PyPI - stidantic - Versions diffs - 0.1.3__py3-none-any.whl - Mend

stidantic 0.1.3__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of stidantic might be problematic. Click here for more details.

Files changed (15) hide show

stidantic/bundle.py +29 -0
stidantic/extension.py +115 -0
stidantic/extensions/pap.py +66 -0
stidantic/language.py +35 -0
stidantic/marking.py +118 -0
stidantic/sco.py +1526 -0
stidantic/sdo.py +952 -0
stidantic/sro.py +159 -0
stidantic/types.py +441 -0
stidantic/validators.py +20 -0
stidantic/vocab.py +512 -0
stidantic-0.1.3.dist-info/METADATA +203 -0
stidantic-0.1.3.dist-info/RECORD +15 -0
stidantic-0.1.3.dist-info/WHEEL +4 -0
stidantic-0.1.3.dist-info/licenses/LICENSE +21 -0

stidantic-0.1.3.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,203 @@
+Metadata-Version: 2.4
+Name: stidantic
+Version: 0.1.3
+Summary: A Pydantic-based Python library for parsing, validating, and creating STIX 2.1 cyber threat intelligence data.
+Project-URL: Homepage, https://github.com/nicocti/stidantic
+Project-URL: Bug Tracker, https://github.com/nicocti/stidantic/issues
+Author-email: nicocti <nicocti@users.noreply.github.com>
+Maintainer-email: nicocti <nicocti@users.noreply.github.com>
+License-File: LICENSE
+Keywords: cti,pydantic,stix,stix2,stix2.1
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Typing :: Typed
+Requires-Python: >=3.12
+Requires-Dist: annotated-types>=0.6.0
+Requires-Dist: pydantic>=2.12
+Requires-Dist: typing-extensions>=4.14.1
+Description-Content-Type: text/markdown
+# stidantic [WIP]
+**This is work in progress, compliant but untested.**
+A Pydantic-based Python library for parsing, validating, and creating STIX 2.1 cyber threat intelligence data.
+[![Python 3.12+](https://img.shields.io/badge/python-3.12+-blue.svg)](https://www.python.org/downloads/)
+[![Pydantic v2](https://img.shields.io/badge/pydantic-v2.12+-green.svg)](https://docs.pydantic.dev/)
+[![STIX v2.1](https://img.shields.io/badge/stix-v2.1+-red.svg)](https://oasis-open.github.io/cti-documentation/stix/intro)
+## Overview
+**stidantic** provides a type-safe, Pythonic way to work with [STIX 2.1](https://oasis-open.github.io/cti-documentation/stix/intro) (Structured Threat Information Expression) objects.
+This library leverages [Pydantic](https://docs.pydantic.dev/) to provide:
+- 🔒 **Strong type validation** for all STIX objects
+- 📝 **IDE auto-completion** and type hints
+- ✅ **Automatic validation** of STIX specification constraints
+- 🔄 **Easy JSON serialization/deserialization**
+- ❄️ **Immutable models** with frozen Pydantic configurations
+- 🎯 **Discriminated unions** for polymorphic STIX object handling
+## Installation
+### Requirements
+- Python 3.12 or later (uses PEP 695 type statements)
+- Pydantic >= 2.12
+## Quick Start
+### Parsing a STIX Bundle
+```python
+from stidantic.bundle import StixBundle
+# Load from JSON file
+with open("threat_data.json", "r") as f:
+    bundle = StixBundle.model_validate_json(f.read())
+# Access objects
+print(f"Bundle contains {len(bundle.objects)} objects")
+for obj in bundle.objects:
+    print(f"- {obj.type}: {obj.id}")
+```
+### Creating STIX Objects
+```python
+from datetime import datetime
+from stidantic.sdo import Campaign
+from stidantic.types import Identifier
+campaign = Campaign(
+    id=Identifier("campaign--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f"),
+    created=datetime.now(),
+    modified=datetime.now(),
+    name="Operation Stealth",
+    description="A sophisticated campaign targeting financial institutions",
+    objective="Financial gain through wire fraud"
+)
+# Export to JSON
+json_output = campaign.model_dump_json(indent=2, exclude_none=True, by_alias=True)
+print(json_output)
+```
+### Handling property extensions
+```python
+from stidantic.marking import MarkingDefinition
+from stidantic.extensions.pap import PAPExtensionDefinition, PAPExtension
+MarkingDefinition.register_new_extension(PAPExtensionDefinition, PAPExtension)
+data = {
+    "id": "marking-definition--c43594d1-4b11-4c59-93ab-1c9b14d53ce9",
+    "type": "marking-definition",
+    "spec_version": "2.1",
+    "extensions": {
+        "extension-definition--f8d78575-edfd-406e-8e84-6162a8450f5b": {
+            "extension_type": "property-extension",
+            "pap": "green",
+        }
+    },
