search

MISP / MISP-Taxii-Server

An OpenTAXII Configuration for MISP
BSD 3-Clause "New" or "Revised" License
80 stars 30 forks source link

HTTP Error: status code 500 #94

Open adthomson opened 3 years ago

adthomson commented 3 years ago

Hi All,

I've just followed the guide for setting up the Taxii Server however when i try and perform a taxii-push I am returned with a HTTP Error: status code 500 message.

When testing, I have been using the test data files which ship with the codebase. This is the command I've been using: taxii-push --path http://localhost:9000/services/inbox -f tests/identifying-a-threat-actor-group.xml --dest my_collection --username admin --password admin

I've tried the below test data sets: command-and-control-ip-list.xml file-hash-reputation.xml incident-malware.xml test.xml sample.xml

This is the error I'm receiving from the Taxii server: 2021-02-04T16:08:35.504235Z [werkzeug] info: 127.0.0.1 - - [04/Feb/2021 17:08:35] "POST /services/inbox HTTP/1.1" 500 - Traceback (most recent call last): File "/home/misp/.local/lib/python3.6/site-packages/flask/app.py", line 2464, in __call__ return self.wsgi_app(environ, start_response) File "/home/misp/.local/lib/python3.6/site-packages/flask/app.py", line 2450, in wsgi_app response = self.handle_exception(e) File "/home/misp/.local/lib/python3.6/site-packages/flask/app.py", line 1867, in handle_exception reraise(exc_type, exc_value, tb) File "/home/misp/.local/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise raise value File "/home/misp/.local/lib/python3.6/site-packages/flask/app.py", line 2447, in wsgi_app response = self.full_dispatch_request() File "/home/misp/.local/lib/python3.6/site-packages/flask/app.py", line 1952, in full_dispatch_request rv = self.handle_user_exception(e) File "/home/misp/.local/lib/python3.6/site-packages/flask/app.py", line 1821, in handle_user_exception reraise(exc_type, exc_value, tb) File "/home/misp/.local/lib/python3.6/site-packages/flask/_compat.py", line 39, in reraise raise value File "/home/misp/.local/lib/python3.6/site-packages/flask/app.py", line 1950, in full_dispatch_request rv = self.dispatch_request() File "/home/misp/.local/lib/python3.6/site-packages/flask/app.py", line 1936, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "/home/misp/.local/lib/python3.6/site-packages/opentaxii/middleware.py", line 88, in wrapper return _process_with_service(service) File "/home/misp/.local/lib/python3.6/site-packages/opentaxii/middleware.py", line 174, in _process_with_service response_message = service.process(request.headers, taxii_message) File "/home/misp/.local/lib/python3.6/site-packages/opentaxii/taxii/services/abstract.py", line 82, in process response_message = handler.handle_message(self, message) File "/home/misp/.local/lib/python3.6/site-packages/opentaxii/taxii/services/handlers/inbox_message_handlers.py", line 123, in handle_message return InboxMessage11Handler.handle_message(service, request) File "/home/misp/.local/lib/python3.6/site-packages/opentaxii/taxii/services/handlers/inbox_message_handlers.py", line 63, in handle_message inbox_message_id=inbox_message.id if inbox_message else None) File "/home/misp/.local/lib/python3.6/site-packages/opentaxii/persistence/manager.py", line 201, in create_content collection_ids=collection_ids, service_id=service_id) File "/home/misp/.local/lib/python3.6/site-packages/blinker/base.py", line 267, in send for receiver in self.receivers_for(sender)] File "/home/misp/.local/lib/python3.6/site-packages/blinker/base.py", line 267, in <listcomp> for receiver in self.receivers_for(sender)] File "/usr/local/lib/python3.6/dist-packages/misp_taxii_hooks-0.2-py3.6.egg/misp_taxii_hooks/hooks.py", line 62, in post_stix package = pymisp.tools.stix.load_stix(StringIO(block)) File "/home/misp/MISP-Taxii-Server/src/pymisp/pymisp/tools/stix.py", line 18, in load_stix threat_level_id=threat_level_id, analysis=analysis) File "/home/misp/MISP-Taxii-Server/src/misp-stix-converter/misp_stix_converter/converters/buildMISPAttribute.py", line 480, in buildEvent event = parseIndicators(event, pkg) File "/home/misp/MISP-Taxii-Server/src/misp-stix-converter/misp_stix_converter/converters/buildMISPAttribute.py", line 418, in parseIndicators for intent in pkg.stix_header.package_intents: AttributeError: 'NoneType' object has no attribute 'package_intents'

config.yaml

`--- domain: "localhost:9000" support_basic_auth: yes

persistence_api: class: opentaxii.persistence.sqldb.SQLDatabaseAPI parameters: db_connection: mysql://taxii:some_password@localhost/taxiipersist create_tables: yes

auth_api: class: opentaxii.auth.sqldb.SQLDatabaseAPI parameters: db_connection: mysql://taxii:some_password@localhost/taxiiauth create_tables: yes secret: ANewSecret

logging: opentaxii: info root: info

hooks: misp_taxii_hooks.hooks

zmq: host: localhost port: 50000

misp: url: "https://localhost" api: xxxxxxxxxxxx verifySSL: False

taxii: auth: username: ABC password: CDE collections:

sgtchains commented 3 years ago

Did you ever resolve this issue?.. I'm seeing the same thing.

sgtchains commented 3 years ago

I've rebuilt and abandoned my research into MISP-Taxii-Server for now. This issue appears to be related to following block of code in buildMISPAttribute.py;

    for intent in pkg.stix_header.package_intents:
        if str(intent).lower() == "indicators":
            has_indicators = True
            break

IIRC, it assumes that pkg.stix_header exists, were from my reading of STIX, it appears to be optional. Again from memory; wrapping that in a conditional of if (hasattr(pkg, "stix_header"): fixes some issues with the test samples, but not all.

If I ever revisit this, I'll look at issuing a pull request for https://github.com/MISP/MISP-STIX-Converter