TheHive4py
TheHive4py copied to clipboard
Published
20 hours ago •
TheHive-Project
TheHive-Project
Missing status attribute in CaseObservable model
trafficstars
Bug (no critical impact)
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Docker image |
| OS version (client) | MacOS |
| TheHive4py version / git hash | 1.7.2 |
Problem Description
Missing the attribute status in CaseObservable() of models.py.
The documentation at this page https://github.com/TheHive-Project/TheHiveDocs/blob/master/api/artifact.md is correct.
The docstring and the class are not.
Steps to Reproduce
class CaseObservable(JSONSerializable):
"""
Model class describing a case observable as defined in TheHive
Arguments:
id (str): Observable's id. Default: None
dataType (str): Observable's type, must be a valid type, one of the defined data types in TheHive. Default: None
message (str): Observable's description. Default: None
tlp (Enum): Case's TLP: `0`, `1`, `2`, `3` for `WHITE`, `GREEN`, `AMBER`, `RED`. Default: `2`
ioc (bool): Observable's ioc flag, `True` to mark an observable as IOC. Default: `False`
sighted (bool): Observable's sighted flag, `True` to mark the observable as sighted. Default: `False`
tags (str[]): List of observable tags. Default: `[]`
data (str): Observable's data:
- If the `dataType` field is set to `file`, the `data` field should contain a file path to be used as attachment
- Otherwise, the `data` value is the observable's value
json (JSON): If the field is not equal to None, the observable is instantiated using the JSON value instead of the arguements
!!! Warning
At least, one of `tags` or `message` are required. You cannot create an observable without specifying one of those fields
"""
def __init__(self, **attributes):
if attributes.get('json', False):
attributes = attributes['json']
self.id = attributes.get('id', None)
self.dataType = attributes.get('dataType', None)
self.message = attributes.get('message', None)
self.tlp = attributes.get('tlp', 2)
self.tags = attributes.get('tags', [])
self.ioc = attributes.get('ioc', False)
self.sighted = attributes.get('sighted', False)
data = attributes.get('data', [])
if self.dataType == 'file':
self.data = [{'attachment': (os.path.basename(data[0]), open(data[0], 'rb'), magic.Magic(mime=True).from_file(data[0]))}]
else:
self.data = data
Possible Solutions
Add the attribute to the class and fix the docstring.
I am new to Python and TheHive but I would be happy to submit a Pull Request to fix it.
It should just be adding self.status = attributes.get('status', Ok) if the json response contains this attribute.
Complementary information
TheHive4py docs mentioning the status:
Model definition
Required attributes:
data(string) : content of the observable (read only). An observable can't contain data and attachment attributesattachment(attachment) : observable file content (read-only). An observable can't contain data and attachment attributesdataType(enumeration) : type of the observable (read only)message(text) : description of the observable in the context of the casestartDate(date) : date of the observable creation default=nowtlp(number) : TLP (0:white;1:green;2:amber;3:red) default=2ioc(boolean) : indicates if the observable is an IOC default=falsestatus(artifactStatus) : status of the observable (Ok or Deleted) default=Ok
Optional attributes:
tags(multi-string) : observable tags
