Version: 1.2.0

ramrod.stix.stix_1_0_1 Module

class ramrod.stix.stix_1_0_1.STIX_1_0_1_Updater

Updates STIX v1.0.1 content to STIX v1.1.

The following fields and types are translated:

  • MotivationVocab-1.0.1 updated to MotivationVocab-1.1
  • IndicatorTypeVocab-1.0 updated to IndicatorTypeVocab-1.1
  • TTP/Exploit_Targets instances are updated to align with stixCommon:GenericRelationshipListType data type.
  • Instances of STIX v1.0.1 stixCommon:ContributorsType are converted into instances of STIX v1.1 stixCommon:ContributingSourcesType

Empty instances of the following optional items are removed:

  • marking:Controlled_Structure
  • marking:Marking_Structure

The following fields and types cannot be translated:

  • MAEC 4.0.1 Malware extension
  • CAPEC 2.6.1 Attack Pattern extension
  • TTP:Malware nodes that contain only MAEC Malware_Instance children
  • TTP:Attack_Patterns nodes that contain only CAPEC Attack Pattern instance children
  • stixCommon:Date_Time fields that do not contain xs:dateTime values
check_update(root, options=None)

Determines if the input document can be upgraded.

Parameters:
  • root – The XML document. This can be a filename, a file-like object, an instance of etree._Element or an instance of etree._ElementTree.
  • options (optional) – A ramrod.UpdateOptions instance. If None, ramrod.DEFAULT_UPDATE_OPTIONS will be used.
Raises:
  • UnknownVersionError – If the input document does not have a version.
  • InvalidVersionError – If the version of the input document does not match the VERSION class-level attribute value.
  • UpdateError – If the input document contains fields which cannot be updated or constructs with non-unique IDs are discovered.
clean(root, options=None)

Removes disallowed elements from root and remaps non-unique IDs to unique IDs for the sake of schema-validation.

Removed items can be retrieved via the removed attribute on the return value:

>>> results = updater.clean(root)
>>> print(results.removed)
(<Element at 0xffdcf234>, <Element at 0xffdcf284>)

Items which have been reassigned IDs can be retrieved via the remapped_ids attribute on the return value:

>>> results = updater.clean(root)
>>> print(results.remapped_ids)
{'example:Observable-duplicate': [<Element {http://cybox.mitre.org...

Note

This does not remap idref attributes to new ID values because it is impossible to determine which entity the idref was pointing to.

Parameters:
  • root – The XML document. This can be a filename, a file-like object, an instance of etree._Element or an instance of etree._ElementTree.
  • options (optional) – A ramrod.UpdateOptions instance. If None, ramrod.DEFAULT_UPDATE_OPTIONS will be used.
Returns:

An instance of ramrod.UpdateResults.

get_version(package)

Returns the version of the package STIX_Package element by inspecting its version attribute.

update(root, options=None, force=False)

Attempts to update root to the next version of its language specification.

If force is set to True, items may be removed during the translation process and IDs may be reassigned if they are not unique within the document.

Note

This does not remap idref attributes to new ID values because it is impossible to determine which entity the idref was pointing to.

Removed items can be retrieved via the removed attribute on the return value:

>>> results = updater.update(root, force=True)
>>> print(results.removed)
(<Element at 0xffdcf234>, <Element at 0xffdcf284>)

Items which have been reassigned IDs can be retrieved via the remappped_ids attribute on the return value:

>>> results = updater.update(root, force=True)
>>> print(results.remapped_ids)
{'example:Observable-duplicate-id-1': [<Element {http://cybox.mitre...
Parameters:
  • root – The XML document. This can be a filename, a file-like object, an instance of etree._Element or an instance of etree._ElementTree.
  • options – A ramrod.UpdateOptions instance. If None, ramrod.DEFAULT_UPDATE_OPTIONS will be used.
  • force – Forces the update process to complete by potentially removing untranslatable xml nodes and/or remapping non-unique IDs. This may result in non-schema=conformant XML. USE AT YOUR OWN RISK!
Returns:

An instance of ramrod.UpdateResults.

Raises:
  • UpdateError – If untranslatable fields or non-unique IDs are discovered in root and force is False.
  • UnknownVersionError – If the root node contains no version information.
  • InvalidVersionError – If the root node contains invalid version information (e.g., the class expects v1.0 content and the root node contains v1.1 content).