cti-python-stix2/stix2/test/v21/test_granular_markings.py

1091 lines
36 KiB
Python

import pytest
from stix2 import markings
from stix2.exceptions import MarkingNotFoundError
from stix2.v21 import TLP_RED, Malware
from .constants import MALWARE_MORE_KWARGS as MALWARE_KWARGS_CONST
from .constants import MARKING_IDS
"""Tests for the Data Markings API."""
MALWARE_KWARGS = MALWARE_KWARGS_CONST.copy()
def test_add_marking_mark_one_selector_multiple_refs():
before = Malware(
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
)
before = markings.add_markings(before, [MARKING_IDS[0], MARKING_IDS[1]], ["description"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
@pytest.mark.parametrize(
"data", [
(
Malware(**MALWARE_KWARGS),
Malware(
granular_markings=[
{
"selectors": ["description", "name"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
),
MARKING_IDS[0],
),
(
MALWARE_KWARGS,
dict(
granular_markings=[
{
"selectors": ["description", "name"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
),
MARKING_IDS[0],
),
(
Malware(**MALWARE_KWARGS),
Malware(
granular_markings=[
{
"selectors": ["description", "name"],
"marking_ref": TLP_RED.id,
},
],
**MALWARE_KWARGS
),
TLP_RED,
),
],
)
def test_add_marking_mark_multiple_selector_one_refs(data):
before = data[0]
after = data[1]
before = markings.add_markings(before, data[2], ["description", "name"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_add_marking_mark_multiple_selector_multiple_refs():
before = Malware(
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description", "name"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description", "name"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
)
before = markings.add_markings(before, [MARKING_IDS[0], MARKING_IDS[1]], ["description", "name"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_add_marking_mark_another_property_same_marking():
before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description", "name"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = markings.add_markings(before, [MARKING_IDS[0]], ["name"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_add_marking_mark_same_property_same_marking():
before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = markings.add_markings(before, [MARKING_IDS[0]], ["description"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
@pytest.mark.parametrize(
"data,marking", [
(
{"description": "test description"},
[
["title"], ["marking-definition--1", "marking-definition--2"],
"", ["marking-definition--1", "marking-definition--2"],
[], ["marking-definition--1", "marking-definition--2"],
[""], ["marking-definition--1", "marking-definition--2"],
["description"], [""],
["description"], [],
["description"], ["marking-definition--1", 456],
],
),
],
)
def test_add_marking_bad_selector(data, marking):
with pytest.raises(AssertionError):
markings.add_markings(data, marking[0], marking[1])
GET_MARKINGS_TEST_DATA = {
"a": 333,
"b": "value",
"c": [
17,
"list value",
{
"g": "nested",
"h": 45,
},
],
"x": {
"y": [
"hello",
88,
],
"z": {
"foo1": "bar",
"foo2": 65,
},
},
"granular_markings": [
{
"marking_ref": "1",
"selectors": ["a"],
},
{
"marking_ref": "2",
"selectors": ["c"],
},
{
"marking_ref": "3",
"selectors": ["c.[1]"],
},
{
"marking_ref": "4",
"selectors": ["c.[2]"],
},
{
"marking_ref": "5",
"selectors": ["c.[2].g"],
},
{
"marking_ref": "6",
"selectors": ["x"],
},
{
"marking_ref": "7",
"selectors": ["x.y"],
},
{
"marking_ref": "8",
"selectors": ["x.y.[1]"],
},
{
"marking_ref": "9",
"selectors": ["x.z"],
},
{
"marking_ref": "10",
"selectors": ["x.z.foo2"],
},
],
}
@pytest.mark.parametrize("data", [GET_MARKINGS_TEST_DATA])
def test_get_markings_smoke(data):
"""Test get_markings does not fail."""
assert len(markings.get_markings(data, "a")) >= 1
assert markings.get_markings(data, "a") == ["1"]
@pytest.mark.parametrize(
"data", [
GET_MARKINGS_TEST_DATA,
{"b": 1234},
],
)
def test_get_markings_not_marked(data):
"""Test selector that is not marked returns empty list."""
