def test_reference_property_specific_type(): ref_prop = ReferenceProperty(valid_types="my-type", spec_version="2.1") with pytest.raises(ValueError): ref_prop.clean("not-my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf") assert ref_prop.clean("my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf") == \ "my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf"
def test_reference_property_blacklist_custom_type(): ref_prop = ReferenceProperty(invalid_types="my-type", spec_version="2.1") result = ref_prop.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(ValueError): ref_prop.clean("my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(ValueError): ref_prop.clean("my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) with pytest.raises(CustomContentError): # This is not the blacklisted type, but it's still custom, and # customization is disallowed here. ref_prop.clean("not-my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) result = ref_prop.clean("not-my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) assert result == ("not-my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
def test_reference_property(): ref_prop = ReferenceProperty(valid_types="my-type", spec_version="2.1") assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000") with pytest.raises(ValueError): ref_prop.clean("foo") # This is not a valid RFC 4122 UUID with pytest.raises(ValueError): ref_prop.clean("my-type--00000000-0000-0000-0000-000000000000")
class StixObservedData(_STIXBase): _type = 'observed-data' _properties = OrderedDict() _properties.update([ ('type', TypeProperty(_type)), ('id', IDProperty(_type)), ('created_by_ref', ReferenceProperty(type="device_ref")), ('created', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')), ('first_observed', TimestampProperty(required=True)), ('last_observed', TimestampProperty(required=True)), ('number_observed', IntegerProperty(required=True)), ('objects', ObservableProperty()), ('revoked', BooleanProperty()), ('labels', ListProperty(StringProperty)), ('external_references', ListProperty(ExternalReference)), ('object_marking_refs', ListProperty(ReferenceProperty(type="marking-definition"))), ('granular_markings', ListProperty(GranularMarking)), ('device_ref', DeviceProperty('device')) ])
def test_reference_property(): ref_prop = ReferenceProperty() assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000") with pytest.raises(ValueError): ref_prop.clean("foo") # This is not a valid V4 UUID with pytest.raises(ValueError): ref_prop.clean("my-type--00000000-0000-0000-0000-000000000000")
def test_reference_property(): ref_prop = ReferenceProperty() assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000") value = "my-type--00000000-0000-0000-0000-000000000000" assert ref_prop.clean(value) == value with pytest.raises(ValueError): ref_prop.clean("foo") # This is not a valid UUID with pytest.raises(ValueError): ref_prop.clean("my-type--1234-56789")
def test_reference_property_whitelist_hybrid_type(): p = ReferenceProperty(valid_types=["a", "SCO"], spec_version="2.0") result = p.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) result = p.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(CustomContentError): # although whitelisted, "a" is a custom type p.clean("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) result = p.clean("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) assert result == ("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) with pytest.raises(ValueError): p.clean("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) # should just assume "b" is a custom SCO type. result = p.clean("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) assert result == ("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
def test_reference_property_whitelist_standard_type(): ref_prop = ReferenceProperty(valid_types="identity", spec_version="2.1") result = ref_prop.clean( "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) assert result == ("identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(ValueError): ref_prop.clean("foo--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) with pytest.raises(ValueError): ref_prop.clean("foo--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)
def __init__(self, x_mitre_shortname=None, **kwargs): if x_mitre_shortname and x_mitre_shortname not in ["strategic-planning", "objective-planning", "develop-people", "develop-networks", "microtargeting", "develop-content", "channel-selection", "pump-priming", "exposure", "go-physical", "persistence", "measure-effectiveness"]: raise ValueError("'%s' is not a recognized AMITT Tactic." % x_mitre_shortname) @CustomObject('x-amitt-narrative', [ ('name', StringProperty(required=True)), ('description', StringProperty()), ('aliases', ListProperty(StringProperty)), ('first_seen', TimestampProperty()), ('last_seen', TimestampProperty()), ('objective', StringProperty()), ('external_references', ListProperty(ExternalReference)), ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.0'))), ('granular_markings', ListProperty(GranularMarking)) ]) class Narrative(object): def __init__(self, **kwargs): if True: pass @CustomObject('x-amitt-incident', [ ('name', StringProperty(required=True)), ('description', StringProperty()), ('aliases', ListProperty(StringProperty)), ('first_seen', TimestampProperty()), ('last_seen', TimestampProperty()), ('objective', StringProperty()), ('external_references', ListProperty(ExternalReference)),
return DomainName( value=properties.value, object_marking_refs=properties.object_markings, custom_properties=_get_custom_properties(properties), ) @CustomObservable( "x-opencti-hostname", [ ("value", StringProperty(required=True)), ("spec_version", StringProperty(fixed="2.1")), ( "object_marking_refs", ListProperty( ReferenceProperty(valid_types="marking-definition", spec_version="2.1")), ), ], ["value"], ) class Hostname: """Hostname observable.""" pass def create_observable_hostname(properties: ObservableProperties) -> Hostname: """Create an observable representing a hostname.""" return Hostname( value=properties.value, object_marking_refs=properties.object_markings,
