Update many unit tests to work with the malware2.1 API changes

I made.  The bundle tests and Bundle itself have not been fixed
yet in this commit.

stix2/test/constants.py

@@ -80,6 +80,7 @@ INTRUSION_SET_KWARGS = dict(
 MALWARE_KWARGS = dict(
     labels=['ransomware'],
     name="Cryptolocker",
+    is_family=False
 )
 
 MALWARE_MORE_KWARGS = dict(
@@ -89,7 +90,8 @@ MALWARE_MORE_KWARGS = dict(
     modified="2016-04-06T20:03:00.000Z",
     labels=['ransomware'],
     name="Cryptolocker",
-    description="A ransomware related to ..."
+    description="A ransomware related to ...",
+    is_family=False
 )
 
 OBSERVED_DATA_KWARGS = dict(

stix2/test/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38.json

@@ -26,9 +26,10 @@
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "type": "malware"
+            "type": "malware",
+            "is_family": false
         }
     ],
-    "spec_version": "2.0",
+    "spec_version": "2.1",
     "type": "bundle"
 }

stix2/test/stix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841.json

@@ -26,9 +26,10 @@
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "type": "malware"
+            "type": "malware",
+            "is_family": false
         }
     ],
-    "spec_version": "2.0",
+    "spec_version": "2.1",
     "type": "bundle"
 }

stix2/test/stix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e.json

@@ -26,9 +26,10 @@
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "type": "malware"
+            "type": "malware",
+            "is_family": false
         }
     ],
-    "spec_version": "2.0",
+    "spec_version": "2.1",
     "type": "bundle"
 }

stix2/test/stix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b.json

@@ -26,9 +26,10 @@
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "type": "malware"
+            "type": "malware",
+            "is_family": false
         }
     ],
-    "spec_version": "2.0",
+    "spec_version": "2.1",
     "type": "bundle"
 }

stix2/test/test_datastore_filesystem.py

@@ -220,7 +220,7 @@ def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source):
     bund = {
         "type": "bundle",
         "id": "bundle--112211b6-1112-4fb0-111b-b111107ca70a",
-        "spec_version": "2.0",
+        "spec_version": "2.1",
         "objects": [
             {
                 "name": "Atilla",
@@ -264,7 +264,7 @@ def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source):
 def test_filesystem_sink_json_stix_bundle(fs_sink, fs_source):
     # add json-encoded stix bundle
     bund2 = '{"type": "bundle", "id": "bundle--332211b6-1132-4fb0-111b-b111107ca70a",' \
-            ' "spec_version": "2.0", "objects": [{"type": "campaign", "id": "campaign--155155b6-1112-4fb0-111b-b111107ca70a",' \
+            ' "spec_version": "2.1", "objects": [{"type": "campaign", "id": "campaign--155155b6-1112-4fb0-111b-b111107ca70a",' \
             ' "created":"2017-05-31T21:31:53.197755Z", "name": "Spartacus", "objective": "Oppressive regimes of Africa and Middle East"}]}'
     fs_sink.add(bund2)
 

stix2/test/test_datastore_filters.py

@@ -14,7 +14,8 @@ stix_objs = [
         ],
         "modified": "2017-01-27T13:49:53.997Z",
         "name": "Poison Ivy",
-        "type": "malware"
+        "type": "malware",
+        "is_family": False
     },
     {
         "created": "2014-05-08T09:00:00.000Z",

stix2/test/test_datastore_taxii.py

@@ -224,7 +224,7 @@ def test_add_dict_bundle_object(collection):
     ta = {
         "type": "bundle",
         "id": "bundle--860ccc8d-56c9-4fda-9384-84276fb52fb1",
-        "spec_version": "2.0",
+        "spec_version": "2.1",
         "objects": [
             {
                 "type": "threat-actor",

stix2/test/test_environment.py

@@ -196,7 +196,8 @@ def test_parse_malware():
         "name": "Cryptolocker",
         "labels": [
             "ransomware"
-        ]
+        ],
+        "is_family": false
     }"""
     mal = env.parse(data)
 

