MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

patch: updated stix2 module name

pull/3/head
bharatarya 2024-01-15 22:48:45 +05:30
parent 9d2c208c54
commit ea1df9093a
228 changed files with 2728 additions and 2728 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/conf.py
View File

@ -6,9 +6,9 @@ import sys
from sphinx.ext.autodoc import ClassDocumenter from sphinx.ext.autodoc import ClassDocumenter
from stix2.base import _STIXBase from misp_lib_stix2.base import _STIXBase
from stix2.equivalence.object import WEIGHTS from misp_lib_stix2.equivalence.object import WEIGHTS
from stix2.version import __version__ from misp_lib_stix2.version import __version__
sys.path.insert(0, os.path.abspath('..')) sys.path.insert(0, os.path.abspath('..'))

6
examples/taxii_example.py
View File

@ -1,6 +1,6 @@
from taxii2client.v21 import Collection from taxii2client.v21 import Collection
import stix2 import misp_lib_stix2
# This example is based on the medallion server with default_data.json # This example is based on the medallion server with default_data.json
# See https://github.com/oasis-open/cti-taxii-server for more information # See https://github.com/oasis-open/cti-taxii-server for more information
@ -13,7 +13,7 @@ def main():
) )
# instantiate TAXII data source # instantiate TAXII data source
taxii = stix2.TAXIICollectionSource(collection) taxii = misp_lib_stix2.TAXIICollectionSource(collection)
# get (url watch indicator) # get (url watch indicator)
indicator_fw = taxii.get("indicator--6770298f-0fd8-471a-ab8c-1c658a46574e") indicator_fw = taxii.get("indicator--6770298f-0fd8-471a-ab8c-1c658a46574e")
@ -27,7 +27,7 @@ def main():
print(indicator.serialize(indent=4)) print(indicator.serialize(indent=4))
# add TAXII filter (ie filter should be passed to TAXII) # add TAXII filter (ie filter should be passed to TAXII)
query_filter = stix2.Filter("type", "in", "malware") query_filter = misp_lib_stix2.Filter("type", "in", "malware")
# query() - but with filter attached. There are no malware objects in this collection # query() - but with filter attached. There are no malware objects in this collection
malwares = taxii.query(query=query_filter) malwares = taxii.query(query=query_filter)

0
stix2/__init__.py → misp_lib_stix2/__init__.py
View File

16
stix2/base.py → misp_lib_stix2/base.py
View File

@ -9,8 +9,8 @@ import uuid
import simplejson as json import simplejson as json
import stix2 import misp_lib_stix2
from stix2.canonicalization.Canonicalize import canonicalize from misp_lib_stix2.canonicalization.Canonicalize import canonicalize
from .exceptions import ( from .exceptions import (
AtLeastOnePropertyError, DependentPropertiesError, ExtraPropertiesError, AtLeastOnePropertyError, DependentPropertiesError, ExtraPropertiesError,
@ -120,11 +120,11 @@ class _STIXBase(collections.abc.Mapping):
self.__now = get_timestamp() self.__now = get_timestamp()
self.__INTEROPERABILITY_types = ( self.__INTEROPERABILITY_types = (
stix2.properties.EmbeddedObjectProperty, stix2.properties.EnumProperty, misp_lib_stix2.properties.EmbeddedObjectProperty, misp_lib_stix2.properties.EnumProperty,
stix2.properties.ExtensionsProperty, stix2.properties.DictionaryProperty, misp_lib_stix2.properties.ExtensionsProperty, misp_lib_stix2.properties.DictionaryProperty,
stix2.properties.HashesProperty, stix2.properties.IDProperty, misp_lib_stix2.properties.HashesProperty, misp_lib_stix2.properties.IDProperty,
stix2.properties.ListProperty, stix2.properties.OpenVocabProperty, misp_lib_stix2.properties.ListProperty, misp_lib_stix2.properties.OpenVocabProperty,
stix2.properties.ReferenceProperty, stix2.properties.SelectorProperty, misp_lib_stix2.properties.ReferenceProperty, misp_lib_stix2.properties.SelectorProperty,
) )
custom_props = kwargs.pop('custom_properties', {}) custom_props = kwargs.pop('custom_properties', {})
@ -172,7 +172,7 @@ class _STIXBase(collections.abc.Mapping):
all_custom_prop_names = (custom_kwargs | custom_props.keys()) - \ all_custom_prop_names = (custom_kwargs | custom_props.keys()) - \
self._properties.keys() self._properties.keys()
if all_custom_prop_names: if all_custom_prop_names:
if not isinstance(self, stix2.v20._STIXBase20): if not isinstance(self, misp_lib_stix2.v20._STIXBase20):
for prop_name in all_custom_prop_names: for prop_name in all_custom_prop_names:
if not re.match(PREFIX_21_REGEX, prop_name): if not re.match(PREFIX_21_REGEX, prop_name):
raise InvalidValueError( raise InvalidValueError(

2
stix2/canonicalization/Canonicalize.py → misp_lib_stix2/canonicalization/Canonicalize.py
View File

@ -22,7 +22,7 @@
import re import re
from stix2.canonicalization.NumberToJson import convert2Es6Format from misp_lib_stix2.canonicalization.NumberToJson import convert2Es6Format
try: try:
from _json import encode_basestring_ascii as c_encode_basestring_ascii from _json import encode_basestring_ascii as c_encode_basestring_ascii

0
stix2/canonicalization/NumberToJson.py → misp_lib_stix2/canonicalization/NumberToJson.py
View File

0
stix2/canonicalization/__init__.py → misp_lib_stix2/canonicalization/__init__.py
View File

0
stix2/confidence/__init__.py → misp_lib_stix2/confidence/__init__.py
View File

0
stix2/confidence/scales.py → misp_lib_stix2/confidence/scales.py
View File

0
stix2/custom.py → misp_lib_stix2/custom.py
View File

4
stix2/datastore/__init__.py → misp_lib_stix2/datastore/__init__.py
View File

@ -15,8 +15,8 @@ Python STIX2 DataStore API.
from abc import ABCMeta, abstractmethod from abc import ABCMeta, abstractmethod
import uuid import uuid
from stix2.datastore.filters import Filter, FilterSet from misp_lib_stix2.datastore.filters import Filter, FilterSet
from stix2.utils import deduplicate from misp_lib_stix2.utils import deduplicate
def make_id(): def make_id():

14
stix2/datastore/filesystem.py → misp_lib_stix2/datastore/filesystem.py
View File

@ -6,15 +6,15 @@ import os
import re import re
import stat import stat
from stix2 import v20, v21 from misp_lib_stix2 import v20, v21
from stix2.base import _STIXBase from misp_lib_stix2.base import _STIXBase
from stix2.datastore import ( from misp_lib_stix2.datastore import (
DataSink, DataSource, DataSourceError, DataStoreMixin, DataSink, DataSource, DataSourceError, DataStoreMixin,
) )
from stix2.datastore.filters import Filter, FilterSet, apply_common_filters from misp_lib_stix2.datastore.filters import Filter, FilterSet, apply_common_filters
from stix2.parsing import parse from misp_lib_stix2.parsing import parse
from stix2.serialization import fp_serialize from misp_lib_stix2.serialization import fp_serialize
from stix2.utils import format_datetime, get_type_from_id, parse_into_datetime from misp_lib_stix2.utils import format_datetime, get_type_from_id, parse_into_datetime
def _timestamp2filename(timestamp): def _timestamp2filename(timestamp):

4
stix2/datastore/filters.py → misp_lib_stix2/datastore/filters.py
View File

@ -3,7 +3,7 @@
import collections import collections
from datetime import datetime from datetime import datetime
import stix2.utils import misp_lib_stix2.utils
"""Supported filter operations""" """Supported filter operations"""
FILTER_OPS = ['=', '!=', 'in', '>', '<', '>=', '<=', 'contains'] FILTER_OPS = ['=', '!=', 'in', '>', '<', '>=', '<=', 'contains']
@ -82,7 +82,7 @@ class Filter(collections.namedtuple('Filter', ['property', 'op', 'value'])):
# try to convert the filter value to a datetime instance. # try to convert the filter value to a datetime instance.
if isinstance(stix_obj_property, datetime) and \ if isinstance(stix_obj_property, datetime) and \
isinstance(self.value, str): isinstance(self.value, str):
filter_value = stix2.utils.parse_into_datetime(self.value) filter_value = misp_lib_stix2.utils.parse_into_datetime(self.value)
else: else:
filter_value = self.value filter_value = self.value

10
stix2/datastore/memory.py → misp_lib_stix2/datastore/memory.py
View File

@ -5,11 +5,11 @@ import itertools
import json import json
import os import os
from stix2 import v20, v21 from misp_lib_stix2 import v20, v21
from stix2.base import _STIXBase from misp_lib_stix2.base import _STIXBase
from stix2.datastore import DataSink, DataSource, DataStoreMixin from misp_lib_stix2.datastore import DataSink, DataSource, DataStoreMixin
from stix2.datastore.filters import FilterSet, apply_common_filters from misp_lib_stix2.datastore.filters import FilterSet, apply_common_filters
from stix2.parsing import parse from misp_lib_stix2.parsing import parse
def _add(store, stix_data, allow_custom=True, version=None): def _add(store, stix_data, allow_custom=True, version=None):

12
stix2/datastore/taxii.py → misp_lib_stix2/datastore/taxii.py
View File

@ -2,14 +2,14 @@
from requests.exceptions import HTTPError from requests.exceptions import HTTPError
from stix2 import v20, v21 from misp_lib_stix2 import v20, v21
from stix2.base import _STIXBase from misp_lib_stix2.base import _STIXBase
from stix2.datastore import ( from misp_lib_stix2.datastore import (
DataSink, DataSource, DataSourceError, DataStoreMixin, DataSink, DataSource, DataSourceError, DataStoreMixin,
) )
from stix2.datastore.filters import Filter, FilterSet, apply_common_filters from misp_lib_stix2.datastore.filters import Filter, FilterSet, apply_common_filters
from stix2.parsing import parse from misp_lib_stix2.parsing import parse
from stix2.utils import deduplicate from misp_lib_stix2.utils import deduplicate
try: try:
from taxii2client import v20 as tcv20 from taxii2client import v20 as tcv20

0
stix2/environment.py → misp_lib_stix2/environment.py
View File

0
stix2/equivalence/__init__.py → misp_lib_stix2/equivalence/__init__.py
View File

0
stix2/equivalence/graph/__init__.py → misp_lib_stix2/equivalence/graph/__init__.py
View File

0
stix2/equivalence/object/__init__.py → misp_lib_stix2/equivalence/object/__init__.py
View File

0
stix2/equivalence/pattern/__init__.py → misp_lib_stix2/equivalence/pattern/__init__.py
View File

0
stix2/equivalence/pattern/compare/__init__.py → misp_lib_stix2/equivalence/pattern/compare/__init__.py
View File

4
stix2/equivalence/pattern/compare/comparison.py → misp_lib_stix2/equivalence/pattern/compare/comparison.py
View File

@ -4,8 +4,8 @@ Comparison utilities for STIX pattern comparison expressions.
import base64 import base64
import functools import functools
from stix2.equivalence.pattern.compare import generic_cmp, iter_lex_cmp from misp_lib_stix2.equivalence.pattern.compare import generic_cmp, iter_lex_cmp
from stix2.patterns import ( from misp_lib_stix2.patterns import (
AndBooleanExpression, BinaryConstant, BooleanConstant, FloatConstant, AndBooleanExpression, BinaryConstant, BooleanConstant, FloatConstant,
HexConstant, IntegerConstant, ListConstant, ListObjectPathComponent, HexConstant, IntegerConstant, ListConstant, ListObjectPathComponent,
OrBooleanExpression, StringConstant, TimestampConstant, OrBooleanExpression, StringConstant, TimestampConstant,

6
stix2/equivalence/pattern/compare/observation.py → misp_lib_stix2/equivalence/pattern/compare/observation.py
View File

@ -1,11 +1,11 @@
""" """
Comparison utilities for STIX pattern observation expressions. Comparison utilities for STIX pattern observation expressions.
""" """
from stix2.equivalence.pattern.compare import generic_cmp, iter_lex_cmp from misp_lib_stix2.equivalence.pattern.compare import generic_cmp, iter_lex_cmp
from stix2.equivalence.pattern.compare.comparison import ( from misp_lib_stix2.equivalence.pattern.compare.comparison import (
comparison_expression_cmp, generic_constant_cmp, comparison_expression_cmp, generic_constant_cmp,
) )
from stix2.patterns import ( from misp_lib_stix2.patterns import (
AndObservationExpression, FollowedByObservationExpression, AndObservationExpression, FollowedByObservationExpression,
ObservationExpression, OrObservationExpression, ObservationExpression, OrObservationExpression,
QualifiedObservationExpression, RepeatQualifier, StartStopQualifier, QualifiedObservationExpression, RepeatQualifier, StartStopQualifier,

0
stix2/equivalence/pattern/transform/__init__.py → misp_lib_stix2/equivalence/pattern/transform/__init__.py
View File

10
stix2/equivalence/pattern/transform/comparison.py → misp_lib_stix2/equivalence/pattern/transform/comparison.py
View File

@ -4,15 +4,15 @@ Transformation utilities for STIX pattern comparison expressions.
import functools import functools
import itertools import itertools
from stix2.equivalence.pattern.compare import iter_in, iter_lex_cmp from misp_lib_stix2.equivalence.pattern.compare import iter_in, iter_lex_cmp
from stix2.equivalence.pattern.compare.comparison import ( from misp_lib_stix2.equivalence.pattern.compare.comparison import (
comparison_expression_cmp, comparison_expression_cmp,
) )
from stix2.equivalence.pattern.transform import Transformer from misp_lib_stix2.equivalence.pattern.transform import Transformer
from stix2.equivalence.pattern.transform.specials import ( from misp_lib_stix2.equivalence.pattern.transform.specials import (
ipv4_addr, ipv6_addr, windows_reg_key, ipv4_addr, ipv6_addr, windows_reg_key,
) )
from stix2.patterns import ( from misp_lib_stix2.patterns import (
AndBooleanExpression, ObjectPath, OrBooleanExpression, AndBooleanExpression, ObjectPath, OrBooleanExpression,
ParentheticalExpression, _BooleanExpression, _ComparisonExpression, ParentheticalExpression, _BooleanExpression, _ComparisonExpression,
) )

18
stix2/equivalence/pattern/transform/observation.py → misp_lib_stix2/equivalence/pattern/transform/observation.py
View File

@ -4,25 +4,25 @@ Transformation utilities for STIX pattern observation expressions.
import functools import functools
import itertools import itertools
from stix2.equivalence.pattern.compare import iter_in, iter_lex_cmp from misp_lib_stix2.equivalence.pattern.compare import iter_in, iter_lex_cmp
from stix2.equivalence.pattern.compare.observation import ( from misp_lib_stix2.equivalence.pattern.compare.observation import (
observation_expression_cmp, observation_expression_cmp,
) )
from stix2.equivalence.pattern.transform import ( from misp_lib_stix2.equivalence.pattern.transform import (
ChainTransformer, SettleTransformer, Transformer, ChainTransformer, SettleTransformer, Transformer,
) )
from stix2.equivalence.pattern.transform.comparison import ( from misp_lib_stix2.equivalence.pattern.transform.comparison import (
SpecialValueCanonicalization, SpecialValueCanonicalization,
) )
from stix2.equivalence.pattern.transform.comparison import \ from misp_lib_stix2.equivalence.pattern.transform.comparison import \
AbsorptionTransformer as CAbsorptionTransformer AbsorptionTransformer as CAbsorptionTransformer
from stix2.equivalence.pattern.transform.comparison import \ from misp_lib_stix2.equivalence.pattern.transform.comparison import \
DNFTransformer as CDNFTransformer DNFTransformer as CDNFTransformer
from stix2.equivalence.pattern.transform.comparison import \ from misp_lib_stix2.equivalence.pattern.transform.comparison import \
FlattenTransformer as CFlattenTransformer FlattenTransformer as CFlattenTransformer
from stix2.equivalence.pattern.transform.comparison import \ from misp_lib_stix2.equivalence.pattern.transform.comparison import \
OrderDedupeTransformer as COrderDedupeTransformer OrderDedupeTransformer as COrderDedupeTransformer
from stix2.patterns import ( from misp_lib_stix2.patterns import (
AndObservationExpression, FollowedByObservationExpression, AndObservationExpression, FollowedByObservationExpression,
ObservationExpression, OrObservationExpression, ParentheticalExpression, ObservationExpression, OrObservationExpression, ParentheticalExpression,
QualifiedObservationExpression, _CompoundObservationExpression, QualifiedObservationExpression, _CompoundObservationExpression,

2
stix2/equivalence/pattern/transform/specials.py → misp_lib_stix2/equivalence/pattern/transform/specials.py
View File

@ -3,7 +3,7 @@ Some simple comparison expression normalization functions.
""" """
import socket import socket
from stix2.equivalence.pattern.compare.comparison import ( from misp_lib_stix2.equivalence.pattern.compare.comparison import (
object_path_to_raw_values, object_path_to_raw_values,
) )

0
stix2/exceptions.py → misp_lib_stix2/exceptions.py
View File

0
stix2/hashes.py → misp_lib_stix2/hashes.py
View File

2
stix2/markings/__init__.py → misp_lib_stix2/markings/__init__.py
View File

@ -19,7 +19,7 @@ Note:
| |
""" """
from stix2.markings import granular_markings, object_markings from misp_lib_stix2.markings import granular_markings, object_markings
def get_markings(obj, selectors=None, inherited=False, descendants=False, marking_ref=True, lang=True): def get_markings(obj, selectors=None, inherited=False, descendants=False, marking_ref=True, lang=True):

8
stix2/markings/granular_markings.py → misp_lib_stix2/markings/granular_markings.py
View File

@ -1,9 +1,9 @@
"""Functions for working with STIX2 granular markings.""" """Functions for working with STIX2 granular markings."""
from stix2 import exceptions from misp_lib_stix2 import exceptions
from stix2.markings import utils from misp_lib_stix2.markings import utils
from stix2.utils import is_marking from misp_lib_stix2.utils import is_marking
from stix2.versioning import new_version from misp_lib_stix2.versioning import new_version
def get_markings(obj, selectors, inherited=False, descendants=False, marking_ref=True, lang=True): def get_markings(obj, selectors, inherited=False, descendants=False, marking_ref=True, lang=True):

6
stix2/markings/object_markings.py → misp_lib_stix2/markings/object_markings.py
View File

@ -1,8 +1,8 @@
"""Functions for working with STIX2 object markings.""" """Functions for working with STIX2 object markings."""
from stix2 import exceptions from misp_lib_stix2 import exceptions
from stix2.markings import utils from misp_lib_stix2.markings import utils
from stix2.versioning import new_version from misp_lib_stix2.versioning import new_version
def get_markings(obj): def get_markings(obj):

2
stix2/markings/utils.py → misp_lib_stix2/markings/utils.py
View File

@ -2,7 +2,7 @@
import collections import collections
from stix2 import exceptions, utils from misp_lib_stix2 import exceptions, utils
def _evaluate_expression(obj, selector): def _evaluate_expression(obj, selector):

0
stix2/parsing.py → misp_lib_stix2/parsing.py
View File

0
stix2/pattern_visitor.py → misp_lib_stix2/pattern_visitor.py
View File

0
stix2/patterns.py → misp_lib_stix2/patterns.py
View File

10
stix2/properties.py → misp_lib_stix2/properties.py
View File

@ -8,8 +8,8 @@ import inspect
import re import re
import uuid import uuid
import stix2 import misp_lib_stix2
import stix2.hashes import misp_lib_stix2.hashes
from .base import _STIXBase from .base import _STIXBase
from .exceptions import CustomContentError, DictionaryKeyError, STIXError from .exceptions import CustomContentError, DictionaryKeyError, STIXError
@ -436,7 +436,7 @@ class HashesProperty(DictionaryProperty):
# names which are recognized as hash algorithms by this library. # names which are recognized as hash algorithms by this library.
self.__alg_to_spec_name = {} self.__alg_to_spec_name = {}
for spec_hash_name in spec_hash_names: for spec_hash_name in spec_hash_names:
alg = stix2.hashes.infer_hash_algorithm(spec_hash_name) alg = misp_lib_stix2.hashes.infer_hash_algorithm(spec_hash_name)
if alg: if alg:
self.__alg_to_spec_name[alg] = spec_hash_name self.__alg_to_spec_name[alg] = spec_hash_name
@ -449,11 +449,11 @@ class HashesProperty(DictionaryProperty):
has_custom = False has_custom = False
for hash_k, hash_v in clean_dict.items(): for hash_k, hash_v in clean_dict.items():
hash_alg = stix2.hashes.infer_hash_algorithm(hash_k) hash_alg = misp_lib_stix2.hashes.infer_hash_algorithm(hash_k)
if hash_alg: if hash_alg:
# Library-supported hash algorithm: sanity check the value. # Library-supported hash algorithm: sanity check the value.
if not stix2.hashes.check_hash(hash_alg, hash_v): if not misp_lib_stix2.hashes.check_hash(hash_alg, hash_v):
raise ValueError( raise ValueError(
"'{0}' is not a valid {1} hash".format( "'{0}' is not a valid {1} hash".format(
hash_v, hash_alg.name, hash_v, hash_alg.name,

0
stix2/registration.py → misp_lib_stix2/registration.py
View File

0
stix2/registry.py → misp_lib_stix2/registry.py
View File

8
stix2/serialization.py → misp_lib_stix2/serialization.py
View File

@ -5,7 +5,7 @@ import io
import simplejson as json import simplejson as json
import stix2.base import misp_lib_stix2.base
from .utils import format_datetime from .utils import format_datetime
@ -22,7 +22,7 @@ class STIXJSONEncoder(json.JSONEncoder):
def default(self, obj): def default(self, obj):
if isinstance(obj, (dt.date, dt.datetime)): if isinstance(obj, (dt.date, dt.datetime)):
return format_datetime(obj) return format_datetime(obj)
elif isinstance(obj, stix2.base._STIXBase): elif isinstance(obj, misp_lib_stix2.base._STIXBase):
tmp_obj = dict(obj) tmp_obj = dict(obj)
for prop_name in obj._defaulted_optional_properties: for prop_name in obj._defaulted_optional_properties:
del tmp_obj[prop_name] del tmp_obj[prop_name]
@ -42,7 +42,7 @@ class STIXJSONIncludeOptionalDefaultsEncoder(json.JSONEncoder):
def default(self, obj): def default(self, obj):
if isinstance(obj, (dt.date, dt.datetime)): if isinstance(obj, (dt.date, dt.datetime)):
return format_datetime(obj) return format_datetime(obj)
elif isinstance(obj, stix2.base._STIXBase): elif isinstance(obj, misp_lib_stix2.base._STIXBase):
return dict(obj) return dict(obj)
else: else:
return super(STIXJSONIncludeOptionalDefaultsEncoder, self).default(obj) return super(STIXJSONIncludeOptionalDefaultsEncoder, self).default(obj)
@ -174,7 +174,7 @@ def find_property_index(obj, search_key, search_value):
if search_key.isdigit(): if search_key.isdigit():
return int(search_key) return int(search_key)
if isinstance(obj, stix2.base._STIXBase): if isinstance(obj, misp_lib_stix2.base._STIXBase):
if search_key in obj and obj[search_key] == search_value: if search_key in obj and obj[search_key] == search_value:
idx = _find(list(obj), search_key) idx = _find(list(obj), search_key)
else: else:

0
stix2/test/__init__.py → misp_lib_stix2/test/__init__.py
View File

2
stix2/test/test_hashes.py → misp_lib_stix2/test/test_hashes.py
View File

@ -1,6 +1,6 @@
import pytest import pytest
from stix2.hashes import Hash, check_hash, infer_hash_algorithm from misp_lib_stix2.hashes import Hash, check_hash, infer_hash_algorithm
@pytest.mark.parametrize( @pytest.mark.parametrize(

2
stix2/test/test_pattern_equivalence.py → misp_lib_stix2/test/test_pattern_equivalence.py
View File

@ -1,6 +1,6 @@
import pytest import pytest
from stix2.equivalence.pattern import ( from misp_lib_stix2.equivalence.pattern import (
equivalent_patterns, find_equivalent_patterns, equivalent_patterns, find_equivalent_patterns,
) )

6
stix2/test/test_properties.py → misp_lib_stix2/test/test_properties.py
View File

@ -3,11 +3,11 @@ import datetime as dt
import pytest import pytest
import pytz import pytz
from stix2.base import _STIXBase from misp_lib_stix2.base import _STIXBase
from stix2.exceptions import ( from misp_lib_stix2.exceptions import (
CustomContentError, ExtraPropertiesError, STIXError, CustomContentError, ExtraPropertiesError, STIXError,
) )
from stix2.properties import ( from misp_lib_stix2.properties import (
BinaryProperty, BooleanProperty, EmbeddedObjectProperty, EnumProperty, BinaryProperty, BooleanProperty, EmbeddedObjectProperty, EnumProperty,
FloatProperty, HashesProperty, HexProperty, IntegerProperty, ListProperty, FloatProperty, HashesProperty, HexProperty, IntegerProperty, ListProperty,
OpenVocabProperty, Property, StringProperty, TimestampProperty, OpenVocabProperty, Property, StringProperty, TimestampProperty,

