1# Copyright (c) 2017, The MITRE Corporation. All rights reserved. 2# See LICENSE.txt for complete terms. 3 4import unittest 5 6from stix.test import EntityTestCase, assert_warnings 7from stix.test import data_marking_test 8from stix.test.common import related_test, identity_test, kill_chains_test 9from stix.test.extensions.identity import ciq_identity_3_0_test 10 11from stix.core import STIXPackage 12import stix.ttp as ttp 13from stix.ttp import ( 14 resource, infrastructure, exploit_targets, malware_instance, exploit, 15 attack_pattern, behavior, victim_targeting 16) 17 18 19class ExploitTargetsTests(EntityTestCase, unittest.TestCase): 20 klass = exploit_targets.ExploitTargets 21 22 _full_dict = { 23 'scope': 'inclusive', 24 'exploit_targets': [ 25 related_test.RelatedExploitTargetTests._full_dict 26 ] 27 } 28 29 30class PersonasTests(EntityTestCase, unittest.TestCase): 31 klass = resource.Personas 32 33 _full_dict = [ 34 identity_test.IdentityTests._full_dict 35 ] 36 37 38class PersonasWithCIQTests(EntityTestCase, unittest.TestCase): 39 klass = resource.Personas 40 41 _full_dict = [ 42 ciq_identity_3_0_test.CIQIdentity3_0InstanceTests._full_dict 43 ] 44 45 46class InfrastructureTests(EntityTestCase, unittest.TestCase): 47 klass = infrastructure.Infrastructure 48 49 _full_dict = { 50 'title': 'Title', 51 'description': 'Description', 52 'short_description': 'Short Description', 53 'types': ['foo', 'bar'], 54 'observable_characterization': { 55 'cybox_major_version': '2', 56 'cybox_minor_version': '1', 57 'cybox_update_version': '0', 58 'observables': [ 59 { 60 'idref': "example:Observable-1" 61 } 62 ] 63 } 64 } 65 66 67class ResourcesTests(EntityTestCase, unittest.TestCase): 68 klass = ttp.Resource 69 70 _full_dict = { 71 'personas': PersonasTests._full_dict, 72 'tools': [ 73 { 74 'title': "Tool", 75 'type': [ 76 { 77 'value': 'Malware', 78 'xsi:type': 'stixVocabs:AttackerToolTypeVocab-1.0' 79 } 80 ] 81 } 82 ], 83 'infrastructure': InfrastructureTests._full_dict 84 } 85 86 87class MalwareInstanceTests(EntityTestCase, unittest.TestCase): 88 klass = malware_instance.MalwareInstance 89 90 _full_dict = { 91 'id': 'example:test-1', 92 'title': 'Title', 93 'description': 'Description', 94 'short_description': 'Short Description', 95 'types': ['foo', 'bar'] 96 } 97 98 99class MalwareInstancesTests(EntityTestCase, unittest.TestCase): 100 klass = behavior.MalwareInstances 101 102 _full_dict = [ 103 MalwareInstanceTests._full_dict 104 ] 105 106 107class ExploitTests(EntityTestCase, unittest.TestCase): 108 klass = exploit.Exploit 109 110 _full_dict = { 111 'id': 'example:test-1', 112 'title': 'Title', 113 'description': 'Description', 114 'short_description': 'Short Description', 115 } 116 117 118class ExploitsTests(EntityTestCase, unittest.TestCase): 119 klass = behavior.Exploits 120 121 _full_dict = [ 122 ExploitTests._full_dict 123 ] 124 125 126class AttackPatternTests(EntityTestCase, unittest.TestCase): 127 klass = attack_pattern.AttackPattern 128 129 _full_dict = { 130 'id': 'example:test-1', 131 'title': 'Title', 132 'description': 'Description', 133 'short_description': 'Short Description', 134 'capec_id': '12345' 135 } 136 137 def idref_test(self): 138 ap = attack_pattern.AttackPattern() 139 ap.id_ = 'foo' 140 141 self.assertEqual(ap.id_, 'foo') 142 143 ap.idref = 'bar' 144 self.assertEqual(ap.idref, 'bar') 145 