search

eclecticiq / OpenTAXII

TAXII server implementation in Python from EclecticIQ
BSD 3-Clause "New" or "Revised" License
185 stars 88 forks source link

no required modified property with "marking-definition" #236

Open magsen opened 2 years ago

magsen commented 2 years ago

According to STIX 2.1 specification "there is no required modified property with Marking Definition objects." https://oasis-open.github.io/cti-documentation/examples/using-marking-definitions

if using OpenTAXII API we send this object it is NOT WORKING (resulting in Server Internal Error):

{"type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": {"tlp": "white"}}

but if we add the field modified, it now WORKS

{"type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "modified": "2022-07-29T13:42:44.472979Z", "name": "TLP:WHITE", "definition": {"tlp": "white"}}

Using stix2_validator from Oasis we can validate that it should not be like this: https://github.com/oasis-open/cti-stix-validator

(venv) ➜  cti-stix2-validator stix2_validator
Input STIX content, then press Ctrl+D: 
{"type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": {"tlp": "white"}}
================================================================================
[-] Results for: stdin
[+] STIX JSON: Valid
(venv) ➜  cti-stix2-validator stix2_validator
Input STIX content, then press Ctrl+D: 
{"type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "modified": "2022-07-29T13:42:44.472979Z", "name": "TLP:WHITE", "definition": {"tlp": "white"}}
================================================================================
[-] Results for: stdin
[X] STIX JSON: Invalid
    [!] Warning: marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9: {401} Custom property 'modified' should be implemented using an extension with an 'extension_type' of 'property-extension' or 'toplevel-property-extension'.
    [X] marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9: TLP marking definitions must match one of those defined in the STIX specification.

The linked server logs are:

{"event": "Exception on /taxii2/bff5e128-a676-4373-9e29-c1fbb082e95b/collections/dd3eecec-d7c9-4261-bd59-5242474908bf/objects/ [POST]", "exc_info": ["<class 'KeyError'>", "KeyError('modified')", "<traceback object at 0x7f8be82f3c40>"], "logger": "opentaxii.middleware", "level": "error", "timestamp": "2022-08-01T14:10:50.846595Z"}
{"event": "Error handling request /taxii2/bff5e128-a676-4373-9e29-c1fbb082e95b/collections/dd3eecec-d7c9-4261-bd59-5242474908bf/objects/", "exc_info": ["<class 'TypeError'>", "TypeError(\"The view function for 'opentaxii_services_view' did not return a valid response. The function either returned None or ended without a return statement.\")", "<traceback object at 0x7f8be44a3b80>"], "logger": "gunicorn.error", "level": "error", "timestamp": "2022-08-01T14:10:50.847833Z"}

I think the error comes from this line: https://github.com/eclecticiq/OpenTAXII/blob/e0da85c1bb77ca88042006e764bef2a9183b9646/opentaxii/persistence/sqldb/api.py#L981

marking-definition don't have the field modified raising the above error.