Entropy of WinExecutableFile hinders elevator

dasfreak commented 7 years ago

Hi everyone,

I encountered the following error while updating a STIX 1.2 report:

File "/home/XXX/.local/lib/python2.7/site-packages/stix2elevator/convert_pattern.py", line 621, in convert_windows_executable_file_to_pattern s.entropy.condition, AttributeError: 'Entropy' object has no attribute 'condition'

These are my installed pip packages:

stix (1.2.0.4)
stix-validator (2.5.0)
stix2-elevator (1.0.0)
stix2-patterns (0.4.1)
stix2-validator (0.4.0)
pycountry (17.5.14)
lxml (3.8.0)
cybox (2.1.0.14)

The part in the STIX report that causes the error (without it updates just fine):

`

7.74202363178 ` even if I change these lines and add a condition it won't succeed. ` 7.74202363178 `

rpiazza commented 7 years ago

What error do you get when you include the condition??

dasfreak commented 7 years ago

The same error message as without.

rpiazza commented 7 years ago

Would it be possible to include the xml file, so I can test the fix?

dasfreak commented 7 years ago

Here you go, I changed the fileextension to txt since GutHub does not support xml upload.

apt1.txt

rpiazza commented 7 years ago

Thanks for the file. There is an easy fix for the entropy bug - I didn't notice that CybOX allows for a min and max entropy in addition to a value. However, I noticed that the registry key indicators in that file were not converted. That seems like a more serious bug. I will fix both and push the code soon.

rpiazza commented 7 years ago

Fixed in commit https://github.com/oasis-open/cti-stix-elevator/commit/e1ee09fc23637be820c6dc16bd33f5e523beb4aa

oasis-open / cti-stix-elevator

Entropy of WinExecutableFile hinders elevator #62