def test_reference_property_specific_type():
    ref_prop = ReferenceProperty(valid_types="my-type", spec_version="2.1")

    with pytest.raises(ValueError):
        ref_prop.clean("not-my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf")

    assert ref_prop.clean("my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf") == \
        "my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf"
def test_reference_property_blacklist_custom_type():
    ref_prop = ReferenceProperty(invalid_types="my-type", spec_version="2.1")

    result = ref_prop.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)
    assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(ValueError):
        ref_prop.clean("my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(ValueError):
        ref_prop.clean("my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)

    with pytest.raises(CustomContentError):
        # This is not the blacklisted type, but it's still custom, and
        # customization is disallowed here.
        ref_prop.clean("not-my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    result = ref_prop.clean("not-my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
    assert result == ("not-my-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
def test_reference_property():
    ref_prop = ReferenceProperty(valid_types="my-type", spec_version="2.1")

    assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000")
    with pytest.raises(ValueError):
        ref_prop.clean("foo")

    # This is not a valid RFC 4122 UUID
    with pytest.raises(ValueError):
        ref_prop.clean("my-type--00000000-0000-0000-0000-000000000000")
Esempio n. 4
0
class StixObservedData(_STIXBase):
    _type = 'observed-data'
    _properties = OrderedDict()
    _properties.update([
        ('type', TypeProperty(_type)), ('id', IDProperty(_type)),
        ('created_by_ref', ReferenceProperty(type="device_ref")),
        ('created',
         TimestampProperty(default=lambda: NOW, precision='millisecond')),
        ('modified',
         TimestampProperty(default=lambda: NOW, precision='millisecond')),
        ('first_observed', TimestampProperty(required=True)),
        ('last_observed', TimestampProperty(required=True)),
        ('number_observed', IntegerProperty(required=True)),
        ('objects', ObservableProperty()), ('revoked', BooleanProperty()),
        ('labels', ListProperty(StringProperty)),
        ('external_references', ListProperty(ExternalReference)),
        ('object_marking_refs',
         ListProperty(ReferenceProperty(type="marking-definition"))),
        ('granular_markings', ListProperty(GranularMarking)),
        ('device_ref', DeviceProperty('device'))
    ])
Esempio n. 5
0
def test_reference_property():
    ref_prop = ReferenceProperty()

    assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000")
    with pytest.raises(ValueError):
        ref_prop.clean("foo")

    # This is not a valid V4 UUID
    with pytest.raises(ValueError):
        ref_prop.clean("my-type--00000000-0000-0000-0000-000000000000")
Esempio n. 6
0
def test_reference_property():
    ref_prop = ReferenceProperty()

    assert ref_prop.clean("my-type--00000000-0000-4000-8000-000000000000")

    value = "my-type--00000000-0000-0000-0000-000000000000"
    assert ref_prop.clean(value) == value

    with pytest.raises(ValueError):
        ref_prop.clean("foo")

    # This is not a valid UUID
    with pytest.raises(ValueError):
        ref_prop.clean("my-type--1234-56789")
Esempio n. 7
0
def test_reference_property_whitelist_hybrid_type():
    p = ReferenceProperty(valid_types=["a", "SCO"], spec_version="2.0")

    result = p.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)
    assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    result = p.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
    assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(CustomContentError):
        # although whitelisted, "a" is a custom type
        p.clean("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    result = p.clean("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
    assert result == ("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)

    with pytest.raises(ValueError):
        p.clean("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    # should just assume "b" is a custom SCO type.
    result = p.clean("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
    assert result == ("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
def test_reference_property_whitelist_standard_type():
    ref_prop = ReferenceProperty(valid_types="identity", spec_version="2.1")
    result = ref_prop.clean(
        "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False,
    )
    assert result == ("identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(ValueError):
        ref_prop.clean("foo--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)

    with pytest.raises(ValueError):
        ref_prop.clean("foo--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)
Esempio n. 9
0
    def __init__(self, x_mitre_shortname=None, **kwargs):
        if x_mitre_shortname and x_mitre_shortname not in ["strategic-planning", "objective-planning", "develop-people",
                                           "develop-networks", "microtargeting", "develop-content",
                                           "channel-selection", "pump-priming", "exposure", "go-physical",
                                           "persistence", "measure-effectiveness"]:
            raise ValueError("'%s' is not a recognized AMITT Tactic." % x_mitre_shortname)

