Got error when importing saved collection file

center-for-threat-informed-defense / attack-workbench-frontend

An application allowing users to explore, create, annotate, and share extensions of the MITRE ATT&CK® knowledge base. This repository contains an Angular-based web application providing the user interface for the ATT&CK Workbench application.

https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/attck-workbench/

Apache License 2.0

320 stars 61 forks source link

Got error when importing saved collection file #247

Closed dickens88 closed 3 years ago

dickens88 commented 3 years ago

Hi ,

I got a error message when trying to import a collection json file to workbench

request.body should have required property 'spec_version'

I made the operations by Collections > My Collections > Create A Collection > download json file > then Imported Collections > Import A collection. I also browsed the collection json file, and i think all the objects in the file has one key named 'spec_version' and value is '2.1'

My requirement is to export the configurations i updated and import the file to another environment. Is there any knowns bugs or another suggested ideas?

ElJocko commented 3 years ago

That's an error in the code that exports the collection bundle (in the Workbench REST API). It should be setting the spec_version of the top-level object, but is not. Because the spec_version isn't being set when the bundle is exported, that bundle fails when you try to import it (since spec_version is required).

Workaround

We'll put in a fix for this, but until that is ready, the workaround would be to manually edit the exported collection bundle and insert the spec_version. The exported collection bundle will look something like this:

{
    "type": "bundle",
    "id": "bundle--696d2fed-13d8-475a-8d51-23e1033a92e1",
    "objects": [
      ...
    ]
}

But should have the spec_version included, like this:

{
    "type": "bundle",
    "id": "bundle--696d2fed-13d8-475a-8d51-23e1033a92e1",
    "spec_version": "2.1",
    "objects": [
      ...
    ]
}

ElJocko commented 3 years ago

The fix for this error will be tracked in this issue: https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api/issues/103 in the Workbench REST API project.

isaisabel commented 3 years ago

According to the STIX spec "spec_version" is not a property of bundles in STIX 2.1. It used to be in STIX 2.0, but now it's a property of all objects inside the bundle and not the bundle itself: https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_gms872kuzdmg

If you use stix2 validator on a bundle with spec_version it'll actually print a warning saying it needs to have an x_[organization]_ prefix.

ElJocko commented 3 years ago

Ok, that would mean the problem is that the import collection bundle shouldn't be requiring the spec_version. The import and export are out of sync, but in the other direction.

isaisabel commented 3 years ago

Yes, that's consistent with my understanding.

isaisabel commented 3 years ago

Given that the official ATT&CK collections do include that field, it's probably best to update the import to allow but not require that extra field on the bundle.

isaisabel commented 3 years ago

Issue superseded by https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api/issues/103.

ElJocko commented 3 years ago

@dickens88 Note that the workaround is the same, even though the problem is reversed. Until we can release a fix, it will be necessary to manually edit the exported collection bundle and add the spec_version before the bundle can be imported.

dickens88 commented 3 years ago

@ElJocko @isaisabel Thank you so much for the reply. The workaround is fine for me.