search

CYBEX-P / tahoe

A Cyberthreat Language (CTL) to replace STIX
Other
0 stars 1 forks source link

Attribute/canonical/uniq does not support bool, resulting in ERROR #27

Open nachobacanful opened 4 years ago

nachobacanful commented 4 years ago

When executing the following we get the following traceback

...    e = event('sighting', [o], uuid.uuid4(), time.time(), malicious = True, mal_data=o)
... 
Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
  File "/home/nacho/Projects/tahoe/tahoe/objects/urlobject.py", line 26, in __init__
    ma = Attribute('malicious', malicious)
  File "/home/nacho/Projects/tahoe/tahoe/instance.py", line 300, in __init__
    super().__init__(sub_type=sub_type, **kwargs)
  File "/home/nacho/Projects/tahoe/tahoe/instance.py", line 63, in __init__
    self._hash = hashlib.sha256(self.unique()).hexdigest()
  File "/home/nacho/Projects/tahoe/tahoe/instance.py", line 71, in unique
    unique = self.itype + self.sub_type + canonical(self.data)
TypeError: can only concatenate str (not "bool") to str

As shown in the error the problem is the following:

# urlobject.py
        ma = Attribute('malicious', malicious)

where malicious is of type bool.

Attribute() then stores value in self.data. Attribute inherits from Instance. Instance has a uniq() method ,when this method its call it tries to generate a string using python + operator, this fails if operand are not strings. Problem A:

# misc.py
def canonical(val):
  if isinstance(val, dict):
  elif isinstance(val, list):
  elif isinstance(val, str):

Canonical only supports dict, list, and str, and not bool. , if unsupported type is inputted then it just returns it. this causes problems, generating problem B. Problem B:

def unique(self): # used to detect duplicate data
    unique = self.itype + self.sub_type + canonical(self.data)

we concatenate with the + operator, therefore all operand must of of type str, python will not do conversion if one of the operand is not a string.

Solution:

def unique(self): # used to detect duplicate data
    unique = "{}{}{}".format(self.itype,self.sub_type, canonical(self.data))

using format() will force all operand to be converted to str, using __repr__() as long as its available. if conversion function not available then it will fail, but this is not normal. Sol 2: support bool in canonical(), even though this works this will cause the same problems for uniq() if a new unsupported type is passed into canonical. Therefore i recommend both fixes.

nachobacanful commented 4 years ago

replace + for format()
Fix at uniq() in intance: https://github.com/CYBEX-P/tahoe/blob/1e2018550b3c4661543705129dabfcc4842cfa6d/tahoe/instance.py#L133 fix at uniq() in Events: https://github.com/CYBEX-P/tahoe/blob/1e2018550b3c4661543705129dabfcc4842cfa6d/tahoe/instance.py#L230