def test_pick_aliases(opencti_stix2: OpenCTIStix2) -> None: stix_object = {} assert opencti_stix2.pick_aliases(stix_object) is None stix_object["aliases"] = "alias" assert opencti_stix2.pick_aliases(stix_object) == "alias" stix_object["x_amitt_aliases"] = "amitt_alias" assert opencti_stix2.pick_aliases(stix_object) == "amitt_alias" stix_object["x_mitre_aliases"] = "mitre_alias" assert opencti_stix2.pick_aliases(stix_object) == "mitre_alias" stix_object["x_opencti_aliases"] = "opencti_alias" assert opencti_stix2.pick_aliases(stix_object) == "opencti_alias"
def __init__(self, url, token, log_level="info", ssl_verify=False): """Constructor method """ # Check configuration self.ssl_verify = ssl_verify if url is None or len(token) == 0: raise ValueError("Url configuration must be configured") if token is None or len(token) == 0 or token == "ChangeMe": raise ValueError( "Token configuration must be the same as APP__ADMIN__TOKEN") # Configure logger self.log_level = log_level numeric_level = getattr(logging, self.log_level.upper(), None) if not isinstance(numeric_level, int): raise ValueError("Invalid log level: " + self.log_level) logging.basicConfig(level=numeric_level) # Define API self.api_token = token self.api_url = url + "/graphql" self.request_headers = {"Authorization": "Bearer " + token} # Define the dependencies self.job = OpenCTIApiJob(self) self.connector = OpenCTIApiConnector(self) self.stix2 = OpenCTIStix2(self) # Define the entities self.tag = Tag(self) self.marking_definition = MarkingDefinition(self) self.external_reference = ExternalReference(self) self.kill_chain_phase = KillChainPhase(self) self.stix_entity = StixEntity(self) self.stix_domain_entity = StixDomainEntity(self, File) self.stix_observable = StixObservable(self) self.stix_relation = StixRelation(self) self.stix_sighting = StixSighting(self) self.stix_observable_relation = StixObservableRelation(self) self.identity = Identity(self) self.threat_actor = ThreatActor(self) self.intrusion_set = IntrusionSet(self) self.campaign = Campaign(self) self.incident = Incident(self) self.malware = Malware(self) self.tool = Tool(self) self.vulnerability = Vulnerability(self) self.attack_pattern = AttackPattern(self) self.course_of_action = CourseOfAction(self) self.report = Report(self) self.note = Note(self) self.opinion = Opinion(self) self.indicator = Indicator(self) # Check if openCTI is available if not self.health_check(): raise ValueError( "OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..." )
def __init__(self, url, token, log_level="info", ssl_verify=False, proxies={}): """Constructor method""" # Check configuration # 校验一下配置 self.ssl_verify = ssl_verify self.proxies = proxies if url is None or len(token) == 0: raise ValueError("Url configuration must be configured") if token is None or len(token) == 0 or token == "ChangeMe": raise ValueError( "Token configuration must be the same as APP__ADMIN__TOKEN") # Configure logger # 设置日志等级 self.log_level = log_level numeric_level = getattr(logging, self.log_level.upper(), None) if not isinstance(numeric_level, int): raise ValueError("Invalid log level: " + self.log_level) logging.basicConfig(level=numeric_level) # Define API # 定义api self.api_token = token self.api_url = url + "/graphql" self.request_headers = {"Authorization": "Bearer " + token} # Define the dependencies # 定义工作器、连接器、规范 self.work = OpenCTIApiWork(self) self.connector = OpenCTIApiConnector(self) self.stix2 = OpenCTIStix2(self) # Define the entities # 定义一些实体 self.label = Label(self) self.marking_definition = MarkingDefinition(self) self.external_reference = ExternalReference(self) self.kill_chain_phase = KillChainPhase(self) self.opencti_stix_object_or_stix_relationship = StixObjectOrStixRelationship( self) self.stix_domain_object = StixDomainObject(self, File) self.stix_cyber_observable = StixCyberObservable(self, File) self.stix_core_relationship = StixCoreRelationship(self) self.stix_sighting_relationship = StixSightingRelationship(self) self.stix_cyber_observable_relationship = StixCyberObservableRelationship( self) self.identity = Identity(self) self.location = Location(self) self.threat_actor = ThreatActor(self) self.intrusion_set = IntrusionSet(self) self.infrastructure = Infrastructure(self) self.campaign = Campaign(self) self.x_opencti_incident = XOpenCTIIncident(self) self.malware = Malware(self) self.tool = Tool(self) self.vulnerability = Vulnerability(self) self.attack_pattern = AttackPattern(self) self.course_of_action = CourseOfAction(self) self.report = Report(self) self.note = Note(self) self.observed_data = ObservedData(self) self.opinion = Opinion(self) self.indicator = Indicator(self) # Check if openCTI is available # 做一下心跳检测 if not self.health_check(): raise ValueError( "OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..." )
def test_import_bundle_from_file(opencti_stix2: OpenCTIStix2, caplog) -> None: opencti_stix2.import_bundle_from_file("foo.txt") for record in caplog.records: assert record.levelname == "ERROR" assert "The bundle file does not exists" in caplog.text
