Commit Graph

311 Commits (1a1e5e161637dc47f1d9e9792fdec5fff2c0b513)

Author SHA1 Message Date
Greg Back f3431c97da nested summaries for sources 2017-10-05 18:45:31 +00:00
Richard Piazza 0dc3226048 added test for Timestamp_Constant 2017-10-05 13:43:56 -04:00
Chris Lenk 233ee7924e Merge branch 'master' into documentation 2017-10-04 10:38:40 -04:00
Chris Lenk 2bdf83401a Add a shortcut for marking functions
So marking functions like `add_markings()` can be directly called as methods on
SDO/SRO classes. Note that they return new versions of the objects
because objects are immutable.
2017-10-03 10:28:58 -04:00
Chris Lenk 035f1a6c73 Support MarkingDefinition objs, not just ID strs
(when passed into `add_markings()` or `remove_markings()`)
2017-10-02 12:28:47 -04:00
= 4af665bf81 merge conflicts 2017-09-29 15:47:39 -04:00
Greg Back b31b4f29f8 Handle inconsistent error messages between Python 2 and Python 3. 2017-09-29 18:45:15 +00:00
= ffa2242878 code changes brought about by discussion of pull request of 'bug_fixes' branch 2017-09-29 11:24:19 -04:00
= 55943847fa updated corresponding tests that would have broke 2017-09-22 11:49:54 -04:00
Chris Lenk 21d978acc8 Fix errors when instantiating custom classes
Defining a custom object/observable/extension class with no custom
__init__() function would result in an `AttributeError` or `TypeError`,
depending on if the class sub-classed `object` or not.
2017-09-21 09:11:01 -04:00
Chris Lenk be07c32500 Add parse() to Environment layer
The Environment layer does not keep its own mapping of custom object types.
If we think it likely that users will want to maintain separate lists of
custom object types between two or more Environments, we can add this
later.
2017-09-08 12:40:01 -04:00
Chris Lenk 4dfb5d2365 Test Environment layer 2017-09-08 09:01:12 -04:00
Greg Back adac43708b Merge pull request #46 from oasis-open/markings
Marking Support
2017-09-05 19:08:45 +00:00
Chris Lenk 42962e6675 Improve markings tests
- Test markings functions with both dictionaries and our _STIXBase-derived
  classes as input.
- Slightly improve test coverage.
- Drop Python 2.6 support.
2017-09-01 16:41:16 -04:00
Chris Lenk cc66e1a492 Make markings function signatures consistent
Put `marking` before `selectors`. The granular marking version of
`is_marked` requires selectors to not be None.
2017-09-01 10:50:01 -04:00
Emmanuelle Vargas-Gonzalez 6f36ea8488 Merge remote-tracking branch 'oasis/master' into datastores 2017-09-01 10:13:57 -04:00
Emmanuelle Vargas-Gonzalez 13f2810b25 Remove name positional argument, clean memory.py redundant codeother minor changes. Increase coverage. 2017-09-01 08:15:50 -04:00
Greg Back 124da846c3 Merge branch 'master' into markings 2017-08-31 20:36:59 +00:00
Greg Back b1054e780a Merge remote-tracking branch 'origin/master' into datastores 2017-08-31 19:52:48 +00:00
Greg Back ba846f9501 Clean up some tests. 2017-08-31 18:23:08 +00:00
Greg Back 7b46283a5c Build filter function map 2017-08-31 18:21:29 +00:00
Chris Lenk 9d45a3dca2 Keep MALWARE_KWARGS to a minimal set
...but use an additional set with a description for marking tests.
2017-08-31 12:51:13 -04:00
Chris Lenk 15287959a4 Modify versioning API to work on dictionaries
This includes new_version() and revoke().
2017-08-31 12:28:07 -04:00
clenk 8a33cb7716 Touch up ObjectReferenceProperty checks
- reword "_refs" error
- check with isinstance instead of __class__.__name__
2017-08-30 16:15:05 -04:00
clenk 0e658255a8 Move check to when custom observable is defined
Catch properties named "_ref" or "_refs" that aren't
ObjectReferenceProperty when the custom observable is defined, not when
it is instantiated.
2017-08-30 15:33:28 -04:00
Emmanuelle Vargas-Gonzalez 8ca2c3390b Minor changes to DataSource.apply_common_filters(). Improve overall code coverage. 2017-08-29 15:15:32 -04:00
Emmanuelle Vargas-Gonzalez 415c53066f Code coverage changes, fix some tests. Add stix2-validator dependency. 2017-08-28 15:19:55 -04:00
Emmanuelle Vargas-Gonzalez aea076103c Update tests to improve coverage. 2017-08-28 14:33:12 -04:00
Emmanuelle Vargas-Gonzalez 07bbe23a98 Add some tests for custom objects. 2017-08-28 14:32:05 -04:00
clenk 095c5066d5 Touch up markings tests
Increase code coverage and s/tlo/sdo/
2017-08-25 15:56:39 -04:00
clenk 0cd75e3fba Increase code coverage 2017-08-24 17:53:43 -04:00
clenk 6fa3c84aa3 Improve tests and coverage for custom content
In ObservableProperty.clean(), parse_observable() will handle the issue
of non-cyber observable objects being presnt in an observable property.
The line raising a ValueError would not be reached so it was removed.
2017-08-24 15:46:36 -04:00
Emmanuelle Vargas-Gonzalez dd17e88ae0 Code refactor/clean-up, changed some exceptions. Update docstrings. 2017-08-24 12:47:14 -04:00
clenk ee49e78c72 Add custom extensions to cyber observables
Fix #31.
2017-08-23 18:36:24 -04:00
Emmanuelle Vargas-Gonzalez 8d4c1d55b5 Minor style changes. 2017-08-23 13:12:40 -04:00
Emmanuelle Vargas-Gonzalez f33427328b Update tests for object and granular markings. 2017-08-23 13:07:22 -04:00
Emmanuelle Vargas-Gonzalez f437a4df5b Merge branch 'datastores' of github.com:oasis-open/cti-python-stix2 into datastores 2017-08-22 10:47:23 -04:00
Emmanuelle Vargas-Gonzalez d060abbed5 Updated regex expressions. Thanks to @drothenberg for that contribution! 2017-08-22 10:47:13 -04:00
Greg Back 69eb09c32b Merge remote-tracking branch 'origin/master' into datastores 2017-08-21 22:40:07 +00:00
Greg Back 4cd99f04ea Use version of taxii2-client from PyPI. 2017-08-21 22:16:23 +00:00
clenk 8687521111 Change object markings for immutable SDOs 2017-08-21 13:57:01 -04:00
clenk d4edb8b0bc Validate patterns when creating Indicators 2017-08-18 14:22:57 -04:00
clenk c0d02fbfcd [WIP] Touch up marking code 2017-08-18 12:36:34 -04:00
clenk 14b922ba92 Merge remote-tracking branch 'emmanvg/marking-support' into markings 2017-08-17 12:26:46 -04:00
Emmanuelle Vargas-Gonzalez 681be1a5d9 Make CompositeDataStore subclass DataStore. Remove deduplicate() from CompositeDataSource. 2017-08-16 09:58:33 -04:00
Emmanuelle Vargas-Gonzalez 4ffc8edeeb Update all tests. Re-organize EXPECTED values, update some regex expressions. 2017-08-15 13:41:51 -04:00
Emmanuelle Vargas-Gonzalez cb5c4ad080 Merge pull request #42 from oasis-open/bundles Parse bundles correctly 2017-08-14 15:21:58 -04:00
Emmanuelle Vargas-Gonzalez 569ca34d78 Remove test skip for data_sources. 2017-08-14 15:02:26 -04:00
Emmanuelle Vargas-Gonzalez 226a41e0ff Merge pull request #41 from oasis-open/namedtuple-filters Use Namedtuples for Filters. 2017-08-14 15:01:07 -04:00
clenk ee8013d782 Parse bundles correctly
This required refactoring parts of the library. Code in __init__.py
merged into bundle.py, which was renamed core.py. Code in other.py was
merged into common.py.

