PyPI - txt2stix - Versions diffs - 1.0.5__tar.gz → 1.0.7__tar.gz - Mend

txt2stix 1.0.5tar.gz → 1.0.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (260) hide show

{txt2stix-1.0.5 → txt2stix-1.0.7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: txt2stix
-Version: 1.0.5
+Version: 1.0.7
 Summary: txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle.
 Project-URL: Homepage, https://github.com/muchdogesec/txt2stix
 Project-URL: Issues, https://github.com/muchdogesec/txt2stix/issues
@@ -111,6 +111,31 @@ cp .env.example .env
 To see more information about how to set the variables, and what they do, read the `.env.markdown` file.
+Then test your configoration
+```shell
+python3 txt2stix.py \
+	--check-credentials
+```
+It will return a response to show what API keys are working
+```txt
+============= Service Statuses ===============
+  ctibutler   : authorized      ✔
+  vulmatch    : authorized      ✔
+  binlist     : authorized      ✔
+  LLMS:
+    openai      : authorized      ✔
+    deepseek    : unsupported     –
+    gemini      : unsupported     –
+    openrouter  : unsupported     –
+    anthropic   : unsupported     –
+```
+Not all services need to be configured, if you have no intention of using them.
 ### Usage
 ```shell

{txt2stix-1.0.5 → txt2stix-1.0.7}/README.md RENAMED Viewed

@@ -67,6 +67,31 @@ cp .env.example .env
 To see more information about how to set the variables, and what they do, read the `.env.markdown` file.
+Then test your configoration
+```shell
+python3 txt2stix.py \
+	--check-credentials
+```
+It will return a response to show what API keys are working
+```txt
+============= Service Statuses ===============
+  ctibutler   : authorized      ✔
+  vulmatch    : authorized      ✔
+  binlist     : authorized      ✔
+  LLMS:
+    openai      : authorized      ✔
+    deepseek    : unsupported     –
+    gemini      : unsupported     –
+    openrouter  : unsupported     –
+    anthropic   : unsupported     –
+```
+Not all services need to be configured, if you have no intention of using them.
 ### Usage
 ```shell

{txt2stix-1.0.5 → txt2stix-1.0.7}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 [project]
 name = "txt2stix"
-version = "1.0.5"
+version = "1.0.7"
 authors = [{ name = "dogesec" }]
 maintainers = [{ name = "dogesec" }]
 description = "txt2stix is a Python script that is designed to identify and extract IoCs and TTPs from text files, identify the relationships between them, convert them to STIX 2.1 objects, and output as a STIX 2.1 bundle."

{txt2stix-1.0.5 → txt2stix-1.0.7}/tests/src/test_main.py RENAMED Viewed

@@ -349,3 +349,12 @@ def test_extract_relationships_with_ai():
     mock_ai_session.extract_relationships.side_effect = Exception
     assert extract_relationships_with_ai(mock_bundler, text, all_extracts, mock_ai_session) == None
+def test_check_credentials(monkeypatch):
+    monkeypatch.setattr(sys, 'argv', [
+        "program",
+        "--check_credentials"
+    ])
+    with pytest.raises(SystemExit):
+        parse_args()