2
stix2/test/test_spec_version_detect.py → misp_lib_stix2/test/test_spec_version_detect.py
View File

@ -2,7 +2,7 @@ from __future__ import unicode_literals
import pytest import pytest
from stix2.utils import detect_spec_version from misp_lib_stix2.utils import detect_spec_version
@pytest.mark.parametrize( @pytest.mark.parametrize(

98
stix2/test/test_utils_type_checks.py → misp_lib_stix2/test/test_utils_type_checks.py
View File

@ -1,6 +1,6 @@
import pytest import pytest
import stix2.utils import misp_lib_stix2.utils
### ###
# Tests using types/behaviors common to STIX 2.0 and 2.1. # Tests using types/behaviors common to STIX 2.0 and 2.1.
@ -25,13 +25,13 @@ import stix2.utils
], ],
) )
def test_is_sdo(type_, stix_version): def test_is_sdo(type_, stix_version):
assert stix2.utils.is_sdo(type_, stix_version) assert misp_lib_stix2.utils.is_sdo(type_, stix_version)
id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert stix2.utils.is_sdo(id_, stix_version) assert misp_lib_stix2.utils.is_sdo(id_, stix_version)
assert stix2.utils.is_stix_type( assert misp_lib_stix2.utils.is_stix_type(
type_, stix_version, stix2.utils.STIXTypeClass.SDO, type_, stix_version, misp_lib_stix2.utils.STIXTypeClass.SDO,
) )
@ -48,18 +48,18 @@ def test_is_sdo(type_, stix_version):
], ],
) )
def test_is_not_sdo(type_, stix_version): def test_is_not_sdo(type_, stix_version):
assert not stix2.utils.is_sdo(type_, stix_version) assert not misp_lib_stix2.utils.is_sdo(type_, stix_version)
id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert not stix2.utils.is_sdo(id_, stix_version) assert not misp_lib_stix2.utils.is_sdo(id_, stix_version)
d = { d = {
"type": type_, "type": type_,
} }
assert not stix2.utils.is_sdo(d, stix_version) assert not misp_lib_stix2.utils.is_sdo(d, stix_version)
assert not stix2.utils.is_stix_type( assert not misp_lib_stix2.utils.is_stix_type(
type_, stix_version, stix2.utils.STIXTypeClass.SDO, type_, stix_version, misp_lib_stix2.utils.STIXTypeClass.SDO,
) )
@ -87,13 +87,13 @@ def test_is_not_sdo(type_, stix_version):
], ],
) )
def test_is_sco(type_, stix_version): def test_is_sco(type_, stix_version):
assert stix2.utils.is_sco(type_, stix_version) assert misp_lib_stix2.utils.is_sco(type_, stix_version)
id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert stix2.utils.is_sco(id_, stix_version) assert misp_lib_stix2.utils.is_sco(id_, stix_version)
assert stix2.utils.is_stix_type( assert misp_lib_stix2.utils.is_stix_type(
type_, stix_version, stix2.utils.STIXTypeClass.SCO, type_, stix_version, misp_lib_stix2.utils.STIXTypeClass.SCO,
) )
@ -109,18 +109,18 @@ def test_is_sco(type_, stix_version):
], ],
) )
def test_is_not_sco(type_, stix_version): def test_is_not_sco(type_, stix_version):
assert not stix2.utils.is_sco(type_, stix_version) assert not misp_lib_stix2.utils.is_sco(type_, stix_version)
id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert not stix2.utils.is_sco(id_, stix_version) assert not misp_lib_stix2.utils.is_sco(id_, stix_version)
d = { d = {
"type": type_, "type": type_,
} }
assert not stix2.utils.is_sco(d, stix_version) assert not misp_lib_stix2.utils.is_sco(d, stix_version)
assert not stix2.utils.is_stix_type( assert not misp_lib_stix2.utils.is_stix_type(
type_, stix_version, stix2.utils.STIXTypeClass.SCO, type_, stix_version, misp_lib_stix2.utils.STIXTypeClass.SCO,
) )
@ -132,13 +132,13 @@ def test_is_not_sco(type_, stix_version):
], ],
) )
def test_is_sro(type_, stix_version): def test_is_sro(type_, stix_version):
assert stix2.utils.is_sro(type_, stix_version) assert misp_lib_stix2.utils.is_sro(type_, stix_version)
id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert stix2.utils.is_sro(id_, stix_version) assert misp_lib_stix2.utils.is_sro(id_, stix_version)
assert stix2.utils.is_stix_type( assert misp_lib_stix2.utils.is_stix_type(
type_, stix_version, stix2.utils.STIXTypeClass.SRO, type_, stix_version, misp_lib_stix2.utils.STIXTypeClass.SRO,
) )
@ -154,29 +154,29 @@ def test_is_sro(type_, stix_version):
], ],
) )
def test_is_not_sro(type_, stix_version): def test_is_not_sro(type_, stix_version):
assert not stix2.utils.is_sro(type_, stix_version) assert not misp_lib_stix2.utils.is_sro(type_, stix_version)
id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert not stix2.utils.is_sro(id_, stix_version) assert not misp_lib_stix2.utils.is_sro(id_, stix_version)
d = { d = {
"type": type_, "type": type_,
} }
assert not stix2.utils.is_sro(d, stix_version) assert not misp_lib_stix2.utils.is_sro(d, stix_version)
assert not stix2.utils.is_stix_type( assert not misp_lib_stix2.utils.is_stix_type(
type_, stix_version, stix2.utils.STIXTypeClass.SRO, type_, stix_version, misp_lib_stix2.utils.STIXTypeClass.SRO,
) )
@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) @pytest.mark.parametrize("stix_version", ["2.0", "2.1"])
def test_is_marking(stix_version): def test_is_marking(stix_version):
assert stix2.utils.is_marking("marking-definition", stix_version) assert misp_lib_stix2.utils.is_marking("marking-definition", stix_version)
id_ = "marking-definition--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = "marking-definition--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert stix2.utils.is_marking(id_, stix_version) assert misp_lib_stix2.utils.is_marking(id_, stix_version)
assert stix2.utils.is_stix_type( assert misp_lib_stix2.utils.is_stix_type(
"marking-definition", stix_version, "marking-definition", "marking-definition", stix_version, "marking-definition",
) )
@ -192,17 +192,17 @@ def test_is_marking(stix_version):
], ],
) )
def test_is_not_marking(type_, stix_version): def test_is_not_marking(type_, stix_version):
assert not stix2.utils.is_marking(type_, stix_version) assert not misp_lib_stix2.utils.is_marking(type_, stix_version)
id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert not stix2.utils.is_marking(id_, stix_version) assert not misp_lib_stix2.utils.is_marking(id_, stix_version)
d = { d = {
"type": type_, "type": type_,
} }
assert not stix2.utils.is_marking(d, stix_version) assert not misp_lib_stix2.utils.is_marking(d, stix_version)
assert not stix2.utils.is_stix_type( assert not misp_lib_stix2.utils.is_stix_type(
type_, stix_version, "marking-definition", type_, stix_version, "marking-definition",
) )
@ -219,44 +219,44 @@ def test_is_not_marking(type_, stix_version):
], ],
) )
def test_is_object(type_, stix_version): def test_is_object(type_, stix_version):
assert stix2.utils.is_object(type_, stix_version) assert misp_lib_stix2.utils.is_object(type_, stix_version)
id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = type_ + "--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert stix2.utils.is_object(id_, stix_version) assert misp_lib_stix2.utils.is_object(id_, stix_version)
@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) @pytest.mark.parametrize("stix_version", ["2.0", "2.1"])
def test_is_not_object(stix_version): def test_is_not_object(stix_version):
assert not stix2.utils.is_object("foo", stix_version) assert not misp_lib_stix2.utils.is_object("foo", stix_version)
id_ = "foo--a12fa04c-6586-4128-8d1a-cfe0d1c081f5" id_ = "foo--a12fa04c-6586-4128-8d1a-cfe0d1c081f5"
assert not stix2.utils.is_object(id_, stix_version) assert not misp_lib_stix2.utils.is_object(id_, stix_version)
d = { d = {
"type": "foo", "type": "foo",
} }
assert not stix2.utils.is_object(d, stix_version) assert not misp_lib_stix2.utils.is_object(d, stix_version)
@pytest.mark.parametrize("stix_version", ["2.0", "2.1"]) @pytest.mark.parametrize("stix_version", ["2.0", "2.1"])
def test_is_stix_type(stix_version): def test_is_stix_type(stix_version):
assert not stix2.utils.is_stix_type( assert not misp_lib_stix2.utils.is_stix_type(
"foo", stix_version, stix2.utils.STIXTypeClass.SDO, "foo", "foo", stix_version, misp_lib_stix2.utils.STIXTypeClass.SDO, "foo",
) )
assert stix2.utils.is_stix_type( assert misp_lib_stix2.utils.is_stix_type(
"bundle", stix_version, "foo", "bundle", "bundle", stix_version, "foo", "bundle",
) )
assert stix2.utils.is_stix_type( assert misp_lib_stix2.utils.is_stix_type(
"identity", stix_version, "identity", stix_version,
stix2.utils.STIXTypeClass.SDO, misp_lib_stix2.utils.STIXTypeClass.SDO,
stix2.utils.STIXTypeClass.SRO, misp_lib_stix2.utils.STIXTypeClass.SRO,
) )
assert stix2.utils.is_stix_type( assert misp_lib_stix2.utils.is_stix_type(
"software", stix_version, "software", stix_version,
stix2.utils.STIXTypeClass.SDO, misp_lib_stix2.utils.STIXTypeClass.SDO,
stix2.utils.STIXTypeClass.SCO, misp_lib_stix2.utils.STIXTypeClass.SCO,
) )

8
stix2/test/test_workbench.py → misp_lib_stix2/test/test_workbench.py
View File

@ -1,8 +1,8 @@
import importlib import importlib
import os import os
import stix2 import misp_lib_stix2
from stix2.workbench import ( from misp_lib_stix2.workbench import (
_STIX_VID, AttackPattern, Bundle, Campaign, CourseOfAction, _STIX_VID, AttackPattern, Bundle, Campaign, CourseOfAction,
ExternalReference, File, FileSystemSource, Filter, Grouping, Identity, ExternalReference, File, FileSystemSource, Filter, Grouping, Identity,
Indicator, Infrastructure, IntrusionSet, Location, Malware, Indicator, Infrastructure, IntrusionSet, Location, Malware,
@ -325,8 +325,8 @@ def test_default_created_timestamp():
campaign = Campaign(**constants.CAMPAIGN_KWARGS) campaign = Campaign(**constants.CAMPAIGN_KWARGS)
assert 'created' not in constants.CAMPAIGN_KWARGS assert 'created' not in constants.CAMPAIGN_KWARGS
assert stix2.utils.format_datetime(campaign.created) == timestamp assert misp_lib_stix2.utils.format_datetime(campaign.created) == timestamp
assert stix2.utils.format_datetime(campaign.modified) == timestamp assert misp_lib_stix2.utils.format_datetime(campaign.modified) == timestamp
# turn off side-effects to avoid affecting future tests # turn off side-effects to avoid affecting future tests
set_default_created(None) set_default_created(None)

0
stix2/test/v20/__init__.py → misp_lib_stix2/test/v20/__init__.py
View File

14
stix2/test/v20/conftest.py → misp_lib_stix2/test/v20/conftest.py
View File

@ -2,7 +2,7 @@ import uuid
import pytest import pytest
import stix2 import misp_lib_stix2
from .constants import ( from .constants import (
FAKE_TIME, INDICATOR_KWARGS, MALWARE_KWARGS, RELATIONSHIP_KWARGS, FAKE_TIME, INDICATOR_KWARGS, MALWARE_KWARGS, RELATIONSHIP_KWARGS,
@ -13,12 +13,12 @@ from .constants import (
@pytest.fixture @pytest.fixture
def clock(monkeypatch): def clock(monkeypatch):
class mydatetime(stix2.utils.STIXdatetime): class mydatetime(misp_lib_stix2.utils.STIXdatetime):
@classmethod @classmethod
def now(cls, tz=None): def now(cls, tz=None):
return FAKE_TIME return FAKE_TIME
monkeypatch.setattr(stix2.utils, 'STIXdatetime', mydatetime) monkeypatch.setattr(misp_lib_stix2.utils, 'STIXdatetime', mydatetime)
@pytest.fixture @pytest.fixture
@ -36,17 +36,17 @@ def uuid4(monkeypatch):
@pytest.fixture @pytest.fixture
def indicator(uuid4, clock): def indicator(uuid4, clock):
return stix2.v20.Indicator(**INDICATOR_KWARGS) return misp_lib_stix2.v20.Indicator(**INDICATOR_KWARGS)
@pytest.fixture @pytest.fixture
def malware(uuid4, clock): def malware(uuid4, clock):
return stix2.v20.Malware(**MALWARE_KWARGS) return misp_lib_stix2.v20.Malware(**MALWARE_KWARGS)
@pytest.fixture @pytest.fixture
def relationship(uuid4, clock): def relationship(uuid4, clock):
return stix2.v20.Relationship(**RELATIONSHIP_KWARGS) return misp_lib_stix2.v20.Relationship(**RELATIONSHIP_KWARGS)
@pytest.fixture @pytest.fixture
@ -193,4 +193,4 @@ def stix_objs2():
@pytest.fixture @pytest.fixture
def real_stix_objs2(stix_objs2): def real_stix_objs2(stix_objs2):
return [stix2.parse(x, version="2.0") for x in stix_objs2] return [misp_lib_stix2.parse(x, version="2.0") for x in stix_objs2]

0
stix2/test/v20/constants.py → misp_lib_stix2/test/v20/constants.py
View File

2
stix2/test/v20/pattern_ast_overrides.py → misp_lib_stix2/test/v20/pattern_ast_overrides.py
View File

@ -1,7 +1,7 @@
""" """
AST node class overrides for testing the pattern AST builder. AST node class overrides for testing the pattern AST builder.
""" """
from stix2.patterns import ( from misp_lib_stix2.patterns import (
EqualityComparisonExpression, StartStopQualifier, StringConstant, EqualityComparisonExpression, StartStopQualifier, StringConstant,
) )

0
stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json → misp_lib_stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22/20170531213019735010.json
View File

0
stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json → misp_lib_stix2/test/v20/stix2_data/attack-pattern/attack-pattern--0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b/20170531213026496201.json
View File

0
stix2/test/v20/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json → misp_lib_stix2/test/v20/stix2_data/attack-pattern/attack-pattern--774a3188-6ba9-4dc4-879d-d54ee48a5ce9/20170531213029458940.json
View File

0
stix2/test/v20/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json → misp_lib_stix2/test/v20/stix2_data/attack-pattern/attack-pattern--7e150503-88e7-4861-866b-ff1ac82c4475/20170531213045139269.json
View File

0
stix2/test/v20/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json → misp_lib_stix2/test/v20/stix2_data/attack-pattern/attack-pattern--ae676644-d2d2-41b7-af7e-9bed1b55898c/20170531213041022897.json
View File

0
stix2/test/v20/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json → misp_lib_stix2/test/v20/stix2_data/attack-pattern/attack-pattern--b3d682b6-98f2-4fb0-aa3b-b4df007ca70a/20170531213032662702.json
View File

0
stix2/test/v20/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json → misp_lib_stix2/test/v20/stix2_data/course-of-action/course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f/20170531213026495974.json
View File

0
stix2/test/v20/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json → misp_lib_stix2/test/v20/stix2_data/course-of-action/course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd/20170531213041022744.json
View File

0
stix2/test/v20/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json → misp_lib_stix2/test/v20/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20170601000000000000.json
View File

0
stix2/test/v20/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json → misp_lib_stix2/test/v20/stix2_data/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5/20181101232448446000.json
View File

0
stix2/test/v20/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json → misp_lib_stix2/test/v20/stix2_data/intrusion-set/intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064/20170531213149412497.json
View File

0
stix2/test/v20/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json → misp_lib_stix2/test/v20/stix2_data/intrusion-set/intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a/20170531213153197755.json
View File

0
stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38.json → misp_lib_stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38.json
View File

0
stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json → misp_lib_stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json
View File

0
stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json → misp_lib_stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json
View File

0
stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json → misp_lib_stix2/test/v20/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json
View File

0
stix2/test/v20/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json → misp_lib_stix2/test/v20/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json
View File

0
stix2/test/v20/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json → misp_lib_stix2/test/v20/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json
View File

0
stix2/test/v20/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json → misp_lib_stix2/test/v20/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json
View File

0
stix2/test/v20/stix2_data/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json → misp_lib_stix2/test/v20/stix2_data/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
View File

0
stix2/test/v20/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json → misp_lib_stix2/test/v20/stix2_data/relationship/relationship--0d4a7788-7f3b-4df8-a498-31a38003c883/20170531213327182784.json
View File

0
stix2/test/v20/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json → misp_lib_stix2/test/v20/stix2_data/relationship/relationship--0e55ee98-0c6d-43d4-b424-b18a0036b227/20170531213327082801.json
View File

0
stix2/test/v20/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json → misp_lib_stix2/test/v20/stix2_data/relationship/relationship--1e91cd45-a725-4965-abe3-700694374432/20170531213327018782.json
View File

0
stix2/test/v20/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json → misp_lib_stix2/test/v20/stix2_data/relationship/relationship--3a3084f9-0302-4fd5-9b8a-e0db10f5345e/20170531213327100701.json
View File

0
stix2/test/v20/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json → misp_lib_stix2/test/v20/stix2_data/relationship/relationship--3a3ed0b2-0c38-441f-ac40-53b873e545d1/20170531213327143973.json
View File

0
stix2/test/v20/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json → misp_lib_stix2/test/v20/stix2_data/relationship/relationship--592d0c31-e61f-495e-a60e-70d7be59a719/20170531213327021562.json
View File

0
stix2/test/v20/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json → misp_lib_stix2/test/v20/stix2_data/relationship/relationship--70dc6b5c-c524-429e-a6ab-0dd40f0482c1/20170531213327044387.json
View File

0
stix2/test/v20/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json → misp_lib_stix2/test/v20/stix2_data/relationship/relationship--8797579b-e3be-4209-a71b-255a4d08243d/20170531213327051532.json
View File

0
stix2/test/v20/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json → misp_lib_stix2/test/v20/stix2_data/tool/tool--03342581-f790-4f03-ba41-e82e67392e23/20170531213231601148.json
View File

0
stix2/test/v20/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json → misp_lib_stix2/test/v20/stix2_data/tool/tool--242f3da3-4425-4d11-8f5c-b842886da966/20170531213212684914.json
View File

18
stix2/test/v20/test_attack_pattern.py → misp_lib_stix2/test/v20/test_attack_pattern.py
View File

@ -3,8 +3,8 @@ import datetime as dt
import pytest import pytest
import pytz import pytz
import stix2 import misp_lib_stix2
import stix2.exceptions import misp_lib_stix2.exceptions
from .constants import ATTACK_PATTERN_ID from .constants import ATTACK_PATTERN_ID
@ -25,7 +25,7 @@ EXPECTED = """{
def test_attack_pattern_example(): def test_attack_pattern_example():
ap = stix2.v20.AttackPattern( ap = misp_lib_stix2.v20.AttackPattern(
id=ATTACK_PATTERN_ID, id=ATTACK_PATTERN_ID,
created="2016-05-12T08:17:27.000Z", created="2016-05-12T08:17:27.000Z",
modified="2016-05-12T08:17:27.000Z", modified="2016-05-12T08:17:27.000Z",
@ -60,7 +60,7 @@ def test_attack_pattern_example():
], ],
) )
def test_parse_attack_pattern(data): def test_parse_attack_pattern(data):
ap = stix2.parse(data, version="2.0") ap = misp_lib_stix2.parse(data, version="2.0")
assert ap.type == 'attack-pattern' assert ap.type == 'attack-pattern'
assert ap.id == ATTACK_PATTERN_ID assert ap.id == ATTACK_PATTERN_ID
@ -73,8 +73,8 @@ def test_parse_attack_pattern(data):
def test_attack_pattern_invalid_labels(): def test_attack_pattern_invalid_labels():
with pytest.raises(stix2.exceptions.InvalidValueError): with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError):
stix2.v20.AttackPattern( misp_lib_stix2.v20.AttackPattern(
id=ATTACK_PATTERN_ID, id=ATTACK_PATTERN_ID,
created="2016-05-12T08:17:27Z", created="2016-05-12T08:17:27Z",
modified="2016-05-12T08:17:27Z", modified="2016-05-12T08:17:27Z",
@ -84,8 +84,8 @@ def test_attack_pattern_invalid_labels():
def test_overly_precise_timestamps(): def test_overly_precise_timestamps():
with pytest.raises(stix2.exceptions.InvalidValueError): with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError):
stix2.v20.AttackPattern( misp_lib_stix2.v20.AttackPattern(
id=ATTACK_PATTERN_ID, id=ATTACK_PATTERN_ID,
created="2016-05-12T08:17:27.0000342Z", created="2016-05-12T08:17:27.0000342Z",
modified="2016-05-12T08:17:27.000287Z", modified="2016-05-12T08:17:27.000287Z",
@ -99,7 +99,7 @@ def test_overly_precise_timestamps():
def test_less_precise_timestamps(): def test_less_precise_timestamps():
ap = stix2.v20.AttackPattern( ap = misp_lib_stix2.v20.AttackPattern(
id=ATTACK_PATTERN_ID, id=ATTACK_PATTERN_ID,
created="2016-05-12T08:17:27.00Z", created="2016-05-12T08:17:27.00Z",
modified="2016-05-12T08:17:27.0Z", modified="2016-05-12T08:17:27.0Z",

2
stix2/test/v20/test_base.py → misp_lib_stix2/test/v20/test_base.py
View File

@ -4,7 +4,7 @@ import json
import pytest import pytest
import pytz import pytz
from stix2.base import STIXJSONEncoder from misp_lib_stix2.base import STIXJSONEncoder
def test_encode_json_datetime(): def test_encode_json_datetime():

66
stix2/test/v20/test_bundle.py → misp_lib_stix2/test/v20/test_bundle.py
View File

