def schema_validate(fn, options): """Performs STIX/CybOX XML Schema validation against the input filename. Args: fn: A filename for a STIX/CybOX XML document options: ValidationOptions instance with validation options for this validation run. Returns: A dictionary of validation results """ info("Performing xml schema validation on %s" % fn) results = sdv.validate_xml( fn, version=options.lang_version, schemas=options.schema_dir, schemaloc=options.use_schemaloc, klass=options.xml_validation_class ) if not results.is_valid: raise SchemaInvalidError(results=results) return results
def test_invalid(self): xml = StringIO(CYBOX_INVALID) results = sdv.validate_xml(xml) # Assert that the document is identified as being invalid self.assertFalse(results.is_valid) # Assert that the badAttr attribute is the only error recorded self.assertEqual(len(results.errors), 1)
def validate_xml(data): try: return { "xml": sdv.validate_xml(StringIO.StringIO(data)).as_dict(), "best_practices": sdv.validate_best_practices(StringIO.StringIO(data)).as_dict(), "result": "validated" } except sdv.errors.ValidationError as e: return {"result": "error", "message": str(e)}
def test_invalid(self): xml = StringIO(STIX_INVALID) results = sdv.validate_xml(xml) # Assert that the document is identified as being invalid self.assertFalse(results.is_valid) # Assert that the badAttr attribute and stix:INVALID element are # errors are recorded. self.assertEqual(len(results.errors), 2)
def test_validate_indicators(indicator): from TAXIIServer import get_stix_indicator, NAMESPACE_URI, NAMESPACE # Arrange stix_indicator = get_stix_indicator(indicator) stix_xml = stix_indicator.to_xml(ns_dict={NAMESPACE_URI: NAMESPACE}) xml_file = lxml.etree.fromstring(stix_xml) tree = lxml.etree.ElementTree(xml_file) # Assert assert sdv.validate_xml(tree)
def validate_stix(xml): """ Validate a STIX XML structure using stix-validator. Currently does not support profile validation until we can find a way to provide a profile file. :param xml: The XML to validate. :type xml: str :returns: dict """ rdict = {'xml': None, 'best_practices': None, #'profile': None, } xml = xml.encode('utf-8').strip() f = StringIO(xml) try: result = sdv.validate_xml(f, schemaloc=True) rdict['xml'] = result.as_dict() except sdv.errors.UnknownSTIXVersionError, e: rdict['xml'] = "Could not determine @version attribute: %s" % str(e)
def validate_stix(xml): """ Validate a STIX XML structure using stix-validator. Currently does not support profile validation until we can find a way to provide a profile file. :param xml: The XML to validate. :type xml: str :returns: dict """ rdict = {'xml': None, 'best_practices': None, #'profile': None, } xml = xml.encode('utf-8').strip() f = BytesIO(xml) try: result = sdv.validate_xml(f, schemaloc=True) rdict['xml'] = result.as_dict() except sdv.errors.UnknownSTIXVersionError, e: rdict['xml'] = "Could not determine @version attribute: %s" % str(e)
def schema_validate(fn, options): """Performs STIX/CybOX XML Schema validation against the input filename. Args: fn: A filename for a STIX/CybOX XML document options: ValidationOptions instance with validation options for this validation run. Returns: A dictionary of validation results """ info("Performing xml schema validation on %s" % fn) results = sdv.validate_xml(fn, version=options.lang_version, schemas=options.schema_dir, schemaloc=options.use_schemaloc, klass=options.xml_validation_class) if not results.is_valid: raise SchemaInvalidError(results=results) return results
def test_defined_version(self): xml = StringIO(STIX_NO_VERSION_XML) results = sdv.validate_xml(xml, version="1.1.1") self.assertTrue(results.is_valid)
def test_valid(self): xml = StringIO(STIX_1_1_1_XML) results = sdv.validate_xml(xml) self.assertTrue(results.is_valid)
def test_defined_version(self): xml = StringIO(CYBOX_2_1_XML) results = sdv.validate_xml(xml, version="2.1") self.assertTrue(results.is_valid)
def verify_content_is_valid(content, content_binding, taxii_message_id): # Validate that the STIX content is actually STIX content with the # STIX Validator verify_results = namedtuple(u'VerifyResults', u'is_valid message') # Handle whatever sort of bytes or strings we get # and put it in a StringIO so that the Stix-validator will process # it correctly if isinstance(content, six.BytesIO): content_to_validate = six.StringIO(content.decode()) elif isinstance(content, bytes): content_to_validate = six.StringIO(content.decode()) else: content_to_validate = six.StringIO(content) if not isinstance(content_binding, str): content_binding = str(content_binding.to_text()) try: # Run the STIX data validator with the correct content binding # Eliminates the chance of a client sending the wrong STIX file # with the wrong content_binding. if content_binding == CB_STIX_XML_10: results = sdv.validate_xml(content_to_validate, u'1.0') elif content_binding == CB_STIX_XML_101: results = sdv.validate_xml(content_to_validate, u'1.0.1') elif content_binding == CB_STIX_XML_11: results = sdv.validate_xml(content_to_validate, u'1.1') elif content_binding == CB_STIX_XML_111: results = sdv.validate_xml(content_to_validate, u'1.1.1') elif content_binding == CB_STIX_XML_12: results = sdv.validate_xml(content_to_validate, u'1.2') else: # this is not a content type we can validate # it might be a custom URN, so we need to just let it through # without validation return verify_results( is_valid=True, message=("The STIX content in the content block is valid " "({})".format(content_binding))) # Test the results of the validator to make sure the schema is valid if not results.is_valid: return verify_results( is_valid=False, message="The TAXII message {}".format(taxii_message_id) + " contains invalid STIX {}".format(content_binding) + " content in one of the content blocks (incorrect" + " content binding supplied?)") except Exception as ve: return verify_results( is_valid=False, message="The TAXII message {} contains".format(taxii_message_id) + " invalid STIX {} content".format(content_binding) + " in one of the content blocks (incorrect content" + " binding supplied?)") return verify_results( is_valid=True, message="The STIX content in the content block is valid" + "({})".format(content_binding))