def test_10(self):
"""
Test a query. Should match just the APT1 report.
"""
test = tdq.Test(capability_id=tdq.CM_CORE,
relationship=R_EQUALS,
parameters={
P_VALUE: 'Unit 61398',
P_MATCH_TYPE: 'case_sensitive_string'
})
criterion = tdq.Criterion(
target=
'STIX_Package/Threat_Actors/Threat_Actor/Identity/Specification/PartyName/OrganisationName/SubDivisionName',
test=test)
criteria = tdq.Criteria(OP_AND, criterion=[criterion])
q = tdq.DefaultQuery(CB_STIX_XML_111, criteria)
pp = tm11.PollParameters()
pr = tm11.PollRequest(message_id=generate_message_id(),
collection_name='default',
poll_parameters=pp)
#msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr)
msg = make_request('/services/test_poll_1/', pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_POLL_RESPONSE)
if len(msg.content_blocks) != 1:
raise ValueError('Got %s CBs' % len(msg.content_blocks))
def main():
# Create the test portion of the query
my_test = tdq.Test(capability_id=CM_CORE,
relationship=R_EQUALS,
parameters={P_VALUE: value,
P_MATCH_TYPE: 'case_insensitive_string'}
)
#Put the test into a Criterion
my_criterion = tdq.Criterion(target=target, test=my_test)
# Put the Criterion into a Criteria
my_criteria = tdq.Criteria(operator=OP_AND,
criterion=[my_criterion],
criteria=None)
# Create a query with the criteria
my_query = tdq.DefaultQuery(CB_STIX_XML_111, my_criteria)
# Create a Poll Parameters that indicates
# Only STIX 1.1.1 is accepted in response
# and with the query created previously
params = tm11.PollParameters(content_bindings=[tm11.ContentBinding(CB_STIX_XML_111)],
query=my_query)
poll_request = tm11.PollRequest(message_id=generate_message_id(),
collection_name='file_hash_reputation',
poll_parameters=params)
print poll_request.to_xml(pretty_print=True)
def main():
discovery_response = tm11.DiscoveryResponse(message_id=generate_message_id(),
in_response_to='1')
# Create a targeting expression info
# indicating STIX XML 1.1.1 and that only
# Hash Value targets are allowed
my_tei = tdq.TargetingExpressionInfo(CB_STIX_XML_111,
preferred_scope=['**/Simple_Hash_Value'],
allowed_scope=None)
my_supported_query = tdq.DefaultQueryInfo([my_tei], [CM_CORE])
si = tm11.ServiceInstance(service_type=SVC_POLL,
services_version=VID_TAXII_SERVICES_11,
protocol_binding=VID_TAXII_HTTP_10,
service_address='http://example.com/poll-service/',
message_bindings=[VID_TAXII_XML_11],
available=True,
message='This is a File Hash Reputation Poll Service',
supported_query=[my_supported_query])
discovery_response.service_instances.append(si)
print discovery_response.to_xml(pretty_print=True)
def handle_message(cls, inbox_service, inbox_message, django_request):
"""
"""
collections = inbox_service.validate_destination_collection_names(None, # Inbox 1.0 doesn't have a DCN
inbox_message.message_id)
# Store certain information about this Inbox Message in the database for bookkeeping
inbox_message_db = models.InboxMessage.from_inbox_message_10(inbox_message,
django_request,
received_via=inbox_service)
inbox_message_db.save()
saved_blocks = 0
for content_block in inbox_message.content_blocks:
inbox_support_info = inbox_service.is_content_supported(content_block.content_binding)
if inbox_support_info.is_supported is False:
continue
cls.save_content_block(content_block)
saved_blocks += 1
# Update the Inbox Message model with the number of ContentBlocks that were saved
inbox_message_db.content_blocks_saved = saved_blocks
inbox_message_db.save()
# Create and return a Status Message indicating success
status_message = tm11.StatusMessage(message_id=generate_message_id(),
in_response_to=inbox_message.message_id,
status_type=ST_SUCCESS)
return status_message
def handle_message(cls, inbox_service, inbox_message, django_request):
"""
"""
collections = inbox_service.validate_destination_collection_names(
None, # Inbox 1.0 doesn't have a DCN
inbox_message.message_id)
# Store certain information about this Inbox Message in the database for bookkeeping
inbox_message_db = models.InboxMessage.from_inbox_message_10(
inbox_message, django_request, received_via=inbox_service)
inbox_message_db.save()
saved_blocks = 0
for content_block in inbox_message.content_blocks:
inbox_support_info = inbox_service.is_content_supported(
content_block.content_binding)
if inbox_support_info.is_supported is False:
continue
cls.save_content_block(content_block)
saved_blocks += 1
# Update the Inbox Message model with the number of ContentBlocks that were saved
inbox_message_db.content_blocks_saved = saved_blocks
inbox_message_db.save()
# Create and return a Status Message indicating success
status_message = tm11.StatusMessage(
message_id=generate_message_id(),
in_response_to=inbox_message.message_id,
status_type=ST_SUCCESS)
return status_message
def test_01(self):
"""
Sends an Inbox Message to an invalid URL.
