def test_workbench_related(): rel1 = Relationship(constants.MALWARE_ID, 'targets', constants.IDENTITY_ID) rel2 = Relationship(constants.CAMPAIGN_ID, 'uses', constants.MALWARE_ID) save([rel1, rel2]) resp = get(constants.MALWARE_ID).related() assert len(resp) == 3 assert any(x['id'] == constants.CAMPAIGN_ID for x in resp) assert any(x['id'] == constants.INDICATOR_ID for x in resp) assert any(x['id'] == constants.IDENTITY_ID for x in resp) resp = get(constants.MALWARE_ID).related(relationship_type='indicates') assert len(resp) == 1
def test_workbench_related_with_filters(): malware = Malware(labels=["ransomware"], name="CryptorBit", created_by_ref=IDENTITY_ID) rel = Relationship(malware.id, 'variant-of', MALWARE_ID) save([malware, rel]) filters = [Filter('created_by_ref', '=', IDENTITY_ID)] resp = get(MALWARE_ID).related(filters=filters) assert len(resp) == 1 assert resp[0].name == malware.name assert resp[0].created_by_ref == IDENTITY_ID # filters arg can also be single filter resp = get(MALWARE_ID).related(filters=filters[0]) assert len(resp) == 1
def test_workbench_relationships(): rel = Relationship(INDICATOR_ID, 'indicates', MALWARE_ID) save(rel) ind = get(INDICATOR_ID) resp = ind.relationships() assert len(resp) == 1 assert resp[0].relationship_type == 'indicates' assert resp[0].source_ref == INDICATOR_ID assert resp[0].target_ref == MALWARE_ID
def test_workbench_environment(): # Create a STIX object ind = create(Indicator, id=INDICATOR_ID, **INDICATOR_KWARGS) save(ind) resp = get(INDICATOR_ID) assert resp['labels'][0] == 'malicious-activity' resp = all_versions(INDICATOR_ID) assert len(resp) == 1 # Search on something other than id q = [Filter('type', '=', 'vulnerability')] resp = query(q) assert len(resp) == 0
def obj_to_21(twozero: _DomainObject): try: new_obj = workbench.parse(twozero, allow_custom=True) if workbench.get(new_obj['id']) is None: return new_obj except TLPMarkingDefinitionError as e: if hasattr(e, 'spec_obj'): return workbench.MarkingDefinition(**e.spec_obj) else: print('Bad marking definition:', 0) print(e, '\n') except ValueError as e: print('ValueError parsing: ', twozero) print(e) print('\n') except Exception as e: print('Some other exception parsing:', o) print(e, '\n')