search

oasis-open / cti-stix-slider

OASIS TC Open Repository: The repository cti-stix-slider supports development of a Python application to convert STIX 2.0 content to STIX 1.x content
https://cti-stix-slider.readthedocs.io/en/latest/
BSD 3-Clause "New" or "Revised" License
21 stars 15 forks source link

stixCommon:Reference value must be an anyURI format. #44

Closed stmtstk closed 4 years ago

stmtstk commented 4 years ago

I tried to slide a STIX 2.1 which contains vulnerability to STIX 1.2 by using stix-slider. The vulnerability has an external_references property, and therefore the converted STIX 1.2 has a value like below.

<et:References>
    <stixCommon:Reference>SOURCE: cve - "some url value"</stixCommon:Refernce>
</et:References>

However, the value of stixCommon:Reference must be an anyURI format.

https://stix.mitre.org/language/version1.1/xsddocs/XMLSchema/exploit_target/1.1/stix_common_xsd.html#ReferencesType

I would like to recommend to fix a create_references_for_vulnerability in convert_stix.py like below.

        if er["source_name"] == 'cve' and "url" in er:
            v.add_reference(er["url"])
rpiazza commented 4 years ago

@stmtstk - good catch!

This will be fixed in the next release of the slider, which is also due soon

stmtstk commented 4 years ago

@rpiazza

It is my pleasure! I am looking forward to the next release!

rpiazza commented 4 years ago

Fixed in 2.1