def test_PackageToSimple_EmailType_GetCorrectStructure(self):
email_package = {
'xsi:type': 'EmailMessageObjectType',
'header': {
'subject':
'blah',
'from': {
'address_value': '*****@*****.**'
},
'date':
'Today',
'to': [{
'address_value': {
'value': '*****@*****.**'
}
}],
'cc': [{
'address_value': '*****@*****.**'
}, {
'address_value': '*****@*****.**'
}]
}
}
simple = ObservableStructureConverter.package_to_simple(
email_package['xsi:type'], email_package)
self.assertDictEqual(
simple, {
'xsi:type': 'EmailMessageObjectType',
'subject': 'blah',
'from': '*****@*****.**',
'date': 'Today',
'to': ['*****@*****.**'],
'cc': ['*****@*****.**', '*****@*****.**'],
'bcc': None
})
def test_PackageToSimple_HTTPSessionType_GetCorrectStructure(self):
http_sessions = [{
'INPUT': {
'xsi:type':
'HTTPSessionObjectType',
'http_request_response': [{
'http_client_request': {
'http_request_header': {
'parsed_header': {
'user_agent': 'Mozilla/5.0'
}
}
}
}]
},
'OUTPUT': {
'xsi:type': 'HTTPSessionObjectType',
'user_agent': 'Mozilla/5.0'
}
}, {
'INPUT': {
'xsi:type': 'HTTPSessionObjectType'
},
'OUTPUT': {
'xsi:type': 'HTTPSessionObjectType',
'user_agent': None
}
}]
for session in http_sessions:
simple = ObservableStructureConverter.package_to_simple(
session['INPUT']['xsi:type'], session['INPUT'])
self.assertDictEqual(simple, session['OUTPUT'])
def __validate_observables(observables, stix_header):
all_observables_validation = {}
for observable in observables:
if 'observable_composition' not in observable:
id_ = observable['id']
observable_validation = ObjectValidationInfo()
observable_validation.extend(
CommonValidationInfo.validate(item=observable,
package_dict=stix_header))
namespace_validation = NamespaceValidationInfo.validate(
r'obs', id_)
if namespace_validation.is_local():
properties = observable['object']['properties']
properties = ObservableStructureConverter.package_to_simple(
properties.get('xsi:type'), properties)
observable_validation.extend(
ObservableValidator.validate(
object_type=FieldAlias('xsi:type',
properties.get('xsi:type')),
description=observable.get('description'),
**properties))
else:
observable_validation.extend(namespace_validation)
if observable_validation.validation_dict:
all_observables_validation.update(
{id_: observable_validation.validation_dict})
return all_observables_validation
def test_PackageToSimple_AddressType_GetCorrectStructure(self):
address_package = {
'xsi:type': 'AddressObjectType',
'category': 'ipv4-addr',
'address_value': {
'value': '192.168.0.1'
}
}
simple = ObservableStructureConverter.package_to_simple(
address_package['xsi:type'], address_package)
self.assertDictEqual(
simple, {
'xsi:type': 'AddressObjectType',
'category': 'ipv4-addr',
'address_value': '192.168.0.1'
})
def __validate_observables(observables):
observable_validation = {}
for observable in observables:
if 'observable_composition' not in observable:
id_ = observable['id']
namespace_validation = NamespaceValidationInfo.validate(r'obs', id_)
if namespace_validation.is_local():
properties = observable['object']['properties']
properties = ObservableStructureConverter.package_to_simple(properties.get('xsi:type'), properties)
validation_results = ObservableValidator.validate(
object_type=FieldAlias('xsi:type', properties.get('xsi:type')),
description=observable.get('description'), **properties)
if validation_results and validation_results.validation_dict:
observable_validation.update({id_: validation_results.validation_dict})
else:
observable_validation.update({id_: namespace_validation.validation_dict})
return observable_validation
def test_PackageToSimple_SocketType_GetCorrectStructure(self):
socket_package = {
'xsi:type': 'SocketAddressObjectType',
'port': {
'port_value': '1234',
'layer4_protocol': 'blah'
},
'ip_address': {
'address_value': '102.12.211.6'
},
'hostname': {
'hostname_value': 'blah'
}
}
simple = ObservableStructureConverter.package_to_simple(
socket_package['xsi:type'], socket_package)
self.assertDictEqual(
simple, {
'xsi:type': 'SocketAddressObjectType',
'port': '1234',
'protocol': 'blah',
'ip_address': '102.12.211.6',
'hostname': 'blah'
})
def test_PackageToSimple_GenericTypes_GetCorrectStructure(self):
package_dict = self.GENERIC_OBSERVABLE_STRUCTURES['PACKAGE']
simple = ObservableStructureConverter.package_to_simple(
package_dict.get('xsi:type'), package_dict)
self.assertDictEqual(simple,
self.GENERIC_OBSERVABLE_STRUCTURES['PACKAGE'])