def elevate_string(string):
warn(
"Results produced by the stix2-elevator are not for production purposes.",
201)
clear_id_mapping()
clear_pattern_mapping()
validator_options = get_validator_options()
try:
output.set_level(validator_options.verbose)
io = StringIO(string)
stix_package = EntityParser().parse_xml(io)
if not isinstance(stix_package, STIXPackage):
raise TypeError("Must be an instance of stix.core.STIXPackage")
setup_logger(stix_package.id_)
json_string = json.dumps(convert_package(
stix_package, get_option_value("package_created_by_id"),
get_option_value("default_timestamp")),
indent=4,
separators=(',', ': '),
sort_keys=True)
validation_results = validate_string(json_string, validator_options)
output.print_results(validation_results)
return json_string
except ValidationError as ex:
output.error("Validation error occurred: '%s'" % ex,
codes.EXIT_VALIDATION_ERROR)
except OSError as ex:
log.error(ex, extra={"ecode": 210})
def elevate_string(string):
global MESSAGES_GENERATED
clear_id_mapping()
clear_1x_markings_map()
clear_pattern_cache()
clear_object_id_mapping()
clear_observable_mappings()
cybox.utils.caches.cache_clear()
MESSAGES_GENERATED = False
validator_options = get_validator_options()
try:
output.set_level(validator_options.verbose)
output.set_silent(validator_options.silent)
io = StringIO(string)
container = stixmarx.parse(io)
stix_package = container.package
set_option_value("marking_container", container)
if not isinstance(stix_package, STIXPackage):
raise TypeError("Must be an instance of stix.core.STIXPackage")
setup_logger(stix_package.id_)
warn(
"Results produced by the stix2-elevator are not for production purposes.",
201)
if get_option_value("default_timestamp"):
timestamp = datetime.strptime(
get_option_value("default_timestamp"),
"%Y-%m-%dT%H:%M:%S.%fZ"),
else:
timestamp = None
env = Environment(get_option_value("package_created_by_id"), timestamp)
json_string = json.dumps(convert_package(stix_package, env),
ensure_ascii=False,
indent=4,
separators=(',', ': '),
sort_keys=True)
validation_results = validate_stix2_string(json_string,
validator_options)
output.print_results([validation_results])
if get_option_value("policy") == "no_policy":
return json_string
else:
if not MESSAGES_GENERATED and validation_results._is_valid:
return json_string
else:
return None
except ValidationError as ex:
output.error("Validation error occurred: '%s'" % ex,
codes.EXIT_VALIDATION_ERROR)
except OSError as ex:
log.error(ex)
def elevate_file(fn):
# TODO: combine elevate_file, elevate_string and elevate_package
warnings.warn(
"This method is deprecated and will be removed in the next major release. Please use elevate() instead.",
DeprecationWarning)
global MESSAGES_GENERATED
MESSAGES_GENERATED = False
print(
"Results produced by the stix2-elevator are not for production purposes."
)
clear_globals()
validator_options = get_validator_options()
try:
output.set_level(validator_options.verbose)
output.set_silent(validator_options.silent)
if os.path.isfile(fn) is False:
raise IOError("The file '{}' was not found.".format(fn))
container = stixmarx.parse(fn)
stix_package = container.package
set_option_value("marking_container", container)
if not isinstance(stix_package, STIXPackage):
raise TypeError("Must be an instance of stix.core.STIXPackage")
setup_logger(stix_package.id_)
warn(
"Results produced by the stix2-elevator may generate warning messages which should be investigated.",
201)
env = Environment(get_option_value("package_created_by_id"))
json_string = json.dumps(convert_package(stix_package, env),
ensure_ascii=False,
indent=4,
separators=(',', ': '),
sort_keys=True)
validation_results = validate_stix2_string(json_string,
validator_options, fn)
output.print_results([validation_results])
if get_option_value("policy") == "no_policy":
return json_string
else:
if not MESSAGES_GENERATED and validation_results._is_valid:
return json_string
else:
return None
except ValidationError as ex:
output.error("Validation error occurred: '{}'".format(ex))
output.error("Error Code: {}".format(codes.EXIT_VALIDATION_ERROR))
except (OSError, IOError, lxml.etree.Error) as ex:
log.error("Error occurred: %s", ex)
def elevate_file(fn):
# TODO: combine elevate_file, elevate_string and elevate_package
global MESSAGES_GENERATED
print(
"Results produced by the stix2-elevator are not for production purposes."
)
clear_id_mapping()
clear_1x_markings_map()
clear_pattern_cache()
clear_object_id_mapping()
clear_observable_mappings()
MESSAGES_GENERATED = False
validator_options = get_validator_options()
try:
output.set_level(validator_options.verbose)
output.set_silent(validator_options.silent)
container = stixmarx.parse(fn)
stix_package = container.package
set_option_value("marking_container", container)
if not isinstance(stix_package, STIXPackage):
raise TypeError("Must be an instance of stix.core.STIXPackage")
setup_logger(stix_package.id_)
warn(
"Results produced by the stix2-elevator are not for production purposes.",
201)
json_string = json.dumps(convert_package(
stix_package, get_option_value("package_created_by_id"),
get_option_value("default_timestamp")),
indent=4,
separators=(',', ': '),
sort_keys=True)
if get_option_value("policy") == "no_policy":
return json_string
else:
validation_results = validate_string(json_string,
validator_options)
output.print_results(validation_results)
if not MESSAGES_GENERATED and validation_results._is_valid:
return json_string
else:
return None
except ValidationError as ex:
output.error("Validation error occurred: '%s'" % ex,
codes.EXIT_VALIDATION_ERROR)
except OSError as ex:
log.error(ex)
def elevate_package(package):
warn(
"WARNING: Results produced by the stix-elevator are not for production purposes."
