python - Having trouble creating stix2 bundle when a list of SDO are passed
问题描述
I have a Indicator object and a list (contains list of Notes). When I try to create bundle of them, I get below error. However, when I just pass the list that contains Notes, it works fine.
Error:
InvalidValueError: Invalid value for Bundle 'objects': This property may only
contain a dictionary or object
Code:
import datetime
from stix2 import Note, Bundle, Indicator
mem = stix2.MemoryStore()
datetime = datetime.datetime.today().strftime('%Y-%m-%d-%H:%M:%S')
ind1 = Indicator(
indicator_types=['malicious-activity'],
pattern_type="stix",
pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
valid_from="2017-01-01T12:34:56Z",
)
Note_list = [
Note(type='note', spec_version='2.1', id='note--830ca0aa-75b7-4526-865c-b4f9ded77735', created_by_ref='identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', created='2020-08-21T20:18:48.839396Z', modified='2020-08-21T20:18:48.839396Z', abstract='Cyber Bulletin Comment 1', content='Issue 1', object_refs=['report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3'], object_marking_refs=['marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9']),
Note(type='note', spec_version='2.1', id='note--f2362c5a-5c06-40a1-a678-db875dbee714', created_by_ref='identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', created='2020-08-21T20:18:48.840376Z', modified='2020-08-21T20:18:48.840376Z', abstract='Comment 2', content='Issue 2', object_refs=['report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3'], object_marking_refs=['marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9']),
Note(type='note', spec_version='2.1', id='note--72fe7b65-4055-424f-b201-99e8dde86f86', created_by_ref='identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', created='2020-08-21T20:18:48.840538Z', modified='2020-08-21T20:18:48.840538Z', abstract='Cyber Bulletin Comment 3', content="Issue 3", object_refs=['report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3'], object_marking_refs=['marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9'])
]
bundle = Bundle([ind1 , Note_list])
print(bundle)
解决方案
实际上,您提供的错误只是您在这种情况下所拥有的 4 个错误中的 1 个(链中的 4 个异常,在 PEP 3134 的意义上)。完整链看起来像这样(为简洁起见,仅显示异常 reprs)并且已经有了线索。
Traceback (most recent call last):
...
ValueError: dictionary update sequence element #0 has length 11; 2 is required
During handling of the above exception, another exception occurred:
...
ValueError: Cannot convert '[Note(...), Note(...), Note(...)]' to dictionary.
During handling of the above exception, another exception occurred:
...
ValueError: This property may only contain a dictionary or object
The above exception was the direct cause of the following exception:
...
InvalidValueError: Invalid value for Bundle 'objects': This property may only
contain a dictionary or object
快速浏览一下就表明stix2.Note
传递给捆绑包的构造函数的列表基本上有问题。
包的文档stix2
没有关于包的广泛,所以我将直接指向你的初始化stix2.v21.Bundle
程序。您可以看到它非常灵活,并接受来自的对象或对象列表*args
(实际上还有它们的字典或 JSON 字符串表示形式,从那里看不出来)。但它显然不接受像[Indicator(...), [Note(...), Note(...), Note(...)]]
.
所以正确的实例化stix2.Bundle
是:
Bundle(ind1, Note_list)
Bundle(ind1, *Note_list)
Bundle([ind1] + Note_list)
推荐阅读
- python - 在python中返回一个字符串并且只得到一个空数组
- mysql - 使用 SQL 识别和标记记录时间
- python - Solver (baron) 返回非零返回码 (1)
- .net - 搜索 Microsoft.Extensions.Caching.Memory.MemoryCache 的源代码
- html - 如何根据容器而不是屏幕大小来提供图像大小
- scala - 哪种方式是使用 Scala 在 Play Framework 中进行路由的更好做法?
- ios - Swift 使用小型大写字母
- angular - 如何使用 @ngrx/data 自定义减速器?
- angular - 对预检请求的响应未通过访问,并且不存在“Access-Control-Allow-Origin”标头。使用 [HttpPost] 时
- php - 循环中的引导网格