From 94638841706b3706b61e01cd270cf1127f51f9f2 Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Tue, 28 Jan 2020 13:19:23 -0500 Subject: [PATCH 1/4] add optional "name" StringProperty to MarkingDefinition update TLP_* v21 constants according to spec --- stix2/v21/common.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/stix2/v21/common.py b/stix2/v21/common.py index 4a71308..cf3a3b3 100644 --- a/stix2/v21/common.py +++ b/stix2/v21/common.py @@ -150,6 +150,7 @@ class MarkingDefinition(_STIXBase, _MarkingsMixin): ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('granular_markings', ListProperty(GranularMarking)), ('definition_type', StringProperty(required=True)), + ('name', StringProperty()), ('definition', MarkingProperty(required=True)), ]) @@ -207,6 +208,7 @@ TLP_WHITE = MarkingDefinition( id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9', created='2017-01-20T00:00:00.000Z', definition_type='tlp', + name='TLP:WHITE', definition=TLPMarking(tlp='white'), ) @@ -214,6 +216,7 @@ TLP_GREEN = MarkingDefinition( id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da', created='2017-01-20T00:00:00.000Z', definition_type='tlp', + name='TLP:GREEN', definition=TLPMarking(tlp='green'), ) @@ -221,6 +224,7 @@ TLP_AMBER = MarkingDefinition( id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82', created='2017-01-20T00:00:00.000Z', definition_type='tlp', + name='TLP:AMBER', definition=TLPMarking(tlp='amber'), ) @@ -228,5 +232,6 @@ TLP_RED = MarkingDefinition( id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed', created='2017-01-20T00:00:00.000Z', definition_type='tlp', + name='TLP:RED', definition=TLPMarking(tlp='red'), ) From 6f4e819c7310a6f52a4a6f8b8e893ff55b418c17 Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Tue, 28 Jan 2020 13:20:20 -0500 Subject: [PATCH 2/4] update check_tlp_marking() to contain new representation for TLP markings --- stix2/markings/utils.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/stix2/markings/utils.py b/stix2/markings/utils.py index b1c103b..41516cc 100644 --- a/stix2/markings/utils.py +++ b/stix2/markings/utils.py @@ -271,8 +271,8 @@ def check_tlp_marking(marking_obj, spec_version): else: w = ( '{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "white"}, "definition_type": "tlp",' - ' "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "type": "marking-definition",' - ' "spec_version": "2.1"}' + ' "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "name": "TLP:WHITE",' + ' "type": "marking-definition", "spec_version": "2.1"}' ) if marking_obj["id"] != "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9": raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], w) @@ -288,8 +288,8 @@ def check_tlp_marking(marking_obj, spec_version): else: g = ( '{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "green"}, "definition_type": "tlp",' - ' "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "type": "marking-definition",' - ' "spec_version": "2.1"}' + ' "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "name": "TLP:GREEN",' + ' "type": "marking-definition", "spec_version": "2.1"}' ) if marking_obj["id"] != "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da": raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], g) @@ -305,8 +305,8 @@ def check_tlp_marking(marking_obj, spec_version): else: a = ( '{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "amber"}, "definition_type": "tlp",' - ' "id": "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", "type": "marking-definition",' - ' "spec_version": "2.1"}' + ' "id": "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", "name": "TLP:AMBER",' + ' "type": "marking-definition", "spec_version": "2.1"}' ) if marking_obj["id"] != "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82": raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], a) @@ -322,8 +322,8 @@ def check_tlp_marking(marking_obj, spec_version): else: r = ( '{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "red"}, "definition_type": "tlp",' - ' "id": "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", "type": "marking-definition",' - ' "spec_version": "2.1"}' + ' "id": "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", "name": "TLP:RED",' + ' "type": "marking-definition", "spec_version": "2.1"}' ) if marking_obj["id"] != "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed": raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], r) From 88426de4241533915ec7f0286254d28d0b03137d Mon Sep 17 00:00:00 2001 From: Emmanuelle Vargas-Gonzalez Date: Tue, 28 Jan 2020 13:20:58 -0500 Subject: [PATCH 3/4] update test suite to include new property present in TLP Markings --- stix2/test/v21/test_marking_definition.py | 12 ++++++++++++ stix2/test/v21/test_markings.py | 1 + 2 files changed, 13 insertions(+) diff --git a/stix2/test/v21/test_marking_definition.py b/stix2/test/v21/test_marking_definition.py index c497e99..232bdf2 100644 --- a/stix2/test/v21/test_marking_definition.py +++ b/stix2/test/v21/test_marking_definition.py @@ -12,6 +12,7 @@ def test_bad_id_marking_tlp_white(): MarkingDefinition( id='marking-definition--4c9faac1-3558-43d2-919e-95c88d3bc332', definition_type='tlp', + name='TLP:WHITE', definition=TLPMarking(tlp='white'), ) @@ -21,6 +22,7 @@ def test_bad_id_marking_tlp_green(): MarkingDefinition( id='marking-definition--93023361-d3cf-4666-bca2-8c017948dc3d', definition_type='tlp', + name='TLP:GREEN', definition=TLPMarking(tlp='green'), ) @@ -30,6 +32,7 @@ def test_bad_id_marking_tlp_amber(): MarkingDefinition( id='marking-definition--05e32101-a940-42ba-8fe9-39283b999ce4', definition_type='tlp', + name='TLP:AMBER', definition=TLPMarking(tlp='amber'), ) @@ -39,6 +42,7 @@ def test_bad_id_marking_tlp_red(): MarkingDefinition( id='marking-definition--9eceb00c-c158-43f4-87f8-1e3648de17e2', definition_type='tlp', + name='TLP:RED', definition=TLPMarking(tlp='red'), ) @@ -48,6 +52,7 @@ def test_bad_created_marking_tlp_white(): MarkingDefinition( id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9', definition_type='tlp', + name='TLP:WHITE', definition=TLPMarking(tlp='white'), ) @@ -57,6 +62,7 @@ def test_bad_created_marking_tlp_green(): MarkingDefinition( id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da', definition_type='tlp', + name='TLP:GREEN', definition=TLPMarking(tlp='green'), ) @@ -66,6 +72,7 @@ def test_bad_created_marking_tlp_amber(): MarkingDefinition( id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82', definition_type='tlp', + name='TLP:AMBER', definition=TLPMarking(tlp='amber'), ) @@ -75,6 +82,7 @@ def test_bad_created_marking_tlp_red(): MarkingDefinition( id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed', definition_type='tlp', + name='TLP:RED', definition=TLPMarking(tlp='red'), ) @@ -86,6 +94,7 @@ def test_successful_tlp_white(): id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9', created='2017-01-20T00:00:00.000Z', definition_type='tlp', + name='TLP:WHITE', definition=TLPMarking(tlp='white'), ) @@ -97,6 +106,7 @@ def test_successful_tlp_green(): id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da', created='2017-01-20T00:00:00.000Z', definition_type='tlp', + name='TLP:GREEN', definition=TLPMarking(tlp='green'), ) @@ -108,6 +118,7 @@ def test_successful_tlp_amber(): id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82', created='2017-01-20T00:00:00.000Z', definition_type='tlp', + name='TLP:AMBER', definition=TLPMarking(tlp='amber'), ) @@ -119,6 +130,7 @@ def test_successful_tlp_red(): id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed', created='2017-01-20T00:00:00.000Z', definition_type='tlp', + name='TLP:RED', definition=TLPMarking(tlp='red'), ) diff --git a/stix2/test/v21/test_markings.py b/stix2/test/v21/test_markings.py index 1f9f5e8..a2fca51 100644 --- a/stix2/test/v21/test_markings.py +++ b/stix2/test/v21/test_markings.py @@ -16,6 +16,7 @@ EXPECTED_TLP_MARKING_DEFINITION = """{ "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", + "name": "TLP:WHITE", "definition": { "tlp": "white" } From 5b07887edcbdfb1af8df2072e35daf5615739230 Mon Sep 17 00:00:00 2001 From: "Desai, Kartikey H" Date: Mon, 27 Jan 2020 16:18:41 -0500 Subject: [PATCH 4/4] Fixes #303 --- stix2/pattern_visitor.py | 8 +++++++- stix2/test/v21/test_pattern_expressions.py | 5 +++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/stix2/pattern_visitor.py b/stix2/pattern_visitor.py index 16e4d3c..b2d7a53 100644 --- a/stix2/pattern_visitor.py +++ b/stix2/pattern_visitor.py @@ -2,7 +2,9 @@ import importlib import inspect from antlr4 import CommonTokenStream, InputStream +from antlr4.tree.Trees import Trees import six +from stix2patterns.exceptions import ParseException from stix2patterns.grammars.STIXPatternLexer import STIXPatternLexer from stix2patterns.grammars.STIXPatternParser import ( STIXPatternParser, TerminalNode, @@ -305,7 +307,10 @@ class STIXPatternVisitorForSTIX2(STIXPatternVisitor): elif node.symbol.type == STIXPatternParser.BinaryLiteral: return BinaryConstant(node.getText(), from_parse_tree=True) elif node.symbol.type == STIXPatternParser.StringLiteral: - return StringConstant(node.getText().strip('\''), from_parse_tree=True) + if node.getText()[0] == "'" and node.getText()[-1] == "'": + return StringConstant(node.getText()[1:-1], from_parse_tree=True) + else: + raise ParseException("The pattern does not start and end with a single quote") elif node.symbol.type == STIXPatternParser.BoolLiteral: return BooleanConstant(node.getText()) elif node.symbol.type == STIXPatternParser.TimestampLiteral: @@ -345,6 +350,7 @@ def create_pattern_object(pattern, module_suffix="", module_name=""): stream = CommonTokenStream(lexer) parser = STIXPatternParser(stream) + parser.buildParseTrees = True # it always adds a console listener by default... remove it. parser.removeErrorListeners() diff --git a/stix2/test/v21/test_pattern_expressions.py b/stix2/test/v21/test_pattern_expressions.py index 23a401b..76880be 100644 --- a/stix2/test/v21/test_pattern_expressions.py +++ b/stix2/test/v21/test_pattern_expressions.py @@ -510,3 +510,8 @@ def test_parsing_qualified_expression(): def test_list_constant(): patt_obj = create_pattern_object("[network-traffic:src_ref.value IN ('10.0.0.0', '10.0.0.1', '10.0.0.2')]") assert str(patt_obj) == "[network-traffic:src_ref.value IN ('10.0.0.0', '10.0.0.1', '10.0.0.2')]" + + +def test_parsing_multiple_slashes_quotes(): + patt_obj = create_pattern_object("[ file:name = 'weird_name\\'' ]") + assert str(patt_obj) == "[file:name = 'weird_name\\'']"