@CustomObject('x-amitt-narrative', [
    ('name', StringProperty(required=True)),
    ('description', StringProperty()),
    ('aliases', ListProperty(StringProperty)),
    ('first_seen', TimestampProperty()),
    ('last_seen', TimestampProperty()),
    ('objective', StringProperty()),
    ('external_references', ListProperty(ExternalReference)),
    ('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.0'))),
    ('granular_markings', ListProperty(GranularMarking))
])
class Narrative(object):
    def __init__(self, **kwargs):
        if True:
            pass

@CustomObject('x-amitt-incident', [
    ('name', StringProperty(required=True)),
    ('description', StringProperty()),
    ('aliases', ListProperty(StringProperty)),
    ('first_seen', TimestampProperty()),
    ('last_seen', TimestampProperty()),
    ('objective', StringProperty()),
    ('external_references', ListProperty(ExternalReference)),
Esempio n. 10
0
    return DomainName(
        value=properties.value,
        object_marking_refs=properties.object_markings,
        custom_properties=_get_custom_properties(properties),
    )


@CustomObservable(
    "x-opencti-hostname",
    [
        ("value", StringProperty(required=True)),
        ("spec_version", StringProperty(fixed="2.1")),
        (
            "object_marking_refs",
            ListProperty(
                ReferenceProperty(valid_types="marking-definition",
                                  spec_version="2.1")),
        ),
    ],
    ["value"],
)
class Hostname:
    """Hostname observable."""

    pass


def create_observable_hostname(properties: ObservableProperties) -> Hostname:
    """Create an observable representing a hostname."""
    return Hostname(
        value=properties.value,
        object_marking_refs=properties.object_markings,
Esempio n. 11
0
from stix2.v21.bundle import Bundle
from stix2.v21.sdo import Report, CustomObject, Vulnerability, ThreatActor, Indicator
from stix2.v21.common import LanguageContent, GranularMarking
from stip.common.stip_stix2 import _get_stip_identname

# S-TIP オブジェクトに格納する固定値
STIP_IDENTITY_CLASS = 'organization'
STIP_NAME = 'Fujitsu System Integration Laboratories.'


# S-TIP SNS 用カスタムオブジェクト
@CustomObject('x-stip-sns', [
    ('post_type', StringProperty(required=True)),
    ('name', StringProperty(required=True)),
    ('description', StringProperty(required=True)),
    ('created_by_ref', ReferenceProperty(type='identity')),
    ('lang', StringProperty()),
    ('granular_markings', ListProperty(GranularMarking)),
])
class StipSns(object):
    pass


# stix2_titles と stix2_contents から language_content の contents に格納する辞書を作成する
def _get_language_contents(stix2_titles, stix2_contents):
    contents = {}
    for stix2_title in stix2_titles:
        language = stix2_title['language']
        if language in contents:
            d = contents[language]
            d['name'] = stix2_title['title']
Esempio n. 12
0
def test_reference_property_impossible_constraint():
    with pytest.raises(ValueError):
        ReferenceProperty(valid_types=[], spec_version="2.0")
Esempio n. 13
0
def test_reference_property_blacklist_generic_type():
    ref_prop = ReferenceProperty(
        invalid_types=["SDO", "SRO"],
        spec_version="2.0",
    )

    result = ref_prop.clean(
        "file--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        False,
    )
    assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    result = ref_prop.clean(
        "file--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        True,
    )
    assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(CustomContentError):
        ref_prop.clean(
            "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
            False,
        )

    result = ref_prop.clean(
        "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        True,
    )
    assert result == ("some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)

    with pytest.raises(ValueError):
        ref_prop.clean(
            "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
            False,
        )

    with pytest.raises(ValueError):
        ref_prop.clean(
            "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
            True,
        )

    with pytest.raises(ValueError):
        ref_prop.clean(
            "relationship--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
            False,
        )

