197 lines
6.0 KiB
Python
197 lines
6.0 KiB
Python
import uuid
|
|
|
|
import pytest
|
|
|
|
import stix2
|
|
|
|
from .constants import (
|
|
FAKE_TIME, INDICATOR_KWARGS, MALWARE_KWARGS, RELATIONSHIP_KWARGS,
|
|
)
|
|
|
|
|
|
# Inspired by: http://stackoverflow.com/a/24006251
|
|
@pytest.fixture
|
|
def clock(monkeypatch):
|
|
|
|
class mydatetime(stix2.utils.STIXdatetime):
|
|
@classmethod
|
|
def now(cls, tz=None):
|
|
return FAKE_TIME
|
|
|
|
monkeypatch.setattr(stix2.utils, 'STIXdatetime', mydatetime)
|
|
|
|
|
|
@pytest.fixture
|
|
def uuid4(monkeypatch):
|
|
def wrapper():
|
|
data = [0]
|
|
|
|
def wrapped():
|
|
data[0] += 1
|
|
return "00000000-0000-4000-8000-00000000%04x" % data[0]
|
|
|
|
return wrapped
|
|
monkeypatch.setattr(uuid, "uuid4", wrapper())
|
|
|
|
|
|
@pytest.fixture
|
|
def indicator(uuid4, clock):
|
|
return stix2.v20.Indicator(**INDICATOR_KWARGS)
|
|
|
|
|
|
@pytest.fixture
|
|
def malware(uuid4, clock):
|
|
return stix2.v20.Malware(**MALWARE_KWARGS)
|
|
|
|
|
|
@pytest.fixture
|
|
def relationship(uuid4, clock):
|
|
return stix2.v20.Relationship(**RELATIONSHIP_KWARGS)
|
|
|
|
|
|
@pytest.fixture
|
|
def stix_objs1():
|
|
ind1 = {
|
|
"created": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
|
"labels": [
|
|
"malicious-activity",
|
|
],
|
|
"modified": "2017-01-27T13:49:53.935Z",
|
|
"name": "Malicious site hosting downloader",
|
|
"pattern": "[url:value = 'http://x4z9arb.cn/4712']",
|
|
"type": "indicator",
|
|
"valid_from": "2017-01-27T13:49:53.935382Z",
|
|
}
|
|
ind2 = {
|
|
"created": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
|
"labels": [
|
|
"malicious-activity",
|
|
],
|
|
"modified": "2017-01-27T13:49:53.935Z",
|
|
"name": "Malicious site hosting downloader",
|
|
"pattern": "[url:value = 'http://x4z9arb.cn/4712']",
|
|
"type": "indicator",
|
|
"valid_from": "2017-01-27T13:49:53.935382Z",
|
|
}
|
|
ind3 = {
|
|
"created": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
|
"labels": [
|
|
"malicious-activity",
|
|
],
|
|
"modified": "2017-01-27T13:49:53.936Z",
|
|
"name": "Malicious site hosting downloader",
|
|
"pattern": "[url:value = 'http://x4z9arb.cn/4712']",
|
|
"type": "indicator",
|
|
"valid_from": "2017-01-27T13:49:53.935382Z",
|
|
}
|
|
ind4 = {
|
|
"created": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
|
"labels": [
|
|
"malicious-activity",
|
|
],
|
|
"modified": "2017-01-27T13:49:53.935Z",
|
|
"name": "Malicious site hosting downloader",
|
|
"pattern": "[url:value = 'http://x4z9arb.cn/4712']",
|
|
"type": "indicator",
|
|
"valid_from": "2017-01-27T13:49:53.935382Z",
|
|
}
|
|
ind5 = {
|
|
"created": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
|
"labels": [
|
|
"malicious-activity",
|
|
],
|
|
"modified": "2017-01-27T13:49:53.935Z",
|
|
"name": "Malicious site hosting downloader",
|
|
"pattern": "[url:value = 'http://x4z9arb.cn/4712']",
|
|
"type": "indicator",
|
|
"valid_from": "2017-01-27T13:49:53.935382Z",
|
|
}
|
|
return [ind1, ind2, ind3, ind4, ind5]
|
|
|
|
|
|
@pytest.fixture
|
|
def stix_objs1_manifests():
|
|
# Tests against latest medallion (TAXII 2.1)
|
|
ind1 = {
|
|
"date_added": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
|
"media_type": "application/stix+json;version=2.1",
|
|
"version": "2017-01-27T13:49:53.935Z",
|
|
}
|
|
ind2 = {
|
|
"date_added": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
|
"media_type": "application/stix+json;version=2.1",
|
|
"version": "2017-01-27T13:49:53.935Z",
|
|
}
|
|
ind3 = {
|
|
"date_added": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
|
"media_type": "application/stix+json;version=2.1",
|
|
"version": "2017-01-27T13:49:53.936Z",
|
|
}
|
|
ind4 = {
|
|
"date_added": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
|
"media_type": "application/stix+json;version=2.1",
|
|
"version": "2017-01-27T13:49:53.935Z",
|
|
}
|
|
ind5 = {
|
|
"date_added": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
|
"media_type": "application/stix+json;version=2.1",
|
|
"version": "2017-01-27T13:49:53.935Z",
|
|
}
|
|
return [ind1, ind2, ind3, ind4, ind5]
|
|
|
|
|
|
@pytest.fixture
|
|
def stix_objs2():
|
|
ind6 = {
|
|
"created": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000001",
|
|
"labels": [
|
|
"malicious-activity",
|
|
],
|
|
"modified": "2017-01-31T13:49:53.935Z",
|
|
"name": "Malicious site hosting downloader",
|
|
"pattern": "[url:value = 'http://x4z9arb.cn/4712']",
|
|
"type": "indicator",
|
|
"valid_from": "2017-01-27T13:49:53.935382Z",
|
|
}
|
|
ind7 = {
|
|
"created": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
|
"labels": [
|
|
"malicious-activity",
|
|
],
|
|
"modified": "2017-01-27T13:49:53.935Z",
|
|
"name": "Malicious site hosting downloader",
|
|
"pattern": "[url:value = 'http://x4z9arb.cn/4712']",
|
|
"type": "indicator",
|
|
"valid_from": "2017-01-27T13:49:53.935382Z",
|
|
}
|
|
ind8 = {
|
|
"created": "2017-01-27T13:49:53.935Z",
|
|
"id": "indicator--00000000-0000-4000-8000-000000000002",
|
|
"labels": [
|
|
"malicious-activity",
|
|
],
|
|
"modified": "2017-01-27T13:49:53.935Z",
|
|
"name": "Malicious site hosting downloader",
|
|
"pattern": "[url:value = 'http://x4z9arb.cn/4712']",
|
|
"type": "indicator",
|
|
"valid_from": "2017-01-27T13:49:53.935382Z",
|
|
}
|
|
return [ind6, ind7, ind8]
|
|
|
|
|
|
@pytest.fixture
|
|
def real_stix_objs2(stix_objs2):
|
|
return [stix2.parse(x, version="2.0") for x in stix_objs2]
|