def elevate_string(string): warn( "Results produced by the stix2-elevator are not for production purposes.", 201) clear_id_mapping() clear_pattern_mapping() validator_options = get_validator_options() try: output.set_level(validator_options.verbose) io = StringIO(string) stix_package = EntityParser().parse_xml(io) if not isinstance(stix_package, STIXPackage): raise TypeError("Must be an instance of stix.core.STIXPackage") setup_logger(stix_package.id_) json_string = json.dumps(convert_package( stix_package, get_option_value("package_created_by_id"), get_option_value("default_timestamp")), indent=4, separators=(',', ': '), sort_keys=True) validation_results = validate_string(json_string, validator_options) output.print_results(validation_results) return json_string except ValidationError as ex: output.error("Validation error occurred: '%s'" % ex, codes.EXIT_VALIDATION_ERROR) except OSError as ex: log.error(ex, extra={"ecode": 210})
def elevate_string(string): global MESSAGES_GENERATED clear_id_mapping() clear_1x_markings_map() clear_pattern_cache() clear_object_id_mapping() clear_observable_mappings() cybox.utils.caches.cache_clear() MESSAGES_GENERATED = False validator_options = get_validator_options() try: output.set_level(validator_options.verbose) output.set_silent(validator_options.silent) io = StringIO(string) container = stixmarx.parse(io) stix_package = container.package set_option_value("marking_container", container) if not isinstance(stix_package, STIXPackage): raise TypeError("Must be an instance of stix.core.STIXPackage") setup_logger(stix_package.id_) warn( "Results produced by the stix2-elevator are not for production purposes.", 201) if get_option_value("default_timestamp"): timestamp = datetime.strptime( get_option_value("default_timestamp"), "%Y-%m-%dT%H:%M:%S.%fZ"), else: timestamp = None env = Environment(get_option_value("package_created_by_id"), timestamp) json_string = json.dumps(convert_package(stix_package, env), ensure_ascii=False, indent=4, separators=(',', ': '), sort_keys=True) validation_results = validate_stix2_string(json_string, validator_options) output.print_results([validation_results]) if get_option_value("policy") == "no_policy": return json_string else: if not MESSAGES_GENERATED and validation_results._is_valid: return json_string else: return None except ValidationError as ex: output.error("Validation error occurred: '%s'" % ex, codes.EXIT_VALIDATION_ERROR) except OSError as ex: log.error(ex)
def elevate_file(fn): # TODO: combine elevate_file, elevate_string and elevate_package warnings.warn( "This method is deprecated and will be removed in the next major release. Please use elevate() instead.", DeprecationWarning) global MESSAGES_GENERATED MESSAGES_GENERATED = False print( "Results produced by the stix2-elevator are not for production purposes." ) clear_globals() validator_options = get_validator_options() try: output.set_level(validator_options.verbose) output.set_silent(validator_options.silent) if os.path.isfile(fn) is False: raise IOError("The file '{}' was not found.".format(fn)) container = stixmarx.parse(fn) stix_package = container.package set_option_value("marking_container", container) if not isinstance(stix_package, STIXPackage): raise TypeError("Must be an instance of stix.core.STIXPackage") setup_logger(stix_package.id_) warn( "Results produced by the stix2-elevator may generate warning messages which should be investigated.", 201) env = Environment(get_option_value("package_created_by_id")) json_string = json.dumps(convert_package(stix_package, env), ensure_ascii=False, indent=4, separators=(',', ': '), sort_keys=True) validation_results = validate_stix2_string(json_string, validator_options, fn) output.print_results([validation_results]) if get_option_value("policy") == "no_policy": return json_string else: if not MESSAGES_GENERATED and validation_results._is_valid: return json_string else: return None except ValidationError as ex: output.error("Validation error occurred: '{}'".format(ex)) output.error("Error Code: {}".format(codes.EXIT_VALIDATION_ERROR)) except (OSError, IOError, lxml.etree.Error) as ex: log.error("Error occurred: %s", ex)
def elevate_file(fn): # TODO: combine elevate_file, elevate_string and elevate_package global MESSAGES_GENERATED print( "Results produced by the stix2-elevator are not for production purposes." ) clear_id_mapping() clear_1x_markings_map() clear_pattern_cache() clear_object_id_mapping() clear_observable_mappings() MESSAGES_GENERATED = False validator_options = get_validator_options() try: output.set_level(validator_options.verbose) output.set_silent(validator_options.silent) container = stixmarx.parse(fn) stix_package = container.package set_option_value("marking_container", container) if not isinstance(stix_package, STIXPackage): raise TypeError("Must be an instance of stix.core.STIXPackage") setup_logger(stix_package.id_) warn( "Results produced by the stix2-elevator are not for production purposes.", 201) json_string = json.dumps(convert_package( stix_package, get_option_value("package_created_by_id"), get_option_value("default_timestamp")), indent=4, separators=(',', ': '), sort_keys=True) if get_option_value("policy") == "no_policy": return json_string else: validation_results = validate_string(json_string, validator_options) output.print_results(validation_results) if not MESSAGES_GENERATED and validation_results._is_valid: return json_string else: return None except ValidationError as ex: output.error("Validation error occurred: '%s'" % ex, codes.EXIT_VALIDATION_ERROR) except OSError as ex: log.error(ex)
