"Could not add object" error with custom template object

[nyx0]

When I'm trying to push a custom object to MISP I had the following error:

m_object = pymisp.MISPObject(
    name=object_name,
    strict=True,  # same result with False as well
    misp_objects_path_custom=m_objects_path
)

[adding attributes here]

misp.add_object(event_id=ev_id, misp_object=m_object)

[REDACTED]

DEBUG [api.py:270 - _check_response() ] {
    "name": "Could not add object",
    "message": "Could not add object",
    "url": "/objects/add/424/",
    "errors": [
        "No valid template found to edit the object.",
        "403"
    ]
}

I removed the object on the MISP server but the UUID is the same (saw a related issue)

[Rafiot]

So, a few things to look at:

• What happen if you change the UUID of the object you're pushing?
• What happen if you add the object template you're using locally on the MISP instance you're pushing to?

@iglocska any other ideas?

[nyx0]

• I pushed the object to the MISP instance and tried again -> same error
• I modified the uuid of the local object that im using -> same error

[aschuster99]

Are you using a version of pymisp later then 2.4.96? If so, please downgrade to 2.4.96 (pip3 install pymisp==2.4.96) and check if that solves your problem.

[Rafiot]

pymisp 2.4.96 is pretty old, and I would really not use it. Is there any chance you share a code sample that fails? Because it works for me, and I assume I changed a thing I'm not using and would rather not have you stuck with an old version that will definitely start failing on other things in the future.

[Rafiot]

.... or maybe it doesn't anymore. To me, it looks like a bug in MISP core. poke @iglocska

from pymisp import ExpandedPyMISP
from pymisp import MISPObject

user_defined_obj = MISPObject(name='test_object_template', strict=True, misp_objects_path_custom='../../tests/mispevent_testfiles')

user_defined_obj.add_attribute('member3', value='foo')
user_defined_obj.add_attribute('member1', value='baz')

print(user_defined_obj.to_json())

misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert, debug=True)
misp.add_object(1204,user_defined_obj)

{'errors': (403,
  {'name': 'Could not add object',
   'message': 'Could not add object',
   'url': '/objects/add/1204/',
   'errors': 'No valid template found to edit the object.'})}

DEBUG [api.py:157 - _prepare_request() ] POST - http://127.0.0.1:8080/objects/add/1204
DEBUG [api.py:159 - _prepare_request() ] {
  "Attribute": [
    {
      "category": "Other",
      "disable_correlation": false,
      "object_relation": "member3",
      "to_ids": false,
      "type": "text",
      "uuid": "d7d3c852-d6a4-4ede-9e26-dcbfb23a1bfd",
      "value": "foo"
    },
    {
      "category": "Other",
      "disable_correlation": false,
      "object_relation": "member1",
      "to_ids": false,
      "type": "text",
      "uuid": "377acfa6-8da6-4866-a665-f43bbf2aedd5",
      "value": "baz"
    }
  ],
  "description": "TestTemplate.",
  "distribution": "5",
  "meta-category": "file",
  "name": "test_object_template",
  "sharing_group_id": "0",
  "template_uuid": "4ec55cc6-9e49-4c64-b794-03c25c1a6589",
  "template_version": "1",
  "uuid": "1d19469d-cc0c-4efb-aaa9-7fcfe4efee63"
}

[Rafiot]

But that approach will work (push the full event with the object instead of just the object):

from pymisp import ExpandedPyMISP
misp = ExpandedPyMISP(misp_url, misp_key, misp_verifycert)

me = misp.get(1204)

me.add_object(user_defined_obj)
misp.update_event(me)

I'm not sure it is expected, but in the meantime, just get and push the full event.

[Rafiot]

(this issue has been fixed in MISP)