When you run the following code (as provided in our reference documentation here):
from mitreattack.navlayers import Layer
from mitreattack.navlayers import ToSvg, SVGConfig
lay = Layer()
lay.from_file("path/to/layer/file.json")
# Using taxii server for template
t = ToSvg(domain=lay.layer.domain, source='taxii')
t.to_svg(layerInit=lay, filepath="demo.svg")
#Using local stix data for template
The following warnings are reported ad infinitum (in a perpetual loop):
[taxii2client.v20] [WARNING ] [2023-08-28 12:44:57,819] TAXII Server Response did not include 'Content-Range' header - results could be incomplete.
[taxii2client.v20] [WARNING ] [2023-08-28 12:44:57,820] TAXII Server Response with different amount of objects! Setting per_request=1
[taxii2client.v20] [WARNING ] [2023-08-28 12:45:00,746] TAXII Server Response did not include 'Content-Range' header - results could be incomplete.
[taxii2client.v20] [WARNING ] [2023-08-28 12:45:00,747] TAXII Server Response with different amount of objects! Setting per_request=1
[taxii2client.v20] [WARNING ] [2023-08-28 12:45:05,395] TAXII Server Response did not include 'Content-Range' header - results could be incomplete.
[taxii2client.v20] [WARNING ] [2023-08-28 12:45:05,396] TAXII Server Response with different amount of objects! Setting per_request=1
Context
The error stems from MITRE's TAXII 2.0 server not being fully compliant with the TAXII 2.0 spec; specifically in that it omits the Content-Range header in HTTP responses. The mitreattack-python code uses a third party library (provided by OASIS) to interface with the TAXII server: cti-taxii-client. This is not maintained by us. You can actually see how those warnings are being logged here. This discrepancy is due to our TAXII 2.0 server implementation not supporting pagination.
However, it’s unusual that the mitreattack-python API is setting pagination on these downstream requests (as observed by the per_request=1 string in the above logs), so we’re investigating that.
Possible Solution
Implement pagination on the TAXII 2.0 server. This is unlikely given the age and projected lifespan of the server.
Identify the source of where per_request=1 is getting set and either unset it or set it to zero to effectively disable pagination.
Bug Description
When you run the following code (as provided in our reference documentation here):
The following warnings are reported ad infinitum (in a perpetual loop):
Context
The error stems from MITRE's TAXII 2.0 server not being fully compliant with the TAXII 2.0 spec; specifically in that it omits the
Content-Rangeheader in HTTP responses. The mitreattack-python code uses a third party library (provided by OASIS) to interface with the TAXII server: cti-taxii-client. This is not maintained by us. You can actually see how those warnings are being logged here. This discrepancy is due to our TAXII 2.0 server implementation not supporting pagination.However, it’s unusual that the mitreattack-python API is setting pagination on these downstream requests (as observed by the
per_request=1string in the above logs), so we’re investigating that.Possible Solution
per_request=1is getting set and either unset it or set it to zero to effectively disable pagination.