search

muchdogesec / arango_cti_processor

A small script that creates relationships between common CTI knowledge-bases in STIX 2.1 format.
https://www.dogesec.com/
GNU Affero General Public License v3.0
3 stars 0 forks source link

Aging out of _is_ref objects is not correct #20

Open himynamesdave opened 1 month ago

himynamesdave commented 1 month ago

TEST 10.0: Test IGNORE_EMBEDDED_RELATIONSHIPS = false

Uses cve-cpe test data (same import as test 6.0)

python3 -m unittest tests/test_10_0_ignore_embedded_relationships_f.py

TEST 10.1: Test update to objects where IGNORE_EMBEDDED_RELATIONSHIPS = false

This time uses 6.1 test import. 

python3 -m unittest tests/test_10_1_ignore_embedded_relationships_f.py

TEST 10.2: Test removed objects where IGNORE_EMBEDDED_RELATIONSHIPS = false

This time uses 6.2 test import.

python3 -m unittest tests/test_10_2_ignore_embedded_relationships_f.py

Issue

in test 10, one of the SROs generated by arango_cti_processor is marked as _is_latest = false

Thus, the _is_ref SROs for the relationship should also be aged out

Debug

This is actually a core stix2arango issue

https://github.com/muchdogesec/stix2arango/issues/22

fqrious commented 1 week ago

I think this is already fixed in s2a, I'm just waiting for it to be merged so I can adjust on this side...

himynamesdave commented 1 week ago

I just merged your fixes in s2a to main branch.

https://github.com/muchdogesec/stix2arango/pull/24

himynamesdave commented 6 days ago

blocked by #29