search

oasis-open / cti-stix-slider

OASIS TC Open Repository: The repository cti-stix-slider supports development of a Python application to convert STIX 2.0 content to STIX 1.x content
https://cti-stix-slider.readthedocs.io/en/latest/
BSD 3-Clause "New" or "Revised" License
21 stars 15 forks source link

STIX 2.1 observed-data not supported #43

Closed nschwane closed 4 years ago

nschwane commented 4 years ago

When sliding STIX 2.1 observed-data, a KeyError is thrown. The "objects" field in STIX 2.1 is optional and deprecated. This sample observed-data comes from the STIX 2.1 spec (http://docs.oasis-open.org/cti/stix/v2.1/csprd01/stix-v2.1-csprd01.html#_Toc16070679). It also looks like there is not support for the "object_refs" field.

To Reproduce:

>>> from stix2 import v21
>>> from stix2slider import slide_bundle
>>> from stix2slider.options import initialize_options
>>> initialize_options()
>>> objects = [{'type': 'sighting', 'spec_version': '2.1', 'id': 'sighting--ee20065d-2555-424f-ad9e-0f8428623c75', 'created_by_ref': 'identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', 'created': '2016-04-06T20:08:31.000Z', 'modified': '2016-04-06T20:08:31.000Z', 'first_seen': '2015-12-21T19:00:00Z', 'last_seen': '2015-12-21T19:00:01Z', 'count': 50, 'sighting_of_ref': 'indicator--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f', 'observed_data_refs': ['observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf'], 'where_sighted_refs': ['identity--b67d30ff-02ac-498a-92f9-32f845f448ff']}, {'type': 'observed-data', 'spec_version': '2.1', 'id': 'observed-data--b67d30ff-02ac-498a-92f9-32f845f448cf', 'created_by_ref': 'identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', 'created': '2016-04-06T19:58:16.000Z', 'modified': '2016-04-06T19:58:16.000Z', 'first_observed': '2015-12-21T19:00:00Z', 'last_observed': '2016-04-06T19:58:16Z', 'number_observed': 50, 'object_refs': ['file--30038539-3eb6-44bc-a59e-d0d3fe84695a']}]
>>> bundle = v21.Bundle(objects)
>>> slide_bundle(bundle)
Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File ".../cti-stix-slider/stix2slider/__init__.py", line 98, in slide_bundle
    stix_package = convert_bundle(bundle)
  File ".../cti-stix-slider/stix2slider/convert_stix.py", line 1221, in convert_bundle
    pkg.add_observable(convert_observed_data(o))
  File ".../cti-stix-slider/stix2slider/convert_stix.py", line 679, in convert_observed_data
    o1x.object_ = convert_cyber_observables(od2x["objects"], od2x["id"])
  File ".../venv/lib/python3.7/site-packages/stix2/base.py", line 200, in __getitem__
    return self._inner[key]
KeyError: 'objects'
>>>
rpiazza commented 4 years ago

Hi @nschwane,

The slider v2.0 is quite out of date. We are working on the new version, and it is almost ready for release. I'm planning to release it by the end of this month, with the elevator.

The slider is MUCH less downloaded than the elevator, so it hasn't been a priority.

Both the slider and elevator should be up-to-date with the latest specification, which should also be released shortly.