search

oasis-open / cti-python-stix2

OASIS TC Open Repository: Python APIs for STIX 2
https://stix2.readthedocs.io/
BSD 3-Clause "New" or "Revised" License
367 stars 120 forks source link

Issue in property pattern of Indicator object in STIX 2.1 with a plausible and working patch #440

Closed LolloSpring closed 4 years ago

LolloSpring commented 4 years ago

This lines of code in my program

import stix2

malicious_website = stix2.Indicator(
    name = "name_placeholder",
    pattern = "([ipv4-addr:value = 'X.X.X.X' OR ipv4-addr:value = 'X.X.X.X' OR ipv4-addr:value = 'X.X.X.X' OR ipv4-addr:value = 'X.X.X.X' OR ipv4-addr:value = 'X.X.X.X'])",
    pattern_type="stix",
)

produce the following stacktrace error:

Traceback (most recent call last):
  File "/Users/placeholder/Desktop/placeholder/placeholder/placeholder/my_stix.py", line 198, in <module>
    pattern_type="stix",
  File "/Users/placeholder/PycharmProjects/files_project/venv/lib/python3.6/site-packages/stix2/v21/sdo.py", line 207, in __init__
    super(Indicator, self).__init__(*args, **kwargs)
  File "/Users/placeholder/PycharmProjects/files_project/venv/lib/python3.6/site-packages/stix2/base.py", line 213, in __init__
    self._check_object_constraints()
  File "/Users/placeholder/PycharmProjects/files_project/venv/lib/python3.6/site-packages/stix2/v21/sdo.py", line 225, in _check_object_constraints
    errors = run_validator(self.get('pattern'), pat_ver)
TypeError: run_validator() takes 1 positional argument but 2 were given

Digging into the file /Users/placeholder/PycharmProjects/files_project/venv/lib/python3.6/site-packages/stix2/v21/sdo.py, this is line 225 reported in the error stacktrace: errors = run_validator(self.get('pattern'), pat_ver)

By deleting the second argument pat_verand saving the sdo.py file with this new line 225 errors = run_validator(self.get('pattern')) the error seems solved without any side-effect.

Is my patch proposal valid and plausible also for other users? Thanks for your time and dedication!

chisholm commented 4 years ago

I was able to reproduce this error with an old version of stix2-patterns. I suspect your version is old, and the stix2 library was missing a version restriction on its dependency. So stix2-patterns wouldn't have been updated when you updated stix2. I made a PR to hopefully fix this. In the meantime, you could try manually updating stix2-patterns to the latest version and see if the problem goes away.

LolloSpring commented 4 years ago

Yes! By updating manually stix2-pattern to the latest version (in my case version 1.3.1.), the problem goes away! Thank you for your dedication and for your intuition on how to solve the problem: that it is the right path!