Version: 1.2.0
ramrod.stix.stix_1_0_1
Module¶
-
class
ramrod.stix.stix_1_0_1.
STIX_1_0_1_Updater
¶ Updates STIX v1.0.1 content to STIX v1.1.
The following fields and types are translated:
MotivationVocab-1.0.1
updated toMotivationVocab-1.1
IndicatorTypeVocab-1.0
updated toIndicatorTypeVocab-1.1
TTP/Exploit_Targets
instances are updated to align withstixCommon:GenericRelationshipListType
data type.- Instances of STIX v1.0.1
stixCommon:ContributorsType
are converted into instances of STIX v1.1stixCommon:ContributingSourcesType
Empty instances of the following optional items are removed:
marking:Controlled_Structure
marking:Marking_Structure
The following fields and types cannot be translated:
- MAEC 4.0.1 Malware extension
- CAPEC 2.6.1 Attack Pattern extension
TTP:Malware
nodes that contain only MAEC Malware_Instance childrenTTP:Attack_Patterns
nodes that contain only CAPEC Attack Pattern instance childrenstixCommon:Date_Time
fields that do not containxs:dateTime
values
-
check_update
(root, options=None)¶ Determines if the input document can be upgraded.
Parameters: - root – The XML document. This can be a filename, a file-like object,
an instance of
etree._Element
or an instance ofetree._ElementTree
. - options (optional) – A
ramrod.UpdateOptions
instance. IfNone
,ramrod.DEFAULT_UPDATE_OPTIONS
will be used.
Raises: UnknownVersionError
– If the input document does not have a version.InvalidVersionError
– If the version of the input document does not match the VERSION class-level attribute value.UpdateError
– If the input document contains fields which cannot be updated or constructs with non-unique IDs are discovered.
- root – The XML document. This can be a filename, a file-like object,
an instance of
-
clean
(root, options=None)¶ Removes disallowed elements from root and remaps non-unique IDs to unique IDs for the sake of schema-validation.
Removed items can be retrieved via the
removed
attribute on the return value:>>> results = updater.clean(root) >>> print(results.removed) (<Element at 0xffdcf234>, <Element at 0xffdcf284>)
Items which have been reassigned IDs can be retrieved via the
remapped_ids
attribute on the return value:>>> results = updater.clean(root) >>> print(results.remapped_ids) {'example:Observable-duplicate': [<Element {http://cybox.mitre.org...
Note
This does not remap
idref
attributes to new ID values because it is impossible to determine which entity theidref
was pointing to.Parameters: - root – The XML document. This can be a filename, a file-like object,
an instance of
etree._Element
or an instance ofetree._ElementTree
. - options (optional) – A
ramrod.UpdateOptions
instance. IfNone
,ramrod.DEFAULT_UPDATE_OPTIONS
will be used.
Returns: An instance of
ramrod.UpdateResults
.- root – The XML document. This can be a filename, a file-like object,
an instance of
-
get_version
(package)¶ Returns the version of the package
STIX_Package
element by inspecting itsversion
attribute.
-
update
(root, options=None, force=False)¶ Attempts to update root to the next version of its language specification.
If force is set to True, items may be removed during the translation process and IDs may be reassigned if they are not unique within the document.
Note
This does not remap
idref
attributes to new ID values because it is impossible to determine which entity theidref
was pointing to.Removed items can be retrieved via the
removed
attribute on the return value:>>> results = updater.update(root, force=True) >>> print(results.removed) (<Element at 0xffdcf234>, <Element at 0xffdcf284>)
Items which have been reassigned IDs can be retrieved via the
remappped_ids
attribute on the return value:>>> results = updater.update(root, force=True) >>> print(results.remapped_ids) {'example:Observable-duplicate-id-1': [<Element {http://cybox.mitre...
Parameters: - root – The XML document. This can be a filename, a file-like object,
an instance of
etree._Element
or an instance ofetree._ElementTree
. - options – A
ramrod.UpdateOptions
instance. IfNone
,ramrod.DEFAULT_UPDATE_OPTIONS
will be used. - force – Forces the update process to complete by potentially removing untranslatable xml nodes and/or remapping non-unique IDs. This may result in non-schema=conformant XML. USE AT YOUR OWN RISK!
Returns: An instance of
ramrod.UpdateResults
.Raises: UpdateError
– If untranslatable fields or non-unique IDs are discovered in root and force isFalse
.UnknownVersionError
– If the root node contains no version information.InvalidVersionError
– If the root node contains invalid version information (e.g., the class expects v1.0 content and the root node contains v1.1 content).
- root – The XML document. This can be a filename, a file-like object,
an instance of