Commit Graph

1287 Commits (a8a65599bfaba7a1617aaa8edea65384a4f6c6f2)

Author SHA1 Message Date
Emmanuelle Vargas-Gonzalez 690a515f00 add methods to environment.py 2021-02-16 00:58:33 -05:00
Emmanuelle Vargas-Gonzalez 02b076b3bb resolve issues with graph similarity
- new methods for graph equivalence and similarity
- remove sorting and len comparisons
- rename some variables
2021-02-16 00:57:26 -05:00
Michael Chisholm 745696cba1 Remove "canonical" from a couple more places in docstrings which
I missed.
2021-02-14 19:25:59 -05:00
Michael Chisholm ccaa8b62ae pre-commit stylistic fix 2021-02-11 19:35:28 -05:00
Michael Chisholm 631460f45f Rename various symbols and change various comments to refer to
normalization instead of canonicalization.
2021-02-11 19:33:57 -05:00
Chris Lenk e513081100
Merge pull request #458 from chisholm/versioning_refinements
Versioning refinements
2021-02-06 22:59:18 -05:00
Chris Lenk 5971129b7c
Avoid potential KeyError in _is_versionable_type() 2021-02-05 17:42:04 -05:00
Michael Chisholm 5a210192bd pre-commit stylistic fix 2021-02-04 17:33:25 -05:00
Michael Chisholm 9e9a61c71c Fix bug with observation expression DNF transformer, where it was
not preserving operand order when distributing FOLLOWEDBY.
2021-02-04 16:45:39 -05:00
Emmanuelle Vargas-Gonzalez 30fd8c3464 compact calls 2021-02-02 00:08:11 -05:00
Emmanuelle Vargas-Gonzalez a7eb4113de minor change to align API 2021-02-02 00:04:04 -05:00
Emmanuelle Vargas-Gonzalez 489970718f WIP: changes to graph_similarity
busted main loop, symmetrical properties not present
2021-02-01 22:35:37 -05:00
Chris Lenk bfc47e73f5
Merge pull request #485 from oasis-open/emmanvg-patch-1
Update CustomObservale decorator
2021-01-29 09:52:00 -05:00
Michael Chisholm 624d71ed53 pre-commit stylistic fixes 2021-01-28 23:02:23 -05:00
Michael Chisholm 0dd6462d60 Add some unit tests which try to version marking-definitions. 2021-01-28 23:02:23 -05:00
Michael Chisholm a97645abc3 Add some missing docstrings on a few exception classes. 2021-01-28 23:02:23 -05:00
Michael Chisholm c74d06aadc Improve versioning.new_version() to better handle custom objects
and dicts, and add better raised exception types if versioning
couldn't be done.  I changed workbench monkeypatching a bit, to
copy some class attributes over to the workbench wrapper
class-like callables, since some code expected those attributes
to be there (e.g. the versioning code).
2021-01-28 23:02:23 -05:00
Chris Lenk 3878788da4
Update is_sro docstring 2021-01-28 22:54:52 -05:00
Michael Chisholm 98b0b2ed41 pre-commit stylistic fix 2021-01-28 19:32:27 -05:00
Michael Chisholm 83abf78af5 Remove old compatibility code regarding importing the old
stix2.core module.
2021-01-28 19:21:57 -05:00
Michael Chisholm eead72aabc Fix docstring typo in is_marking(). Made a minor docstring
update to is_sro() as well, so it doesn't talk as if you can
register custom SROs.  That didn't actually make sense.
2021-01-27 22:25:41 -05:00
Emmanuelle Vargas-Gonzalez 77d20c787a
Update observables.py
Add missing common properties in decorator closes #484
2021-01-27 11:31:14 -05:00
Michael Chisholm f9b9e0d2d7 pre-commit stylistic fixes 2021-01-20 20:59:10 -05:00
Michael Chisholm 404fcd04ca Remove some ugly python2 compatibilty code from stix2.versioning
module, since we no longer support python2.
2021-01-20 20:58:13 -05:00
Michael Chisholm 38067a6ec7 pre-commit stylistic fixes 2021-01-20 20:49:01 -05:00
Michael Chisholm 92a478b39b A minor revision to stix2.versioning: it's silly to look up a
class in the registry when you have an instance of one of those
classes.  Because in that case, you can just get the class of the
instance and not deal with the registry at all.
2021-01-20 19:42:06 -05:00
Michael Chisholm 5aadf1ae91 Add some unit tests for attempting to change ID contributing
properties of a 2.1 SCO with UUIDv5 ID, when creating a new
version.
2021-01-20 19:16:22 -05:00
Michael Chisholm 473e7d0068 Change versioning module to use some of the is_* utility
functions.  Changed some ">= 2.1" stix version semantics to be
"== 2.1", because we don't have any version >= 2.1, so they are
currently equivalent, and the is_*() functions don't support
STIX version ranges.  They only support exact versions.  We can
look at this again if a newer STIX version ever emerges.

