From 700ddfd642cfa1ebee8b93fdeac55f2bc1097cb5 Mon Sep 17 00:00:00 2001 From: Md Azam Date: Thu, 16 Nov 2023 15:23:10 -0400 Subject: [PATCH 1/3] Remove future timestamp qualifier conditions --- .../stix_translation/query_constructor.py | 4 --- .../test_aws_guardduty_stix_to_query.py | 27 +++++++++++++++---- .../stix_translation/query_constructor.py | 4 --- .../test_okta_stix_to_query.py | 11 ++++---- 4 files changed, 28 insertions(+), 18 deletions(-) diff --git a/stix_shifter_modules/aws_guardduty/stix_translation/query_constructor.py b/stix_shifter_modules/aws_guardduty/stix_translation/query_constructor.py index e472c794a..56e6a1edc 100644 --- a/stix_shifter_modules/aws_guardduty/stix_translation/query_constructor.py +++ b/stix_shifter_modules/aws_guardduty/stix_translation/query_constructor.py @@ -372,13 +372,9 @@ def _check_time_range_values(time_range_list): checks for valid start and stop time :param time_range_list: list """ - utc_timestamp = STOP_TIME.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z' - converted_utc_timestamp = QueryStringPatternTranslator._format_datetime(utc_timestamp) converted_timestamp = [] for timestamp in time_range_list: converted_time = QueryStringPatternTranslator._format_datetime(timestamp) - if converted_time > converted_utc_timestamp: - raise StartStopQualifierValueException('Start/Stop time should not be in the future UTC timestamp') converted_timestamp.append(converted_time) if converted_timestamp[0] >= converted_timestamp[1]: raise StartStopQualifierValueException('Start time should be lesser than Stop time') diff --git a/stix_shifter_modules/aws_guardduty/tests/stix_translation/test_aws_guardduty_stix_to_query.py b/stix_shifter_modules/aws_guardduty/tests/stix_translation/test_aws_guardduty_stix_to_query.py index 4fb644afc..aa0bf80b1 100644 --- a/stix_shifter_modules/aws_guardduty/tests/stix_translation/test_aws_guardduty_stix_to_query.py +++ b/stix_shifter_modules/aws_guardduty/tests/stix_translation/test_aws_guardduty_stix_to_query.py @@ -654,13 +654,30 @@ def test_multiple_observation_with_single_qualifier_with_precedence_bracket(self queries = _remove_timestamp_from_query(queries) self._test_query_assertions(query, queries) - def test_invalid_qualifier_with_future_timestamp(self): + def test_timestamp_qualifier(self): stix_pattern = "[network-traffic:src_port >= 32794]START t'2023-01-19T11:00:00.000Z' " \ "STOP t'2024-02-07T11:00:00.003Z'" - result = translation.translate('aws_guardduty', 'query', '{}', stix_pattern) - assert result['success'] is False - assert "translation_error" == result['code'] - assert 'Start/Stop time should not be in the future UTC timestamp' in result['error'] + queries = { + "queries": [ + { + "FindingCriteria": { + "Criterion": { + "service.action.networkConnectionAction.localPortDetails.port": { + "GreaterThanOrEqual": 32794 + }, + "updatedAt": { + "GreaterThanOrEqual": 1674126000000, + "LessThanOrEqual": 1707303600003 + } + } + } + } + ] + } + query = translation.translate('aws_guardduty', 'query', '{}', stix_pattern) + query = _remove_timestamp_from_query(query) + queries = _remove_timestamp_from_query(queries) + self._test_query_assertions(query, queries) def test_stop_time_lesser_than_start_time(self): stix_pattern = "[network-traffic:src_port >= 32794]START t'2023-01-19T11:00:00.000Z' " \ diff --git a/stix_shifter_modules/okta/stix_translation/query_constructor.py b/stix_shifter_modules/okta/stix_translation/query_constructor.py index 1d2df7b5d..21d733f8e 100644 --- a/stix_shifter_modules/okta/stix_translation/query_constructor.py +++ b/stix_shifter_modules/okta/stix_translation/query_constructor.py @@ -230,13 +230,9 @@ def _check_time_range_values(time_range_list): checks for valid start and stop time :param time_range_list: list """ - utc_timestamp = STOP_TIME.strftime('%Y-%m-%dT%H:%M:%S.%f')[:-3] + 'Z' - converted_utc_timestamp = QueryStringPatternTranslator._format_datetime(utc_timestamp) converted_timestamp = [] for timestamp in time_range_list: converted_time = QueryStringPatternTranslator._format_datetime(timestamp) - if converted_time > converted_utc_timestamp: - raise StartStopQualifierValueException('Start/Stop time should not be in the future UTC timestamp') converted_timestamp.append(converted_time) if converted_timestamp[0] >= converted_timestamp[1]: raise StartStopQualifierValueException('Start time should be lesser than Stop time') diff --git a/stix_shifter_modules/okta/test/stix_translation/test_okta_stix_to_query.py b/stix_shifter_modules/okta/test/stix_translation/test_okta_stix_to_query.py index cf3864a21..6e9755b77 100644 --- a/stix_shifter_modules/okta/test/stix_translation/test_okta_stix_to_query.py +++ b/stix_shifter_modules/okta/test/stix_translation/test_okta_stix_to_query.py @@ -317,13 +317,14 @@ def