MISP
/
cti-python-stix2
mirror of https://github.com/MISP/cti-python-stix2
2
0
Fork 0
Code Issues Releases Wiki Activity

Update tests for object and granular markings.

stix2.1
Emmanuelle Vargas-Gonzalez 2017-08-23 13:07:22 -04:00
parent 15bff530be
commit f33427328b
4 changed files with 295 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
stix2/test/constants.py
View File

@ -45,6 +45,7 @@ INDICATOR_KWARGS = dict(
MALWARE_KWARGS = dict( MALWARE_KWARGS = dict(
labels=['ransomware'], labels=['ransomware'],
name="Cryptolocker", name="Cryptolocker",
description="A ransomware related to ..."
) )
# Minimum required args for a Relationship instance # Minimum required args for a Relationship instance

1
stix2/test/test_bundle.py
View File

@ -19,6 +19,7 @@ EXPECTED_BUNDLE = """{
}, },
{ {
"created": "2017-01-01T12:34:56.000Z", "created": "2017-01-01T12:34:56.000Z",
"description": "A ransomware related to ...",
"id": "malware--00000000-0000-0000-0000-000000000002", "id": "malware--00000000-0000-0000-0000-000000000002",
"labels": [ "labels": [
"ransomware" "ransomware"

580
stix2/test/test_granular_markings.py
View File

@ -1,128 +1,134 @@
import pytest import pytest
from stix2 import markings from stix2 import Malware, exceptions, markings
from .constants import FAKE_TIME, MALWARE_ID, MARKING_IDS
from .constants import MALWARE_KWARGS as MALWARE_KWARGS_CONST
"""Tests for the Data Markings API.""" """Tests for the Data Markings API."""
MALWARE_KWARGS = MALWARE_KWARGS_CONST.copy()
MALWARE_KWARGS.update({
'id': MALWARE_ID,
'created': FAKE_TIME,
'modified': FAKE_TIME,
})
def test_add_marking_mark_one_selector_multiple_refs(): def test_add_marking_mark_one_selector_multiple_refs():
before = { before = Malware(
"description": "test description", **MALWARE_KWARGS
"title": "foo", )
} after = Malware(
after = { granular_markings=[
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, },
] ],
} **MALWARE_KWARGS
markings.add_markings(before, ["description"], ["marking-definition--1", "marking-definition--2"]) )
before = markings.add_markings(before, ["description"], [MARKING_IDS[0], MARKING_IDS[1]])
for m in before["granular_markings"]: for m in before["granular_markings"]:
assert m in after["granular_markings"] assert m in after["granular_markings"]
def test_add_marking_mark_multiple_selector_one_refs(): def test_add_marking_mark_multiple_selector_one_refs():
before = { before = Malware(
"description": "test description", **MALWARE_KWARGS
"title": "foo", )
} after = Malware(
after = { granular_markings=[
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "name"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
] ],
} **MALWARE_KWARGS
markings.add_markings(before, ["description", "title"], ["marking-definition--1"]) )
assert before == after before = markings.add_markings(before, ["description", "name"], [MARKING_IDS[0]])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_add_marking_mark_multiple_selector_multiple_refs(): def test_add_marking_mark_multiple_selector_multiple_refs():
before = { before = Malware(
"description": "test description", **MALWARE_KWARGS
"title": "foo", )
} after = Malware(
after = { granular_markings=[
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "name"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["description", "title"], "selectors": ["description", "name"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, }
] ],
} **MALWARE_KWARGS
markings.add_markings(before, ["description", "title"], ["marking-definition--1", "marking-definition--2"]) )
before = markings.add_markings(before, ["description", "name"], [MARKING_IDS[0], MARKING_IDS[1]])
for m in before["granular_markings"]: for m in before["granular_markings"]:
assert m in after["granular_markings"] assert m in after["granular_markings"]
def test_add_marking_mark_another_property_same_marking(): def test_add_marking_mark_another_property_same_marking():
before = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
] ],
} **MALWARE_KWARGS
after = { )
"description": "test description", after = Malware(
"title": "foo", granular_markings=[
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "name"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
] ],
} **MALWARE_KWARGS
markings.add_markings(before, ["title"], ["marking-definition--1"]) )
assert before == after before = markings.add_markings(before, ["name"], [MARKING_IDS[0]])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_add_marking_mark_same_property_same_marking(): def test_add_marking_mark_same_property_same_marking():
before = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
} },
] ],
} **MALWARE_KWARGS
after = { )
"description": "test description", after = Malware(
"title": "foo", granular_markings=[
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
} },
] ],
} **MALWARE_KWARGS
markings.add_markings(before, ["description"], ["marking-definition--1"]) )
assert before == after before = markings.add_markings(before, ["description"], [MARKING_IDS[0]])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
@pytest.mark.parametrize("data,marking", [ @pytest.mark.parametrize("data,marking", [
@ -329,176 +335,151 @@ def test_get_markings_positional_arguments_combinations(data):
def test_remove_marking_remove_one_selector_with_multiple_refs(): def test_remove_marking_remove_one_selector_with_multiple_refs():
after = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
}
before = {
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, }
] ],
} **MALWARE_KWARGS
