rpiazza
commented
2 years ago Hi @frank7y
They were left out because there were no custom versions of those classes.
What is your use case that make you think you need them?
Closed frank7y closed 2 years ago
rpiazza
commented
2 years ago Hi @frank7y
They were left out because there were no custom versions of those classes.
What is your use case that make you think you need them?
frank7y
commented
2 years ago Hi there, at the moment what I’ve done is subclassing all pattern classes with my own ones. In each one I’ve added my custom methods, primarily for emitting an AST in a more programmatically readable format, ending up with a custom python dictionary. Apart from that, another road I will explore is inserting custom behavior in those components, so as to have something like this: pattern.getIptablesRule(), emitting an iptables command with parameters taken from the pattern IoCs. But that is in the works. Anyway I thought the easiest way to make these mappings for each component was that, and would rather just use the builtin pattern visitor instead of building my own only because certain symbols do not yet allow custom classes.
rpiazza
commented
2 years ago I guess I wasn't thinking about other uses of the pattern visitor other than the slider. It might make sense to merge in this PR, let me discuss it with the team. If we do, you need to "sign" the CLA
Hi, I’m working on a translator of STIX Pattern Expressions and I’m leveraging on the pattern visitor you’ve baked into the framework. I’ve noticed though that some of the Pattern expression symbols/components are not emitted via the instantiate function, that optionally emits custom classes. For now I had to resort to manually editing patterns.py in multiple parts, but it would be great to have already baked in the support for custom subclasses in all elements. This is the list of components where the instantiate function call is missing:
I don’t know if there’s a reason for why those were left out, guess only because they weren’t needed for the slider. Anyway the change to make would be, taking for instance the FollowedByObservationExpression, this: Old:
return FollowedByObservationExpression([children[0], children[2]])New:return self.instantiate("FollowedByObservationExpression", [children[0], children[2]])I will make a PR that addresses this so to have code references.