Also added a class_for_type() function to the registry module,
which was useful for the versioning module changes described
above.  I thought that function would be helpful in the parsing
module, to simplify code there, so I changed that module a bit
to use it.
2021-01-20 16:59:39 -05:00
Michael Chisholm fe2330af07 Improve is_sdo() et al utility functions with respect to
dict/mapping values: do a simple verification of the value's
STIX version, not just its type.  Added a lot more unit tests to
test behavior on dicts.  To make the implementation work, I had
to move the detect_spec_version() function out of the parsing
module and into utils.  So that required small changes at all
its previous call sites.
2021-01-20 16:59:39 -05:00
Michael Chisholm f8c86f7352 Fixups after a rebase. There were several conflict resolutions
and I probably forgot some stuff...
2021-01-20 16:59:39 -05:00
Michael Chisholm bf284d0a0b Fix silly docstring copy-paste typo 2021-01-20 16:59:39 -05:00
Michael Chisholm db1d0b736b Remove registry.get_stix2_class_maps(), since now that the
class map structure is keyed by normal "X.Y" style versions,
the convenience that function provided is no longer necessary.
So it no longer makes sense to have the function (at least,
not for that reason).  Change users of that function to use
the STIX2_OBJ_MAPS structure directly.
2021-01-20 16:59:39 -05:00
Michael Chisholm f88fba6751 Change the stix2 class map structure to be keyed at the top
level with STIX versions in the same format as is used everywhere
else in the API: "X.Y", as opposed to the "vXY" format used by
the version-specific python packages.  This eliminates all of
the awkward conversion from public API format to "vXX" format.

Also a little bit of code rearranging in the registration module
to ensure that some STIX 2.1-specific checks are done whether
version 2.1 is given explicitly or is defaulted to.

In the same module I also added a missing import of
stix2.properties, since my IDE was claiming it could not find a
function from that module.
2021-01-20 16:59:38 -05:00
Michael Chisholm 188f704b28 Remove a "this needs to be moved into the stix2 library" comment,
since this *is* in the stix2 library!
2021-01-20 16:59:38 -05:00
Michael Chisholm 24307626b0 Move get_stix2_class_maps() from .utils to .registry (since it's
really just a simple accessor into the class maps table), and
change other code to use it, in places where it was simple and
made sense.
2021-01-20 16:59:38 -05:00
Michael Chisholm 0f2ce0ac72 Add unit tests for the is_*() utility type checking functions. 2021-01-20 16:59:38 -05:00
Michael Chisholm 51937232db Fix to an import statement which was necessary due to the
circular import refactoring.  I think I just forgot to include
this in the previous commit...
2021-01-20 16:59:38 -05:00
Michael Chisholm fa6cff8a34 WIP adding is_sdo() et al functions to this library. On hold
while I address circular import problems.
2021-01-20 16:59:38 -05:00
Chris Lenk a0d535336e Merge 'master' and fix imports for consistency 2021-01-15 12:34:10 -05:00
Chris Lenk 7de5c458bb Fix import sort order 2021-01-15 10:27:39 -05:00
Chris Lenk a3f20dde7a Use consistent import style in parsing.py 2021-01-15 10:27:23 -05:00
Emmanuelle Vargas-Gonzalez 983f931ecd some missing fixes...
- for some reason they only showed up on PY38
2021-01-13 19:48:33 -05:00
Emmanuelle Vargas-Gonzalez 85c14d1502 all changes from add-trailing-commas v2.0.2 2021-01-13 17:52:15 -05:00
Emmanuelle Vargas-Gonzalez acc90c2f4c changes brought by isort and add-trailing-commas 2021-01-13 17:50:21 -05:00
Michael Chisholm 5d016142cf Small tweaks: move the definition of DEFAULT_VERSION from the
top-level stix2 package to stix2.version but import it into
stix2.  This makes it possible for someone to get the symbol
without needing to import all of stix2.