results = markings.get_markings(data, "b")
assert len(results) == 0
@pytest.mark.parametrize("data", [GET_MARKINGS_TEST_DATA])
def test_get_markings_multiple_selectors(data):
"""Test multiple selectors return combination of markings."""
total = markings.get_markings(data, ["x.y", "x.z"])
xy_markings = markings.get_markings(data, ["x.y"])
xz_markings = markings.get_markings(data, ["x.z"])
assert set(xy_markings).issubset(total)
assert set(xz_markings).issubset(total)
assert set(xy_markings).union(xz_markings).issuperset(total)
@pytest.mark.parametrize(
"data,selector", [
(GET_MARKINGS_TEST_DATA, "foo"),
(GET_MARKINGS_TEST_DATA, ""),
(GET_MARKINGS_TEST_DATA, []),
(GET_MARKINGS_TEST_DATA, [""]),
(GET_MARKINGS_TEST_DATA, "x.z.[-2]"),
(GET_MARKINGS_TEST_DATA, "c.f"),
(GET_MARKINGS_TEST_DATA, "c.[2].i"),
(GET_MARKINGS_TEST_DATA, "c.[3]"),
(GET_MARKINGS_TEST_DATA, "d"),
(GET_MARKINGS_TEST_DATA, "x.[0]"),
(GET_MARKINGS_TEST_DATA, "z.y.w"),
(GET_MARKINGS_TEST_DATA, "x.z.[1]"),
(GET_MARKINGS_TEST_DATA, "x.z.foo3"),
],
)
def test_get_markings_bad_selector(data, selector):
"""Test bad selectors raise exception"""
with pytest.raises(AssertionError):
markings.get_markings(data, selector)
@pytest.mark.parametrize("data", [GET_MARKINGS_TEST_DATA])
def test_get_markings_positional_arguments_combinations(data):
"""Test multiple combinations for inherited and descendant markings."""
assert set(markings.get_markings(data, "a", False, False)) == set(["1"])
assert set(markings.get_markings(data, "a", True, False)) == set(["1"])
assert set(markings.get_markings(data, "a", True, True)) == set(["1"])
assert set(markings.get_markings(data, "a", False, True)) == set(["1"])
assert set(markings.get_markings(data, "b", False, False)) == set([])
assert set(markings.get_markings(data, "b", True, False)) == set([])
assert set(markings.get_markings(data, "b", True, True)) == set([])
assert set(markings.get_markings(data, "b", False, True)) == set([])
assert set(markings.get_markings(data, "c", False, False)) == set(["2"])
assert set(markings.get_markings(data, "c", True, False)) == set(["2"])
assert set(markings.get_markings(data, "c", True, True)) == set(["2", "3", "4", "5"])
assert set(markings.get_markings(data, "c", False, True)) == set(["2", "3", "4", "5"])
assert set(markings.get_markings(data, "c.[0]", False, False)) == set([])
assert set(markings.get_markings(data, "c.[0]", True, False)) == set(["2"])
assert set(markings.get_markings(data, "c.[0]", True, True)) == set(["2"])
assert set(markings.get_markings(data, "c.[0]", False, True)) == set([])
assert set(markings.get_markings(data, "c.[1]", False, False)) == set(["3"])
assert set(markings.get_markings(data, "c.[1]", True, False)) == set(["2", "3"])
assert set(markings.get_markings(data, "c.[1]", True, True)) == set(["2", "3"])
assert set(markings.get_markings(data, "c.[1]", False, True)) == set(["3"])
assert set(markings.get_markings(data, "c.[2]", False, False)) == set(["4"])
assert set(markings.get_markings(data, "c.[2]", True, False)) == set(["2", "4"])
assert set(markings.get_markings(data, "c.[2]", True, True)) == set(["2", "4", "5"])
assert set(markings.get_markings(data, "c.[2]", False, True)) == set(["4", "5"])
assert set(markings.get_markings(data, "c.[2].g", False, False)) == set(["5"])
assert set(markings.get_markings(data, "c.[2].g", True, False)) == set(["2", "4", "5"])
assert set(markings.get_markings(data, "c.[2].g", True, True)) == set(["2", "4", "5"])
assert set(markings.get_markings(data, "c.[2].g", False, True)) == set(["5"])
assert set(markings.get_markings(data, "x", False, False)) == set(["6"])
assert set(markings.get_markings(data, "x", True, False)) == set(["6"])
assert set(markings.get_markings(data, "x", True, True)) == set(["6", "7", "8", "9", "10"])
