PLC/vPLC>> STIX-Interoperability-Runner>> 返回
项目作者: StephenOTT

项目描述 :
STIX Interoperability Runner to write and validate STIX Interoperability Spec tests
高级语言: Kotlin
项目地址: git://github.com/StephenOTT/STIX-Interoperability-Runner.git
创建时间: 2020-01-17T11:34:35Z
项目社区:https://github.com/StephenOTT/STIX-Interoperability-Runner
开源协议:MIT License
下载


STIX Interoperability Runner (Work in Progress)

The STIX Interoperability Runner is a Gherkin/Cucumber based testing platform for writing
and validating STIX interoperability scenarios and tests.

The runner provides gherkin syntax and cucumber steps to easily write meaningful and relevant STIX import, parse, manipulate, and validation features/scenarios.

Given the variance in the producers and consumers of STIX and the wide range of interoperability tests that are possible,
the runner provides a REST API for getting and submitting data during the tests. You can:

  1. Import STIX from JSON files
  2. Submit test start data by submitting to a provided REST endpoint
  3. Get STIX data and test metadata at defined points in a test
  4. Submit data and test metadata at defined points in a test

The purpose of this functionality is to allow those who are implementing the interoperability tests to choose how they want to validate:

  1. They may submit data directly from their application/hardware
  2. Completely automate the process
  3. Run the tests in a manual process where they submit and validate data / scenarios through a tool like postman
  4. A test step may be to “affirm” that the producer/consumer’s system provides access to the data. (this could support file uploads such as pictures if the community really wanted this..)

By automating, we gain the ability to quickly validate all STIX content against the cost STIX Spec, and then write additional test steps based on the additional needs of interoperability.
This will drastically reduce the size of Interoperability Spec business text, and provide repeatable, testable, common set of objective evidence results for interoperability validation.

The runner will provide:

  1. report output of all inputs and outputs
  2. Validation of each step and feature
  3. A plugable STIX Parser, providing a default parser, but can be replaced with other parsers (Kotlin, Python, Go, etc)
  4. Ability to run specific tests/scenarios that are relevant to the producer/consumer that is validating (“I only want to run the TIP tests”)
  5. Configuration options for starting points, endpoint ports, and other helpful settings.

Example Scenario:

Run the Runner in com.github.stephenott.stix.interop.Runner

  1. Feature: Simple Attack Pattern Imports
  3.   Scenario: Import and validate a Attack Pattern from a third-party System
  5.     Given a STIX JSON object at "/json/0_simple_object.json"
  6.     When I parse it as STIX
  7.     Then it must have property "key" as type "STRING"
  8.     Then it must be STIX type "attack-pattern"
  9.     When wait for take of object at "GET" "/scenario1"
  10.     When wait for submission of object at "POST" "/scenario1/update" as "sub1"
  11.     Then parse "sub1" as an "AttackPattern"
  12.     And "sub1" must have a different "created_by_ref" property
  13.     Then print the object
  14.     Then print parsed object "sub1"

Raw development output

  1. Feature: Simple Attack Pattern Imports
  3.   Scenario: Import and validate a Attack Pattern from a third-party System     # src/test/resources/features/0_simple_import.feature:3
  4.     Given a STIX JSON object at "/json/0_simple_object.json"                   # En.java:1004
  5.     When I parse it as STIX                                                    # En.java:1885
  6.     Then it must have property "key" as type "STRING"                          # En.java:1503
  7.     Then it must be STIX type "attack-pattern"                                 # En.java:1463
  8. Wiremock on localhost:8081
  9. waiting for take at GET /scenario1
  10. running action...CompleterId(id=f4348d3e-4020-489d-ab5b-cafe7767fc09)
  11. class com.github.stephenott.stix.interop.glue.CompleterId
  12. all done action
  13. ALL DONE
  14.     When wait for take of object at "GET" "/scenario1"                         # En.java:1962
  15. Wiremock on localhost:8081
  16. waiting for submission at POST /scenario1/update
  17. running action...CompleterId(id=e0d334ae-60f9-4618-9987-6e1f29ca95eb)
  18. class com.github.stephenott.stix.interop.glue.CompleterId
  19. all done action
  20. submission with id: sub1 has body of: {
  21.     "key": "value",
  22.     "created_by_ref": "cats2",
  23.     "type": "attack-pattern"
  24. }
  25. ALL DONE
  26.     When wait for submission of object at "POST" "/scenario1/update" as "sub1" # En.java:2004
  27.     Then parse "sub1" as an "AttackPattern"                                    # En.java:1503
  28.     And "sub1" must have a different "created_by_ref" property                 # En.java:126
  29. {"key":"value","created_by_ref":"cats","type":"attack-pattern"}
  30.     Then print the object                                                      # En.java:1426
  31. {"key":"value","created_by_ref":"cats2","type":"attack-pattern"}
  32.     Then print parsed object "sub1"                                            # En.java:1463