Should get back a 404
"""
inbox_message = tm11.InboxMessage(generate_message_id())
msg = make_request(post_data = inbox_message.to_xml(), path='/Services/PathThatShouldNotWork/', expected_code = 404)
def handle_message(cls, inbox_service, inbox_message, django_request):
"""
Attempts to save all Content Blocks in the Inbox Message into the
database.
Workflow:
#. Validate the request's Destination Collection Names against the InboxService model
#. Create an InboxMessage model object for bookkeeping
#. Iterate over each Content Block in the request:
#. Identify which of the request's destination collections support the Content Block's Content Binding
#. Call `save_content_block(tm11.ContentBlock, <list of Data Collections from 3a>)`
#. Return Status Message with a Status Type of Success
Raises:
A StatusMessageException for errors
"""
collections = inbox_service.validate_destination_collection_names(inbox_message.destination_collection_names,
inbox_message.message_id)
# Store certain information about this Inbox Message in the database for bookkeeping
inbox_message_db = models.InboxMessage.from_inbox_message_11(inbox_message,
django_request,
received_via=inbox_service)
inbox_message_db.save()
# Iterate over the ContentBlocks in the InboxMessage and try to add
# them to the database
saved_blocks = 0
for content_block in inbox_message.content_blocks:
# 3a. Identify whether the InboxService supports the Content Block's Content Binding
# TODO: Is this useful?
inbox_support_info = inbox_service.is_content_supported(content_block.content_binding)
supporting_collections = []
for collection in collections:
collection_support_info = collection.is_content_supported(content_block.content_binding)
if collection_support_info.is_supported:
supporting_collections.append(collection)
if len(supporting_collections) == 0 and not inbox_support_info.is_supported:
# There's nothing to add this content block to
continue
cls.save_content_block(content_block, supporting_collections)
saved_blocks += 1
# Update the Inbox Message model with the number of ContentBlocks that were saved
inbox_message_db.content_blocks_saved = saved_blocks
inbox_message_db.save()
# Create and return a Status Message indicating success
status_message = tm11.StatusMessage(message_id=generate_message_id(),
in_response_to=inbox_message.message_id,
status_type=ST_SUCCESS)
return status_message
def test_01(self):
"""
Send a collection information request, look to get a collection information response back
"""
cir = tm11.CollectionInformationRequest(generate_message_id())
msg = make_request(COLLECTION_MGMT_11_PATH, cir.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_COLLECTION_INFORMATION_RESPONSE)
def create_poll_response(cls, poll_service, prp, content):
"""
Creates a poll response.
1. If the request's response type is "Count Only",
a single poll response w/ more=False used.
2. If the content size is less than the poll_service's
max_result_size, a poll response w/ more=False is used.
3. If the poll_service's max_result_size is blank,
a poll response w/ more=False used.
4. If the response type is "Full" and the total
number of contents are greater than the
poll_service's max_result_size, a ResultSet
is created, and a PollResponse w/more=True is used.