+    "created": "2022-10-01T00:00:00Z",
+    "name": "PAP:GREEN",
+}
+pap_green = MarkingDefinition.model_validate(data)
+if isinstance(pap_green.extensions[PAPExtensionDefinition.id], PAPExtension):
+    print("Extension was parsed & validated by Pydantic.")
+```
+## Implemented STIX Objects
+### STIX Domain Objects (SDOs)
+- ✅ `AttackPattern` - Ways adversaries attempt to compromise targets
+- ✅ `Campaign` - Grouping of adversarial behaviors over time
+- ✅ `Course of Action` - Action taken to prevent or respond to an attack
+- ✅ `Grouping` - Explicitly asserts that STIX Objects have a shared context
+- ✅ `Identity` - Actual individuals, organizations, or groups
+- ✅ `Incident` - A stub object representing a security incident
+- ✅ `Indicator` - Pattern that can be used to detect suspicious or malicious activity
+- ✅ `Infrastructure` - Systems, software services, and associated resources
+- ✅ `Intrusion Set` - A grouped set of adversarial behaviors and resources
+- ✅ `Location` - A geographic location
+- ✅ `Malware` - A type of TTP that represents malicious code
+- ✅ `Malware Analysis` - The results of a malware analysis
+- ✅ `Note` - Analyst-created content and context
+- ✅ `Observed Data` - Information about cyber security related entities
+- ✅ `Opinion` - An assessment of the correctness of a STIX Object
+- ✅ `Report` - Collections of threat intelligence
+- ✅ `Threat Actor` - Actual individuals, groups, or organizations
+- ✅ `Tool` - Legitimate software that can be used by threat actors
+- ✅ `Vulnerability` - A mistake in software that can be used to compromise a system
+### STIX Cyber-observable Objects (SCOs)
+- ✅ `Artifact` - Binary or file-like objects
+- ✅ `AutonomousSystem` - Autonomous System (AS) information
+- ✅ `Directory` - A directory on a file system
+- ✅ `Domain Name` - A network domain name
+- ✅ `Email Address` - An email address
+- ✅ `Email Message` - An email message
+- ✅ `File` - A computer file
+- ✅ `IPv4 Address` - An IPv4 address
+- ✅ `IPv6 Address` - An IPv6 address
+- ✅ `MAC Address` - A Media Access Control (MAC) address
+- ✅ `Mutex` - A mutual exclusion object
+- ✅ `Network Traffic` - A network traffic flow
+- ✅ `Process` - A running process
+- ✅ `Software` - A software product
+- ✅ `URL` - A Uniform Resource Locator (URL)
+- ✅ `User Account` - A user account on a system
+- ✅ `Windows Registry Key` - A key in the Windows registry
+- ✅ `X.509 Certificate` - An X.509 certificate
+### STIX Relationship Objects (SROs)
+- ✅ `Relationship` - Connections between STIX objects
+- ✅ `Sighting` - Observations of threat intelligence in the wild
+### Meta Objects
+- ✅ `MarkingDefinition` - Data markings (includes TLP)
+- ✅ `LanguageContent` - Translations and internationalization
+- ✅ `ExtensionDefinition` - Custom STIX extensions
+### Bundle
+- ✅ `StixBundle` - Container for STIX objects
+## Roadmap
+- ~~**Full STIX 2.1 Compliance**~~
+- **Python packaging**
+- **Extensive Testing**
+- Mind the datetime datatype serializer to follow the specification (convert to UTC).
+- Implement auto deterministic UUIv5 generation for STIX Identifiers.
+- Implement a Indicator to Observable export method (and the other way round ?).
+- Add Generics validation for Identifier properties that must be of some type.
+- Better STIX Extension Support: Develop a robust and user-friendly mechanism for defining, parsing, and validating custom STIX extensions.
+- TAXII 2.1 Server: Build a TAXII 2.1 compliant server using FastAPI.
+- OCA Standard Extensions: Implement STIX extensions from the [Open Cybersecurity Alliance (OCA)](https://github.com/opencybersecurityalliance/stix-extensions) and [stix-common-objects](https://github.com/oasis-open/cti-stix-common-objects) repositories.
+- Performance Tuning: Profile and optimize parsing and serialization.
+## Resources
+- [STIX 2.1 Specification](https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html)
+- [STIX 2.1 Introduction](https://oasis-open.github.io/cti-documentation/stix/intro)
+- [Pydantic Documentation](https://docs.pydantic.dev/)
+## License
+stidantic is released under the [MIT License](https://opensource.org/licenses/MIT).
+## Acknowledgments
+This project implements the STIX 2.1 specification edited by Bret Jordan, Rich Piazza, and Trey Darley, published by the OASIS Cyber Threat Intelligence (CTI) Technical Committee.

