def test_for_enum_has_value_functionality(): # Test if the has_value function works as intended assert StixCyberObservableTypes.has_value("url") is True assert StixCyberObservableTypes.has_value("LRU") is False assert LocationTypes.has_value("CITY") is True assert LocationTypes.has_value("YTIC") is False assert IdentityTypes.has_value("SECTOR") is True assert IdentityTypes.has_value("RECTOS") is False assert ContainerTypes.has_value("Note") is True assert ContainerTypes.has_value("ETON") is False
def _process_message(self, data): file_name = data["file_name"] export_scope = data["export_scope"] # single or list export_type = data["export_type"] # Simple or Full # max_marking = data["max_marking"] # TODO Implement marking restriction entity_type = data["entity_type"] if export_scope == "single": entity_id = data["entity_id"] self.helper.log_info("Exporting: " + entity_type + "/" + export_type + "(" + entity_id + ") to " + file_name) entity_data = self.helper.api.stix_domain_object.read(id=entity_id) entities_list = [] if "objectsIds" in entity_data: for id in entity_data["objectsIds"]: entity = self.helper.api.stix_domain_object.read(id=id) if entity is None: entity = self.helper.api.stix_cyber_observable.read( id=id) if entity is not None: del entity["objectLabelIds"] entities_list.append(entity) del entity_data["objectLabelIds"] del entity_data["objectsIds"] entities_list.append(entity_data) csv_data = self.export_dict_list_to_csv(entities_list) self.helper.log_info("Uploading: " + entity_type + "/" + export_type + "(" + entity_id + ") to " + file_name) self.helper.api.stix_domain_object.push_entity_export( entity_id, file_name, csv_data) self.helper.log_info("Export done: " + entity_type + "/" + export_type + "(" + entity_id + ") to " + file_name) else: list_params = data["list_params"] self.helper.log_info("Exporting list: " + entity_type + "/" + export_type + " to " + file_name) final_entity_type = entity_type if IdentityTypes.has_value(entity_type): if list_params["filters"] is not None: list_params["filters"].append({ "key": "entity_type", "values": [entity_type] }) else: list_params["filters"] = [{ "key": "entity_type", "values": [entity_type] }] final_entity_type = "Identity" if LocationTypes.has_value(entity_type): if list_params["filters"] is not None: list_params["filters"].append({ "key": "entity_type", "values": [entity_type] }) else: list_params["filters"] = [{ "key": "entity_type", "values": [entity_type] }] final_entity_type = "Location" if StixCyberObservableTypes.has_value(entity_type): if list_params["filters"] is not None: list_params["filters"].append({ "key": "entity_type", "values": [entity_type] }) else: list_params["filters"] = [{ "key": "entity_type", "values": [entity_type] }] final_entity_type = "Stix-Cyber-Observable" # List lister = { "Attack-Pattern": self.helper.api.attack_pattern.list, "Campaign": self.helper.api.campaign.list, "Note": self.helper.api.note.list, "Observed-Data": self.helper.api.observed_data.list, "Opinion": self.helper.api.opinion.list, "Report": self.helper.api.report.list, "Course-Of-Action": self.helper.api.course_of_action.list, "Identity": self.helper.api.identity.list, "Indicator": self.helper.api.indicator.list, "Infrastructure": self.helper.api.infrastructure.list, "Intrusion-Set": self.helper.api.intrusion_set.list, "Location": self.helper.api.location.list, "Malware": self.helper.api.malware.list, "Threat-Actor": self.helper.api.threat_actor.list, "Tool": self.helper.api.tool.list, "Vulnerability": self.helper.api.vulnerability.list, "X-OpenCTI-Incident": self.helper.api.x_opencti_incident.list, "Stix-Cyber-Observable": self.helper.api.stix_cyber_observable.list, } do_list = lister.get( final_entity_type, lambda **kwargs: self.helper. log_error('Unknown object type "' + final_entity_type + '", doing nothing...'), ) entities_list = do_list( search=list_params["search"], filters=list_params["filters"], orderBy=list_params["orderBy"], orderMode=list_params["orderMode"], types=list_params["types"] if "types" in list_params else None, getAll=True, ) csv_data = self.export_dict_list_to_csv(entities_list) self.helper.log_info("Uploading: " + entity_type + "/" + export_type + " to " + file_name) if entity_type != "Stix-Cyber-Observable": self.helper.api.stix_domain_object.push_list_export( entity_type, file_name, csv_data, json.dumps(list_params)) else: self.helper.api.stix_cyber_observable.push_list_export( file_name, csv_data, json.dumps(list_params)) self.helper.log_info("Export done: " + entity_type + "/" + export_type + " to " + file_name) return "Export done"