"""
content_count = len(content)
# RT_COUNT_ONLY - Always use a single result
# RT_FULL - Use a single response if
# poll_service.max_result_size is None or
# len(content) <= poll_service.max_result_size
# Use a Multi-Part response otherwise
if (prp.response_type == RT_COUNT_ONLY
or poll_service.max_result_size is None
or content_count <= poll_service.max_result_size):
poll_response = tm11.PollResponse(
message_id=generate_message_id(),
in_response_to=prp.message_id,
collection_name=prp.collection.name,
result_part_number=1,
more=False,
exclusive_begin_timestamp_label=prp.
exclusive_begin_timestamp_label,
inclusive_end_timestamp_label=prp.
inclusive_end_timestamp_label,
record_count=tm11.RecordCount(content_count, False))
if prp.subscription:
poll_response.subscription_id = prp.subscription.subscription_id
if prp.response_type == RT_FULL:
for c in content:
poll_response.content_blocks.append(
c.to_content_block_11())
else:
# Split into multiple result sets
result_set = handlers.create_result_set(poll_service, prp, content)
rsp_1 = models.ResultSetPart.objects.get(
result_set__pk=result_set.pk, part_number=1)
poll_response = rsp_1.to_poll_response_11(prp.message_id)
result_set.last_part_returned = rsp_1
result_set.save()
response = poll_response
return poll_response
def test_01(self):
"""
Send a collection information request, look to get a collection information response back
"""
cir = tm11.CollectionInformationRequest(generate_message_id())
msg = make_request(COLLECTION_MGMT_11_PATH,
cir.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_COLLECTION_INFORMATION_RESPONSE)
def test_01(self):
"""
Sends an Inbox Message to an invalid URL.
Should get back a 404
"""
inbox_message = tm11.InboxMessage(generate_message_id())
msg = make_request(post_data=inbox_message.to_xml(),
path='/Services/PathThatShouldNotWork/',
expected_code=404)
def test_01(self):
"""
Send a feed information request, look to get a feed information response back
"""
fir = tm10.FeedInformationRequest(generate_message_id())
msg = make_request(COLLECTION_MGMT_11_PATH, fir.to_xml(),
get_headers(VID_TAXII_SERVICES_10, False),
MSG_FEED_INFORMATION_RESPONSE)
def test_01(self):
"""
Send a discovery request, look to get a discovery response back
"""
dr = tm10.DiscoveryRequest(generate_message_id())
msg = make_request(DISCOVERY_11_PATH, dr.to_xml(),
get_headers(VID_TAXII_SERVICES_10, False),
MSG_DISCOVERY_RESPONSE)
def test_01(self):
"""
Send a message to test_inbox_1 with a valid destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id(),
destination_collection_names=['default'])
msg = make_request('/services/test_inbox_1/', inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE, ST_SUCCESS)
def test_09(self):
"""
Send a message to test_inbox_3 without a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_3/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def test_13(self):
"""
Send a TAXII 1.0 Inbox Message to /services/test_inbox_3/
"""
inbox = tm10.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_3/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_10, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def test_01(self):
"""
Send a discovery request, look to get a discovery response back
"""
dr = tm10.DiscoveryRequest(generate_message_id())
msg = make_request(DISCOVERY_11_PATH,
dr.to_xml(),
get_headers(VID_TAXII_SERVICES_10, False),
MSG_DISCOVERY_RESPONSE)
def test_01(self):
"""
Send a feed information request, look to get a feed information response back
"""
fir = tm10.FeedInformationRequest(generate_message_id())
msg = make_request(COLLECTION_MGMT_11_PATH,
fir.to_xml(),
get_headers(VID_TAXII_SERVICES_10, False),
MSG_FEED_INFORMATION_RESPONSE)
def test_09(self):
"""
Send a message to test_inbox_3 without a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_3/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def test_08(self):
"""
Send a message to test_inbox_3 with a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default'])
msg = make_request('/services/test_inbox_3/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_DESTINATION_COLLECTION_ERROR)
def test_04(self):
"""
Send a message to test_inbox_2 with a valid destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default'])
msg = make_request('/services/test_inbox_2/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def test_13(self):
"""
Send a TAXII 1.0 Inbox Message to /services/test_inbox_3/
"""
inbox = tm10.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_3/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_10, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def test_10(self):
"""
Send an Inbox message with a Record Count
"""
inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default'])
inbox.record_count = tm11.RecordCount(0, True)
msg = make_request('/services/test_inbox_1/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def test_11(self):
"""
Send a TAXII 1.0 Inbox Message to /services/test_inbox_1/. Will always
fail because /services/test_inbox_1/ requires a DCN and TAXII 1.0 cannot specify that.
"""
inbox = tm10.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_1/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_10, False),
MSG_STATUS_MESSAGE,
st=ST_FAILURE)
def test_11(self):
"""
Send a TAXII 1.0 Inbox Message to /services/test_inbox_1/. Will always
fail because /services/test_inbox_1/ requires a DCN and TAXII 1.0 cannot specify that.
"""
inbox = tm10.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_1/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_10, False),
MSG_STATUS_MESSAGE,
st=ST_FAILURE)
def test_05(self):
"""
Send a message to test_inbox_2 with an invalid destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id(), destination_collection_names=['default_INVALID'])
msg = make_request('/services/test_inbox_2/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_NOT_FOUND,
sd_keys=[SD_ITEM])
def test_08(self):
"""
Send a message to test_inbox_3 with a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id(),
destination_collection_names=['default'])
msg = make_request('/services/test_inbox_3/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_DESTINATION_COLLECTION_ERROR)
def test_03(self):
"""
Send a message to test_inbox_1 without a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_1/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_DESTINATION_COLLECTION_ERROR,
sd_keys=[SD_ACCEPTABLE_DESTINATION])
def test_03(self):
"""
Send a message to test_inbox_1 without a destination collection name
"""
inbox = tm11.InboxMessage(generate_message_id())
msg = make_request('/services/test_inbox_1/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_DESTINATION_COLLECTION_ERROR,
sd_keys=[SD_ACCEPTABLE_DESTINATION])
def test_10(self):
"""
Send an Inbox message with a Record Count
"""
inbox = tm11.InboxMessage(generate_message_id(),
destination_collection_names=['default'])
inbox.record_count = tm11.RecordCount(0, True)
msg = make_request('/services/test_inbox_1/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_SUCCESS)
def to_status_message_10(self):
"""
Creates a TAXII 1.0 Status Message based on the
properties of this object
"""
sm = tm10.StatusMessage(message_id=generate_message_id(),
in_response_to=self.in_response_to,
extended_headers=self.extended_headers,
status_type=self.status_type,
status_detail=str(self.status_detail),
message=self.message)
return sm
def to_status_message_10(self):
"""
Creates a TAXII 1.0 Status Message based on the
properties of this object
"""
sm = tm10.StatusMessage(message_id=generate_message_id(),
in_response_to=self.in_response_to,
extended_headers=self.extended_headers,
status_type=self.status_type,
status_detail=str(self.status_detail),
message=self.message)
return sm
def create_poll_response(cls, poll_service, prp, content):
"""
Creates a poll response.
1. If the request's response type is "Count Only",
a single poll response w/ more=False used.
2. If the content size is less than the poll_service's
max_result_size, a poll response w/ more=False is used.
3. If the poll_service's max_result_size is blank,
a poll response w/ more=False used.
4. If the response type is "Full" and the total
number of contents are greater than the
poll_service's max_result_size, a ResultSet
is created, and a PollResponse w/more=True is used.
