MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #261 from emmanvg/252-TLPMarking-constraints 

TLP marking constraints
master
Chris Lenk 2019-05-08 10:50:35 -04:00 committed by GitHub
parent 582ba2be2c 087ac35f38
commit ddd4fa3e95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 385 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
stix2/exceptions.py
View File

@ -203,3 +203,16 @@ class MarkingNotFoundError(STIXError, AssertionError):
def __str__(self):
msg = "Marking {0} was not found in {1}!"
return msg.format(self.key, self.cls.__class__.__name__)
class TLPMarkingDefinitionError(STIXError, AssertionError):
"""Marking violation. The marking-definition for TLP MUST follow the mandated instances from the spec."""
def __init__(self, user_obj, spec_obj):
super(TLPMarkingDefinitionError, self).__init__()
self.user_obj = user_obj
self.spec_obj = spec_obj
def __str__(self):
msg = "Marking {0} does not match spec marking {1}!"
return msg.format(self.user_obj, self.spec_obj)

83
stix2/markings/utils.py
View File

@ -4,8 +4,7 @@ import collections
import six
from stix2 import exceptions
from stix2.utils import is_marking
from stix2 import exceptions, utils
def _evaluate_expression(obj, selector):
@ -128,7 +127,7 @@ def compress_markings(granular_markings):
compressed = \
[
{'marking_ref': item, 'selectors': sorted(selectors)}
if is_marking(item) else
if utils.is_marking(item) else
{'lang': item, 'selectors': sorted(selectors)}
for item, selectors in six.iteritems(map_)
]
@ -255,3 +254,81 @@ def iterpath(obj, path=None):
path.pop()
path.pop()
def check_tlp_marking(marking_obj, spec_version):
# Specific TLP Marking validation case.
if marking_obj["definition_type"] == "tlp":
color = marking_obj["definition"]["tlp"]
if color == "white":
if spec_version == '2.0':
w = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "white"}, "definition_type": "tlp",'
' "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "type": "marking-definition"}'
)
else:
w = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "white"}, "definition_type": "tlp",'
' "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "type": "marking-definition",'
' "spec_version": "2.1"}'
)
if marking_obj["id"] != "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9":
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], w)
elif utils.format_datetime(marking_obj["created"]) != "2017-01-20T00:00:00.000Z":
raise exceptions.TLPMarkingDefinitionError(utils.format_datetime(marking_obj["created"]), w)
elif color == "green":
if spec_version == '2.0':
g = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "green"}, "definition_type": "tlp",'
' "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "type": "marking-definition"}'
)
else:
g = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "green"}, "definition_type": "tlp",'
' "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "type": "marking-definition",'
' "spec_version": "2.1"}'
)
if marking_obj["id"] != "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da":
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], g)
elif utils.format_datetime(marking_obj["created"]) != "2017-01-20T00:00:00.000Z":
raise exceptions.TLPMarkingDefinitionError(utils.format_datetime(marking_obj["created"]), g)
elif color == "amber":
if spec_version == '2.0':
a = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "amber"}, "definition_type": "tlp",'
' "id": "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", "type": "marking-definition"}'
)
else:
a = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "amber"}, "definition_type": "tlp",'
' "id": "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", "type": "marking-definition",'
' "spec_version": "2.1"}'
)
if marking_obj["id"] != "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82":
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], a)
elif utils.format_datetime(marking_obj["created"]) != "2017-01-20T00:00:00.000Z":
raise exceptions.TLPMarkingDefinitionError(utils.format_datetime(marking_obj["created"]), a)
elif color == "red":
if spec_version == '2.0':
r = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "red"}, "definition_type": "tlp",'
' "id": "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", "type": "marking-definition"}'
)
else:
r = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "red"}, "definition_type": "tlp",'
' "id": "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", "type": "marking-definition",'
' "spec_version": "2.1"}'
)
if marking_obj["id"] != "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed":
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], r)
elif utils.format_datetime(marking_obj["created"]) != "2017-01-20T00:00:00.000Z":
raise exceptions.TLPMarkingDefinitionError(utils.format_datetime(marking_obj["created"]), r)
else:
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], "Does not match any TLP Marking definition")

4
stix2/test/v20/test_datastore_filesystem.py
View File

@ -450,6 +450,8 @@ def test_filesystem_attempt_stix_file_overwrite(fs_store):
def test_filesystem_sink_marking(fs_sink):
marking = stix2.v20.MarkingDefinition(
id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
created="2017-01-20T00:00:00.000Z",
definition_type="tlp",
definition=stix2.v20.TLPMarking(tlp="green"),
)
@ -583,6 +585,8 @@ def test_filesystem_store_add_invalid_object(fs_store):
def test_filesystem_store_add_marking(fs_store):
marking = stix2.v20.MarkingDefinition(
id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
created="2017-01-20T00:00:00.000Z",
definition_type="tlp",
definition=stix2.v20.TLPMarking(tlp="green"),
)