Fixes #40.
2017-08-11 16:18:20 -04:00
Emmanuelle Vargas-Gonzalez 86fd3778f5 Formatting changes, replace deduplicate() code in DataSource, missing super() calls to initialize objects. 2017-08-11 08:10:20 -04:00
Greg Back 961dfdc984 Convert rest of code to use namedtuple Filters 2017-08-09 19:25:06 +00:00
Greg Back 87f7503c0a Convert filters to be NamedTuples 2017-08-09 18:49:06 +00:00
Emmanuelle Vargas-Gonzalez a4ead4f6e7 Formatting changes, skip add/remove filter test, change deduplicate() approach. 2017-08-09 13:31:07 -04:00
Greg Back b8c96e37a2 Update to get tests passing 2017-07-20 20:30:04 +00:00
Greg Back b82606ba38 Clean up TAXII Datastore to use latest TAXII client 2017-07-20 19:36:54 +00:00
Greg Back 55e92bc237 Update with correct class name
Also PEP-8 fixes
2017-07-19 21:30:29 +00:00
Greg Back bf9677094f Merge branch 'master' into datastores 2017-07-19 21:21:08 +00:00
Greg Back bac87465cb Merge pull request #35 from oasis-open/pattern_expressions
Pattern expressions
2017-07-19 14:17:57 +00:00
Richard Piazza a2aacc5e20 merge all classes into patterns.py 2017-07-19 14:03:43 +00:00
Greg Back 595ba10695 Merge pull request #34 from oasis-open/object-factory
Object factory
2017-07-19 13:54:24 +00:00
= 20958b908a more tests for TAXII data source 2017-07-18 20:42:43 +00:00
Richard Piazza 27af0c0d5b Fixed style errors 2017-07-18 20:34:39 +00:00
Richard Piazza 6fa009e509 added object_paths
added more tests for pattern expressions
added "set" comparison expressions
implemented make_constant
fixed type name for EmailAddress
2017-07-18 20:30:02 +00:00
Richard Piazza c1b07ef505 Introduce constant objects for literals in pattern expressions
fixed idioms
2017-07-18 20:26:46 +00:00
Richard Piazza c8bcece6f6 added tests for expressions
fix __str__ methods
2017-07-18 20:26:46 +00:00
Richard Piazza c0467da5f9 added classes for Pattern Expressions 2017-07-18 20:26:44 +00:00
clenk 4bdbb4a2f9 Deep-copy in Object Factory and allow appending multiple items to list
properties in ObjectFactory.create()
2017-07-18 12:05:19 -04:00
clenk 2e45cacd52 Add to list properties like `external_references`, but include option to
replace instead
2017-07-17 14:56:13 -04:00
clenk e233a424fb Drop granular markings from object factory for now 2017-07-14 16:11:48 -04:00
clenk 5c5903179d Fix import sort order 2017-07-14 16:02:29 -04:00
clenk 7ebf5ac7c7 Fix timestamp in test 2017-07-14 15:30:19 -04:00
clenk e1330692c8 Move ObservableProperty, ExtensionsProperty, and Observable parsing code
into observables.py to prevent circular imports and fix #23.