"""
content_count = len(content)
# RT_COUNT_ONLY - Always use a single result
# RT_FULL - Use a single response if
# poll_service.max_result_size is None or
# len(content) <= poll_service.max_result_size
# Use a Multi-Part response otherwise
if (prp.response_type == RT_COUNT_ONLY or
poll_service.max_result_size is None or
content_count <= poll_service.max_result_size):
poll_response = tm11.PollResponse(message_id=generate_message_id(),
in_response_to=prp.message_id,
collection_name=prp.collection.name,
result_part_number=1,
more=False,
exclusive_begin_timestamp_label=prp.exclusive_begin_timestamp_label,
inclusive_end_timestamp_label=prp.inclusive_end_timestamp_label,
record_count=tm11.RecordCount(content_count, False))
if prp.subscription:
poll_response.subscription_id = prp.subscription.subscription_id
if prp.response_type == RT_FULL:
for c in content:
poll_response.content_blocks.append(c.to_content_block_11())
else:
# Split into multiple result sets
result_set = handlers.create_result_set(poll_service, prp, content)
rsp_1 = models.ResultSetPart.objects.get(result_set__pk=result_set.pk, part_number=1)
poll_response = rsp_1.to_poll_response_11(prp.message_id)
result_set.last_part_returned = rsp_1
result_set.save()
response = poll_response
return poll_response
def test_05(self):
"""
Send a message to test_inbox_2 with an invalid destination collection name
"""
inbox = tm11.InboxMessage(
generate_message_id(),
destination_collection_names=['default_INVALID'])
msg = make_request('/services/test_inbox_2/',
inbox.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_NOT_FOUND,
sd_keys=[SD_ITEM])
def test_03(self):
"""
Test an invalid subscription ID
"""
pr = tm11.PollRequest(message_id=generate_message_id(),
collection_name='default',
subscription_id='jdslkajdlksajdlksajld')
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_NOT_FOUND,
sd_keys=[SD_ITEM])
def create_request_message(self):
if self.begin_timestamp:
begin_ts = dateutil.parser.parse(self.begin_timestamp)
# TODO: add support for end timestamp
end_ts = None
create_kwargs = {
'message_id': generate_message_id(),
'collection_name': self.collection_name,
'exclusive_begin_timestamp_label': begin_ts,
'inclusive_end_timestamp_label': end_ts
}
create_kwargs['poll_parameters'] = PollRequest.PollParameters()
poll_req = PollRequest(**create_kwargs)
return poll_req
def create_request_message(self, args):
if args.content_file is self.stix_watchlist:
data = self.stix_watchlist
else:
with open(args.content_file, 'r') as f:
data = f.read()
cb = tm10.ContentBlock(args.content_binding, data)
if args.subtype is not None:
cb.content_binding.subtype_ids.append(args.subtype)
inbox_message = tm10.InboxMessage(message_id=generate_message_id(), content_blocks=[cb])
return inbox_message
def test_03(self):
"""
Test an invalid subscription ID
"""
pr = tm11.PollRequest(
message_id = generate_message_id(),
collection_name = 'default',
subscription_id = 'jdslkajdlksajdlksajld')
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_NOT_FOUND,
sd_keys=[SD_ITEM])
def exception_to_status(exception, format_version):
data = dict(message_id=generate_message_id(),
in_response_to=exception.in_response_to,
extended_headers=exception.extended_headers,
status_type=exception.status_type,
status_detail=exception.status_details,
message=exception.message)
if format_version == VID_TAXII_XML_11:
sm = tm11.StatusMessage(**data)
elif format_version == VID_TAXII_XML_10:
sm = tm10.StatusMessage(**data)
else:
raise ValueError("Unknown version: %s" % format_version)
return sm
def test_09(self):
"""
Tests that a single PollRequest succeeds.
"""
pp = tm11.PollParameters()
pr = tm11.PollRequest(message_id=generate_message_id(),
collection_name='default',
poll_parameters=pp)
msg = make_request('/services/test_poll_1/', pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_POLL_RESPONSE)
#msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr)
if len(msg.content_blocks) != 5:
raise ValueError('Got %s CBs' % len(msg.content_blocks))
def create_pending_response(cls, poll_service, prp, content):
"""
Arguments:
poll_service (models.PollService) - The TAXII Poll Service being invoked
prp (util.PollRequestProperties) - The Poll Request Properties of the Poll Request
content - A list of content (nominally, models.ContentBlock objects).
This method returns a StatusMessage with a Status Type
of Pending OR raises a StatusMessageException
based on the following table::
asynch | Delivery_Params | can_push || Response Type
----------------------------------------------------
True | - | - || Pending - Asynch
False | Yes | Yes || Pending - Push
False | Yes | No || StatusMessageException
False | No | - || StatusMessageException
"""
# Identify the Exception conditions first (e.g., rows #3 and #4)
if (prp.allow_asynch is False and
(prp.delivery_parameters is None or prp.can_push is False)):
raise StatusMessageException(
prp.message_id, ST_FAILURE,
"The content was not available now and \
the request had allow_asynch=False and no \
Delivery Parameters were specified.")