markings.remove_markings(before, ["description"], ["marking-definition--1", "marking-definition--2"]) )
assert before == after before = markings.remove_markings(before, ["description"], [MARKING_IDS[0], MARKING_IDS[1]])
assert "granular_markings" not in before
def test_remove_marking_remove_multiple_selector_one_ref(): def test_remove_marking_remove_multiple_selector_one_ref():
after = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
}
before = {
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, }
] ],
} **MALWARE_KWARGS
markings.remove_markings(before, ["description", "title"], ["marking-definition--1"]) )
assert before == after before = markings.remove_markings(before, ["description", "modified"], [MARKING_IDS[0]])
assert "granular_markings" not in before
def test_remove_marking_mark_one_selector_from_multiple_ones(): def test_remove_marking_mark_one_selector_from_multiple_ones():
after = { after = Malware(
"description": "test description", granular_markings=[
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, }
] ],
} **MALWARE_KWARGS
before = { )
"description": "test description", before = Malware(
"title": "foo", granular_markings=[
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, }
] ],
} **MALWARE_KWARGS
markings.remove_markings(before, ["title"], ["marking-definition--1"]) )
assert before == after before = markings.remove_markings(before, ["modified"], [MARKING_IDS[0]])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_remove_marking_mark_one_selector_markings_from_multiple_ones(): def test_remove_marking_mark_one_selector_markings_from_multiple_ones():
after = { after = Malware(
"description": "test description", granular_markings=[
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, }
] ],
} **MALWARE_KWARGS
before = { )
"description": "test description", before = Malware(
"title": "foo", granular_markings=[
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, }
] ],
} **MALWARE_KWARGS
markings.remove_markings(before, ["title"], ["marking-definition--1"]) )
before = markings.remove_markings(before, ["modified"], [MARKING_IDS[0]])
for m in before["granular_markings"]: for m in before["granular_markings"]:
assert m in after["granular_markings"] assert m in after["granular_markings"]
def test_remove_marking_mark_mutilple_selector_multiple_refs(): def test_remove_marking_mark_mutilple_selector_multiple_refs():
after = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
}
before = {
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, }
] ],
} **MALWARE_KWARGS
markings.remove_markings(before, ["description", "title"], ["marking-definition--1", "marking-definition--2"]) )
assert before == after before = markings.remove_markings(before, ["description", "modified"], [MARKING_IDS[0], MARKING_IDS[1]])
assert "granular_markings" not in before
def test_remove_marking_mark_another_property_same_marking(): def test_remove_marking_mark_another_property_same_marking():
after = { after = Malware(
"description": "test description", granular_markings=[
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
},
]
}
before = {
"description": "test description",
"title": "foo",
"granular_markings": [
{
"selectors": ["description"],
"marking_ref": "marking-definition--1"
},
{
"selectors": ["title"],
"marking_ref": "marking-definition--1"
} }
] ],
} **MALWARE_KWARGS
markings.remove_markings(before, ["title"], ["marking-definition--1"]) )
assert before == after before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0]
},
{
"selectors": ["modified"],
"marking_ref": MARKING_IDS[0]
}
],
**MALWARE_KWARGS
)
before = markings.remove_markings(before, ["modified"], [MARKING_IDS[0]])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_remove_marking_mark_same_property_same_marking(): def test_remove_marking_mark_same_property_same_marking():
after = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
}
before = {
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
} }
] ],
} **MALWARE_KWARGS
markings.remove_markings(before, ["description"], ["marking-definition--1"]) )
assert before == after before = markings.remove_markings(before, ["description"], [MARKING_IDS[0]])
assert "granular_markings" not in before
def test_remove_marking_bad_selector(): def test_remove_marking_bad_selector():
@ -741,104 +722,97 @@ def test_is_marked_positional_arguments_combinations():
def test_set_marking_mark_one_selector_multiple_refs(): def test_set_marking_mark_one_selector_multiple_refs():
before = { before = Malware(
"description": "test description", **MALWARE_KWARGS
"title": "foo", )
} after = Malware(
after = { granular_markings=[
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, }
] ],
} **MALWARE_KWARGS
markings.set_markings(before, ["description"], ["marking-definition--1", "marking-definition--2"]) )
before = markings.set_markings(before, ["description"], [MARKING_IDS[0], MARKING_IDS[1]])
for m in before["granular_markings"]: for m in before["granular_markings"]:
assert m in after["granular_markings"] assert m in after["granular_markings"]
def test_set_marking_mark_multiple_selector_one_refs(): def test_set_marking_mark_multiple_selector_one_refs():
before = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--3" "marking_ref": MARKING_IDS[1]
}, }
] ],
} **MALWARE_KWARGS
after = { )
"description": "test description", after = Malware(
"title": "foo", granular_markings=[
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, }
] ],
} **MALWARE_KWARGS
markings.set_markings(before, ["description", "title"], ["marking-definition--1"]) )