2017-07-14 15:10:12 -04:00
clenk 4dba41afc8 Add created to object factory, clean up code 2017-07-13 09:45:43 -04:00
Emmanuelle Vargas-Gonzalez 6d2cfcdedf [WIP] Update tests. 2017-07-13 07:57:33 -04:00
clenk 6ddad22810 Add external references to object factory 2017-07-12 16:11:51 -04:00
clenk 593f16662a Add granular markings to object factory 2017-07-12 15:22:50 -04:00
clenk 659ad3df89 Add object markings to object factory 2017-07-12 14:44:52 -04:00
clenk 0c47936ee0 Create ObjectFactory class
currently only supports created_by_ref
2017-07-12 11:36:15 -04:00
Greg Back 9bfc240008 Merge pull request #27 from oasis-open/issue26
Allow passing a list to Bundle constructor
2017-07-06 13:36:06 +00:00
clenk 1d3c59cc44 Move TLP constants up to stix2 namespace 2017-07-05 13:27:09 -04:00
clenk 1ea9671b68 Allow passing a list to Bundle constructor
Fix #26
2017-07-05 11:31:56 -04:00
clenk 29d9467ce0 Add more timestamp test cases, address suggestions 2017-06-28 15:55:23 -04:00
clenk e01ce132db Add timestamp precision for `created` and `modified`
Fix #24
2017-06-22 18:47:35 -04:00
clenk fdbb6ff337 Add custom Cyber Observables 2017-06-14 09:36:35 -04:00
clenk d4e92dd813 Allow adding validation to custom object types
_Custom.__init__() is a solution to recursion errors arising from using
a decorator. See https://stackoverflow.com/q/14739809/1013457
2017-06-13 10:27:31 -04:00
clenk bcfb13f23c Add custom STIX Object types 2017-06-12 16:22:16 -04:00
clenk 8f1ae4e6d3 Add custom properties via 'allow_custom'
Custom properties can be specified by passing them to a STIX object
constructor in the 'custom_properties' argument, or with the
'allow_custom' argument set to True, which will add any unrecognized
keyword arguments as properties on the object. The 'allow_custom'
argument can also be used with the parse() and parse_observable()
functions.
An error is now raised when attempting to parse objects without a 'type'
property, such as external references, kill chain phases, and granular
markings. The object which contains them is what should be parsed, not
these objects themselves.
2017-06-12 13:04:20 -04:00
Emmanuelle Vargas-Gonzalez 1f258551e1 Add and update tests for markings API. 2017-06-09 14:22:56 -04:00
clenk 9036c7f7b8 Add custom properties 2017-06-09 12:30:19 -04:00
Emmanuelle Vargas-Gonzalez c1c5c05f47 Some changes to Process and EmailMessage objects. Added tests. 2017-06-08 10:09:18 -04:00
clenk 860efcc230 Make object attribute access act like dictionary access, raising an
error for any property (including custom or optional) not set on the object.
2017-06-07 11:06:20 -04:00
Emmanuelle Vargas-Gonzalez 653eef4b95 Revert changes to test_file_example_encryption_error() 2017-06-02 13:47:08 -04:00
Emmanuelle Vargas-Gonzalez d579c12172 Update ImmutableError test cases. 2017-06-02 07:34:37 -04:00
Emmanuelle Vargas-Gonzalez e1e7bade3f Updated this test since setting the value to False should not be a reason to fail the test. 2017-06-01 15:25:46 -04:00
Emmanuelle Vargas-Gonzalez ad46474663 Update immutable tests. 2017-06-01 12:43:42 -04:00
Greg Back 53ddf32e8c Style/lint fixes 2017-05-31 08:58:14 -05:00
= 6c3a689f02 fixed indentation 2017-05-31 09:47:36 -04:00
= c65055bb0e tests for TAXII data source; some bug fixes 2017-05-30 16:56:27 -04:00
Greg Back fc1ce6d56d Add some tests 2017-05-25 12:31:45 -05:00
clenk b4dfa07a20 Improve coverage of utils.py
Also fix bugs this discovers. Fix #15.
