def test_PackageToSimple_flattenPropertyValueField(self): self.assertEqual( ObservableStructureConverter.flatten_property_value_field({ 'value': 'abc', 'test': 'def' }), 'abc') self.assertEqual( ObservableStructureConverter.flatten_property_value_field('abc'), 'abc') self.assertEqual( ObservableStructureConverter.flatten_property_value_field({ 'value': 123, 'test': 'def' }), 123) self.assertEqual( ObservableStructureConverter.flatten_property_value_field(123), 123) self.assertEqual( ObservableStructureConverter.flatten_property_value_field({ 'value': { 'result': '132' }, 'test': 'def' }), {'result': '132'}) self.assertEqual( ObservableStructureConverter.flatten_property_value_field(123), 123) self.assertEqual( ObservableStructureConverter.flatten_property_value_field(['abc']), ['abc']) self.assertEqual( ObservableStructureConverter.flatten_property_value_field(None), None) self.assertEqual( ObservableStructureConverter.flatten_property_value_field({ 'test2': 'abc', 'test': 'def' }), { 'test2': 'abc', 'test': 'def' })
def test_BuilderToSimple_CustomTypes_GetCorrectStructure(self): for type_ in self.OBSERVABLE_CUSTOM_BUILDER_STRUCTURES: builder_dict = self.OBSERVABLE_CUSTOM_BUILDER_STRUCTURES[type_] simple = ObservableStructureConverter.builder_to_simple( builder_dict.get('objectType'), builder_dict) self.assertDictEqual( simple, self.OBSERVABLE_CUSTOM_SIMPLE_STRUCTURES[type_])
def test_PackageToSimple_EmailType_GetCorrectStructure(self): email_package = { 'xsi:type': 'EmailMessageObjectType', 'header': { 'subject': 'blah', 'from': { 'address_value': '*****@*****.**' }, 'date': 'Today', 'to': [{ 'address_value': { 'value': '*****@*****.**' } }], 'cc': [{ 'address_value': '*****@*****.**' }, { 'address_value': '*****@*****.**' }] } } simple = ObservableStructureConverter.package_to_simple( email_package['xsi:type'], email_package) self.assertDictEqual( simple, { 'xsi:type': 'EmailMessageObjectType', 'subject': 'blah', 'from': '*****@*****.**', 'date': 'Today', 'to': ['*****@*****.**'], 'cc': ['*****@*****.**', '*****@*****.**'], 'bcc': None })
def __validate_observables(observables): validation_results = {} dummy_id = 1 for observable in observables: id_ = observable.get('id') object_type = observable.get('objectType') if not id_: # No id, so we can safely assume this is something from the builder... observable_properties = ObservableStructureConverter.builder_to_simple( object_type, observable) validation_info = ObservableValidator.validate( **observable_properties) validation_results[ 'Observable ' + str(dummy_id)] = validation_info.validation_dict else: namespace_validation = NamespaceValidationInfo.validate( r'obs', id_) if namespace_validation.is_local(): real_observable = EdgeObject.load(id_) as_package, _ = real_observable.capsulize('temp') validation_info = PackageValidationInfo.validate( as_package) validation_results.update(validation_info.validation_dict) else: validation_results.update( {id_: namespace_validation.validation_dict}) dummy_id += 1 return validation_results
def test_PackageToSimple_HTTPSessionType_GetCorrectStructure(self): http_sessions = [{ 'INPUT': { 'xsi:type': 'HTTPSessionObjectType', 'http_request_response': [{ 'http_client_request': { 'http_request_header': { 'parsed_header': { 'user_agent': 'Mozilla/5.0' } } } }] }, 'OUTPUT': { 'xsi:type': 'HTTPSessionObjectType', 'user_agent': 'Mozilla/5.0' } }, { 'INPUT': { 'xsi:type': 'HTTPSessionObjectType' }, 'OUTPUT': { 'xsi:type': 'HTTPSessionObjectType', 'user_agent': None } }] for session in http_sessions: simple = ObservableStructureConverter.package_to_simple( session['INPUT']['xsi:type'], session['INPUT']) self.assertDictEqual(simple, session['OUTPUT'])