@ -3,7 +3,7 @@ import json
import pytest import pytest
import stix2 import misp_lib_stix2
from ...exceptions import InvalidValueError from ...exceptions import InvalidValueError
from .constants import IDENTITY_ID from .constants import IDENTITY_ID
@ -86,7 +86,7 @@ EXPECTED_BUNDLE_DICT = {
def test_empty_bundle(): def test_empty_bundle():
bundle = stix2.v20.Bundle() bundle = misp_lib_stix2.v20.Bundle()
assert bundle.type == "bundle" assert bundle.type == "bundle"
assert bundle.id.startswith("bundle--") assert bundle.id.startswith("bundle--")
@ -95,27 +95,27 @@ def test_empty_bundle():
def test_bundle_with_wrong_type(): def test_bundle_with_wrong_type():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Bundle(type="not-a-bundle") misp_lib_stix2.v20.Bundle(type="not-a-bundle")
assert excinfo.value.cls == stix2.v20.Bundle assert excinfo.value.cls == misp_lib_stix2.v20.Bundle
assert excinfo.value.prop_name == "type" assert excinfo.value.prop_name == "type"
assert excinfo.value.reason == "must equal 'bundle'." assert excinfo.value.reason == "must equal 'bundle'."
assert str(excinfo.value) == "Invalid value for Bundle 'type': must equal 'bundle'." assert str(excinfo.value) == "Invalid value for Bundle 'type': must equal 'bundle'."
def test_bundle_id_must_start_with_bundle(): def test_bundle_id_must_start_with_bundle():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Bundle(id='my-prefix--') misp_lib_stix2.v20.Bundle(id='my-prefix--')
assert excinfo.value.cls == stix2.v20.Bundle assert excinfo.value.cls == misp_lib_stix2.v20.Bundle
assert excinfo.value.prop_name == "id" assert excinfo.value.prop_name == "id"
assert excinfo.value.reason == "must start with 'bundle--'." assert excinfo.value.reason == "must start with 'bundle--'."
assert str(excinfo.value) == "Invalid value for Bundle 'id': must start with 'bundle--'." assert str(excinfo.value) == "Invalid value for Bundle 'id': must start with 'bundle--'."
def test_create_bundle_fp_serialize_pretty(indicator, malware, relationship): def test_create_bundle_fp_serialize_pretty(indicator, malware, relationship):
bundle = stix2.v20.Bundle(objects=[indicator, malware, relationship]) bundle = misp_lib_stix2.v20.Bundle(objects=[indicator, malware, relationship])
buffer = io.StringIO() buffer = io.StringIO()
bundle.fp_serialize(buffer, pretty=True) bundle.fp_serialize(buffer, pretty=True)
@ -125,7 +125,7 @@ def test_create_bundle_fp_serialize_pretty(indicator, malware, relationship):
def test_create_bundle_fp_serialize_nonpretty(indicator, malware, relationship): def test_create_bundle_fp_serialize_nonpretty(indicator, malware, relationship):
bundle = stix2.v20.Bundle(objects=[indicator, malware, relationship]) bundle = misp_lib_stix2.v20.Bundle(objects=[indicator, malware, relationship])
buffer = io.StringIO() buffer = io.StringIO()
bundle.fp_serialize(buffer, sort_keys=True) bundle.fp_serialize(buffer, sort_keys=True)
@ -135,69 +135,69 @@ def test_create_bundle_fp_serialize_nonpretty(indicator, malware, relationship):
def test_create_bundle1(indicator, malware, relationship): def test_create_bundle1(indicator, malware, relationship):
bundle = stix2.v20.Bundle(objects=[indicator, malware, relationship]) bundle = misp_lib_stix2.v20.Bundle(objects=[indicator, malware, relationship])
assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE
assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE
def test_create_bundle2(indicator, malware, relationship): def test_create_bundle2(indicator, malware, relationship):
bundle = stix2.v20.Bundle(objects=[indicator, malware, relationship]) bundle = misp_lib_stix2.v20.Bundle(objects=[indicator, malware, relationship])
assert json.loads(bundle.serialize()) == EXPECTED_BUNDLE_DICT assert json.loads(bundle.serialize()) == EXPECTED_BUNDLE_DICT
def test_create_bundle_with_positional_args(indicator, malware, relationship): def test_create_bundle_with_positional_args(indicator, malware, relationship):
bundle = stix2.v20.Bundle(indicator, malware, relationship) bundle = misp_lib_stix2.v20.Bundle(indicator, malware, relationship)
assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE
def test_create_bundle_with_positional_listarg(indicator, malware, relationship): def test_create_bundle_with_positional_listarg(indicator, malware, relationship):
bundle = stix2.v20.Bundle([indicator, malware, relationship]) bundle = misp_lib_stix2.v20.Bundle([indicator, malware, relationship])
assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE
def test_create_bundle_with_listarg_and_positional_arg(indicator, malware, relationship): def test_create_bundle_with_listarg_and_positional_arg(indicator, malware, relationship):
bundle = stix2.v20.Bundle([indicator, malware], relationship) bundle = misp_lib_stix2.v20.Bundle([indicator, malware], relationship)
assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE
def test_create_bundle_with_listarg_and_kwarg(indicator, malware, relationship): def test_create_bundle_with_listarg_and_kwarg(indicator, malware, relationship):
bundle = stix2.v20.Bundle([indicator, malware], objects=[relationship]) bundle = misp_lib_stix2.v20.Bundle([indicator, malware], objects=[relationship])
assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE
def test_create_bundle_with_arg_listarg_and_kwarg(indicator, malware, relationship): def test_create_bundle_with_arg_listarg_and_kwarg(indicator, malware, relationship):
bundle = stix2.v20.Bundle([indicator], malware, objects=[relationship]) bundle = misp_lib_stix2.v20.Bundle([indicator], malware, objects=[relationship])
assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE assert bundle.serialize(pretty=True) == EXPECTED_BUNDLE
def test_create_bundle_invalid(indicator, malware, relationship): def test_create_bundle_invalid(indicator, malware, relationship):
with pytest.raises(InvalidValueError) as excinfo: with pytest.raises(InvalidValueError) as excinfo:
stix2.v20.Bundle(objects=[1]) misp_lib_stix2.v20.Bundle(objects=[1])
assert excinfo.value.reason == "This property may only contain a dictionary or object" assert excinfo.value.reason == "This property may only contain a dictionary or object"
with pytest.raises(InvalidValueError) as excinfo: with pytest.raises(InvalidValueError) as excinfo:
stix2.v20.Bundle(objects=[{}]) misp_lib_stix2.v20.Bundle(objects=[{}])
assert excinfo.value.reason == "This property may only contain a non-empty dictionary or object" assert excinfo.value.reason == "This property may only contain a non-empty dictionary or object"
with pytest.raises(InvalidValueError) as excinfo: with pytest.raises(InvalidValueError) as excinfo:
stix2.v20.Bundle(objects=[{'type': 'bundle'}]) misp_lib_stix2.v20.Bundle(objects=[{'type': 'bundle'}])
assert excinfo.value.reason == 'This property may not contain a Bundle object' assert excinfo.value.reason == 'This property may not contain a Bundle object'
@pytest.mark.parametrize("version", ["2.0"]) @pytest.mark.parametrize("version", ["2.0"])
def test_parse_bundle(version): def test_parse_bundle(version):
bundle = stix2.parse(EXPECTED_BUNDLE, version=version) bundle = misp_lib_stix2.parse(EXPECTED_BUNDLE, version=version)
assert bundle.type == "bundle" assert bundle.type == "bundle"
assert bundle.id.startswith("bundle--") assert bundle.id.startswith("bundle--")
assert isinstance(bundle.objects[0], stix2.v20.Indicator) assert isinstance(bundle.objects[0], misp_lib_stix2.v20.Indicator)
assert bundle.objects[0].type == 'indicator' assert bundle.objects[0].type == 'indicator'
assert bundle.objects[1].type == 'malware' assert bundle.objects[1].type == 'malware'
assert bundle.objects[2].type == 'relationship' assert bundle.objects[2].type == 'relationship'
@ -214,15 +214,15 @@ def test_parse_unknown_type():
"name": "Green Group Attacks Against Finance", "name": "Green Group Attacks Against Finance",
} }
with pytest.raises(stix2.exceptions.ParseError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ParseError) as excinfo:
stix2.parse(unknown, version="2.0") misp_lib_stix2.parse(unknown, version="2.0")
assert str(excinfo.value) == "Can't parse unknown object type 'other'! For custom types, use the CustomObject decorator." assert str(excinfo.value) == "Can't parse unknown object type 'other'! For custom types, use the CustomObject decorator."
def test_stix_object_property(): def test_stix_object_property():
prop = stix2.properties.STIXObjectProperty(spec_version='2.0') prop = misp_lib_stix2.properties.STIXObjectProperty(spec_version='2.0')
identity = stix2.v20.Identity(name="test", identity_class="individual") identity = misp_lib_stix2.v20.Identity(name="test", identity_class="individual")
assert prop.clean(identity, False) == (identity, False) assert prop.clean(identity, False) == (identity, False)
@ -255,13 +255,13 @@ def test_bundle_with_different_spec_objects():
] ]
with pytest.raises(InvalidValueError) as excinfo: with pytest.raises(InvalidValueError) as excinfo:
stix2.v20.Bundle(objects=data) misp_lib_stix2.v20.Bundle(objects=data)
assert "Spec version 2.0 bundles don't yet support containing objects of a different spec version." in str(excinfo.value) assert "Spec version 2.0 bundles don't yet support containing objects of a different spec version." in str(excinfo.value)
def test_bundle_obj_id_found(): def test_bundle_obj_id_found():
bundle = stix2.parse(EXPECTED_BUNDLE) bundle = misp_lib_stix2.parse(EXPECTED_BUNDLE)
mal_list = bundle.get_obj("malware--00000000-0000-4000-8000-000000000003") mal_list = bundle.get_obj("malware--00000000-0000-4000-8000-000000000003")
assert bundle.objects[1] == mal_list[0] assert bundle.objects[1] == mal_list[0]
@ -318,7 +318,7 @@ def test_bundle_obj_id_found():
}], }],
) )
def test_bundle_objs_ids_found(bundle_data): def test_bundle_objs_ids_found(bundle_data):
bundle = stix2.parse(bundle_data) bundle = misp_lib_stix2.parse(bundle_data)
mal_list = bundle.get_obj("malware--00000000-0000-4000-8000-000000000003") mal_list = bundle.get_obj("malware--00000000-0000-4000-8000-000000000003")
assert bundle.objects[1] == mal_list[0] assert bundle.objects[1] == mal_list[0]
@ -327,14 +327,14 @@ def test_bundle_objs_ids_found(bundle_data):
def test_bundle_getitem_overload_property_found(): def test_bundle_getitem_overload_property_found():
bundle = stix2.parse(EXPECTED_BUNDLE) bundle = misp_lib_stix2.parse(EXPECTED_BUNDLE)
assert bundle.type == "bundle" assert bundle.type == "bundle"
assert bundle['type'] == "bundle" assert bundle['type'] == "bundle"
def test_bundle_getitem_overload_obj_id_found(): def test_bundle_getitem_overload_obj_id_found():
bundle = stix2.parse(EXPECTED_BUNDLE) bundle = misp_lib_stix2.parse(EXPECTED_BUNDLE)
mal_list = bundle["malware--00000000-0000-4000-8000-000000000003"] mal_list = bundle["malware--00000000-0000-4000-8000-000000000003"]
assert bundle.objects[1] == mal_list[0] assert bundle.objects[1] == mal_list[0]
@ -342,7 +342,7 @@ def test_bundle_getitem_overload_obj_id_found():
def test_bundle_obj_id_not_found(): def test_bundle_obj_id_not_found():
bundle = stix2.parse(EXPECTED_BUNDLE) bundle = misp_lib_stix2.parse(EXPECTED_BUNDLE)
with pytest.raises(KeyError) as excinfo: with pytest.raises(KeyError) as excinfo:
bundle.get_obj('non existent') bundle.get_obj('non existent')
@ -350,7 +350,7 @@ def test_bundle_obj_id_not_found():
def test_bundle_getitem_overload_obj_id_not_found(): def test_bundle_getitem_overload_obj_id_not_found():
bundle = stix2.parse(EXPECTED_BUNDLE) bundle = misp_lib_stix2.parse(EXPECTED_BUNDLE)
with pytest.raises(KeyError) as excinfo: with pytest.raises(KeyError) as excinfo:
bundle['non existent'] bundle['non existent']

6
stix2/test/v20/test_campaign.py → misp_lib_stix2/test/v20/test_campaign.py
View File

@ -3,7 +3,7 @@ import datetime as dt
import pytest import pytest
import pytz import pytz
import stix2 import misp_lib_stix2
from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS, IDENTITY_ID from .constants import CAMPAIGN_ID, CAMPAIGN_MORE_KWARGS, IDENTITY_ID
@ -19,7 +19,7 @@ EXPECTED = """{
def test_campaign_example(): def test_campaign_example():
campaign = stix2.v20.Campaign(**CAMPAIGN_MORE_KWARGS) campaign = misp_lib_stix2.v20.Campaign(**CAMPAIGN_MORE_KWARGS)
assert campaign.serialize(pretty=True) == EXPECTED assert campaign.serialize(pretty=True) == EXPECTED
@ -39,7 +39,7 @@ def test_campaign_example():
], ],
) )
def test_parse_campaign(data): def test_parse_campaign(data):
cmpn = stix2.parse(data, version="2.0") cmpn = misp_lib_stix2.parse(data, version="2.0")
assert cmpn.type == 'campaign' assert cmpn.type == 'campaign'
assert cmpn.id == CAMPAIGN_ID assert cmpn.id == CAMPAIGN_ID

6
stix2/test/v20/test_course_of_action.py → misp_lib_stix2/test/v20/test_course_of_action.py
View File

@ -3,7 +3,7 @@ import datetime as dt
import pytest import pytest
import pytz import pytz
import stix2 import misp_lib_stix2
from .constants import COURSE_OF_ACTION_ID, IDENTITY_ID from .constants import COURSE_OF_ACTION_ID, IDENTITY_ID
@ -19,7 +19,7 @@ EXPECTED = """{
def test_course_of_action_example(): def test_course_of_action_example():
coa = stix2.v20.CourseOfAction( coa = misp_lib_stix2.v20.CourseOfAction(
id=COURSE_OF_ACTION_ID, id=COURSE_OF_ACTION_ID,
created_by_ref=IDENTITY_ID, created_by_ref=IDENTITY_ID,
created="2016-04-06T20:03:48.000Z", created="2016-04-06T20:03:48.000Z",
@ -46,7 +46,7 @@ def test_course_of_action_example():
], ],
) )
def test_parse_course_of_action(data): def test_parse_course_of_action(data):
coa = stix2.parse(data, version="2.0") coa = misp_lib_stix2.parse(data, version="2.0")
assert coa.type == 'course-of-action' assert coa.type == 'course-of-action'
assert coa.id == COURSE_OF_ACTION_ID assert coa.id == COURSE_OF_ACTION_ID

354
stix2/test/v20/test_custom.py → misp_lib_stix2/test/v20/test_custom.py
View File

