search

MaltegoTech / maltego-trx

Maltego Transform library for Python
MIT License
218 stars 45 forks source link

Get entity type in local transform #58

Open simonemarfo opened 10 months ago

simonemarfo commented 10 months ago

As described in Caveats, entity type is not passed to local transform, the type is always replaced with local.Unknown. Is there a way to retrieve entity type in TRX or it is a Maltego limitation?

crest42 commented 10 months ago

Hey @simonemarfo. This is a limitation with local transforms in particular. We advise you to use the pTDS if you require the entity type.

Can you describe what you need the entity type for in a bit more detail? Maybe we can help you find another solution.

NullVibes commented 8 months ago

I 2nd this as an issue... Scenario: Local transform reads data from a locally stored file on an air-gapped machine. Not uncommon...

Why would using the pTDS be required to query the entity type?

Line 345 of maltego.py seems to be the assignment causing this issue, while Line 309 clearly pulls the type, both during def init.

maltego.py -> Line 309: self.Type = entity.attributes["Type"].value maltego.py -> Line 345: self.Type = "local.Unknown"

Possible solution? maltego.py -> Line 345: self.Type = entity.attributes["Type"].value

crest42 commented 8 months ago

Thanks for the feedback. The reasoning is that local transforms are executed with a very rudimentary CLI implementation, while the iTDS or pTDS provides a richer HTTP-based protocol. The proposed solution wouldn't work for this reason as well. The entity object is constructed from the HTTP body which we cannot transfer via CLI due to size limitations (This is also the reason we do not support entity properties in local transforms).

Local transforms are meant for very rudimentary transform support only and since all local transforms are defined on a single entity type, we suggest hard-coding the entity type in the transform. That does work assuming you are not relying on inheritance.

We are going to evaluate the requirement, but we are likely going to deprecate local transform in the future for a more future-proof alternative that has full protocol support rather than this limited subset. To solve the requirement of having entity ID's in air gapped envrionments, an iTDS is required for now.

NullVibes commented 8 months ago

Understood. Thanks for that feedback.

NullVibes commented 8 months ago

Looking into this more, it sounds like custom transform development will soon require a LICENSE FEE in the form of an iTDS (a Business-class Enterprise/E+ license), or developers give their code over to the pTDS. Is this correct?