Update idioms to work with latest versions of python-stix and python-cybox

STIXProject / stixproject.github.io

Source for the STIX Documentation site

http://stixproject.github.io

BSD 3-Clause "New" or "Revised" License

42 stars 18 forks source link

Update idioms to work with latest versions of python-stix and python-cybox #331

Closed gtback closed 7 years ago

gtback commented 8 years ago

Builds 612 and 613 were failing because we explicitly install stix 1.2.0.0, which grabs (the incompatible) cybox 2.1.0.13.

Build 614 fails because some things that we let slide in older versions of python-stix are now invalid.

For now I rolled back to stix 1.2.0.0 and (explicitly) cybox 2.1.0.12, but we want to update the code to support stix 1.2.0.1 and cybox 2.1.0.13.

clenk commented 8 years ago

One of the errors is caused by /documentation/idioms/maec-malware/malware-characterization-using-maec_producer.py. Running this code reveals the problem:

from stix.extensions.malware.maec_4_1_malware import MAECInstance
maec_malware_instance = MAECInstance()
maec_malware_instance.add_name("Poison Ivy Variant v4392-acc")
maec_malware_instance.add_type("Remote Access Trojan")
print(maec_malware_instance.to_xml())

The XML output should have and tags, as in http://stixproject.github.io/documentation/idioms/maec-malware/malware-characterization-using-maec.xml but it does not. I have not been able to figure out why yet.

EDIT: This is the issue: https://github.com/STIXProject/python-stix/issues/303

clenk commented 8 years ago

Note: Make sure to update the markdown files in addition to the python files.

ATweedMITRE commented 7 years ago

The files should be all updated to python 3 now (including the markdowns). Chris, here are the files I was having trouble fixing:

simple-incident_producer.py (located in simple-incident folder): AttributeError malicious-email-indicator-with-attachment_producer.py (located in malicious-email-attachment folder): TypeError incident-with-affected-asset_producer.py (located in affected-assets folder): TypeError

clenk commented 7 years ago

identity-group and industry-sector are failing because the Identity elements aren't being recognized as CIQidentity objects when the consumers ingest the XML.

kill-chain's producer would be cleaner if KillChain and KillChainPhase automatically generated their own ids similar to https://github.com/STIXProject/python-stix/blob/40d89f0a24d38c02c68274f188d71d0866a6aece/stix/core/stix_package.py#L96

incident-vs-indicator and simple-incident have output XML that fails validation because timestamps are in incorrect format.