vocabs.py "Value must be one of ..." error when the XML open and close tag is not in the same line

[mdhoang]

I got a stix xml with lines like this:

<cyboxCommon:Type condition="Equals" xsi:type="cyboxVocabs:HashNameVocab-1.0">MD5
                                </cyboxCommon:Type>

When trying to do stix.core.STIXPackage.from_xml(file_name), there was an error raised.

ValueError: Value must be one of ('SHA384', 'SSDEEP', 'SHA224', 'SHA1', 'MD6', 'SHA256', 'MD5', 'SHA512'). Received 'MD5
                                '

I tried add on line 84

if v is not None:
    v = v.strip()

and it works. But I don't know if this is a proper fix, and would like this error to be fixed properly for everyone.

Thank you.

[mdhoang]

The same error in stix/common/vocabs.py

Value must be one of ('Indicators - Phishing', 'Indicators', 'Incident', 'Threat Report', 'Campaign Characterization', 'Threat Actor Characterization', 'TTP - Infrastructure', 'Courses of Action', 'Attack Pattern Characterization', 'Indicators - Malware Artifacts', 'Malware Characterization', 'TTP - Tools', 'Observations - Email', 'Indicators - Network Activity', 'Indicators - Watchlist', 'Exploit Characterization', 'Malware Samples', 'Collective Threat Intelligence', 'Indicators - Endpoint Characteristics', 'Observations'). Received 'Indicators - Network Activity
        '

[gtback]

Thanks, @mdhoang!

I realize that this is a pretty easy fix in Python, but including whitespace around vocabulary values technically makes the STIX XML invalid (according to both oXygen and stix-validator), so I would recommend bringing up this issue with whoever produced the STIX document.

I understand that practicality is also important, so let me know if this causes any problems. Feel free to re-open this.