connectors
connectors copied to clipboard
Published
20 hours ago •
OpenCTI-Platform
OpenCTI-Platform
[CISA Known Exploited Vulnerabilities] - Variables referenced before assignment error
Description
It appears when building the bundle a number of variables are being referenced before they are assigned. Specifically it appears when cti_vuln is none, vuln_id and other variables don't get assigned.
Later... errors thrown here and here are popping up.
Environment
- OS (where OpenCTI server runs): Mac OSX 11.6.8 but also on AWS ECS Fargate containers
- OpenCTI version: 5.3.10
- OpenCTI client: python3
- Other environment details: Can reproduce with local docker dev environment using CVE and CISA connectors
Reproducible Steps
Steps to create the smallest reproducible scenario:
- Configure base OpenCTI with CVE and CISA connectors enabled and configured
- Connector will run and fail
Expected Output
Connector should pull the CISA vulns and add them as STIX objects in OpenCTI
Actual Output
INFO:root:Connector has never run
INFO:root:Connector will run!
INFO:root:Initiate work for FFFB84E7-E74E-469C-BC25-3975663708A8
DEBUG:urllib3.connectionpool:Resetting dropped connection: opencti
DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 97
INFO:root:Checking CTI Service for Cybersecurity and Infrastructure Security Agency
INFO:root:Listing Identities with filters {"key": "name", "values": ["Cybersecurity and Infrastructure Security Agency"]}.
DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 142
INFO:root:Cybersecurity and Infrastructure Security Agency not found in CTI Service. Building new STIX Object
INFO:root:Retrieving TLP Data from CTI Service
INFO:root:Listing Marking-Definitions with filters [{"key": "definition", "values": ["TLP:CLEAR"]}].
DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 789
INFO:root:Marking Definition: marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9
INFO:root:Building CISA Bundle
INFO:root:Checking CTI Service for Vulnerability: CVE-2021-27104
INFO:root:Listing Vulnerabilities with filters {"key": "name", "values": ["CVE-2021-27104"]}.
DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 3080
INFO:root:CVE-2021-27104 Found
INFO:root:Checking CTI Service for Identity: Accellion
INFO:root:Listing Identities with filters {"key": "name", "values": ["Accellion"]}.
DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 142
INFO:root:Checking CTI Service for Infrastructure: Accellion FTA
INFO:root:Listing Infrastructures with filters {"key": "name", "values": ["Accellion FTA"]}.
DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 147
INFO:root:No Existing Infrastructure Object exists for: Accellion FTA
ERROR:root:local variable 'org_id' referenced before assignment
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | INFO:root:CVE-2021-27104 Found
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | INFO:root:Checking CTI Service for Identity: Accellion
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | INFO:root:Listing Identities with filters {"key": "name", "values": ["Accellion"]}.
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 142
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | INFO:root:Checking CTI Service for Infrastructure: Accellion FTA
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | INFO:root:Listing Infrastructures with filters {"key": "name", "values": ["Accellion FTA"]}.
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | DEBUG:urllib3.connectionpool:http://opencti:8080 "POST /graphql HTTP/1.1" 200 147
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | INFO:root:No Existing Infrastructure Object exists for: Accellion FTA
opencti-docker-connector-cisa-known-exploited-vulnerabilities-1 | ERROR:root:local variable 'vuln_id' referenced before assignment