from stix2.v21.bundle import Bundle from stix2.v21.sdo import Report, CustomObject, Vulnerability, ThreatActor, Indicator from stix2.v21.common import LanguageContent, GranularMarking from stip.common.stip_stix2 import _get_stip_identname # S-TIP オブジェクトに格納する固定値 STIP_IDENTITY_CLASS = 'organization' STIP_NAME = 'Fujitsu System Integration Laboratories.' # S-TIP SNS 用カスタムオブジェクト @CustomObject('x-stip-sns', [ ('post_type', StringProperty(required=True)), ('name', StringProperty(required=True)), ('description', StringProperty(required=True)), ('created_by_ref', ReferenceProperty(type='identity')), ('lang', StringProperty()), ('granular_markings', ListProperty(GranularMarking)), ]) class StipSns(object): pass # stix2_titles と stix2_contents から language_content の contents に格納する辞書を作成する def _get_language_contents(stix2_titles, stix2_contents): contents = {} for stix2_title in stix2_titles: language = stix2_title['language'] if language in contents: d = contents[language] d['name'] = stix2_title['title']
def test_reference_property_impossible_constraint(): with pytest.raises(ValueError): ReferenceProperty(valid_types=[], spec_version="2.0")
def test_reference_property_blacklist_generic_type(): ref_prop = ReferenceProperty( invalid_types=["SDO", "SRO"], spec_version="2.0", ) result = ref_prop.clean( "file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) result = ref_prop.clean( "file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, ) assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(CustomContentError): ref_prop.clean( "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) result = ref_prop.clean( "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, ) assert result == ("some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) with pytest.raises(ValueError): ref_prop.clean( "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) with pytest.raises(ValueError): ref_prop.clean( "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, ) with pytest.raises(ValueError): ref_prop.clean( "relationship--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) with pytest.raises(ValueError): ref_prop.clean( "relationship--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, )
def test_reference_property_blacklist_standard_type(): ref_prop = ReferenceProperty(invalid_types="identity", spec_version="2.0") result = ref_prop.clean( "malware--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) assert result == ("malware--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) result = ref_prop.clean( "malware--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, ) assert result == ("malware--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(CustomContentError): ref_prop.clean( "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) result = ref_prop.clean( "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, ) assert result == ("some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) with pytest.raises(ValueError): ref_prop.clean( "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) with pytest.raises(ValueError): ref_prop.clean( "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, )
def test_reference_property_whitelist_generic_type(): ref_prop = ReferenceProperty( valid_types=["SCO", "SRO"], spec_version="2.0", ) result = ref_prop.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) result = ref_prop.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) result = ref_prop.clean( "sighting--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False, ) assert result == ("sighting--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) result = ref_prop.clean( "sighting--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, ) assert result == ("sighting--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) # The prop assumes some-type is a custom type of one of the generic # type categories. result = ref_prop.clean( "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True, ) assert result == ("some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) with pytest.raises(ValueError): ref_prop.clean("some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(ValueError): ref_prop.clean("identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(ValueError): ref_prop.clean("identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
def test_reference_property_blacklist_hybrid_type(): p = ReferenceProperty(invalid_types=["a", "SCO"], spec_version="2.0") with pytest.raises(ValueError): p.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(ValueError): p.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) with pytest.raises(ValueError): p.clean("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) with pytest.raises(ValueError): p.clean("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) with pytest.raises(CustomContentError): p.clean("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False) # should just assume "b" is a custom type which is not an SCO result = p.clean("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True) assert result == ("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
def test_reference_property(): ref_prop = ReferenceProperty() assert ref_prop.clean("my-type--3a331bfe-0566-55e1-a4a0-9a2cd355a300") with pytest.raises(ValueError): ref_prop.clean("foo")
import stip.common.const as const from stix2.properties import StringProperty, ReferenceProperty, ListProperty, DictionaryProperty from stix2.v21.bundle import Bundle from stix2.v21.sdo import Report, CustomObject, Vulnerability, ThreatActor, Indicator, Identity from stix2.v21.common import GranularMarking # S-TIP SNS 用カスタムオブジェクト @CustomObject(const.STIP_STIX2_X_STIP_SNS_TYPE, [ ('name', StringProperty(required=True)), ('description', StringProperty(required=True)), ('created_by_ref', ReferenceProperty(valid_types='identity')), ('lang', StringProperty()), ('granular_markings', ListProperty(GranularMarking)), (const.STIP_STIX2_PROP_TYPE, StringProperty(required=True)), (const.STIP_STIX2_PROP_AUTHOR, DictionaryProperty(required=True)), (const.STIP_STIX2_PROP_POST, DictionaryProperty()), (const.STIP_STIX2_PROP_ATTACHMENTS, ListProperty(DictionaryProperty)), (const.STIP_STIX2_PROP_BUNDLE_ID, StringProperty()), (const.STIP_STIX2_PROP_BUNDLE_VERSION, StringProperty()), (const.STIP_STIX2_PROP_ATTACHMENT, DictionaryProperty()), (const.STIP_STIX2_PROP_TAGS, ListProperty(StringProperty)), (const.STIP_STIX2_PROP_INDICATORS, ListProperty(StringProperty)), (const.STIP_STIX2_PROP_IDENTITY, StringProperty(required=True)), (const.STIP_STIX2_PROP_TOOL, DictionaryProperty(required=True)), ]) class StipSns(object): pass