assert before == after before = markings.set_markings(before, ["description", "modified"], [MARKING_IDS[0]])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_set_marking_mark_multiple_selector_multiple_refs_from_none(): def test_set_marking_mark_multiple_selector_multiple_refs_from_none():
before = { before = Malware(
"description": "test description", **MALWARE_KWARGS
"title": "foo", )
} after = Malware(
after = { granular_markings=[
"description": "test description",
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["description", "title"], "selectors": ["description", "modified"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, }
] ],
} **MALWARE_KWARGS
markings.set_markings(before, ["description", "title"], ["marking-definition--1", "marking-definition--2"]) )
before = markings.set_markings(before, ["description", "modified"], [MARKING_IDS[0], MARKING_IDS[1]])
for m in before["granular_markings"]: for m in before["granular_markings"]:
assert m in after["granular_markings"] assert m in after["granular_markings"]
def test_set_marking_mark_another_property_same_marking(): def test_set_marking_mark_another_property_same_marking():
before = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
} }
] ],
} **MALWARE_KWARGS
after = { )
"description": "test description", after = Malware(
"title": "foo", granular_markings=[
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--7" "marking_ref": MARKING_IDS[1]
}, },
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--8" "marking_ref": MARKING_IDS[2]
}, }
] ],
} **MALWARE_KWARGS
markings.set_markings(before, ["description"], ["marking-definition--7", "marking-definition--8"]) )
before = markings.set_markings(before, ["description"], [MARKING_IDS[1], MARKING_IDS[2]])
for m in before["granular_markings"]: for m in before["granular_markings"]:
assert m in after["granular_markings"] assert m in after["granular_markings"]
@ -879,76 +853,72 @@ def test_set_marking_bad_selector(marking):
def test_set_marking_mark_same_property_same_marking(): def test_set_marking_mark_same_property_same_marking():
before = { before = Malware(
"description": "test description", granular_markings=[
"title": "foo",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
} }
] ],
} **MALWARE_KWARGS
after = { )
"description": "test description", after = Malware(
"title": "foo", granular_markings=[
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
} }
] ],
} **MALWARE_KWARGS
markings.set_markings(before, ["description"], ["marking-definition--1"]) )
assert before == after before = markings.set_markings(before, ["description"], [MARKING_IDS[0]])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
CLEAR_MARKINGS_TEST_DATA = { CLEAR_MARKINGS_TEST_DATA = Malware(
"title": "test title", granular_markings=[
"description": "test description",
"revision": 2,
"type": "test",
"granular_markings": [
{ {
"selectors": ["description"], "selectors": ["description"],
"marking_ref": "marking-definition--1" "marking_ref": MARKING_IDS[0]
}, },
{ {
"selectors": ["revision", "description"], "selectors": ["modified", "description"],
"marking_ref": "marking-definition--2" "marking_ref": MARKING_IDS[1]
}, },
{ {
"selectors": ["revision", "description", "type"], "selectors": ["modified", "description", "type"],
"marking_ref": "marking-definition--3" "marking_ref": MARKING_IDS[2]
}, },
] ],
} **MALWARE_KWARGS
)
@pytest.mark.parametrize("data", [CLEAR_MARKINGS_TEST_DATA]) @pytest.mark.parametrize("data", [CLEAR_MARKINGS_TEST_DATA])
def test_clear_marking_smoke(data): def test_clear_marking_smoke(data):
"""Test clear_marking call does not fail.""" """Test clear_marking call does not fail."""
markings.clear_markings(data, "revision") data = markings.clear_markings(data, "modified")
assert markings.is_marked(data, "revision") is False assert markings.is_marked(data, "modified") is False
@pytest.mark.parametrize("data", [CLEAR_MARKINGS_TEST_DATA]) @pytest.mark.parametrize("data", [CLEAR_MARKINGS_TEST_DATA])
def test_clear_marking_multiple_selectors(data): def test_clear_marking_multiple_selectors(data):
"""Test clearing markings for multiple selectors effectively removes associated markings.""" """Test clearing markings for multiple selectors effectively removes associated markings."""
markings.clear_markings(data, ["type", "description"]) data = markings.clear_markings(data, ["type", "description"])
assert markings.is_marked(data, ["type", "description"]) is False assert markings.is_marked(data, ["type", "description"]) is False
@pytest.mark.parametrize("data", [CLEAR_MARKINGS_TEST_DATA]) @pytest.mark.parametrize("data", [CLEAR_MARKINGS_TEST_DATA])
def test_clear_marking_one_selector(data): def test_clear_marking_one_selector(data):
"""Test markings associated with one selector were removed.""" """Test markings associated with one selector were removed."""
markings.clear_markings(data, "description") data = markings.clear_markings(data, "description")
assert markings.is_marked(data, "description") is False assert markings.is_marked(data, "description") is False
@pytest.mark.parametrize("data", [CLEAR_MARKINGS_TEST_DATA]) @pytest.mark.parametrize("data", [CLEAR_MARKINGS_TEST_DATA])
def test_clear_marking_all_selectors(data): def test_clear_marking_all_selectors(data):
markings.clear_markings(data, ["description", "type", "revision"]) data = markings.clear_markings(data, ["description", "type", "modified"])
assert markings.is_marked(data, "description") is False assert markings.is_marked(data, "description") is False
assert "granular_markings" not in data assert "granular_markings" not in data

