How to use the stix2.base._Extension function in stix2
To help you get started, we’ve selected a few stix2 examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
oasis-open / cti-python-stix2 / stix2 / custom.py View on Github 
def __init__(self, **kwargs):
_Extension.__init__(self, **kwargs)
_cls_init(cls, self, kwargs)class WindowsPESection(_STIXBase):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_properties = OrderedDict([
('name', StringProperty(required=True)),
('size', IntegerProperty(min=0)),
('entropy', FloatProperty()),
('hashes', HashesProperty(spec_version='2.1')),
])
class WindowsPEBinaryExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'windows-pebinary-ext'
_properties = OrderedDict([
('pe_type', StringProperty(required=True)), # open_vocab
('imphash', StringProperty()),
('machine_hex', HexProperty()),
('number_of_sections', IntegerProperty(min=0)),
('time_date_stamp', TimestampProperty(precision='second')),
('pointer_to_symbol_table_hex', HexProperty()),
('number_of_symbols', IntegerProperty(min=0)),
('size_of_optional_header', IntegerProperty(min=0)),
('characteristics_hex', HexProperty()),def _custom_extension_builder(cls, observable, type, properties, version):
if not observable or not issubclass(observable, _Observable):
raise ValueError("'observable' must be a valid Observable class!")
class _CustomExtension(cls, _Extension):
if not re.match(TYPE_REGEX, type):
raise ValueError(
"Invalid extension type name '%s': must only contain the "
"characters a-z (lowercase ASCII), 0-9, and hyphen (-)." % type,
)
elif len(type) < 3 or len(type) > 250:
raise ValueError("Invalid extension type name '%s': must be between 3 and 250 characters." % type)
if not properties or not isinstance(properties, list):
raise ValueError("Must supply a list, containing tuples. For example, [('property1', IntegerProperty())]")
_type = type
_properties = OrderedDict(properties)
def __init__(self, **kwargs):_type = 'mutex'
_properties = OrderedDict([
('type', TypeProperty(_type)),
('id', IDProperty(_type, spec_version='2.1')),
('name', StringProperty(required=True)),
('extensions', ExtensionsProperty(spec_version='2.1', enclosing_type=_type)),
('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)),
])
_id_contributing_properties = ["name"]
class HTTPRequestExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'http-request-ext'
_properties = OrderedDict([
('request_method', StringProperty(required=True)),
('request_value', StringProperty(required=True)),
('request_version', StringProperty()),
('request_header', DictionaryProperty(spec_version='2.1')),
('message_body_length', IntegerProperty()),
('message_body_data_ref', ObjectReferenceProperty(valid_types='artifact')),
])class NTFSExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'ntfs-ext'
_properties = OrderedDict([
('sid', StringProperty()),
('alternate_data_streams', ListProperty(EmbeddedObjectProperty(type=AlternateDataStream))),
])
class PDFExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'pdf-ext'
_properties = OrderedDict([
('version', StringProperty()),
('is_optimized', BooleanProperty()),
('document_info_dict', DictionaryProperty(spec_version='2.1')),
('pdfid0', StringProperty()),
('pdfid1', StringProperty()),
])
class RasterImageExt(_Extension):def _check_object_constraints(self):
super(SocketExt, self)._check_object_constraints()
options = self.get('options')
if options is not None:
acceptable_prefixes = ["SO", "ICMP", "ICMP6", "IP", "IPV6", "MCAST", "TCP", "IRLMP"]
for key, val in options.items():
if key[:key.find('_')] not in acceptable_prefixes:
raise ValueError("Incorrect options key")
if not isinstance(val, int):
raise ValueError("Options value must be an integer")
class TCPExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'tcp-ext'
_properties = OrderedDict([
('src_flags_hex', HexProperty()),
('dst_flags_hex', HexProperty()),
])
class NetworkTraffic(_Observable):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.('spec_version', StringProperty(fixed='2.1')),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.1'))),
('granular_markings', ListProperty(GranularMarking)),
('defanged', BooleanProperty(default=lambda: False)),
])
_id_contributing_properties = ["from_ref", "subject", "body"]
def _check_object_constraints(self):
super(EmailMessage, self)._check_object_constraints()
self._check_properties_dependency(['is_multipart'], ['body_multipart'])
if self.get('is_multipart') is True and self.get('body'):
# 'body' MAY only be used if is_multipart is false.
raise DependentPropertiesError(self.__class__, [('is_multipart', 'body')])
class ArchiveExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'archive-ext'
_properties = OrderedDict([
('contains_refs', ListProperty(ObjectReferenceProperty(valid_types=['file', 'directory']), required=True)),
('comment', StringProperty()),
])
class AlternateDataStream(_STIXBase):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'pdf-ext'
_properties = OrderedDict([
('version', StringProperty()),
('is_optimized', BooleanProperty()),
('document_info_dict', DictionaryProperty(spec_version='2.1')),
('pdfid0', StringProperty()),
('pdfid1', StringProperty()),
])
class RasterImageExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'raster-image-ext'
_properties = OrderedDict([
('image_height', IntegerProperty()),
('image_width', IntegerProperty()),
('bits_per_pixel', IntegerProperty()),
('exif_tags', DictionaryProperty(spec_version='2.1')),
])
class WindowsPEOptionalHeaderType(_STIXBase):
# TODO: Add link('priority', StringProperty()),
('owner_sid', StringProperty()),
('window_title', StringProperty()),
('startup_info', DictionaryProperty(spec_version='2.1')),
(
'integrity_level', EnumProperty(allowed=[
"low",
"medium",
"high",
"system",
]),
),
])
class WindowsServiceExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'windows-service-ext'
_properties = OrderedDict([
('service_name', StringProperty()),
('descriptions', ListProperty(StringProperty)),
('display_name', StringProperty()),
('group_name', StringProperty()),
(
'start_type', EnumProperty(allowed=[
"SERVICE_AUTO_START",
"SERVICE_BOOT_START",
"SERVICE_DEMAND_START","""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'http-request-ext'
_properties = OrderedDict([
('request_method', StringProperty(required=True)),
('request_value', StringProperty(required=True)),
('request_version', StringProperty()),
('request_header', DictionaryProperty(spec_version='2.1')),
('message_body_length', IntegerProperty()),
('message_body_data_ref', ObjectReferenceProperty(valid_types='artifact')),
])
class ICMPExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
"""
_type = 'icmp-ext'
_properties = OrderedDict([
('icmp_type_hex', HexProperty(required=True)),
('icmp_code_hex', HexProperty(required=True)),
])
class SocketExt(_Extension):
# TODO: Add link
"""For more detailed information on this object's properties, see
`the STIX 2.1 specification `__.
Popular stix2 functions
- stix2.base._Extension
- stix2.base._Observable
- stix2.base._STIXBase
- stix2.core.parse
- stix2.datastore.filters.Filter
- stix2.datastore.filters.FilterSet
- stix2.Filter
- stix2.Indicator
- stix2.MemoryStore
- stix2.properties.IDProperty
- stix2.properties.ListProperty
- stix2.properties.Property
- stix2.properties.ReferenceProperty
- stix2.properties.StringProperty
- stix2.properties.TypeProperty
- stix2.Relationship
- stix2.StringConstant
- stix2.TAXIICollectionSource
- stix2.v20.Bundle
- stix2.v21.properties.Property