assert set(markings.get_markings(data, "x", False, True)) == set(["6", "7", "8", "9", "10"])
assert set(markings.get_markings(data, "x.y", False, False)) == set(["7"])
assert set(markings.get_markings(data, "x.y", True, False)) == set(["6", "7"])
assert set(markings.get_markings(data, "x.y", True, True)) == set(["6", "7", "8"])
assert set(markings.get_markings(data, "x.y", False, True)) == set(["7", "8"])
assert set(markings.get_markings(data, "x.y.[0]", False, False)) == set([])
assert set(markings.get_markings(data, "x.y.[0]", True, False)) == set(["6", "7"])
assert set(markings.get_markings(data, "x.y.[0]", True, True)) == set(["6", "7"])
assert set(markings.get_markings(data, "x.y.[0]", False, True)) == set([])
assert set(markings.get_markings(data, "x.y.[1]", False, False)) == set(["8"])
assert set(markings.get_markings(data, "x.y.[1]", True, False)) == set(["6", "7", "8"])
assert set(markings.get_markings(data, "x.y.[1]", True, True)) == set(["6", "7", "8"])
assert set(markings.get_markings(data, "x.y.[1]", False, True)) == set(["8"])
assert set(markings.get_markings(data, "x.z", False, False)) == set(["9"])
assert set(markings.get_markings(data, "x.z", True, False)) == set(["6", "9"])
assert set(markings.get_markings(data, "x.z", True, True)) == set(["6", "9", "10"])
assert set(markings.get_markings(data, "x.z", False, True)) == set(["9", "10"])
assert set(markings.get_markings(data, "x.z.foo1", False, False)) == set([])
assert set(markings.get_markings(data, "x.z.foo1", True, False)) == set(["6", "9"])
assert set(markings.get_markings(data, "x.z.foo1", True, True)) == set(["6", "9"])
assert set(markings.get_markings(data, "x.z.foo1", False, True)) == set([])
assert set(markings.get_markings(data, "x.z.foo2", False, False)) == set(["10"])
assert set(markings.get_markings(data, "x.z.foo2", True, False)) == set(["6", "9", "10"])
assert set(markings.get_markings(data, "x.z.foo2", True, True)) == set(["6", "9", "10"])
assert set(markings.get_markings(data, "x.z.foo2", False, True)) == set(["10"])
@pytest.mark.parametrize(
"data", [
(
Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
),
[MARKING_IDS[0], MARKING_IDS[1]],
),
(
dict(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
),
[MARKING_IDS[0], MARKING_IDS[1]],
),
],
)
def test_remove_marking_remove_one_selector_with_multiple_refs(data):
before = markings.remove_markings(data[0], data[1], ["description"])
assert "granular_markings" not in before
def test_remove_marking_remove_multiple_selector_one_ref():
before = Malware(
granular_markings=[
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = markings.remove_markings(before, MARKING_IDS[0], ["description", "modified"])
assert "granular_markings" not in before
def test_remove_marking_mark_one_selector_from_multiple_ones():
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = Malware(
granular_markings=[
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = markings.remove_markings(before, [MARKING_IDS[0]], ["modified"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_remove_marking_mark_one_selector_markings_from_multiple_ones():
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
)
before = Malware(
granular_markings=[
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
)
before = markings.remove_markings(before, [MARKING_IDS[0]], ["modified"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_remove_marking_mark_mutilple_selector_multiple_refs():
before = Malware(
granular_markings=[
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
)
before = markings.remove_markings(before, [MARKING_IDS[0], MARKING_IDS[1]], ["description", "modified"])
assert "granular_markings" not in before
def test_remove_marking_mark_another_property_same_marking():
