clenk
commented
2 years ago Hi @baulus, we'll work to fix this. Was your bundle missing an id property? Or one of the objects in the bundle?
Closed baulus closed 1 year ago
clenk
commented
2 years ago Hi @baulus, we'll work to fix this. Was your bundle missing an id property? Or one of the objects in the bundle?
baulus
commented
2 years ago Thanks @clenk !
Yes, as we used version 2.0 bundle objects that do not have id properties.
So the best solution would be handling the error and complain that the id property is expected.
profound-wings
commented
2 years ago Hi,
We have encounter similar issue on our system. The system will collect STIX objects from multiple TAXII servers. The STIX obecjts might be 2.0 or 2.1, therefore we using 2.1 bundle to contain the results. We found validator will raise exception when the bundle contains 2.0 ObservedData objects. This exception can be reproduced with following sample code.
from datetime import datetime
from stix2.v20 import ObservedData, DomainName
from stix2.v21 import Campaign, Bundle
from stix2validator import validate_string
sampleTime = datetime.now()
sampleDomain = DomainName(value="example.com")
sampleObserved = ObservedData(first_observed=sampleTime, last_observed=sampleTime, number_observed=1, objects={"0":sampleDomain})
sampleCampaign = Campaign(name="Sample Campaign")
sampleBundle = Bundle(objects=[sampleObserved, sampleCampaign])
validate_string(sampleBundle.serialize())After applied #194 patch, the exception is fixed, but the validation result of this bundle will be invalid.
When no ValidationOptions() is supplied to validate_instance and the instance argument is version 2.0 bundle objects, an unhanded KeyError exception is thrown with a message: 'id'