39
stix2/test/test_object_markings.py
View File

@ -17,35 +17,32 @@ MALWARE_KWARGS.update({
def test_add_markings_one_marking(): def test_add_markings_one_marking():
before = { before = Malware(
"title": "test title", **MALWARE_KWARGS
"description": "test description" )
}
after = { after = Malware(
"title": "test title", object_marking_refs=[MARKING_IDS[0]],
"description": "test description", **MALWARE_KWARGS,
"object_marking_refs": [MARKING_IDS[0]] )
}
markings.add_markings(before, None, MARKING_IDS[0]) before = markings.add_markings(before, None, MARKING_IDS[0])
assert before == after for m in before["object_marking_refs"]:
assert m in after["object_marking_refs"]
def test_add_markings_multiple_marking(): def test_add_markings_multiple_marking():
before = { before = Malware(
"title": "test title", **MALWARE_KWARGS
"description": "test description" )
}
after = { after = Malware(
"title": "test title", object_marking_refs=[MARKING_IDS[0], MARKING_IDS[1]],
"description": "test description", **MALWARE_KWARGS,
"object_marking_refs": [MARKING_IDS[0], MARKING_IDS[1]] )
}
markings.add_markings(before, None, [MARKING_IDS[0], MARKING_IDS[1]]) before = markings.add_markings(before, None, [MARKING_IDS[0], MARKING_IDS[1]])
for m in before["object_marking_refs"]: for m in before["object_marking_refs"]:
assert m in after["object_marking_refs"] assert m in after["object_marking_refs"]