Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix create attribute Tag in fn_misp #63

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix create attribute Tag in fn_misp #63

wants to merge 1 commit into from

Conversation

grenierd
Copy link

Description

When I tried to add a tag to an attribute, I got this error :

Traceback (most recent call last): 
File "/opt/app-root/lib/python3.6/site-packages/fn_misp/components/misp_create_tag.py", line 68, in _misp_create_tag_function
tag_result = misp_helper.create_tag(misp_client, misp_attribute_value, misp_tag_type, misp_tag_name, misp_event_id) 
File "/opt/app-root/lib/python3.6/site-packages/fn_misp/lib/misp_3_helper.py", line 123, in create_tag object_uuid = get_attribute_uuid(misp_client, misp_attribute_value, misp_event_id) 
File "/opt/app-root/lib/python3.6/site-packages/fn_misp/lib/misp_3_helper.py", line 106, in get_attribute_uuid if not event_response['Event']['Attribute']: KeyError: 'Event'

So it seems that the Event is not retrieved correctly in the function get_attribute_uuid.
Indeed, the misp_client.get_event function get an event in parameter, which has to be initialized with the uuid. Setting event.id doesn't seems to work at all, so I just changed the event object creation and set the uuid.

Motivation and Context

It seems the function create tag doesn't work at all when the misp_tag_type is "attribute". (ok with "event" type)

How Has This Been Tested?

I tried the patch in a development environment (docker) in python 3. Did not tried to reproduce the bug in python2, but it seems to be likely the same.
In that lib, I've also checked the function get_misp_sighting_list which behave the same way, with an event.id. And it works as expected, quite weird from the pymisp client.

Checklist:

  • I have added a Signed-off-by
  • Either no new documentation is required by this change, OR I added new documentation
  • Either no new tests are required by this change, OR I added new tests
  • [] I have run pep8 and pylint. I have cleaned up all valid errors and warnings in code I have added or modified. These tools may generate false positives. Don't be worried about ignoring some errors or warnings. The goal is clean, consistent, and readable code.

Signed-off-by: grenierd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@grenierd