MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:oasis-open/cti-python-stix2

master
chrisr3d 2020-01-31 11:38:26 +01:00
parent 96946d956d 7c186b0a06
commit dece917a68
6 changed files with 38 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
stix2/markings/utils.py
View File

@ -271,8 +271,8 @@ def check_tlp_marking(marking_obj, spec_version):
else: else:
w = ( w = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "white"}, "definition_type": "tlp",' '{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "white"}, "definition_type": "tlp",'
' "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "type": "marking-definition",' ' "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "name": "TLP:WHITE",'
' "spec_version": "2.1"}' ' "type": "marking-definition", "spec_version": "2.1"}'
) )
if marking_obj["id"] != "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9": if marking_obj["id"] != "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9":
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], w) raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], w)
@ -288,8 +288,8 @@ def check_tlp_marking(marking_obj, spec_version):
else: else:
g = ( g = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "green"}, "definition_type": "tlp",' '{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "green"}, "definition_type": "tlp",'
' "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "type": "marking-definition",' ' "id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", "name": "TLP:GREEN",'
' "spec_version": "2.1"}' ' "type": "marking-definition", "spec_version": "2.1"}'
) )
if marking_obj["id"] != "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da": if marking_obj["id"] != "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da":
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], g) raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], g)
@ -305,8 +305,8 @@ def check_tlp_marking(marking_obj, spec_version):
else: else:
a = ( a = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "amber"}, "definition_type": "tlp",' '{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "amber"}, "definition_type": "tlp",'
' "id": "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", "type": "marking-definition",' ' "id": "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82", "name": "TLP:AMBER",'
' "spec_version": "2.1"}' ' "type": "marking-definition", "spec_version": "2.1"}'
) )
if marking_obj["id"] != "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82": if marking_obj["id"] != "marking-definition--f88d31f6-486f-44da-b317-01333bde0b82":
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], a) raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], a)
@ -322,8 +322,8 @@ def check_tlp_marking(marking_obj, spec_version):
else: else:
r = ( r = (
'{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "red"}, "definition_type": "tlp",' '{"created": "2017-01-20T00:00:00.000Z", "definition": {"tlp": "red"}, "definition_type": "tlp",'
' "id": "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", "type": "marking-definition",' ' "id": "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed", "name": "TLP:RED",'
' "spec_version": "2.1"}' ' "type": "marking-definition", "spec_version": "2.1"}'
) )
if marking_obj["id"] != "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed": if marking_obj["id"] != "marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed":
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], r) raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], r)

8
stix2/pattern_visitor.py
View File

@ -2,7 +2,9 @@ import importlib
import inspect import inspect
from antlr4 import CommonTokenStream, InputStream from antlr4 import CommonTokenStream, InputStream
from antlr4.tree.Trees import Trees
import six import six
from stix2patterns.exceptions import ParseException
from stix2patterns.grammars.STIXPatternLexer import STIXPatternLexer from stix2patterns.grammars.STIXPatternLexer import STIXPatternLexer
from stix2patterns.grammars.STIXPatternParser import ( from stix2patterns.grammars.STIXPatternParser import (
STIXPatternParser, TerminalNode, STIXPatternParser, TerminalNode,
@ -305,7 +307,10 @@ class STIXPatternVisitorForSTIX2(STIXPatternVisitor):
elif node.symbol.type == STIXPatternParser.BinaryLiteral: elif node.symbol.type == STIXPatternParser.BinaryLiteral:
return BinaryConstant(node.getText(), from_parse_tree=True) return BinaryConstant(node.getText(), from_parse_tree=True)
elif node.symbol.type == STIXPatternParser.StringLiteral: elif node.symbol.type == STIXPatternParser.StringLiteral:
return StringConstant(node.getText().strip('\''), from_parse_tree=True) if node.getText()[0] == "'" and node.getText()[-1] == "'":
return StringConstant(node.getText()[1:-1], from_parse_tree=True)
else:
raise ParseException("The pattern does not start and end with a single quote")
elif node.symbol.type == STIXPatternParser.BoolLiteral: elif node.symbol.type == STIXPatternParser.BoolLiteral:
return BooleanConstant(node.getText()) return BooleanConstant(node.getText())
elif node.symbol.type == STIXPatternParser.TimestampLiteral: elif node.symbol.type == STIXPatternParser.TimestampLiteral:
@ -345,6 +350,7 @@ def create_pattern_object(pattern, module_suffix="", module_name=""):
stream = CommonTokenStream(lexer) stream = CommonTokenStream(lexer)
parser = STIXPatternParser(stream) parser = STIXPatternParser(stream)
parser.buildParseTrees = True parser.buildParseTrees = True
# it always adds a console listener by default... remove it. # it always adds a console listener by default... remove it.
parser.removeErrorListeners() parser.removeErrorListeners()