@ -1,15 +1,15 @@
import pytest import pytest
import stix2 import misp_lib_stix2
import stix2.parsing import misp_lib_stix2.parsing
import stix2.registration import misp_lib_stix2.registration
import stix2.registry import misp_lib_stix2.registry
import stix2.v20 import misp_lib_stix2.v20
from ...exceptions import DuplicateRegistrationError, InvalidValueError from ...exceptions import DuplicateRegistrationError, InvalidValueError
from .constants import FAKE_TIME, IDENTITY_ID, MARKING_DEFINITION_ID from .constants import FAKE_TIME, IDENTITY_ID, MARKING_DEFINITION_ID
IDENTITY_CUSTOM_PROP = stix2.v20.Identity( IDENTITY_CUSTOM_PROP = misp_lib_stix2.v20.Identity(
name="John Smith", name="John Smith",
identity_class="individual", identity_class="individual",
x_foo="bar", x_foo="bar",
@ -19,7 +19,7 @@ IDENTITY_CUSTOM_PROP = stix2.v20.Identity(
def test_identity_custom_property(): def test_identity_custom_property():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
stix2.v20.Identity( misp_lib_stix2.v20.Identity(
id=IDENTITY_ID, id=IDENTITY_ID,
created="2015-12-21T19:59:11Z", created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z",
@ -29,8 +29,8 @@ def test_identity_custom_property():
) )
assert str(excinfo.value) == "'custom_properties' must be a dictionary" assert str(excinfo.value) == "'custom_properties' must be a dictionary"
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ExtraPropertiesError) as excinfo:
stix2.v20.Identity( misp_lib_stix2.v20.Identity(
id=IDENTITY_ID, id=IDENTITY_ID,
created="2015-12-21T19:59:11Z", created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z",
@ -43,7 +43,7 @@ def test_identity_custom_property():
) )
assert "Unexpected properties for Identity" in str(excinfo.value) assert "Unexpected properties for Identity" in str(excinfo.value)
identity = stix2.v20.Identity( identity = misp_lib_stix2.v20.Identity(
id=IDENTITY_ID, id=IDENTITY_ID,
created="2015-12-21T19:59:11Z", created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z",
@ -57,8 +57,8 @@ def test_identity_custom_property():
def test_identity_custom_property_invalid(): def test_identity_custom_property_invalid():
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ExtraPropertiesError) as excinfo:
stix2.v20.Identity( misp_lib_stix2.v20.Identity(
id=IDENTITY_ID, id=IDENTITY_ID,
created="2015-12-21T19:59:11Z", created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z",
@ -66,13 +66,13 @@ def test_identity_custom_property_invalid():
identity_class="individual", identity_class="individual",
x_foo="bar", x_foo="bar",
) )
assert excinfo.value.cls == stix2.v20.Identity assert excinfo.value.cls == misp_lib_stix2.v20.Identity
assert excinfo.value.properties == ['x_foo'] assert excinfo.value.properties == ['x_foo']
assert "Unexpected properties for" in str(excinfo.value) assert "Unexpected properties for" in str(excinfo.value)
def test_identity_custom_property_allowed(): def test_identity_custom_property_allowed():
identity = stix2.v20.Identity( identity = misp_lib_stix2.v20.Identity(
id=IDENTITY_ID, id=IDENTITY_ID,
created="2015-12-21T19:59:11Z", created="2015-12-21T19:59:11Z",
modified="2015-12-21T19:59:11Z", modified="2015-12-21T19:59:11Z",
@ -98,32 +98,32 @@ def test_identity_custom_property_allowed():
], ],
) )
def test_parse_identity_custom_property(data): def test_parse_identity_custom_property(data):
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ExtraPropertiesError) as excinfo:
stix2.parse(data, version="2.0") misp_lib_stix2.parse(data, version="2.0")
assert issubclass(excinfo.value.cls, stix2.v20.Identity) assert issubclass(excinfo.value.cls, misp_lib_stix2.v20.Identity)
assert excinfo.value.properties == ['foo'] assert excinfo.value.properties == ['foo']
assert "Unexpected properties for" in str(excinfo.value) assert "Unexpected properties for" in str(excinfo.value)
identity = stix2.parse(data, version="2.0", allow_custom=True) identity = misp_lib_stix2.parse(data, version="2.0", allow_custom=True)
assert identity.foo == "bar" assert identity.foo == "bar"
def test_custom_property_object_in_bundled_object(): def test_custom_property_object_in_bundled_object():
bundle = stix2.v20.Bundle(IDENTITY_CUSTOM_PROP, allow_custom=True) bundle = misp_lib_stix2.v20.Bundle(IDENTITY_CUSTOM_PROP, allow_custom=True)
assert bundle.objects[0].x_foo == "bar" assert bundle.objects[0].x_foo == "bar"
assert '"x_foo": "bar"' in str(bundle) assert '"x_foo": "bar"' in str(bundle)
def test_custom_properties_object_in_bundled_object(): def test_custom_properties_object_in_bundled_object():
obj = stix2.v20.Identity( obj = misp_lib_stix2.v20.Identity(
name="John Smith", name="John Smith",
identity_class="individual", identity_class="individual",
custom_properties={ custom_properties={
"x_foo": "bar", "x_foo": "bar",
}, },
) )
bundle = stix2.v20.Bundle(obj, allow_custom=True) bundle = misp_lib_stix2.v20.Bundle(obj, allow_custom=True)
assert bundle.objects[0].x_foo == "bar" assert bundle.objects[0].x_foo == "bar"
assert '"x_foo": "bar"' in str(bundle) assert '"x_foo": "bar"' in str(bundle)
@ -139,9 +139,9 @@ def test_custom_property_dict_in_bundled_object():
'x_foo': 'bar', 'x_foo': 'bar',
} }
with pytest.raises(InvalidValueError): with pytest.raises(InvalidValueError):
stix2.v20.Bundle(custom_identity) misp_lib_stix2.v20.Bundle(custom_identity)
bundle = stix2.v20.Bundle(custom_identity, allow_custom=True) bundle = misp_lib_stix2.v20.Bundle(custom_identity, allow_custom=True)
assert bundle.objects[0].x_foo == "bar" assert bundle.objects[0].x_foo == "bar"
assert '"x_foo": "bar"' in str(bundle) assert '"x_foo": "bar"' in str(bundle)
@ -161,16 +161,16 @@ def test_custom_properties_dict_in_bundled_object():
# must not succeed: allow_custom was not set to True when creating # must not succeed: allow_custom was not set to True when creating
# the bundle, so it must reject the customized identity object. # the bundle, so it must reject the customized identity object.
with pytest.raises(InvalidValueError): with pytest.raises(InvalidValueError):
stix2.v20.Bundle(custom_identity) misp_lib_stix2.v20.Bundle(custom_identity)
def test_custom_property_in_observed_data(): def test_custom_property_in_observed_data():
artifact = stix2.v20.File( artifact = misp_lib_stix2.v20.File(
allow_custom=True, allow_custom=True,
name='test', name='test',
x_foo='bar', x_foo='bar',
) )
observed_data = stix2.v20.ObservedData( observed_data = misp_lib_stix2.v20.ObservedData(
allow_custom=True, allow_custom=True,
first_observed="2015-12-21T19:00:00Z", first_observed="2015-12-21T19:00:00Z",
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
@ -183,17 +183,17 @@ def test_custom_property_in_observed_data():
def test_custom_property_object_in_observable_extension(): def test_custom_property_object_in_observable_extension():
ntfs = stix2.v20.NTFSExt( ntfs = misp_lib_stix2.v20.NTFSExt(
allow_custom=True, allow_custom=True,
sid=1, sid=1,
x_foo='bar', x_foo='bar',
) )
artifact = stix2.v20.File( artifact = misp_lib_stix2.v20.File(
allow_custom=True, allow_custom=True,
name='test', name='test',
extensions={'ntfs-ext': ntfs}, extensions={'ntfs-ext': ntfs},
) )
observed_data = stix2.v20.ObservedData( observed_data = misp_lib_stix2.v20.ObservedData(
allow_custom=True, allow_custom=True,
first_observed="2015-12-21T19:00:00Z", first_observed="2015-12-21T19:00:00Z",
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
@ -207,7 +207,7 @@ def test_custom_property_object_in_observable_extension():
def test_custom_property_dict_in_observable_extension(): def test_custom_property_dict_in_observable_extension():
with pytest.raises(InvalidValueError): with pytest.raises(InvalidValueError):
stix2.v20.File( misp_lib_stix2.v20.File(
name='test', name='test',
extensions={ extensions={
'ntfs-ext': { 'ntfs-ext': {
@ -217,7 +217,7 @@ def test_custom_property_dict_in_observable_extension():
}, },
) )
artifact = stix2.v20.File( artifact = misp_lib_stix2.v20.File(
allow_custom=True, allow_custom=True,
name='test', name='test',
extensions={ extensions={
@ -227,7 +227,7 @@ def test_custom_property_dict_in_observable_extension():
}, },
}, },
) )
observed_data = stix2.v20.ObservedData( observed_data = misp_lib_stix2.v20.ObservedData(
allow_custom=True, allow_custom=True,
first_observed="2015-12-21T19:00:00Z", first_observed="2015-12-21T19:00:00Z",
last_observed="2015-12-21T19:00:00Z", last_observed="2015-12-21T19:00:00Z",
@ -245,15 +245,15 @@ def test_identity_custom_property_revoke():
def test_identity_custom_property_edit_markings(): def test_identity_custom_property_edit_markings():
marking_obj = stix2.v20.MarkingDefinition( marking_obj = misp_lib_stix2.v20.MarkingDefinition(
id=MARKING_DEFINITION_ID, id=MARKING_DEFINITION_ID,
definition_type="statement", definition_type="statement",
definition=stix2.v20.StatementMarking(statement="Copyright 2016, Example Corp"), definition=misp_lib_stix2.v20.StatementMarking(statement="Copyright 2016, Example Corp"),
) )
marking_obj2 = stix2.v20.MarkingDefinition( marking_obj2 = misp_lib_stix2.v20.MarkingDefinition(
id=MARKING_DEFINITION_ID, id=MARKING_DEFINITION_ID,
definition_type="statement", definition_type="statement",
definition=stix2.v20.StatementMarking(statement="Another one"), definition=misp_lib_stix2.v20.StatementMarking(statement="Another one"),
) )
# None of the following should throw exceptions # None of the following should throw exceptions
@ -266,9 +266,9 @@ def test_identity_custom_property_edit_markings():
def test_custom_marking_no_init_1(): def test_custom_marking_no_init_1():
@stix2.v20.CustomMarking( @misp_lib_stix2.v20.CustomMarking(
'x-new-obj', [ 'x-new-obj', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj(): class NewObj():
@ -279,9 +279,9 @@ def test_custom_marking_no_init_1():
def test_custom_marking_no_init_2(): def test_custom_marking_no_init_2():
@stix2.v20.CustomMarking( @misp_lib_stix2.v20.CustomMarking(
'x-new-obj2', [ 'x-new-obj2', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj2(object): class NewObj2(object):
@ -293,9 +293,9 @@ def test_custom_marking_no_init_2():
def test_register_duplicate_marking(): def test_register_duplicate_marking():
with pytest.raises(DuplicateRegistrationError) as excinfo: with pytest.raises(DuplicateRegistrationError) as excinfo:
@stix2.v20.CustomMarking( @misp_lib_stix2.v20.CustomMarking(
'x-new-obj2', [ 'x-new-obj2', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj2(): class NewObj2():
@ -303,10 +303,10 @@ def test_register_duplicate_marking():
assert "cannot be registered again" in str(excinfo.value) assert "cannot be registered again" in str(excinfo.value)
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-type', [ 'x-new-type', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
('property2', stix2.properties.IntegerProperty()), ('property2', misp_lib_stix2.properties.IntegerProperty()),
], ],
) )
class NewType(object): class NewType(object):
@ -328,7 +328,7 @@ def test_custom_object_type():
nt = NewType(property1='something') nt = NewType(property1='something')
assert nt.property1 == 'something' assert nt.property1 == 'something'
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.MissingPropertiesError) as excinfo:
NewType(property2=42) NewType(property2=42)
assert "No values for required properties" in str(excinfo.value) assert "No values for required properties" in str(excinfo.value)
@ -338,9 +338,9 @@ def test_custom_object_type():
def test_custom_object_no_init_1(): def test_custom_object_no_init_1():
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj', [ 'x-new-obj', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj(): class NewObj():
@ -351,9 +351,9 @@ def test_custom_object_no_init_1():
def test_custom_object_no_init_2(): def test_custom_object_no_init_2():
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj2', [ 'x-new-obj2', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj2(object): class NewObj2(object):
@ -365,9 +365,9 @@ def test_custom_object_no_init_2():
def test_custom_object_invalid_type_name(): def test_custom_object_invalid_type_name():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x', [ 'x', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj(object): class NewObj(object):
@ -375,9 +375,9 @@ def test_custom_object_invalid_type_name():
assert "Invalid type name 'x': " in str(excinfo.value) assert "Invalid type name 'x': " in str(excinfo.value)
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x_new_object', [ 'x_new_object', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj2(object): class NewObj2(object):
@ -386,9 +386,9 @@ def test_custom_object_invalid_type_name():
def test_custom_object_ref_property_as_identifier(): def test_custom_object_ref_property_as_identifier():
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj-with-ref', [ 'x-new-obj-with-ref', [
('property_ref', stix2.properties.ReferenceProperty(invalid_types=[])), ('property_ref', misp_lib_stix2.properties.ReferenceProperty(invalid_types=[])),
], ],
) )
class NewObs(): class NewObs():
@ -396,9 +396,9 @@ def test_custom_object_ref_property_as_identifier():
def test_custom_object_refs_property_containing_identifiers(): def test_custom_object_refs_property_containing_identifiers():
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj-with-refs', [ 'x-new-obj-with-refs', [
('property_refs', stix2.properties.ListProperty(stix2.properties.ReferenceProperty(invalid_types=[]))), ('property_refs', misp_lib_stix2.properties.ListProperty(misp_lib_stix2.properties.ReferenceProperty(invalid_types=[]))),
], ],
) )
class NewObs(): class NewObs():
@ -407,9 +407,9 @@ def test_custom_object_refs_property_containing_identifiers():
def test_custom_object_ref_property_as_objectref(): def test_custom_object_ref_property_as_objectref():
with pytest.raises(ValueError, match=r"not a subclass of 'ReferenceProperty"): with pytest.raises(ValueError, match=r"not a subclass of 'ReferenceProperty"):
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj-with-objref', [ 'x-new-obj-with-objref', [
('property_ref', stix2.properties.ObjectReferenceProperty()), ('property_ref', misp_lib_stix2.properties.ObjectReferenceProperty()),
], ],
) )
class NewObs(): class NewObs():
@ -418,9 +418,9 @@ def test_custom_object_ref_property_as_objectref():
def test_custom_object_refs_property_containing_objectrefs(): def test_custom_object_refs_property_containing_objectrefs():
with pytest.raises(ValueError, match=r"not a 'ListProperty' containing a subclass of 'ReferenceProperty"): with pytest.raises(ValueError, match=r"not a 'ListProperty' containing a subclass of 'ReferenceProperty"):
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj-with-objrefs', [ 'x-new-obj-with-objrefs', [
('property_refs', stix2.properties.ListProperty(stix2.properties.ObjectReferenceProperty())), ('property_refs', misp_lib_stix2.properties.ListProperty(misp_lib_stix2.properties.ObjectReferenceProperty())),
], ],
) )
class NewObs(): class NewObs():
@ -429,9 +429,9 @@ def test_custom_object_refs_property_containing_objectrefs():
def test_custom_object_invalid_ref_property(): def test_custom_object_invalid_ref_property():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj', [ 'x-new-obj', [
('property_ref', stix2.properties.StringProperty()), ('property_ref', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObs(): class NewObs():
@ -441,9 +441,9 @@ def test_custom_object_invalid_ref_property():
def test_custom_object_invalid_refs_property(): def test_custom_object_invalid_refs_property():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj', [ 'x-new-obj', [
('property_refs', stix2.properties.StringProperty()), ('property_refs', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObs(): class NewObs():
@ -453,9 +453,9 @@ def test_custom_object_invalid_refs_property():
def test_custom_object_invalid_refs_list_property(): def test_custom_object_invalid_refs_list_property():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj', [ 'x-new-obj', [
('property_refs', stix2.properties.ListProperty(stix2.properties.StringProperty)), ('property_refs', misp_lib_stix2.properties.ListProperty(misp_lib_stix2.properties.StringProperty)),
], ],
) )
class NewObs(): class NewObs():
@ -477,16 +477,16 @@ def test_custom_subobject_dict():
], ],
} }
obj = stix2.parse(obj_dict, allow_custom=True) obj = misp_lib_stix2.parse(obj_dict, allow_custom=True)
assert obj["objects"][0]["x_foo"] == 123 assert obj["objects"][0]["x_foo"] == 123
assert obj.has_custom assert obj.has_custom
with pytest.raises(InvalidValueError): with pytest.raises(InvalidValueError):
stix2.parse(obj_dict, allow_custom=False) misp_lib_stix2.parse(obj_dict, allow_custom=False)
def test_custom_subobject_obj(): def test_custom_subobject_obj():
ident = stix2.v20.Identity( ident = misp_lib_stix2.v20.Identity(
name="alice", identity_class=123, x_foo=123, allow_custom=True, name="alice", identity_class=123, x_foo=123, allow_custom=True,
) )
@ -496,12 +496,12 @@ def test_custom_subobject_obj():
"objects": [ident], "objects": [ident],
} }
obj = stix2.parse(obj_dict, allow_custom=True) obj = misp_lib_stix2.parse(obj_dict, allow_custom=True)
assert obj["objects"][0]["x_foo"] == 123 assert obj["objects"][0]["x_foo"] == 123
assert obj.has_custom assert obj.has_custom
with pytest.raises(InvalidValueError): with pytest.raises(InvalidValueError):
stix2.parse(obj_dict, allow_custom=False) misp_lib_stix2.parse(obj_dict, allow_custom=False)
def test_parse_custom_object_type(): def test_parse_custom_object_type():
@ -511,7 +511,7 @@ def test_parse_custom_object_type():
"property1": "something" "property1": "something"
}""" }"""
nt = stix2.parse(nt_string, version="2.0", allow_custom=True) nt = misp_lib_stix2.parse(nt_string, version="2.0", allow_custom=True)
assert nt["property1"] == 'something' assert nt["property1"] == 'something'
@ -522,8 +522,8 @@ def test_parse_unregistered_custom_object_type():
"property1": "something" "property1": "something"
}""" }"""
with pytest.raises(stix2.exceptions.ParseError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ParseError) as excinfo:
stix2.parse(nt_string, version="2.0") misp_lib_stix2.parse(nt_string, version="2.0")
assert "Can't parse unknown object type" in str(excinfo.value) assert "Can't parse unknown object type" in str(excinfo.value)
assert "use the CustomObject decorator." in str(excinfo.value) assert "use the CustomObject decorator." in str(excinfo.value)
@ -538,15 +538,15 @@ def test_parse_unregistered_custom_object_type_w_allow_custom():
"property1": "something" "property1": "something"
}""" }"""
custom_obj = stix2.parse(nt_string, version="2.0", allow_custom=True) custom_obj = misp_lib_stix2.parse(nt_string, version="2.0", allow_custom=True)
assert custom_obj["type"] == "x-foobar-observable" assert custom_obj["type"] == "x-foobar-observable"
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-observable', [ 'x-new-observable', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
('property2', stix2.properties.IntegerProperty()), ('property2', misp_lib_stix2.properties.IntegerProperty()),
('x_property3', stix2.properties.BooleanProperty()), ('x_property3', misp_lib_stix2.properties.BooleanProperty()),
], ],
) )
class NewObservable(): class NewObservable():
@ -561,7 +561,7 @@ def test_custom_observable_object_1():
no = NewObservable( no = NewObservable(
property1='something', property1='something',
extensions={ extensions={
'archive-ext': stix2.v20.observables.ArchiveExt( 'archive-ext': misp_lib_stix2.v20.observables.ArchiveExt(
contains_refs=['file--e277603e-1060-5ad4-9937-c26c97f1ca68'], contains_refs=['file--e277603e-1060-5ad4-9937-c26c97f1ca68'],
version='2.0', version='2.0',
comment='for real', comment='for real',
@ -573,7 +573,7 @@ def test_custom_observable_object_1():
def test_custom_observable_object_2(): def test_custom_observable_object_2():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.MissingPropertiesError) as excinfo:
NewObservable(property2=42) NewObservable(property2=42)
assert excinfo.value.properties == ['property1'] assert excinfo.value.properties == ['property1']
assert "No values for required properties" in str(excinfo.value) assert "No values for required properties" in str(excinfo.value)
@ -593,9 +593,9 @@ def test_custom_observable_raises_exception():
def test_custom_observable_object_no_init_1(): def test_custom_observable_object_no_init_1():
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-observable-1', [ 'x-new-observable-1', [
('property1', stix2.properties.StringProperty()), ('property1', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObs(): class NewObs():
@ -606,9 +606,9 @@ def test_custom_observable_object_no_init_1():
def test_custom_observable_object_no_init_2(): def test_custom_observable_object_no_init_2():
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs2', [ 'x-new-obs2', [
('property1', stix2.properties.StringProperty()), ('property1', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObs2(object): class NewObs2(object):
@ -620,9 +620,9 @@ def test_custom_observable_object_no_init_2():
def test_custom_observable_object_invalid_type_name(): def test_custom_observable_object_invalid_type_name():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x', [ 'x', [
('property1', stix2.properties.StringProperty()), ('property1', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObs(object): class NewObs(object):
@ -630,9 +630,9 @@ def test_custom_observable_object_invalid_type_name():
assert "Invalid type name 'x':" in str(excinfo.value) assert "Invalid type name 'x':" in str(excinfo.value)
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x_new_obs', [ 'x_new_obs', [
('property1', stix2.properties.StringProperty()), ('property1', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObs2(object): class NewObs2(object):
@ -642,9 +642,9 @@ def test_custom_observable_object_invalid_type_name():
def test_custom_observable_object_ref_property_as_identifier(): def test_custom_observable_object_ref_property_as_identifier():
with pytest.raises(ValueError, match=r"not a subclass of 'ObjectReferenceProperty"): with pytest.raises(ValueError, match=r"not a subclass of 'ObjectReferenceProperty"):
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs-with-ref', [ 'x-new-obs-with-ref', [
('property_ref', stix2.properties.ReferenceProperty(invalid_types=[])), ('property_ref', misp_lib_stix2.properties.ReferenceProperty(invalid_types=[])),
], ],
) )
class NewObs(): class NewObs():
@ -653,9 +653,9 @@ def test_custom_observable_object_ref_property_as_identifier():
def test_custom_observable_object_refs_property_containing_identifiers(): def test_custom_observable_object_refs_property_containing_identifiers():
with pytest.raises(ValueError, match=r"not a 'ListProperty' containing a subclass of 'ObjectReferenceProperty"): with pytest.raises(ValueError, match=r"not a 'ListProperty' containing a subclass of 'ObjectReferenceProperty"):
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs-with-refs', [ 'x-new-obs-with-refs', [
('property_refs', stix2.properties.ListProperty(stix2.properties.ReferenceProperty(invalid_types=[]))), ('property_refs', misp_lib_stix2.properties.ListProperty(misp_lib_stix2.properties.ReferenceProperty(invalid_types=[]))),
], ],
) )
class NewObs(): class NewObs():
@ -663,9 +663,9 @@ def test_custom_observable_object_refs_property_containing_identifiers():
def test_custom_observable_object_ref_property_as_objectref(): def test_custom_observable_object_ref_property_as_objectref():
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs-with-objref', [ 'x-new-obs-with-objref', [
('property_ref', stix2.properties.ObjectReferenceProperty()), ('property_ref', misp_lib_stix2.properties.ObjectReferenceProperty()),
], ],
) )
class NewObs(): class NewObs():
@ -673,9 +673,9 @@ def test_custom_observable_object_ref_property_as_objectref():
def test_custom_observable_object_refs_property_containing_objectrefs(): def test_custom_observable_object_refs_property_containing_objectrefs():
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs-with-objrefs', [ 'x-new-obs-with-objrefs', [
('property_refs', stix2.properties.ListProperty(stix2.properties.ObjectReferenceProperty())), ('property_refs', misp_lib_stix2.properties.ListProperty(misp_lib_stix2.properties.ObjectReferenceProperty())),
], ],
) )
class NewObs(): class NewObs():
@ -684,9 +684,9 @@ def test_custom_observable_object_refs_property_containing_objectrefs():
def test_custom_observable_object_invalid_ref_property(): def test_custom_observable_object_invalid_ref_property():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs', [ 'x-new-obs', [
('property_ref', stix2.properties.StringProperty()), ('property_ref', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObs(): class NewObs():
@ -696,9 +696,9 @@ def test_custom_observable_object_invalid_ref_property():
def test_custom_observable_object_invalid_refs_property(): def test_custom_observable_object_invalid_refs_property():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs', [ 'x-new-obs', [
('property_refs', stix2.properties.StringProperty()), ('property_refs', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObs(): class NewObs():
@ -708,9 +708,9 @@ def test_custom_observable_object_invalid_refs_property():
def test_custom_observable_object_invalid_refs_list_property(): def test_custom_observable_object_invalid_refs_list_property():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs', [ 'x-new-obs', [
('property_refs', stix2.properties.ListProperty(stix2.properties.StringProperty)), ('property_refs', misp_lib_stix2.properties.ListProperty(misp_lib_stix2.properties.StringProperty)),
], ],
) )
class NewObs(): class NewObs():
@ -719,10 +719,10 @@ def test_custom_observable_object_invalid_refs_list_property():
def test_custom_observable_object_invalid_valid_refs(): def test_custom_observable_object_invalid_valid_refs():
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-obs', [ 'x-new-obs', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
('property_ref', stix2.properties.ObjectReferenceProperty(valid_types='email-addr')), ('property_ref', misp_lib_stix2.properties.ObjectReferenceProperty(valid_types='email-addr')),
], ],
) )
class NewObs(): class NewObs():
@ -740,7 +740,7 @@ def test_custom_observable_object_invalid_valid_refs():
def test_custom_no_properties_raises_exception(): def test_custom_no_properties_raises_exception():
with pytest.raises(TypeError): with pytest.raises(TypeError):
@stix2.v20.CustomObject('x-new-object-type') @misp_lib_stix2.v20.CustomObject('x-new-object-type')
class NewObject1(object): class NewObject1(object):
pass pass
@ -748,7 +748,7 @@ def test_custom_no_properties_raises_exception():
def test_custom_wrong_properties_arg_raises_exception(): def test_custom_wrong_properties_arg_raises_exception():
with pytest.raises(ValueError): with pytest.raises(ValueError):
@stix2.v20.CustomObservable('x-new-object-type', (("prop", stix2.properties.BooleanProperty()))) @misp_lib_stix2.v20.CustomObservable('x-new-object-type', (("prop", misp_lib_stix2.properties.BooleanProperty())))
class NewObject2(object): class NewObject2(object):
pass pass
@ -759,8 +759,8 @@ def test_parse_custom_observable_object():
"property1": "something" "property1": "something"
}""" }"""
nt = stix2.parse_observable(nt_string, [], version='2.0') nt = misp_lib_stix2.parse_observable(nt_string, [], version='2.0')
assert isinstance(nt, stix2.base._STIXBase) assert isinstance(nt, misp_lib_stix2.base._STIXBase)
assert nt.property1 == 'something' assert nt.property1 == 'something'
@ -770,15 +770,15 @@ def test_parse_unregistered_custom_observable_object():
"property1": "something" "property1": "something"
}""" }"""
with pytest.raises(stix2.exceptions.ParseError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ParseError) as excinfo:
stix2.parse_observable(nt_string, version='2.0') misp_lib_stix2.parse_observable(nt_string, version='2.0')
assert "Can't parse unknown observable type" in str(excinfo.value) assert "Can't parse unknown observable type" in str(excinfo.value)
parsed_custom = stix2.parse_observable(nt_string, allow_custom=True, version='2.0') parsed_custom = misp_lib_stix2.parse_observable(nt_string, allow_custom=True, version='2.0')
assert parsed_custom['property1'] == 'something' assert parsed_custom['property1'] == 'something'
with pytest.raises(AttributeError) as excinfo: with pytest.raises(AttributeError) as excinfo:
assert parsed_custom.property1 == 'something' assert parsed_custom.property1 == 'something'
assert not isinstance(parsed_custom, stix2.base._STIXBase) assert not isinstance(parsed_custom, misp_lib_stix2.base._STIXBase)
def test_parse_unregistered_custom_observable_object_with_no_type(): def test_parse_unregistered_custom_observable_object_with_no_type():
@ -786,8 +786,8 @@ def test_parse_unregistered_custom_observable_object_with_no_type():
"property1": "something" "property1": "something"
}""" }"""
with pytest.raises(stix2.exceptions.ParseError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ParseError) as excinfo:
stix2.parse_observable(nt_string, allow_custom=True, version='2.0') misp_lib_stix2.parse_observable(nt_string, allow_custom=True, version='2.0')
assert "Can't parse observable with no 'type' property" in str(excinfo.value) assert "Can't parse observable with no 'type' property" in str(excinfo.value)
@ -807,7 +807,7 @@ def test_parse_observed_data_with_custom_observable():
} }
} }
}""" }"""
parsed = stix2.parse(input_str, version="2.0", allow_custom=True) parsed = misp_lib_stix2.parse(input_str, version="2.0", allow_custom=True)
assert parsed.objects['0']['property1'] == 'something' assert parsed.objects['0']['property1'] == 'something'
@ -816,8 +816,8 @@ def test_parse_invalid_custom_observable_object():
"property1": "something" "property1": "something"
}""" }"""
with pytest.raises(stix2.exceptions.ParseError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ParseError) as excinfo:
stix2.parse_observable(nt_string, version='2.0') misp_lib_stix2.parse_observable(nt_string, version='2.0')
assert "Can't parse observable with no 'type' property" in str(excinfo.value) assert "Can't parse observable with no 'type' property" in str(excinfo.value)
@ -839,7 +839,7 @@ def test_observable_custom_property():
def test_observable_custom_property_invalid(): def test_observable_custom_property_invalid():
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ExtraPropertiesError) as excinfo:
NewObservable( NewObservable(
property1='something', property1='something',
x_foo="bar", x_foo="bar",
@ -859,7 +859,7 @@ def test_observable_custom_property_allowed():
def test_observed_data_with_custom_observable_object(): def test_observed_data_with_custom_observable_object():
no = NewObservable(property1='something') no = NewObservable(property1='something')
ob_data = stix2.v20.ObservedData( ob_data = misp_lib_stix2.v20.ObservedData(
first_observed=FAKE_TIME, first_observed=FAKE_TIME,
last_observed=FAKE_TIME, last_observed=FAKE_TIME,
number_observed=1, number_observed=1,
@ -869,10 +869,10 @@ def test_observed_data_with_custom_observable_object():
assert ob_data.objects['0'].property1 == 'something' assert ob_data.objects['0'].property1 == 'something'
@stix2.v20.CustomExtension( @misp_lib_stix2.v20.CustomExtension(
'x-new-ext', [ 'x-new-ext', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
('property2', stix2.properties.IntegerProperty()), ('property2', misp_lib_stix2.properties.IntegerProperty()),
], ],
) )
class NewExtension(): class NewExtension():
@ -894,7 +894,7 @@ def test_custom_extension():
ext = NewExtension(property1='something') ext = NewExtension(property1='something')
assert ext.property1 == 'something' assert ext.property1 == 'something'
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.MissingPropertiesError) as excinfo:
NewExtension(property2=42) NewExtension(property2=42)
assert excinfo.value.properties == ['property1'] assert excinfo.value.properties == ['property1']
assert str(excinfo.value) == "No values for required properties for NewExtension: (property1)." assert str(excinfo.value) == "No values for required properties for NewExtension: (property1)."
@ -908,7 +908,7 @@ def test_custom_extension_wrong_observable_type():
# NewExtension is an extension of DomainName, not File # NewExtension is an extension of DomainName, not File
ext = NewExtension(property1='something') ext = NewExtension(property1='something')
with pytest.raises(InvalidValueError) as excinfo: with pytest.raises(InvalidValueError) as excinfo:
stix2.v20.File( misp_lib_stix2.v20.File(
name="abc.txt", name="abc.txt",
extensions={ extensions={
"ntfs-ext": ext, "ntfs-ext": ext,
@ -931,9 +931,9 @@ def test_custom_extension_wrong_observable_type():
], ],
) )
def test_custom_extension_with_list_and_dict_properties_observable_type(data): def test_custom_extension_with_list_and_dict_properties_observable_type(data):
@stix2.v20.CustomExtension( @misp_lib_stix2.v20.CustomExtension(
'some-extension', [ 'some-extension', [
('keys', stix2.properties.ListProperty(stix2.properties.DictionaryProperty, required=True)), ('keys', misp_lib_stix2.properties.ListProperty(misp_lib_stix2.properties.DictionaryProperty, required=True)),
], ],
) )
class SomeCustomExtension: class SomeCustomExtension:
@ -945,9 +945,9 @@ def test_custom_extension_with_list_and_dict_properties_observable_type(data):
def test_custom_extension_invalid_type_name(): def test_custom_extension_invalid_type_name():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomExtension( @misp_lib_stix2.v20.CustomExtension(
'x', { 'x', {
'property1': stix2.properties.StringProperty(required=True), 'property1': misp_lib_stix2.properties.StringProperty(required=True),
}, },
) )
class FooExtension(): class FooExtension():
@ -955,9 +955,9 @@ def test_custom_extension_invalid_type_name():
assert "Invalid type name 'x':" in str(excinfo.value) assert "Invalid type name 'x':" in str(excinfo.value)
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
@stix2.v20.CustomExtension( @misp_lib_stix2.v20.CustomExtension(
'x_new_ext', { 'x_new_ext', {
'property1': stix2.properties.StringProperty(required=True), 'property1': misp_lib_stix2.properties.StringProperty(required=True),
}, },
) )
class BlaExtension(): class BlaExtension():
@ -967,29 +967,29 @@ def test_custom_extension_invalid_type_name():
def test_custom_extension_no_properties(): def test_custom_extension_no_properties():
with pytest.raises(ValueError): with pytest.raises(ValueError):
@stix2.v20.CustomExtension('x-new-ext2', None) @misp_lib_stix2.v20.CustomExtension('x-new-ext2', None)
class BarExtension(): class BarExtension():
pass pass
def test_custom_extension_empty_properties(): def test_custom_extension_empty_properties():
with pytest.raises(ValueError): with pytest.raises(ValueError):
@stix2.v20.CustomExtension('x-new-ext2', []) @misp_lib_stix2.v20.CustomExtension('x-new-ext2', [])
class BarExtension(): class BarExtension():
pass pass
def test_custom_extension_dict_properties(): def test_custom_extension_dict_properties():
with pytest.raises(ValueError): with pytest.raises(ValueError):
@stix2.v20.CustomExtension('x-new-ext2', {}) @misp_lib_stix2.v20.CustomExtension('x-new-ext2', {})
class BarExtension(): class BarExtension():
pass pass
def test_custom_extension_no_init_1(): def test_custom_extension_no_init_1():
@stix2.v20.CustomExtension( @misp_lib_stix2.v20.CustomExtension(
'x-new-extension', [ 'x-new-extension', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewExt(): class NewExt():
@ -1000,9 +1000,9 @@ def test_custom_extension_no_init_1():
def test_custom_extension_no_init_2(): def test_custom_extension_no_init_2():
@stix2.v20.CustomExtension( @misp_lib_stix2.v20.CustomExtension(
'x-new-ext2', [ 'x-new-ext2', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewExt2(object): class NewExt2(object):
@ -1024,7 +1024,7 @@ def test_parse_observable_with_custom_extension():
} }
}""" }"""
parsed = stix2.parse_observable(input_str, version='2.0') parsed = misp_lib_stix2.parse_observable(input_str, version='2.0')
assert parsed.extensions['x-new-ext'].property2 == 12 assert parsed.extensions['x-new-ext'].property2 == 12
@ -1049,12 +1049,12 @@ def test_parse_observable_with_custom_extension_property():
} }
}""" }"""
parsed = stix2.parse(input_str, version='2.0', allow_custom=True) parsed = misp_lib_stix2.parse(input_str, version='2.0', allow_custom=True)
assert parsed.has_custom assert parsed.has_custom
assert parsed["objects"]["0"]["extensions"]["raster-image-ext"]["x-foo"] is False assert parsed["objects"]["0"]["extensions"]["raster-image-ext"]["x-foo"] is False
with pytest.raises(InvalidValueError): with pytest.raises(InvalidValueError):
stix2.parse(input_str, version="2.0", allow_custom=False) misp_lib_stix2.parse(input_str, version="2.0", allow_custom=False)
def test_custom_and_spec_extension_mix(): def test_custom_and_spec_extension_mix():
@ -1063,7 +1063,7 @@ def test_custom_and_spec_extension_mix():
extension doesn't result in a completely uncleaned extensions property. extension doesn't result in a completely uncleaned extensions property.
""" """
file_obs = stix2.v20.File( file_obs = misp_lib_stix2.v20.File(
name="my_file.dat", name="my_file.dat",
extensions={ extensions={
"x-custom1": { "x-custom1": {
@ -1093,10 +1093,10 @@ def test_custom_and_spec_extension_mix():
# Both of these should have been converted to objects, not left as dicts. # Both of these should have been converted to objects, not left as dicts.
assert isinstance( assert isinstance(
file_obs.extensions["raster-image-ext"], stix2.v20.RasterImageExt, file_obs.extensions["raster-image-ext"], misp_lib_stix2.v20.RasterImageExt,
) )
assert isinstance( assert isinstance(
file_obs.extensions["ntfs-ext"], stix2.v20.NTFSExt, file_obs.extensions["ntfs-ext"], misp_lib_stix2.v20.NTFSExt,
) )
@ -1128,12 +1128,12 @@ def test_custom_and_spec_extension_mix():
) )
def test_parse_observable_with_unregistered_custom_extension(data): def test_parse_observable_with_unregistered_custom_extension(data):
with pytest.raises(InvalidValueError) as excinfo: with pytest.raises(InvalidValueError) as excinfo:
stix2.parse_observable(data, version='2.0') misp_lib_stix2.parse_observable(data, version='2.0')
assert "Can't parse unknown extension type" in str(excinfo.value) assert "Can't parse unknown extension type" in str(excinfo.value)
parsed_ob = stix2.parse_observable(data, allow_custom=True, version='2.0') parsed_ob = misp_lib_stix2.parse_observable(data, allow_custom=True, version='2.0')
assert parsed_ob['extensions']['x-foobar-ext']['property1'] == 'foo' assert parsed_ob['extensions']['x-foobar-ext']['property1'] == 'foo'
assert not isinstance(parsed_ob['extensions']['x-foobar-ext'], stix2.base._STIXBase) assert not isinstance(parsed_ob['extensions']['x-foobar-ext'], misp_lib_stix2.base._STIXBase)
def test_register_custom_object(): def test_register_custom_object():
@ -1142,12 +1142,12 @@ def test_register_custom_object():
_type = 'awesome-object' _type = 'awesome-object'
with pytest.raises(ValueError): with pytest.raises(ValueError):
stix2.registration._register_object(CustomObject2, version="2.0") misp_lib_stix2.registration._register_object(CustomObject2, version="2.0")
def test_extension_property_location(): def test_extension_property_location():
assert 'extensions' in stix2.v20.OBJ_MAP_OBSERVABLE['x-new-observable']._properties assert 'extensions' in misp_lib_stix2.v20.OBJ_MAP_OBSERVABLE['x-new-observable']._properties
assert 'extensions' not in stix2.v20.EXT_MAP['x-new-ext']._properties assert 'extensions' not in misp_lib_stix2.v20.EXT_MAP['x-new-ext']._properties
@pytest.mark.parametrize( @pytest.mark.parametrize(
@ -1167,9 +1167,9 @@ def test_extension_property_location():
], ],
) )
def test_custom_object_nested_dictionary(data): def test_custom_object_nested_dictionary(data):
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-example', [ 'x-example', [
('dictionary', stix2.properties.DictionaryProperty()), ('dictionary', misp_lib_stix2.properties.DictionaryProperty()),
], ],
) )
class Example(object): class Example(object):
@ -1186,10 +1186,10 @@ def test_custom_object_nested_dictionary(data):
assert data == example.serialize(pretty=True) assert data == example.serialize(pretty=True)
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-type-2', [ 'x-new-type-2', [
('property1', stix2.properties.StringProperty()), ('property1', misp_lib_stix2.properties.StringProperty()),
('property2', stix2.properties.IntegerProperty()), ('property2', misp_lib_stix2.properties.IntegerProperty()),
], ],
) )
class NewType2(object): class NewType2(object):
@ -1202,9 +1202,9 @@ def test_register_custom_object_with_version():
"id": "x-new-type-2--00000000-0000-4000-8000-000000000007", "id": "x-new-type-2--00000000-0000-4000-8000-000000000007",
} }
cust_obj_1 = stix2.parsing.dict_to_stix2(custom_obj_1, version='2.0') cust_obj_1 = misp_lib_stix2.parsing.dict_to_stix2(custom_obj_1, version='2.0')
assert cust_obj_1.type in stix2.registry.STIX2_OBJ_MAPS['2.0']['objects'] assert cust_obj_1.type in misp_lib_stix2.registry.STIX2_OBJ_MAPS['2.0']['objects']
# spec_version is not in STIX 2.0, and is required in 2.1, so this # spec_version is not in STIX 2.0, and is required in 2.1, so this
# suffices as a test for a STIX 2.0 object. # suffices as a test for a STIX 2.0 object.
assert "spec_version" not in cust_obj_1 assert "spec_version" not in cust_obj_1
@ -1212,10 +1212,10 @@ def test_register_custom_object_with_version():
def test_register_duplicate_object_with_version(): def test_register_duplicate_object_with_version():
with pytest.raises(DuplicateRegistrationError) as excinfo: with pytest.raises(DuplicateRegistrationError) as excinfo:
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-type-2', [ 'x-new-type-2', [
('property1', stix2.properties.StringProperty()), ('property1', misp_lib_stix2.properties.StringProperty()),
('property2', stix2.properties.IntegerProperty()), ('property2', misp_lib_stix2.properties.IntegerProperty()),
], ],
) )
class NewType2(object): class NewType2(object):
@ -1223,9 +1223,9 @@ def test_register_duplicate_object_with_version():
assert "cannot be registered again" in str(excinfo.value) assert "cannot be registered again" in str(excinfo.value)
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-observable-2', [ 'x-new-observable-2', [
('property1', stix2.properties.StringProperty()), ('property1', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObservable2(object): class NewObservable2(object):
@ -1235,14 +1235,14 @@ class NewObservable2(object):
def test_register_observable_with_version(): def test_register_observable_with_version():
custom_obs = NewObservable2(property1="Test Observable") custom_obs = NewObservable2(property1="Test Observable")
assert custom_obs.type in stix2.registry.STIX2_OBJ_MAPS['2.0']['observables'] assert custom_obs.type in misp_lib_stix2.registry.STIX2_OBJ_MAPS['2.0']['observables']
def test_register_duplicate_observable_with_version(): def test_register_duplicate_observable_with_version():
with pytest.raises(DuplicateRegistrationError) as excinfo: with pytest.raises(DuplicateRegistrationError) as excinfo:
@stix2.v20.CustomObservable( @misp_lib_stix2.v20.CustomObservable(
'x-new-observable-2', [ 'x-new-observable-2', [
('property1', stix2.properties.StringProperty()), ('property1', misp_lib_stix2.properties.StringProperty()),
], ],
) )
class NewObservable2(object): class NewObservable2(object):
@ -1251,22 +1251,22 @@ def test_register_duplicate_observable_with_version():
def test_register_marking_with_version(): def test_register_marking_with_version():
@stix2.v20.CustomMarking( @misp_lib_stix2.v20.CustomMarking(
'x-new-obj-2', [ 'x-new-obj-2', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj2(): class NewObj2():
pass pass
no = NewObj2(property1='something') no = NewObj2(property1='something')
assert no._type in stix2.registry.STIX2_OBJ_MAPS['2.0']['markings'] assert no._type in misp_lib_stix2.registry.STIX2_OBJ_MAPS['2.0']['markings']
def test_register_observable_extension_with_version(): def test_register_observable_extension_with_version():
@stix2.v20.CustomExtension( @misp_lib_stix2.v20.CustomExtension(
'some-extension-2', [ 'some-extension-2', [
('keys', stix2.properties.StringProperty(required=True)), ('keys', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class SomeCustomExtension2: class SomeCustomExtension2:
@ -1274,15 +1274,15 @@ def test_register_observable_extension_with_version():
example = SomeCustomExtension2(keys='test123') example = SomeCustomExtension2(keys='test123')
assert example._type in stix2.registry.STIX2_OBJ_MAPS['2.0']['extensions'] assert example._type in misp_lib_stix2.registry.STIX2_OBJ_MAPS['2.0']['extensions']
def test_register_duplicate_observable_extension(): def test_register_duplicate_observable_extension():
with pytest.raises(DuplicateRegistrationError) as excinfo: with pytest.raises(DuplicateRegistrationError) as excinfo:
@stix2.v20.CustomExtension( @misp_lib_stix2.v20.CustomExtension(
'some-extension-2', [ 'some-extension-2', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
('property2', stix2.properties.IntegerProperty()), ('property2', misp_lib_stix2.properties.IntegerProperty()),
], ],
) )
class NewExtension2(): class NewExtension2():