133
stix2/test/v20/test_marking_definition.py Normal file
View File

@ -0,0 +1,133 @@
import pytest
from stix2 import exceptions
from stix2.v20 import (
TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, MarkingDefinition, TLPMarking,
)
def test_bad_id_marking_tlp_white():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--4c9faac1-3558-43d2-919e-95c88d3bc332',
definition_type='tlp',
definition=TLPMarking(tlp='white'),
)
def test_bad_id_marking_tlp_green():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--93023361-d3cf-4666-bca2-8c017948dc3d',
definition_type='tlp',
definition=TLPMarking(tlp='green'),
)
def test_bad_id_marking_tlp_amber():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--05e32101-a940-42ba-8fe9-39283b999ce4',
definition_type='tlp',
definition=TLPMarking(tlp='amber'),
)
def test_bad_id_marking_tlp_red():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--9eceb00c-c158-43f4-87f8-1e3648de17e2',
definition_type='tlp',
definition=TLPMarking(tlp='red'),
)
def test_bad_created_marking_tlp_white():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9',
definition_type='tlp',
definition=TLPMarking(tlp='white'),
)
def test_bad_created_marking_tlp_green():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da',
definition_type='tlp',
definition=TLPMarking(tlp='green'),
)
def test_bad_created_marking_tlp_amber():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82',
definition_type='tlp',
definition=TLPMarking(tlp='amber'),
)
def test_bad_created_marking_tlp_red():
with pytest.raises(exceptions.TLPMarkingDefinitionError) as excinfo:
MarkingDefinition(
id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed',
definition_type='tlp',
definition=TLPMarking(tlp='red'),
)
assert "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" in str(excinfo.value)
def test_successful_tlp_white():
white = MarkingDefinition(
id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9',
created='2017-01-20T00:00:00.000Z',
definition_type='tlp',
definition=TLPMarking(tlp='white'),
)
assert white.serialize(sort_keys=True) == TLP_WHITE.serialize(sort_keys=True)
def test_successful_tlp_green():
green = MarkingDefinition(
id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da',
created='2017-01-20T00:00:00.000Z',
definition_type='tlp',
definition=TLPMarking(tlp='green'),
)
assert green.serialize(sort_keys=True) == TLP_GREEN.serialize(sort_keys=True)
def test_successful_tlp_amber():
amber = MarkingDefinition(
id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82',
created='2017-01-20T00:00:00.000Z',
definition_type='tlp',
definition=TLPMarking(tlp='amber'),
)
assert amber.serialize(sort_keys=True) == TLP_AMBER.serialize(sort_keys=True)
def test_successful_tlp_red():
red = MarkingDefinition(
id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed',
created='2017-01-20T00:00:00.000Z',
definition_type='tlp',
definition=TLPMarking(tlp='red'),
)
assert red.serialize(sort_keys=True) == TLP_RED.serialize(sort_keys=True)
def test_unknown_tlp_marking():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
definition_type='tlp',
definition=TLPMarking(tlp='gray'),
)

4
stix2/test/v21/test_datastore_filesystem.py
View File

@ -421,6 +421,8 @@ def test_filesystem_sink_add_objects_list(fs_sink, fs_source):
def test_filesystem_sink_marking(fs_sink):
marking = stix2.v21.MarkingDefinition(
id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
created="2017-01-20T00:00:00.000Z",
definition_type="tlp",
definition=stix2.v21.TLPMarking(tlp="green"),
)
@ -554,6 +556,8 @@ def test_filesystem_store_add_invalid_object(fs_store):
def test_filesystem_store_add_marking(fs_store):
marking = stix2.v21.MarkingDefinition(
id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
created="2017-01-20T00:00:00.000Z",
definition_type="tlp",
definition=stix2.v21.TLPMarking(tlp="green"),
)

