cti-python-stix2/stix2/test/v21/test_incident.py

import datetime as dt

import pytest
import pytz

import stix2

from .constants import INCIDENT_ID

EXPECTED = """{
    "type": "incident",
    "spec_version": "2.1",
    "id": "incident--40fc3b35-0dc4-4afd-9927-288d44bfce20",
    "created": "2015-12-21T19:59:11.000Z",
    "modified": "2015-12-21T19:59:11.000Z",
    "name": "Breach of Cyber Tech Dynamics",
    "description": "Intrusion into enterprise network"
}"""


def test_incident_example():
    incident = stix2.v21.Incident(
        id=INCIDENT_ID,
        created="2015-12-21T19:59:11.000Z",
        modified="2015-12-21T19:59:11.000Z",
        name="Breach of Cyber Tech Dynamics",
        description="Intrusion into enterprise network",
    )

    assert str(incident) == EXPECTED


@pytest.mark.parametrize(
    "data", [
        EXPECTED,
        {
            "created": "2015-12-21T19:59:11.000Z",
            "id": INCIDENT_ID,
            "description": "Intrusion into enterprise network",
            "modified": "2015-12-21T19:59:11.000Z",
            "name": "Breach of Cyber Tech Dynamics",
            "spec_version": "2.1",
            "type": "incident",
        },
    ],
)
def test_parse_incident(data):
    incident = stix2.parse(data, version="2.1")

    assert incident.type == 'incident'
    assert incident.spec_version == '2.1'
    assert incident.id == INCIDENT_ID
    assert incident.created == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc)
    assert incident.modified == dt.datetime(2015, 12, 21, 19, 59, 11, tzinfo=pytz.utc)
    assert incident.name == 'Breach of Cyber Tech Dynamics'
    assert incident.description == 'Intrusion into enterprise network'


def test_parse_no_type():
    with pytest.raises(stix2.exceptions.ParseError):
        stix2.parse(
            """
        {
            "id": "incident--40fc3b35-0dc4-4afd-9927-288d44bfce20",
            "created": "2015-12-21T19:59:11.000Z",
            "modified": "2015-12-21T19:59:11.000Z",
            "name": "Breach of Cyber Tech Dynamics",
            "description": "Intrusion into enterprise network"
        }""", version="2.1",
        )


def test_incident_with_custom():
    incident = stix2.v21.Incident(
        name="Breach of Cyber Tech Dynamics",
        description="Intrusion into enterprise network",
        custom_properties={'x_foo': 'bar'},
    )

    assert incident.x_foo == "bar"
    assert "x_foo" in incident.object_properties()