cti-python-stix2/stix2/__init__.py

34 lines
899 B
Python

"""Python APIs for STIX 2."""
# flake8: noqa
import json
from .bundle import Bundle
from .common import ExternalReference, KillChainPhase
from .sdo import AttackPattern, Campaign, CourseOfAction, Identity, Indicator, \
IntrusionSet, Malware, ObservedData, Report, ThreatActor, Tool, \
Vulnerability
from .sro import Relationship, Sighting
from .markings import MarkingDefinition, GranularMarking, StatementMarking, TLPMarking
def parse(data):
"""Deserialize a string or file-like object into a STIX object"""
if type(data) is dict:
obj = data
else:
try:
obj = json.loads(data)
except TypeError:
obj = json.load(data)
if 'type' not in obj:
# TODO parse external references, kill chain phases, and granular markings
pass
elif obj['type'] == 'malware':
return sdo.Malware(**obj)
return obj