stix2.exceptions.InvalidValueError: Invalid value for ObservedData 'objects': Invalid value for URL 'extensions': The enclosing type 'url' has no extensions defined

oasis-open / cti-python-stix2

OASIS TC Open Repository: Python APIs for STIX 2

https://stix2.readthedocs.io/

BSD 3-Clause "New" or "Revised" License

367 stars 120 forks source link

stix2.exceptions.InvalidValueError: Invalid value for ObservedData 'objects': Invalid value for URL 'extensions': The enclosing type 'url' has no extensions defined #212

Closed lyiqian closed 5 years ago

lyiqian commented 6 years ago

According to the stix2 standard, URL observables have extensions Common Properties. But I encountered this error when I tried to add a custom extension to a URL observable.

clenk commented 6 years ago

Hi @liu1000! Did you try first defining the custom extension as described here: https://stix2.readthedocs.io/en/latest/guide/custom.html#Custom-Cyber-Observable-Extensions?

lyiqian commented 6 years ago

Hi @clenk thanks for the reply! First defining a custom extension for URL works for me.

@stix2.CustomExtension(stix2.URL, 'x-observable-ext', [
    ('indicators', stix2.properties.ListProperty(contained=dict, required=False)),
])
class ObservableExtension:
    pass

Just one more thing I thought worth mentioning: I used SDO classes but not observable classes in this module. Even if I didn't first define the custom extension, there was no errors when I added it to File or Process observables, which have built-in extensions defined. This is inconsistent in my opinion.

clenk commented 6 years ago

Hello again @liu1000. I haven't been able to replicate what you mentioned. I think without first defining the custom extension you would get an error saying "Can't parse unknown extension type: x-observable-ext". Could you provide example code that has the inconsistency you mentioned and doesn't give an error?

lyiqian commented 5 years ago

Hi @clenk , here is the example code:

import stix2

file_sdo = stix2.ObservedData(
    allow_custom=True,  # note this is set
    first_observed="2017-02-12T19:11:11.232Z",
    last_observed="2017-02-12T19:11:11.232Z",
    number_observed=1,
    objects={
        "0": {
            "type": "file",
            "name": "bar.txt",
            "extensions": {
                "x-observable-ext": {
                    "len": 1,
                }
            }
        }
    }
)
print("Created file_sdo with custom extensions without first defining it!")
print(file_sdo)

url_sdo = stix2.ObservedData(
    allow_custom=True,  # note this is set
    first_observed="2017-02-12T19:11:11.232Z",
    last_observed="2017-02-12T19:11:11.232Z",
    number_observed=1,
    objects={
        "0": {
            "type": "url",
            "value": "https://www.google.ca",
            "extensions": {
                "x-observable-ext": {
                    "len": 1,
                }
            }
        }
    }
)

clenk commented 5 years ago

Thanks, @liu1000; a fix is on the way.