txt2stix-1.0.7/tests/src/test_retriever.py ADDED Viewed

@@ -0,0 +1,124 @@
+import pytest
+from txt2stix.retriever import retrieve_stix_objects
+@pytest.fixture(scope="session")
+def f():
+    return open("/tmp/ww2.txt", "w+")
+@pytest.mark.parametrize(
+    ["stix_mapping", "kb_id", "expected_ids"],
+    [
+        (
+            "ctibutler-mitre-attack-enterprise-id",
+            "T1548",
+            ["attack-pattern--67720091-eee3-4d2d-ae16-8264567f6f5b"],
+        ),
+        (
+            "ctibutler-mitre-attack-mobile-id",
+            "S1095",
+            ["malware--24c8f6db-71e0-41ef-a1dc-83399a5b17e5"],
+        ),
+        (
+            "ctibutler-mitre-attack-ics-id",
+            "M0915",
+            ["course-of-action--2f0160b7-e982-49d7-9612-f19b810f1722"],
+        ),
+        (
+            "ctibutler-mitre-capec-id",
+            "CAPEC-1",
+            ["attack-pattern--92cdcd3d-d734-4442-afc3-4599f261498b"],
+        ),
+        (
+            "ctibutler-mitre-cwe-id",
+            "CWE-349",
+            ["weakness--b7ed8589-a9c7-586c-a3b6-873ae8f8a9c7"],
+        ),
+        (
+            "ctibutler-mitre-attack-enterprise-name",
+            "2015 Ukraine Electric Power Attack",
+            ["campaign--46421788-b6e1-4256-b351-f8beffd1afba"],
+        ),
+        (
+            "ctibutler-mitre-attack-enterprise-aliases",
+            "Operation Sharpshooter",
+            ["campaign--37764c78-2a99-46d1-a7ea-6454b9bf93a0"],
+        ),
+        (
+            "ctibutler-mitre-attack-mobile-name",
+            "Impair Defenses",
+            ["attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a"],
+        ),
+        (
+            "ctibutler-mitre-attack-mobile-aliases",
+            "Storm-0875",
+            ["intrusion-set--44d37b89-a739-4810-9111-0d2617a8939b"],
+        ),
+        (
+            "ctibutler-mitre-attack-ics-name",
+            "Program Upload",
+            ["attack-pattern--3067b85e-271e-4bc5-81ad-ab1a81d411e3"],
+        ),
+        (
+            "ctibutler-mitre-attack-ics-aliases",
+            "BROMINE",
+            ["intrusion-set--1c63d4ec-0a75-4daa-b1df-0d11af3d3cc1"],
+        ),
+        (
+            "ctibutler-mitre-capec-name",
+            "Overflow Buffers",
+            ["attack-pattern--77e51461-7843-411c-a90e-852498957f76"],
+        ),
+        (
+            "ctibutler-mitre-cwe-name",
+            "Insufficient Encapsulation",
+            (
+                "weakness--46444370-fe00-5368-8d39-17fc39e4cacb",
+                "weakness--b0a3b7a9-fefa-5435-8336-4d2e019597f8",
+            ),
+        ),
+        (
+            "ctibutler-location",
+            "NG",
+            (
+                "location--6dbe266a-c149-5ba3-8b39-74f1b5063312",
+            ),
+        ),
+        (
+            "ctibutler-mitre-atlas-id",
+            "AML.T0050",
+            ["attack-pattern--eda10125-6f7d-479f-857a-19ef5d86a961"],
+        ),
+        (
+            "ctibutler-mitre-atlas-name",
+            "Defense Evasion",
+            ["x-mitre-tactic--c9cf0175-296e-4439-852d-afb870ed5e0c"],
+        ),
+        (
+            "ctibutler-disarm-id",
+            "T0131.001",
+            ["attack-pattern--db0a00c8-7913-5895-b0a2-a7378eaab591"],
+        ),
+        (
+            "ctibutler-disarm-name",
+            "Develop Narratives",
+            ["x-mitre-tactic--ec5943c5-cf40-59dd-a7ed-c2175fc9727a"],
+        ),
+        (
+            "vulmatch-cve-id",
+            "CVE-2025-7943",
+            ["vulnerability--e4390a73-9288-5fd4-aa54-6a9b906bb174"],
+        ),
+        (
+            "vulmatch-cpe-id",
+            "cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:*",
+            ["software--0028c970-9268-5988-b941-f6bfc050300a"],
+        ),
+    ],
+)
+def test_retrieve_objects(stix_mapping, kb_id, expected_ids, f):
+    objects = retrieve_stix_objects(stix_mapping, kb_id)
+    assert objects != None
+    object_ids = {obj["id"] for obj in objects}
+    assert object_ids == set(expected_ids)

{txt2stix-1.0.5 → txt2stix-1.0.7}/txt2stix/ai_extractor/base.py RENAMED Viewed

@@ -90,3 +90,13 @@ class BaseAIExtractor():
     def __hash__(self):
         return hash(self.extractor_name)
+    def check_credential(self):
+        try:
+            return "authorized" if self._check_credential() else "unauthorized"
+        except:
+            return "unknown"
+    def _check_credential(self):
+        self.llm.complete("say 'hi'")
+        return True

