时间戳

首页 > 解决方案 > Having trouble creating stix2 bundle when a list of SDO are passed

python - Having trouble creating stix2 bundle when a list of SDO are passed

问题描述

I have a Indicator object and a list (contains list of Notes). When I try to create bundle of them, I get below error. However, when I just pass the list that contains Notes, it works fine.

Error:

InvalidValueError: Invalid value for Bundle 'objects': This property may only 
contain a dictionary or object

Code:

import datetime
from stix2 import Note, Bundle, Indicator

mem = stix2.MemoryStore()
datetime = datetime.datetime.today().strftime('%Y-%m-%d-%H:%M:%S')

ind1 = Indicator(
    indicator_types=['malicious-activity'],
    pattern_type="stix",
    pattern="[file:hashes.MD5 = 'd41d8cd98f00b204e9800998ecf8427e']",
    valid_from="2017-01-01T12:34:56Z",
)

Note_list = [
    Note(type='note', spec_version='2.1', id='note--830ca0aa-75b7-4526-865c-b4f9ded77735', created_by_ref='identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', created='2020-08-21T20:18:48.839396Z', modified='2020-08-21T20:18:48.839396Z', abstract='Cyber Bulletin Comment 1', content='Issue 1', object_refs=['report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3'], object_marking_refs=['marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9']), 
    Note(type='note', spec_version='2.1', id='note--f2362c5a-5c06-40a1-a678-db875dbee714', created_by_ref='identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', created='2020-08-21T20:18:48.840376Z', modified='2020-08-21T20:18:48.840376Z', abstract='Comment 2', content='Issue 2', object_refs=['report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3'], object_marking_refs=['marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9']), 
    Note(type='note', spec_version='2.1', id='note--72fe7b65-4055-424f-b201-99e8dde86f86', created_by_ref='identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', created='2020-08-21T20:18:48.840538Z', modified='2020-08-21T20:18:48.840538Z', abstract='Cyber Bulletin Comment 3', content="Issue 3", object_refs=['report--84e4d88f-44ea-4bcd-bbf3-b2c1c320bcb3'], object_marking_refs=['marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9'])
]

bundle = Bundle([ind1 , Note_list])
print(bundle)

标签: python

解决方案

实际上,您提供的错误只是您在这种情况下所拥有的 4 个错误中的 1 个(链中的 4 个异常,在 PEP 3134 的意义上)。完整链看起来像这样(为简洁起见,仅显示异常 reprs)并且已经有了线索。

Traceback (most recent call last):
...
ValueError: dictionary update sequence element #0 has length 11; 2 is required

During handling of the above exception, another exception occurred:
...
ValueError: Cannot convert '[Note(...), Note(...), Note(...)]' to dictionary.

During handling of the above exception, another exception occurred:
...
ValueError: This property may only contain a dictionary or object

The above exception was the direct cause of the following exception:
...
InvalidValueError: Invalid value for Bundle 'objects': This property may only 
contain a dictionary or object

快速浏览一下就表明stix2.Note传递给捆绑包的构造函数的列表基本上有问题。

包的文档stix2没有关于包的广泛,所以我将直接指向你的初始化stix2.v21.Bundle程序。您可以看到它非常灵活,并接受来自的对象或对象列表*args(实际上还有它们的字典或 JSON 字符串表示形式,从那里看不出来)。但它显然不接受像[Indicator(...), [Note(...), Note(...), Note(...)]].

所以正确的实例化stix2.Bundle是:

  • Bundle(ind1, Note_list)
  • Bundle(ind1, *Note_list)
  • Bundle([ind1] + Note_list)

推荐阅读