def test_process_example_extensions_empty():
with pytest.raises(stix2.exceptions.InvalidValueError) as excinfo:
stix2.Process(extensions={})
assert excinfo.value.cls == stix2.Process
assert excinfo.value.prop_name == 'extensions'
assert 'non-empty dictionary' in excinfo.value.reason
def test_process_example_empty_with_extensions():
with pytest.raises(stix2.exceptions.AtLeastOnePropertyError) as excinfo:
stix2.Process(extensions={"windows-process-ext": {}})
assert excinfo.value.cls == stix2.WindowsProcessExt
properties_of_extension = list(stix2.WindowsProcessExt._properties.keys())
assert excinfo.value.properties == sorted(properties_of_extension)
def test_process_example():
p = stix2.Process(_valid_refs={"0": "file"},
pid=1221,
name="gedit-bin",
created="2016-01-20T14:11:25.55Z",
arguments=["--new-window"],
binary_ref="0")
assert p.name == "gedit-bin"
assert p.arguments == ["--new-window"]
def test_process_example_empty_error():
with pytest.raises(stix2.exceptions.AtLeastOnePropertyError) as excinfo:
stix2.Process()
assert excinfo.value.cls == stix2.Process
properties_of_process = list(stix2.Process._properties.keys())
properties_of_process.remove("type")
assert excinfo.value.properties == sorted(properties_of_process)
msg = "At least one of the ({1}) properties for {0} must be populated."
msg = msg.format(stix2.Process.__name__,
", ".join(sorted(properties_of_process)))
assert str(excinfo.value) == msg
def test_process_example_with_WindowsServiceExt():
p = stix2.Process(
extensions={
"windows-service-ext": {
"service_name": "sirvizio",
"display_name": "Sirvizio",
"start_type": "SERVICE_AUTO_START",
"service_type": "SERVICE_WIN32_OWN_PROCESS",
"service_status": "SERVICE_RUNNING"
}
})
assert p.extensions["windows-service-ext"].service_name == "sirvizio"
assert p.extensions[
"windows-service-ext"].service_type == "SERVICE_WIN32_OWN_PROCESS"
def test_process_example_with_WindowsProcessExt_Object():
p = stix2.Process(
extensions={
"windows-process-ext":
stix2.WindowsProcessExt(
aslr_enabled=True,
dep_enabled=True,
priority="HIGH_PRIORITY_CLASS",
owner_sid="S-1-5-21-186985262-1144665072-74031268-1309"
) # noqa
})
assert p.extensions["windows-process-ext"].dep_enabled
assert p.extensions[
"windows-process-ext"].owner_sid == "S-1-5-21-186985262-1144665072-74031268-1309"
def test_process_example_windows_process_ext():
proc = stix2.Process(pid=314,
name="foobar.exe",
extensions={
"windows-process-ext": {
"aslr_enabled":
True,
"dep_enabled":
True,
"priority":
"HIGH_PRIORITY_CLASS",
"owner_sid":
"S-1-5-21-186985262-1144665072-74031268-1309"
}
})
assert proc.extensions["windows-process-ext"].aslr_enabled
assert proc.extensions["windows-process-ext"].dep_enabled
assert proc.extensions[
"windows-process-ext"].priority == "HIGH_PRIORITY_CLASS"
assert proc.extensions[
"windows-process-ext"].owner_sid == "S-1-5-21-186985262-1144665072-74031268-1309"
def test_process_example_with_WindowsProcessServiceExt():
p = stix2.Process(
extensions={
"windows-service-ext": {
"service_name": "sirvizio",
"display_name": "Sirvizio",
"start_type": "SERVICE_AUTO_START",
"service_type": "SERVICE_WIN32_OWN_PROCESS",
"service_status": "SERVICE_RUNNING"
},
"windows-process-ext": {
"aslr_enabled": True,
"dep_enabled": True,
"priority": "HIGH_PRIORITY_CLASS",
"owner_sid": "S-1-5-21-186985262-1144665072-74031268-1309"
}
})
assert p.extensions["windows-service-ext"].service_name == "sirvizio"
assert p.extensions[
"windows-service-ext"].service_type == "SERVICE_WIN32_OWN_PROCESS"
assert p.extensions["windows-process-ext"].dep_enabled
assert p.extensions[
"windows-process-ext"].owner_sid == "S-1-5-21-186985262-1144665072-74031268-1309"