Merge pull request #93 from emmanvg/issue-91

Update stix2 Package Structure

Author: gtback

MANIFEST.in

@@ -0,0 +1,3 @@
+include LICENSE
+include CHANGELOG
+recursive-exclude stix2\test *

README.rst

@@ -62,6 +62,16 @@ To parse a STIX JSON string into a Python STIX object, use ``parse()``:
 
 For more in-depth documentation, please see `https://stix2.readthedocs.io/ <https://stix2.readthedocs.io/>`__.
 
+STIX 2.X Technical Specification Support
+----------------------------------------
+
+This version of python-stix2 supports STIX 2.0 by default. Although, the
+`stix2` Python library is built to support multiple versions of the STIX
+Technical Specification. With every major release of stix2 the ``import stix2``
+statement will automatically load the SDO/SROs equivalent to the most recent
+supported 2.X Technical Specification. Please see the library documentation
+for more details.
+
 Governance
 ----------
 

docs/guide/ts_support.ipynb

@@ -0,0 +1,237 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Technical Specification Support\n",
+    "\n",
+    "### How imports will work\n",
+    "\n",
+    "Imports can be used in different ways depending on the use case and support levels.\n",
+    "\n",
+    "People who want to (in general) support the latest version of STIX 2.X without making changes, implicitly using the latest version"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import stix2\n",
+    "\n",
+    "stix2.Indicator()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "or,"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from stix2 import Indicator\n",
+    "\n",
+    "Indicator()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "People who want to use an explicit version"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import stix2.v20\n",
+    "\n",
+    "stix2.v20.Indicator()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "or,"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from stix2.v20 import Indicator\n",
+    "\n",
+    "Indicator()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "or even,"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import stix2.v20 as stix2\n",
+    "\n",
+    "stix2.Indicator()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "The last option makes it easy to update to a new version in one place per file, once you've made the deliberate action to do this.\n",
+    "\n",
+    "People who want to use multiple versions in a single file:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import stix2\n",
+    "\n",
+    "stix2.v20.Indicator()\n",
+    "\n",
+    "stix2.v21.Indicator()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "or,"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from stix2 import v20, v21\n",
+    "\n",
+    "v20.Indicator()\n",
+    "v21.Indicator()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "or (less preferred):"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from stix2.v20 import Indicator as Indicator_v20\n",
+    "from stix2.v21 import Indicator as Indicator_v21\n",
+    "\n",
+    "Indicator_v20()\n",
+    "Indicator_v21()"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### How parsing will work\n",
+    "If the ``version`` positional argument is not provided. The data will be parsed using the latest version of STIX 2.X supported by the `stix2` library.\n",
+    "\n",
+    "You can lock your `parse()` method to a specific STIX version by"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from stix2 import parse\n",
+    "\n",
+    "indicator = parse(\"\"\"{\n",
+    "    \"type\": \"indicator\",\n",
+    "    \"id\": \"indicator--dbcbd659-c927-4f9a-994f-0a2632274394\",\n",
+    "    \"created\": \"2017-09-26T23:33:39.829Z\",\n",
+    "    \"modified\": \"2017-09-26T23:33:39.829Z\",\n",
+    "    \"labels\": [\n",
+    "        \"malicious-activity\"\n",
+    "    ],\n",
+    "    \"name\": \"File hash for malware variant\",\n",
+    "    \"pattern\": \"[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']\",\n",
+    "    \"valid_from\": \"2017-09-26T23:33:39.829952Z\"\n",
+    "}\"\"\", version=\"2.0\")\n",
+    "print(indicator)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Keep in mind that if a 2.1 or higher object is parsed, the operation will fail."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### How will custom work\n",
+    "\n",
+    "CustomObject, CustomObservable, CustomMarking and CustomExtension must be registered explicitly by STIX version. This is a design decision since properties or requirements may change as the STIX Technical Specification advances.\n",
+    "\n",
+    "You can perform this by,"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import stix2\n",
+    "\n",
+    "# Make my custom observable available in STIX 2.0\n",
+    "@stix2.v20.CustomObservable('x-new-object-type',\n",
+    "                            ((\"prop\", stix2.properties.BooleanProperty())))\n",
+    "class NewObject2(object):\n",
+    "    pass\n",
+    "\n",
+    "\n",
+    "# Make my custom observable available in STIX 2.1\n",
+    "@stix2.v21.CustomObservable('x-new-object-type',\n",
+    "                            ((\"prop\", stix2.properties.BooleanProperty())))\n",
+    "class NewObject2(object):\n",
+    "    pass"
+   ]
+  }
+ ],
+ "metadata": {},
+ "nbformat": 4,
+ "nbformat_minor": 0
+}