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["modified"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = markings.remove_markings(before, [MARKING_IDS[0]], ["modified"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_remove_marking_mark_same_property_same_marking():
before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = markings.remove_markings(before, [MARKING_IDS[0]], ["description"])
assert "granular_markings" not in before
def test_remove_no_markings():
before = {
"description": "test description",
}
after = markings.remove_markings(before, ["marking-definition--1"], ["description"])
assert before == after
def test_remove_marking_bad_selector():
before = {
"description": "test description",
}
with pytest.raises(AssertionError):
markings.remove_markings(before, ["marking-definition--1", "marking-definition--2"], ["title"])
def test_remove_marking_not_present():
before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
with pytest.raises(MarkingNotFoundError):
markings.remove_markings(before, [MARKING_IDS[1]], ["description"])
IS_MARKED_TEST_DATA = [
Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[1],
},
{
"selectors": ["malware_types", "description"],
"marking_ref": MARKING_IDS[2],
},
{
"selectors": ["malware_types", "description"],
"marking_ref": MARKING_IDS[3],
},
],
**MALWARE_KWARGS
),
dict(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[1],
},
{
"selectors": ["malware_types", "description"],
"marking_ref": MARKING_IDS[2],
},
{
"selectors": ["malware_types", "description"],
"marking_ref": MARKING_IDS[3],
},
],
**MALWARE_KWARGS
),
]
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
def test_is_marked_smoke(data):
"""Smoke test is_marked call does not fail."""
assert markings.is_marked(data, selectors=["description"])
assert markings.is_marked(data, selectors=["modified"]) is False
@pytest.mark.parametrize(
"data,selector", [
(IS_MARKED_TEST_DATA[0], "foo"),
(IS_MARKED_TEST_DATA[0], ""),
(IS_MARKED_TEST_DATA[0], []),
(IS_MARKED_TEST_DATA[0], [""]),
(IS_MARKED_TEST_DATA[0], "x.z.[-2]"),
(IS_MARKED_TEST_DATA[0], "c.f"),
(IS_MARKED_TEST_DATA[0], "c.[2].i"),
(IS_MARKED_TEST_DATA[1], "c.[3]"),
(IS_MARKED_TEST_DATA[1], "d"),
(IS_MARKED_TEST_DATA[1], "x.[0]"),
(IS_MARKED_TEST_DATA[1], "z.y.w"),
(IS_MARKED_TEST_DATA[1], "x.z.[1]"),
(IS_MARKED_TEST_DATA[1], "x.z.foo3"),
],
)
def test_is_marked_invalid_selector(data, selector):
"""Test invalid selector raises an error."""
with pytest.raises(AssertionError):
markings.is_marked(data, selectors=selector)
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
def test_is_marked_mix_selector(data):
"""Test valid selector, one marked and one not marked returns True."""
assert markings.is_marked(data, selectors=["description", "malware_types"])
assert markings.is_marked(data, selectors=["description"])
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
def test_is_marked_valid_selector_no_refs(data):
"""Test that a valid selector return True when it has marking refs and False when not."""
assert markings.is_marked(data, selectors=["description"])
assert markings.is_marked(data, [MARKING_IDS[2], MARKING_IDS[3]], ["description"])
assert markings.is_marked(data, [MARKING_IDS[2]], ["description"])
assert markings.is_marked(data, [MARKING_IDS[2], MARKING_IDS[5]], ["description"]) is False
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
def test_is_marked_valid_selector_and_refs(data):
"""Test that a valid selector returns True when marking_refs match."""
assert markings.is_marked(data, [MARKING_IDS[1]], ["description"])
assert markings.is_marked(data, [MARKING_IDS[1]], ["modified"]) is False
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
def test_is_marked_valid_selector_multiple_refs(data):
"""Test that a valid selector returns True if aall marking_refs match.
