def test_filesystem_sink_add_objects_list(fs_sink, fs_source): # add list of objects camp6 = stix2.v20.Campaign( name="Comanche", objective= "US Midwest manufacturing firms, oil refineries, and businesses", aliases=["Horse Warrior"], ) camp7 = { "name": "Napolean", "type": "campaign", "objective": "Central and Eastern Europe military commands and departments", "aliases": ["The Frenchmen"], "id": "campaign--122818b6-1112-4fb0-b11b-b111107ca70a", "created": "2017-05-31T21:31:53.197755Z", "modified": "2017-05-31T21:31:53.197755Z", } fs_sink.add([camp6, camp7]) camp7obj = stix2.parse(camp7) camp6filepath = os.path.join( FS_PATH, "campaign", camp6.id, _timestamp2filename(camp6["modified"]) + ".json", ) camp7filepath = os.path.join( FS_PATH, "campaign", "campaign--122818b6-1112-4fb0-b11b-b111107ca70a", _timestamp2filename(camp7obj["modified"]) + ".json", ) assert os.path.exists(camp6filepath) assert os.path.exists(camp7filepath) camp6_r = fs_source.get(camp6.id) assert camp6_r.id == camp6.id assert "Horse Warrior" in camp6_r.aliases camp7_r = fs_source.get(camp7["id"]) assert camp7_r.id == camp7["id"] assert "The Frenchmen" in camp7_r.aliases # remove all added objects os.remove(camp6filepath) os.remove(camp7filepath)
def rel_fs_store(): cam = stix2.v21.Campaign(id=CAMPAIGN_ID, **CAMPAIGN_KWARGS) idy = stix2.v21.Identity(id=IDENTITY_ID, **IDENTITY_KWARGS) ind = stix2.v21.Indicator(id=INDICATOR_ID, **INDICATOR_KWARGS) mal = stix2.v21.Malware(id=MALWARE_ID, **MALWARE_KWARGS) rel1 = stix2.v21.Relationship(ind, 'indicates', mal, id=RELATIONSHIP_IDS[0]) rel2 = stix2.v21.Relationship(mal, 'targets', idy, id=RELATIONSHIP_IDS[1]) rel3 = stix2.v21.Relationship(cam, 'uses', mal, id=RELATIONSHIP_IDS[2]) stix_objs = [cam, idy, ind, mal, rel1, rel2, rel3] fs = stix2.FileSystemStore(FS_PATH) for o in stix_objs: fs.add(o) yield fs for o in stix_objs: filepath = os.path.join( FS_PATH, o.type, o.id, _timestamp2filename(o.modified) + '.json', ) # Some test-scoped fixtures (e.g. fs_store) delete all campaigns, so by # the time this module-scoped fixture tears itself down, it may find # its campaigns already gone, which causes not-found errors. try: os.remove(filepath) except OSError as e: # 3 is the ERROR_PATH_NOT_FOUND windows error code. Which has an # errno symbolic value, but not the windows meaning... if e.errno in (errno.ENOENT, 3): continue raise
def test_filesystem_sink_json_stix_bundle(fs_sink, fs_source): # add json-encoded stix bundle bund2 = '{"type": "bundle", "id": "bundle--3d267103-8475-4d8f-b321-35ec6eccfa37",' \ ' "spec_version": "2.0", "objects": [{"type": "campaign", "id": "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b",' \ ' "created":"2017-05-31T21:31:53.197755Z",'\ ' "modified":"2017-05-31T21:31:53.197755Z",'\ ' "name": "Spartacus", "objective": "Oppressive regimes of Africa and Middle East"}]}' fs_sink.add(bund2) bund2obj = stix2.parse(bund2) camp_obj = bund2obj["objects"][0] filepath = os.path.join( FS_PATH, "campaign", "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b", _timestamp2filename(camp_obj["modified"]) + ".json", ) assert os.path.exists(filepath) camp5_r = fs_source.get("campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b") assert camp5_r.id == "campaign--2c03b8bf-82ee-433e-9918-ca2cb6e9534b" assert camp5_r.name == "Spartacus" os.remove(filepath)
def test_filesystem_sink_add_stix_bundle_dict(fs_sink, fs_source): # add stix bundle dict bund = { "type": "bundle", "id": "bundle--040ae5ec-2e91-4e94-b075-bc8b368e8ca3", "objects": [ { "name": "Atilla", "type": "campaign", "objective": "Bulgarian, Albanian and Romanian Intelligence Services", "aliases": ["Huns"], "id": "campaign--b8f86161-ccae-49de-973a-4ca320c62478", "created": "2017-05-31T21:31:53.197755Z", "modified": "2017-05-31T21:31:53.197755Z", }, ], } fs_sink.add(bund) camp_obj = stix2.parse(bund["objects"][0]) filepath = os.path.join( FS_PATH, "campaign", camp_obj["id"], _timestamp2filename(camp_obj["modified"]) + ".json", ) assert os.path.exists(filepath) camp3_r = fs_source.get(bund["objects"][0]["id"]) assert camp3_r.id == bund["objects"][0]["id"] assert camp3_r.name == bund["objects"][0]["name"] assert "Huns" in camp3_r.aliases os.remove(filepath)
