APIs or bindings?¶
This page describes both the APIs and the bindings provided by the python-stix library.
The python-stix library provides APIs and utilities that aid in the creation, consumption, and processing of Structured Threat Information eXpression (STIX) content. The APIs that drive much of the functionality of python-stix sit on top of a binding layer that acts as a direct connection between Python and the STIX XML. Because both the APIs and the bindings allow for the creation and development of STIX content, developers that are new to python-stix may not understand the differences between the two. This document aims to identify the purpose and uses of the APIs and bindings.
The python-stix library leverages machine generated XML-to-Python bindings for the creation and processing of STIX content. These bindings are created using the generateDS utility and can be found under stix.bindings within the package hierarchy.
The STIX bindings allow for a direct, complete mapping between Python classes and STIX XML Schema data structures. That being said, it is possible (though not advised) to use only the STIX bindings to create STIX documents. However, because the code is generated from XML Schema without contextual knowledge of relationships or broader organizational/developmental schemes, it is often a cumbersome and laborious task to create even the simplest of STIX documents.
Developers within the python-stix team felt that the binding code did not lend itself to rapid development or natural navigation of data, and so it was decided that a higher-level API should be created.
The python-stix APIs are classes and utilities that leverage the STIX bindings for the creation and processing of STIX content. The APIs are designed to behave more naturally when working with STIX content, allowing developers to conceptualize and interact with STIX documents as pure Python objects and not XML Schema objects.
The APIs provide validation of inputs, multiple input and output formats, more Pythonic access of data structure internals and interaction with classes, and better interpretation of a developers intent through datatype coercion and implicit instantiation.
The python-stix APIs are under constant development. Our goal is to provide full API coverage of the STIX data structures, but not all structures are exposed via the APIs yet. Please refer to the API Reference for API coverage details.
The two code examples show the difference in creating and printing a simple STIX document consisting of only a STIX Package and a STIX Header with a description and produced time using the python-stix and python-cybox bindings. Both examples will produce the same STIX XML!
from datetime import datetime from stix.core import STIXPackage, STIXHeader from stix.common import InformationSource from cybox.common import Time # Create the STIX Package and STIX Header objects stix_package = STIXPackage() stix_header = STIXHeader() # Set the description stix_header.description = 'APIs vs. Bindings Wiki Example' # Set the produced time to now stix_header.information_source = InformationSource() stix_header.information_source.time = Time() stix_header.information_source.time.produced_time = datetime.now() # Build document stix_package.stix_header = stix_header # Print the document to stdout print(stix_package.to_xml())
import sys from datetime import datetime import stix.bindings.stix_core as stix_core_binding import stix.bindings.stix_common as stix_common_binding import cybox.bindings.cybox_common as cybox_common_binding # Create the STIX Package and STIX Header objects stix_package = stix_core_binding.STIXType() stix_header = stix_core_binding.STIXHeaderType() # Set the description stix_header_description = stix_common_binding.StructuredTextType() stix_header_description.set_valueOf_('APIs vs. Bindings Wiki Example') # Set the produced time to now stix_header_time = cybox_common_binding.TimeType() stix_header_time.set_Produced_Time(datetime.now()) # Bind the time to the STIX Header's Information Source element stix_header_info_source = stix_common_binding.InformationSourceType() stix_header_info_source.set_Time(stix_header_time) # Build the document stix_header.set_Description(stix_header_description) stix_header.set_Information_Source(stix_header_info_source) stix_package.set_STIX_Header(stix_header) # Print the document to stdout stix_package.export(sys.stdout, 0, stix_core_binding.DEFAULT_XML_NS_MAP)