def build_payload_artifact(self, packet):
"""
:type packet: Packet
"""
layers = self.get_layers(packet)[1]
if 'data' in layers:
payload_bin = packet.data.get_field('tcp_reassembled_data')
elif 'tcp' in layers:
# payload_bin = packet.tcp.get_field('segment_data')
payload_bin = packet.tcp.get_field('payload')
# layers['tcp'].get_field('payload')
elif 'udp' in layers:
# print(layers['udp'])
payload_bin = packet.udp.get_field('payload')
else:
payload_bin = None
if payload_bin is not None:
payload_bin = base64.b64encode(
bytes([int(x, 16) for x in payload_bin.split(':')]))
mime_type = 'text/plain'
artifact = stix2.Artifact(payload_bin=payload_bin,
mime_type=mime_type)
# print(artifact)
return artifact
else:
return None
def test_artifact_example_dependency_error():
with pytest.raises(stix2.exceptions.DependentPropertiesError) as excinfo:
stix2.Artifact(url="http://example.com/sirvizio.exe")
assert excinfo.value.dependencies == [("hashes", "url")]
assert str(
excinfo.value
) == "The property dependencies for Artifact: (hashes, url) are not met."
def test_artifact_example():
art = stix2.Artifact(
mime_type="image/jpeg",
url=
"https://upload.wikimedia.org/wikipedia/commons/b/b4/JPEG_example_JPG_RIP_100.jpg",
hashes={"MD5": "6826f9a05da08134006557758bb3afbb"})
assert art.mime_type == "image/jpeg"
assert art.url == "https://upload.wikimedia.org/wikipedia/commons/b/b4/JPEG_example_JPG_RIP_100.jpg"
assert art.hashes["MD5"] == "6826f9a05da08134006557758bb3afbb"
def test_artifact_mutual_exclusion_error():
with pytest.raises(
stix2.exceptions.MutuallyExclusivePropertiesError) as excinfo:
stix2.Artifact(
mime_type="image/jpeg",
url=
"https://upload.wikimedia.org/wikipedia/commons/b/b4/JPEG_example_JPG_RIP_100.jpg",
hashes={"MD5": "6826f9a05da08134006557758bb3afbb"},
payload_bin="VBORw0KGgoAAAANSUhEUgAAADI==")
assert excinfo.value.cls == stix2.Artifact
assert excinfo.value.properties == ["payload_bin", "url"]
assert 'are mutually exclusive' in str(excinfo.value)