Merge pull request #132 from STIXProject/stix1.1.1

python-stix v1.1.1.0

Author: Bryan Worrell

CHANGES.txt

@@ -1,3 +1,12 @@
+Version 1.1.1.0
+2014-05-09
+- Support for STIX v1.1.1
+- Updated all schemalocations to reference new STIX v1.1.1 schemas
+- Changed Confidence.source to be of type InformationSource
+- Changed Statement.source to be of type InformationSource
+- Changed Sighting.source to be of type InformationSource
+- Updated AvailabilityLossType CV to align with STIX v1.1.1
+
 Version 1.1.0.6
 2014-05-06
 - Fixed issues with parsing Related Observables within an Incident

README.rst

@@ -1,9 +1,9 @@
 python-stix
 ===========
 
-A python library for parsing, manipulating, and generating STIX content.
+A python library for parsing, manipulating, and generating STIX v1.1.1 content.
 
-The ``python-stix`` library utilizes the STIX v1.1 bindings, is under heavy
+The ``python-stix`` library utilizes the STIX v1.1.1 bindings, is under heavy
 development. For more information about STIX, see http://stix.mitre.org.
 
 .. image:: https://travis-ci.org/STIXProject/python-stix.png?branch=master

examples/ex_01.xml

@@ -1,20 +1,20 @@
 <!--
-	STIX IP Watchlist Example
-	
-	Copyright (c) 2014, The MITRE Corporation. All rights reserved. 
+    STIX IP Watchlist Example
+    
+    Copyright (c) 2014, The MITRE Corporation. All rights reserved. 
     The contents of this file are subject to the terms of the STIX License located at http://stix.mitre.org/about/termsofuse.html.
     
-	This example demonstrates a simple usage of STIX to represent a list of IP address indicators (watchlist of IP addresses). Cyber operations and malware analysis centers often share a list of suspected malicious IP addresses with information about what those IPs might indicate. This STIX package represents a list of three IP addresses with a short dummy description of what they represent.
-	
-	It demonstrates the use of:
-	
-	   * STIX Indicators
-	   * CybOX within STIX
-	   * The CybOX Address Object (IP)
-	   * CybOX Patterns (apply_condition="ANY")
-	   * Controlled vocabularies
-	
-	Created by Mark Davidson
+    This example demonstrates a simple usage of STIX to represent a list of IP address indicators (watchlist of IP addresses). Cyber operations and malware analysis centers often share a list of suspected malicious IP addresses with information about what those IPs might indicate. This STIX package represents a list of three IP addresses with a short dummy description of what they represent.
+    
+    It demonstrates the use of:
+    
+       * STIX Indicators
+       * CybOX within STIX
+       * The CybOX Address Object (IP)
+       * CybOX Patterns (apply_condition="ANY")
+       * Controlled vocabularies
+    
+    Created by Mark Davidson
 -->
 <stix:STIX_Package
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -26,19 +26,21 @@
     xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
     xmlns:example="http://example.com/"
     xsi:schemaLocation="
-    http://stix.mitre.org/stix-1 http://stix.mitre.org/XMLSchema/core/1.1/stix_core.xsd
-    http://stix.mitre.org/Indicator-2 http://stix.mitre.org/XMLSchema/indicator/2.1/indicator.xsd
-    http://cybox.mitre.org/default_vocabularies-2 http://cybox.mitre.org/XMLSchema/default_vocabularies/2.1/cybox_default_vocabularies.xsd
-    http://stix.mitre.org/default_vocabularies-1 http://stix.mitre.org/XMLSchema/default_vocabularies/1.1.0/stix_default_vocabularies.xsd
-    http://cybox.mitre.org/objects#AddressObject-2 http://cybox.mitre.org/XMLSchema/objects/Address/2.1/Address_Object.xsd"
+    http://stix.mitre.org/stix-1 ../stix_core.xsd
+    http://stix.mitre.org/Indicator-2 ../indicator.xsd
+    http://cybox.mitre.org/default_vocabularies-2 ../cybox/cybox_default_vocabularies.xsd
+    http://stix.mitre.org/default_vocabularies-1 ../stix_default_vocabularies.xsd
+    http://cybox.mitre.org/objects#AddressObject-2 ../cybox/objects/Address_Object.xsd"
     id="example:STIXPackage-33fe3b22-0201-47cf-85d0-97c02164528d"
-    version="1.1">
+    timestamp="2014-05-08T09:00:00.000000Z"
+    version="1.1.1"
+    >
     <stix:STIX_Header>
         <stix:Title>Example watchlist that contains IP information.</stix:Title>
         <stix:Package_Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Indicators - Watchlist</stix:Package_Intent>
     </stix:STIX_Header>
     <stix:Indicators>
-        <stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-33fe3b22-0201-47cf-85d0-97c02164528d">
+        <stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-33fe3b22-0201-47cf-85d0-97c02164528d" timestamp="2014-05-08T09:00:00.000000Z">
             <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">IP Watchlist</indicator:Type>
             <indicator:Description>Sample IP Address Indicator for this watchlist. This contains one indicator with a set of three IP addresses in the watchlist.</indicator:Description>
             <indicator:Observable  id="example:Observable-1c798262-a4cd-434d-a958-884d6980c459">
@@ -51,3 +53,4 @@
         </stix:Indicator>
     </stix:Indicators>
 </stix:STIX_Package>
+