2017-05-22 11:15:55 -04:00
Greg Back 41f2ceb8e5 Change remaining 'fields' to 'properties' 2017-05-19 12:51:59 -05:00
Greg Back a913d9d5ad Merge pull request #14 from oasis-open/parse-cyber-observables
Parse cyber observables
2017-05-19 09:15:00 -05:00
clenk 0d736509e2 Fix tests 2017-05-18 11:24:43 -04:00
clenk 931de31a10 Merge branch 'parse-cyber-observables' of https://github.com/oasis-open/cti-python-stix2 into parse-cyber-observables 2017-05-18 11:08:12 -04:00
Chris Lenk b6e22bcbdf Merge pull request #12 from rpiazza/cyber-observables
Cyber observables
2017-05-18 11:02:10 -04:00
Richard Piazza f56ea8e951 added tests for process and file extensions
if no properties are passed to _check_at_least_one_property assume its all properties
when extensions are involved always check them in _check_at_least_one_property (caused by raising the exception on the enclosing type)
added _check_object_constaints to extensions, where appropriate
2017-05-17 15:33:28 -04:00
clenk 3e0e80141b For object reference properties, check the type of the object
referenced, not only that it is included in the local scope.
2017-05-17 15:21:02 -04:00
Richard Piazza 7c71b9e577 added tests for File and Process extensions
fixed typo in WindowsPEOptionalHeaderType
2017-05-16 12:39:04 -04:00
clenk 9761c37f20 Replace 'field' with 'property' to be consistent
with the specification
2017-05-16 12:27:30 -04:00
clenk a520a67511 Add tests for the Network Traffic extension and
User Account extensions
2017-05-16 11:35:43 -04:00
clenk 2460fb75be Rework select properties to use get_dict(),
which automatically coerces values to a dictionary if possible
2017-05-16 09:25:08 -04:00
Richard Piazza 6456e490cc added rest of cyber observables extensions and embedded objects
set up EXT_MAPs
added FloatProperty
implemented ExtensionsProperty
2017-05-15 13:48:41 -04:00
clenk 958e60b01d Add 'labels' property to COMMON_PROPERTIES 2017-05-15 10:57:40 -04:00
clenk 9273207576 Merge branch 'parse-cyber-observables' of https://github.com/oasis-open/cti-python-stix2 into parse-cyber-observables 2017-05-12 12:19:54 -04:00
clenk 0568a0e671 Add ExtensionsProperty and ArchiveExt 2017-05-12 11:22:23 -04:00
Richard Piazza 29871427b7 fix import error 2017-05-11 15:42:56 -04:00
Rich Piazza ae5fb51564 Merge branch 'parse-cyber-observables' into cyber-observables 2017-05-11 15:29:15 -04:00
Richard Piazza 94f4f48329 Changes so File object creation doesn't violate on of the MUSTs
Added three new exceptions: DependentPropertiestError, AtLeastOnePropertyError, MutuallyExclusivePropertiesError
Added tests for NetworkTraffic, Process, URL, WindowsRegistryKey and X509Certificate
Added error tests for EmailMessage, NetworkTraffic, Artifact,
Added interproperty checker methods to the base class:  _check_mutually_exclusive_properties, _check_at_least_one_property and _check_properties_dependency
Added interproperty checkers to Artifact, EmailMIMEComponent, EmailMessage, NetworkTraffic
Made NetworkTraffic.protocols required
Added X509V3ExtenstionsType class
Use EmbeddedObjectProperty for X509Certificate.x509_v3_extensions
2017-05-11 15:22:46 -04:00
clenk 13245d28ce Add EnumProperty, use it in WindowsRegistryValueType 2017-05-10 11:52:59 -04:00
Rich Piazza 7c1fd1e7f0 Merge branch 'parse-cyber-observables' into cyber-observables 2017-05-09 15:36:59 -04:00
Richard Piazza c3477b83bf encryption_algorithm was misspelled