133
stix2/test/v21/test_marking_definition.py Normal file
View File

@ -0,0 +1,133 @@
import pytest
from stix2 import exceptions
from stix2.v21 import (
TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, MarkingDefinition, TLPMarking,
)
def test_bad_id_marking_tlp_white():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--4c9faac1-3558-43d2-919e-95c88d3bc332',
definition_type='tlp',
definition=TLPMarking(tlp='white'),
)
def test_bad_id_marking_tlp_green():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--93023361-d3cf-4666-bca2-8c017948dc3d',
definition_type='tlp',
definition=TLPMarking(tlp='green'),
)
def test_bad_id_marking_tlp_amber():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--05e32101-a940-42ba-8fe9-39283b999ce4',
definition_type='tlp',
definition=TLPMarking(tlp='amber'),
)
def test_bad_id_marking_tlp_red():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--9eceb00c-c158-43f4-87f8-1e3648de17e2',
definition_type='tlp',
definition=TLPMarking(tlp='red'),
)
def test_bad_created_marking_tlp_white():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9',
definition_type='tlp',
definition=TLPMarking(tlp='white'),
)
def test_bad_created_marking_tlp_green():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da',
definition_type='tlp',
definition=TLPMarking(tlp='green'),
)
def test_bad_created_marking_tlp_amber():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82',
definition_type='tlp',
definition=TLPMarking(tlp='amber'),
)
def test_bad_created_marking_tlp_red():
with pytest.raises(exceptions.TLPMarkingDefinitionError) as excinfo:
MarkingDefinition(
id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed',
definition_type='tlp',
definition=TLPMarking(tlp='red'),
)
assert "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed" in str(excinfo.value)
def test_successful_tlp_white():
white = MarkingDefinition(
id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9',
created='2017-01-20T00:00:00.000Z',
definition_type='tlp',
definition=TLPMarking(tlp='white'),
)
assert white.serialize(sort_keys=True) == TLP_WHITE.serialize(sort_keys=True)
def test_successful_tlp_green():
green = MarkingDefinition(
id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da',
created='2017-01-20T00:00:00.000Z',
definition_type='tlp',
definition=TLPMarking(tlp='green'),
)
assert green.serialize(sort_keys=True) == TLP_GREEN.serialize(sort_keys=True)
def test_successful_tlp_amber():
amber = MarkingDefinition(
id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82',
created='2017-01-20T00:00:00.000Z',
definition_type='tlp',
definition=TLPMarking(tlp='amber'),
)
assert amber.serialize(sort_keys=True) == TLP_AMBER.serialize(sort_keys=True)
def test_successful_tlp_red():
red = MarkingDefinition(
id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed',
created='2017-01-20T00:00:00.000Z',
definition_type='tlp',
definition=TLPMarking(tlp='red'),
)
assert red.serialize(sort_keys=True) == TLP_RED.serialize(sort_keys=True)
def test_unknown_tlp_marking():
with pytest.raises(exceptions.TLPMarkingDefinitionError):
MarkingDefinition(
definition_type='tlp',
definition=TLPMarking(tlp='gray'),
)

9
stix2/v20/common.py
View File

@ -6,6 +6,7 @@ import copy
from ..base import _STIXBase
from ..custom import _custom_marking_builder
from ..markings import _MarkingsMixin
from ..markings.utils import check_tlp_marking
from ..properties import (
HashesProperty, IDProperty, ListProperty, Property, ReferenceProperty,
SelectorProperty, StringProperty, TimestampProperty, TypeProperty,
@ -134,6 +135,14 @@ class MarkingDefinition(_STIXBase, _MarkingsMixin):
super(MarkingDefinition, self).__init__(**kwargs)
def _check_object_constraints(self):
super(MarkingDefinition, self)._check_object_constraints()
check_tlp_marking(self, '2.0')
def serialize(self, pretty=False, include_optional_defaults=False, **kwargs):
check_tlp_marking(self, '2.0')
return super(MarkingDefinition, self).serialize(pretty, include_optional_defaults, **kwargs)
OBJ_MAP_MARKING = {
'tlp': TLPMarking,

9
stix2/v21/common.py
View File

@ -6,6 +6,7 @@ import copy
from ..base import _STIXBase
from ..custom import _custom_marking_builder
from ..markings import _MarkingsMixin
from ..markings.utils import check_tlp_marking
from ..properties import (
BooleanProperty, DictionaryProperty, HashesProperty, IDProperty,
IntegerProperty, ListProperty, Property, ReferenceProperty,
@ -174,6 +175,14 @@ class MarkingDefinition(_STIXBase, _MarkingsMixin):
super(MarkingDefinition, self).__init__(**kwargs)
def _check_object_constraints(self):
super(MarkingDefinition, self)._check_object_constraints()
check_tlp_marking(self, '2.1')
def serialize(self, pretty=False, include_optional_defaults=False, **kwargs):
check_tlp_marking(self, '2.1')
return super(MarkingDefinition, self).serialize(pretty, include_optional_defaults, **kwargs)
OBJ_MAP_MARKING = {
'tlp': TLPMarking,