Merge pull request #275 from khdesai/stix21master

Stix21master, add infrastructure, grouping to the working branch
oasis-open · Jul 10, 2019 · b1fa177 · b1fa177
2 parents 953a91b + b464a9c
commit b1fa177
Show file tree

Hide file tree

Showing 25 changed files with 469 additions and 83 deletions.
diff --git a/stix2/test/v20/test_datastore_filesystem.py b/stix2/test/v20/test_datastore_filesystem.py
@@ -125,15 +125,13 @@ def rel_fs_store():
 
 
 def test_filesystem_source_nonexistent_folder():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.FileSystemSource('nonexistent-folder')
-    assert "for STIX data does not exist" in str(excinfo)
 
 
 def test_filesystem_sink_nonexistent_folder():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.FileSystemSink('nonexistent-folder')
-    assert "for STIX data does not exist" in str(excinfo)
 
 
 def test_filesystem_source_bad_json_file(fs_source, bad_json_files):
@@ -441,9 +439,8 @@ def test_filesystem_attempt_stix_file_overwrite(fs_store):
     )
 
     # Now attempt to overwrite the existing file
-    with pytest.raises(DataSourceError) as excinfo:
+    with pytest.raises(DataSourceError):
         fs_store.add(camp8)
-    assert "Attempted to overwrite file" in str(excinfo)
 
     os.remove(filepath)
 

diff --git a/stix2/test/v20/test_pattern_expressions.py b/stix2/test/v20/test_pattern_expressions.py
@@ -257,7 +257,7 @@ def test_and_observable_expression():
 
 
 def test_invalid_and_observable_expression():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.AndBooleanExpression([
             stix2.EqualityComparisonExpression(
                 "user-account:display_name",
@@ -268,7 +268,6 @@ def test_invalid_and_observable_expression():
                 stix2.StringConstant("admin"),
             ),
         ])
-    assert "All operands to an 'AND' expression must have the same object type" in str(excinfo)
 
 
 def test_hex():
@@ -352,30 +351,26 @@ def test_list2():
 
 
 def test_invalid_constant_type():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.EqualityComparisonExpression(
             "artifact:payload_bin",
             {'foo': 'bar'},
         )
-    assert 'Unable to create a constant' in str(excinfo)
 
 
 def test_invalid_integer_constant():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.IntegerConstant('foo')
-    assert 'must be an integer' in str(excinfo)
 
 
 def test_invalid_timestamp_constant():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.TimestampConstant('foo')
-    assert 'Must be a datetime object or timestamp string' in str(excinfo)
 
 
 def test_invalid_float_constant():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.FloatConstant('foo')
-    assert 'must be a float' in str(excinfo)
 
 
 @pytest.mark.parametrize(
@@ -400,9 +395,8 @@ def test_boolean_constant(data, result):
 
 
 def test_invalid_boolean_constant():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.BooleanConstant('foo')
-    assert 'must be a boolean' in str(excinfo)
 
 
 @pytest.mark.parametrize(
@@ -412,21 +406,18 @@ def test_invalid_boolean_constant():
     ],
 )
 def test_invalid_hash_constant(hashtype, data):
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.HashConstant(data, hashtype)
-    assert 'is not a valid {} hash'.format(hashtype) in str(excinfo)
 
 
 def test_invalid_hex_constant():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.HexConstant('mm')
-    assert "must contain an even number of hexadecimal characters" in str(excinfo)
 
 
 def test_invalid_binary_constant():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.BinaryConstant('foo')
-    assert 'must contain a base64' in str(excinfo)
 
 
 def test_escape_quotes_and_backslashes():
@@ -459,15 +450,13 @@ def test_repeat_qualifier():
 
 
 def test_invalid_repeat_qualifier():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.RepeatQualifier('foo')
-    assert 'is not a valid argument for a Repeat Qualifier' in str(excinfo)
 
 
 def test_invalid_within_qualifier():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.WithinQualifier('foo')
-    assert 'is not a valid argument for a Within Qualifier' in str(excinfo)
 
 
 def test_startstop_qualifier():
@@ -485,19 +474,17 @@ def test_startstop_qualifier():
 
 
 def test_invalid_startstop_qualifier():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.StartStopQualifier(
             'foo',
             stix2.TimestampConstant('2016-06-01T00:00:00Z'),
         )
-    assert 'is not a valid argument for a Start/Stop Qualifier' in str(excinfo)
 
