mitreattack-python icon indicating copy to clipboard operation
mitreattack-python copied to clipboard

Published 20 hours ago verified publisher icon mitre-attack

[Bug] Permission denied

Open TiiTcHY opened this issue 2 years ago • 8 comments

Expected Behavior

I would expect to be able to import the module with no issues.

Actual Behavior

the module fails to import for the following reasons: [Errno 13] Permission denied: '/.stixmarx'

This is on a linux box. I have create a docket image with the following: mitreattack-python,pandas,pyattck,bs4,colour,openpyxl,stix2,taxii2-client,numpy,drawSvg,Pillow,tqdm,xlsxwriter,tabulate,stix2-elevator

When i run the python script against this docker image i get the error where it has failed to run due to permission denied.

TiiTcHY avatar Apr 05 '22 14:04 TiiTcHY

This fails to run on the import of the module import mitreattack.attackToExcel.stixToDf as stixToDf

TiiTcHY avatar Apr 05 '22 14:04 TiiTcHY

Hey @TiiTcHY, thanks for bringing this to our attention. Can I get the versions of each of the libraries you're using in your docker image? We don't directly utilize stixmarx, so I suspect one of the side libraries is introducing it as a dependency.

ArtificialErmine avatar Apr 05 '22 14:04 ArtificialErmine

Hi @ArtificialErmine, This is a list of all the modules installed on the docker image:

['antlr4-python3-runtime==4.9.3', 'appdirs==1.4.4', 'arrow==1.2.2', 'attrs==21.2.0', 'beautifulsoup4==4.10.0', 'bs4==0.0.1', 'cairocffi==1.3.0', 'cairosvg==2.5.2', 'cattrs==1.10.0', 'certifi==2021.5.30', 'cffi==1.15.0', 'charset-normalizer==2.0.1', 'colorama==0.4.4', 'colour==0.1.5', 'cpe==1.2.1', 'cssselect2==0.5.0', 'cybox==2.1.0.21', 'dateparser==1.0.0', 'defusedxml==0.7.1', 'drawsvg==1.8.3', 'et-xmlfile==1.1.0', 'filelock==3.0.12', 'fire==0.3.1', 'fqdn==1.5.1', 'funcy==1.16', 'idna==3.2', 'imageio==2.16.1', 'isoduration==20.11.0', 'jsonpointer==2.2', 'jsonschema==4.4.0', 'lxml==4.8.0', 'maec==4.1.0.17', 'mitreattack-python==1.4.6', 'mixbox==1.0.5', 'netaddr==0.8.0', 'numpy==1.22.3', 'olefile==0.46', 'openpyxl==3.0.9', 'ordered-set==4.1.0', 'pandas==1.4.2', 'pillow==9.1.0', 'pip==21.2.4', 'pluralizer==1.1.0', 'pyattck==5.4.0', 'pycountry==22.3.5', 'pycparser==2.21', 'pyrsistent==0.18.1', 'pysocks==1.7.1', 'python-dateutil==2.8.2', 'pytz==2021.1', 'pyyaml==5.4.1', 'regex==2021.7.6', 'requests-cache==0.9.3', 'requests-file==1.5.1', 'requests==2.26.0', 'rfc3339-validator==0.1.4', 'rfc3986-validator==0.1.1', 'setuptools==57.5.0', 'simplejson==3.17.6', 'six==1.16.0', 'soupsieve==2.3.1', 'stix2-elevator==4.1.5', 'stix2-patterns==2.0.0', 'stix2-validator==3.0.2', 'stix2==3.0.1', 'stix==1.2.0.11', 'stixmarx==1.0.8', 'tabulate==0.8.9', 'taxii2-client==2.3.0', 'termcolor==1.1.0', 'tinycss2==1.1.1', 'tldextract==3.1.0', 'tqdm==4.64.0', 'tzlocal==2.1', 'uri-template==1.2.0', 'url-normalize==1.4.3', 'urllib3==1.26.6', 'weakrefmethod==1.0.3', 'webcolors==1.11.1', 'webencodings==0.5.1', 'wheel==0.37.0', 'xlsxwriter==3.0.3']

TiiTcHY avatar Apr 05 '22 14:04 TiiTcHY

Thanks! It looks like stixmarx is indeed installed on in your instance, and the right version as well. I just set up a virtual environment and was able to import stixToDf without issue, so I think the most logical conclusion is that something is slightly off about how your docker image is laying out the library and dependencies. Can you exec into it and check the general structure, to verify the location of stixmarx?

ArtificialErmine avatar Apr 05 '22 14:04 ArtificialErmine

The module is installed here "/usr/local/lib/python3.9/site-packages/stixmarx/" however, looking at the script i believe its this line which is casing me an issue " Line 33: user_path = os.path.join(os.path.expanduser("~"), ".stixmarx")" which is inside of stixmarx\fields\ init.py. This is then thinking that the user directory is root which is why the error is [Errno 13] Permission denied: '/.stixmarx' as i do not have permission to write in root.

TiiTcHY avatar Apr 05 '22 14:04 TiiTcHY

That definitely sounds plausible. We don't typically run the library inside of a docker container for any use active cases on our end, which would explain why we've never seen this particular scenario before.

I think the best course of action would be to contact the maintainers of stixmarx to try to see if they can refactor their code to work in this scenario - our team doesn't have access to the necessary code base to fix this ourselves. A possible stop gap might involve removing the collections component from the mitreattack-python code in a local version of the repository used to build your docker image - without that, stixmarx shouldn't actually get used (assuming you don't require that specific functionality).

ArtificialErmine avatar Apr 05 '22 15:04 ArtificialErmine

I would be unable to re-build it like you have suggested due to it being build within a SOAR platform so you just specify which modules you want and it installs those for you.

I will raise it as a bug on the stixmarx github page and hopefully will get something back from them.

TiiTcHY avatar Apr 05 '22 15:04 TiiTcHY

Here is the solution https://github.com/mitre/stixmarx/issues/13#issuecomment-1470273375

rishabhsiitk avatar Mar 15 '23 15:03 rishabhsiitk