Otherwise False."""
assert markings.is_marked(data, [MARKING_IDS[2], MARKING_IDS[3]], ["malware_types"])
assert markings.is_marked(data, [MARKING_IDS[2], MARKING_IDS[1]], ["malware_types"]) is False
assert markings.is_marked(data, MARKING_IDS[2], ["malware_types"])
assert markings.is_marked(data, ["marking-definition--1234"], ["malware_types"]) is False
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
def test_is_marked_no_marking_refs(data):
"""Test that a valid content selector with no marking_refs returns True
if there is a granular_marking that asserts that field, False
otherwise."""
assert markings.is_marked(data, selectors=["type"]) is False
assert markings.is_marked(data, selectors=["malware_types"])
@pytest.mark.parametrize("data", IS_MARKED_TEST_DATA)
def test_is_marked_no_selectors(data):
"""Test that we're ensuring 'selectors' is provided."""
with pytest.raises(TypeError) as excinfo:
markings.granular_markings.is_marked(data)
assert "'selectors' must be provided" in str(excinfo.value)
def test_is_marked_positional_arguments_combinations():
"""Test multiple combinations for inherited and descendant markings."""
test_sdo = \
{
"a": 333,
"b": "value",
"c": [
17,
"list value",
{
"g": "nested",
"h": 45,
},
],
"x": {
"y": [
"hello",
88,
],
"z": {
"foo1": "bar",
"foo2": 65,
},
},
"granular_markings": [
{
"marking_ref": "1",
"selectors": ["a"],
},
{
"marking_ref": "2",
"selectors": ["c"],
},
{
"marking_ref": "3",
"selectors": ["c.[1]"],
},
{
"marking_ref": "4",
"selectors": ["c.[2]"],
},
{
"marking_ref": "5",
"selectors": ["c.[2].g"],
},
{
"marking_ref": "6",
"selectors": ["x"],
},
{
"marking_ref": "7",
"selectors": ["x.y"],
},
{
"marking_ref": "8",
"selectors": ["x.y.[1]"],
},
{
"marking_ref": "9",
"selectors": ["x.z"],
},
{
"marking_ref": "10",
"selectors": ["x.z.foo2"],
},
],
}
assert markings.is_marked(test_sdo, ["1"], "a", False, False)
assert markings.is_marked(test_sdo, ["1"], "a", True, False)
assert markings.is_marked(test_sdo, ["1"], "a", True, True)
assert markings.is_marked(test_sdo, ["1"], "a", False, True)
assert markings.is_marked(test_sdo, "b", inherited=False, descendants=False) is False
assert markings.is_marked(test_sdo, "b", inherited=True, descendants=False) is False
assert markings.is_marked(test_sdo, "b", inherited=True, descendants=True) is False
assert markings.is_marked(test_sdo, "b", inherited=False, descendants=True) is False
assert markings.is_marked(test_sdo, ["2"], "c", False, False)
assert markings.is_marked(test_sdo, ["2"], "c", True, False)
assert markings.is_marked(test_sdo, ["2", "3", "4", "5"], "c", True, True)
assert markings.is_marked(test_sdo, ["2", "3", "4", "5"], "c", False, True)
assert markings.is_marked(test_sdo, "c.[0]", inherited=False, descendants=False) is False
assert markings.is_marked(test_sdo, ["2"], "c.[0]", True, False)
assert markings.is_marked(test_sdo, ["2"], "c.[0]", True, True)
assert markings.is_marked(test_sdo, "c.[0]", inherited=False, descendants=True) is False
assert markings.is_marked(test_sdo, ["3"], "c.[1]", False, False)