stix2/test/test_malware.py

@@ -10,13 +10,15 @@ from .constants import FAKE_TIME, MALWARE_ID, MALWARE_KWARGS
 
 EXPECTED_MALWARE = """{
     "type": "malware",
+    "spec_version": "2.1",
     "id": "malware--fedcba98-7654-3210-fedc-ba9876543210",
     "created": "2016-05-12T08:17:27.000Z",
     "modified": "2016-05-12T08:17:27.000Z",
     "name": "Cryptolocker",
     "labels": [
         "ransomware"
-    ]
+    ],
+    "is_family": false
 }"""
 
 
@@ -30,6 +32,7 @@ def test_malware_with_all_required_properties():
         modified=now,
         labels=["ransomware"],
         name="Cryptolocker",
+        is_family=False
     )
 
     assert str(mal) == EXPECTED_MALWARE
@@ -76,12 +79,12 @@ def test_malware_required_properties():
         stix2.Malware()
 
     assert excinfo.value.cls == stix2.Malware
-    assert excinfo.value.properties == ["labels", "name"]
+    assert excinfo.value.properties == ["is_family", "labels", "name"]
 
 
 def test_malware_required_property_name():
     with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo:
-        stix2.Malware(labels=['ransomware'])
+        stix2.Malware(labels=['ransomware'], is_family=False)
 
     assert excinfo.value.cls == stix2.Malware
     assert excinfo.value.properties == ["name"]
@@ -112,6 +115,7 @@ def test_invalid_kwarg_to_malware():
         "modified": "2016-05-12T08:17:27.000Z",
         "labels": ["ransomware"],
         "name": "Cryptolocker",
+        "is_family": False
     },
 ])
 def test_parse_malware(data):
@@ -156,6 +160,6 @@ def test_parse_malware_clean_kill_chain_phases():
           "phase_name": 1
         }
       ]"""
-    data = EXPECTED_MALWARE.replace('malware"', 'malware",%s' % kill_chain)
+    data = EXPECTED_MALWARE.replace('2.1"', '2.1",%s' % kill_chain)
     mal = stix2.parse(data)
     assert mal['kill_chain_phases'][0]['phase_name'] == "1"

stix2/test/test_note.py

@@ -15,6 +15,7 @@ DESCRIPTION = ('This note indicates the various steps taken by the threat'
 
 EXPECTED_NOTE = """{
     "type": "note",
+    "spec_version": "2.1",
     "id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
     "created": "2016-05-12T08:17:27.000Z",
     "modified": "2016-05-12T08:17:27.000Z",
@@ -36,6 +37,7 @@ EXPECTED_NOTE = """{
 
 EXPECTED_OPINION_REPR = "Note(" + " ".join(("""
     type='note',
+    spec_version='2.1',
     id='note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061',
     created='2016-05-12T08:17:27.000Z',
     modified='2016-05-12T08:17:27.000Z',
@@ -76,6 +78,7 @@ def test_note_with_required_properties():
     EXPECTED_NOTE,
     {
         "type": "note",
+        "spec_version": "2.1",
         "id": "note--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061",
         "created": "2016-05-12T08:17:27.000Z",
         "modified": "2016-05-12T08:17:27.000Z",

stix2/test/test_relationship.py

@@ -10,6 +10,7 @@ from .constants import (FAKE_TIME, INDICATOR_ID, MALWARE_ID, RELATIONSHIP_ID,
 
 EXPECTED_RELATIONSHIP = """{
     "type": "relationship",
+    "spec_version": "2.1",
     "id": "relationship--00000000-1111-2222-3333-444444444444",
     "created": "2016-04-06T20:06:37.000Z",
     "modified": "2016-04-06T20:06:37.000Z",

stix2/test/test_versioning.py

@@ -217,6 +217,7 @@ def test_revoke_invalid_cls():
 def test_remove_custom_stix_property():
     mal = stix2.Malware(name="ColePowers",
                         labels=["rootkit"],
+                        is_family=False,
                         x_custom="armada",
                         allow_custom=True)