utils¶
Utility functions and classes for the STIX2 library.
-
class
STIXdatetime
¶
-
deduplicate
(stix_obj_list)¶ Deduplicate a list of STIX objects to a unique set.
Reduces a set of STIX objects to unique set by looking at ‘id’ and ‘modified’ fields - as a unique object version is determined by the combination of those fields
Note: Be aware, as can be seen in the implementation of deduplicate(),that if the “stix_obj_list” argument has multiple STIX objects of the same version, the last object version found in the list will be the one that is returned.
Parameters: stix_obj_list (list) – list of STIX objects (dicts) Returns: A list with a unique set of the passed list of STIX objects.
-
find_property_index
(obj, search_key, search_value)¶ Search (recursively) for the given key and value in the given object. Return an index for the key, relative to whatever object it’s found in.
Parameters: - obj – The object to search (list, dict, or stix object)
- search_key – A search key
- search_value – A search value
Returns: int – An index; -1 if the key and value aren’t found
-
format_datetime
(dttm)¶ Convert a datetime object into a valid STIX timestamp string.
- Convert to timezone-aware
- Convert to UTC
- Format in ISO format
- Ensure correct precision a. Add subsecond value if non-zero and precision not defined
- Add “Z”
-
get_class_hierarchy_names
(obj)¶ Given an object, return the names of the class hierarchy.
-
get_timestamp
()¶ Return a STIX timestamp of the current date and time.
-
get_type_from_id
(stix_id)¶
-
is_marking
(obj_or_id)¶ Determines whether the given object or object ID is/is for a marking definition.
Parameters: obj_or_id – A STIX object or object ID as a string. Returns: True if a marking definition, False otherwise.
-
new_version
(data, **kwargs)¶ Create a new version of a STIX object, by modifying properties and updating the
modified
property.
-
parse_into_datetime
(value, precision=None)¶ Parse a value into a valid STIX timestamp object.
-
remove_custom_stix
(stix_obj)¶ Remove any custom STIX objects or properties.
Warning
This function is a best effort utility, in that it will remove custom objects and properties based on the type names; i.e. if “x-” prefixes object types, and “x_” prefixes property types. According to the STIX2 spec, those naming conventions are a SHOULDs not MUSTs, meaning that valid custom STIX content may ignore those conventions and in effect render this utility function invalid when used on that STIX content.
Parameters: stix_obj (dict OR python-stix obj) – a single python-stix object or dict of a STIX object Returns: A new version of the object with any custom content removed
-
revoke
(data)¶ Revoke a STIX object.
Returns: A new version of the object with revoked
set toTrue
.