Change an "import X" style import to "from X import Y" in
stix2/__init__.py to be consistent with the other imports in
that file.
2021-01-13 11:22:34 -05:00
Michael Chisholm f51e309775 Refactor stix2.parsing into more focused modules:
- stix2.registry, which contains the class mapping structure
  and code for scanning stix2 modules for its initial population
- stix2.registration, which contains code used to register custom
  STIX types with the registry
- stix2.parsing, which contains code for creating instances of
  registered stix2 classes from raw dicts.

This is intended to reduce circular import problems, by giving
dependent code the ability to import a module which has exactly
the functionality it needs, without pulling a lot of other stuff
it doesn't need.  Fewer imports means less chance of an import
cycle.
2021-01-08 22:08:33 -05:00
Emmanuelle Vargas-Gonzalez 76eebeb549 expose **taxii_filters_dict on requests 2020-12-22 16:52:27 -05:00
Emmanuelle Vargas-Gonzalez ace64c4042 provide pagination support for requests in the TAXIICollectionSource 2020-12-21 17:53:53 -05:00
Chris Lenk 5bddf9321e Bump version: 2.0.2 → 2.1.0 2020-11-20 17:37:58 -05:00
Chris Lenk b55c3bb1df Fix pattern equivalence doc style for consistency 2020-11-20 16:34:11 -05:00
Emmanuelle Vargas-Gonzalez 119364c889
Merge branch 'master' into 472-issue 2020-11-20 10:02:46 -05:00
Chris Lenk a82dc5e813
Merge pull request #475 from oasis-open/equivalence-indicator-patterns
Use pattern equivalence in indicators
2020-11-20 09:56:35 -05:00
Chris Lenk 53f451b097 Use pattern equivalence in indicators 2020-11-20 09:33:56 -05:00
Emmanuelle Vargas-Gonzalez e7242c9ae6 forgot one... 2020-11-19 08:48:57 -05:00
Emmanuelle Vargas-Gonzalez 49985cc51d fix ordering problem with Class definitions 2020-11-18 19:01:12 -05:00
Emmanuelle Vargas-Gonzalez c9bafaf5ae fix typo for Class X509V3ExtensionsType 2020-11-18 18:08:57 -05:00
Michael Chisholm 169ef87bc2 pre-commit stylistic fixes 2020-11-16 15:10:06 -05:00
Michael Chisholm f5bbbe7a3b Fix bug with reference type enforcement on property
where_sighted_refs on Sighting.
2020-11-16 15:04:24 -05:00
Chris Lenk a751df32c6
Fix Location semantic equivalence check for Location objects without the latitude and longitude properties (#467)
* Fix Location semantic equivalence check for Location objects without the latitude and longitude properties.

Uses contribution from @zrush-mitre (#464).

Fixes #462.

* Remove a line
2020-11-10 12:55:17 -05:00
Chris Lenk e08a26a39c Correct variable name 2020-10-18 21:09:07 -04:00
Emmanuelle Vargas-Gonzalez 92ab1227ed docstrings, changes to equivalence.ipynb 2020-10-16 17:12:52 -04:00
Emmanuelle Vargas-Gonzalez fb705c4885
Graph Equivalence (#449)
* new packages for graph and object-based semantic equivalence

* new method graphically_equivalent for Environment, move equivalence methods out

* object equivalence function, methods used for object-based moved here.