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.StartStopQualifier(
             datetime.date(2016, 6, 1),
             'foo',
         )
-    assert 'is not a valid argument for a Start/Stop Qualifier' in str(excinfo)
 
 
 def test_make_constant_already_a_constant():

diff --git a/stix2/test/v21/conftest.py b/stix2/test/v21/conftest.py
@@ -5,7 +5,8 @@
 import stix2
 
 from .constants import (
-    FAKE_TIME, INDICATOR_KWARGS, MALWARE_KWARGS, RELATIONSHIP_KWARGS,
+    FAKE_TIME, GROUPING_KWARGS, INDICATOR_KWARGS, INFRASTRUCTURE_KWARGS,
+    MALWARE_KWARGS, RELATIONSHIP_KWARGS,
 )
 
 
@@ -39,6 +40,16 @@ def indicator(uuid4, clock):
     return stix2.v21.Indicator(**INDICATOR_KWARGS)
 
 
+@pytest.fixture
+def infrastructure(uuid4, clock):
+    return stix2.v21.Infrastructure(**INFRASTRUCTURE_KWARGS)
+
+
+@pytest.fixture
+def grouping(uuid4, clock):
+    return stix2.v21.Grouping(**GROUPING_KWARGS)
+
+
 @pytest.fixture
 def malware(uuid4, clock):
     return stix2.v21.Malware(**MALWARE_KWARGS)

diff --git a/stix2/test/v21/constants.py b/stix2/test/v21/constants.py
@@ -7,8 +7,10 @@
 ATTACK_PATTERN_ID = "attack-pattern--0c7b5b88-8ff7-4a4d-aa9d-feb398cd0061"
 CAMPAIGN_ID = "campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
 COURSE_OF_ACTION_ID = "course-of-action--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"
+GROUPING_ID = "grouping--753abcde-3141-5926-ace5-0a810b1ff996"
 IDENTITY_ID = "identity--311b2d2d-f010-4473-83ec-1edf84858f4c"
 INDICATOR_ID = "indicator--a740531e-63ff-4e49-a9e1-a0a3eed0e3e7"
+INFRASTRUCTURE_ID = "infrastructure--3000ae1b-784c-f03d-8abc-0a625b2ff018"
 INTRUSION_SET_ID = "intrusion-set--4e78f46f-a023-4e5f-bc24-71b3ca22ec29"
 LOCATION_ID = "location--a6e9345f-5a15-4c29-8bb3-7dcc5d168d64"
 MALWARE_ID = "malware--9c4638ec-f1de-4ddb-abf4-1b760417654e"
@@ -70,6 +72,11 @@
     name="Block",
 )
 
+GROUPING_KWARGS = dict(
+    name="Harry Potter and the Leet Hackers",
+    context="suspicious-activity",
+)
+
 IDENTITY_KWARGS = dict(
     name="John Smith",
     identity_class="individual",
@@ -78,6 +85,12 @@
 INDICATOR_KWARGS = dict(
     indicator_types=['malicious-activity'],
     pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
+    valid_from="2017-01-01T12:34:56Z",
+)
+
+INFRASTRUCTURE_KWARGS = dict(
+    name="Poison Ivy C2",
+    infrastructure_types=["command-and-control"],
 )
 
 INTRUSION_SET_KWARGS = dict(
@@ -87,6 +100,7 @@
 MALWARE_KWARGS = dict(
     malware_types=['ransomware'],
     name="Cryptolocker",
+    is_family=False,
 )
 
 MALWARE_MORE_KWARGS = dict(
@@ -97,6 +111,7 @@
     malware_types=['ransomware'],
     name="Cryptolocker",
     description="A ransomware related to ...",
+    is_family=False,
 )
 
 OBSERVED_DATA_KWARGS = dict(

diff --git a/stix2/test/v21/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38.json b/stix2/test/v21/stix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38.json
@@ -24,5 +24,6 @@
     ],
     "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-    ]
+    ],
+    "is_family": false
 }
diff --git a/...tix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json b/...tix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20170531213258226477.json
@@ -27,7 +27,8 @@
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
             "spec_version": "2.1",
-            "type": "malware"
+            "type": "malware",
+            "is_family": false
         }
     ],
     "type": "bundle"

