filesystem

Python STIX2 FileSystem Source/Sink

class AuthSet(allowed, prohibited)

Represents either a whitelist or blacklist of values, where/what we must/must not search to find objects which match a query. (Maybe “AuthSet” isn’t the right name, but determining authorization is a typical context in which black/white lists are used.)

The set may be empty. For a whitelist, this means you mustn’t search anywhere, which means the query was impossible to match, so you can skip searching altogether. For a blacklist, this means nothing is excluded and you must search everywhere.

BLACK = 0
WHITE = 1
auth_type

AuthSet.WHITE or AuthSet.BLACK.

Type:Get the type of set
values

Get the values in this white/blacklist, as a set.

class FileSystemSink(stix_dir, allow_custom=False, bundlify=False)

Interface for adding/pushing STIX objects to file directory of STIX objects.

Can be paired with a FileSystemSource, together as the two components of a FileSystemStore.

Parameters:
  • stix_dir (str) – path to directory of STIX objects.
  • allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSource. Default: False
  • bundlify (bool) – Whether to wrap objects in bundles when saving them. Default: False.
add(stix_data=None, version=None)

Add STIX objects to file directory.

Parameters:
  • stix_data (STIX object OR dict OR str OR list) – valid STIX 2.0 content in a STIX object (or list of), dict (or list of), or a STIX 2.0 json encoded string.
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.

Note

stix_data can be a Bundle object, but each object in it will be saved separately; you will be able to retrieve any of the objects the Bundle contained, but not the Bundle itself.

stix_dir
class FileSystemSource(stix_dir, allow_custom=True, encoding='utf-8')

Interface for searching/retrieving STIX objects from a STIX object file directory.

Can be paired with a FileSystemSink, together as the two components of a FileSystemStore.

Parameters:
  • stix_dir (str) – path to directory of STIX objects
  • allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSink. Default: True
  • encoding (str) – The encoding to use when reading a file from the filesystem.
all_versions(stix_id, version=None, _composite_filters=None)

Retrieve STIX object from file directory via STIX ID, all versions.

Note: Since FileSystem sources/sinks don’t handle multiple versions of a STIX object, this operation is unnecessary. Pass call to get().

Parameters:
  • stix_id (str) – The STIX ID of the STIX objects to be retrieved.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
Returns:

(list)

of STIX objects that has the supplied STIX ID.

The STIX objects are loaded from their json files, parsed into a python STIX objects and then returned

get(stix_id, version=None, _composite_filters=None)

Retrieve STIX object from file directory via STIX ID.

Parameters:
  • stix_id (str) – The STIX ID of the STIX object to be retrieved.
  • _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
Returns:

(STIX object)

STIX object that has the supplied STIX ID.

The STIX object is loaded from its json file, parsed into a python STIX object and then returned

query(query=None, version=None, _composite_filters=None)

Search and retrieve STIX objects based on the complete query.

A “complete query” includes the filters from the query, the filters attached to this FileSystemSource, and any filters passed from a CompositeDataSource (i.e. _composite_filters).

Parameters:
  • query (list) – list of filters to search on
  • _composite_filters (FilterSet) – collection of filters passed from the CompositeDataSource, not user supplied
  • version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
Returns:

(list)

list of STIX objects that matches the supplied

query. The STIX objects are loaded from their json files, parsed into a python STIX objects and then returned.

stix_dir
class FileSystemStore(stix_dir, allow_custom=None, bundlify=False, encoding='utf-8')

Interface to a file directory of STIX objects.

FileSystemStore is a wrapper around a paired FileSystemSink and FileSystemSource.

Parameters:
  • stix_dir (str) – path to directory of STIX objects
  • allow_custom (bool) – whether to allow custom STIX content to be pushed/retrieved. Defaults to True for FileSystemSource side (retrieving data) and False for FileSystemSink side(pushing data). However, when parameter is supplied, it will be applied to both FileSystemSource and FileSystemSink.
  • bundlify (bool) – whether to wrap objects in bundles when saving them. Default: False.
  • encoding (str) – The encoding to use when reading a file from the filesystem.
source

FileSystemSource

Type:FileSystemSource
sink

FileSystemSink

Type:FileSystemSink