34 lines
899 B
Python
34 lines
899 B
Python
"""Python APIs for STIX 2."""
|
|
|
|
# flake8: noqa
|
|
|
|
import json
|
|
|
|
from .bundle import Bundle
|
|
from .common import ExternalReference, KillChainPhase
|
|
from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \
|
|
IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \
|
|
Vulnerability
|
|
from .sro import Relationship, Sighting
|
|
from .markings import MarkingDefinition, GranularMarking, StatementMarking, TLPMarking
|
|
|
|
|
|
def parse(data):
|
|
"""Deserialize a string or file-like object into a STIX object"""
|
|
|
|
if type(data) is dict:
|
|
obj = data
|
|
else:
|
|
try:
|
|
obj = json.loads(data)
|
|
except TypeError:
|
|
obj = json.load(data)
|
|
|
|
if 'type' not in obj:
|
|
# TODO parse external references, kill chain phases, and granular markings
|
|
pass
|
|
elif obj['type'] == 'malware':
|
|
return sdo.Malware(**obj)
|
|
|
|
return obj
|