setup.py

@@ -45,7 +45,7 @@ def get_version():
         'Programming Language :: Python :: 3.6',
     ],
     keywords="stix stix2 json cti cyber threat intelligence",
-    packages=find_packages(),
+    packages=find_packages(exclude=['*.test']),
     install_requires=[
         'python-dateutil',
         'pytz',

stix2/__init__.py

@@ -19,27 +19,10 @@
 
 # flake8: noqa
 
-from . import exceptions
-from .common import (TLP_AMBER, TLP_GREEN, TLP_RED, TLP_WHITE, CustomMarking,
-                     ExternalReference, GranularMarking, KillChainPhase,
-                     MarkingDefinition, StatementMarking, TLPMarking)
-from .core import Bundle, _register_type, parse
+from .core import Bundle, _collect_stix2_obj_maps, _register_type, parse
 from .environment import Environment, ObjectFactory
 from .markings import (add_markings, clear_markings, get_markings, is_marked,
                        remove_markings, set_markings)
-from .observables import (URL, AlternateDataStream, ArchiveExt, Artifact,
-                          AutonomousSystem, CustomExtension, CustomObservable,
-                          Directory, DomainName, EmailAddress, EmailMessage,
-                          EmailMIMEComponent, File, HTTPRequestExt, ICMPExt,
-                          IPv4Address, IPv6Address, MACAddress, Mutex,
-                          NetworkTraffic, NTFSExt, PDFExt, Process,
-                          RasterImageExt, SocketExt, Software, TCPExt,
-                          UNIXAccountExt, UserAccount, WindowsPEBinaryExt,
-                          WindowsPEOptionalHeaderType, WindowsPESection,
-                          WindowsProcessExt, WindowsRegistryKey,
-                          WindowsRegistryValueType, WindowsServiceExt,
-                          X509Certificate, X509V3ExtenstionsType,
-                          parse_observable)
 from .patterns import (AndBooleanExpression, AndObservationExpression,
                        BasicObjectPathComponent, EqualityComparisonExpression,
                        FloatConstant, FollowedByObservationExpression,
@@ -58,16 +41,17 @@
                        ReferenceObjectPathComponent, RepeatQualifier,
                        StartStopQualifier, StringConstant, TimestampConstant,
                        WithinQualifier)
-from .sdo import (AttackPattern, Campaign, CourseOfAction, CustomObject,
-                  Identity, Indicator, IntrusionSet, Malware, ObservedData,
-                  Report, ThreatActor, Tool, Vulnerability)
 from .sources import CompositeDataSource
 from .sources.filesystem import (FileSystemSink, FileSystemSource,
                                  FileSystemStore)
 from .sources.filters import Filter
 from .sources.memory import MemorySink, MemorySource, MemoryStore
 from .sources.taxii import (TAXIICollectionSink, TAXIICollectionSource,
                             TAXIICollectionStore)
-from .sro import Relationship, Sighting
 from .utils import get_dict, new_version, revoke
+from .v20 import *  # This import will always be the latest STIX 2.X version
 from .version import __version__
+
+_collect_stix2_obj_maps()
+
+DEFAULT_VERSION = "2.0"  # Default version will always be the latest STIX 2.X version