utils¶
Utility functions for STIX2 data markings.
-
build_granular_marking
(granular_marking)¶ Return a dictionary with the required structure for a granular marking.
-
check_tlp_marking
(marking_obj, spec_version)¶
-
compress_markings
(granular_markings)¶ Compress granular markings list.
If there is more than one marking identifier matches. It will collapse into a single granular marking.
Example
>>> compress_markings([ ... { ... "selectors": [ ... "description" ... ], ... "marking_ref": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ... }, ... { ... "selectors": [ ... "name" ... ], ... "marking_ref": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ... } ... ]) [ { "selectors": [ "description", "name" ], "marking_ref": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" } ]
Parameters: granular_markings – The granular markings list property present in a SDO or SRO. Returns: list – A list with all markings collapsed.
-
convert_to_list
(data)¶ Convert input into a list for further processing.
-
convert_to_marking_list
(data)¶ Convert input into a list of marking identifiers.
-
expand_markings
(granular_markings)¶ Expand granular markings list.
If there is more than one selector per granular marking. It will be expanded using the same marking_ref.
Example
>>> expand_markings([ ... { ... "selectors": [ ... "description", ... "name" ... ], ... "marking_ref": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ... } ... ]) [ { "selectors": [ "description" ], "marking_ref": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" }, { "selectors": [ "name" ], "marking_ref": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" } ]
Parameters: granular_markings – The granular markings list property present in a SDO or SRO. Returns: list – A list with all markings expanded.
-
iterpath
(obj, path=None)¶ Generator which walks the input
obj
model.Each iteration yields a tuple containing a list of ancestors and the property value.
Parameters: - obj – An SDO or SRO object.
- path – None, used recursively to store ancestors.
Example
>>> for item in iterpath(obj): >>> print(item) (['type'], 'campaign') ... (['cybox', 'objects', '[0]', 'hashes', 'sha1'], 'cac35ec206d868b7d7cb0b55f31d9425b075082b')
Returns: tuple – - Containing two items: a list of ancestors and the
- property value.
-
validate
(obj, selectors)¶ Given an SDO or SRO, check that each selector is valid.