78 lines
		
	
	
		
			2.4 KiB
		
	
	
	
		
			Python
		
	
	
			
		
		
	
	
			78 lines
		
	
	
		
			2.4 KiB
		
	
	
	
		
			Python
		
	
	
| import datetime as dt
 | |
| 
 | |
| import pytest
 | |
| import pytz
 | |
| 
 | |
| import stix2
 | |
| 
 | |
| from .constants import INTRUSION_SET_ID
 | |
| 
 | |
| 
 | |
| EXPECTED = """{
 | |
|     "aliases": [
 | |
|         "Zookeeper"
 | |
|     ],
 | |
|     "created": "2016-04-06T20:03:48.000Z",
 | |
|     "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
 | |
|     "description": "Incidents usually feature a shared TTP of a bobcat being released...",
 | |
|     "goals": [
 | |
|         "acquisition-theft",
 | |
|         "harassment",
 | |
|         "damage"
 | |
|     ],
 | |
|     "id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29",
 | |
|     "modified": "2016-04-06T20:03:48.000Z",
 | |
|     "name": "Bobcat Breakin",
 | |
|     "type": "intrusion-set"
 | |
| }"""
 | |
| 
 | |
| 
 | |
| def test_intrusion_set_example():
 | |
|     intrusion_set = stix2.IntrusionSet(
 | |
|         id="intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29",
 | |
|         created_by_ref="identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
 | |
|         created="2016-04-06T20:03:48.000Z",
 | |
|         modified="2016-04-06T20:03:48.000Z",
 | |
|         name="Bobcat Breakin",
 | |
|         description="Incidents usually feature a shared TTP of a bobcat being released...",
 | |
|         aliases=["Zookeeper"],
 | |
|         goals=["acquisition-theft", "harassment", "damage"]
 | |
|     )
 | |
| 
 | |
|     assert str(intrusion_set) == EXPECTED
 | |
| 
 | |
| 
 | |
| @pytest.mark.parametrize("data", [
 | |
|     EXPECTED,
 | |
|     {
 | |
|         "aliases": [
 | |
|             "Zookeeper"
 | |
|         ],
 | |
|         "created": "2016-04-06T20:03:48.000Z",
 | |
|         "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
 | |
|         "description": "Incidents usually feature a shared TTP of a bobcat being released...",
 | |
|         "goals": [
 | |
|             "acquisition-theft",
 | |
|             "harassment",
 | |
|             "damage"
 | |
|         ],
 | |
|         "id": "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29",
 | |
|         "modified": "2016-04-06T20:03:48.000Z",
 | |
|         "name": "Bobcat Breakin",
 | |
|         "type": "intrusion-set"
 | |
|     },
 | |
| ])
 | |
| def test_parse_intrusion_set(data):
 | |
|     intset = stix2.parse(data)
 | |
| 
 | |
|     assert intset.type == "intrusion-set"
 | |
|     assert intset.id == INTRUSION_SET_ID
 | |
|     assert intset.created == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
 | |
|     assert intset.modified == dt.datetime(2016, 4, 6, 20, 3, 48, tzinfo=pytz.utc)
 | |
|     assert intset.goals == ["acquisition-theft", "harassment", "damage"]
 | |
|     assert intset.aliases == ["Zookeeper"]
 | |
|     assert intset.description == "Incidents usually feature a shared TTP of a bobcat being released..."
 | |
|     assert intset.name == "Bobcat Breakin"
 | |
| 
 | |
| # TODO: Add other examples
 |