def __validate_observables(observables):
validation_results = {}
dummy_id = 1
for observable in observables:
id_ = observable.get('id')
object_type = observable.get('objectType')
if not id_:
# No id, so we can safely assume this is something from the builder...
observable_properties = ObservableStructureConverter.builder_to_simple(
object_type, observable)
validation_info = ObservableValidator.validate(
**observable_properties)
validation_results[
'Observable ' +
str(dummy_id)] = validation_info.validation_dict
else:
namespace_validation = NamespaceValidationInfo.validate(
r'obs', id_)
if namespace_validation.is_local():
real_observable = EdgeObject.load(id_)
as_package, _ = real_observable.capsulize('temp')
validation_info = PackageValidationInfo.validate(
as_package)
validation_results.update(validation_info.validation_dict)
else:
validation_results.update(
{id_: namespace_validation.validation_dict})
dummy_id += 1
return validation_results
def __validate_incidents(incidents, stix_header):
all_incidents_validation = {}
for incident in incidents:
id_ = incident['id']
incident_validation = ObjectValidationInfo()
incident_validation.extend(
CommonValidationInfo.validate(item=incident,
package_dict=stix_header))
namespace_validation = NamespaceValidationInfo.validate(
r'inc', id_)
if namespace_validation.is_local():
other_properties = OtherStructureConverter.package_to_simple(
incident, stix_header)
if len(other_properties.get('external_ids', [])):
field_validation = {
'external_ids': {
'status':
ValidationStatus.WARN,
'message':
r'External IDs exist within an Incident in the package'
}
}
incident_validation.validation_dict.update(
field_validation)
else:
incident_validation.extend(namespace_validation)
if incident_validation.validation_dict:
all_incidents_validation.update(
{id_: incident_validation.validation_dict})
return all_incidents_validation
def __validate_observables(observables, stix_header):
all_observables_validation = {}
for observable in observables:
if 'observable_composition' not in observable:
id_ = observable['id']
observable_validation = ObjectValidationInfo()
observable_validation.extend(
CommonValidationInfo.validate(item=observable,
package_dict=stix_header))
namespace_validation = NamespaceValidationInfo.validate(
r'obs', id_)
if namespace_validation.is_local():
properties = observable['object']['properties']
properties = ObservableStructureConverter.package_to_simple(
properties.get('xsi:type'), properties)
observable_validation.extend(
ObservableValidator.validate(
object_type=FieldAlias('xsi:type',
properties.get('xsi:type')),
description=observable.get('description'),
**properties))
else:
observable_validation.extend(namespace_validation)
if observable_validation.validation_dict:
all_observables_validation.update(
{id_: observable_validation.validation_dict})
return all_observables_validation
def __validate_indicators(indicators, stix_header):
indicator_validation = {}
for indicator in indicators:
id_ = indicator['id']
namespace_validation = NamespaceValidationInfo.validate(r'ind', id_)
if namespace_validation.is_local():
indicator_properties = IndicatorStructureConverter.package_to_simple(indicator, stix_header)
validation_results = IndicatorValidationInfo.validate(**indicator_properties)
if validation_results and validation_results.validation_dict:
indicator_validation.update({id_: validation_results.validation_dict})
else:
indicator_validation.update({id_: namespace_validation.validation_dict})
return indicator_validation
def __validate_other(other_objects, type_, stix_header):
other_validation = {}
for other_object in other_objects:
id_ = other_object['id']
namespace_validation = NamespaceValidationInfo.validate(type_, id_)
if namespace_validation.is_local():
other_properties = OtherStructureConverter.package_to_simple(other_object, stix_header)
validation_results = CommonValidationInfo.validate(**other_properties)
if validation_results and validation_results.validation_dict:
other_validation.update({id_: validation_results.validation_dict})
else:
other_validation.update({id_: namespace_validation.validation_dict})
