The stix2 library throws an error for the following scenario:
Indicator(pattern_type="stix", pattern="[url:value = 'http://example.com\'\'\'\'']")
Traceback (most recent call last):
File "", line 1, in
File "/Users/nirmal.neupane/ti-export/ti-export/lib/python3.9/site-packages/stix2/v21/sdo.py", line 250, in init
super(Indicator, self).init(*args, **kwargs)
File "/Users/nirmal.neupane/ti-export/ti-export/lib/python3.9/site-packages/stix2/base.py", line 232, in init
self._check_object_constraints()
File "/Users/nirmal.neupane/ti-export/ti-export/lib/python3.9/site-packages/stix2/v21/sdo.py", line 270, in _check_object_constraints
raise InvalidValueError(self.class, 'pattern', str(errors[0]))
stix2.exceptions.InvalidValueError: Invalid value for Indicator 'pattern': FAIL: Error found at line 1:33. mismatched input '''' expecting ']'
Looks like special characters needs to be escaped using escape characters in the literal string. The following command produces the following literal string:
Indicator(pattern_type="stix", pattern="["+str(stix2.EqualityComparisonExpression(stix2.ObjectPath('url',['value']),'http://example.com\'\'\'\''))+"]")
The stix2 library throws an error for the following scenario:
Indicator(pattern_type="stix", pattern="[url:value = 'http://example.com\'\'\'\'']")
Looks like special characters needs to be escaped using escape characters in the literal string. The following command produces the following literal string:
Indicator(pattern_type="stix", pattern="["+str(stix2.EqualityComparisonExpression(stix2.ObjectPath('url',['value']),'http://example.com\'\'\'\''))+"]")
Therefore, the strings needs to be padded with extra escape characters, or use the stix2.ObjectPath function to encode patterns.