def test_list_property_property_type_custom():
class TestObj(stix2.base._STIXBase):
_type = "test"
_properties = {
"foo": StringProperty(),
}
p = ListProperty(EmbeddedObjectProperty(type=TestObj))
objs_custom = [
TestObj(foo="abc", bar=123, allow_custom=True),
TestObj(foo="xyz"),
]
assert p.clean(objs_custom)
dicts_custom = [
{
"foo": "abc",
"bar": 123
},
{
"foo": "xyz"
},
]
# no opportunity to set allow_custom=True when using dicts
with pytest.raises(ExtraPropertiesError):
p.clean(dicts_custom)
def test_list_property_property_type():
p = ListProperty(StringProperty)
result = p.clean(['abc', 'xyz'], False)
assert result == (['abc', 'xyz'], False)
with pytest.raises(ValueError):
p.clean([], False)
def test_list_property_bad_value_type():
class TestObj(stix2.base._STIXBase):
_type = "test"
_properties = {
"foo": StringProperty(),
}
list_prop = ListProperty(TestObj)
with pytest.raises(ValueError):
list_prop.clean([1])
def test_list_property_object_type():
class TestObj(stix2.base._STIXBase):
_type = "test"
_properties = {
"foo": StringProperty(),
}
p = ListProperty(TestObj)
objs = [TestObj(foo="abc"), TestObj(foo="xyz")]
assert p.clean(objs)
dicts = [{"foo": "abc"}, {"foo": "xyz"}]
assert p.clean(dicts)
def test_list_property_property_type_custom():
class TestObj(_STIXBase):
_type = "test"
_properties = {
"foo": StringProperty(),
}
p = ListProperty(EmbeddedObjectProperty(type=TestObj))
objs_custom = [
TestObj(foo="abc", bar=123, allow_custom=True),
TestObj(foo="xyz"),
]
result = p.clean(objs_custom, True)
assert result == (objs_custom, True)
with pytest.raises(CustomContentError):
p.clean(objs_custom, False)
dicts_custom = [
{
"foo": "abc",
"bar": 123
},
{
"foo": "xyz"
},
]
result = p.clean(dicts_custom, True)
assert result == (objs_custom, True)
with pytest.raises(ExtraPropertiesError):
p.clean(dicts_custom, False)
class SomeSCO(stix2.v21._Observable):
_type = "some-sco"
_properties = OrderedDict((
('type', TypeProperty(_type, spec_version='2.1')),
('id', IDProperty(_type, spec_version='2.1')),
(
'extensions',
ExtensionsProperty(
spec_version='2.1',
enclosing_type=_type,
),
),
('string', StringProperty()),
('int', IntegerProperty()),
('float', FloatProperty()),
('bool', BooleanProperty()),
('list', ListProperty(IntegerProperty())),
('dict', DictionaryProperty(spec_version="2.1")),
))
_id_contributing_properties = [
'string',
'int',
'float',
'bool',
'list',
'dict',
]
def test_list_property_object_type():
class TestObj(_STIXBase):
_type = "test"
_properties = {
"foo": StringProperty(),
}
p = ListProperty(TestObj)
objs = [TestObj(foo="abc"), TestObj(foo="xyz")]
result = p.clean(objs, False)
assert result == (objs, False)
dicts = [{"foo": "abc"}, {"foo": "xyz"}]
result = p.clean(dicts, False)
assert result == (objs, False)
def test_property_list_of_dictionary():
@CustomObject('x-new-obj', [
('property1', ListProperty(DictionaryProperty(), required=True)),
])
class NewObj():
pass
test_obj = NewObj(property1=[{'foo': 'bar'}])
assert test_obj.property1[0]['foo'] == 'bar'
def test_property_list_of_dictionary():
@stix2.v21.CustomObject(
'x-new-obj', [
('property1', ListProperty(DictionaryProperty(spec_version='2.1'), required=True)),
],
)
class NewObj():
pass
test_obj = NewObj(property1=[{'foo': 'bar'}])
assert test_obj.property1[0]['foo'] == 'bar'
class StixObservedData(_STIXBase):
_type = 'observed-data'
_properties = OrderedDict()
_properties.update([
('type', TypeProperty(_type)), ('id', IDProperty(_type)),
('created_by_ref', ReferenceProperty(type="device_ref")),
('created',
TimestampProperty(default=lambda: NOW, precision='millisecond')),
('modified',
TimestampProperty(default=lambda: NOW, precision='millisecond')),
('first_observed', TimestampProperty(required=True)),
('last_observed', TimestampProperty(required=True)),
('number_observed', IntegerProperty(required=True)),
('objects', ObservableProperty()), ('revoked', BooleanProperty()),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs',
ListProperty(ReferenceProperty(type="marking-definition"))),
('granular_markings', ListProperty(GranularMarking)),
('device_ref', DeviceProperty('device'))
])
def test_list_property():
p = ListProperty(StringProperty)