assert markings.is_marked(test_sdo, ["2", "3"], "c.[1]", True, False)
assert markings.is_marked(test_sdo, ["2", "3"], "c.[1]", True, True)
assert markings.is_marked(test_sdo, ["3"], "c.[1]", False, True)
assert markings.is_marked(test_sdo, ["4"], "c.[2]", False, False)
assert markings.is_marked(test_sdo, ["2", "4"], "c.[2]", True, False)
assert markings.is_marked(test_sdo, ["2", "4", "5"], "c.[2]", True, True)
assert markings.is_marked(test_sdo, ["4", "5"], "c.[2]", False, True)
assert markings.is_marked(test_sdo, ["5"], "c.[2].g", False, False)
assert markings.is_marked(test_sdo, ["2", "4", "5"], "c.[2].g", True, False)
assert markings.is_marked(test_sdo, ["2", "4", "5"], "c.[2].g", True, True)
assert markings.is_marked(test_sdo, ["5"], "c.[2].g", False, True)
assert markings.is_marked(test_sdo, ["6"], "x", False, False)
assert markings.is_marked(test_sdo, ["6"], "x", True, False)
assert markings.is_marked(test_sdo, ["6", "7", "8", "9", "10"], "x", True, True)
assert markings.is_marked(test_sdo, ["6", "7", "8", "9", "10"], "x", False, True)
assert markings.is_marked(test_sdo, ["7"], "x.y", False, False)
assert markings.is_marked(test_sdo, ["6", "7"], "x.y", True, False)
assert markings.is_marked(test_sdo, ["6", "7", "8"], "x.y", True, True)
assert markings.is_marked(test_sdo, ["7", "8"], "x.y", False, True)
assert markings.is_marked(test_sdo, "x.y.[0]", inherited=False, descendants=False) is False
assert markings.is_marked(test_sdo, ["6", "7"], "x.y.[0]", True, False)
assert markings.is_marked(test_sdo, ["6", "7"], "x.y.[0]", True, True)
assert markings.is_marked(test_sdo, "x.y.[0]", inherited=False, descendants=True) is False
assert markings.is_marked(test_sdo, ["8"], "x.y.[1]", False, False)
assert markings.is_marked(test_sdo, ["6", "7", "8"], "x.y.[1]", True, False)
assert markings.is_marked(test_sdo, ["6", "7", "8"], "x.y.[1]", True, True)
assert markings.is_marked(test_sdo, ["8"], "x.y.[1]", False, True)
assert markings.is_marked(test_sdo, ["9"], "x.z", False, False)
assert markings.is_marked(test_sdo, ["6", "9"], "x.z", True, False)
assert markings.is_marked(test_sdo, ["6", "9", "10"], "x.z", True, True)
assert markings.is_marked(test_sdo, ["9", "10"], "x.z", False, True)
assert markings.is_marked(test_sdo, "x.z.foo1", inherited=False, descendants=False) is False
assert markings.is_marked(test_sdo, ["6", "9"], "x.z.foo1", True, False)
assert markings.is_marked(test_sdo, ["6", "9"], "x.z.foo1", True, True)
assert markings.is_marked(test_sdo, "x.z.foo1", inherited=False, descendants=True) is False
assert markings.is_marked(test_sdo, ["10"], "x.z.foo2", False, False)
assert markings.is_marked(test_sdo, ["6", "9", "10"], "x.z.foo2", True, False)
assert markings.is_marked(test_sdo, ["6", "9", "10"], "x.z.foo2", True, True)
assert markings.is_marked(test_sdo, ["10"], "x.z.foo2", False, True)
def test_create_sdo_with_invalid_marking():
with pytest.raises(AssertionError) as excinfo:
Malware(
granular_markings=[
{
"selectors": ["foo"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
assert str(excinfo.value) == "Selector foo in Malware is not valid!"
