When loading a valid TLP2.0marking-definition object such as this, the library will error in stix2.exceptions.TLPMarkingDefinitionError. While the STIX 2.1 spec section 7.2.1.4, doesn't explicitly allow other values, this library should likely have an option to loosely load without validating this element rather than requiring users to use the deprecated TLP markings.
$ python ingest.py
Traceback (most recent call last):
File "/Users/foo/Code/ingest.py", line 8, in <module>
src = MemoryStore(stix_data=stix_json["objects"])
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/datastore/memory.py", line 119, in __init__
_add(self, stix_data, allow_custom, version)
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/datastore/memory.py", line 35, in _add
_add(store, stix_obj, allow_custom, version)
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/datastore/memory.py", line 47, in _add
stix_obj = parse(stix_data, allow_custom, version)
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/parsing.py", line 40, in parse
obj = dict_to_stix2(obj, allow_custom, version)
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/parsing.py", line 99, in dict_to_stix2
return obj_class(allow_custom=allow_custom, **stix_dict)
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/v21/common.py", line 226, in __init__
super(MarkingDefinition, self).__init__(**kwargs)
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/base.py", line 232, in __init__
self._check_object_constraints()
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/v21/common.py", line 242, in _check_object_constraints
check_tlp_marking(self, '2.1')
File "/Users/foo/Library/Python/3.9/lib/python/site-packages/stix2/markings/utils.py", line 332, in check_tlp_marking
raise exceptions.TLPMarkingDefinitionError(marking_obj["id"], "Does not match any TLP Marking definition")
stix2.exceptions.TLPMarkingDefinitionError: Marking marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9 does not match spec marking Does not match any TLP Marking definition!
If y'all are OK with loosing validation for new TLP versions in this library I'd be happy to send a PR with the fixes
The old definition/definition_type marking structure is deprecated anyway. The new way to define markings is via extensions. I believe definitions for those markings have been added to the common object repository. Looks like the "clear" marking is here. The TLP 2.0 extension definition is here.
When loading a valid TLP2.0
marking-definition
object such as this, the library will error instix2.exceptions.TLPMarkingDefinitionError
. While the STIX 2.1 spec section 7.2.1.4, doesn't explicitly allow other values, this library should likely have an option to loosely load without validating this element rather than requiring users to use the deprecated TLP markings.If y'all are OK with loosing validation for new TLP versions in this library I'd be happy to send a PR with the fixes