filesystem¶
Python STIX2 FileSystem Source/Sink
-
class
AuthSet
(allowed, prohibited)¶ Represents either a whitelist or blacklist of values, where/what we must/must not search to find objects which match a query. (Maybe “AuthSet” isn’t the right name, but determining authorization is a typical context in which black/white lists are used.)
The set may be empty. For a whitelist, this means you mustn’t search anywhere, which means the query was impossible to match, so you can skip searching altogether. For a blacklist, this means nothing is excluded and you must search everywhere.
-
BLACK
= 0¶
-
WHITE
= 1¶
-
auth_type
¶ AuthSet.WHITE or AuthSet.BLACK.
Type: Get the type of set
-
values
¶ Get the values in this white/blacklist, as a set.
-
-
class
FileSystemSink
(stix_dir, allow_custom=False, bundlify=False)¶ Interface for adding/pushing STIX objects to file directory of STIX objects.
Can be paired with a FileSystemSource, together as the two components of a FileSystemStore.
Parameters: - stix_dir (str) – path to directory of STIX objects.
- allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSource. Default: False
- bundlify (bool) – Whether to wrap objects in bundles when saving them. Default: False.
-
add
(stix_data=None, version=None)¶ Add STIX objects to file directory.
Parameters: - stix_data (STIX object OR dict OR str OR list) – valid STIX 2.0 content in a STIX object (or list of), dict (or list of), or a STIX 2.0 json encoded string.
- version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
Note
stix_data
can be a Bundle object, but each object in it will be saved separately; you will be able to retrieve any of the objects the Bundle contained, but not the Bundle itself.
-
stix_dir
¶
-
class
FileSystemSource
(stix_dir, allow_custom=True, encoding='utf-8')¶ Interface for searching/retrieving STIX objects from a STIX object file directory.
Can be paired with a FileSystemSink, together as the two components of a FileSystemStore.
Parameters: - stix_dir (str) – path to directory of STIX objects
- allow_custom (bool) – Whether to allow custom STIX content to be added to the FileSystemSink. Default: True
- encoding (str) – The encoding to use when reading a file from the filesystem.
-
all_versions
(stix_id, version=None, _composite_filters=None)¶ Retrieve STIX object from file directory via STIX ID, all versions.
Note: Since FileSystem sources/sinks don’t handle multiple versions of a STIX object, this operation is unnecessary. Pass call to get().
Parameters: - stix_id (str) – The STIX ID of the STIX objects to be retrieved.
- _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
- version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
Returns: (list) –
- of STIX objects that has the supplied STIX ID.
The STIX objects are loaded from their json files, parsed into a python STIX objects and then returned
-
get
(stix_id, version=None, _composite_filters=None)¶ Retrieve STIX object from file directory via STIX ID.
Parameters: - stix_id (str) – The STIX ID of the STIX object to be retrieved.
- _composite_filters (FilterSet) – collection of filters passed from the parent CompositeDataSource, not user supplied
- version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
Returns: (STIX object) –
- STIX object that has the supplied STIX ID.
The STIX object is loaded from its json file, parsed into a python STIX object and then returned
-
query
(query=None, version=None, _composite_filters=None)¶ Search and retrieve STIX objects based on the complete query.
A “complete query” includes the filters from the query, the filters attached to this FileSystemSource, and any filters passed from a CompositeDataSource (i.e. _composite_filters).
Parameters: - query (list) – list of filters to search on
- _composite_filters (FilterSet) – collection of filters passed from the CompositeDataSource, not user supplied
- version (str) – If present, it forces the parser to use the version provided. Otherwise, the library will make the best effort based on checking the “spec_version” property.
Returns: (list) –
- list of STIX objects that matches the supplied
query. The STIX objects are loaded from their json files, parsed into a python STIX objects and then returned.
-
stix_dir
¶
-
class
FileSystemStore
(stix_dir, allow_custom=None, bundlify=False, encoding='utf-8')¶ Interface to a file directory of STIX objects.
FileSystemStore is a wrapper around a paired FileSystemSink and FileSystemSource.
Parameters: - stix_dir (str) – path to directory of STIX objects
- allow_custom (bool) – whether to allow custom STIX content to be pushed/retrieved. Defaults to True for FileSystemSource side (retrieving data) and False for FileSystemSink side(pushing data). However, when parameter is supplied, it will be applied to both FileSystemSource and FileSystemSink.
- bundlify (bool) – whether to wrap objects in bundles when saving them. Default: False.
- encoding (str) – The encoding to use when reading a file from the filesystem.
-
source
¶ FileSystemSource
Type: FileSystemSource
-
sink
¶ FileSystemSink
Type: FileSystemSink