Bug: converter fails to convert STIX directory object required and optional fields #61
Open
1 task done
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
MISP-STIX usage
Using the misp_stix_converter script to import STIX into MISP
Expected behavior
The converter was expected to generate a MISP file with the information from the STIX file. The data elements in the STIX file are not represented in the MISP file.
If the converter failed to process part or all of the file, then in normal mode we expected to see a warning about that instead of simply seeing a message about the successful conversion of the file.
Actual behavior
The conversion of a STIX file reported that it successfully processed the file and gave no warnings or indications that the data from the file had not been successfully processed. The file generated had none of the data items from the directory object that was in the STIX file.
When run in normal mode, no error or warning is provided and successful conversion is reported. See console output below:
The output of the converter is the following:
Successfully processed your file. Results available in:
And the resultant file contained the following contents (which did not include the path or the timestamps from the STIX file):
The resulting misp output has no information about the directory. See the misp provided as output below:
{
"uuid": "fecaf84a-9648-4628-8e75-7ae4e713b3d1",
"info": "STIX 2.1 Bundle imported with the MISP-STIX import feature.",
"distribution": "0",
"published": false
}
When run with the debug flag the following error is displayed:
Errors encountered during the STIX to MISP conversion process:
getattr(self.observable_object_parser, to_call)(object_id)
File "/var/local/misp/misp-stix/v2.4.183/frompip/venv399misp183/lib/python3.9/site-packages/misp_stix_converter/stix2misp/converters/stix2_observable_objects_converter.py", line 126, in _parse_directory_observable_object
attributes = tuple(self._parse_directory_observable(directory))
File "/var/local/misp/misp-stix/v2.4.183/frompip/venv399misp183/lib/python3.9/site-packages/misp_stix_converter/stix2misp/converters/stix2_observable_converter.py", line 550, in _parse_directory_observable
yield from self._populate_object_attributes(
File "/var/local/misp/misp-stix/v2.4.183/frompip/venv399misp183/lib/python3.9/site-packages/misp_stix_converter/stix2misp/converters/stix2converter.py", line 117, in _populate_object_attributes
reference = f"{object_id} - {mapping['object_relation']}"
'object_relation'
Steps to reproduce
misp_stix_converter import --version 2 -f ./stix-input/small_stix_directory.json --output_name ./misp-output/misp_from_small_stix_directory.json
where small_stix_directory.json contains the following:
{
"type": "bundle",
"id": "bundle--fecaf84a-9648-4628-8e75-7ae4e713b3d1",
"objects": [
{
"type": "directory",
"spec_version": "2.1",
"path": "/policy/drop.pdf",
"path_enc": "character",
"ctime": "2021-07-17T05:07:53Z",
"mtime": "2020-03-21T20:27:06Z",
"atime": "2020-12-06T13:53:21Z",
"id": "directory--92b0db6d-c396-4dfd-a6e1-5a0aef1e615c",
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Version
2.4.183
Python version
3.9.9
Relevant log output
Extra attachments
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: