How to use the sdv.validators.stix.common function in sdv

To help you get started, we’ve selected a few sdv examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
Triggers a warning if an out of date vocabulary is used.

        Note:
            The xpath used to discover instances of controlled vocabularies
            assumes that the type name ends with 'Vocab-'. An example
            instance would be 'IndicatorTypeVocab-1.0'.

        """
        results = BestPracticeWarningCollection("Vocab Suggestions")
        xpath = "//*[contains(@xsi:type, 'Vocab-')]"

        for vocab in root.xpath(xpath, namespaces=namespaces):
            xsi_type = vocab.attrib[xmlconst.TAG_XSI_TYPE]
            name = common.parse_vocab_name(xsi_type)
            found = common.parse_vocab_version(xsi_type)
            expected = common.get_vocab_version(root, version, xsi_type)

            if found == expected:
                continue

            warning = BestPracticeWarning(node=vocab)
            warning['vocab name'] = name
            warning['version found'] = found
            warning['version expected'] = expected
            results.append(warning)

        return results
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _get_1_2_related_package_deprecations(self, root, namespaces):
        """Checks for deprecated use of Related_Packages in STIX component
        instances.

        """
        selector = "//{0}:Related_Packages"
        prefixes = (
            common.PREFIX_STIX_CAMPAIGN,
            common.PREFIX_STIX_COA,
            common.PREFIX_STIX_EXPLOIT_TARGET,
            common.PREFIX_STIX_INCIDENT,
            common.PREFIX_STIX_INDICATOR,
            common.PREFIX_STIX_THREAT_ACTOR,
            common.PREFIX_STIX_TTP
        )

        to_check = (selector.format(prefix) for prefix in prefixes)
        xpath = " | ".join(to_check)
        nodes = root.xpath(xpath, namespaces=namespaces)

        msg = "Use of Related_Packages is deprecated."
        warns = [BestPracticeWarning(node=x, message=msg) for x in nodes]
        return warns
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _run_rules(self, root, version):
        """Runs all best practice rules applicable to a `version` of STIX
        against the `root` document.

        """
        namespaces = common.get_stix_namespaces(version)
        results = BestPracticeValidationResults()
        rules = self._get_rules(version)

        for func in rules:
            result = func(self, root, namespaces=namespaces, version=version)
            results.append(result)

        return results
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _get_1_2_related_package_deprecations(self, root, namespaces):
        """Checks for deprecated use of Related_Packages in STIX component
        instances.

        """
        selector = "//{0}:Related_Packages"
        prefixes = (
            common.PREFIX_STIX_CAMPAIGN,
            common.PREFIX_STIX_COA,
            common.PREFIX_STIX_EXPLOIT_TARGET,
            common.PREFIX_STIX_INCIDENT,
            common.PREFIX_STIX_INDICATOR,
            common.PREFIX_STIX_THREAT_ACTOR,
            common.PREFIX_STIX_TTP
        )

        to_check = (selector.format(prefix) for prefix in prefixes)
        xpath = " | ".join(to_check)
        nodes = root.xpath(xpath, namespaces=namespaces)

        msg = "Use of Related_Packages is deprecated."
        warns = [BestPracticeWarning(node=x, message=msg) for x in nodes]
        return warns
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
def _get_1_2_related_package_deprecations(self, root, namespaces):
        """Checks for deprecated use of Related_Packages in STIX component
        instances.

        """
        selector = "//{0}:Related_Packages"
        prefixes = (
            common.PREFIX_STIX_CAMPAIGN,
            common.PREFIX_STIX_COA,
            common.PREFIX_STIX_EXPLOIT_TARGET,
            common.PREFIX_STIX_INCIDENT,
            common.PREFIX_STIX_INDICATOR,
            common.PREFIX_STIX_THREAT_ACTOR,
            common.PREFIX_STIX_TTP
        )

        to_check = (selector.format(prefix) for prefix in prefixes)
        xpath = " | ".join(to_check)
        nodes = root.xpath(xpath, namespaces=namespaces)

        msg = "Use of Related_Packages is deprecated."
        warns = [BestPracticeWarning(node=x, message=msg) for x in nodes]
        return warns
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
)
                    warning['timestamp'] = timestamp
                    results.append(warning)

            if id_ and not timestamp:
                warning = BestPracticeWarning(
                    node=node,
                    message="ID present but missing timestamp"
                )
            elif idref and not timestamp:
                warning = BestPracticeWarning(
                    node=node,
                    message="IDREF present but missing timestamp"
                )
            elif idref and timestamp:
                resolves = common.idref_timestamp_resolves(
                    root=root,
                    idref=idref,
                    timestamp=timestamp,
                    namespaces=namespaces
                )

                if resolves:
                    continue

                warning = BestPracticeWarning(
                    node=node,
                    message="IDREF and timestamp combination do not resolve "
                            "to a node in the input document."
                )

                warning['timestamp'] = timestamp
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
    @common.check_stix
    def validate(self, doc, version=None):
        """Checks that a STIX document aligns with `suggested authoring
        practices`_.

        .. _suggested authoring practices: http://stixproject.github.io/documentation/suggested-practices/

        Args:
            doc: The STIX document. Can be a filename, file-like object,
                lxml._Element, or lxml._ElementTree instance.
            version: The version of the STIX document. This will determine the
                set of best practice rules to check. If ``None`` an attempt
                will be made to extract the version from `doc`.

        Returns:
            An instance of
            :class:`.BestPracticeValidationResults`.
github STIXProject / stix-validator / sdv / validators / stix / schema.py View on Github external
    @common.check_stix
    def validate(self, doc, version=None, schemaloc=False):
        """Performs XML Schema validation against a STIX document.

        When validating against the set of bundled schemas, a STIX version
        number must be declared for the input `doc`. If a user does not pass in
        a `version` parameter, an attempt will be made to collect the version
        from the input `doc`.

        Note:
            If `schemaloc` is ``True`` or this class was initialized with a
            ``schema_dir``, no version checking or verification will occur.

        Args:
            doc: The STIX document. This can be a filename, file-like object,
                ``etree._Element``, or ``etree._ElementTree`` instance.
            version: The version of the STIX document. If ``None`` an attempt
github STIXProject / stix-validator / sdv / validators / stix / schema.py View on Github external
def _get_document_version(self, doc):
        return common.get_version(doc)
github STIXProject / stix-validator / sdv / validators / stix / best_practice.py View on Github external
"""
        stix = (
            '//{0}:Campaigns/{0}:Campaign',
            '//{0}:Courses_Of_Action/{0}:Course_Of_Action',
            '//{0}:Exploit_Targets/{0}:Exploit_Target',
            '//{0}:Incidents/{0}:Incident',
            '//{0}:Indicators/{0}:Indicator',
            '//{0}:Threat_Actors/{0}:Threat_Actor',
            '//{0}:TTPs/{0}:TTP',
            '//{0}:Related_Packages/{0}:Related_Package/{0}:Package',
        )

        cybox = "//{0}:Observables/{1}:Observable".format(
            common.PREFIX_STIX_CORE,
            common.PREFIX_CYBOX_CORE
        )

        # Combine the STIX and CybOX selectors
        to_check = [x.format(common.PREFIX_STIX_CORE) for x in stix]
        to_check.append(cybox)

        xpath = " | ".join(to_check)
        nodes = root.xpath(xpath, namespaces=namespaces)

        # Create result collection
        msg = "IDREFs in top-level collections is deprecated."

        # Attach warnings to collection
        warns =  []
        for node in nodes:
            if 'idref' not in node.attrib: