + "labels": [ + "version four" + ], + "external_references": [ + { + "source_name": "mitre-attack", + "url": "https://attack.mitre.org/wiki/Software/S0090", + "external_id": "S0090" + }, + { + "source_name": "Palo Alto Rover", + "description": "Ray, V., Hayashi, K. (2016, February 29). New Malware \u2018Rover\u2019 Targets Indian Ambassador to Afghanistan. Retrieved February 29, 2016.", + "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-malware-rover-targets-indian-ambassador-to-afghanistan/" + } + ], + "object_marking_refs": [ + "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" + ] +} \ No newline at end of file diff --git a/stix2/test/test_datastore_filesystem.py b/stix2/test/test_datastore_filesystem.py index 0f0ca0a..7d29127 100644 --- a/stix2/test/test_datastore_filesystem.py +++ b/stix2/test/test_datastore_filesystem.py @@ -118,7 +118,7 @@ def rel_fs_store(): # errno symbolic value, but not the windows meaning... if e.errno in (errno.ENOENT, 3): continue - raise e + raise def test_filesystem_source_nonexistent_folder(): @@ -158,7 +158,7 @@ def test_filesystem_source_get_object(fs_source): mal = fs_source.get("malware--6b616fc1-1505-48e3-8b2c-0d19337bff38") assert mal.id == "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38" assert mal.name == "Rover" - assert mal.modified == datetime.datetime(2018, 11, 1, 23, 24, 48, 457000, + assert mal.modified == datetime.datetime(2018, 11, 16, 22, 54, 20, 390000, pytz.utc) @@ -200,6 +200,24 @@ def test_filesytem_source_query_multiple(fs_source): assert len(is_1.external_references) == 4 +def test_filesystem_source_backward_compatible(fs_source): + # this specific object is outside an "ID" directory; make sure we can get + # it. + modified = datetime.datetime(2018, 11, 16, 22, 54, 20, 390000, pytz.utc) + results = fs_source.query([ + Filter("type", "=", "malware"), + Filter("id", "=", "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38"), + Filter("modified", "=", modified) + ]) + + assert len(results) == 1 + result = results[0] + assert result.type == "malware" + assert result.id == "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38" + assert result.modified == modified + assert result.labels == ["version four"] + + def test_filesystem_sink_add_python_stix_object(fs_sink, fs_source): # add python stix object camp1 = Campaign(name="Hannibal", @@ -434,7 +452,7 @@ def test_filesystem_store_query_single_filter(fs_store): def test_filesystem_store_empty_query(fs_store): results = fs_store.query() # returns all - assert len(results) == 29 + assert len(results) == 30 assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [obj.id for obj in results] assert "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" in [obj.id for obj in results] @@ -448,7 +466,7 @@ def test_filesystem_store_query_multiple_filters(fs_store): def test_filesystem_store_query_dont_include_type_folder(fs_store): results = fs_store.query(Filter("type", "!=", "tool")) - assert len(results) == 27 + assert len(results) == 28 def test_filesystem_store_add(fs_store):