Merge pull request #17 from robthew/main

Add IEP Data marking extension

iep-marking-definition-762/README.md

@@ -0,0 +1,54 @@
+# IEP Marking Definition Version 2.0
+
+This is an implementation of the
+[IEP Marking Definition Version 2.0](https://github.com/oasis-open/cti-stix-common-objects/blob/main/extension-definition-specifications/iep-marking-definition-762/STIX-2.1-IEP2.0-marking-definition.adoc).
+It includes the data marking extension itself, and a set of tests.
+
+## Example usage
+Creating a marking definition and applying it to an indicator:
+
+```
+iep_data_marking = MarkingDefinition(
+        id='marking-definition--da05d443-ad8d-46fc-abf5-31d3d00290f1',
+        name='IEP data marking',
+        created="2024-01-10T14:52:41.853121Z",
+        extensions={
+            IEP_DATA_MARKING_EXTENSION_ID: IEPDataMarking(
+                extension_type='property-extension',
+                encrypt_in_transit='may',
+                permitted_actions='externally-visible-direct-actions',
+                affected_party_notifications='may',
+                tlp='amber',
+                provider_attribution='must-not',
+                unmodified_resale='must-not',
+                iep_id='0224bfdf-ea3a-49c3-96f6-66d908bb1845',
+                iep_version='2.0',
+                description='This is a TLP-AMBER Information Exchange Policy',
+                start_date='2022-10-01T00:00:00.000Z'
+            )
+        }
+    )
+
+    indicator = Indicator(
+        id="indicator--1f1abcee-3b7a-468c-a7d4-635148ce2946",
+        pattern_type="stix",
+        pattern="[file:hashes.md5 = 'd41d8cd98f00b204e9800998ecf8427e']",
+        created="2024-01-10T15:52:58.032211Z",
+        modified="2024-01-10T15:52:58.032211Z",
+        valid_from="2024-01-10T15:52:58.032211Z",
+        object_marking_refs=iep_data_marking
+    )
+```
+
+## Running the tests
+Tests can be run with Tox by executing the `tox` command.
+
+The PYTHONPATH needs to be set in env. This enables the tests to find the data marking module. 
+
+On a Mac:
+`export PYTHONPATH=$(pwd)/src`
+or on Windows:
+`set PYTHONPATH=$(cd)/src`
+
+Run the tests:
+`tox -c tox.ini`

iep-marking-definition-762/examples/iep-bundle-data-marking-example.json

@@ -0,0 +1,40 @@
+{
+    "type": "bundle",
+    "id": "bundle--1b068194-6f34-4a7f-b73d-407d8375b81d",
+    "objects": [
+        { 
+            "type": "marking-definition", 
+            "spec_version": "2.1", 
+            "id": "marking-definition--d68dc6bf-c181-424b-85e1-5a92868f01b6", 
+            "created": "2022-10-01T00:00:00.000Z", 
+            "name": "IEP data marking",
+            "external_references": [
+                {
+                    "source_name": "IEP",
+                    "description": "Information Exchange Policy",
+                    "url": "https://www.first.org/iep"
+                },
+                {
+                    "source_name": "TLP",
+                    "description": "Traffic Light Protocol",
+                    "url": "https://www.first.org/tlp"
+                }
+            ],
+            "extensions": {
+                "extension-definition--762e2e97-ee51-43e5-a9ea-165fbb862c4a": {
+                    "extension_type": "property-extension",
+                    "encrypt_in_transit": "may",
+                    "permitted_actions": "externally-visible-direct-actions",
+                    "affected_party_notifications": "may",
+                    "tlp": "amber",
+                    "provider_attribution": "must-not",
+                    "unmodified_resale": "must-not",
+                    "iep_id": "0224bfdf-ea3a-49c3-96f6-66d908bb1845",
+                    "iep_version": 2.0,
+                    "description": "This is a TLP-AMBER Information Exchange Policy",
+                    "start_date": "2022-10-01T00:00:00.000Z"
+                }
+            }
+        }
+    ]
+}

iep-marking-definition-762/examples/iep-data-marking-example.json

@@ -0,0 +1,22 @@
+{
+    "type": "marking-definition",
+    "spec_version": "2.1",
+    "id": "marking-definition--da05d443-ad8d-46fc-abf5-31d3d00290f1",
+    "created": "2024-01-10T14:52:41.853121Z",
+    "name": "IEP data marking",
+    "extensions": {
+        "extension-definition--762e2e97-ee51-43e5-a9ea-165fbb862c4a": {
+            "extension_type": "property-extension",
+            "encrypt_in_transit": "may",
+            "permitted_actions": "externally-visible-direct-actions",
+            "affected_party_notifications": "may",
+            "tlp": "amber",
+            "provider_attribution": "must-not",
+            "unmodified_resale": "must-not",
+            "iep_id": "0224bfdf-ea3a-49c3-96f6-66d908bb1845",
+            "iep_version": 2.0,
+            "description": "This is a TLP-AMBER Information Exchange Policy",
+            "start_date": "2022-10-01T00:00:00Z"
+        }
+    }
+}