    with pytest.raises(ValueError):
        ref_prop.clean(
            "relationship--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
            True,
        )
Esempio n. 14
0
def test_reference_property_blacklist_standard_type():
    ref_prop = ReferenceProperty(invalid_types="identity", spec_version="2.0")
    result = ref_prop.clean(
        "malware--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        False,
    )
    assert result == ("malware--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    result = ref_prop.clean(
        "malware--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        True,
    )
    assert result == ("malware--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(CustomContentError):
        ref_prop.clean(
            "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
            False,
        )

    result = ref_prop.clean(
        "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        True,
    )
    assert result == ("some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)

    with pytest.raises(ValueError):
        ref_prop.clean(
            "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
            False,
        )

    with pytest.raises(ValueError):
        ref_prop.clean(
            "identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
            True,
        )
Esempio n. 15
0
def test_reference_property_whitelist_generic_type():
    ref_prop = ReferenceProperty(
        valid_types=["SCO", "SRO"],
        spec_version="2.0",
    )

    result = ref_prop.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
                            False)
    assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    result = ref_prop.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
    assert result == ("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    result = ref_prop.clean(
        "sighting--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        False,
    )
    assert result == ("sighting--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    result = ref_prop.clean(
        "sighting--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        True,
    )
    assert result == ("sighting--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    # The prop assumes some-type is a custom type of one of the generic
    # type categories.
    result = ref_prop.clean(
        "some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
        True,
    )
    assert result == ("some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)

    with pytest.raises(ValueError):
        ref_prop.clean("some-type--8a8e8758-f92c-4058-ba38-f061cd42a0cf",
                       False)

    with pytest.raises(ValueError):
        ref_prop.clean("identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(ValueError):
        ref_prop.clean("identity--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
Esempio n. 16
0
def test_reference_property_blacklist_hybrid_type():
    p = ReferenceProperty(invalid_types=["a", "SCO"], spec_version="2.0")

    with pytest.raises(ValueError):
        p.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(ValueError):
        p.clean("file--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)

    with pytest.raises(ValueError):
        p.clean("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    with pytest.raises(ValueError):
        p.clean("a--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)

    with pytest.raises(CustomContentError):
        p.clean("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", False)

    # should just assume "b" is a custom type which is not an SCO
    result = p.clean("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
    assert result == ("b--8a8e8758-f92c-4058-ba38-f061cd42a0cf", True)
Esempio n. 17
0
def test_reference_property():
    ref_prop = ReferenceProperty()

    assert ref_prop.clean("my-type--3a331bfe-0566-55e1-a4a0-9a2cd355a300")
    with pytest.raises(ValueError):
        ref_prop.clean("foo")
Esempio n. 18
0
import stip.common.const as const
from stix2.properties import StringProperty, ReferenceProperty, ListProperty, DictionaryProperty
from stix2.v21.bundle import Bundle
from stix2.v21.sdo import Report, CustomObject, Vulnerability, ThreatActor, Indicator, Identity
from stix2.v21.common import GranularMarking


# S-TIP SNS 用カスタムオブジェクト
@CustomObject(const.STIP_STIX2_X_STIP_SNS_TYPE, [
    ('name', StringProperty(required=True)),
    ('description', StringProperty(required=True)),
    ('created_by_ref', ReferenceProperty(valid_types='identity')),
    ('lang', StringProperty()),
    ('granular_markings', ListProperty(GranularMarking)),
    (const.STIP_STIX2_PROP_TYPE, StringProperty(required=True)),
    (const.STIP_STIX2_PROP_AUTHOR, DictionaryProperty(required=True)),
    (const.STIP_STIX2_PROP_POST, DictionaryProperty()),
    (const.STIP_STIX2_PROP_ATTACHMENTS, ListProperty(DictionaryProperty)),
    (const.STIP_STIX2_PROP_BUNDLE_ID, StringProperty()),
    (const.STIP_STIX2_PROP_BUNDLE_VERSION, StringProperty()),
    (const.STIP_STIX2_PROP_ATTACHMENT, DictionaryProperty()),
    (const.STIP_STIX2_PROP_TAGS, ListProperty(StringProperty)),
    (const.STIP_STIX2_PROP_INDICATORS, ListProperty(StringProperty)),
    (const.STIP_STIX2_PROP_IDENTITY, StringProperty(required=True)),
    (const.STIP_STIX2_PROP_TOOL, DictionaryProperty(required=True)),
])
class StipSns(object):
    pass