misp-modules/misp_modules/modules/expansion/stix2_pattern_syntax_valida...

import json
try:
    from stix2patterns.validator import run_validator
except ImportError:
    print("stix2 patterns python library is missing, use 'pip3 install stix2-patterns' to install it.")

misperrors = {'error': 'Error'}
mispattributes = {'input': ['stix2-pattern'], 'output': ['text']}
moduleinfo = {
    'version': '0.1',
    'author': 'Christian Studer',
    'module-type': ['hover'],
    'name': 'STIX2 Pattern Syntax Validator',
    'description': 'An expansion hover module to perform a syntax check on stix2 patterns.',
    'logo': 'stix.png',
    'requirements': ['stix2patterns python library'],
    'features': 'This module takes a STIX2 pattern attribute as input and performs a syntax check on it.\n\nIt displays then that the rule is valid if it is the case, and the error related to the rule otherwise.',
    'references': ['[STIX2.0 patterning specifications](http://docs.oasis-open.org/cti/stix/v2.0/cs01/part5-stix-patterning/stix-v2.0-cs01-part5-stix-patterning.html)'],
    'input': 'A STIX2 pattern attribute.',
    'output': 'Text describing the validity of the STIX2 pattern.',
}
moduleconfig = []


def handler(q=False):
    if q is False:
        return False
    request = json.loads(q)
    if not request.get('stix2-pattern'):
        misperrors['error'] = 'STIX2 pattern missing'
        return misperrors
    pattern = request.get('stix2-pattern')
    syntax_errors = []
    for p in pattern[1:-1].split(' AND '):
        syntax_validator = run_validator("[{}]".format(p))
        if syntax_validator:
            for error in syntax_validator:
                syntax_errors.append(error)
    if syntax_errors:
        s = 's' if len(syntax_errors) > 1 else ''
        s_errors = ""
        for error in syntax_errors:
            s_errors += "{}\n".format(error[6:])
        result = "Syntax error{}: \n{}".format(s, s_errors[:-1])
    else:
        result = "Syntax valid"
    return {'results': [{'types': mispattributes['output'], 'values': result}]}


def introspection():
    return mispattributes


def version():
    moduleinfo['config'] = moduleconfig
    return moduleinfo
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00			`import json`
fix: Put the stix2-pattern library import in a try statement --> Error more easily caught 2018-07-02 12:14:21 +02:00			`try:`
			`from stix2patterns.validator import run_validator`
fix: Making python 3.5 happy with the exception type ImportError 2018-09-08 02:53:15 +02:00			`except ImportError:`
fix: Put the stix2-pattern library import in a try statement --> Error more easily caught 2018-07-02 12:14:21 +02:00			`print("stix2 patterns python library is missing, use 'pip3 install stix2-patterns' to install it.")`
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00
			`misperrors = {'error': 'Error'}`
			`mispattributes = {'input': ['stix2-pattern'], 'output': ['text']}`
chg: [doc] Big doc revamp #680 2024-08-12 11:23:10 +02:00			`moduleinfo = {`
			`'version': '0.1',`
			`'author': 'Christian Studer',`
			`'module-type': ['hover'],`
			`'name': 'STIX2 Pattern Syntax Validator',`
			`'description': 'An expansion hover module to perform a syntax check on stix2 patterns.',`
			`'logo': 'stix.png',`
			`'requirements': ['stix2patterns python library'],`
			`'features': 'This module takes a STIX2 pattern attribute as input and performs a syntax check on it.\n\nIt displays then that the rule is valid if it is the case, and the error related to the rule otherwise.',`
			`'references': ['[STIX2.0 patterning specifications](http://docs.oasis-open.org/cti/stix/v2.0/cs01/part5-stix-patterning/stix-v2.0-cs01-part5-stix-patterning.html)'],`
			`'input': 'A STIX2 pattern attribute.',`
			`'output': 'Text describing the validity of the STIX2 pattern.',`
			`}`
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00			`moduleconfig = []`

fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00			`def handler(q=False):`
			`if q is False:`
			`return False`
			`request = json.loads(q)`
			`if not request.get('stix2-pattern'):`
			`misperrors['error'] = 'STIX2 pattern missing'`
			`return misperrors`
			`pattern = request.get('stix2-pattern')`
			`syntax_errors = []`
fix: Fixed pattern parsing + made the module hover only 2019-10-07 16:46:32 +02:00			`for p in pattern[1:-1].split(' AND '):`
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00			`syntax_validator = run_validator("[{}]".format(p))`
			`if syntax_validator:`
			`for error in syntax_validator:`
			`syntax_errors.append(error)`
			`if syntax_errors:`
			`s = 's' if len(syntax_errors) > 1 else ''`
			`s_errors = ""`
fix: Make pep8 happy 2018-12-11 15:29:09 +01:00			`for error in syntax_errors:`
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00			`s_errors += "{}\n".format(error[6:])`
			`result = "Syntax error{}: \n{}".format(s, s_errors[:-1])`
			`else:`
			`result = "Syntax valid"`
			`return {'results': [{'types': mispattributes['output'], 'values': result}]}`

fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00			`def introspection():`
			`return mispattributes`

fix: Make pep8 happy 2018-12-11 15:29:09 +01:00
add: STIX2 pattern syntax validator 2018-07-02 11:38:33 +02:00			`def version():`
			`moduleinfo['config'] = moduleconfig`
			`return moduleinfo`