search

MISP / PyMISP

Python library using the MISP Rest API
Other
430 stars 278 forks source link

Wrong response after enabling tag #341

Closed fabrei closed 3 years ago

fabrei commented 5 years ago

When I am enabling the "cyber-threat-framework:Engagement=\"exploit-vulnerabilities\"" tag with the id 286, I get an unexpected response. I get a response for the tag 'osint:source-type="block-or-filter-list'. However MISP enables the right tag, but it is a bit confusing I think. Is it a feature or a bug?

misp.enable_tag(286)
DEBUG [api.py:154 - _prepare_request() ] GET - http://localhost:8080/tags/view/286
DEBUG [api.py:178 - _prepare_request() ] {'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'User-Agent': 'PyMISP 2.4.102 - Python 2.7.13', 'Connection': 'keep-alive', 'content-type': 'applicatio
n/json', 'Authorization': u'mykey'}
DEBUG [api.py:270 - _check_response() ] {
    "count": 2,                                        
    "hide_tag": true,
    "user_id": "0", 
    "name": "cyber-threat-framework:Engagement=\"exploit-vulnerabilities\"",
    "colour": "#008960",
    "attribute_count": 1,
    "org_id": false,
    "exportable": true,
    "id": "286"
}
DEBUG [api.py:154 - _prepare_request() ] POST - http://localhost:8080/tags/edit/286
DEBUG [api.py:156 - _prepare_request() ] {"Tag": {"count": 2, "hide_tag": false, "user_id": "0", "name": "cyber-threat-framework:Engagement=\"exploit-vulnerabilities\"", "colour": "#008960", "attribute_count": 1, "org_id": false, "exportable": true, "id": "286"}}
DEBUG [api.py:178 - _prepare_request() ] {'Content-Length': '222', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'User-Agent': 'PyMISP 2.4.102 - Python 2.7.13', 'Connection': 'keep-alive', 'content-type': 'application/json', 'Authorization': u'mykey'}
DEBUG [api.py:270 - _check_response() ] {
    "Tag": {
        "hide_tag": false,
        "user_id": "0",
        "name": "osint:source-type=\"block-or-filter-list\"",
        "colour": "#004f89",
        "org_id": false,
        "exportable": true,
        "id": "1"
    }
}
Out[35]: 
{u'Tag': {u'colour': u'#004f89',
  u'exportable': True,
  u'hide_tag': False,
  u'id': u'1',
  u'name': u'osint:source-type="block-or-filter-list"',
  u'org_id': False,
  u'user_id': u'0'}}
Rafiot commented 5 years ago

That's... funny. Thank you very much for pasting the debug messages, and I'm going to point that one to @iglocska :)

Rafiot commented 3 years ago

This one is fixed.