def test_set_marking_mark_one_selector_multiple_refs():
before = Malware(
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
)
before = markings.set_markings(before, [MARKING_IDS[0], MARKING_IDS[1]], ["description"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_set_marking_mark_multiple_selector_one_refs():
before = Malware(
granular_markings=[
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = markings.set_markings(before, [MARKING_IDS[0]], ["description", "modified"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_set_marking_mark_multiple_selector_multiple_refs_from_none():
before = Malware(
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["description", "modified"],
"marking_ref": MARKING_IDS[1],
},
],
**MALWARE_KWARGS
)
before = markings.set_markings(before, [MARKING_IDS[0], MARKING_IDS[1]], ["description", "modified"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
def test_set_marking_mark_another_property_same_marking():
before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[1],
},
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[2],
},
],
**MALWARE_KWARGS
)
before = markings.set_markings(before, [MARKING_IDS[1], MARKING_IDS[2]], ["description"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
@pytest.mark.parametrize(
"marking", [
([MARKING_IDS[4], MARKING_IDS[5]], ["foo"]),
([MARKING_IDS[4], MARKING_IDS[5]], ""),
([MARKING_IDS[4], MARKING_IDS[5]], []),
([MARKING_IDS[4], MARKING_IDS[5]], [""]),
],
)
def test_set_marking_bad_selector(marking):
before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
with pytest.raises(AssertionError):
before = markings.set_markings(before, marking[0], marking[1])
assert before == after
def test_set_marking_mark_same_property_same_marking():
before = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
after = Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
],
**MALWARE_KWARGS
)
before = markings.set_markings(before, [MARKING_IDS[0]], ["description"])
for m in before["granular_markings"]:
assert m in after["granular_markings"]
CLEAR_MARKINGS_TEST_DATA = [
Malware(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["modified", "description"],
"marking_ref": MARKING_IDS[1],
},
{
"selectors": ["modified", "description", "type"],
"marking_ref": MARKING_IDS[2],
},
],
**MALWARE_KWARGS
),
dict(
granular_markings=[
{
"selectors": ["description"],
"marking_ref": MARKING_IDS[0],
},
{
"selectors": ["modified", "description"],
"marking_ref": MARKING_IDS[1],
},
{
"selectors": ["modified", "description", "type"],
"marking_ref": MARKING_IDS[2],
},
],
**MALWARE_KWARGS
),
]
@pytest.mark.parametrize("data", CLEAR_MARKINGS_TEST_DATA)
def test_clear_marking_smoke(data):
"""Test clear_marking call does not fail."""
data = markings.clear_markings(data, "modified")
assert markings.is_marked(data, "modified") is False
@pytest.mark.parametrize("data", CLEAR_MARKINGS_TEST_DATA)
def test_clear_marking_multiple_selectors(data):
"""Test clearing markings for multiple selectors effectively removes associated markings."""
data = markings.clear_markings(data, ["type", "description"])
assert markings.is_marked(data, ["type", "description"]) is False
@pytest.mark.parametrize("data", CLEAR_MARKINGS_TEST_DATA)
def test_clear_marking_one_selector(data):
"""Test markings associated with one selector were removed."""
data = markings.clear_markings(data, "description")
assert markings.is_marked(data, "description") is False
@pytest.mark.parametrize("data", CLEAR_MARKINGS_TEST_DATA)
def test_clear_marking_all_selectors(data):
data = markings.clear_markings(data, ["description", "type", "modified"])
assert markings.is_marked(data, "description") is False
assert "granular_markings" not in data
@pytest.mark.parametrize(
"data,selector", [
(CLEAR_MARKINGS_TEST_DATA[0], "foo"),
(CLEAR_MARKINGS_TEST_DATA[0], ""),
(CLEAR_MARKINGS_TEST_DATA[1], []),
(CLEAR_MARKINGS_TEST_DATA[1], [""]),
],
)
def test_clear_marking_bad_selector(data, selector):
"""Test bad selector raises exception."""
with pytest.raises(AssertionError):
markings.clear_markings(data, selector)
@pytest.mark.parametrize("data", CLEAR_MARKINGS_TEST_DATA)
def test_clear_marking_not_present(data):
"""Test clearing markings for a selector that has no associated markings."""
with pytest.raises(MarkingNotFoundError):
markings.clear_markings(data, ["malware_types"])