cti-python-stix2 icon indicating copy to clipboard operation
cti-python-stix2 copied to clipboard

Published 20 hours ago verified publisher icon oasis-open

Inconsistent exception interface

Open saaj opened this issue 4 years ago • 0 comments

stix2 has decent exception hierarchy in exceptions.py. Yet, in many places it raises Python built-in exceptions like ValueError, AttributeError and others. Mixing own and Python built-in exceptions makes no clear API/contract. Calling code needs to wrap stix2's own exceptions and built-in exceptions immediately upon a stix2 call into own exceptions to indicate, for instance, there was an invalid SDO to the rest of the code. It also allows bugs in the package to go unnoticed longer, because these built-in exception will be conflated with the package's.

It is understood that the package is in beta. But having well-defined error API would simplify calling code.

Steps to reproduce

from stix2 import v21

v21.Indicator(**{
    "type": "indicator",
    "pattern": "[file:hashes.md5 = 'd610e0ecaaa34018b098e1a5639460e7']",
    "pattern_type": "stix",
    "valid_from": "2001-01-01T00:00:00.000Z",
    "valid_until": "2000-01-01T00:00:00.000Z",
})

Expected result

An instance of stix2.exceptions.STIXError raised.

Actual result

ValueError: indicator--... 'valid_until' must be greater than 'valid_from'.

saaj avatar Jul 09 '20 14:07 saaj