# Rows #1 and #2 are both Status Messages with a type of Pending
result_set = cls.create_result_set(content, prp, poll_service)
sm = tm11.StatusMessage(message_id=generate_message_id(),
in_response_to=prp.message_id,
status_type=ST_PENDING)
if prp.allow_asynch:
sm.status_details = {
SD_ESTIMATED_WAIT: 300,
SD_RESULT_ID: result_set.pk,
SD_WILL_PUSH: False
}
else:
# TODO: Check and see if the requested delivery parameters are supported
sm.status_details = {
SD_ESTIMATED_WAIT: 300,
SD_RESULT_ID: result_set.pk,
SD_WILL_PUSH: True
}
# TODO: Need to try pushing or something.
return sm
def test_04(self):
"""
Test a Content Binding ID not supported by the server
"""
pp = tm11.PollParameters(content_bindings=[tm11.ContentBinding('some_random_binding')])
pr = tm11.PollRequest(
message_id = generate_message_id(),
collection_name = 'default',
poll_parameters = pp)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_UNSUPPORTED_CONTENT_BINDING,
sd_keys=[SD_SUPPORTED_CONTENT])
def test_04(self):
"""
Test a Content Binding ID not supported by the server
"""
pp = tm11.PollParameters(
content_bindings=[tm11.ContentBinding('some_random_binding')])
pr = tm11.PollRequest(message_id=generate_message_id(),
collection_name='default',
poll_parameters=pp)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_UNSUPPORTED_CONTENT_BINDING,
sd_keys=[SD_SUPPORTED_CONTENT])
def exception_to_status(exception, format_version):
data = dict(
message_id=generate_message_id(),
in_response_to=exception.in_response_to,
extended_headers=exception.extended_headers,
status_type=exception.status_type,
status_detail=exception.status_details,
message=exception.message)
if format_version == VID_TAXII_XML_11:
sm = tm11.StatusMessage(**data)
elif format_version == VID_TAXII_XML_10:
sm = tm10.StatusMessage(**data)
else:
raise ValueError("Unknown version: %s" % format_version)
return sm
def test_05(self):
"""
Test a supported Content Binding ID with an unsupported subtype
"""
pp = tm11.PollParameters(content_bindings=[tm11.ContentBinding(CB_STIX_XML_111, subtype_ids=['FakeSubtype'])])
pr = tm11.PollRequest(
message_id = generate_message_id(),
collection_name = 'default',
poll_parameters = pp)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_UNSUPPORTED_CONTENT_BINDING,
sd_keys=[SD_SUPPORTED_CONTENT])
def test_02(self):
"""
Test a begin TS later than an end TS.
"""
begin_ts = datetime.now(tzutc())
end_ts = begin_ts - timedelta(days=-7)
pp = tm11.PollParameters()
pr = tm11.PollRequest(message_id=generate_message_id(),
collection_name='default',
poll_parameters=pp,
exclusive_begin_timestamp_label=begin_ts,
inclusive_end_timestamp_label=end_ts)
msg = make_request('/services/test_poll_1/', pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
ST_FAILURE)
def test_09(self):
"""
Tests that a single PollRequest succeeds.