12
stix2/test/v21/test_marking_definition.py
View File

@ -12,6 +12,7 @@ def test_bad_id_marking_tlp_white():
MarkingDefinition( MarkingDefinition(
id='marking-definition--4c9faac1-3558-43d2-919e-95c88d3bc332', id='marking-definition--4c9faac1-3558-43d2-919e-95c88d3bc332',
definition_type='tlp', definition_type='tlp',
name='TLP:WHITE',
definition=TLPMarking(tlp='white'), definition=TLPMarking(tlp='white'),
) )
@ -21,6 +22,7 @@ def test_bad_id_marking_tlp_green():
MarkingDefinition( MarkingDefinition(
id='marking-definition--93023361-d3cf-4666-bca2-8c017948dc3d', id='marking-definition--93023361-d3cf-4666-bca2-8c017948dc3d',
definition_type='tlp', definition_type='tlp',
name='TLP:GREEN',
definition=TLPMarking(tlp='green'), definition=TLPMarking(tlp='green'),
) )
@ -30,6 +32,7 @@ def test_bad_id_marking_tlp_amber():
MarkingDefinition( MarkingDefinition(
id='marking-definition--05e32101-a940-42ba-8fe9-39283b999ce4', id='marking-definition--05e32101-a940-42ba-8fe9-39283b999ce4',
definition_type='tlp', definition_type='tlp',
name='TLP:AMBER',
definition=TLPMarking(tlp='amber'), definition=TLPMarking(tlp='amber'),
) )
@ -39,6 +42,7 @@ def test_bad_id_marking_tlp_red():
MarkingDefinition( MarkingDefinition(
id='marking-definition--9eceb00c-c158-43f4-87f8-1e3648de17e2', id='marking-definition--9eceb00c-c158-43f4-87f8-1e3648de17e2',
definition_type='tlp', definition_type='tlp',
name='TLP:RED',
definition=TLPMarking(tlp='red'), definition=TLPMarking(tlp='red'),
) )
@ -48,6 +52,7 @@ def test_bad_created_marking_tlp_white():
MarkingDefinition( MarkingDefinition(
id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9', id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9',
definition_type='tlp', definition_type='tlp',
name='TLP:WHITE',
definition=TLPMarking(tlp='white'), definition=TLPMarking(tlp='white'),
) )
@ -57,6 +62,7 @@ def test_bad_created_marking_tlp_green():
MarkingDefinition( MarkingDefinition(
id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da', id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da',
definition_type='tlp', definition_type='tlp',
name='TLP:GREEN',
definition=TLPMarking(tlp='green'), definition=TLPMarking(tlp='green'),
) )
@ -66,6 +72,7 @@ def test_bad_created_marking_tlp_amber():
MarkingDefinition( MarkingDefinition(
id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82', id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82',
definition_type='tlp', definition_type='tlp',
name='TLP:AMBER',
definition=TLPMarking(tlp='amber'), definition=TLPMarking(tlp='amber'),
) )
@ -75,6 +82,7 @@ def test_bad_created_marking_tlp_red():
MarkingDefinition( MarkingDefinition(
id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed', id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed',
definition_type='tlp', definition_type='tlp',
name='TLP:RED',
definition=TLPMarking(tlp='red'), definition=TLPMarking(tlp='red'),
) )
@ -86,6 +94,7 @@ def test_successful_tlp_white():
id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9', id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9',
created='2017-01-20T00:00:00.000Z', created='2017-01-20T00:00:00.000Z',
definition_type='tlp', definition_type='tlp',
name='TLP:WHITE',
definition=TLPMarking(tlp='white'), definition=TLPMarking(tlp='white'),
) )
@ -97,6 +106,7 @@ def test_successful_tlp_green():
id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da', id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da',
created='2017-01-20T00:00:00.000Z', created='2017-01-20T00:00:00.000Z',
definition_type='tlp', definition_type='tlp',
name='TLP:GREEN',
definition=TLPMarking(tlp='green'), definition=TLPMarking(tlp='green'),
) )
@ -108,6 +118,7 @@ def test_successful_tlp_amber():
id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82', id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82',
created='2017-01-20T00:00:00.000Z', created='2017-01-20T00:00:00.000Z',
definition_type='tlp', definition_type='tlp',
name='TLP:AMBER',
definition=TLPMarking(tlp='amber'), definition=TLPMarking(tlp='amber'),
) )
@ -119,6 +130,7 @@ def test_successful_tlp_red():
id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed', id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed',
created='2017-01-20T00:00:00.000Z', created='2017-01-20T00:00:00.000Z',
definition_type='tlp', definition_type='tlp',
name='TLP:RED',
definition=TLPMarking(tlp='red'), definition=TLPMarking(tlp='red'),
) )

