search

TAXIIProject / libtaxii

A Python library for handling TAXII Messages invoking TAXII Services.
http://libtaxii.readthedocs.org/
BSD 3-Clause "New" or "Revised" License
70 stars 43 forks source link

Discovery Response deserialization - YETI/Inbox Services #158

Open MarkDavidson opened 9 years ago

MarkDavidson commented 9 years ago

There is an issue where libtaxii is not properly deserializing DiscoveryResponse messages from YETI, and it's the Inbox Services that are being omitted.

-Mark

MarkDavidson commented 9 years ago

I had thought about making this wontfix, because it was a problem in the way django-taxii-services was crafting the DiscoveryResponse. Effectively, it was adding a TAXII 1.0 Service Instance to a TAXII 1.1 Discovery Response, which was causing libtaxii to not parse it correctly.

However, I think this is a bug in libtaxii, since you shouldn't be able to specify a TAXII 1.0 Service Instance for a TAXII 1.1 Discovery Response.

MarkDavidson commented 9 years ago

This code will replicate the issue:

import libtaxii.messages_11 as tm11
import libtaxii.messages_10 as tm10
from libtaxii.constants import *

dr = tm11.DiscoveryResponse('1', '2')
si = tm10.ServiceInstance(service_type=SVC_INBOX,
        service_address='http://example.com/taxii-discovery-service/',
        message_bindings=[VID_TAXII_XML_11],
        protocol_binding=VID_TAXII_HTTP_10,
        services_version=VID_TAXII_SERVICES_11)

dr.service_instances.append(si)
print dr.to_xml(pretty_print=True)

By printing this XML (Note the TAXII 1.0 Service Instance in the TAXII 1.1 message):

<taxii_11:Discovery_Response 
     xmlns:taxii="http://taxii.mitre.org/messages/taxii_xml_binding-1" 
     xmlns:taxii_11="http://taxii.mitre.org/messages/taxii_xml_binding-1.1" 
     xmlns:tdq="http://taxii.mitre.org/query/taxii_default_query-1" 
     message_id="1" 
     in_response_to="2">
  <taxii:Service_Instance service_type="INBOX" service_version="urn:taxii.mitre.org:services:1.1">
    <taxii:Protocol_Binding>urn:taxii.mitre.org:protocol:http:1.0</taxii:Protocol_Binding>
    <taxii:Address>http://example.com/taxii-discovery-service/</taxii:Address>
    <taxii:Message_Binding>urn:taxii.mitre.org:message:xml:1.1</taxii:Message_Binding>
  </taxii:Service_Instance>
</taxii_11:Discovery_Response>

This is because the checks that libtaxii performs using do_check in attribute setters are circumvented by using the <list>.append() function, as append() does not pass through libtaxii's attribute setters.

I'm not sure what the right solution is, but because of this right now you can add any kind of object to lists in libtaxii once they are instantiated.