Open himynamesdave opened 1 week ago
@fqrious I noticed the docs for this were wrong. I have updated to cover this case.
This is kinda hard to implement, what do you think about using a default created time and a modified time instead? if we have the default creation time as 2020-01-01, there won't be a need to query the database for existing date first.
created: 2020-01-01
modified: <current-time>
@fqrious we won't be able to get away with that.
created
time is important.
If this logic is complex, can't we just implement the same logic that already exists for updating SDOs (that is other objects with created
and modified
times? That is very similar to this approach, and would achieve the same thing?
No, existing SDOs come with their own created time, we don't need to probe for old upload's created time for anything
yea, my point being, why don't we just do this here (for relationships that is)?
That way we don't need to probe modified time, and the behaviour across all objects with modified and created properties is the same?
This is different to the spec above, but seems like a good solution, if you think so too?
Currently embedded relationship objects created by stix2arango get their created
and modified
times from the source object.
This is the cause of this issue, because not all src objects have this time.
So this means for any embedded relationships being generated with a stix src object with no modified
or created
times, the embedded relationship objects generated for them should NOT have either a created or modified time.
Note, some src object only contain a created
time. In this case, the relationships created from it should inherit a created time, but no modified time
In short, any embedded relationships created by stix2arango should have created and modified properties that match the source object they were created from. If they don't exist, don't include them
Oh, you're saying it shouldn't be null
... The key should just not be on the object?
That it?
Yes, as simple as that
This appears to have occurred since: https://github.com/muchdogesec/stix2arango/pull/14
However, this cannot be 100% validated.
Running
See the
modified
andcreated
times in_is_ref
objects isnull
EXPECTED
Expected output is
Note,
created
is first time this relationshipid
was generated, and should never be changedOn first creation,
created
andmodified
times are the same. If any updates to this embedded relationship happen (id
) then the new object has the samecreated
time, but an increased modified time.ANALYSIS
Currently embedded SROs try to hook into the created and modified time of the source_ref object
This approach causes failures b/c SROs (e.g. ipv4-addr, crytocurrency-wallet, etc) do not have created and modified properties.
Hence you need to use the server creation time, but also have the logic to keep the
created
time for theid
persistent when updates happen to original objects that contain the embedded refs these properties belong to.TESTS
I've added some tests for this
https://github.com/muchdogesec/stix2arango/commit/e2088134e5a21651d04a34b3809d27119e3be987