1
stix2/test/v21/test_markings.py
View File

@ -16,6 +16,7 @@ EXPECTED_TLP_MARKING_DEFINITION = """{
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z", "created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp", "definition_type": "tlp",
"name": "TLP:WHITE",
"definition": { "definition": {
"tlp": "white" "tlp": "white"
} }

5
stix2/test/v21/test_pattern_expressions.py
View File

@ -510,3 +510,8 @@ def test_parsing_qualified_expression():
def test_list_constant(): def test_list_constant():
patt_obj = create_pattern_object("[network-traffic:src_ref.value IN ('10.0.0.0', '10.0.0.1', '10.0.0.2')]") patt_obj = create_pattern_object("[network-traffic:src_ref.value IN ('10.0.0.0', '10.0.0.1', '10.0.0.2')]")
assert str(patt_obj) == "[network-traffic:src_ref.value IN ('10.0.0.0', '10.0.0.1', '10.0.0.2')]" assert str(patt_obj) == "[network-traffic:src_ref.value IN ('10.0.0.0', '10.0.0.1', '10.0.0.2')]"
def test_parsing_multiple_slashes_quotes():
patt_obj = create_pattern_object("[ file:name = 'weird_name\\'' ]")
assert str(patt_obj) == "[file:name = 'weird_name\\'']"

5
stix2/v21/common.py
View File

@ -150,6 +150,7 @@ class MarkingDefinition(_STIXBase, _MarkingsMixin):
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)), ('granular_markings', ListProperty(GranularMarking)),
('definition_type', StringProperty(required=True)), ('definition_type', StringProperty(required=True)),
('name', StringProperty()),
('definition', MarkingProperty(required=True)), ('definition', MarkingProperty(required=True)),
]) ])
@ -213,6 +214,7 @@ TLP_WHITE = MarkingDefinition(
id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9', id='marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9',
created='2017-01-20T00:00:00.000Z', created='2017-01-20T00:00:00.000Z',
definition_type='tlp', definition_type='tlp',
name='TLP:WHITE',
definition=TLPMarking(tlp='white'), definition=TLPMarking(tlp='white'),
) )
@ -220,6 +222,7 @@ TLP_GREEN = MarkingDefinition(
id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da', id='marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da',
created='2017-01-20T00:00:00.000Z', created='2017-01-20T00:00:00.000Z',
definition_type='tlp', definition_type='tlp',
name='TLP:GREEN',
definition=TLPMarking(tlp='green'), definition=TLPMarking(tlp='green'),
) )
@ -227,6 +230,7 @@ TLP_AMBER = MarkingDefinition(
id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82', id='marking-definition--f88d31f6-486f-44da-b317-01333bde0b82',
created='2017-01-20T00:00:00.000Z', created='2017-01-20T00:00:00.000Z',
definition_type='tlp', definition_type='tlp',
name='TLP:AMBER',
definition=TLPMarking(tlp='amber'), definition=TLPMarking(tlp='amber'),
) )
@ -234,5 +238,6 @@ TLP_RED = MarkingDefinition(
id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed', id='marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed',
created='2017-01-20T00:00:00.000Z', created='2017-01-20T00:00:00.000Z',
definition_type='tlp', definition_type='tlp',
name='TLP:RED',
definition=TLPMarking(tlp='red'), definition=TLPMarking(tlp='red'),
) )