How to use the sdv.validators.stix.best_practice.BestPracticeWarningCollection function in sdv

To help you get started, we’ve selected a few sdv examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
"""Checks for nodes in the input `root` document that contain IDs
        which fall under the ``example`` namespace.

        """
        ex_namespaces = ('http://example.com', 'http://example.com/')

        # Get all the namespaces used in the document
        doc_nsmap = utils.get_document_namespaces(root)

        # Element tags to check for example ID presence
        to_check = itertools.chain(
            common.STIX_CORE_COMPONENTS,
            common.CYBOX_CORE_COMPONENTS
        )

        results = BestPracticeWarningCollection('IDs Use Example Namespace')
        xpath = " | ".join("//%s" % x for x in to_check)

        for node in root.xpath(xpath, namespaces=namespaces):
            if 'id' not in node.attrib:
                continue

            # ID attr found. Break it up into ns prefix and local parts
            id_parts = node.attrib['id'].split(":")

            if len(id_parts) != 2:
                continue

            # Try to get the namespace mapped to the ID ns prefix
            prefix = id_parts[0]
            ns = doc_nsmap.get(prefix)
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def insert(self, idx, value):
        """Inserts an instance of :class:`BestPracticeWarningCollection`.

        Note:
            If ``bool(value) == False`` then `value` will not be inserted.

        Raises:
            ValueError: If `value` is not an instance of
                :class:`BestPracticeWarningCollection`.

        """
        if not value:
            return

        if not isinstance(value, BestPracticeWarningCollection):
            raise ValueError(
                "Value must be instance of BestPracticeWarningCollection"
            )

        self._warnings.insert(idx, value)
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
"""

        # Selects nodes that have more than one instance of a specific
        # StructuredTextType child (i.e., more than one Description child).
        xpath_fmt = "//*[count(child::*[local-name()='{0}']) > 1]"

        tags = (
            "Description",
            "Short_Description",
            "Description_Of_Effect",
            "Business_Function_Or_Role"
        )

        title = "StructuredText @ordinality Use"
        results = BestPracticeWarningCollection(title)
        nslist = namespaces.values()

        for tag in tags:
            xpath = xpath_fmt.format(tag)
            nodes = root.xpath(xpath, namespaces=namespaces)

            if len(nodes) == 0:
                continue

            warns = self._get_bad_ordinalities(nodes, tag, nslist)
            results.extend(warns)

        return results
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _check_latest_vocabs(self, root, namespaces, version):  # noqa
        """Checks that all STIX vocabs are using latest published versions.
        Triggers a warning if an out of date vocabulary is used.

        Note:
            The xpath used to discover instances of controlled vocabularies
            assumes that the type name ends with 'Vocab-'. An example
            instance would be 'IndicatorTypeVocab-1.0'.

        """
        results = BestPracticeWarningCollection("Vocab Suggestions")
        xpath = "//*[contains(@xsi:type, 'Vocab-')]"

        for vocab in root.xpath(xpath, namespaces=namespaces):
            xsi_type = vocab.attrib[xmlconst.TAG_XSI_TYPE]
            name = common.parse_vocab_name(xsi_type)
            found = common.parse_vocab_version(xsi_type)
            expected = common.get_vocab_version(root, version, xsi_type)

            if found == expected:
                continue

            warning = BestPracticeWarning(node=vocab)
            warning['vocab name'] = name
            warning['version found'] = found
            warning['version expected'] = expected
            results.append(warning)
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
Note:
            Some STIX/CybOX constructs (e.g., ``Related_Object`` instances) are
            exceptions to this rule.

        """
        def is_invalid(node):
            if common.is_idref_content_exception(node):
                return False

            return utils.has_content(node)

        nodes = root.xpath("//*[@idref]")
        warnings = (BestPracticeWarning(x) for x in nodes if is_invalid(x))

        results = BestPracticeWarningCollection("IDREF with Content")
        results.extend(warnings)

        return results
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _check_idref_resolution(self, root, namespaces, version):  # noqa
        """Checks that all idrefs resolve to a construct in the document.

        """
        idrefs = root.xpath("//*[@idref]")
        ids = root.xpath("//@id")

        def idref(x):
            return x.attrib['idref']

        results = BestPracticeWarningCollection("Unresolved IDREFs")
        warns = (BestPracticeWarning(x) for x in idrefs if idref(x) not in ids)
        results.extend(warns)

        return results
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _check_id_presence(self, root, namespaces, version):  # noqa
        """Checks that all major STIX/CybOX constructs have id attributes set.
        Constructs with idref attributes set should not have an id attribute
        and are thus omitted from the results.

        """
        to_check = itertools.chain(
            common.STIX_CORE_COMPONENTS,
            common.CYBOX_CORE_COMPONENTS
        )

        results = BestPracticeWarningCollection('Missing IDs')
        xpath = " | ".join("//%s" % x for x in to_check)
        nodes = root.xpath(xpath, namespaces=namespaces)

        for node in nodes:
            if any(x in node.attrib for x in ('id', 'idref')):
                continue

            warning = BestPracticeWarning(node=node)
            results.append(warning)

        return results
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _check_condition_attribute(self, root, namespaces, version):  # noqa
        """Checks that Observable properties contain a ``@condition``
        attribute.

        This will also attempt to resolve Observables which are referenced
        (not embedded) within Indicators.

        Note:
            This could produce inaccurate results if a CybOX ObjectProperties
            instance contains fields that do not contain a ``condition``
            attribute (e.g., a field that is not patternable).

        """
        results = BestPracticeWarningCollection(
            "Indicator Pattern Properties Missing Condition Attributes"
        )

        selectors = (
            "//{0}:Indicator".format(common.PREFIX_STIX_CORE),
            "//{0}:Indicator".format(common.PREFIX_STIX_COMMON),
            "//{0}:Indicator".format(common.PREFIX_STIX_REPORT)
        )

        xpath = " | ".join(selectors)
        indicators = root.xpath(xpath, namespaces=namespaces)

        if len(indicators) == 0:
            return results

        def _get_leaves(nodes):
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _check_marking_control_xpath(self, root, namespaces, version):  # noqa
        """Checks that data marking controlled structure XPaths are valid
        and resolve to nodes in the `root` document.

        """
        results = BestPracticeWarningCollection("Data Marking Control XPath")
        xpath = "//%s:Controlled_Structure" % common.PREFIX_DATA_MARKING

        for elem in root.xpath(xpath, namespaces=namespaces):
            if not elem.text:
                message = "Empty Control XPath"
            else:
                message = common.test_xpath(elem)

            if message:
                result = BestPracticeWarning(node=elem, message=message)
                results.append(result)

        return results
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _check_titles(self, root, namespaces, selectors):
        """Checks that each node in `nodes` has a ``Title`` element unless
        there is an ``@idref`` attribute set.

        """
        results = BestPracticeWarningCollection("Missing Titles")
        xpath = " | ".join("//%s" % x for x in selectors)
        nodes = root.xpath(xpath, namespaces=namespaces)

        for node in nodes:
            if 'idref' in node.attrib:
                continue

            if not any(utils.localname(x) == 'Title' for x in utils.iterchildren(node)):
                warning = BestPracticeWarning(node=node)
                results.append(warning)

        return results