txt2stix-1.0.7/txt2stix/credential_checker.py ADDED Viewed

@@ -0,0 +1,97 @@
+import argparse
+import os
+import random
+from urllib.parse import urljoin
+import requests
+from stix2extensions.tools import creditcard2stix
+from txt2stix.retriever import STIXObjectRetriever
+def check_binlist():
+    card = str(random.randrange(432101, 456789))
+    api_key = os.getenv("BIN_LIST_API_KEY", "")
+    return "authorized" if creditcard2stix.get_bin_data(card, api_key) else "unauthorized"
+def check_llms():
+    from txt2stix.txt2stix import parse_model
+    auth_info = dict()
+    for model_name in ["openai", "deepseek", "gemini", "openrouter", "anthropic"]:
+        try:
+            model = parse_model(model_name)
+            auth_info[model_name] = model.check_credential()
+        except argparse.ArgumentTypeError:
+            auth_info[model_name] = "unsupported"
+        except:
+            auth_info[model_name] = "unauthorized"
+    return auth_info
+def check_ctibutler_vulmatch(service):
+    retriever = STIXObjectRetriever(service)
+    path = dict(
+        ctibutler="v1/location/versions/available/",
+        vulmatch="v1/cve/objects/vulnerability--f552f6f4-39da-48dc-8717-323772c99588/",
+    )[service]
+    try:
+        resp = retriever.session.get(urljoin(retriever.api_root, path))
+        match resp.status_code:
+            case 401 | 403:
+                return "unauthorized"
+            case 200:
+                return "authorized"
+            case _:
+                return "unknown"
+    except:
+        return "offline"
+def check_btcscan():
+    url = "https://btcscan.org/api/blocks/tip/height"
+    try:
+        resp = requests.get(url)
+        match resp.status_code:
+            case 401 | 403:
+                return "unauthorized"
+            case 200:
+                return "authorized"
+            case _:
+                return "unknown"
+    except:
+        return "offline"
+def check_statuses(test_llms=False):
+    statuses = dict(
+        ctibutler=check_ctibutler_vulmatch("ctibutler"),
+        vulmatch=check_ctibutler_vulmatch("vulmatch"),
+        binlist=check_binlist(),
+        btcscan=check_btcscan(),
+    )
+    if test_llms:
+        statuses.update(llms=check_llms())
+    return statuses
+def format_statuses(status_dict):
+    def get_marker(status):
+        """Return a checkmark, cross, or dash based on status."""
+        match status.lower():
+            case "authorized":
+                return "✔"
+            case "unauthorized":
+                return "✖"
+            case "unknown" | "offline" | "unsupported":
+                return "–"
+            case _:
+                return "?"
+    print("============= Service Statuses ===============")
+    for key, value in status_dict.items():
+        if key == "llms" and isinstance(value, dict):
+            print(f"\n  {key.upper()}:")
+            for llm_name, llm_status in value.items():
+                marker = get_marker(llm_status)
+                print(f"    {llm_name:<12}: {llm_status:<15} {marker}")
+        else:
+            marker = get_marker(value)
+            print(f"  {key:<12}: {value:<15} {marker}")

{txt2stix-1.0.5 → txt2stix-1.0.7}/txt2stix/retriever.py RENAMED Viewed

@@ -17,6 +17,10 @@ class STIXObjectRetriever:
             self.api_key = os.environ.get('VULMATCH_API_KEY')
         else:
             raise NotImplementedError("The type `%s` is not supported", host)
+        self.session = requests.Session()
+        self.session.headers.update({
+            "API-KEY":  self.api_key,
+        })
     def get_attack_object(self, matrix, attack_id):
         endpoint = urljoin(self.api_root, f"v1/attack-{matrix}/objects/{attack_id}/")
@@ -48,14 +52,10 @@ class STIXObjectRetriever:
         return self._retrieve_objects(urljoin(self.api_root, f"v1/{type}/objects/?alias={alias}"))
     def _retrieve_objects(self, endpoint, key='objects'):
-        s = requests.Session()
-        s.headers.update({
-            "API-KEY":  self.api_key,
-        })
         data = []
         page = 1
         while True:
-            resp = s.get(endpoint, params=dict(page=page, page_size=50))
+            resp = self.session.get(endpoint, params=dict(page=page, page_size=50))
             resp.raise_for_status()
             d = resp.json()
             if len(d[key]) == 0:

{txt2stix-1.0.5 → txt2stix-1.0.7}/txt2stix/txt2stix.py RENAMED Viewed

@@ -13,7 +13,7 @@ import sys, os
 from pydantic import BaseModel
 from txt2stix.ai_extractor.utils import DescribesIncident
-from txt2stix import attack_flow
+from txt2stix import attack_flow, credential_checker
 from .utils import RELATIONSHIP_TYPES, Txt2StixData, remove_links
@@ -135,6 +135,12 @@ def parse_args():
     all_extractors = extractions.parse_extraction_config(INCLUDES_PATH)
     parser = argparse.ArgumentParser(description="File Conversion Tool")
+    parser.add_argument('--check_credentials', "--check-credentials", action="store_true", help="Print the validity of the credentials and exit")
+    args, _ = parser.parse_known_args()
+    if args.check_credentials:
+        statuses = credential_checker.check_statuses(test_llms=True)
+        credential_checker.format_statuses(statuses)
+        sys.exit(0)
     inf_arg = parser.add_argument(
         "--input_file",