4
stix2/test/v21/test_datastore.py → misp_lib_stix2/test/v20/test_datastore.py
View File

@ -1,9 +1,9 @@
import pytest import pytest
from stix2.datastore import ( from misp_lib_stix2.datastore import (
CompositeDataSource, DataSink, DataSource, DataStoreMixin, CompositeDataSource, DataSink, DataSource, DataStoreMixin,
) )
from stix2.datastore.filters import Filter from misp_lib_stix2.datastore.filters import Filter
from .constants import CAMPAIGN_MORE_KWARGS from .constants import CAMPAIGN_MORE_KWARGS

10
stix2/test/v20/test_datastore_composite.py → misp_lib_stix2/test/v20/test_datastore_composite.py
View File

@ -1,10 +1,10 @@
import pytest import pytest
from stix2.datastore import CompositeDataSource, make_id from misp_lib_stix2.datastore import CompositeDataSource, make_id
from stix2.datastore.filters import Filter from misp_lib_stix2.datastore.filters import Filter
from stix2.datastore.memory import MemorySink, MemorySource, MemoryStore from misp_lib_stix2.datastore.memory import MemorySink, MemorySource, MemoryStore
from stix2.utils import parse_into_datetime from misp_lib_stix2.utils import parse_into_datetime
from stix2.v20.common import TLP_GREEN from misp_lib_stix2.v20.common import TLP_GREEN
def test_add_remove_composite_datasource(): def test_add_remove_composite_datasource():

148
stix2/test/v20/test_datastore_filesystem.py → misp_lib_stix2/test/v20/test_datastore_filesystem.py
View File

@ -8,13 +8,13 @@ import stat
import pytest import pytest
import pytz import pytz
import stix2 import misp_lib_stix2
from stix2.datastore import DataSourceError from misp_lib_stix2.datastore import DataSourceError
from stix2.datastore.filesystem import ( from misp_lib_stix2.datastore.filesystem import (
AuthSet, _find_search_optimizations, _get_matching_dir_entries, AuthSet, _find_search_optimizations, _get_matching_dir_entries,
_timestamp2filename, _timestamp2filename,
) )
from stix2.exceptions import STIXError from misp_lib_stix2.exceptions import STIXError
from .constants import ( from .constants import (
CAMPAIGN_ID, CAMPAIGN_KWARGS, IDENTITY_ID, IDENTITY_KWARGS, INDICATOR_ID, CAMPAIGN_ID, CAMPAIGN_KWARGS, IDENTITY_ID, IDENTITY_KWARGS, INDICATOR_ID,
@ -27,7 +27,7 @@ FS_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), "stix2_data"
@pytest.fixture @pytest.fixture
def fs_store(): def fs_store():
# create # create
yield stix2.FileSystemStore(FS_PATH) yield misp_lib_stix2.FileSystemStore(FS_PATH)
# remove campaign dir # remove campaign dir
shutil.rmtree(os.path.join(FS_PATH, "campaign"), True) shutil.rmtree(os.path.join(FS_PATH, "campaign"), True)
@ -36,7 +36,7 @@ def fs_store():
@pytest.fixture @pytest.fixture
def fs_source(): def fs_source():
# create # create
fs = stix2.FileSystemSource(FS_PATH) fs = misp_lib_stix2.FileSystemSource(FS_PATH)
assert fs.stix_dir == FS_PATH assert fs.stix_dir == FS_PATH
yield fs yield fs
@ -47,7 +47,7 @@ def fs_source():
@pytest.fixture @pytest.fixture
def fs_sink(): def fs_sink():
# create # create
fs = stix2.FileSystemSink(FS_PATH) fs = misp_lib_stix2.FileSystemSink(FS_PATH)
assert fs.stix_dir == FS_PATH assert fs.stix_dir == FS_PATH
yield fs yield fs
@ -92,15 +92,15 @@ def bad_stix_files():
@pytest.fixture(scope='module') @pytest.fixture(scope='module')
def rel_fs_store(): def rel_fs_store():
cam = stix2.v20.Campaign(id=CAMPAIGN_ID, **CAMPAIGN_KWARGS) cam = misp_lib_stix2.v20.Campaign(id=CAMPAIGN_ID, **CAMPAIGN_KWARGS)
idy = stix2.v20.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS) idy = misp_lib_stix2.v20.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS)
ind = stix2.v20.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS) ind = misp_lib_stix2.v20.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS)
mal = stix2.v20.Malware(id=MALWARE_ID, **MALWARE_KWARGS) mal = misp_lib_stix2.v20.Malware(id=MALWARE_ID, **MALWARE_KWARGS)
rel1 = stix2.v20.Relationship(ind, 'indicates', mal, id=RELATIONSHIP_IDS[0]) rel1 = misp_lib_stix2.v20.Relationship(ind, 'indicates', mal, id=RELATIONSHIP_IDS[0])
rel2 = stix2.v20.Relationship(mal, 'targets', idy, id=RELATIONSHIP_IDS[1]) rel2 = misp_lib_stix2.v20.Relationship(mal, 'targets', idy, id=RELATIONSHIP_IDS[1])
rel3 = stix2.v20.Relationship(cam, 'uses', mal, id=RELATIONSHIP_IDS[2]) rel3 = misp_lib_stix2.v20.Relationship(cam, 'uses', mal, id=RELATIONSHIP_IDS[2])
stix_objs = [cam, idy, ind, mal, rel1, rel2, rel3] stix_objs = [cam, idy, ind, mal, rel1, rel2, rel3]
fs = stix2.FileSystemStore(FS_PATH) fs = misp_lib_stix2.FileSystemStore(FS_PATH)
for o in stix_objs: for o in stix_objs:
fs.add(o) fs.add(o)
yield fs yield fs
@ -126,12 +126,12 @@ def rel_fs_store():
def test_filesystem_source_nonexistent_folder(): def test_filesystem_source_nonexistent_folder():
with pytest.raises(ValueError): with pytest.raises(ValueError):
stix2.FileSystemSource('nonexistent-folder') misp_lib_stix2.FileSystemSource('nonexistent-folder')
def test_filesystem_sink_nonexistent_folder(): def test_filesystem_sink_nonexistent_folder():
with pytest.raises(ValueError): with pytest.raises(ValueError):
stix2.FileSystemSink('nonexistent-folder') misp_lib_stix2.FileSystemSink('nonexistent-folder')
def test_filesystem_source_bad_json_file(fs_source, bad_json_files): def test_filesystem_source_bad_json_file(fs_source, bad_json_files):
@ -184,7 +184,7 @@ def test_filesystem_source_all_versions(fs_source):
def test_filesystem_source_query_single(fs_source): def test_filesystem_source_query_single(fs_source):
# query2 # query2
is_2 = fs_source.query([stix2.Filter("external_references.external_id", '=', "T1027")]) is_2 = fs_source.query([misp_lib_stix2.Filter("external_references.external_id", '=', "T1027")])
assert len(is_2) == 1 assert len(is_2) == 1
is_2 = is_2[0] is_2 = is_2[0]
@ -194,7 +194,7 @@ def test_filesystem_source_query_single(fs_source):
def test_filesystem_source_query_multiple(fs_source): def test_filesystem_source_query_multiple(fs_source):
# query # query
intrusion_sets = fs_source.query([stix2.Filter("type", '=', "intrusion-set")]) intrusion_sets = fs_source.query([misp_lib_stix2.Filter("type", '=', "intrusion-set")])
assert len(intrusion_sets) == 2 assert len(intrusion_sets) == 2
assert "intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064" in [is_.id for is_ in intrusion_sets] assert "intrusion-set--a653431d-6a5e-4600-8ad3-609b5af57064" in [is_.id for is_ in intrusion_sets]
assert "intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a" in [is_.id for is_ in intrusion_sets] assert "intrusion-set--f3bdec95-3d62-42d9-a840-29630f6cdc1a" in [is_.id for is_ in intrusion_sets]
@ -209,9 +209,9 @@ def test_filesystem_source_backward_compatible(fs_source):
# it. # it.
modified = datetime.datetime(2018, 11, 16, 22, 54, 20, 390000, pytz.utc) modified = datetime.datetime(2018, 11, 16, 22, 54, 20, 390000, pytz.utc)
results = fs_source.query([ results = fs_source.query([
stix2.Filter("type", "=", "malware"), misp_lib_stix2.Filter("type", "=", "malware"),
stix2.Filter("id", "=", "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38"), misp_lib_stix2.Filter("id", "=", "malware--6b616fc1-1505-48e3-8b2c-0d19337bff38"),
stix2.Filter("modified", "=", modified), misp_lib_stix2.Filter("modified", "=", modified),
]) ])
assert len(results) == 1 assert len(results) == 1
@ -224,7 +224,7 @@ def test_filesystem_source_backward_compatible(fs_source):
def test_filesystem_sink_add_python_stix_object(fs_sink, fs_source): def test_filesystem_sink_add_python_stix_object(fs_sink, fs_source):
# add python stix object # add python stix object
camp1 = stix2.v20.Campaign( camp1 = misp_lib_stix2.v20.Campaign(
name="Hannibal", name="Hannibal",
objective="Targeting Italian and Spanish Diplomat internet accounts", objective="Targeting Italian and Spanish Diplomat internet accounts",
aliases=["War Elephant"], aliases=["War Elephant"],
@ -266,7 +266,7 @@ def test_filesystem_sink_add_stix_object_dict(fs_sink, fs_source):
# as what's in the dict, since the parsing process can enforce a precision # as what's in the dict, since the parsing process can enforce a precision
# constraint (e.g. truncate to milliseconds), which results in a slightly # constraint (e.g. truncate to milliseconds), which results in a slightly
# different name. # different name.
camp2obj = stix2.parse(camp2) camp2obj = misp_lib_stix2.parse(camp2)
filepath = os.path.join( filepath = os.path.join(
FS_PATH, "campaign", camp2obj["id"], FS_PATH, "campaign", camp2obj["id"],
_timestamp2filename(camp2obj["modified"]) + ".json", _timestamp2filename(camp2obj["modified"]) + ".json",
@ -303,7 +303,7 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source):
fs_sink.add(bund) fs_sink.add(bund)
camp_obj = stix2.parse(bund["objects"][0]) camp_obj = misp_lib_stix2.parse(bund["objects"][0])
filepath = os.path.join( filepath = os.path.join(
FS_PATH, "campaign", camp_obj["id"], FS_PATH, "campaign", camp_obj["id"],
_timestamp2filename(camp_obj["modified"]) + ".json", _timestamp2filename(camp_obj["modified"]) + ".json",
@ -328,7 +328,7 @@ def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source):
fs_sink.add(camp4) fs_sink.add(camp4)
camp4obj = stix2.parse(camp4) camp4obj = misp_lib_stix2.parse(camp4)
filepath = os.path.join( filepath = os.path.join(
FS_PATH, "campaign", FS_PATH, "campaign",
"campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d", "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d",
@ -353,7 +353,7 @@ def test_filesystem_sink_json_stix_bundle(fs_sink, fs_source):
' "name": "Spartacus", "objective": "Oppressive regimes of Africa and Middle East"}]}' ' "name": "Spartacus", "objective": "Oppressive regimes of Africa and Middle East"}]}'
fs_sink.add(bund2) fs_sink.add(bund2)
bund2obj = stix2.parse(bund2) bund2obj = misp_lib_stix2.parse(bund2)
camp_obj = bund2obj["objects"][0] camp_obj = bund2obj["objects"][0]
filepath = os.path.join( filepath = os.path.join(
@ -373,7 +373,7 @@ def test_filesystem_sink_json_stix_bundle(fs_sink, fs_source):
def test_filesystem_sink_add_objects_list(fs_sink, fs_source): def test_filesystem_sink_add_objects_list(fs_sink, fs_source):
# add list of objects # add list of objects
camp6 = stix2.v20.Campaign( camp6 = misp_lib_stix2.v20.Campaign(
name="Comanche", name="Comanche",
objective="US Midwest manufacturing firms, oil refineries, and businesses", objective="US Midwest manufacturing firms, oil refineries, and businesses",
aliases=["Horse Warrior"], aliases=["Horse Warrior"],
@ -391,7 +391,7 @@ def test_filesystem_sink_add_objects_list(fs_sink, fs_source):
fs_sink.add([camp6, camp7]) fs_sink.add([camp6, camp7])
camp7obj = stix2.parse(camp7) camp7obj = misp_lib_stix2.parse(camp7)
camp6filepath = os.path.join( camp6filepath = os.path.join(
FS_PATH, "campaign", camp6.id, FS_PATH, "campaign", camp6.id,
@ -421,7 +421,7 @@ def test_filesystem_sink_add_objects_list(fs_sink, fs_source):
def test_filesystem_attempt_stix_file_overwrite(fs_store): def test_filesystem_attempt_stix_file_overwrite(fs_store):
# add python stix object # add python stix object
camp8 = stix2.v20.Campaign( camp8 = misp_lib_stix2.v20.Campaign(
name="George Washington", name="George Washington",
objective="Create an awesome country", objective="Create an awesome country",
aliases=["Georgey"], aliases=["Georgey"],
@ -446,11 +446,11 @@ def test_filesystem_attempt_stix_file_overwrite(fs_store):
def test_filesystem_sink_marking(fs_sink): def test_filesystem_sink_marking(fs_sink):
marking = stix2.v20.MarkingDefinition( marking = misp_lib_stix2.v20.MarkingDefinition(
id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
created="2017-01-20T00:00:00.000Z", created="2017-01-20T00:00:00.000Z",
definition_type="tlp", definition_type="tlp",
definition=stix2.v20.TLPMarking(tlp="green"), definition=misp_lib_stix2.v20.TLPMarking(tlp="green"),
) )
fs_sink.add(marking) fs_sink.add(marking)
@ -485,14 +485,14 @@ def test_filesystem_store_all_versions(fs_store):
def test_filesystem_store_query(fs_store): def test_filesystem_store_query(fs_store):
# query() # query()
tools = fs_store.query([stix2.Filter("labels", "in", "tool")]) tools = fs_store.query([misp_lib_stix2.Filter("labels", "in", "tool")])
assert len(tools) == 2 assert len(tools) == 2
assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [tool.id for tool in tools] assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [tool.id for tool in tools]
assert "tool--03342581-f790-4f03-ba41-e82e67392e23" in [tool.id for tool in tools] assert "tool--03342581-f790-4f03-ba41-e82e67392e23" in [tool.id for tool in tools]
def test_filesystem_store_query_single_filter(fs_store): def test_filesystem_store_query_single_filter(fs_store):
query = stix2.Filter("labels", "in", "tool") query = misp_lib_stix2.Filter("labels", "in", "tool")
tools = fs_store.query(query) tools = fs_store.query(query)
assert len(tools) == 2 assert len(tools) == 2
assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [tool.id for tool in tools] assert "tool--242f3da3-4425-4d11-8f5c-b842886da966" in [tool.id for tool in tools]
@ -507,20 +507,20 @@ def test_filesystem_store_empty_query(fs_store):
def test_filesystem_store_query_multiple_filters(fs_store): def test_filesystem_store_query_multiple_filters(fs_store):
fs_store.source.filters.add(stix2.Filter("labels", "in", "tool")) fs_store.source.filters.add(misp_lib_stix2.Filter("labels", "in", "tool"))
tools = fs_store.query(stix2.Filter("id", "=", "tool--242f3da3-4425-4d11-8f5c-b842886da966")) tools = fs_store.query(misp_lib_stix2.Filter("id", "=", "tool--242f3da3-4425-4d11-8f5c-b842886da966"))
assert len(tools) == 1 assert len(tools) == 1
assert tools[0].id == "tool--242f3da3-4425-4d11-8f5c-b842886da966" assert tools[0].id == "tool--242f3da3-4425-4d11-8f5c-b842886da966"
def test_filesystem_store_query_dont_include_type_folder(fs_store): def test_filesystem_store_query_dont_include_type_folder(fs_store):
results = fs_store.query(stix2.Filter("type", "!=", "tool")) results = fs_store.query(misp_lib_stix2.Filter("type", "!=", "tool"))
assert len(results) == 28 assert len(results) == 28
def test_filesystem_store_add(fs_store): def test_filesystem_store_add(fs_store):
# add() # add()
camp1 = stix2.v20.Campaign( camp1 = misp_lib_stix2.v20.Campaign(
name="Great Heathen Army", name="Great Heathen Army",
objective="Targeting the government of United Kingdom and insitutions affiliated with the Church Of England", objective="Targeting the government of United Kingdom and insitutions affiliated with the Church Of England",
aliases=["Ragnar"], aliases=["Ragnar"],
@ -541,9 +541,9 @@ def test_filesystem_store_add(fs_store):
def test_filesystem_store_add_as_bundle(): def test_filesystem_store_add_as_bundle():
fs_store = stix2.FileSystemStore(FS_PATH, bundlify=True) fs_store = misp_lib_stix2.FileSystemStore(FS_PATH, bundlify=True)
camp1 = stix2.v20.Campaign( camp1 = misp_lib_stix2.v20.Campaign(
name="Great Heathen Army", name="Great Heathen Army",
objective="Targeting the government of United Kingdom and insitutions affiliated with the Church Of England", objective="Targeting the government of United Kingdom and insitutions affiliated with the Church Of England",
aliases=["Ragnar"], aliases=["Ragnar"],
@ -566,7 +566,7 @@ def test_filesystem_store_add_as_bundle():
def test_filesystem_add_bundle_object(fs_store): def test_filesystem_add_bundle_object(fs_store):
bundle = stix2.v20.Bundle() bundle = misp_lib_stix2.v20.Bundle()
fs_store.add(bundle) fs_store.add(bundle)
@ -581,11 +581,11 @@ def test_filesystem_store_add_invalid_object(fs_store):
def test_filesystem_store_add_marking(fs_store): def test_filesystem_store_add_marking(fs_store):
marking = stix2.v20.MarkingDefinition( marking = misp_lib_stix2.v20.MarkingDefinition(
id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da", id="marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
created="2017-01-20T00:00:00.000Z", created="2017-01-20T00:00:00.000Z",
definition_type="tlp", definition_type="tlp",
definition=stix2.v20.TLPMarking(tlp="green"), definition=misp_lib_stix2.v20.TLPMarking(tlp="green"),
) )
fs_store.add(marking) fs_store.add(marking)
@ -603,7 +603,7 @@ def test_filesystem_store_add_marking(fs_store):
def test_filesystem_object_with_custom_property(fs_store): def test_filesystem_object_with_custom_property(fs_store):
camp = stix2.v20.Campaign( camp = misp_lib_stix2.v20.Campaign(
name="Scipio Africanus", name="Scipio Africanus",
objective="Defeat the Carthaginians", objective="Defeat the Carthaginians",
x_empire="Roman", x_empire="Roman",
@ -618,14 +618,14 @@ def test_filesystem_object_with_custom_property(fs_store):
def test_filesystem_object_with_custom_property_in_bundle(fs_store): def test_filesystem_object_with_custom_property_in_bundle(fs_store):
camp = stix2.v20.Campaign( camp = misp_lib_stix2.v20.Campaign(
name="Scipio Africanus", name="Scipio Africanus",
objective="Defeat the Carthaginians", objective="Defeat the Carthaginians",
x_empire="Roman", x_empire="Roman",
allow_custom=True, allow_custom=True,
) )
bundle = stix2.v20.Bundle(camp, allow_custom=True) bundle = misp_lib_stix2.v20.Bundle(camp, allow_custom=True)
fs_store.add(bundle) fs_store.add(bundle)
camp_r = fs_store.get(camp.id) camp_r = fs_store.get(camp.id)
@ -654,9 +654,9 @@ def test_filesystem_custom_object_dict(fs_store):
def test_filesystem_custom_object(fs_store): def test_filesystem_custom_object(fs_store):
@stix2.v20.CustomObject( @misp_lib_stix2.v20.CustomObject(
'x-new-obj-2', [ 'x-new-obj-2', [
('property1', stix2.properties.StringProperty(required=True)), ('property1', misp_lib_stix2.properties.StringProperty(required=True)),
], ],
) )
class NewObj(): class NewObj():
@ -775,7 +775,7 @@ def test_auth_set_black1():
def test_optimize_types1(): def test_optimize_types1():
filters = [ filters = [
stix2.Filter("type", "=", "foo"), misp_lib_stix2.Filter("type", "=", "foo"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -788,8 +788,8 @@ def test_optimize_types1():
def test_optimize_types2(): def test_optimize_types2():
filters = [ filters = [
stix2.Filter("type", "=", "foo"), misp_lib_stix2.Filter("type", "=", "foo"),
stix2.Filter("type", "=", "bar"), misp_lib_stix2.Filter("type", "=", "bar"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -802,8 +802,8 @@ def test_optimize_types2():
def test_optimize_types3(): def test_optimize_types3():
filters = [ filters = [
stix2.Filter("type", "in", ["A", "B", "C"]), misp_lib_stix2.Filter("type", "in", ["A", "B", "C"]),
stix2.Filter("type", "in", ["B", "C", "D"]), misp_lib_stix2.Filter("type", "in", ["B", "C", "D"]),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -816,8 +816,8 @@ def test_optimize_types3():
def test_optimize_types4(): def test_optimize_types4():
filters = [ filters = [
stix2.Filter("type", "in", ["A", "B", "C"]), misp_lib_stix2.Filter("type", "in", ["A", "B", "C"]),
stix2.Filter("type", "in", ["D", "E", "F"]), misp_lib_stix2.Filter("type", "in", ["D", "E", "F"]),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -830,8 +830,8 @@ def test_optimize_types4():
def test_optimize_types5(): def test_optimize_types5():
filters = [ filters = [
stix2.Filter("type", "in", ["foo", "bar"]), misp_lib_stix2.Filter("type", "in", ["foo", "bar"]),
stix2.Filter("type", "!=", "bar"), misp_lib_stix2.Filter("type", "!=", "bar"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -844,8 +844,8 @@ def test_optimize_types5():
def test_optimize_types6(): def test_optimize_types6():
filters = [ filters = [
stix2.Filter("type", "!=", "foo"), misp_lib_stix2.Filter("type", "!=", "foo"),
stix2.Filter("type", "!=", "bar"), misp_lib_stix2.Filter("type", "!=", "bar"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -858,8 +858,8 @@ def test_optimize_types6():
def test_optimize_types7(): def test_optimize_types7():
filters = [ filters = [
stix2.Filter("type", "=", "foo"), misp_lib_stix2.Filter("type", "=", "foo"),
stix2.Filter("type", "!=", "foo"), misp_lib_stix2.Filter("type", "!=", "foo"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -883,8 +883,8 @@ def test_optimize_types8():
def test_optimize_types_ids1(): def test_optimize_types_ids1():
filters = [ filters = [
stix2.Filter("type", "in", ["foo", "bar"]), misp_lib_stix2.Filter("type", "in", ["foo", "bar"]),
stix2.Filter("id", "=", "foo--00000000-0000-0000-0000-000000000000"), misp_lib_stix2.Filter("id", "=", "foo--00000000-0000-0000-0000-000000000000"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -897,8 +897,8 @@ def test_optimize_types_ids1():
def test_optimize_types_ids2(): def test_optimize_types_ids2():
filters = [ filters = [
stix2.Filter("type", "=", "foo"), misp_lib_stix2.Filter("type", "=", "foo"),
stix2.Filter("id", "=", "bar--00000000-0000-0000-0000-000000000000"), misp_lib_stix2.Filter("id", "=", "bar--00000000-0000-0000-0000-000000000000"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -911,8 +911,8 @@ def test_optimize_types_ids2():
def test_optimize_types_ids3(): def test_optimize_types_ids3():
filters = [ filters = [
stix2.Filter("type", "in", ["foo", "bar"]), misp_lib_stix2.Filter("type", "in", ["foo", "bar"]),
stix2.Filter("id", "!=", "bar--00000000-0000-0000-0000-000000000000"), misp_lib_stix2.Filter("id", "!=", "bar--00000000-0000-0000-0000-000000000000"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -925,8 +925,8 @@ def test_optimize_types_ids3():
def test_optimize_types_ids4(): def test_optimize_types_ids4():
filters = [ filters = [
stix2.Filter("type", "in", ["A", "B", "C"]), misp_lib_stix2.Filter("type", "in", ["A", "B", "C"]),
stix2.Filter( misp_lib_stix2.Filter(
"id", "in", [ "id", "in", [
"B--00000000-0000-0000-0000-000000000000", "B--00000000-0000-0000-0000-000000000000",
"C--00000000-0000-0000-0000-000000000000", "C--00000000-0000-0000-0000-000000000000",
@ -948,16 +948,16 @@ def test_optimize_types_ids4():
def test_optimize_types_ids5(): def test_optimize_types_ids5():
filters = [ filters = [
stix2.Filter("type", "in", ["A", "B", "C"]), misp_lib_stix2.Filter("type", "in", ["A", "B", "C"]),
stix2.Filter("type", "!=", "C"), misp_lib_stix2.Filter("type", "!=", "C"),
stix2.Filter( misp_lib_stix2.Filter(
"id", "in", [ "id", "in", [
"B--00000000-0000-0000-0000-000000000000", "B--00000000-0000-0000-0000-000000000000",
"C--00000000-0000-0000-0000-000000000000", "C--00000000-0000-0000-0000-000000000000",
"D--00000000-0000-0000-0000-000000000000", "D--00000000-0000-0000-0000-000000000000",
], ],
), ),
stix2.Filter("id", "!=", "D--00000000-0000-0000-0000-000000000000"), misp_lib_stix2.Filter("id", "!=", "D--00000000-0000-0000-0000-000000000000"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)
@ -970,7 +970,7 @@ def test_optimize_types_ids5():
def test_optimize_types_ids6(): def test_optimize_types_ids6():
filters = [ filters = [
stix2.Filter("id", "=", "A--00000000-0000-0000-0000-000000000000"), misp_lib_stix2.Filter("id", "=", "A--00000000-0000-0000-0000-000000000000"),
] ]
auth_types, auth_ids = _find_search_optimizations(filters) auth_types, auth_ids = _find_search_optimizations(filters)