stidantic-0.1.3.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,15 @@
+stidantic/bundle.py,sha256=Tg_62VhPfHE9LwSzC-qRy7yHnSyB1jeDRmb4ayxkj-U,768
+stidantic/extension.py,sha256=bGJSxyKRbZkyK1d3dhfmoaQ77w_-epCpuOrPbStyXmc,7909
+stidantic/language.py,sha256=ICPyx5bjOC-YP5bkpxoubJU9rEr25hbKwdFoPLq8u6s,2728
+stidantic/marking.py,sha256=wydmsm-HrYO-osEKmhEAQ71IMSSzllKvttIm3GZVeoU,5521
+stidantic/sco.py,sha256=8P1C_bVUaCnZdwErxIi8O3iQ6Pst1ObhxIKQq1CZk1k,75804
+stidantic/sdo.py,sha256=RbjaqcU9qb9oE-JkAuKq68S_0yE0DHXZgkb78yTzsM8,56041
+stidantic/sro.py,sha256=scntuescZ2Ukb5bcx7d3LCfvqys03DLU6_leT8F5p94,10617
+stidantic/types.py,sha256=W0_Xw-LNNKJ5phxCncO3J6XYQXPkZEfkOzKyPP2q8aQ,21772
+stidantic/validators.py,sha256=P_t1S8pSx1VCD9JNsB49s0p17Zj0_jtoUMc2gcGw56g,657
+stidantic/vocab.py,sha256=dB1vWf27A0bn167KuzcLhgYHXZOKgjb23SsOHfrHuwo,18948
+stidantic/extensions/pap.py,sha256=dJfwgt8HcW81gdpxXsG8EF1ucX0ZsM6C0YJ1yw9WbKw,2652
+stidantic-0.1.3.dist-info/METADATA,sha256=dFEGfj7KyQQe4APeIDFUHrtIg1b0KE9t9wR6iQk6nfY,8311
+stidantic-0.1.3.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+stidantic-0.1.3.dist-info/licenses/LICENSE,sha256=1Dm2uJzOTe6wtfCrm-OnmztCLqNrpyF8flo5fmVVpbM,1064
+stidantic-0.1.3.dist-info/RECORD,,

stidantic-0.1.3.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.27.0
+Root-Is-Purelib: true
+Tag: py3-none-any

stidantic-0.1.3.dist-info/licenses/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 nicocti
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.