stix/__init__.py

@@ -1,7 +1,7 @@
 # Copyright (c) 2014, The MITRE Corporation. All rights reserved.
 # See LICENSE.txt for complete terms.
 
-__version__ = "1.1.0.6"
+__version__ = "1.1.1.0"
 
 from .base import Entity, EntityList
 

stix/base.py

@@ -2,10 +2,13 @@
 # See LICENSE.txt for complete terms.
 
 import collections
+import inspect
 import json
-from lxml import etree
 from StringIO import StringIO
 
+import cybox
+from cybox.core import Observable, Observables
+from lxml import etree
 
 class Entity(object):
     """Base class for all classes in the STIX API."""
@@ -50,6 +53,18 @@ def to_xml(self, include_namespaces=True, ns_dict=None, pretty=True):
         self.to_obj().export(s, 0, all_ns_dict, pretty_print=pretty, namespacedef_=namespace_def)
         return s.getvalue()
 
+    def _get_children(self):
+        for (name, obj) in inspect.getmembers(self):
+            if isinstance(obj, Observables):
+                for obs in obj.observables:
+                    yield obs
+            elif isinstance(obj, (Entity, cybox.Entity)):
+                yield obj
+            elif isinstance(obj, list):
+                for item in obj:
+                    if isinstance(item, Entity) or isinstance(item, Observable) or isinstance(item, cybox.Entity):
+                        yield item
+
     def to_json(self):
         return json.dumps(self.to_dict())
 

stix/bindings/incident.py

@@ -1217,7 +1217,10 @@ class ContributorsType(GeneratedsSuper):
     subclass = None
     superclass = None
     def __init__(self, Contributor=None):
-        self.Contributor = Contributor
+        if Contributor is None:
+            self.Contributor = []
+        else:
+            self.Contributor = Contributor
     def factory(*args_, **kwargs_):
         if ContributorsType.subclass:
             return ContributorsType.subclass(*args_, **kwargs_)
@@ -1226,9 +1229,11 @@ def factory(*args_, **kwargs_):
     factory = staticmethod(factory)
     def get_Contributor(self): return self.Contributor
     def set_Contributor(self, Contributor): self.Contributor = Contributor
+    def add_Contributor(self, value): self.Contributor.append(value)
+    def insert_Contributor(self, index, value): self.Contributor[index] = value
     def hasContent_(self):
         if (
-            self.Contributor is not None
+            self.Contributor
             ):
             return True
         else:
@@ -1256,8 +1261,8 @@ def exportChildren(self, outfile, level, nsmap, namespace_=XML_NS, name_='Contri
             eol_ = '\n'
         else:
             eol_ = ''
-        if self.Contributor is not None:
-            self.Contributor.export(outfile, level, nsmap, namespace_, name_='Contributor', pretty_print=pretty_print)
+        for Contributor_ in self.Contributor:
+            Contributor_.export(outfile, level, "%s:" % (nsmap[namespace_]), name_='Contributor', pretty_print=pretty_print)
     def build(self, node):
         already_processed = set()
         self.buildAttributes(node, node.attrib, already_processed)
@@ -1270,7 +1275,7 @@ def buildChildren(self, child_, node, nodeName_, fromsubclass_=False):
         if nodeName_ == 'Contributor':
             obj_ = cybox_common_binding.ContributorType.factory()
             obj_.build(child_)
-            self.set_Contributor(obj_)
+            self.Contributor.append(obj_)
 # end class ContributorsType
 
 class COATimeType(GeneratedsSuper):

stix/bindings/indicator.py

@@ -979,7 +979,7 @@ def buildAttributes(self, node, attrs, already_processed):
             self.timestamp_precision = value
     def buildChildren(self, child_, node, nodeName_, fromsubclass_=False):
         if nodeName_ == 'Source':
-            obj_ = stix_common_binding.StructuredTextType.factory()
+            obj_ = stix_common_binding.InformationSourceType.factory()
             obj_.build(child_)
             self.set_Source(obj_)
         elif nodeName_ == 'Reference':
@@ -1688,7 +1688,7 @@ def buildAttributes(self, node, attrs, already_processed):
         super(RelatedCampaignReferencesType, self).buildAttributes(node, attrs, already_processed)
     def buildChildren(self, child_, node, nodeName_, fromsubclass_=False):
         if nodeName_ == 'Related_Campaign':
-            obj_ = stix_common_binding.CampaignReferenceType.factory()
+            obj_ = stix_common_binding.RelatedCampaignReferenceType.factory()
             obj_.build(child_)
             self.Related_Campaign.append(obj_)
         super(RelatedCampaignReferencesType, self).buildChildren(child_, node, nodeName_, True)

stix/bindings/stix_common.py

@@ -1213,7 +1213,7 @@ def buildChildren(self, child_, node, nodeName_, fromsubclass_=False):
             obj_.build(child_)
             self.set_Description(obj_)
         elif nodeName_ == 'Source':
-            obj_ = ControlledVocabularyStringType.factory()
+            obj_ = InformationSourceType.factory()
             obj_.build(child_)
             self.set_Source(obj_)
         elif nodeName_ == 'Confidence_Assertion_Chain':
@@ -4037,7 +4037,7 @@ def buildChildren(self, child_, node, nodeName_, fromsubclass_=False):
             obj_.build(child_)
             self.set_Description(obj_)
         elif nodeName_ == 'Source':
-            obj_ = ControlledVocabularyStringType.factory()
+            obj_ = InformationSourceType.factory()
             obj_.build(child_)
             self.set_Source(obj_)
         elif nodeName_ == 'Confidence':

stix/campaign/__init__.py

@@ -64,25 +64,20 @@ class RelatedTTPs(GenericRelationshipList):
     _contained_type = RelatedTTP
     _inner_name = "ttps"
 
-
-class Name(VocabString):
-    pass
-
-
 class Names(stix.EntityList):
     _namespace = "http://stix.mitre.org/Campaign-1"
     _binding = campaign_binding
     _binding_class = campaign_binding.NamesType
     _binding_var = "Name"
-    _contained_type = Name
+    _contained_type = VocabString
     _inner_name = "names"
 
 
 class Campaign(stix.Entity):
     _binding = campaign_binding
     _binding_class = _binding.CampaignType
     _namespace = "http://stix.mitre.org/Campaign-1"
-    _version = "1.1"
+    _version = "1.1.1"
 
     def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
         self.id_ = id_ or stix.utils.create_id("Campaign")

stix/coa/__init__.py

@@ -29,7 +29,7 @@ class CourseOfAction(stix.Entity):
     _binding = coa_binding
     _binding_class = coa_binding.CourseOfActionType
     _namespace = "http://stix.mitre.org/CourseOfAction-1"
-    _version = "1.1"
+    _version = "1.1.1"
 
     def __init__(self, id_=None, idref=None, timestamp=None, title=None, description=None, short_description=None):
         self.id_ = id_ or stix.utils.create_id("coa")

stix/common/confidence.py

@@ -1,6 +1,8 @@
 # Copyright (c) 2014, The MITRE Corporation. All rights reserved.
 # See LICENSE.txt for complete terms.
 
+from __future__ import absolute_import
+
 from datetime import datetime
 import dateutil
 from dateutil.tz import tzutc
@@ -11,7 +13,6 @@
 from .structured_text import StructuredText
 from .vocabs import VocabString, HighMediumLow
 
-
 class Confidence(stix.Entity):
     _namespace = 'http://stix.mitre.org/common-1'
     _binding = common_binding
@@ -58,12 +59,14 @@ def source(self):
 
     @source.setter
     def source(self, value):
+        from .information_source import InformationSource
+        
         if value is None:
             self._source = None
-        elif isinstance(value, VocabString):
+        elif isinstance(value, InformationSource):
             self._source = value
         else:
-            self._source = VocabString(value=value)
+            raise ValueError("source must be of type InformationSource")
 
     @property
     def description(self):
@@ -119,6 +122,8 @@ def to_dict(self):
 
     @staticmethod
     def from_obj(obj):
+        from .information_source import InformationSource
+        
         if not obj:
             return None
         c = Confidence()
@@ -127,12 +132,14 @@ def from_obj(obj):
         c.timestamp_precision = obj.get_timestamp_precision()
         c.value = VocabString.from_obj(obj.get_Value())
         c.description = StructuredText.from_obj(obj.get_Description())
-        c.source = VocabString.from_obj(obj.get_Source())
+        c.source = InformationSource.from_obj(obj.get_Source())
 
         return c
 
     @staticmethod
     def from_dict(dict_):
+        from .information_source import InformationSource
+        
         if dict_ is None:
             return None
         c = Confidence()
@@ -141,11 +148,10 @@ def from_dict(dict_):
         c.timestamp_precision = dict_.get('timestamp_precision', 'second')
         c.value = VocabString.from_dict(dict_.get('value'))
         c.description = StructuredText.from_dict(dict_.get('description'))
-        c.source = VocabString.from_dict(dict_.get('source'))
+        c.source = InformationSource.from_dict(dict_.get('source'))
 
         return c
 
-
 class ConfidenceAssertionChain(stix.Entity):
     _namespace = 'http://stix.mitre.org/common-2'
     _binding = common_binding
@@ -176,3 +182,4 @@ def to_dict(self):
     @classmethod
     def from_dict(cls, dict_repr, return_obj=None):
         return None
+

stix/common/related.py

@@ -5,17 +5,17 @@
 
 import stix
 import stix.bindings.stix_common as common_binding
-
-from .confidence import Confidence
-from .information_source import InformationSource
 from .vocabs import VocabString
+from .information_source import InformationSource
+from .confidence import Confidence
 
 class GenericRelationship(stix.Entity):
     _namespace = "http://stix.mitre.org/common-1"
     _binding = common_binding
     _binding_class = common_binding.GenericRelationshipType
 
     def __init__(self, confidence=None, information_source=None, relationship=None):
+        
         self.confidence = confidence
         self.information_source = information_source
         self.relationship = relationship