"""
pp = tm11.PollParameters()
pr = tm11.PollRequest(
message_id=generate_message_id(),
collection_name='default',
poll_parameters=pp)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_POLL_RESPONSE)
#msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr)
if len(msg.content_blocks) != 5:
raise ValueError('Got %s CBs' % len(msg.content_blocks))
def test_05(self):
"""
Test a supported Content Binding ID with an unsupported subtype
"""
pp = tm11.PollParameters(content_bindings=[
tm11.ContentBinding(CB_STIX_XML_111, subtype_ids=['FakeSubtype'])
])
pr = tm11.PollRequest(message_id=generate_message_id(),
collection_name='default',
poll_parameters=pp)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_UNSUPPORTED_CONTENT_BINDING,
sd_keys=[SD_SUPPORTED_CONTENT])
def test_01(self):
"""
Test an invalid collection name
"""
pp = tm11.PollParameters()
pr = tm11.PollRequest(
message_id=generate_message_id(),
collection_name='INVALID_COLLECTION_NAME_13820198320',
poll_parameters=pp)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_NOT_FOUND,
sd_keys=[SD_ITEM])
def test_01(self):
"""
Test an invalid collection name
"""
pp = tm11.PollParameters()
pr = tm11.PollRequest(
message_id = generate_message_id(),
collection_name = 'INVALID_COLLECTION_NAME_13820198320',
poll_parameters = pp)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_STATUS_MESSAGE,
st=ST_NOT_FOUND,
sd_keys=[SD_ITEM])
def _wrapped_view(request, *args, **kwargs):
if request.method != 'POST':
raise StatusMessageException('0', ST_BAD_MESSAGE,
'Request method was not POST!')
# If requested, attempt to validate
# TODO: Validation has changed!
if do_validate:
try:
validate(request)
except Exception as e:
raise StatusMessageException('0', ST_BAD_MESSAGE,
e.message)
# Attempt to deserialize
try:
message = deserialize(request)
except Exception as e:
raise StatusMessageException('0', ST_BAD_MESSAGE, e.message)
try:
if message_types is None:
pass # No checking was requested
elif isinstance(message_types, list):
if message.__class__ not in message_types:
raise ValueError(
'Message type not allowed. Must be one of: %s' %
message_types)
elif isinstance(message_types, object):
if not isinstance(message, message_types):
raise ValueError(
'Message type not allowed. Must be: %s' %
message_types)
elif message_types is not None:
raise ValueError(
'Something strange happened with message_types! Was not a list or object!'
)
except ValueError as e:
msg = tm11.StatusMessage(generate_message_id(),
message.message_id,
status_type='FAILURE',
message=e.message)
return HttpResponseTaxii(msg.to_xml(), response_headers)
kwargs['taxii_message'] = message
return view_func(request, *args, **kwargs)
def test_02(self):
"""
Test a begin TS later than an end TS.
"""
begin_ts = datetime.now(tzutc())
end_ts = begin_ts - timedelta(days=-7)
pp = tm11.PollParameters()
pr = tm11.PollRequest(
message_id = generate_message_id(),
collection_name = 'default',
poll_parameters = pp,
exclusive_begin_timestamp_label = begin_ts,
inclusive_end_timestamp_label = end_ts)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
ST_FAILURE)
def test_10(self):
"""
Test a query. Should match just the APT1 report.
"""
test = tdq.Test(capability_id = tdq.CM_CORE, relationship=R_EQUALS, parameters={P_VALUE: 'Unit 61398', P_MATCH_TYPE: 'case_sensitive_string'} )
criterion = tdq.Criterion(target='STIX_Package/Threat_Actors/Threat_Actor/Identity/Specification/PartyName/OrganisationName/SubDivisionName', test=test)
criteria = tdq.Criteria(OP_AND, criterion=[criterion])
q = tdq.DefaultQuery(CB_STIX_XML_111, criteria)
pp = tm11.PollParameters()
pr = tm11.PollRequest(
message_id=generate_message_id(),
collection_name='default',
poll_parameters=pp)
#msg = self.send_poll_request('/services/test_poll_1/', VID_TAXII_XML_11, pr)
msg = make_request('/services/test_poll_1/',
pr.to_xml(),
get_headers(VID_TAXII_SERVICES_11, False),
MSG_POLL_RESPONSE)
if len(msg.content_blocks) != 1:
raise ValueError('Got %s CBs' % len(msg.content_blocks))
def create_pending_response(cls, poll_service, prp, content):
"""
Arguments:
poll_service (models.PollService) - The TAXII Poll Service being invoked
prp (util.PollRequestProperties) - The Poll Request Properties of the Poll Request
content - A list of content (nominally, models.ContentBlock objects).