test_wildcard_characters_like_operator(self): queries = _remove_timestamp_from_query(queries) self._test_query_assertions(query, queries) - def test_invalid_qualifier_with_future_timestamp(self): + def test_timestamp_qualifier(self): stix_pattern = "[domain-name:value LIKE 'amazonaws.com'] " \ "START t'2023-01-19T11:00:00.000Z' STOP t'2024-02-07T11:00:00.003Z'" - result = translation.translate('okta', 'query', '{}', stix_pattern) - assert result['success'] is False - assert "translation_error" == result['code'] - assert 'Start/Stop time should not be in the future UTC timestamp' in result['error'] + query = translation.translate('okta', 'query', '{}', stix_pattern) + query['queries'] = _remove_timestamp_from_query(query['queries']) + queries = ["filter=securityContext.domain co \"amazonaws.com\" &since=2023-01-19T11:00:00.000Z&until=2024-02-07T11:00:00.003Z"] + queries = _remove_timestamp_from_query(queries) + self._test_query_assertions(query, queries) def test_invalid_operator_for_integer_type_field(self): stix_pattern = "[autonomous-system:number LIKE '50']" From fdb24907592510851e955688f5a946af7315fe71 Mon Sep 17 00:00:00 2001 From: Md Azam Date: Tue, 21 Nov 2023 13:32:42 -0400 Subject: [PATCH 2/3] debuging a unittest --- .../stix_bundle/test/test_stix_bundle_transmission.py | 1 + .../stix_transmission/utils/RestApiClientAsync.py | 3 +++ 2 files changed, 4 insertions(+) diff --git a/stix_shifter_modules/stix_bundle/test/test_stix_bundle_transmission.py b/stix_shifter_modules/stix_bundle/test/test_stix_bundle_transmission.py index c34f6ecb3..dd29a36e4 100644 --- a/stix_shifter_modules/stix_bundle/test/test_stix_bundle_transmission.py +++ b/stix_shifter_modules/stix_bundle/test/test_stix_bundle_transmission.py @@ -21,6 +21,7 @@ def test_ping(self): entry_point = EntryPoint(self.connection, self.configuration) ping_result = run_in_thread(entry_point.ping_connection) assert ping_result["success"] is True + assert False def test_ping_failure(self): connection = { diff --git a/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py b/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py index d7fd5bba6..f566f37a0 100644 --- a/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py +++ b/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py @@ -64,6 +64,7 @@ def __init__(self, host, port=None, headers={}, url_modifier_function=None, cert self.server_cert_file_content = None self.ssl_context = False + print('cert_verify: ' + str(cert_verify)) if isinstance(cert_verify, bool): # verify certificate non self signed case if cert_verify: @@ -111,6 +112,8 @@ async def call_api(self, endpoint, method, headers=None, cookies=None, data=None async with RetryClient(retry_options=retry_options) as client: call = getattr(client, method.lower()) + print('self.ssl_context: ' + str(self.ssl_context)) + async with call(url, headers=actual_headers, params=urldata, data=data, ssl=self.ssl_context, timeout=client_timeout, From 345c933a48e4878000df8763512dbfbba5b48f51 Mon Sep 17 00:00:00 2001 From: Md Azam Date: Tue, 21 Nov 2023 13:40:02 -0400 Subject: [PATCH 3/3] revert prints --- .../stix_bundle/test/test_stix_bundle_transmission.py | 1 - .../stix_transmission/utils/RestApiClientAsync.py | 3 --- 2 files changed, 4 deletions(-) diff --git a/stix_shifter_modules/stix_bundle/test/test_stix_bundle_transmission.py b/stix_shifter_modules/stix_bundle/test/test_stix_bundle_transmission.py index dd29a36e4..c34f6ecb3 100644 --- a/stix_shifter_modules/stix_bundle/test/test_stix_bundle_transmission.py +++ b/stix_shifter_modules/stix_bundle/test/test_stix_bundle_transmission.py @@ -21,7 +21,6 @@ def test_ping(self): entry_point = EntryPoint(self.connection, self.configuration) ping_result = run_in_thread(entry_point.ping_connection) assert ping_result["success"] is True - assert False def test_ping_failure(self): connection = { diff --git a/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py b/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py index f566f37a0..d7fd5bba6 100644 --- a/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py +++ b/stix_shifter_utils/stix_transmission/utils/RestApiClientAsync.py @@ -64,7 +64,6 @@ def __init__(self, host, port=None, headers={}, url_modifier_function=None, cert self.server_cert_file_content = None self.ssl_context = False - print('cert_verify: ' + str(cert_verify)) if isinstance(cert_verify, bool): # verify certificate non self signed case if cert_verify: @@ -112,8 +111,6 @@ async def call_api(self, endpoint, method, headers=None, cookies=None, data=None async with RetryClient(retry_options=retry_options) as client: call = getattr(client, method.lower()) - print('self.ssl_context: ' + str(self.ssl_context)) - async with call(url, headers=actual_headers, params=urldata, data=data, ssl=self.ssl_context, timeout=client_timeout,