6
stix2/test/v20/test_datastore_filters.py → misp_lib_stix2/test/v20/test_datastore_filters.py
View File

@ -1,8 +1,8 @@
import pytest import pytest
from stix2 import parse from misp_lib_stix2 import parse
from stix2.datastore.filters import Filter, apply_common_filters from misp_lib_stix2.datastore.filters import Filter, apply_common_filters
from stix2.utils import STIXdatetime, parse_into_datetime from misp_lib_stix2.utils import STIXdatetime, parse_into_datetime
stix_objs = [ stix_objs = [
{ {

8
stix2/test/v20/test_datastore_memory.py → misp_lib_stix2/test/v20/test_datastore_memory.py
View File

@ -3,10 +3,10 @@ import shutil
import pytest import pytest
from stix2 import Filter, MemorySource, MemoryStore, properties from misp_lib_stix2 import Filter, MemorySource, MemoryStore, properties
from stix2.datastore import make_id from misp_lib_stix2.datastore import make_id
from stix2.utils import parse_into_datetime from misp_lib_stix2.utils import parse_into_datetime
from stix2.v20 import ( from misp_lib_stix2.v20 import (
Bundle, Campaign, CustomObject, Identity, Indicator, Malware, Relationship, Bundle, Campaign, CustomObject, Identity, Indicator, Malware, Relationship,
) )

62
stix2/test/v20/test_datastore_taxii.py → misp_lib_stix2/test/v20/test_datastore_taxii.py
View File

@ -6,10 +6,10 @@ from requests.models import Response
from taxii2client.common import _filter_kwargs_to_query_params from taxii2client.common import _filter_kwargs_to_query_params
from taxii2client.v20 import MEDIA_TYPE_STIX_V20, Collection from taxii2client.v20 import MEDIA_TYPE_STIX_V20, Collection
import stix2 import misp_lib_stix2
from stix2.datastore import DataSourceError from misp_lib_stix2.datastore import DataSourceError
from stix2.datastore.filters import Filter from misp_lib_stix2.datastore.filters import Filter
from stix2.utils import get_timestamp from misp_lib_stix2.utils import get_timestamp
COLLECTION_URL = 'https://example.com/api1/collections/91a7b528-80eb-42ed-a74d-c6fbd5a26116/' COLLECTION_URL = 'https://example.com/api1/collections/91a7b528-80eb-42ed-a74d-c6fbd5a26116/'
@ -55,7 +55,7 @@ class MockTAXIICollectionEndpoint(Collection):
resp.status_code = 200 resp.status_code = 200
resp.headers["Content-Range"] = f"items 0-{len(objs)}/{len(objs)}" resp.headers["Content-Range"] = f"items 0-{len(objs)}/{len(objs)}"
resp.encoding = "utf-8" resp.encoding = "utf-8"
resp._content = bytes(stix2.v20.Bundle(objects=objs).serialize(ensure_ascii=False), resp.encoding) resp._content = bytes(misp_lib_stix2.v20.Bundle(objects=objs).serialize(ensure_ascii=False), resp.encoding)
return resp return resp
else: else:
resp = Response() resp = Response()
@ -80,7 +80,7 @@ class MockTAXIICollectionEndpoint(Collection):
else: else:
filtered_objects = [] filtered_objects = []
if filtered_objects: if filtered_objects:
return stix2.v20.Bundle(objects=filtered_objects) return misp_lib_stix2.v20.Bundle(objects=filtered_objects)
else: else:
resp = Response() resp = Response()
resp.status_code = 404 resp.status_code = 404
@ -128,15 +128,15 @@ def collection_no_rw_access(stix_objs1, stix_objs1_manifests):
def test_ds_taxii(collection): def test_ds_taxii(collection):
ds = stix2.TAXIICollectionSource(collection) ds = misp_lib_stix2.TAXIICollectionSource(collection)
assert ds.collection is not None assert ds.collection is not None
def test_add_stix2_object(collection): def test_add_stix2_object(collection):
tc_sink = stix2.TAXIICollectionSink(collection) tc_sink = misp_lib_stix2.TAXIICollectionSink(collection)
# create new STIX threat-actor # create new STIX threat-actor
ta = stix2.v20.ThreatActor( ta = misp_lib_stix2.v20.ThreatActor(
name="Teddy Bear", name="Teddy Bear",
labels=["nation-state"], labels=["nation-state"],
sophistication="innovator", sophistication="innovator",
@ -151,10 +151,10 @@ def test_add_stix2_object(collection):
def test_add_stix2_with_custom_object(collection): def test_add_stix2_with_custom_object(collection):
tc_sink = stix2.TAXIICollectionStore(collection, allow_custom=True) tc_sink = misp_lib_stix2.TAXIICollectionStore(collection, allow_custom=True)
# create new STIX threat-actor # create new STIX threat-actor
ta = stix2.v20.ThreatActor( ta = misp_lib_stix2.v20.ThreatActor(
name="Teddy Bear", name="Teddy Bear",
labels=["nation-state"], labels=["nation-state"],
sophistication="innovator", sophistication="innovator",
@ -171,10 +171,10 @@ def test_add_stix2_with_custom_object(collection):
def test_add_list_object(collection, indicator): def test_add_list_object(collection, indicator):
tc_sink = stix2.TAXIICollectionSink(collection) tc_sink = misp_lib_stix2.TAXIICollectionSink(collection)
# create new STIX threat-actor # create new STIX threat-actor
ta = stix2.v20.ThreatActor( ta = misp_lib_stix2.v20.ThreatActor(
name="Teddy Bear", name="Teddy Bear",
labels=["nation-state"], labels=["nation-state"],
sophistication="innovator", sophistication="innovator",
@ -189,24 +189,24 @@ def test_add_list_object(collection, indicator):
def test_get_object_found(collection): def test_get_object_found(collection):
tc_source = stix2.TAXIICollectionSource(collection) tc_source = misp_lib_stix2.TAXIICollectionSource(collection)
result = tc_source.query([ result = tc_source.query([
stix2.Filter("id", "=", "indicator--00000000-0000-4000-8000-000000000001"), misp_lib_stix2.Filter("id", "=", "indicator--00000000-0000-4000-8000-000000000001"),
]) ])
assert result assert result
def test_get_object_not_found(collection): def test_get_object_not_found(collection):
tc_source = stix2.TAXIICollectionSource(collection) tc_source = misp_lib_stix2.TAXIICollectionSource(collection)
result = tc_source.get("indicator--00000000-0000-4000-8000-000000000005") result = tc_source.get("indicator--00000000-0000-4000-8000-000000000005")
assert result is None assert result is None
def test_add_stix2_bundle_object(collection): def test_add_stix2_bundle_object(collection):
tc_sink = stix2.TAXIICollectionSink(collection) tc_sink = misp_lib_stix2.TAXIICollectionSink(collection)
# create new STIX threat-actor # create new STIX threat-actor
ta = stix2.v20.ThreatActor( ta = misp_lib_stix2.v20.ThreatActor(
name="Teddy Bear", name="Teddy Bear",
labels=["nation-state"], labels=["nation-state"],
sophistication="innovator", sophistication="innovator",
@ -217,11 +217,11 @@ def test_add_stix2_bundle_object(collection):
], ],
) )
tc_sink.add(stix2.v20.Bundle(objects=[ta])) tc_sink.add(misp_lib_stix2.v20.Bundle(objects=[ta]))
def test_add_str_object(collection): def test_add_str_object(collection):
tc_sink = stix2.TAXIICollectionSink(collection) tc_sink = misp_lib_stix2.TAXIICollectionSink(collection)
# create new STIX threat-actor # create new STIX threat-actor
ta = """{ ta = """{
@ -245,7 +245,7 @@ def test_add_str_object(collection):
def test_add_dict_object(collection): def test_add_dict_object(collection):
tc_sink = stix2.TAXIICollectionSink(collection) tc_sink = misp_lib_stix2.TAXIICollectionSink(collection)
ta = { ta = {
"type": "threat-actor", "type": "threat-actor",
@ -268,7 +268,7 @@ def test_add_dict_object(collection):
def test_add_dict_bundle_object(collection): def test_add_dict_bundle_object(collection):
tc_sink = stix2.TAXIICollectionSink(collection) tc_sink = misp_lib_stix2.TAXIICollectionSink(collection)
ta = { ta = {
"type": "bundle", "type": "bundle",
@ -297,7 +297,7 @@ def test_add_dict_bundle_object(collection):
def test_get_stix2_object(collection): def test_get_stix2_object(collection):
tc_sink = stix2.TAXIICollectionSource(collection) tc_sink = misp_lib_stix2.TAXIICollectionSource(collection)
objects = tc_sink.get("indicator--00000000-0000-4000-8000-000000000001") objects = tc_sink.get("indicator--00000000-0000-4000-8000-000000000001")
@ -320,7 +320,7 @@ def test_parse_taxii_filters(collection):
Filter("version", "=", "first"), Filter("version", "=", "first"),
] ]
ds = stix2.TAXIICollectionSource(collection) ds = misp_lib_stix2.TAXIICollectionSource(collection)
taxii_filters = ds._parse_taxii_filters(query) taxii_filters = ds._parse_taxii_filters(query)
@ -328,7 +328,7 @@ def test_parse_taxii_filters(collection):
def test_add_get_remove_filter(collection): def test_add_get_remove_filter(collection):
ds = stix2.TAXIICollectionSource(collection) ds = misp_lib_stix2.TAXIICollectionSource(collection)
# First 3 filters are valid, remaining properties are erroneous in some way # First 3 filters are valid, remaining properties are erroneous in some way
valid_filters = [ valid_filters = [
@ -364,7 +364,7 @@ def test_add_get_remove_filter(collection):
def test_get_all_versions(collection): def test_get_all_versions(collection):
ds = stix2.TAXIICollectionStore(collection) ds = misp_lib_stix2.TAXIICollectionStore(collection)
indicators = ds.all_versions('indicator--00000000-0000-4000-8000-000000000001') indicators = ds.all_versions('indicator--00000000-0000-4000-8000-000000000001')
# There are 3 indicators but 2 share the same 'modified' timestamp # There are 3 indicators but 2 share the same 'modified' timestamp
@ -376,7 +376,7 @@ def test_can_read_error(collection_no_rw_access):
instance that does not have read access, check ValueError exception is raised""" instance that does not have read access, check ValueError exception is raised"""
with pytest.raises(DataSourceError) as excinfo: with pytest.raises(DataSourceError) as excinfo:
stix2.TAXIICollectionSource(collection_no_rw_access) misp_lib_stix2.TAXIICollectionSource(collection_no_rw_access)
assert "Collection object provided does not have read access" in str(excinfo.value) assert "Collection object provided does not have read access" in str(excinfo.value)
@ -385,7 +385,7 @@ def test_can_write_error(collection_no_rw_access):
instance that does not have write access, check ValueError exception is raised""" instance that does not have write access, check ValueError exception is raised"""
with pytest.raises(DataSourceError) as excinfo: with pytest.raises(DataSourceError) as excinfo:
stix2.TAXIICollectionSink(collection_no_rw_access) misp_lib_stix2.TAXIICollectionSink(collection_no_rw_access)
assert "Collection object provided does not have write access" in str(excinfo.value) assert "Collection object provided does not have write access" in str(excinfo.value)
@ -406,7 +406,7 @@ def test_get_404():
resp.status_code = 404 resp.status_code = 404
resp.raise_for_status() resp.raise_for_status()
ds = stix2.TAXIICollectionSource(TAXIICollection404()) ds = misp_lib_stix2.TAXIICollectionSource(TAXIICollection404())
# this will raise 404 from mock TAXII Client but TAXIICollectionStore # this will raise 404 from mock TAXII Client but TAXIICollectionStore
# should handle gracefully and return None # should handle gracefully and return None
@ -418,7 +418,7 @@ def test_all_versions_404(collection):
""" a TAXIICollectionSource.all_version() call that recieves an HTTP 404 """ a TAXIICollectionSource.all_version() call that recieves an HTTP 404
response code from the taxii2client should be returned as an exception""" response code from the taxii2client should be returned as an exception"""
ds = stix2.TAXIICollectionStore(collection) ds = misp_lib_stix2.TAXIICollectionStore(collection)
with pytest.raises(DataSourceError) as excinfo: with pytest.raises(DataSourceError) as excinfo:
ds.all_versions("indicator--1") ds.all_versions("indicator--1")
@ -430,7 +430,7 @@ def test_query_404(collection):
""" a TAXIICollectionSource.query() call that recieves an HTTP 404 """ a TAXIICollectionSource.query() call that recieves an HTTP 404
response code from the taxii2client should be returned as an exception""" response code from the taxii2client should be returned as an exception"""
ds = stix2.TAXIICollectionStore(collection) ds = misp_lib_stix2.TAXIICollectionStore(collection)
query = [Filter("type", "=", "malware")] query = [Filter("type", "=", "malware")]
with pytest.raises(DataSourceError) as excinfo: with pytest.raises(DataSourceError) as excinfo:

240
stix2/test/v20/test_environment.py → misp_lib_stix2/test/v20/test_environment.py
View File