def elevate_package(package): warn( "WARNING: Results produced by the stix-elevator are not for production purposes." ) clear_id_mapping() clear_pattern_mapping() if isinstance(package, STIXPackage): json_string = json.dumps(convert_package(package), indent=4, separators=(',', ': '), sort_keys=True) validation_results = validate_string(json_string, ValidationOptions()) print_results(validation_results) return json_string else: raise TypeError("Must be an instance of stix.core.STIXPackage")
def elevate(stix_package): global MESSAGES_GENERATED MESSAGES_GENERATED = False print("Results produced by the stix2-elevator are not for production purposes.") clear_globals() fn = None validator_options = get_validator_options() output.set_level(validator_options.verbose) output.set_silent(validator_options.silent) try: if isinstance(stix_package, MarkingContainer): # No need to re-parse the MarkingContainer. container = stix_package elif isinstance(stix_package, STIXPackage): io = BytesIO(stix_package.to_xml()) container = stixmarx.parse(io) elif isinstance(stix_package, text_type): if stix_package.endswith(".xml") or os.path.isfile(stix_package): # a path-like string was passed fn = stix_package if os.path.exists(fn) is False: raise IOError("The file '{}' was not found.".format(fn)) else: stix_package = StringIO(stix_package) container = stixmarx.parse(stix_package) elif isinstance(stix_package, binary_type): if stix_package.endswith(b".xml") or os.path.isfile(stix_package): # a path-like string was passed fn = stix_package if os.path.exists(fn) is False: raise IOError("The file '{}' was not found.".format(fn)) else: stix_package = BytesIO(stix_package) container = stixmarx.parse(stix_package) else: raise RuntimeError("Unable to resolve object {} of type {}".format(stix_package, type(stix_package))) container_package = container.package set_option_value("marking_container", container) if not isinstance(container_package, STIXPackage): raise TypeError("Must be an instance of stix.core.STIXPackage") except (OSError, IOError, lxml.etree.Error) as ex: log.error("Error occurred: %s", ex) # log.exception(ex) return None try: setup_logger(container_package.id_) warn("Results produced by the stix2-elevator may generate warning messages which should be investigated.", 201) env = Environment(get_option_value("package_created_by_id")) json_string = json.dumps( convert_package(container_package, env), ensure_ascii=False, indent=4, separators=(',', ': '), sort_keys=True ) bundle_id = re.findall( r"bundle--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}", json_string ) validation_results = validate_stix2_string(json_string, validator_options, fn or bundle_id[0]) output.print_results([validation_results]) if get_option_value("policy") == "no_policy": return json_string else: if not MESSAGES_GENERATED and validation_results._is_valid: return json_string except ValidationError as ex: output.error("Validation error occurred: '{}'".format(ex)) output.error("Error Code: {}".format(codes.EXIT_VALIDATION_ERROR))
def transform(self, obj): """ Transforms the given object in to a STIX observation based on the mapping file and transform functions :param obj: the datasource object that is being converted to stix :return: the input object converted to stix valid json """ object_map = {} stix_type = 'observed-data' ds_map = self.ds_to_stix_map transformers = self.transformers observation = { 'id': stix_type + '--' + str(uuid.uuid4()), 'type': stix_type, 'created_by_ref': self.identity_id, 'objects': {} } # create normal type objects for ds_key in obj: if ds_key not in ds_map: logging.debug( '{} is not found in map, skipping'.format(ds_key)) continue # get the stix keys that are mapped ds_key_def_obj = self.ds_to_stix_map[ds_key] ds_key_def_list = ds_key_def_obj if isinstance( ds_key_def_obj, list) else [ds_key_def_obj] for ds_key_def in ds_key_def_list: if ds_key_def is None or 'key' not in ds_key_def: logging.debug( '{} is not valid (None, or missing key)'.format( ds_key_def)) continue key_to_add = ds_key_def['key'] transformer = transformers[ds_key_def[ 'transformer']] if 'transformer' in ds_key_def else None if ds_key_def.get('cybox', self.cybox_default): object_name = ds_key_def.get('object') if 'references' in ds_key_def: stix_value = object_map[ds_key_def['references']] else: stix_value = DataSourceObjToStixObj._get_value( obj, ds_key, transformer) if not DataSourceObjToStixObj._valid_stix_value( self.properties, key_to_add, stix_value): continue DataSourceObjToStixObj._handle_cybox_key_def( key_to_add, observation, stix_value, object_map, object_name) else: stix_value = DataSourceObjToStixObj._get_value( obj, ds_key, transformer) if not DataSourceObjToStixObj._valid_stix_value( self.properties, key_to_add, stix_value): continue DataSourceObjToStixObj._add_property( observation, key_to_add, stix_value) # Validate each STIX object if self.stix_validator: validated_result = validate_instance(observation) print_results(validated_result) return observation