def test_filter_objects(opencti_stix2: OpenCTIStix2): objects = [{"id": "123"}, {"id": "124"}, {"id": "125"}, {"id": "126"}] result = opencti_stix2.filter_objects(["123", "124", "126"], objects) assert len(result) == 1 assert "126" not in result
def opencti_stix2(api_client): return OpenCTIStix2(api_client)
def test_format_date_with_tz(opencti_stix2: OpenCTIStix2): # Test all 4 format_date cases with timestamp + timezone my_datetime = datetime.datetime(2021, 3, 5, 13, 31, 19, 42621, tzinfo=datetime.timezone.utc) my_datetime_str = my_datetime.isoformat(timespec="milliseconds").replace( "+00:00", "Z") assert my_datetime_str == opencti_stix2.format_date(my_datetime) my_date = my_datetime.date() my_date_str = "2021-03-05T00:00:00.000Z" assert my_date_str == opencti_stix2.format_date(my_date) assert my_datetime_str == opencti_stix2.format_date(my_datetime_str) assert (str( datetime.datetime.now(tz=datetime.timezone.utc).isoformat( timespec="seconds").replace("+00:00", "")) in opencti_stix2.format_date()) with pytest.raises(ValueError): opencti_stix2.format_date("No time") # Test all 4 format_date cases with timestamp w/o timezone my_datetime = datetime.datetime(2021, 3, 5, 13, 31, 19, 42621) my_datetime_str = (my_datetime.replace( tzinfo=datetime.timezone.utc).isoformat( timespec="milliseconds").replace("+00:00", "Z")) assert my_datetime_str == opencti_stix2.format_date(my_datetime) my_date = my_datetime.date() my_date_str = "2021-03-05T00:00:00.000Z" assert my_date_str == opencti_stix2.format_date(my_date) assert my_datetime_str == opencti_stix2.format_date(my_datetime_str) assert (str( datetime.datetime.now(tz=datetime.timezone.utc).isoformat( timespec="seconds").replace("+00:00", "")) in opencti_stix2.format_date()) with pytest.raises(ValueError): opencti_stix2.format_date("No time")
def test_convert_markdown_typo(opencti_stix2: OpenCTIStix2): result = opencti_stix2.convert_markdown( " my <code is very </special> </code> to me") assert " my <code is very </special> ` to me" == result
def test_unknown_type(opencti_stix2: OpenCTIStix2, caplog): opencti_stix2.unknown_type({"type": "foo"}) for record in caplog.records: assert record.levelname == "ERROR" assert 'Unknown object type "foo", doing nothing...' in caplog.text
def __init__( self, url, token, log_level="info", ssl_verify=False, proxies=None, json_logging=False, ): """Constructor method""" # Check configuration self.ssl_verify = ssl_verify self.proxies = proxies if url is None or len(url) == 0: raise ValueError("An URL must be set") if token is None or len(token) == 0 or token == "ChangeMe": raise ValueError("A TOKEN must be set") # Configure logger self.log_level = log_level numeric_level = getattr(logging, self.log_level.upper(), None) if not isinstance(numeric_level, int): raise ValueError("Invalid log level: " + self.log_level) if json_logging: log_handler = logging.StreamHandler() log_handler.setLevel(self.log_level.upper()) formatter = CustomJsonFormatter( "%(timestamp)s %(level)s %(name)s %(message)s") log_handler.setFormatter(formatter) logging.basicConfig(handlers=[log_handler], level=numeric_level, force=True) else: logging.basicConfig(level=numeric_level) # Define API self.api_token = token self.api_url = url + "/graphql" self.request_headers = {"Authorization": "Bearer " + token} self.session = requests.session() # Define the dependencies self.work = OpenCTIApiWork(self) self.connector = OpenCTIApiConnector(self) self.stix2 = OpenCTIStix2(self) # Define the entities self.label = Label(self) self.marking_definition = MarkingDefinition(self) self.external_reference = ExternalReference(self, File) self.kill_chain_phase = KillChainPhase(self) self.opencti_stix_object_or_stix_relationship = StixObjectOrStixRelationship( self) self.stix = Stix(self) self.stix_domain_object = StixDomainObject(self, File) self.stix_core_object = StixCoreObject(self, File) self.stix_cyber_observable = StixCyberObservable(self, File) self.stix_core_relationship = StixCoreRelationship(self) self.stix_sighting_relationship = StixSightingRelationship(self) self.stix_cyber_observable_relationship = StixCyberObservableRelationship( self) self.identity = Identity(self) self.location = Location(self) self.threat_actor = ThreatActor(self) self.intrusion_set = IntrusionSet(self) self.infrastructure = Infrastructure(self) self.campaign = Campaign(self) self.incident = Incident(self) self.malware = Malware(self) self.tool = Tool(self) self.vulnerability = Vulnerability(self) self.attack_pattern = AttackPattern(self) self.course_of_action = CourseOfAction(self) self.report = Report(self) self.note = Note(self) self.observed_data = ObservedData(self) self.opinion = Opinion(self) self.indicator = Indicator(self) # Check if openCTI is available if not self.health_check(): raise ValueError( "OpenCTI API is not reachable. Waiting for OpenCTI API to start or check your configuration..." )