)
clear_id_mapping()
clear_pattern_mapping()
if isinstance(package, STIXPackage):
json_string = json.dumps(convert_package(package),
indent=4,
separators=(',', ': '),
sort_keys=True)
validation_results = validate_string(json_string, ValidationOptions())
print_results(validation_results)
return json_string
else:
raise TypeError("Must be an instance of stix.core.STIXPackage")
def elevate(stix_package):
global MESSAGES_GENERATED
MESSAGES_GENERATED = False
print("Results produced by the stix2-elevator are not for production purposes.")
clear_globals()
fn = None
validator_options = get_validator_options()
output.set_level(validator_options.verbose)
output.set_silent(validator_options.silent)
try:
if isinstance(stix_package, MarkingContainer):
# No need to re-parse the MarkingContainer.
container = stix_package
elif isinstance(stix_package, STIXPackage):
io = BytesIO(stix_package.to_xml())
container = stixmarx.parse(io)
elif isinstance(stix_package, text_type):
if stix_package.endswith(".xml") or os.path.isfile(stix_package):
# a path-like string was passed
fn = stix_package
if os.path.exists(fn) is False:
raise IOError("The file '{}' was not found.".format(fn))
else:
stix_package = StringIO(stix_package)
container = stixmarx.parse(stix_package)
elif isinstance(stix_package, binary_type):
if stix_package.endswith(b".xml") or os.path.isfile(stix_package):
# a path-like string was passed
fn = stix_package
if os.path.exists(fn) is False:
raise IOError("The file '{}' was not found.".format(fn))
else:
stix_package = BytesIO(stix_package)
container = stixmarx.parse(stix_package)
else:
raise RuntimeError("Unable to resolve object {} of type {}".format(stix_package, type(stix_package)))
container_package = container.package
set_option_value("marking_container", container)
if not isinstance(container_package, STIXPackage):
raise TypeError("Must be an instance of stix.core.STIXPackage")
except (OSError, IOError, lxml.etree.Error) as ex:
log.error("Error occurred: %s", ex)
# log.exception(ex)
return None
try:
setup_logger(container_package.id_)
warn("Results produced by the stix2-elevator may generate warning messages which should be investigated.", 201)
env = Environment(get_option_value("package_created_by_id"))
json_string = json.dumps(
convert_package(container_package, env),
ensure_ascii=False,
indent=4,
separators=(',', ': '),
sort_keys=True
)
bundle_id = re.findall(
r"bundle--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}",
json_string
)
validation_results = validate_stix2_string(json_string, validator_options, fn or bundle_id[0])
output.print_results([validation_results])
if get_option_value("policy") == "no_policy":
return json_string
else:
if not MESSAGES_GENERATED and validation_results._is_valid:
return json_string
except ValidationError as ex:
output.error("Validation error occurred: '{}'".format(ex))
output.error("Error Code: {}".format(codes.EXIT_VALIDATION_ERROR))
def transform(self, obj):
"""
Transforms the given object in to a STIX observation based on the mapping file and transform functions
:param obj: the datasource object that is being converted to stix
:return: the input object converted to stix valid json
"""
object_map = {}
stix_type = 'observed-data'
ds_map = self.ds_to_stix_map
transformers = self.transformers
observation = {
'id': stix_type + '--' + str(uuid.uuid4()),
'type': stix_type,
'created_by_ref': self.identity_id,
'objects': {}
}
# create normal type objects
for ds_key in obj:
if ds_key not in ds_map:
logging.debug(
'{} is not found in map, skipping'.format(ds_key))
continue
# get the stix keys that are mapped
ds_key_def_obj = self.ds_to_stix_map[ds_key]
ds_key_def_list = ds_key_def_obj if isinstance(
ds_key_def_obj, list) else [ds_key_def_obj]
for ds_key_def in ds_key_def_list:
if ds_key_def is None or 'key' not in ds_key_def:
logging.debug(
'{} is not valid (None, or missing key)'.format(
ds_key_def))
continue
key_to_add = ds_key_def['key']
transformer = transformers[ds_key_def[
'transformer']] if 'transformer' in ds_key_def else None
if ds_key_def.get('cybox', self.cybox_default):
object_name = ds_key_def.get('object')
if 'references' in ds_key_def:
stix_value = object_map[ds_key_def['references']]
else:
stix_value = DataSourceObjToStixObj._get_value(
obj, ds_key, transformer)
if not DataSourceObjToStixObj._valid_stix_value(
self.properties, key_to_add, stix_value):
continue
DataSourceObjToStixObj._handle_cybox_key_def(
key_to_add, observation, stix_value, object_map,
object_name)
else:
stix_value = DataSourceObjToStixObj._get_value(
obj, ds_key, transformer)
if not DataSourceObjToStixObj._valid_stix_value(
self.properties, key_to_add, stix_value):
continue
DataSourceObjToStixObj._add_property(
observation, key_to_add, stix_value)
# Validate each STIX object
if self.stix_validator:
validated_result = validate_instance(observation)
print_results(validated_result)
return observation
