Beispiel #1
0
def test_multiple_qualifiers():
    exp_and = stix2.AndBooleanExpression([stix2.EqualityComparisonExpression("network-traffic:dst_ref.type",
                                                                             "domain-name"),
                                          stix2.EqualityComparisonExpression("network-traffic:dst_ref.value",
                                                                             "example.com")])
    exp_ob = stix2.ObservationExpression(exp_and)
    qual_rep = stix2.RepeatQualifier(5)
    qual_within = stix2.WithinQualifier(stix2.IntegerConstant(1800))
    exp = stix2.QualifiedObservationExpression(stix2.QualifiedObservationExpression(exp_ob, qual_rep), qual_within)
    assert str(exp) == "[network-traffic:dst_ref.type = 'domain-name' AND network-traffic:dst_ref.value = 'example.com'] REPEATS 5 TIMES WITHIN 1800 SECONDS"  # noqa
 def visitRepeatedQualifier(self, ctx):
     children = self.visitChildren(ctx)
     return stix2.RepeatQualifier(children[1])
def test_invalid_repeat_qualifier():
    with pytest.raises(ValueError):
        stix2.RepeatQualifier('foo')
def test_repeat_qualifier():
    qual = stix2.RepeatQualifier(stix2.IntegerConstant(5))
    assert str(qual) == 'REPEATS 5 TIMES'
Beispiel #5
0
def test_invalid_repeat_qualifier():
    with pytest.raises(ValueError) as excinfo:
        stix2.RepeatQualifier('foo')
    assert 'is not a valid argument for a Repeat Qualifier' in str(excinfo)
    def __generate_random_qualifier(self):
        """
        Generate a random qualifier AST object.

        :return: The qualifier object
        """
        qual_type = random.randrange(3)

        if qual_type == 0:
            repeat_count = random.randint(self.__config.min_repeat_count,
                                          self.__config.max_repeat_count)
            qualifier = stix2.RepeatQualifier(repeat_count)

        elif qual_type == 1:
            within_count = random.randint(self.__config.min_within_count,
                                          self.__config.max_within_count)
            qualifier = stix2.WithinQualifier(within_count)

        else:
            # Let's make the random timestamps near the current time
            # (within a year).
            dur1 = datetime.timedelta(microseconds=random.randrange(
                # 1 year
                1000000 * 60 * 60 * 24 * 365))

            dur2 = datetime.timedelta(microseconds=random.randrange(
                # 1 year
                1000000 * 60 * 60 * 24 * 365))

            if random.random() < 0.5:
                dur1 = -dur1

            if random.random() < 0.5:
                dur2 = -dur2

            now = datetime.datetime.utcnow()
            dt1 = now + dur1
            dt2 = now + dur2

            # Order them as start=dt1, stop=dt2
            if dt1 > dt2:
                dt1, dt2 = dt2, dt1

            elif dt1 == dt2:
                # in the remote chance we get the same timestamp for both,
                # just nudge one ahead...
                dt2 += datetime.timedelta(seconds=1)

            # STIX 2.0 requires string constants and millisecond precision
            # here...
            if self.__stix_version == "2.0":
                dt1_str = stix2.utils.format_datetime(
                    stix2.utils.STIXdatetime(dt1, precision="millisecond"))
                dt1 = stix2.patterns.StringConstant(dt1_str)

                dt2_str = stix2.utils.format_datetime(
                    stix2.utils.STIXdatetime(dt2, precision="millisecond"))
                dt2 = stix2.patterns.StringConstant(dt2_str)

            qualifier = stix2.StartStopQualifier(dt1, dt2)

        return qualifier