iep-marking-definition-762/examples/iep-data-marking-red-example.json

@@ -0,0 +1,23 @@
+{
+    "type": "marking-definition",
+    "spec_version": "2.1",
+    "id": "marking-definition--da05d443-ad8d-46fc-abf5-31d3d00290f1",
+    "created": "2024-01-10T14:52:41.853121Z",
+    "name": "IEP data marking",
+    "extensions": {
+        "extension-definition--762e2e97-ee51-43e5-a9ea-165fbb862c4a": {
+            "extension_type": "property-extension",
+            "encrypt_in_transit": "must",
+            "permitted_actions": "contact-for-instruction",
+            "affected_party_notifications": "must-not",
+            "tlp": "red",
+            "provider_attribution": "must-not",
+            "unmodified_resale": "must-not",
+            "iep_id": "0224bfdf-ea3a-49c3-96f6-66d908bb1845",
+            "iep_version": 2.0,
+            "description": "This is a TLP-RED Information Exchange Policy",
+            "start_date": "2022-10-01T00:00:00Z",
+            "end_date": "2022-11-01T00:00:00Z"
+        }
+    }
+}

iep-marking-definition-762/examples/iep-extension-definition-object.json

@@ -0,0 +1,15 @@
+{ 
+    "id": "extension-definition--762e2e97-ee51-43e5-a9ea-165fbb862c4a", 
+    "type": "extension-definition", 
+    "spec_version": "2.1", 
+    "name": "IEP 2.0", 
+    "description": "This defines IEP 2.0 as a STIX extension", 
+    "created": "2022-12-19T00:00:00.000Z",
+    "modified": "2022-12-19T00:00:00.000Z",
+    "created_by_ref": "identity--b3bca3c2-1f3d-4b54-b44f-dac42c3a8f01", 
+    "schema": "https://github.com/oasis-open/cti-stix-common-objects/tree/master/extension-definition-specifications/iep-marking-definition-762", 
+    "version": "1.0.0", 
+    "extension_types": [ 
+        "property-extension"
+    ] 
+}

iep-marking-definition-762/pyproject.toml

@@ -0,0 +1,23 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "iep-marking-definition-762"
+version = "0.1"
+description = "Implementation of python API for the IEP Data Markings extension for STIX 2.1"
+dependencies = [
+    "stix2"
+]
+
+[project.optional-dependencies]
+dev = ["pytest", "tox"]
+
+[tool.pytest.ini_options]
+addopts = "--import-mode=importlib"
+
+[tool.ruff.lint]
+extend-select = ["E501"]
+
+[tool.ruff.lint.pycodestyle]
+max-line-length = 160

iep-marking-definition-762/src/iep_data_markings/iep_data_markings.py

@@ -0,0 +1,27 @@
+from stix2.v21 import CustomExtension
+from stix2.properties import (
+    EnumProperty, FloatProperty,
+    StringProperty, TimestampProperty
+)
+from iep_data_markings.vocab import IEP_PERMITTED_ACTIONS, TLP_COLORS, MAY, MUST, MUST_NOT
+
+IEP_DATA_MARKING_EXTENSION_ID = 'extension-definition--762e2e97-ee51-43e5-a9ea-165fbb862c4a'
+
+
+@CustomExtension(IEP_DATA_MARKING_EXTENSION_ID, [
+    ('encrypt_in_transit', EnumProperty(allowed=[MUST, MAY], required=True)),
+    ('permitted_actions', EnumProperty(IEP_PERMITTED_ACTIONS, required=True)),
+    ('affected_party_notifications', EnumProperty(allowed=[MAY, MUST_NOT], required=True)),
+    ('tlp', EnumProperty(TLP_COLORS, required=True)),
+    ('provider_attribution', EnumProperty(
+        allowed=[MAY, MUST, MUST_NOT], required=True,
+    )),
+    ('unmodified_resale', EnumProperty(allowed=[MAY, MUST_NOT], required=True)),
+    ('iep_id', StringProperty(required=True)),
+    ('iep_version', FloatProperty(required=True)),
+    ('description', StringProperty(required=True)),
+    ('start_date', TimestampProperty(required=True)),
+    ('end_date', TimestampProperty(required=False)),
+])
+class IEPDataMarking:
+    extension_type = 'property-extension'

iep-marking-definition-762/src/iep_data_markings/vocab.py

@@ -0,0 +1,29 @@
+MAY = 'may'
+MUST = 'must'
+MUST_NOT = 'must-not'
+
+IEP_ACTION_NONE = 'none'
+IEP_ACTION_CONTACT_FOR_INSTRUCTION = 'contact-for-instruction'
+IEP_ACTION_INTERNALLY_VISIBLE_ACTIONS = 'internally-visible-actions'
+IEP_ACTION_EXTERNALLY_VISIBLE_INDIRECT_ACTIONS = 'externally-visible-indirect-actions'
+IEP_ACTION_EXTERNALLY_VISIBLE_DIRECT_ACTIONS = 'externally-visible-direct-actions'
+
+IEP_PERMITTED_ACTIONS = [
+    IEP_ACTION_NONE,
+    IEP_ACTION_CONTACT_FOR_INSTRUCTION,
+    IEP_ACTION_INTERNALLY_VISIBLE_ACTIONS,
+    IEP_ACTION_EXTERNALLY_VISIBLE_INDIRECT_ACTIONS,
+    IEP_ACTION_EXTERNALLY_VISIBLE_DIRECT_ACTIONS
+]
+
+RED = 'red'
+AMBER = 'amber'
+GREEN = 'green'
+WHITE = 'white'
+
+TLP_COLORS = [
+    RED,
+    AMBER,
+    GREEN,
+    WHITE
+]