* new graph_equivalence methods

* add notes

* add support for versioning checks (default disabled)

* new tests to cover graph equivalence and new methods

* added more imports to environment.py to prevent breaking changes

* variable changes, new fields for checks, reset depth check per call

* flexibility when object is not available on graph.

* refactor debug logging message

* new file stix2.equivalence.graph_equivalence.rst and stix2.equivalence.object_equivalence.rst for docs

* API documentation for new modules

* additional text required to build docs

* add more test methods for list_semantic_check an graphically_equivalent/versioning

* add logging debug messages, code clean-up

* include individual scoring on results dict, fix issue on list_semantic_check not keeping highest score

* include results as summary in prop_scores, minor tweaks

* Update __init__.py

doctrings update

* apply feedback from pull request

- rename semantic_check to reference_check
- rename modules to graph and object respectively to eliminate redundancy
- remove created_by_ref and object_marking_refs from graph WEIGHTS and rebalance

* update docs/ entries

* add more checks, make max score based on actual objects checked instead of the full list, only create entry when type is present in WEIGHTS dictionary

update tests to reflect changes

* rename package patterns -> pattern

* documentation, moving weights around

* more documentation moving

* rename WEIGHTS variable for graph_equivalence
2020-10-16 11:35:26 -04:00
Chris Lenk d17d01d165
Merge pull request #444 from chisholm/comp_ds_unversioned_objs
Update CompositeDataSource and deduplicate() support for unversioned objects
2020-10-15 08:57:55 -04:00
Emmanuelle Vargas-Gonzalez 7b35b82996 TAXIICollectionSource custom object handling fix 2020-09-29 11:21:02 -04:00
Chris Lenk 3267036f33
Merge pull request #452 from oasis-open/api-reference-for-pattern-eq
Expose API Reference for Pattern Equivalence - ReadTheDocs
2020-09-18 13:52:02 -04:00
Chris Lenk ddb25c544a
Merge pull request #456 from chisholm/fix_comparison_expression_root_type
Fix object type tracking for AST comparison expression 'AND'
2020-09-18 09:59:53 -04:00
Michael Chisholm 7d64764ae3 Fix object type tracking for comparison expressions in the pattern
AST module.
2020-09-14 15:42:36 -04:00
Michael Chisholm bad42e5b78 pre-commit stylistic junk 2020-09-12 19:33:56 -04:00
Michael Chisholm ff35e8a01b Add some unit tests for the AST make_constant() function. 2020-09-12 19:14:29 -04:00
Michael Chisholm f2691e89f5 Fix make_constant() in the AST module, to always return a
constant.  It was failing to do so for timestamps, instead
returning a STIXdatetime object.
2020-09-12 19:14:29 -04:00
Emmanuelle Vargas-Gonzalez 639769d885 expose API Reference for Pattern Equivalence for ReadTheDocs 2020-09-11 13:54:13 -04:00
Michael Chisholm b5015b74ba pre-commit stylistic fixes 2020-08-19 12:10:51 -04:00
Michael Chisholm 3c25410a9d pre-commit stylistic fix 2020-08-19 11:51:47 -04:00
Michael Chisholm 7fa3c78dea Update CompositeDataSource and deduplicate() to handle unversioned
objects, including 2.1 SCOs.  Updated some unit tests to test
this.  Fixed a typo in a 2.0 unit test (2.0 deduplicate() test).
2020-08-17 18:38:29 -04:00
Michael Chisholm b6c2206491 Add some unit test suites for pattern equivalence which use some
STIX version-specific pattern features.
2020-08-14 19:56:49 -04:00
Michael Chisholm 9e707a3a81 Add stix_version kwargs to the pattern equivalence functions.
This allows the patterns to be parsed using either 2.0 or 2.1+
syntax.
2020-08-14 19:55:00 -04:00
Michael Chisholm 320129e26c Add another unit test to help a bit with lack of coverage of
compare/comparison.py.  This one tests patterns with more
constant types.
2020-08-13 18:45:52 -04:00
Michael Chisholm c21b230edb pre-commit hook stylistic changes 2020-08-13 17:44:42 -04:00
Michael Chisholm 16a8c544ac Add a find_equivalent_patterns() function and unit tests, in case
a user wants a more efficient search capability.  (It is more
efficient than calling equivalent_patterns() over and over in a
loop, because it doesn't repeatedly re-canonicalize the search
pattern.)
2020-08-13 17:09:04 -04:00
Michael Chisholm bd5635f5be Add some unit tests for pattern equivalence. 2020-08-13 16:46:25 -04:00
Michael Chisholm 6c92f670cb Fix ipv4/6 special canonicalizers to reformat IP addresses even
when a non-CIDR address is used.  Before, it left plain IP
addresses untouched.
2020-08-13 16:22:24 -04:00
Michael Chisholm 5d6c7d8c8a Add some simple context-sensitive constant canonicalization, used
as part of canonicalizing comparison expressions.  This
required adding a new comparison expression transformer callback
for leaf-node comparison expression objects, and updating all
existing comparison transformers to work (it affected all/most
of them).  The observation expression transformer which actually
does the comparison canonicalization was updated to also perform
this special canonicalization step.
2020-08-12 19:28:35 -04:00
Michael Chisholm 311fe38cea Add first cut of a pattern equivalence capability 2020-08-10 18:33:26 -04:00
Chris Lenk 1948b38eec
Merge pull request #438 from oasis-open/issue_437
hack for issue_435