assert p.clean(['abc', 'xyz'])
with pytest.raises(ValueError):
p.clean([])
def test_list_property_bad_element_type():
with pytest.raises(TypeError):
ListProperty(1)
('name', properties.StringProperty(required=True)),
('description', properties.StringProperty(required=True)),
('x_mitre_shortname', properties.StringProperty(required=True))
])
class Tactic(object):
def __init__(self, x_mitre_shortname=None, **kwargs):
if x_mitre_shortname and x_mitre_shortname not in ["strategic-planning", "objective-planning", "develop-people",
"develop-networks", "microtargeting", "develop-content",
"channel-selection", "pump-priming", "exposure", "go-physical",
"persistence", "measure-effectiveness"]:
raise ValueError("'%s' is not a recognized AMITT Tactic." % x_mitre_shortname)
@CustomObject('x-amitt-narrative', [
('name', StringProperty(required=True)),
('description', StringProperty()),
('aliases', ListProperty(StringProperty)),
('first_seen', TimestampProperty()),
('last_seen', TimestampProperty()),
('objective', StringProperty()),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.0'))),
('granular_markings', ListProperty(GranularMarking))
])
class Narrative(object):
def __init__(self, **kwargs):
if True:
pass
@CustomObject('x-amitt-incident', [
('name', StringProperty(required=True)),
('description', StringProperty()),
return DomainName(
value=properties.value,
object_marking_refs=properties.object_markings,
custom_properties=_get_custom_properties(properties),
)
@CustomObservable(
"x-opencti-hostname",
[
("value", StringProperty(required=True)),
("spec_version", StringProperty(fixed="2.1")),
(
"object_marking_refs",
ListProperty(
ReferenceProperty(valid_types="marking-definition",
spec_version="2.1")),
),
],
["value"],
)
class Hostname:
"""Hostname observable."""
pass
def create_observable_hostname(properties: ObservableProperties) -> Hostname:
"""Create an observable representing a hostname."""
return Hostname(
value=properties.value,
from stix2.v21.common import LanguageContent, GranularMarking
from stip.common.stip_stix2 import _get_stip_identname
# S-TIP オブジェクトに格納する固定値
STIP_IDENTITY_CLASS = 'organization'
STIP_NAME = 'Fujitsu System Integration Laboratories.'
# S-TIP SNS 用カスタムオブジェクト
@CustomObject('x-stip-sns', [
('post_type', StringProperty(required=True)),
('name', StringProperty(required=True)),
('description', StringProperty(required=True)),
('created_by_ref', ReferenceProperty(type='identity')),
('lang', StringProperty()),
('granular_markings', ListProperty(GranularMarking)),
])
class StipSns(object):
pass
# stix2_titles と stix2_contents から language_content の contents に格納する辞書を作成する
def _get_language_contents(stix2_titles, stix2_contents):
contents = {}
for stix2_title in stix2_titles:
language = stix2_title['language']
if language in contents:
d = contents[language]
d['name'] = stix2_title['title']
contents[language] = d
else:
import stip.common.const as const
from stix2.properties import StringProperty, ReferenceProperty, ListProperty, DictionaryProperty
from stix2.v21.bundle import Bundle
from stix2.v21.sdo import Report, CustomObject, Vulnerability, ThreatActor, Indicator, Identity
from stix2.v21.common import GranularMarking
# S-TIP SNS 用カスタムオブジェクト
@CustomObject(const.STIP_STIX2_X_STIP_SNS_TYPE, [
('name', StringProperty(required=True)),
('description', StringProperty(required=True)),
('created_by_ref', ReferenceProperty(valid_types='identity')),
('lang', StringProperty()),
('granular_markings', ListProperty(GranularMarking)),
(const.STIP_STIX2_PROP_TYPE, StringProperty(required=True)),
(const.STIP_STIX2_PROP_AUTHOR, DictionaryProperty(required=True)),
(const.STIP_STIX2_PROP_POST, DictionaryProperty()),
(const.STIP_STIX2_PROP_ATTACHMENTS, ListProperty(DictionaryProperty)),
(const.STIP_STIX2_PROP_BUNDLE_ID, StringProperty()),
(const.STIP_STIX2_PROP_BUNDLE_VERSION, StringProperty()),
(const.STIP_STIX2_PROP_ATTACHMENT, DictionaryProperty()),
(const.STIP_STIX2_PROP_TAGS, ListProperty(StringProperty)),
(const.STIP_STIX2_PROP_INDICATORS, ListProperty(StringProperty)),
(const.STIP_STIX2_PROP_IDENTITY, StringProperty(required=True)),
(const.STIP_STIX2_PROP_TOOL, DictionaryProperty(required=True)),
])
class StipSns(object):
pass