def test_PackageToSimple_flattenPropertyValueField(self):
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field({
'value':
'abc',
'test':
'def'
}), 'abc')
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field('abc'),
'abc')
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field({
'value':
123,
'test':
'def'
}), 123)
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field(123),
123)
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field({
'value': {
'result': '132'
},
'test':
'def'
}), {'result': '132'})
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field(123),
123)
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field(['abc']),
['abc'])
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field(None),
None)
self.assertEqual(
ObservableStructureConverter.flatten_property_value_field({
'test2':
'abc',
'test':
'def'
}), {
'test2': 'abc',
'test': 'def'
})
def test_BuilderToSimple_CustomTypes_GetCorrectStructure(self):
for type_ in self.OBSERVABLE_CUSTOM_BUILDER_STRUCTURES:
builder_dict = self.OBSERVABLE_CUSTOM_BUILDER_STRUCTURES[type_]
simple = ObservableStructureConverter.builder_to_simple(
builder_dict.get('objectType'), builder_dict)
self.assertDictEqual(
simple, self.OBSERVABLE_CUSTOM_SIMPLE_STRUCTURES[type_])
def test_PackageToSimple_EmailType_GetCorrectStructure(self):
email_package = {
'xsi:type': 'EmailMessageObjectType',
'header': {
'subject':
'blah',
'from': {
'address_value': '*****@*****.**'
},
'date':
'Today',
'to': [{
'address_value': {
'value': '*****@*****.**'
}
}],
'cc': [{
'address_value': '*****@*****.**'
}, {
'address_value': '*****@*****.**'
}]
}
}
simple = ObservableStructureConverter.package_to_simple(
email_package['xsi:type'], email_package)
self.assertDictEqual(
simple, {
'xsi:type': 'EmailMessageObjectType',
'subject': 'blah',
'from': '*****@*****.**',
'date': 'Today',
'to': ['*****@*****.**'],
'cc': ['*****@*****.**', '*****@*****.**'],
'bcc': None
})
def __validate_observables(observables):
validation_results = {}
dummy_id = 1
for observable in observables:
id_ = observable.get('id')
object_type = observable.get('objectType')
if not id_:
# No id, so we can safely assume this is something from the builder...
observable_properties = ObservableStructureConverter.builder_to_simple(
object_type, observable)
validation_info = ObservableValidator.validate(
**observable_properties)
validation_results[
'Observable ' +
str(dummy_id)] = validation_info.validation_dict
else:
namespace_validation = NamespaceValidationInfo.validate(
r'obs', id_)
if namespace_validation.is_local():
real_observable = EdgeObject.load(id_)
as_package, _ = real_observable.capsulize('temp')
validation_info = PackageValidationInfo.validate(
as_package)
validation_results.update(validation_info.validation_dict)
else:
validation_results.update(
{id_: namespace_validation.validation_dict})
dummy_id += 1
return validation_results
def test_PackageToSimple_HTTPSessionType_GetCorrectStructure(self):
http_sessions = [{
'INPUT': {
'xsi:type':
'HTTPSessionObjectType',
'http_request_response': [{
'http_client_request': {
'http_request_header': {
'parsed_header': {
'user_agent': 'Mozilla/5.0'
}
}
}
}]
},
'OUTPUT': {
'xsi:type': 'HTTPSessionObjectType',
'user_agent': 'Mozilla/5.0'
}
}, {
'INPUT': {
'xsi:type': 'HTTPSessionObjectType'
},
'OUTPUT': {
'xsi:type': 'HTTPSessionObjectType',
'user_agent': None
}
}]
for session in http_sessions:
simple = ObservableStructureConverter.package_to_simple(
session['INPUT']['xsi:type'], session['INPUT'])
self.assertDictEqual(simple, session['OUTPUT'])
def __validate_observables(observables, stix_header):
all_observables_validation = {}
for observable in observables:
if 'observable_composition' not in observable:
id_ = observable['id']
observable_validation = ObjectValidationInfo()
observable_validation.extend(
CommonValidationInfo.validate(item=observable,
package_dict=stix_header))
namespace_validation = NamespaceValidationInfo.validate(
r'obs', id_)
if namespace_validation.is_local():
properties = observable['object']['properties']
properties = ObservableStructureConverter.package_to_simple(
properties.get('xsi:type'), properties)
observable_validation.extend(
ObservableValidator.validate(
object_type=FieldAlias('xsi:type',
properties.get('xsi:type')),
description=observable.get('description'),
**properties))
else:
observable_validation.extend(namespace_validation)
if observable_validation.validation_dict:
all_observables_validation.update(
{id_: observable_validation.validation_dict})
return all_observables_validation
def test_BuilderToSimple_AnyValidShorthandType_GetsCorrectFullType(self):
with mock.patch.object(
ObservableStructureConverter,
'_ObservableStructureConverter__get_builder_package_conversion_handler',
return_value=None):
for type_ in self.OBSERVABLE_TYPES:
simple = ObservableStructureConverter.builder_to_simple(
type_, {})
self.assertEqual(simple.get('object_type'),
self.OBSERVABLE_TYPES[type_])
def test_PackageToSimple_AddressType_GetCorrectStructure(self):
address_package = {
'xsi:type': 'AddressObjectType',
'category': 'ipv4-addr',
'address_value': {
'value': '192.168.0.1'
}
}
simple = ObservableStructureConverter.package_to_simple(
address_package['xsi:type'], address_package)
self.assertDictEqual(
simple, {
'xsi:type': 'AddressObjectType',
'category': 'ipv4-addr',
'address_value': '192.168.0.1'
})
def __validate_observables(observables):
observable_validation = {}
for observable in observables:
if 'observable_composition' not in observable:
id_ = observable['id']
namespace_validation = NamespaceValidationInfo.validate(r'obs', id_)
if namespace_validation.is_local():
properties = observable['object']['properties']
properties = ObservableStructureConverter.package_to_simple(properties.get('xsi:type'), properties)
validation_results = ObservableValidator.validate(
object_type=FieldAlias('xsi:type', properties.get('xsi:type')),
description=observable.get('description'), **properties)
if validation_results and validation_results.validation_dict:
observable_validation.update({id_: validation_results.validation_dict})
else:
observable_validation.update({id_: namespace_validation.validation_dict})
return observable_validation
def test_PackageToSimple_SocketType_GetCorrectStructure(self):
socket_package = {
'xsi:type': 'SocketAddressObjectType',
'port': {
'port_value': '1234',
'layer4_protocol': 'blah'
},
'ip_address': {
'address_value': '102.12.211.6'
},
'hostname': {
'hostname_value': 'blah'
}
}
simple = ObservableStructureConverter.package_to_simple(
socket_package['xsi:type'], socket_package)
self.assertDictEqual(
simple, {
'xsi:type': 'SocketAddressObjectType',
'port': '1234',
'protocol': 'blah',
'ip_address': '102.12.211.6',
'hostname': 'blah'
})
def test_PackageToSimple_GenericTypes_GetCorrectStructure(self):
package_dict = self.GENERIC_OBSERVABLE_STRUCTURES['PACKAGE']
simple = ObservableStructureConverter.package_to_simple(
package_dict.get('xsi:type'), package_dict)
self.assertDictEqual(simple,
self.GENERIC_OBSERVABLE_STRUCTURES['PACKAGE'])
def test_BuilderToSimple_GenericTypes_GetCorrectStructure(self):
builder_dict = self.GENERIC_OBSERVABLE_STRUCTURES['BUILDER']
simple = ObservableStructureConverter.builder_to_simple(
builder_dict.get('objectType'), builder_dict)
self.assertDictEqual(simple,
self.GENERIC_OBSERVABLE_STRUCTURES['SIMPLE'])