uncomment test_file_example_encryption_error
added _check_object_constrains and properties_populated to base class
added ObjectConstraintError
added _check_object_constrains for File
2017-05-09 15:28:32 -04:00
clenk bdd18be6c3 Switch to isort for checking import order
because it has a pre-commit hook
2017-05-09 15:10:53 -04:00
clenk f4c813d84b Merge branch 'parse-cyber-observables' 2017-05-09 12:39:17 -04:00
clenk 555c81d30f Add EmailMessage and EmbeddedObjectProperty (for embedded object types
like EmailMIMEComponent)
2017-05-09 11:03:19 -04:00
Richard Piazza 125f57e297 added basic cyber observables
added some test cases
in Observable constructor permit no _valid_refs in kwargs
in Observable._check_property ensure that the prop_name is in the kwargs
2017-05-08 21:03:15 -04:00
clenk d26662776c Merge branch 'master' into parse-cyber-observables 2017-05-08 11:14:54 -04:00
clenk 04e3a72a7d Add EmailAddress and ObjectReferenceProperty 2017-05-05 12:32:02 -04:00
Richard Piazza c9320ad895 style errors 2017-05-04 16:41:37 -04:00
Richard Piazza 200bb8556f added unsetting capability
cleaned up MissingFieldsError tests
error when new modified property is earlier than current modified property
2017-05-04 16:34:08 -04:00
clenk 1a75d830bb Add Autonomous System 2017-05-03 18:19:30 -04:00
clenk 2c67b90638 Add Artifact type 2017-05-03 17:35:33 -04:00
clenk c63ba8e447 Add ObservableProperty, DictionaryProperty, HashesProperty,
BinaryProperty, and HexProperty
2017-05-03 14:10:10 -04:00
Richard Piazza 5b8585b392 added versioning test for embedded_object
replaced VersioningError with RevokeError and UnmodifiablePropertyError
added __deepcopy__ to base class to handle embedded_objects
2017-05-03 12:14:09 -04:00
Richard Piazza c2d628db50 import style errors 2 2017-05-02 15:53:07 -04:00
Richard Piazza 411c087fc1 import style errors 2017-05-02 14:25:01 -04:00
Richard Piazza a70fc2c952 Added versioning api, with tests 2017-05-02 14:17:26 -04:00
Richard Piazza 4efe5357b1 Added versioning api, with tests 2017-05-02 14:06:42 -04:00
clenk c5ba5dad65 Modify UUID checking 2017-04-25 10:03:37 -04:00
clenk cd815bfe84 Fix import order, add flake8-import-order plugin
to Tox
2017-04-24 18:29:56 -04:00
clenk 76acd8c0c2 Merge branch 'master' into parsing 2017-04-19 15:22:36 -04:00
clenk d06df8b9da Fix parsing errors
- Typos in Attack Pattern tests
- Put MarkingDefinition, ExternalReference, and KillChainPhase together
  in a file for objects that aren't SDOs or SROs
- Create utility function to return dictionary from string or
  file-like object
- Put off testing parsing Cyber Observable Objects until a later commit
2017-04-19 14:32:56 -04:00
clenk fabfbe20ec Parse all SDOs and SROs 2017-04-19 09:22:08 -04:00
Greg Back 6bf3584616 Create custom exception class for modifying an immutable object. 2017-04-18 15:06:41 -05:00
Greg Back 91cecb7b0c Add exception for extra/invalid custom properties. 2017-04-18 14:56:16 -05:00
Greg Back 32ff00559e Rename exception class. 2017-04-18 14:42:59 -05:00
Greg Back a7805c4ac0 Add Exception for missing values. 2017-04-18 14:41:18 -05:00
Greg Back 2aa1f5cedd Add exception for invalid Property values. 2017-04-18 14:19:16 -05:00
clenk 05ccffc5bd Use correct Property classes for all STIX objects 2017-04-18 09:21:38 -04:00
clenk a14d507f48 Add IntegerProperty 2017-04-18 09:19:38 -04:00