def test_filesystem_sink_add_stix_object_dict(fs_sink, fs_source): # add stix object dict camp2 = { "name": "Aurelius", "type": "campaign", "objective": "German and French Intelligence Services", "aliases": ["Purple Robes"], "id": "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f", "created": "2017-05-31T21:31:53.197755Z", "modified": "2017-05-31T21:31:53.197755Z", } fs_sink.add(camp2) # Need to get the exact "modified" timestamp which would have been # in effect at the time the object was saved to the sink, which determines # the filename it would have been saved as. It may not be exactly the same # as what's in the dict, since the parsing process can enforce a precision # constraint (e.g. truncate to milliseconds), which results in a slightly # different name. camp2obj = stix2.parse(camp2) filepath = os.path.join( FS_PATH, "campaign", camp2obj["id"], _timestamp2filename(camp2obj["modified"]) + ".json", ) assert os.path.exists(filepath) camp2_r = fs_source.get(camp2["id"]) assert camp2_r.id == camp2["id"] assert camp2_r.name == camp2["name"] assert "Purple Robes" in camp2_r.aliases os.remove(filepath)
def test_filesystem_store_add_as_bundle(): fs_store = stix2.FileSystemStore(FS_PATH, bundlify=True) camp1 = stix2.v20.Campaign( name="Great Heathen Army", objective= "Targeting the government of United Kingdom and insitutions affiliated with the Church Of England", aliases=["Ragnar"], ) fs_store.add(camp1) filepath = os.path.join( FS_PATH, "campaign", camp1.id, _timestamp2filename(camp1.modified) + ".json", ) with open(filepath) as bundle_file: assert '"type": "bundle"' in bundle_file.read() camp1_r = fs_store.get(camp1.id) assert camp1_r.id == camp1.id assert camp1_r.name == camp1.name shutil.rmtree(os.path.join(FS_PATH, "campaign"), True)
def test_timestamp2filename_tz(): # one hour west of UTC (i.e. an hour earlier) tz = pytz.FixedOffset(-60) dt = datetime.datetime(2010, 6, 15, 7, 30, 10, 1234, tz) filename = _timestamp2filename(dt) assert filename == "20100615083010001234"
def test_filesystem_attempt_stix_file_overwrite(fs_store): # add python stix object camp8 = stix2.v20.Campaign( name="George Washington", objective="Create an awesome country", aliases=["Georgey"], ) fs_store.add(camp8) camp8_r = fs_store.get(camp8.id) assert camp8_r.id == camp8_r.id assert camp8_r.name == camp8.name filepath = os.path.join( FS_PATH, "campaign", camp8_r.id, _timestamp2filename(camp8_r.modified) + ".json", ) # Now attempt to overwrite the existing file with pytest.raises(DataSourceError): fs_store.add(camp8) os.remove(filepath)
def test_timestamp2filename_naive(): dt = datetime.datetime( 2010, 6, 15, 8, 30, 10, 1234, ) filename = _timestamp2filename(dt) assert filename == "20100615083010001234"
def test_filesystem_store_add(fs_store): # add() camp1 = Campaign( name="Great Heathen Army", objective= "Targeting the government of United Kingdom and insitutions affiliated with the Church Of England", aliases=["Ragnar"]) fs_store.add(camp1) camp1_r = fs_store.get(camp1.id) assert camp1_r.id == camp1.id assert camp1_r.name == camp1.name filepath = os.path.join(FS_PATH, "campaign", camp1_r.id, _timestamp2filename(camp1_r.modified) + ".json") # remove os.remove(filepath)
def test_filesystem_sink_add_python_stix_object(fs_sink, fs_source): # add python stix object camp1 = Campaign( name="Hannibal", objective="Targeting Italian and Spanish Diplomat internet accounts", aliases=["War Elephant"]) fs_sink.add(camp1) filepath = os.path.join(FS_PATH, "campaign", camp1.id, _timestamp2filename(camp1.modified) + ".json") assert os.path.exists(filepath) camp1_r = fs_source.get(camp1.id) assert camp1_r.id == camp1.id assert camp1_r.name == "Hannibal" assert "War Elephant" in camp1_r.aliases os.remove(filepath)
def test_filesystem_sink_add_json_stix_object(fs_sink, fs_source): # add json-encoded stix obj camp4 = '{"type": "campaign", "id":"campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d",'\ ' "created":"2017-05-31T21:31:53.197755Z",'\ ' "modified":"2017-05-31T21:31:53.197755Z",'\ ' "name": "Ghengis Khan", "objective": "China and Russian infrastructure"}' fs_sink.add(camp4) camp4obj = parse(camp4) filepath = os.path.join( FS_PATH, "campaign", "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d", _timestamp2filename(camp4obj["modified"]) + ".json") assert os.path.exists(filepath) camp4_r = fs_source.get("campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d") assert camp4_r.id == "campaign--6a6ca372-ba07-42cc-81ef-9840fc1f963d" assert camp4_r.name == "Ghengis Khan" os.remove(filepath)