Skip to content

Commit b86ff15

Browse files
author
Samuel Hassine
committed
[client] Fix dates in the future during import (OpenCTI-Platform#68, OpenCTI-Platform#66)
1 parent 425f140 commit b86ff15

File tree

4 files changed

+41
-34
lines changed

4 files changed

+41
-34
lines changed

examples/import_stix2_file.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@
33
from pycti import OpenCTIApiClient
44

55
# Variables
6-
api_url = "http://localhost:4000"
7-
api_token = "0b23f787-d013-41a8-8078-97bee84cc99d"
6+
api_url = "https://demo.opencti.io"
7+
api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
88

99
# OpenCTI initialization
1010
opencti_api_client = OpenCTIApiClient(api_url, api_token)

pycti/entities/opencti_stix_observable.py

+5-2
Original file line numberDiff line numberDiff line change
@@ -374,7 +374,10 @@ def update_field(self, **kwargs):
374374
result["data"]["stixObservableEdit"]["fieldPatch"]
375375
)
376376
else:
377-
self.opencti.log("error", "[opencti_stix_observable_update_field] Missing parameters: id and key and value")
377+
self.opencti.log(
378+
"error",
379+
"[opencti_stix_observable_update_field] Missing parameters: id and key and value",
380+
)
378381
return None
379382

380383
"""
@@ -498,4 +501,4 @@ def update_created_by_ref(self, **kwargs):
498501

499502
else:
500503
self.opencti.log("error", "Missing parameters: id and identity_id")
501-
return False
504+
return False

pycti/utils/opencti_stix2.py

+33-29
Original file line numberDiff line numberDiff line change
@@ -295,19 +295,21 @@ def extract_embedded_relationships(self, stix_object, types=None):
295295
# Extract date
296296
try:
297297
if "description" in external_reference:
298-
matches = list(
299-
datefinder.find_dates(external_reference["description"])
298+
matches = datefinder.find_dates(
299+
external_reference["description"]
300300
)
301301
else:
302-
matches = list(datefinder.find_dates(source_name))
302+
matches = datefinder.find_dates(source_name)
303303
except:
304-
matches = []
305-
if len(matches) > 0:
306-
published = list(matches)[0].strftime("%Y-%m-%dT%H:%M:%SZ")
307-
else:
308-
published = datetime.datetime.today().strftime(
309-
"%Y-%m-%dT%H:%M:%SZ"
310-
)
304+
matches = None
305+
published = None
306+
today = datetime.datetime.today()
307+
if matches is not None:
308+
for match in matches:
309+
if match < today:
310+
published = match.strftime("%Y-%m-%dT%H:%M:%SZ")
311+
if published is None:
312+
published = today.strftime("%Y-%m-%dT%H:%M:%SZ")
311313

312314
if "mitre" in source_name and "name" in stix_object:
313315
title = "[MITRE ATT&CK] " + stix_object["name"]
@@ -595,25 +597,23 @@ def import_relationship(self, stix_relation, update=False, types=None):
595597
for external_reference in stix_relation["external_references"]:
596598
try:
597599
if "description" in external_reference:
598-
matches = list(
599-
datefinder.find_dates(external_reference["description"])
600+
matches = datefinder.find_dates(
601+
external_reference["description"]
600602
)
601603
else:
602-
matches = list(
603-
datefinder.find_dates(external_reference["source_name"])
604+
matches = datefinder.find_dates(
605+
external_reference["source_name"]
604606
)
605607
except:
606-
matches = []
607-
if len(matches) > 0:
608-
date = matches[0].strftime("%Y-%m-%dT%H:%M:%SZ")
609-
else:
610-
date = datetime.datetime.today().strftime("%Y-%m-%dT%H:%M:%SZ")
608+
matches = None
609+
date = None
610+
today = datetime.datetime.today()
611+
if matches is not None:
612+
for match in matches:
613+
if match < today:
614+
date = match.strftime("%Y-%m-%dT%H:%M:%SZ")
611615
if date is None:
612-
date = (
613-
datetime.datetime.utcnow()
614-
.replace(microsecond=0, tzinfo=datetime.timezone.utc)
615-
.isoformat()
616-
)
616+
date = datetime.datetime.today().strftime("%Y-%m-%dT%H:%M:%SZ")
617617

618618
stix_relation_result = None
619619
if StixObservableRelationTypes.has_value(stix_relation["relationship_type"]):
@@ -1284,11 +1284,15 @@ def prepare_export(
12841284
observables_stix_ids = (
12851285
observables_stix_ids + observable_object_data["stixIds"]
12861286
)
1287-
if stix_object['type'] == 'report':
1288-
if 'object_refs' in stix_object:
1289-
stix_object['object_refs'].append(observable_object_data['observedData']['id'])
1287+
if stix_object["type"] == "report":
1288+
if "object_refs" in stix_object:
1289+
stix_object["object_refs"].append(
1290+
observable_object_data["observedData"]["id"]
1291+
)
12901292
else:
1291-
stix_object['object_refs'] = [observable_object_data['observedData']['id']]
1293+
stix_object["object_refs"] = [
1294+
observable_object_data["observedData"]["id"]
1295+
]
12921296
result.append(stix_object)
12931297

12941298
if mode == "simple":
@@ -1387,7 +1391,7 @@ def prepare_export(
13871391
final_result = []
13881392
for entity in result:
13891393
if entity["type"] == "report":
1390-
if 'object_refs' in entity:
1394+
if "object_refs" in entity:
13911395
entity["object_refs"] = [
13921396
k for k in entity["object_refs"] if k in uuids
13931397
]

setup.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
print("warning: pypandoc module not found, could not convert Markdown to RST")
1414
read_md = lambda f: open(f, "r").read()
1515

16-
VERSION = "3.0.2"
16+
VERSION = "3.0.3"
1717

1818

1919
class VerifyVersionCommand(install):

0 commit comments

Comments
 (0)