return other_validation
def __validate_other(other_objects, type_, stix_header):
all_other_objects_validation = {}
for other_object in other_objects:
id_ = other_object['id']
other_object_validation = ObjectValidationInfo()
other_object_validation.extend(
CommonValidationInfo.validate(item=other_object,
package_dict=stix_header))
namespace_validation = NamespaceValidationInfo.validate(type_, id_)
if not namespace_validation.is_local():
other_object_validation.extend(namespace_validation)
if other_object_validation.validation_dict:
all_other_objects_validation.update(
{id_: other_object_validation.validation_dict})
return all_other_objects_validation
def __validate_observables(observables):
observable_validation = {}
for observable in observables:
if 'observable_composition' not in observable:
id_ = observable['id']
namespace_validation = NamespaceValidationInfo.validate(r'obs', id_)
if namespace_validation.is_local():
properties = observable['object']['properties']
properties = ObservableStructureConverter.package_to_simple(properties.get('xsi:type'), properties)
validation_results = ObservableValidator.validate(
object_type=FieldAlias('xsi:type', properties.get('xsi:type')),
description=observable.get('description'), **properties)
if validation_results and validation_results.validation_dict:
observable_validation.update({id_: validation_results.validation_dict})
else:
observable_validation.update({id_: namespace_validation.validation_dict})
return observable_validation
def __validate_incidents(incidents, stix_header):
incident_validation = {}
for incident in incidents:
id_ = incident['id']
namespace_validation = NamespaceValidationInfo.validate(r'inc', id_)
if namespace_validation.is_local():
other_properties = OtherStructureConverter.package_to_simple(incident, stix_header)
validation_results = CommonValidationInfo.validate(**other_properties)
if validation_results and validation_results.validation_dict:
incident_validation.update({id_: validation_results.validation_dict})
if len(other_properties.get('external_ids', [])):
field_validation = {'external_ids': FieldValidationInfo(
ValidationStatus.WARN,
r'External IDs exist within an Incident in the package')
}
incident_validation.update({id_: ObjectValidationInfo(**field_validation).validation_dict})
else:
incident_validation.update({id_: namespace_validation.validation_dict})
return incident_validation
def __validate_indicators(indicators, stix_header):
all_indicators_validation = {}
for indicator in indicators:
id_ = indicator['id']
indicator_validation = ObjectValidationInfo()
indicator_validation.extend(
CommonValidationInfo.validate(item=indicator,
package_dict=stix_header))
namespace_validation = NamespaceValidationInfo.validate(
r'ind', id_)
if namespace_validation.is_local():
indicator_properties = IndicatorStructureConverter.package_to_simple(
indicator, stix_header)
indicator_validation.extend(
IndicatorValidationInfo.validate(**indicator_properties))
else:
indicator_validation.extend(namespace_validation)
if indicator_validation.validation_dict:
all_indicators_validation.update(
{id_: indicator_validation.validation_dict})
return all_indicators_validation
def test_Validate_IfLocal_Pass(self):
namespace_validation_info = NamespaceValidationInfo.validate(None, 'BLAH:1234')
self.assertIsInstance(namespace_validation_info, NamespaceValidationInfo)
self.assertIsNone(namespace_validation_info.namespace)
def test_IsLocal_IfNotLocal_ReturnFalse(self):
namespace_validation_info = NamespaceValidationInfo.validate(None, 'NOT-BLAH:1234')
self.assertFalse(namespace_validation_info.is_local())
def test_IsLocal_IfLocal_ReturnTrue(self):
namespace_validation_info = NamespaceValidationInfo.validate(None, 'BLAH:1234')
self.assertTrue(namespace_validation_info.is_local())
def test_Validate_IfNotLocal_Warn(self):
namespace_validation_info = NamespaceValidationInfo.validate(None, 'NOT-BLAH:1234')
self.assertIsInstance(namespace_validation_info, NamespaceValidationInfo)
self.assertEqual(namespace_validation_info.namespace.status, ValidationStatus.WARN)