Closed stmtstk closed 4 years ago
I tried to slide a STIX 2.1 which contains vulnerability to STIX 1.2 by using stix-slider. The vulnerability has an external_references property, and therefore the converted STIX 1.2 has a value like below.
<et:References> <stixCommon:Reference>SOURCE: cve - "some url value"</stixCommon:Refernce> </et:References>
However, the value of stixCommon:Reference must be an anyURI format.
https://stix.mitre.org/language/version1.1/xsddocs/XMLSchema/exploit_target/1.1/stix_common_xsd.html#ReferencesType
I would like to recommend to fix a create_references_for_vulnerability in convert_stix.py like below.
if er["source_name"] == 'cve' and "url" in er: v.add_reference(er["url"])
@stmtstk - good catch!
This will be fixed in the next release of the slider, which is also due soon
@rpiazza
It is my pleasure! I am looking forward to the next release!
Fixed in 2.1
I tried to slide a STIX 2.1 which contains vulnerability to STIX 1.2 by using stix-slider. The vulnerability has an external_references property, and therefore the converted STIX 1.2 has a value like below.
However, the value of stixCommon:Reference must be an anyURI format.
https://stix.mitre.org/language/version1.1/xsddocs/XMLSchema/exploit_target/1.1/stix_common_xsd.html#ReferencesType
I would like to recommend to fix a create_references_for_vulnerability in convert_stix.py like below.