def __validate_observables(observables, stix_header): all_observables_validation = {} for observable in observables: if 'observable_composition' not in observable: id_ = observable['id'] observable_validation = ObjectValidationInfo() observable_validation.extend( CommonValidationInfo.validate(item=observable, package_dict=stix_header)) namespace_validation = NamespaceValidationInfo.validate( r'obs', id_) if namespace_validation.is_local(): properties = observable['object']['properties'] properties = ObservableStructureConverter.package_to_simple( properties.get('xsi:type'), properties) observable_validation.extend( ObservableValidator.validate( object_type=FieldAlias('xsi:type', properties.get('xsi:type')), description=observable.get('description'), **properties)) else: observable_validation.extend(namespace_validation) if observable_validation.validation_dict: all_observables_validation.update( {id_: observable_validation.validation_dict}) return all_observables_validation
def test_BuilderToSimple_AnyValidShorthandType_GetsCorrectFullType(self): with mock.patch.object( ObservableStructureConverter, '_ObservableStructureConverter__get_builder_package_conversion_handler', return_value=None): for type_ in self.OBSERVABLE_TYPES: simple = ObservableStructureConverter.builder_to_simple( type_, {}) self.assertEqual(simple.get('object_type'), self.OBSERVABLE_TYPES[type_])
def test_PackageToSimple_AddressType_GetCorrectStructure(self): address_package = { 'xsi:type': 'AddressObjectType', 'category': 'ipv4-addr', 'address_value': { 'value': '192.168.0.1' } } simple = ObservableStructureConverter.package_to_simple( address_package['xsi:type'], address_package) self.assertDictEqual( simple, { 'xsi:type': 'AddressObjectType', 'category': 'ipv4-addr', 'address_value': '192.168.0.1' })
def __validate_observables(observables): observable_validation = {} for observable in observables: if 'observable_composition' not in observable: id_ = observable['id'] namespace_validation = NamespaceValidationInfo.validate(r'obs', id_) if namespace_validation.is_local(): properties = observable['object']['properties'] properties = ObservableStructureConverter.package_to_simple(properties.get('xsi:type'), properties) validation_results = ObservableValidator.validate( object_type=FieldAlias('xsi:type', properties.get('xsi:type')), description=observable.get('description'), **properties) if validation_results and validation_results.validation_dict: observable_validation.update({id_: validation_results.validation_dict}) else: observable_validation.update({id_: namespace_validation.validation_dict}) return observable_validation
def test_PackageToSimple_SocketType_GetCorrectStructure(self): socket_package = { 'xsi:type': 'SocketAddressObjectType', 'port': { 'port_value': '1234', 'layer4_protocol': 'blah' }, 'ip_address': { 'address_value': '102.12.211.6' }, 'hostname': { 'hostname_value': 'blah' } } simple = ObservableStructureConverter.package_to_simple( socket_package['xsi:type'], socket_package) self.assertDictEqual( simple, { 'xsi:type': 'SocketAddressObjectType', 'port': '1234', 'protocol': 'blah', 'ip_address': '102.12.211.6', 'hostname': 'blah' })
def test_PackageToSimple_GenericTypes_GetCorrectStructure(self): package_dict = self.GENERIC_OBSERVABLE_STRUCTURES['PACKAGE'] simple = ObservableStructureConverter.package_to_simple( package_dict.get('xsi:type'), package_dict) self.assertDictEqual(simple, self.GENERIC_OBSERVABLE_STRUCTURES['PACKAGE'])
def test_BuilderToSimple_GenericTypes_GetCorrectStructure(self): builder_dict = self.GENERIC_OBSERVABLE_STRUCTURES['BUILDER'] simple = ObservableStructureConverter.builder_to_simple( builder_dict.get('objectType'), builder_dict) self.assertDictEqual(simple, self.GENERIC_OBSERVABLE_STRUCTURES['SIMPLE'])