Fixes #435.
2020-08-07 09:55:41 -04:00
Chris Lenk 1f9a844941
Merge pull request #439 from maybe-sybr/fix/customs-class-name
fix: Respect name of `@Custom*` decorated defs
2020-08-04 07:32:03 -04:00
Rich Piazza 8f76a84bbf handle quoted path components 2020-07-30 15:32:06 -04:00
maybe-sybr 15344527aa fix: Respect name of `@Custom*` decorated defs 2020-07-28 11:13:59 +10:00
Emmanuelle Vargas-Gonzalez 8cdbfed5e4
Merge pull request #431 from oasis-open/filesys-write-custom
Fix bug when adding custom object to FileSystemSink if the object type hasn't been registered
2020-07-27 09:43:38 -04:00
Rich Piazza b7a30befdc add tests and fix introduced bug 2020-07-25 14:47:40 -04:00
Rich Piazza 0fc2befd6a hack for issue_435 2020-07-25 14:22:03 -04:00
Rich Piazza 084941dd41 handle mixed boolean expressions 2020-07-24 11:40:21 -04:00
Emmanuelle Vargas-Gonzalez 08137ff6be add serialization to API documentation 2020-07-22 15:38:17 -04:00
Emmanuelle Vargas-Gonzalez 8093898a3d move serialization-related methods to serialization.py
update tests that call specific methods from this area
2020-07-22 15:36:48 -04:00
Emmanuelle Vargas-Gonzalez ca56a74e12 update docstrings for _STIXBase method 2020-07-22 15:20:39 -04:00
Emmanuelle Vargas-Gonzalez 978aee9a8e fix circular import problem 2020-07-22 14:53:37 -04:00
Emmanuelle Vargas-Gonzalez c760e04c9a rename module to serialization.py 2020-07-22 14:31:26 -04:00
Emmanuelle Vargas-Gonzalez 853bd0da21 move classes and methods from base.py to serialize.py 2020-07-22 13:56:24 -04:00
Emmanuelle Vargas-Gonzalez 37f0238fc6 add serialize.py module 2020-07-22 13:37:41 -04:00
Chris Lenk 806389117f Allow mixing single objects and lists in bundles
...in bundle constructor

Related: #429.
2020-07-20 00:24:36 -04:00
Chris Lenk 55ea84ece2 Fix bug when adding custom obj to FileSystemSink
... if the object type hasn't been registered.

Related: #439.
2020-07-20 00:04:32 -04:00