Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

created TLP classes as defined in spec #97

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

created TLP classes as defined in spec #97

wants to merge 9 commits into from

Conversation

anlklsim
Copy link
Contributor

The STIX spec defines the exact ID and created date for the 4 TLP markings. I defined them in a class as static values and created a test Spec. It's interesting that the markings do not need to be within the bundle.

Note that the Stix Mocking for TLP Marking defs makes up custom properties, but they are not really allowed for the TLP markings.

@StephenOTT
Copy link
Owner

StephenOTT commented May 10, 2019
edited
Loading

Great stuff.

I am waiting for a response on this: oasis-tcs/cti-stix2#152 before merging.

The extreme limitation on the TLPs is very weird, and would like to document its usage before we implement the rest of the TLPs

Further tasks:

  • Update the TLPs to remove custom props Custom props are provided by marking def. The Custom props have been removed from the Mock generator for TLPs
  • Add a config override to allow a implementation to allow custom parsing of TLPs without having to create custom objects...
  • Add logic on deserialization to validate against the new Tlps class that @anlklsim has provided
  • Add some helper logic on object build to validate that the TLP is matched to the spec limitations/requirements.

StephenOTT
StephenOTT reviewed May 10, 2019
View reviewed changes
src/test/groovy/stix/datamarkings/TLPmarkingsSpec.groovy Outdated
import spock.lang.Shared
import spock.lang.Specification

/**
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • review usage of author javadoc tag as its starting to be deprecated in tooling like apache and gradle

StephenOTT
StephenOTT reviewed May 10, 2019
View reviewed changes
src/test/groovy/stix/datamarkings/TLPmarkingsSpec.groovy
MarkingDefinition green = Tlps.TLP_GREEN;
StixInstant now = new StixInstant();

Indicator ind = Indicator.builder()
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets move this into a json file similar to the Bundle tests. The current test is basically a duplicate of the mock generation test. The json file tests is a "hardened" data example where the json file represents the "pure" unchanging json to test against

@StephenOTT
Copy link
Owner

@anlklsim what scenario causes the NPE that you fixed for the getCause() ?

@anlklsim
Copy link
Contributor Author

I had mistakenly called STIXParsers.parseObject on my bundle in my test, which threw an IOExeption in the method (since it was not a BundleableObject), and the if statement threw an NPE on ex.getClause() and therefore only the NPE was logged in the Junit as the error (hiding the true exception message). Stepping thru the debugger, I saw the error, added the null check, and then the true error printed out. Only then, did I notice that I was calling the wrong method. I added the same check to parseBundle to be complete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StephenOTT StephenOTT StephenOTT left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anlklsim @StephenOTT