@ -3,9 +3,9 @@ import os
import pytest import pytest
import stix2 import misp_lib_stix2
import stix2.equivalence.graph import misp_lib_stix2.equivalence.graph
import stix2.equivalence.object import misp_lib_stix2.equivalence.object
from .constants import ( from .constants import (
CAMPAIGN_ID, CAMPAIGN_KWARGS, FAKE_TIME, IDENTITY_ID, IDENTITY_KWARGS, CAMPAIGN_ID, CAMPAIGN_KWARGS, FAKE_TIME, IDENTITY_ID, IDENTITY_KWARGS,
@ -18,46 +18,46 @@ FS_PATH = os.path.join(os.path.dirname(os.path.realpath(__file__)), "stix2_data"
@pytest.fixture @pytest.fixture
def ds(): def ds():
cam = stix2.v20.Campaign(id=CAMPAIGN_ID, **CAMPAIGN_KWARGS) cam = misp_lib_stix2.v20.Campaign(id=CAMPAIGN_ID, **CAMPAIGN_KWARGS)
idy = stix2.v20.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS) idy = misp_lib_stix2.v20.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS)
ind = stix2.v20.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS) ind = misp_lib_stix2.v20.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS)
mal = stix2.v20.Malware(id=MALWARE_ID, **MALWARE_KWARGS) mal = misp_lib_stix2.v20.Malware(id=MALWARE_ID, **MALWARE_KWARGS)
rel1 = stix2.v20.Relationship(ind, 'indicates', mal, id=RELATIONSHIP_IDS[0]) rel1 = misp_lib_stix2.v20.Relationship(ind, 'indicates', mal, id=RELATIONSHIP_IDS[0])
rel2 = stix2.v20.Relationship(mal, 'targets', idy, id=RELATIONSHIP_IDS[1]) rel2 = misp_lib_stix2.v20.Relationship(mal, 'targets', idy, id=RELATIONSHIP_IDS[1])
rel3 = stix2.v20.Relationship(cam, 'uses', mal, id=RELATIONSHIP_IDS[2]) rel3 = misp_lib_stix2.v20.Relationship(cam, 'uses', mal, id=RELATIONSHIP_IDS[2])
reprt = stix2.v20.Report( reprt = misp_lib_stix2.v20.Report(
name="Malware Report", name="Malware Report",
published="2021-05-09T08:22:22Z", published="2021-05-09T08:22:22Z",
labels=["campaign"], labels=["campaign"],
object_refs=[mal.id, rel1.id, ind.id], object_refs=[mal.id, rel1.id, ind.id],
) )
stix_objs = [cam, idy, ind, mal, rel1, rel2, rel3, reprt] stix_objs = [cam, idy, ind, mal, rel1, rel2, rel3, reprt]
yield stix2.MemoryStore(stix_objs) yield misp_lib_stix2.MemoryStore(stix_objs)
@pytest.fixture @pytest.fixture
def ds2(): def ds2():
cam = stix2.v20.Campaign(id=CAMPAIGN_ID, **CAMPAIGN_KWARGS) cam = misp_lib_stix2.v20.Campaign(id=CAMPAIGN_ID, **CAMPAIGN_KWARGS)
idy = stix2.v20.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS) idy = misp_lib_stix2.v20.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS)
ind = stix2.v20.Indicator(id=INDICATOR_ID, created_by_ref=idy.id, **INDICATOR_KWARGS) ind = misp_lib_stix2.v20.Indicator(id=INDICATOR_ID, created_by_ref=idy.id, **INDICATOR_KWARGS)
indv2 = ind.new_version( indv2 = ind.new_version(
external_references=[{ external_references=[{
"source_name": "unknown", "source_name": "unknown",
"url": "https://examplewebsite.com/", "url": "https://examplewebsite.com/",
}], }],
) )
mal = stix2.v20.Malware(id=MALWARE_ID, created_by_ref=idy.id, **MALWARE_KWARGS) mal = misp_lib_stix2.v20.Malware(id=MALWARE_ID, created_by_ref=idy.id, **MALWARE_KWARGS)
malv2 = mal.new_version( malv2 = mal.new_version(
external_references=[{ external_references=[{
"source_name": "unknown", "source_name": "unknown",
"url": "https://examplewebsite2.com/", "url": "https://examplewebsite2.com/",
}], }],
) )
rel1 = stix2.v20.Relationship(ind, 'indicates', mal, id=RELATIONSHIP_IDS[0]) rel1 = misp_lib_stix2.v20.Relationship(ind, 'indicates', mal, id=RELATIONSHIP_IDS[0])
rel2 = stix2.v20.Relationship(mal, 'targets', idy, id=RELATIONSHIP_IDS[1]) rel2 = misp_lib_stix2.v20.Relationship(mal, 'targets', idy, id=RELATIONSHIP_IDS[1])
rel3 = stix2.v20.Relationship(cam, 'uses', mal, id=RELATIONSHIP_IDS[2]) rel3 = misp_lib_stix2.v20.Relationship(cam, 'uses', mal, id=RELATIONSHIP_IDS[2])
stix_objs = [cam, idy, ind, indv2, mal, malv2, rel1, rel2, rel3] stix_objs = [cam, idy, ind, indv2, mal, malv2, rel1, rel2, rel3]
reprt = stix2.v20.Report( reprt = misp_lib_stix2.v20.Report(
created_by_ref=idy.id, created_by_ref=idy.id,
name="example", name="example",
labels=["campaign"], labels=["campaign"],
@ -65,115 +65,115 @@ def ds2():
object_refs=stix_objs, object_refs=stix_objs,
) )
stix_objs.append(reprt) stix_objs.append(reprt)
yield stix2.MemoryStore(stix_objs) yield misp_lib_stix2.MemoryStore(stix_objs)
@pytest.fixture @pytest.fixture
def fs(): def fs():
yield stix2.FileSystemSource(FS_PATH) yield misp_lib_stix2.FileSystemSource(FS_PATH)
def test_object_factory_created_by_ref_str(): def test_object_factory_created_by_ref_str():
factory = stix2.ObjectFactory(created_by_ref=IDENTITY_ID) factory = misp_lib_stix2.ObjectFactory(created_by_ref=IDENTITY_ID)
ind = factory.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
assert ind.created_by_ref == IDENTITY_ID assert ind.created_by_ref == IDENTITY_ID
def test_object_factory_created_by_ref_obj(): def test_object_factory_created_by_ref_obj():
id_obj = stix2.v20.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS) id_obj = misp_lib_stix2.v20.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS)
factory = stix2.ObjectFactory(created_by_ref=id_obj) factory = misp_lib_stix2.ObjectFactory(created_by_ref=id_obj)
ind = factory.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
assert ind.created_by_ref == IDENTITY_ID assert ind.created_by_ref == IDENTITY_ID
def test_object_factory_override_default(): def test_object_factory_override_default():
factory = stix2.ObjectFactory(created_by_ref=IDENTITY_ID) factory = misp_lib_stix2.ObjectFactory(created_by_ref=IDENTITY_ID)
new_id = "identity--983b3172-44fe-4a80-8091-eb8098841fe8" new_id = "identity--983b3172-44fe-4a80-8091-eb8098841fe8"
ind = factory.create(stix2.v20.Indicator, created_by_ref=new_id, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, created_by_ref=new_id, **INDICATOR_KWARGS)
assert ind.created_by_ref == new_id assert ind.created_by_ref == new_id
def test_object_factory_created(): def test_object_factory_created():
factory = stix2.ObjectFactory(created=FAKE_TIME) factory = misp_lib_stix2.ObjectFactory(created=FAKE_TIME)
ind = factory.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
assert ind.created == FAKE_TIME assert ind.created == FAKE_TIME
assert ind.modified == FAKE_TIME assert ind.modified == FAKE_TIME
def test_object_factory_external_reference(): def test_object_factory_external_reference():
ext_ref = stix2.v20.ExternalReference( ext_ref = misp_lib_stix2.v20.ExternalReference(
source_name="ACME Threat Intel", source_name="ACME Threat Intel",
description="Threat report", description="Threat report",
) )
factory = stix2.ObjectFactory(external_references=ext_ref) factory = misp_lib_stix2.ObjectFactory(external_references=ext_ref)
ind = factory.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
assert ind.external_references[0].source_name == "ACME Threat Intel" assert ind.external_references[0].source_name == "ACME Threat Intel"
assert ind.external_references[0].description == "Threat report" assert ind.external_references[0].description == "Threat report"
ind2 = factory.create(stix2.v20.Indicator, external_references=None, **INDICATOR_KWARGS) ind2 = factory.create(misp_lib_stix2.v20.Indicator, external_references=None, **INDICATOR_KWARGS)
assert 'external_references' not in ind2 assert 'external_references' not in ind2
def test_object_factory_obj_markings(): def test_object_factory_obj_markings():
stmt_marking = stix2.v20.StatementMarking("Copyright 2016, Example Corp") stmt_marking = misp_lib_stix2.v20.StatementMarking("Copyright 2016, Example Corp")
mark_def = stix2.v20.MarkingDefinition( mark_def = misp_lib_stix2.v20.MarkingDefinition(
definition_type="statement", definition_type="statement",
definition=stmt_marking, definition=stmt_marking,
) )
factory = stix2.ObjectFactory(object_marking_refs=[mark_def, stix2.v20.TLP_AMBER]) factory = misp_lib_stix2.ObjectFactory(object_marking_refs=[mark_def, misp_lib_stix2.v20.TLP_AMBER])
ind = factory.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
assert mark_def.id in ind.object_marking_refs assert mark_def.id in ind.object_marking_refs
assert stix2.v20.TLP_AMBER.id in ind.object_marking_refs assert misp_lib_stix2.v20.TLP_AMBER.id in ind.object_marking_refs
factory = stix2.ObjectFactory(object_marking_refs=stix2.v20.TLP_RED) factory = misp_lib_stix2.ObjectFactory(object_marking_refs=misp_lib_stix2.v20.TLP_RED)
ind = factory.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
assert stix2.v20.TLP_RED.id in ind.object_marking_refs assert misp_lib_stix2.v20.TLP_RED.id in ind.object_marking_refs
def test_object_factory_list_append(): def test_object_factory_list_append():
ext_ref = stix2.v20.ExternalReference( ext_ref = misp_lib_stix2.v20.ExternalReference(
source_name="ACME Threat Intel", source_name="ACME Threat Intel",
description="Threat report from ACME", description="Threat report from ACME",
) )
ext_ref2 = stix2.v20.ExternalReference( ext_ref2 = misp_lib_stix2.v20.ExternalReference(
source_name="Yet Another Threat Report", source_name="Yet Another Threat Report",
description="Threat report from YATR", description="Threat report from YATR",
) )
ext_ref3 = stix2.v20.ExternalReference( ext_ref3 = misp_lib_stix2.v20.ExternalReference(
source_name="Threat Report #3", source_name="Threat Report #3",
description="One more threat report", description="One more threat report",
) )
factory = stix2.ObjectFactory(external_references=ext_ref) factory = misp_lib_stix2.ObjectFactory(external_references=ext_ref)
ind = factory.create(stix2.v20.Indicator, external_references=ext_ref2, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, external_references=ext_ref2, **INDICATOR_KWARGS)
assert ind.external_references[1].source_name == "Yet Another Threat Report" assert ind.external_references[1].source_name == "Yet Another Threat Report"
ind = factory.create(stix2.v20.Indicator, external_references=[ext_ref2, ext_ref3], **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, external_references=[ext_ref2, ext_ref3], **INDICATOR_KWARGS)
assert ind.external_references[2].source_name == "Threat Report #3" assert ind.external_references[2].source_name == "Threat Report #3"
def test_object_factory_list_replace(): def test_object_factory_list_replace():
ext_ref = stix2.v20.ExternalReference( ext_ref = misp_lib_stix2.v20.ExternalReference(
source_name="ACME Threat Intel", source_name="ACME Threat Intel",
description="Threat report from ACME", description="Threat report from ACME",
) )
ext_ref2 = stix2.v20.ExternalReference( ext_ref2 = misp_lib_stix2.v20.ExternalReference(
source_name="Yet Another Threat Report", source_name="Yet Another Threat Report",
description="Threat report from YATR", description="Threat report from YATR",
) )
factory = stix2.ObjectFactory(external_references=ext_ref, list_append=False) factory = misp_lib_stix2.ObjectFactory(external_references=ext_ref, list_append=False)
ind = factory.create(stix2.v20.Indicator, external_references=ext_ref2, **INDICATOR_KWARGS) ind = factory.create(misp_lib_stix2.v20.Indicator, external_references=ext_ref2, **INDICATOR_KWARGS)
assert len(ind.external_references) == 1 assert len(ind.external_references) == 1
assert ind.external_references[0].source_name == "Yet Another Threat Report" assert ind.external_references[0].source_name == "Yet Another Threat Report"
def test_environment_functions(): def test_environment_functions():
env = stix2.Environment( env = misp_lib_stix2.Environment(
stix2.ObjectFactory(created_by_ref=IDENTITY_ID), misp_lib_stix2.ObjectFactory(created_by_ref=IDENTITY_ID),
stix2.MemoryStore(), misp_lib_stix2.MemoryStore(),
) )
# Create a STIX object # Create a STIX object
ind = env.create(stix2.v20.Indicator, id=INDICATOR_ID, **INDICATOR_KWARGS) ind = env.create(misp_lib_stix2.v20.Indicator, id=INDICATOR_ID, **INDICATOR_KWARGS)
assert ind.created_by_ref == IDENTITY_ID assert ind.created_by_ref == IDENTITY_ID
# Add objects to datastore # Add objects to datastore
@ -189,40 +189,40 @@ def test_environment_functions():
assert resp['labels'][0] == 'benign' assert resp['labels'][0] == 'benign'
# Search on something other than id # Search on something other than id
query = [stix2.Filter('type', '=', 'vulnerability')] query = [misp_lib_stix2.Filter('type', '=', 'vulnerability')]
resp = env.query(query) resp = env.query(query)
assert len(resp) == 0 assert len(resp) == 0
# See different results after adding filters to the environment # See different results after adding filters to the environment
env.add_filters([ env.add_filters([
stix2.Filter('type', '=', 'indicator'), misp_lib_stix2.Filter('type', '=', 'indicator'),
stix2.Filter('created_by_ref', '=', IDENTITY_ID), misp_lib_stix2.Filter('created_by_ref', '=', IDENTITY_ID),
]) ])
env.add_filter(stix2.Filter('labels', '=', 'benign')) # should be 'malicious-activity' env.add_filter(misp_lib_stix2.Filter('labels', '=', 'benign')) # should be 'malicious-activity'
resp = env.get(INDICATOR_ID) resp = env.get(INDICATOR_ID)
assert resp['labels'][0] == 'benign' # should be 'malicious-activity' assert resp['labels'][0] == 'benign' # should be 'malicious-activity'
def test_environment_source_and_sink(): def test_environment_source_and_sink():
ind = stix2.v20.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS) ind = misp_lib_stix2.v20.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS)
env = stix2.Environment(source=stix2.MemorySource([ind]), sink=stix2.MemorySink([ind])) env = misp_lib_stix2.Environment(source=misp_lib_stix2.MemorySource([ind]), sink=misp_lib_stix2.MemorySink([ind]))
assert env.get(INDICATOR_ID).labels[0] == 'malicious-activity' assert env.get(INDICATOR_ID).labels[0] == 'malicious-activity'
def test_environment_datastore_and_sink(): def test_environment_datastore_and_sink():
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
stix2.Environment( misp_lib_stix2.Environment(
factory=stix2.ObjectFactory(), factory=misp_lib_stix2.ObjectFactory(),
store=stix2.MemoryStore(), sink=stix2.MemorySink, store=misp_lib_stix2.MemoryStore(), sink=misp_lib_stix2.MemorySink,
) )
assert 'Data store already provided' in str(excinfo.value) assert 'Data store already provided' in str(excinfo.value)
def test_environment_no_datastore(): def test_environment_no_datastore():
env = stix2.Environment(factory=stix2.ObjectFactory()) env = misp_lib_stix2.Environment(factory=misp_lib_stix2.ObjectFactory())
with pytest.raises(AttributeError) as excinfo: with pytest.raises(AttributeError) as excinfo:
env.add(stix2.v20.Indicator(**INDICATOR_KWARGS)) env.add(misp_lib_stix2.v20.Indicator(**INDICATOR_KWARGS))
assert 'Environment has no data sink to put objects in' in str(excinfo.value) assert 'Environment has no data sink to put objects in' in str(excinfo.value)
with pytest.raises(AttributeError) as excinfo: with pytest.raises(AttributeError) as excinfo:
@ -247,20 +247,20 @@ def test_environment_no_datastore():
def test_environment_add_filters(): def test_environment_add_filters():
env = stix2.Environment(factory=stix2.ObjectFactory()) env = misp_lib_stix2.Environment(factory=misp_lib_stix2.ObjectFactory())
env.add_filters([INDICATOR_ID]) env.add_filters([INDICATOR_ID])
env.add_filter(INDICATOR_ID) env.add_filter(INDICATOR_ID)
def test_environment_datastore_and_no_object_factory(): def test_environment_datastore_and_no_object_factory():
# Uses a default object factory # Uses a default object factory
env = stix2.Environment(store=stix2.MemoryStore()) env = misp_lib_stix2.Environment(store=misp_lib_stix2.MemoryStore())
ind = env.create(stix2.v20.Indicator, id=INDICATOR_ID, **INDICATOR_KWARGS) ind = env.create(misp_lib_stix2.v20.Indicator, id=INDICATOR_ID, **INDICATOR_KWARGS)
assert ind.id == INDICATOR_ID assert ind.id == INDICATOR_ID
def test_parse_malware(): def test_parse_malware():
env = stix2.Environment() env = misp_lib_stix2.Environment()
data = """{ data = """{
"type": "malware", "type": "malware",
"id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e", "id": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e",
@ -282,46 +282,46 @@ def test_parse_malware():
def test_creator_of(): def test_creator_of():
identity = stix2.v20.Identity(**IDENTITY_KWARGS) identity = misp_lib_stix2.v20.Identity(**IDENTITY_KWARGS)
factory = stix2.ObjectFactory(created_by_ref=identity.id) factory = misp_lib_stix2.ObjectFactory(created_by_ref=identity.id)
env = stix2.Environment(store=stix2.MemoryStore(), factory=factory) env = misp_lib_stix2.Environment(store=misp_lib_stix2.MemoryStore(), factory=factory)
env.add(identity) env.add(identity)
ind = env.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = env.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
creator = env.creator_of(ind) creator = env.creator_of(ind)
assert creator is identity assert creator is identity
def test_creator_of_no_datasource(): def test_creator_of_no_datasource():
identity = stix2.v20.Identity(**IDENTITY_KWARGS) identity = misp_lib_stix2.v20.Identity(**IDENTITY_KWARGS)
factory = stix2.ObjectFactory(created_by_ref=identity.id) factory = misp_lib_stix2.ObjectFactory(created_by_ref=identity.id)
env = stix2.Environment(factory=factory) env = misp_lib_stix2.Environment(factory=factory)
ind = env.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = env.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
with pytest.raises(AttributeError) as excinfo: with pytest.raises(AttributeError) as excinfo:
env.creator_of(ind) env.creator_of(ind)
assert 'Environment has no data source' in str(excinfo.value) assert 'Environment has no data source' in str(excinfo.value)
def test_creator_of_not_found(): def test_creator_of_not_found():
identity = stix2.v20.Identity(**IDENTITY_KWARGS) identity = misp_lib_stix2.v20.Identity(**IDENTITY_KWARGS)
factory = stix2.ObjectFactory(created_by_ref=identity.id) factory = misp_lib_stix2.ObjectFactory(created_by_ref=identity.id)
env = stix2.Environment(store=stix2.MemoryStore(), factory=factory) env = misp_lib_stix2.Environment(store=misp_lib_stix2.MemoryStore(), factory=factory)
ind = env.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = env.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
creator = env.creator_of(ind) creator = env.creator_of(ind)
assert creator is None assert creator is None
def test_creator_of_no_created_by_ref(): def test_creator_of_no_created_by_ref():
env = stix2.Environment(store=stix2.MemoryStore()) env = misp_lib_stix2.Environment(store=misp_lib_stix2.MemoryStore())
ind = env.create(stix2.v20.Indicator, **INDICATOR_KWARGS) ind = env.create(misp_lib_stix2.v20.Indicator, **INDICATOR_KWARGS)
creator = env.creator_of(ind) creator = env.creator_of(ind)
assert creator is None assert creator is None
def test_relationships(ds): def test_relationships(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
mal = env.get(MALWARE_ID) mal = env.get(MALWARE_ID)
resp = env.relationships(mal) resp = env.relationships(mal)
@ -332,7 +332,7 @@ def test_relationships(ds):
def test_relationships_no_id(ds): def test_relationships_no_id(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
mal = { mal = {
"type": "malware", "type": "malware",
"name": "some variant", "name": "some variant",
@ -343,7 +343,7 @@ def test_relationships_no_id(ds):
def test_relationships_by_type(ds): def test_relationships_by_type(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
mal = env.get(MALWARE_ID) mal = env.get(MALWARE_ID)
resp = env.relationships(mal, relationship_type='indicates') resp = env.relationships(mal, relationship_type='indicates')
@ -352,7 +352,7 @@ def test_relationships_by_type(ds):
def test_relationships_by_source(ds): def test_relationships_by_source(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
resp = env.relationships(MALWARE_ID, source_only=True) resp = env.relationships(MALWARE_ID, source_only=True)
assert len(resp) == 1 assert len(resp) == 1
@ -360,7 +360,7 @@ def test_relationships_by_source(ds):
def test_relationships_by_target(ds): def test_relationships_by_target(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
resp = env.relationships(MALWARE_ID, target_only=True) resp = env.relationships(MALWARE_ID, target_only=True)
assert len(resp) == 2 assert len(resp) == 2
@ -369,7 +369,7 @@ def test_relationships_by_target(ds):
def test_relationships_by_target_and_type(ds): def test_relationships_by_target_and_type(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
resp = env.relationships(MALWARE_ID, relationship_type='uses', target_only=True) resp = env.relationships(MALWARE_ID, relationship_type='uses', target_only=True)
assert len(resp) == 1 assert len(resp) == 1
@ -377,7 +377,7 @@ def test_relationships_by_target_and_type(ds):
def test_relationships_by_target_and_source(ds): def test_relationships_by_target_and_source(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
with pytest.raises(ValueError) as excinfo: with pytest.raises(ValueError) as excinfo:
env.relationships(MALWARE_ID, target_only=True, source_only=True) env.relationships(MALWARE_ID, target_only=True, source_only=True)
@ -385,7 +385,7 @@ def test_relationships_by_target_and_source(ds):
def test_related_to(ds): def test_related_to(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
mal = env.get(MALWARE_ID) mal = env.get(MALWARE_ID)
resp = env.related_to(mal) resp = env.related_to(mal)
@ -396,7 +396,7 @@ def test_related_to(ds):
def test_related_to_no_id(ds): def test_related_to_no_id(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
mal = { mal = {
"type": "malware", "type": "malware",
"name": "some variant", "name": "some variant",
@ -407,7 +407,7 @@ def test_related_to_no_id(ds):
def test_related_to_by_source(ds): def test_related_to_by_source(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
resp = env.related_to(MALWARE_ID, source_only=True) resp = env.related_to(MALWARE_ID, source_only=True)
assert len(resp) == 1 assert len(resp) == 1
@ -415,7 +415,7 @@ def test_related_to_by_source(ds):
def test_related_to_by_target(ds): def test_related_to_by_target(ds):
env = stix2.Environment(store=ds) env = misp_lib_stix2.Environment(store=ds)
resp = env.related_to(MALWARE_ID, target_only=True) resp = env.related_to(MALWARE_ID, target_only=True)
assert len(resp) == 2 assert len(resp) == 2
@ -424,7 +424,7 @@ def test_related_to_by_target(ds):
def test_versioned_checks(ds, ds2): def test_versioned_checks(ds, ds2):
weights = stix2.equivalence.graph.WEIGHTS.copy() weights = misp_lib_stix2.equivalence.graph.WEIGHTS.copy()
weights.update({ weights.update({
"_internal": { "_internal": {
"ignore_spec_version": True, "ignore_spec_version": True,
@ -432,12 +432,12 @@ def test_versioned_checks(ds, ds2):
"max_depth": 1, "max_depth": 1,
}, },
}) })
score = stix2.equivalence.object._versioned_checks(INDICATOR_ID, INDICATOR_ID, ds, ds2, **weights) score = misp_lib_stix2.equivalence.object._versioned_checks(INDICATOR_ID, INDICATOR_ID, ds, ds2, **weights)
assert round(score) == 100 assert round(score) == 100
def test_semantic_check_with_versioning(ds, ds2): def test_semantic_check_with_versioning(ds, ds2):
weights = stix2.equivalence.graph.WEIGHTS.copy() weights = misp_lib_stix2.equivalence.graph.WEIGHTS.copy()
weights.update({ weights.update({
"_internal": { "_internal": {
"ignore_spec_version": False, "ignore_spec_version": False,
@ -447,7 +447,7 @@ def test_semantic_check_with_versioning(ds, ds2):
"max_depth": 1, "max_depth": 1,
}, },
}) })
ind = stix2.v20.Indicator( ind = misp_lib_stix2.v20.Indicator(
**dict( **dict(
labels=["malicious-activity"], labels=["malicious-activity"],
pattern="[file:hashes.'SHA-256' = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855']", pattern="[file:hashes.'SHA-256' = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855']",
@ -458,16 +458,16 @@ def test_semantic_check_with_versioning(ds, ds2):
"url": "https://examplewebsite2.com/", "url": "https://examplewebsite2.com/",
}, },
], ],
object_marking_refs=[stix2.v20.TLP_WHITE], object_marking_refs=[misp_lib_stix2.v20.TLP_WHITE],
) )
) )
ds.add(ind) ds.add(ind)
score = stix2.equivalence.object.reference_check(ind.id, INDICATOR_ID, ds, ds2, **weights) score = misp_lib_stix2.equivalence.object.reference_check(ind.id, INDICATOR_ID, ds, ds2, **weights)
assert round(score) == 0 # Since pattern is different score is really low assert round(score) == 0 # Since pattern is different score is really low
def test_list_semantic_check(ds, ds2): def test_list_semantic_check(ds, ds2):
weights = stix2.equivalence.graph.WEIGHTS.copy() weights = misp_lib_stix2.equivalence.graph.WEIGHTS.copy()
weights.update({ weights.update({
"_internal": { "_internal": {
"ignore_spec_version": False, "ignore_spec_version": False,
@ -491,7 +491,7 @@ def test_list_semantic_check(ds, ds2):
"relationship--a0cbb21c-8daf-4a7f-96aa-7155a4ef8f70", "relationship--a0cbb21c-8daf-4a7f-96aa-7155a4ef8f70",
] ]
score = stix2.equivalence.object.list_reference_check( score = misp_lib_stix2.equivalence.object.list_reference_check(
object_refs1, object_refs1,
object_refs2, object_refs2,
ds, ds,
@ -504,16 +504,16 @@ def test_list_semantic_check(ds, ds2):
def test_graph_similarity_raises_value_error(ds): def test_graph_similarity_raises_value_error(ds):
with pytest.raises(ValueError): with pytest.raises(ValueError):
prop_scores1 = {} prop_scores1 = {}
stix2.Environment().graph_similarity(ds, ds2, prop_scores1, max_depth=-1) misp_lib_stix2.Environment().graph_similarity(ds, ds2, prop_scores1, max_depth=-1)
def test_graph_similarity_with_filesystem_source(ds, fs): def test_graph_similarity_with_filesystem_source(ds, fs):
prop_scores1 = {} prop_scores1 = {}
env1 = stix2.Environment().graph_similarity(fs, ds, prop_scores1, ignore_spec_version=True) env1 = misp_lib_stix2.Environment().graph_similarity(fs, ds, prop_scores1, ignore_spec_version=True)
# Switching parameters # Switching parameters
prop_scores2 = {} prop_scores2 = {}
env2 = stix2.Environment().graph_similarity(ds, fs, prop_scores2, ignore_spec_version=True) env2 = misp_lib_stix2.Environment().graph_similarity(ds, fs, prop_scores2, ignore_spec_version=True)
assert round(env1) == 25 assert round(env1) == 25
assert round(prop_scores1["matching_score"]) == 451 assert round(prop_scores1["matching_score"]) == 451
@ -530,7 +530,7 @@ def test_graph_similarity_with_filesystem_source(ds, fs):
def test_graph_similarity_with_duplicate_graph(ds): def test_graph_similarity_with_duplicate_graph(ds):
prop_scores = {} prop_scores = {}
env = stix2.Environment().graph_similarity(ds, ds, prop_scores) env = misp_lib_stix2.Environment().graph_similarity(ds, ds, prop_scores)
assert round(env) == 100 assert round(env) == 100
assert round(prop_scores["matching_score"]) == 800 assert round(prop_scores["matching_score"]) == 800
assert round(prop_scores["len_pairs"]) == 8 assert round(prop_scores["len_pairs"]) == 8
@ -538,11 +538,11 @@ def test_graph_similarity_with_duplicate_graph(ds):
def test_graph_similarity_with_versioning_check_on(ds2, ds): def test_graph_similarity_with_versioning_check_on(ds2, ds):
prop_scores1 = {} prop_scores1 = {}
env1 = stix2.Environment().graph_similarity(ds, ds2, prop_scores1, versioning_checks=True) env1 = misp_lib_stix2.Environment().graph_similarity(ds, ds2, prop_scores1, versioning_checks=True)
# Switching parameters # Switching parameters
prop_scores2 = {} prop_scores2 = {}
env2 = stix2.Environment().graph_similarity(ds2, ds, prop_scores2, versioning_checks=True) env2 = misp_lib_stix2.Environment().graph_similarity(ds2, ds, prop_scores2, versioning_checks=True)
assert round(env1) == 88 assert round(env1) == 88
assert round(prop_scores1["matching_score"]) == 789 assert round(prop_scores1["matching_score"]) == 789
@ -559,11 +559,11 @@ def test_graph_similarity_with_versioning_check_on(ds2, ds):
def test_graph_similarity_with_versioning_check_off(ds2, ds): def test_graph_similarity_with_versioning_check_off(ds2, ds):
prop_scores1 = {} prop_scores1 = {}
env1 = stix2.Environment().graph_similarity(ds, ds2, prop_scores1) env1 = misp_lib_stix2.Environment().graph_similarity(ds, ds2, prop_scores1)
# Switching parameters # Switching parameters
prop_scores2 = {} prop_scores2 = {}
env2 = stix2.Environment().graph_similarity(ds2, ds, prop_scores2) env2 = misp_lib_stix2.Environment().graph_similarity(ds2, ds, prop_scores2)
assert round(env1) == 88 assert round(env1) == 88
assert round(prop_scores1["matching_score"]) == 789 assert round(prop_scores1["matching_score"]) == 789
@ -580,11 +580,11 @@ def test_graph_similarity_with_versioning_check_off(ds2, ds):
def test_graph_equivalence_with_filesystem_source(ds, fs): def test_graph_equivalence_with_filesystem_source(ds, fs):
prop_scores1 = {} prop_scores1 = {}
env1 = stix2.Environment().graph_equivalence(fs, ds, prop_scores1, ignore_spec_version=True) env1 = misp_lib_stix2.Environment().graph_equivalence(fs, ds, prop_scores1, ignore_spec_version=True)
# Switching parameters # Switching parameters
prop_scores2 = {} prop_scores2 = {}
env2 = stix2.Environment().graph_equivalence(ds, fs, prop_scores2, ignore_spec_version=True) env2 = misp_lib_stix2.Environment().graph_equivalence(ds, fs, prop_scores2, ignore_spec_version=True)
assert env1 is False assert env1 is False
assert round(prop_scores1["matching_score"]) == 451 assert round(prop_scores1["matching_score"]) == 451
@ -601,7 +601,7 @@ def test_graph_equivalence_with_filesystem_source(ds, fs):
def test_graph_equivalence_with_duplicate_graph(ds): def test_graph_equivalence_with_duplicate_graph(ds):
prop_scores = {} prop_scores = {}
env = stix2.Environment().graph_equivalence(ds, ds, prop_scores) env = misp_lib_stix2.Environment().graph_equivalence(ds, ds, prop_scores)
assert env is True assert env is True
assert round(prop_scores["matching_score"]) == 800 assert round(prop_scores["matching_score"]) == 800
assert round(prop_scores["len_pairs"]) == 8 assert round(prop_scores["len_pairs"]) == 8
@ -609,11 +609,11 @@ def test_graph_equivalence_with_duplicate_graph(ds):
def test_graph_equivalence_with_versioning_check_on(ds2, ds): def test_graph_equivalence_with_versioning_check_on(ds2, ds):
prop_scores1 = {} prop_scores1 = {}
env1 = stix2.Environment().graph_equivalence(ds, ds2, prop_scores1, versioning_checks=True) env1 = misp_lib_stix2.Environment().graph_equivalence(ds, ds2, prop_scores1, versioning_checks=True)
# Switching parameters # Switching parameters
prop_scores2 = {} prop_scores2 = {}
env2 = stix2.Environment().graph_equivalence(ds2, ds, prop_scores2, versioning_checks=True) env2 = misp_lib_stix2.Environment().graph_equivalence(ds2, ds, prop_scores2, versioning_checks=True)
assert env1 is True assert env1 is True
assert round(prop_scores1["matching_score"]) == 789 assert round(prop_scores1["matching_score"]) == 789
@ -630,11 +630,11 @@ def test_graph_equivalence_with_versioning_check_on(ds2, ds):
def test_graph_equivalence_with_versioning_check_off(ds2, ds): def test_graph_equivalence_with_versioning_check_off(ds2, ds):
prop_scores1 = {} prop_scores1 = {}
env1 = stix2.Environment().graph_equivalence(ds, ds2, prop_scores1) env1 = misp_lib_stix2.Environment().graph_equivalence(ds, ds2, prop_scores1)
# Switching parameters # Switching parameters
prop_scores2 = {} prop_scores2 = {}
env2 = stix2.Environment().graph_equivalence(ds2, ds, prop_scores2) env2 = misp_lib_stix2.Environment().graph_equivalence(ds2, ds, prop_scores2)
assert env1 is True assert env1 is True
assert round(prop_scores1["matching_score"]) == 789 assert round(prop_scores1["matching_score"]) == 789

