cti-python-stix2/stix2/test/v21/test_relationship.py

209 lines
7.7 KiB
Python

import datetime as dt
import pytest
import pytz
import stix2
from .constants import (
FAKE_TIME, INDICATOR_ID, MALWARE_ID, RELATIONSHIP_ID, RELATIONSHIP_KWARGS,
)
EXPECTED_RELATIONSHIP = """{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--df7c87eb-75d2-4948-af81-9d49d246f301",
"created": "2016-04-06T20:06:37.000Z",
"modified": "2016-04-06T20:06:37.000Z",
"relationship_type": "indicates",
"source_ref": "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7",
"target_ref": "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
}"""
def test_relationship_all_required_properties():
now = dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
rel = stix2.v21.Relationship(
type='relationship',
id=RELATIONSHIP_ID,
created=now,
modified=now,
relationship_type='indicates',
source_ref=INDICATOR_ID,
target_ref=MALWARE_ID,
)
assert str(rel) == EXPECTED_RELATIONSHIP
def test_relationship_autogenerated_properties(relationship):
assert relationship.type == 'relationship'
assert relationship.spec_version == '2.1'
assert relationship.id == 'relationship--00000000-0000-4000-8000-000000000001'
assert relationship.created == FAKE_TIME
assert relationship.modified == FAKE_TIME
assert relationship.relationship_type == 'indicates'
assert relationship.source_ref == INDICATOR_ID
assert relationship.target_ref == MALWARE_ID
assert relationship['type'] == 'relationship'
assert relationship['spec_version'] == '2.1'
assert relationship['id'] == 'relationship--00000000-0000-4000-8000-000000000001'
assert relationship['created'] == FAKE_TIME
assert relationship['modified'] == FAKE_TIME
assert relationship['relationship_type'] == 'indicates'
assert relationship['source_ref'] == INDICATOR_ID
assert relationship['target_ref'] == MALWARE_ID
def test_relationship_type_must_be_relationship():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.v21.Relationship(type='xxx', **RELATIONSHIP_KWARGS)
assert excinfo.value.cls == stix2.v21.Relationship
assert excinfo.value.prop_name == "type"
assert excinfo.value.reason == "must equal 'relationship'."
assert str(excinfo.value) == "Invalid value for Relationship 'type': must equal 'relationship'."
def test_relationship_id_must_start_with_relationship():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.v21.Relationship(id='my-prefix--', **RELATIONSHIP_KWARGS)
assert excinfo.value.cls == stix2.v21.Relationship
assert excinfo.value.prop_name == "id"
assert excinfo.value.reason == "must start with 'relationship--'."
assert str(excinfo.value) == "Invalid value for Relationship 'id': must start with 'relationship--'."
def test_relationship_required_property_relationship_type():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v21.Relationship()
assert excinfo.value.cls == stix2.v21.Relationship
assert excinfo.value.properties == ["relationship_type", "source_ref", "target_ref"]
def test_relationship_missing_some_required_properties():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v21.Relationship(relationship_type='indicates')
assert excinfo.value.cls == stix2.v21.Relationship
assert excinfo.value.properties == ["source_ref", "target_ref"]
def test_relationship_required_properties_target_ref():
with pytest.raises(stix2.exceptions.MissingPropertiesError) as excinfo:
stix2.v21.Relationship(
relationship_type='indicates',
source_ref=INDICATOR_ID,
)
assert excinfo.value.cls == stix2.v21.Relationship
assert excinfo.value.properties == ["target_ref"]
def test_cannot_assign_to_relationship_attributes(relationship):
with pytest.raises(stix2.exceptions.ImmutableError) as excinfo:
relationship.relationship_type = "derived-from"
assert str(excinfo.value) == "Cannot modify 'relationship_type' property in 'Relationship' after creation."
def test_invalid_kwarg_to_relationship():
with pytest.raises(stix2.exceptions.ExtraPropertiesError) as excinfo:
stix2.v21.Relationship(my_custom_property="foo", **RELATIONSHIP_KWARGS)
assert excinfo.value.cls == stix2.v21.Relationship
assert excinfo.value.properties == ['my_custom_property']
assert str(excinfo.value) == "Unexpected properties for Relationship: (my_custom_property)."
def test_create_relationship_from_objects_rather_than_ids1(indicator, malware):
rel = stix2.v21.Relationship(
relationship_type="indicates",
source_ref=indicator,
target_ref=malware,
stop_time="2016-04-06T20:03:48Z",
)
assert rel.relationship_type == 'indicates'
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
assert rel.stop_time == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
def test_create_relationship_from_objects_rather_than_ids2(indicator, malware):
rel = stix2.v21.Relationship(
relationship_type="indicates",
source_ref=indicator,
target_ref=malware,
start_time="2016-04-06T20:03:48Z",
)
assert rel.relationship_type == 'indicates'
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
assert rel.start_time == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
def test_create_relationship_with_positional_args(indicator, malware):
rel = stix2.v21.Relationship(indicator, 'indicates', malware)
assert rel.relationship_type == 'indicates'
assert rel.source_ref == 'indicator--00000000-0000-4000-8000-000000000001'
assert rel.target_ref == 'malware--00000000-0000-4000-8000-000000000003'
assert rel.id == 'relationship--00000000-0000-4000-8000-000000000005'
@pytest.mark.parametrize(
"data", [
EXPECTED_RELATIONSHIP,
{
"created": "2016-04-06T20:06:37Z",
"id": RELATIONSHIP_ID,
"modified": "2016-04-06T20:06:37Z",
"relationship_type": "indicates",
"source_ref": INDICATOR_ID,
"target_ref": MALWARE_ID,
"spec_version": "2.1",
"type": "relationship",
},
],
)
def test_parse_relationship(data):
rel = stix2.parse(data, version="2.1")
assert rel.type == 'relationship'
assert rel.spec_version == '2.1'
assert rel.id == RELATIONSHIP_ID
assert rel.created == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
assert rel.modified == dt.datetime(2016, 4, 6, 20, 6, 37, tzinfo=pytz.utc)
assert rel.relationship_type == "indicates"
assert rel.source_ref == INDICATOR_ID
assert rel.target_ref == MALWARE_ID
@pytest.mark.parametrize(
"data", [
{
"created": "2016-04-06T20:06:37Z",
"id": RELATIONSHIP_ID,
"modified": "2016-04-06T20:06:37Z",
"relationship_type": "indicates",
"source_ref": INDICATOR_ID,
"target_ref": MALWARE_ID,
"start_time": "2018-04-06T20:06:37Z",
"stop_time": "2016-04-06T20:06:37Z",
"spec_version": "2.1",
"type": "relationship",
},
],
)
def test_parse_relationship_with_wrong_start_and_stop_time(data):
with pytest.raises(ValueError) as excinfo:
stix2.parse(data)
assert str(excinfo.value) == "{id} 'stop_time' must be later than 'start_time'".format(**data)