[client] Fix the direction of exported relations in STIX2

Samuel Hassine · Samuel Hassine · commit 607c3d5b827e · 2020-02-12T11:00:18.000+01:00
diff --git a/examples/add_external_reference_to_report.py b/examples/add_external_reference_to_report.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/add_organization_to_sector.py b/examples/add_organization_to_sector.py
@@ -6,7 +6,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/add_tag_to_malware.py b/examples/add_tag_to_malware.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/add_tool_usage_to_intrusion-set.py b/examples/add_tool_usage_to_intrusion-set.py
@@ -7,7 +7,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_campaign_attributed-to_intrusion_set.py b/examples/create_campaign_attributed-to_intrusion_set.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_hashes_and_link_together.py b/examples/create_hashes_and_link_together.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_incident_with_ttps_and_indicators.py b/examples/create_incident_with_ttps_and_indicators.py
@@ -7,7 +7,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_indicator_of_campaign.py b/examples/create_indicator_of_campaign.py
@@ -7,7 +7,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_intrusion_set.py b/examples/create_intrusion_set.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_ip_address_resolves_domain.py b/examples/create_ip_address_resolves_domain.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_marking_definition.py b/examples/create_marking_definition.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/create_report_with_author.py b/examples/create_report_with_author.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/delete_intrusion_set.py b/examples/delete_intrusion_set.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/delete_relation.py b/examples/delete_relation.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_async_of_indicators.py b/examples/export_async_of_indicators.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_async_of_malware.py b/examples/export_async_of_malware.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_incident_stix2.py b/examples/export_incident_stix2.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
@@ -22,4 +22,4 @@
 # Write the bundle
 f = open("My new incident.json", "w")
 f.write(json_bundle)
-f.close()
+f.close()
diff --git a/examples/export_incidents_stix2.py b/examples/export_incidents_stix2.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_intrusion_set_stix2.py b/examples/export_intrusion_set_stix2.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/export_report_stix2.py b/examples/export_report_stix2.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_all_indicators.py b/examples/get_all_indicators.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_attack_pattern_by_mitre_id.py b/examples/get_attack_pattern_by_mitre_id.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_entity_by_name_or_alias.py b/examples/get_entity_by_name_or_alias.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_indicators_of_intrusion_set.py b/examples/get_indicators_of_intrusion_set.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_malwares_of_intrusion_set.py b/examples/get_malwares_of_intrusion_set.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_marking_definitions.py b/examples/get_marking_definitions.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/get_reports_about_intrusion_set.py b/examples/get_reports_about_intrusion_set.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/import_stix2_file.py b/examples/import_stix2_file.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/search_attack_pattern.py b/examples/search_attack_pattern.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/search_malware.py b/examples/search_malware.py
@@ -4,7 +4,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/update_entity_attribute.py b/examples/update_entity_attribute.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/upload_file.py b/examples/upload_file.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/examples/upload_file_to_intrusion_set.py b/examples/upload_file_to_intrusion_set.py
@@ -5,7 +5,7 @@
 
 # Variables
 api_url = "https://demo.opencti.io"
-api_token = "609caced-7610-4c84-80b4-f3a380d1939b"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)
diff --git a/pycti/entities/opencti_stix_relation.py b/pycti/entities/opencti_stix_relation.py
@@ -23,6 +23,7 @@ def __init__(self, opencti):
             modified
             created_at
             updated_at
+            fromRole
             from {
                 id
                 stix_id_key
@@ -32,6 +33,7 @@ def __init__(self, opencti):
                     description
                 }
             }
+            toRole
             to {
                 id
                 stix_id_key
@@ -625,16 +627,26 @@ def to_stix2(self, **kwargs):
         if id is not None and entity is None:
             entity = self.read(id=id)
         if entity is not None:
+            roles = self.opencti.resolve_role(entity["relationship_type"], entity["from"]["entity_type"], entity["to"]["entity_type"])
+            if roles is not None:
+                final_from_id = entity["from"]["stix_id_key"]
+                final_to_id = entity["to"]["stix_id_key"]
+            else:
+                roles = self.opencti.resolve_role(entity["relationship_type"], entity["to"]["entity_type"], entity["from"]["entity_type"])
+                if roles is not None:
+                    final_from_id = entity["to"]["stix_id_key"]
+                    final_to_id = entity["from"]["stix_id_key"]
+
             stix_relation = dict()
             stix_relation["id"] = entity["stix_id_key"]
             stix_relation["type"] = "relationship"
             stix_relation["relationship_type"] = entity["relationship_type"]
             if self.opencti.not_empty(entity["description"]):
                 stix_relation["description"] = entity["description"]
-            stix_relation["source_ref"] = entity["from"]["stix_id_key"]
-            stix_relation["target_ref"] = entity["to"]["stix_id_key"]
-            stix_relation[CustomProperties.SOURCE_REF] = entity["from"]["stix_id_key"]
-            stix_relation[CustomProperties.TARGET_REF] = entity["to"]["stix_id_key"]
+            stix_relation["source_ref"] = final_from_id
+            stix_relation["target_ref"] = final_to_id
+            stix_relation[CustomProperties.SOURCE_REF] = final_from_id
+            stix_relation[CustomProperties.TARGET_REF] = final_to_id
             stix_relation["created"] = self.opencti.stix2.format_date(entity["created"])
             stix_relation["modified"] = self.opencti.stix2.format_date(
                 entity["modified"]
