Check for valid IDs and types on indicators.

2017-01-17 14:46:00 -08:00 · 2017-01-17 14:46:00 -08:00 · ebf6513445
parent 9974ade5b6
commit ebf6513445
2 changed files with 29 additions and 6 deletions
--- a/stix2/init.py
+++ b/stix2/init.py
@ -31,10 +31,16 @@ class Indicator:
                 labels=None, pattern=None, valid_from=None):
        now = datetime.now(tz=pytz.UTC)

+        if type != 'indicator':
+            raise ValueError("Indicators must have type='indicator'.")
        self.type = type
+
        if not id:
-            id = "indicator--" + str(uuid.uuid4())
+            id = 'indicator--' + str(uuid.uuid4())
+        if not id.startswith('indicator--'):
+            raise ValueError("Indicator id values must begin with 'indicator--'.")
        self.id = id
+
        self.created = created or now
        self.modified = modified or now
        self.labels = labels
--- a/stix2/test/test_stix2.py
+++ b/stix2/test/test_stix2.py
@ -51,12 +51,15 @@ def test_indicator_with_all_required_fields():
    assert str(indicator) == EXPECTED


-def test_indicator_autogenerated_fields():
-    indicator = stix2.Indicator(
-        labels=['malicious-activity'],
-        pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
-    )
+# Minimum required args for an indicator
+KWARGS = dict(
+    labels=['malicious-activity'],
+    pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
+)

+
+def test_indicator_autogenerated_fields():
+    indicator = stix2.Indicator(**KWARGS)
    assert indicator.type == 'indicator'
    assert indicator.id.startswith('indicator--')
    assert indicator.created is not None
@ -64,3 +67,17 @@ def test_indicator_autogenerated_fields():
    assert indicator.labels == ['malicious-activity']
    assert indicator.pattern == "[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']"
    assert indicator.valid_from is not None
+
+
+def test_indicator_type_must_be_indicator():
+    with pytest.raises(ValueError) as excinfo:
+        indicator = stix2.Indicator(type='xxx')
+
+    assert "Indicators must have type='indicator'." in str(excinfo)
+
+
+def test_indicator_id_must_start_with_indicator():
+    with pytest.raises(ValueError) as excinfo:
+        indicator = stix2.Indicator(id='my-prefix--')
+
+    assert "Indicator id values must begin with 'indicator--'." in str(excinfo)