def test_istypeof(self):
a = "*****@*****.**"
addr1 = EmailAddress(a)
self.assertTrue(Address.istypeof(addr1))
self.assertTrue(EmailAddress.istypeof(addr1))
# Address with no category set
addr2 = Address(a)
self.assertTrue(Address.istypeof(addr2))
self.assertFalse(EmailAddress.istypeof(addr2))
# Even though the isinstance check fails, the istypeof check should
# succeed
addr2.category = Address.CAT_EMAIL
self.assertTrue(Address.istypeof(addr2))
self.assertTrue(EmailAddress.istypeof(addr2))
self.assertFalse(isinstance(addr2, EmailAddress))
# Address with category set to something other than CAT_EMAIL
addr2.category = Address.CAT_IPV4
self.assertTrue(Address.istypeof(addr2))
self.assertFalse(EmailAddress.istypeof(addr2))
def load_rule_obj(stix_object):
"""
Load stix object as data to load rule object
:param stix_object:
:return:
"""
rulelist = []
if stix_object.observables:
if stix_object.observables.observables:
for observ in stix_object.observables.observables:
if hasattr(observ.object_, 'properties'):
if Address.istypeof(observ.object_.properties):
if observ.object_.properties.category == 'ipv4-addr':
rule_ = rulegen.Rule()
rule_.load_address_obj(observ.object_.properties, observable_id_=observ.object_.id_)
rulelist.append(rule_)
# pass through properties if it's an address
return rulelist
def load_ruleobs_obs(ruleobs):
"""
Load RuleDataObs object into stix2snort rule gen.
:param ruleobs:
:return:
"""
observ = ruleobs.observable
indicator_id = ruleobs.indicator_id
rulelist = []
if hasattr(observ.object_, 'properties'):
if Address.istypeof(observ.object_.properties):
if observ.object_.properties.category == 'ipv4-addr':
rule_ = rulegen.Rule()
rule_.load_address_obj(observ.object_.properties, observable_id_=observ.id_, indicator_id_=indicator_id)
rule_._sid = next(_sid_counter)
rulelist.append(rule_)
if len(rulelist) > 0:
return rulelist
else:
return None