This method returns a StatusMessage with a Status Type
of Pending OR raises a StatusMessageException
based on the following table::
asynch | Delivery_Params | can_push || Response Type
----------------------------------------------------
True | - | - || Pending - Asynch
False | Yes | Yes || Pending - Push
False | Yes | No || StatusMessageException
False | No | - || StatusMessageException
"""
# Identify the Exception conditions first (e.g., rows #3 and #4)
if (prp.allow_asynch is False and
(prp.delivery_parameters is None or prp.can_push is False)):
raise StatusMessageException(prp.message_id,
ST_FAILURE,
"The content was not available now and \
the request had allow_asynch=False and no \
Delivery Parameters were specified.")
# Rows #1 and #2 are both Status Messages with a type of Pending
result_set = cls.create_result_set(content, prp, poll_service)
sm = tm11.StatusMessage(message_id=generate_message_id(),
in_response_to=prp.message_id,
status_type=ST_PENDING)
if prp.allow_asynch:
sm.status_details = {SD_ESTIMATED_WAIT: 300, SD_RESULT_ID: result_set.pk, SD_WILL_PUSH: False}
else:
# TODO: Check and see if the requested delivery parameters are supported
sm.status_details = {SD_ESTIMATED_WAIT: 300, SD_RESULT_ID: result_set.pk, SD_WILL_PUSH: True}
# TODO: Need to try pushing or something.
return sm
def run(self):
client = tc.HttpClient()
# TODO: handle authentication stuff
#client.set_auth_type(tc.AUTH_NONE)
client.set_use_https(False)
r = CollectionInformationRequest(generate_message_id())
col_xml = r.to_xml(pretty_print=True)
if ':' in self.url.netloc:
host = self.url.netloc.split(':')[0]
server_port = self.url.netloc.split(':')[1]
else:
host = self.url.netloc
server_port = None
if server_port:
http_resp = client.call_taxii_service2(host, self.url.path, VID_TAXII_XML_11, col_xml, port = server_port)
else:
http_resp = client.call_taxii_service2(host, self.url.path, VID_TAXII_XML_11, col_xml)
taxii_message = t.get_message_from_http_response(http_resp, r.message_id)
return taxii_message.to_dict()
def main():
file_hash = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
badness = 0 # Value between 0-100, or None if the badness is unknown
sp = STIXPackage()
sp.stix_header = STIXHeader()
sp.stix_header.title = "File Hash Reputation for %s" % file_hash
sp.stix_header.add_package_intent("Indicators - Malware Artifacts")
sp.stix_header.information_source = InformationSource()
sp.stix_header.information_source.identity = Identity()
sp.stix_header.information_source.identity.name = "TAXII Service Profile: File Hash Reputation"
file_obj = File()
file_obj.add_hash(file_hash)
file_obj.hashes[0].simple_hash_value.condition = "Equals"
indicator = Indicator(title="File Hash Reputation")
indicator.indicator_type = "File Hash Reputation"
indicator.add_observable(file_obj)
if badness is None:
indicator.likely_impact = "Unknown"
else:
vs = VocabString(str(badness))
vs.vocab_name = 'percentage'
vs.vocab_reference = "http://en.wikipedia.org/wiki/Percentage"
indicator.likely_impact = vs
sp.add_indicator(indicator)
stix_xml = sp.to_xml()
poll_response = tm11.PollResponse(message_id=generate_message_id(),
in_response_to="1234",
collection_name='file_hash_reputation')
cb = tm11.ContentBlock(content_binding=CB_STIX_XML_111,
content=stix_xml)
poll_response.content_blocks.append(cb)
print poll_response.to_xml(pretty_print=True)
def create_poll_response(cls, poll_service, prp, content_blocks):
"""
:param poll_service:
:param prp:
:param content_blocks:
:return:
"""
ietl = prp.exclusive_begin_timestamp_label
if ietl is not None:
ietl += timedelta(milliseconds=1)
pr = tm10.PollResponse(message_id=generate_message_id(),
in_response_to=prp.message_id,
feed_name=prp.collection.name,
inclusive_begin_timestamp_label=ietl,
inclusive_end_timestamp_label=prp.inclusive_end_timestamp_label)
for content_block in content_blocks:
pr.content_blocks.append(content_block.to_content_block_10())
return pr