20
stix2/test/v20/test_external_reference.py → misp_lib_stix2/test/v20/test_external_reference.py
View File

@ -4,7 +4,7 @@ import re
import pytest import pytest
import stix2 import misp_lib_stix2
VERIS = """{ VERIS = """{
"source_name": "veris", "source_name": "veris",
@ -17,7 +17,7 @@ VERIS = """{
def test_external_reference_veris(): def test_external_reference_veris():
ref = stix2.v20.ExternalReference( ref = misp_lib_stix2.v20.ExternalReference(
source_name="veris", source_name="veris",
external_id="0001AA7F-C601-424A-B2B8-BE6C9F5164E7", external_id="0001AA7F-C601-424A-B2B8-BE6C9F5164E7",
hashes={ hashes={
@ -36,7 +36,7 @@ CAPEC = """{
def test_external_reference_capec(): def test_external_reference_capec():
ref = stix2.v20.ExternalReference( ref = misp_lib_stix2.v20.ExternalReference(
source_name="capec", source_name="capec",
external_id="CAPEC-550", external_id="CAPEC-550",
) )
@ -53,7 +53,7 @@ CAPEC_URL = """{
def test_external_reference_capec_url(): def test_external_reference_capec_url():
ref = stix2.v20.ExternalReference( ref = misp_lib_stix2.v20.ExternalReference(
source_name="capec", source_name="capec",
external_id="CAPEC-550", external_id="CAPEC-550",
url="http://capec.mitre.org/data/definitions/550.html", url="http://capec.mitre.org/data/definitions/550.html",
@ -70,7 +70,7 @@ THREAT_REPORT = """{
def test_external_reference_threat_report(): def test_external_reference_threat_report():
ref = stix2.v20.ExternalReference( ref = misp_lib_stix2.v20.ExternalReference(
source_name="ACME Threat Intel", source_name="ACME Threat Intel",
description="Threat report", description="Threat report",
url="http://www.example.com/threat-report.pdf", url="http://www.example.com/threat-report.pdf",
@ -87,7 +87,7 @@ BUGZILLA = """{
def test_external_reference_bugzilla(): def test_external_reference_bugzilla():
ref = stix2.v20.ExternalReference( ref = misp_lib_stix2.v20.ExternalReference(
source_name="ACME Bugzilla", source_name="ACME Bugzilla",
external_id="1370", external_id="1370",
url="https://www.example.com/bugs/1370", url="https://www.example.com/bugs/1370",
@ -103,7 +103,7 @@ OFFLINE = """{
def test_external_reference_offline(): def test_external_reference_offline():
ref = stix2.v20.ExternalReference( ref = misp_lib_stix2.v20.ExternalReference(
source_name="ACME Threat Intel", source_name="ACME Threat Intel",
description="Threat report", description="Threat report",
) )
@ -115,8 +115,8 @@ def test_external_reference_offline():
def test_external_reference_source_required(): def test_external_reference_source_required():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v20.ExternalReference() misp_lib_stix2.v20.ExternalReference()
assert excinfo.value.cls == stix2.v20.ExternalReference assert excinfo.value.cls == misp_lib_stix2.v20.ExternalReference
assert excinfo.value.properties == ["source_name"] assert excinfo.value.properties == ["source_name"]

2
stix2/test/v21/test_fixtures.py → misp_lib_stix2/test/v20/test_fixtures.py
View File

@ -1,6 +1,6 @@
import uuid import uuid
from stix2 import utils from misp_lib_stix2 import utils
from .constants import FAKE_TIME from .constants import FAKE_TIME

6
stix2/test/v20/test_granular_markings.py → misp_lib_stix2/test/v20/test_granular_markings.py
View File

@ -1,9 +1,9 @@
import pytest import pytest
from stix2 import markings from misp_lib_stix2 import markings
from stix2.exceptions import InvalidSelectorError, MarkingNotFoundError from misp_lib_stix2.exceptions import InvalidSelectorError, MarkingNotFoundError
from stix2.v20 import TLP_RED, Malware from misp_lib_stix2.v20 import TLP_RED, Malware
from .constants import MALWARE_MORE_KWARGS as MALWARE_KWARGS_CONST from .constants import MALWARE_MORE_KWARGS as MALWARE_KWARGS_CONST
from .constants import MARKING_IDS from .constants import MARKING_IDS

12
stix2/test/v20/test_identity.py → misp_lib_stix2/test/v20/test_identity.py
View File

@ -3,7 +3,7 @@ import datetime as dt
import pytest import pytest
import pytz import pytz
import stix2 import misp_lib_stix2
from .constants import IDENTITY_ID from .constants import IDENTITY_ID
@ -18,7 +18,7 @@ EXPECTED = """{
def test_identity_example(): def test_identity_example():
identity = stix2.v20.Identity( identity = misp_lib_stix2.v20.Identity(
id=IDENTITY_ID, id=IDENTITY_ID,
created="2015-12-21T19:59:11.000Z", created="2015-12-21T19:59:11.000Z",
modified="2015-12-21T19:59:11.000Z", modified="2015-12-21T19:59:11.000Z",
@ -43,7 +43,7 @@ def test_identity_example():
], ],
) )
def test_parse_identity(data): def test_parse_identity(data):
identity = stix2.parse(data, version="2.0") identity = misp_lib_stix2.parse(data, version="2.0")
assert identity.type == 'identity' assert identity.type == 'identity'
assert identity.id == IDENTITY_ID assert identity.id == IDENTITY_ID
@ -53,8 +53,8 @@ def test_parse_identity(data):
def test_parse_no_type(): def test_parse_no_type():
with pytest.raises(stix2.exceptions.ParseError): with pytest.raises(misp_lib_stix2.exceptions.ParseError):
stix2.parse( misp_lib_stix2.parse(
""" """
{ {
"id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c", "id": "identity--311b2d2d-f010-4473-83ec-1edf84858f4c",
@ -67,7 +67,7 @@ def test_parse_no_type():
def test_identity_with_custom(): def test_identity_with_custom():
identity = stix2.v20.Identity( identity = misp_lib_stix2.v20.Identity(
name="John Smith", name="John Smith",
identity_class="individual", identity_class="individual",
custom_properties={'x_foo': 'bar'}, custom_properties={'x_foo': 'bar'},

70
stix2/test/v20/test_indicator.py → misp_lib_stix2/test/v20/test_indicator.py
View File

@ -4,7 +4,7 @@ import re
import pytest import pytest
import pytz import pytz
import stix2 import misp_lib_stix2
from .constants import FAKE_TIME, INDICATOR_ID, INDICATOR_KWARGS from .constants import FAKE_TIME, INDICATOR_ID, INDICATOR_KWARGS
@ -38,7 +38,7 @@ def test_indicator_with_all_required_properties():
now = dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc) now = dt.datetime(2017, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc) epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
ind = stix2.v20.Indicator( ind = misp_lib_stix2.v20.Indicator(
type="indicator", type="indicator",
id=INDICATOR_ID, id=INDICATOR_ID,
created=now, created=now,
@ -73,78 +73,78 @@ def test_indicator_autogenerated_properties(indicator):
def test_indicator_type_must_be_indicator(): def test_indicator_type_must_be_indicator():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Indicator(type='xxx', **INDICATOR_KWARGS) misp_lib_stix2.v20.Indicator(type='xxx', **INDICATOR_KWARGS)
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.prop_name == "type" assert excinfo.value.prop_name == "type"
assert excinfo.value.reason == "must equal 'indicator'." assert excinfo.value.reason == "must equal 'indicator'."
assert str(excinfo.value) == "Invalid value for Indicator 'type': must equal 'indicator'." assert str(excinfo.value) == "Invalid value for Indicator 'type': must equal 'indicator'."
def test_indicator_id_must_start_with_indicator(): def test_indicator_id_must_start_with_indicator():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Indicator(id='my-prefix--', **INDICATOR_KWARGS) misp_lib_stix2.v20.Indicator(id='my-prefix--', **INDICATOR_KWARGS)
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.prop_name == "id" assert excinfo.value.prop_name == "id"
assert excinfo.value.reason == "must start with 'indicator--'." assert excinfo.value.reason == "must start with 'indicator--'."
assert str(excinfo.value) == "Invalid value for Indicator 'id': must start with 'indicator--'." assert str(excinfo.value) == "Invalid value for Indicator 'id': must start with 'indicator--'."
def test_indicator_required_properties(): def test_indicator_required_properties():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v20.Indicator() misp_lib_stix2.v20.Indicator()
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.properties == ["labels", "pattern"] assert excinfo.value.properties == ["labels", "pattern"]
assert str(excinfo.value) == "No values for required properties for Indicator: (labels, pattern)." assert str(excinfo.value) == "No values for required properties for Indicator: (labels, pattern)."
def test_indicator_required_property_pattern(): def test_indicator_required_property_pattern():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v20.Indicator(labels=['malicious-activity']) misp_lib_stix2.v20.Indicator(labels=['malicious-activity'])
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.properties == ["pattern"] assert excinfo.value.properties == ["pattern"]
def test_indicator_created_ref_invalid_format(): def test_indicator_created_ref_invalid_format():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Indicator(created_by_ref='myprefix--12345678', **INDICATOR_KWARGS) misp_lib_stix2.v20.Indicator(created_by_ref='myprefix--12345678', **INDICATOR_KWARGS)
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.prop_name == "created_by_ref" assert excinfo.value.prop_name == "created_by_ref"
def test_indicator_revoked_invalid(): def test_indicator_revoked_invalid():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Indicator(revoked='no', **INDICATOR_KWARGS) misp_lib_stix2.v20.Indicator(revoked='no', **INDICATOR_KWARGS)
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.prop_name == "revoked" assert excinfo.value.prop_name == "revoked"
assert excinfo.value.reason == "must be a boolean value." assert excinfo.value.reason == "must be a boolean value."
def test_cannot_assign_to_indicator_attributes(indicator): def test_cannot_assign_to_indicator_attributes(indicator):
with pytest.raises(stix2.exceptions.ImmutableError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ImmutableError) as excinfo:
indicator.valid_from = dt.datetime.now() indicator.valid_from = dt.datetime.now()
assert str(excinfo.value) == "Cannot modify 'valid_from' property in 'Indicator' after creation." assert str(excinfo.value) == "Cannot modify 'valid_from' property in 'Indicator' after creation."
def test_invalid_kwarg_to_indicator(): def test_invalid_kwarg_to_indicator():
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.ExtraPropertiesError) as excinfo:
stix2.v20.Indicator(my_custom_property="foo", **INDICATOR_KWARGS) misp_lib_stix2.v20.Indicator(my_custom_property="foo", **INDICATOR_KWARGS)
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.properties == ['my_custom_property'] assert excinfo.value.properties == ['my_custom_property']
assert str(excinfo.value) == "Unexpected properties for Indicator: (my_custom_property)." assert str(excinfo.value) == "Unexpected properties for Indicator: (my_custom_property)."
def test_created_modified_time_are_identical_by_default(): def test_created_modified_time_are_identical_by_default():
"""By default, the created and modified times should be the same.""" """By default, the created and modified times should be the same."""
ind = stix2.v20.Indicator(**INDICATOR_KWARGS) ind = misp_lib_stix2.v20.Indicator(**INDICATOR_KWARGS)
assert ind.created == ind.modified assert ind.created == ind.modified
@ -166,7 +166,7 @@ def test_created_modified_time_are_identical_by_default():
], ],
) )
def test_parse_indicator(data): def test_parse_indicator(data):
idctr = stix2.parse(data, version="2.0") idctr = misp_lib_stix2.parse(data, version="2.0")
assert idctr.type == 'indicator' assert idctr.type == 'indicator'
assert idctr.id == INDICATOR_ID assert idctr.id == INDICATOR_ID
@ -178,21 +178,21 @@ def test_parse_indicator(data):
def test_invalid_indicator_pattern(): def test_invalid_indicator_pattern():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Indicator( misp_lib_stix2.v20.Indicator(
labels=['malicious-activity'], labels=['malicious-activity'],
pattern="file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e'", pattern="file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e'",
) )
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.prop_name == 'pattern' assert excinfo.value.prop_name == 'pattern'
assert 'input is missing square brackets' in excinfo.value.reason assert 'input is missing square brackets' in excinfo.value.reason
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Indicator( misp_lib_stix2.v20.Indicator(
labels=['malicious-activity'], labels=['malicious-activity'],
pattern='[file:hashes.MD5 = "d41d8cd98f00b204e9800998ecf8427e"]', pattern='[file:hashes.MD5 = "d41d8cd98f00b204e9800998ecf8427e"]',
) )
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert excinfo.value.prop_name == 'pattern' assert excinfo.value.prop_name == 'pattern'
assert 'mismatched input' in excinfo.value.reason assert 'mismatched input' in excinfo.value.reason
@ -202,8 +202,8 @@ def test_indicator_stix21_invalid_pattern():
epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc) epoch = dt.datetime(1970, 1, 1, 0, 0, 1, tzinfo=pytz.utc)
patrn = "[EXISTS windows-registry-key:values]" patrn = "[EXISTS windows-registry-key:values]"
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo: with pytest.raises(misp_lib_stix2.exceptions.InvalidValueError) as excinfo:
stix2.v20.Indicator( misp_lib_stix2.v20.Indicator(
type="indicator", type="indicator",
id=INDICATOR_ID, id=INDICATOR_ID,
created=now, created=now,
@ -213,5 +213,5 @@ def test_indicator_stix21_invalid_pattern():
labels=["malicious-activity"], labels=["malicious-activity"],
) )
assert excinfo.value.cls == stix2.v20.Indicator assert excinfo.value.cls == misp_lib_stix2.v20.Indicator
assert "FAIL: Error found at line 1:8. no viable alternative at input 'EXISTS" in str(excinfo.value) assert "FAIL: Error found at line 1:8. no viable alternative at input 'EXISTS" in str(excinfo.value)

36
stix2/test/v20/test_interoperability.py → misp_lib_stix2/test/v20/test_interoperability.py
View File

@ -2,7 +2,7 @@ import datetime
import pytz import pytz
import stix2 import misp_lib_stix2
FAKE_TIME = datetime.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc) FAKE_TIME = datetime.datetime(2017, 1, 1, 12, 34, 56, tzinfo=pytz.utc)
@ -169,22 +169,22 @@ VULNERABILITY_KWARGS = dict(
if __name__ == '__main__': if __name__ == '__main__':
attack_pattern = stix2.v20.AttackPattern(**ATTACK_PATTERN_KWARGS, interoperability=True) attack_pattern = misp_lib_stix2.v20.AttackPattern(**ATTACK_PATTERN_KWARGS, interoperability=True)
campaign = stix2.v20.Campaign(**CAMPAIGN_KWARGS, interoperability=True) campaign = misp_lib_stix2.v20.Campaign(**CAMPAIGN_KWARGS, interoperability=True)
course_of_action = stix2.v20.CourseOfAction(**COURSE_OF_ACTION_KWARGS, interoperability=True) course_of_action = misp_lib_stix2.v20.CourseOfAction(**COURSE_OF_ACTION_KWARGS, interoperability=True)
identity = stix2.v20.Identity(**IDENTITY_KWARGS, interoperability=True) identity = misp_lib_stix2.v20.Identity(**IDENTITY_KWARGS, interoperability=True)
indicator = stix2.v20.Indicator(**INDICATOR_KWARGS, interoperability=True) indicator = misp_lib_stix2.v20.Indicator(**INDICATOR_KWARGS, interoperability=True)
intrusion_set = stix2.v20.IntrusionSet(**INTRUSION_SET_KWARGS, interoperability=True) intrusion_set = misp_lib_stix2.v20.IntrusionSet(**INTRUSION_SET_KWARGS, interoperability=True)
malware = stix2.v20.Malware(**MALWARE_KWARGS, interoperability=True) malware = misp_lib_stix2.v20.Malware(**MALWARE_KWARGS, interoperability=True)
marking_definition = stix2.v20.MarkingDefinition(**MARKING_DEFINITION_KWARGS, interoperability=True) marking_definition = misp_lib_stix2.v20.MarkingDefinition(**MARKING_DEFINITION_KWARGS, interoperability=True)
observed_data = stix2.v20.ObservedData(**OBSERVED_DATA_KWARGS, interoperability=True) observed_data = misp_lib_stix2.v20.ObservedData(**OBSERVED_DATA_KWARGS, interoperability=True)
relationship = stix2.v20.Relationship(**RELATIONSHIP_KWARGS, interoperability=True) relationship = misp_lib_stix2.v20.Relationship(**RELATIONSHIP_KWARGS, interoperability=True)
sighting = stix2.v20.Sighting(**SIGHTING_KWARGS, interoperability=True) sighting = misp_lib_stix2.v20.Sighting(**SIGHTING_KWARGS, interoperability=True)
threat_actor = stix2.v20.ThreatActor(**THREAT_ACTOR_KWARGS, interoperability=True) threat_actor = misp_lib_stix2.v20.ThreatActor(**THREAT_ACTOR_KWARGS, interoperability=True)
tool = stix2.v20.Tool(**TOOL_KWARGS) tool = misp_lib_stix2.v20.Tool(**TOOL_KWARGS)
vulnerability = stix2.v20.Vulnerability(**VULNERABILITY_KWARGS, interoperability=True) vulnerability = misp_lib_stix2.v20.Vulnerability(**VULNERABILITY_KWARGS, interoperability=True)
report = stix2.v20.Report(**REPORT_KWARGS, interoperability=True) report = misp_lib_stix2.v20.Report(**REPORT_KWARGS, interoperability=True)
bundle = stix2.v20.Bundle( bundle = misp_lib_stix2.v20.Bundle(
**BUNDLE_KWARGS, interoperability=True, **BUNDLE_KWARGS, interoperability=True,
objects=[ objects=[
attack_pattern, campaign, course_of_action, identity, indicator, attack_pattern, campaign, course_of_action, identity, indicator,
@ -192,5 +192,5 @@ if __name__ == '__main__':
relationship, sighting, threat_actor, vulnerability, report, relationship, sighting, threat_actor, vulnerability, report,
] ]
) )
stix2.parse(dict(bundle), interoperability=True) misp_lib_stix2.parse(dict(bundle), interoperability=True)
print("All interoperability tests passed !") print("All interoperability tests passed !")

Some files were not shown because too many files have changed in this diff Show More