MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Check for valid IDs and types on indicators.

stix2.1
Greg Back 2017-01-17 14:46:00 -08:00
parent 9974ade5b6
commit ebf6513445
2 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
stix2/__init__.py
View File

@ -31,10 +31,16 @@ class Indicator:
labels=None, pattern=None, valid_from=None): labels=None, pattern=None, valid_from=None):
now = datetime.now(tz=pytz.UTC) now = datetime.now(tz=pytz.UTC)
if type != 'indicator':
raise ValueError("Indicators must have type='indicator'.")
self.type = type self.type = type
if not id: if not id:
id = "indicator--" + str(uuid.uuid4()) id = 'indicator--' + str(uuid.uuid4())
if not id.startswith('indicator--'):
raise ValueError("Indicator id values must begin with 'indicator--'.")
self.id = id self.id = id
self.created = created or now self.created = created or now
self.modified = modified or now self.modified = modified or now
self.labels = labels self.labels = labels

27
stix2/test/test_stix2.py
View File

@ -51,12 +51,15 @@ def test_indicator_with_all_required_fields():
assert str(indicator) == EXPECTED assert str(indicator) == EXPECTED
def test_indicator_autogenerated_fields(): # Minimum required args for an indicator
indicator = stix2.Indicator( KWARGS = dict(
labels=['malicious-activity'], labels=['malicious-activity'],
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']", pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
) )
def test_indicator_autogenerated_fields():
indicator = stix2.Indicator(**KWARGS)
assert indicator.type == 'indicator' assert indicator.type == 'indicator'
assert indicator.id.startswith('indicator--') assert indicator.id.startswith('indicator--')
assert indicator.created is not None assert indicator.created is not None
@ -64,3 +67,17 @@ def test_indicator_autogenerated_fields():
assert indicator.labels == ['malicious-activity'] assert indicator.labels == ['malicious-activity']
assert indicator.pattern == "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']" assert indicator.pattern == "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']"
assert indicator.valid_from is not None assert indicator.valid_from is not None
def test_indicator_type_must_be_indicator():
with pytest.raises(ValueError) as excinfo:
indicator = stix2.Indicator(type='xxx')
assert "Indicators must have type='indicator'." in str(excinfo)
def test_indicator_id_must_start_with_indicator():
with pytest.raises(ValueError) as excinfo:
indicator = stix2.Indicator(id='my-prefix--')
assert "Indicator id values must begin with 'indicator--'." in str(excinfo)