search

muchdogesec / arango_taxii_server

A lightweight TAXII API wrapper for ArangoDB.
GNU Affero General Public License v3.0
2 stars 0 forks source link

Versions shown in POST object (and GET status) are incorrect #17

Open himynamesdave opened 1 week ago

himynamesdave commented 1 week ago 
curl -X 'POST' \
  'http://127.0.0.1:8000/api/taxii2/demo_database/collections/blog/objects/' \
  -H 'accept: application/taxii+json' \
  -H 'Authorization: Basic cmVhZF93cml0ZV91c2VyOnRlc3RpbmcxMjM=' \
  -H 'Content-Type: application/json' \
  -H 'X-CSRFTOKEN: PeGDYiBqxZSTpfQglf9Ns2wjXqxR1DimGbvF809eZftyoPgbG7OtY35bBYcBaKZm' \
  -d '{
  "objects": [
                {
                    "type": "attack-pattern",
                    "spec_version": "2.1",
                    "id": "attack-pattern--6b948b5a-3c09-5365-b48a-da95c3964cb5",
                    "created_by_ref": "identity--d2916708-57b9-5636-8689-62f049e9f727",
                    "created": "2020-01-01T11:21:07.478851Z",
                    "modified": "2020-01-01T11:21:07.478851Z",
                    "name": "Spear Phishing",
                    "description": "Used for tutorial content",
                    "object_marking_refs": ["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"]
                },
                {
                    "type": "attack-pattern",
                    "spec_version": "2.1",
                    "id": "attack-pattern--6b948b5a-3c09-5365-b48a-da95c3964cb5",
                    "created_by_ref": "identity--d2916708-57b9-5636-8689-62f049e9f727",
                    "created": "2020-01-02T11:21:07.478851Z",
                    "modified": "2020-01-02T11:21:07.478851Z",
                    "name": "Spear Phishing Updated ONCE",
                    "description": "Used for tutorial content",
                    "object_marking_refs": ["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"]
                },
                {
                    "type": "attack-pattern",
                    "spec_version": "2.1",
                    "id": "attack-pattern--6b948b5a-3c09-5365-b48a-da95c3964cb5",
                    "created_by_ref": "identity--d2916708-57b9-5636-8689-62f049e9f727",
                    "created": "2020-01-03T11:21:07.478851Z",
                    "modified": "2020-01-03T11:21:07.478851Z",
                    "name": "Spear Phishing Updated TWICE",
                    "description": "Used for tutorial content",
                    "object_marking_refs": ["marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"]
                }
            ]
}'

prints

{
  "id": "da62e209-cf48-40f3-a687-b89b0cde5546",
  "status": "pending",
  "total_count": 3,
  "success_count": 0,
  "successes": [],
  "failure_count": 0,
  "failures": [],
  "pending_count": 3,
  "pendings": [
    {
      "message": null,
      "version": "2024-06-18 09:48:30.879800+00:00",
      "id": "attack-pattern--6b948b5a-3c09-5365-b48a-da95c3964cb5"
    },
    {
      "message": null,
      "version": "2024-06-18 09:48:30.879800+00:00",
      "id": "attack-pattern--6b948b5a-3c09-5365-b48a-da95c3964cb5"
    },
    {
      "message": null,
      "version": "2024-06-18 09:48:30.879800+00:00",
      "id": "attack-pattern--6b948b5a-3c09-5365-b48a-da95c3964cb5"
    }
  ],
  "request_timestamp": "2024-06-18T09:48:30.879800Z"
}

See versions show request time. They should show each modified property for the objects posted.

The exception to this is objects with no modified time, in which case the object _record_modified time is used (which I think is the current behaviour).