diff --git a/...tix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json b/...tix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448456000.json
@@ -24,5 +24,6 @@
     ],
     "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-    ]
+    ],
+    "is_family": false
 }
diff --git a/...tix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json b/...tix2_data/malware/malware--6b616fc1-1505-48e3-8b2c-0d19337bff38/20181101232448457000.json
@@ -24,5 +24,6 @@
     ],
     "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-    ]
+    ],
+    "is_family": false
 }
diff --git a/...tix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json b/...tix2_data/malware/malware--92ec0cbd-2c30-44a2-b270-73f4ec949841/20170531213326565056.json
@@ -27,7 +27,8 @@
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
             "spec_version": "2.1",
-            "type": "malware"
+            "type": "malware",
+            "is_family": false
         }
     ],
     "type": "bundle"

diff --git a/...tix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json b/...tix2_data/malware/malware--96b08451-b27a-4ff6-893f-790e26393a8e/20170531213248482655.json
@@ -27,7 +27,8 @@
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
             "spec_version": "2.1",
-            "type": "malware"
+            "type": "malware",
+            "is_family": false
         }
     ],
     "type": "bundle"

diff --git a/...tix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json b/...tix2_data/malware/malware--b42378e0-f147-496f-992a-26a49705395b/20170531213215263882.json
@@ -26,7 +26,8 @@
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "type": "malware"
+            "type": "malware",
+            "is_family": false
         }
     ],
     "spec_version": "2.0",

diff --git a/stix2/test/v21/test_bundle.py b/stix2/test/v21/test_bundle.py
@@ -31,7 +31,8 @@
             "name": "Cryptolocker",
             "malware_types": [
                 "ransomware"
-            ]
+            ],
+            "is_family": false
         },
         {
             "type": "relationship",
@@ -72,6 +73,7 @@
             "malware_types": [
                 "ransomware",
             ],
+            "is_family": False,
         },
         {
             "type": "relationship",
@@ -244,6 +246,7 @@ def test_bundle_obj_id_found():
                 "malware_types": [
                     "ransomware",
                 ],
+                "is_family": False,
             },
             {
                 "type": "malware",
@@ -255,6 +258,7 @@ def test_bundle_obj_id_found():
                 "malware_types": [
                     "ransomware",
                 ],
+                "is_family": False,
             },
             {
                 "type": "relationship",

diff --git a/stix2/test/v21/test_core.py b/stix2/test/v21/test_core.py
@@ -31,6 +31,7 @@
             "malware_types": [
                 "ransomware",
             ],
+            "is_family": False,
         },
         {
             "type": "relationship",

diff --git a/stix2/test/v21/test_datastore_filesystem.py b/stix2/test/v21/test_datastore_filesystem.py
@@ -124,15 +124,13 @@ def rel_fs_store():
 
 
 def test_filesystem_source_nonexistent_folder():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.FileSystemSource('nonexistent-folder')
-    assert "for STIX data does not exist" in str(excinfo)
 
 
 def test_filesystem_sink_nonexistent_folder():
-    with pytest.raises(ValueError) as excinfo:
+    with pytest.raises(ValueError):
         stix2.FileSystemSink('nonexistent-folder')
-    assert "for STIX data does not exist" in str(excinfo)
 
 
 def test_filesystem_source_bad_json_file(fs_source, bad_json_files):

diff --git a/stix2/test/v21/test_datastore_filters.py b/stix2/test/v21/test_datastore_filters.py
@@ -16,6 +16,7 @@
             "remote-access-trojan",
         ],
         "modified": "2017-01-27T13:49:53.997Z",
+        "is_family": False,
         "name": "Poison Ivy",
         "type": "malware",
     },

diff --git a/stix2/test/v21/test_environment.py b/stix2/test/v21/test_environment.py
@@ -219,7 +219,8 @@ def test_parse_malware():
         "name": "Cryptolocker",
         "malware_types": [
             "ransomware"
-        ]
+        ],
+        "is_family": false
     }"""
     mal = env.parse(data, version="2.1")
 
@@ -230,6 +231,7 @@ def test_parse_malware():
     assert mal.modified == FAKE_TIME
     assert mal.malware_types == ['ransomware']
     assert mal.name == "Cryptolocker"
+    assert not mal.is_family
 
 
 def test_creator_of():
@@ -351,6 +353,7 @@ def test_related_to_no_id(ds):
     mal = {
         "type": "malware",
         "name": "some variant",
+        "is_family": False,
     }
     with pytest.raises(ValueError) as excinfo:
         env.related_to(mal)