self.assertEqual(ap.id_, None) 146 147 148class AttackPatternsTests(EntityTestCase, unittest.TestCase): 149 klass = behavior.AttackPatterns 150 151 _full_dict = [ 152 AttackPatternTests._full_dict 153 ] 154 155 156class BehaviorTests(EntityTestCase, unittest.TestCase): 157 klass = behavior.Behavior 158 159 _full_dict = { 160 'malware_instances': MalwareInstancesTests._full_dict, 161 'exploits': ExploitsTests._full_dict, 162 'attack_patterns': AttackPatternsTests._full_dict 163 } 164 165 166class VictimTargetingTests(EntityTestCase, unittest.TestCase): 167 klass = victim_targeting.VictimTargeting 168 169 _full_dict = { 170 'identity': { 171 'specification': { 172 'organisation_info': { 173 'industry_type': 'Electricity, Industrial Control Systems' 174 } 175 }, 176 'xsi:type': 'stix-ciqidentity:CIQIdentity3.0InstanceType' 177 }, 178 'targeted_systems': [ 179 { 180 'value': 'Industrial Control Systems', 181 'xsi:type': 'stixVocabs:SystemTypeVocab-1.0' 182 } 183 ], 184 'targeted_information': [ 185 { 186 'value': 'Information Assets - Intellectual Property', 187 'xsi:type': 'stixVocabs:InformationTypeVocab-1.0' 188 } 189 ], 190 'targeted_technical_details': { 191 'cybox_major_version': '2', 192 'cybox_minor_version': '1', 193 'cybox_update_version': '0', 194 'observables': [ 195 { 196 'idref': "example:Observable-2" 197 } 198 ] 199 } 200 } 201 202 203class TTPTests(EntityTestCase, unittest.TestCase): 204 klass = ttp.TTP 205 _full_dict = { 206 'id': 'example:ttp-1', 207 'version': '1.1', 208 'title': "TTP1", 209 'description': "This is a long description about a ttp", 210 'short_description': "a TTP", 211 'resources': ResourcesTests._full_dict, 212 'handling': data_marking_test.MarkingTests._full_dict, 213 'exploit_targets': ExploitTargetsTests._full_dict, 214 'behavior': BehaviorTests._full_dict, 215 'related_packages': related_test.RelatedPackageRefsTests._full_dict, 216 'kill_chain_phases': kill_chains_test.KillChainPhasesReferenceTests._full_dict, 217 'victim_targeting': VictimTargetingTests._full_dict 218 } 219 220 def test_add_description(self): 221 o1 = self.klass() 222 o2 = self.klass() 223 224 o1.add_description("Test") 225 o2.descriptions.add("Test") 226 227 self.assertEqual( 228 o1.descriptions.to_dict(), 229 o2.descriptions.to_dict() 230 ) 231 232 def test_add_short_description(self): 233 o1 = self.klass() 234 o2 = self.klass() 235 236 o1.add_short_description("Test") 237 o2.short_descriptions.add("Test") 238 239 self.assertEqual( 240 o1.short_descriptions.to_dict(), 241 o2.short_descriptions.to_dict() 242 ) 243 244 @assert_warnings 245 def test_deprecated_related_packages(self): 246 t = ttp.TTP() 247 t.related_packages.append(STIXPackage()) 248 self.assertEqual(len(t.related_packages), 1) 249 250 251class TTPIdentityTests(EntityTestCase, unittest.TestCase): 252 klass = ttp.TTP 253 _full_dict = { 254 "id": "example:ttp-775591f7-7e01-4546-9522-d4211df4aac7", 255 "timestamp": "2016-10-04T19:57:44.446575+00:00", 256 "title": "Victim Targeting: Electricity Sector and Industrial Control System Sector", 257 "victim_targeting": { 258 "identity": { 259 "specification": { 260 "organisation_info": { 261 "industry_type": "Electricity, Industrial Control Systems" 262 } 263 }, 264 "xsi:type": "stix-ciqidentity:CIQIdentity3.0InstanceType" 265 } 266 } 267 } 268 269 270if __name__ == "__main__": 271 unittest.main() 272