cti-stix-elevator icon indicating copy to clipboard operation
cti-stix-elevator copied to clipboard

Published 20 hours ago verified publisher icon oasis-open

stixCommon Description,END_TIme,and Start Time is not translated over in JSON

Open hanymorcos opened this issue 6 years ago • 3 comments

I added stixCommon:Description section I don't see the TEST value translated over. Also the stixCommon:END_TIME and stixCommon:Start_Time are empty, I'm not sure why it passed validation.

Thanks,

Hany

		<stix:Title>Regression_Test_08</stix:Title>
		<stix:Package_Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Indicators</stix:Package_Intent>
		<stix:Package_Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Threat Report</stix:Package_Intent>
		<stix:Handling>
			<marking:Marking>
				<marking:Controlled_Structure>//node() | //@*</marking:Controlled_Structure>
				<marking:Marking_Structure xsi:type="AIS:AISMarkingStructure">
					<AIS:Not_Proprietary CISA_Proprietary="false">
						<AIS:AISConsent consent="EVERYONE"></AIS:AISConsent>
						<AIS:TLPMarking color="AMBER"></AIS:TLPMarking>
					</AIS:Not_Proprietary>
				</marking:Marking_Structure>
				<marking:Information_Source>
					<stixCommon:Contributing_Sources>
						<stixCommon:Source>
							<stixCommon:Description>TEST23234</stixCommon:Description>
							<stixCommon:Time>
								<cyboxCommon:End_Time></cyboxCommon:End_Time>
								<cyboxCommon:Start_Time></cyboxCommon:Start_Time>
							</stixCommon:Time>
						</stixCommon:Source>
					</stixCommon:Contributing_Sources>
					<stixCommon:Identity xsi:type="stix-ciq:CIQIdentity3.0InstanceType">
						<stix-ciq:Specification>
							<xpil:PartyName>
								<xnl:OrganisationName>
									<xnl:NameElement>ACME CORP</xnl:NameElement>
								</xnl:OrganisationName>
							</xpil:PartyName>
							<xpil:Addresses>
								<xpil:Address>
									<xal:Country>
										<xal:NameElement xal:NameCode="US" xal:NameCodeType="ISO 3166-1 alpha-2"></xal:NameElement>
									</xal:Country>
									<xal:AdministrativeArea>
										<xal:NameElement xal:NameCode="US-DC" xal:NameCodeType="ISO 3166-2"></xal:NameElement>
									</xal:AdministrativeArea>
								</xpil:Address>
							</xpil:Addresses>
							<xpil:OrganisationInfo xpil:IndustryType="SECTOR_1 | SECTOR_2 | Chemical Sector | Dams Sector" ></xpil:OrganisationInfo>
						</stix-ciq:Specificati
					</stixCommon:Identity>
				</marking:Information_Source>
			</marking:Marking>
		</stix:Handling>
	</stix:STIX_Header>
	```

hanymorcos avatar Feb 11 '19 15:02 hanymorcos

Hi @hanymorcos,

Just so I understand, the elevator is supposed to convert this XML (which you noticed might not be valid), and there is some issue with the JSON it produced?

If so, could you send the JSON output from the elevator?

rpiazza avatar Feb 11 '19 15:02 rpiazza

It should flag the dates are not there if the are required. It should transfer the information over at least or say there is no available transition from this element to JSON.

Regression_test_01.zip

hanymorcos avatar Feb 11 '19 15:02 hanymorcos

@hanymorcos - this is a good catch. Its a little complicated, but probably the reason that it didn't flag the start and end times as being invalid (they are not required, but then the empty xml tags shouldn't be included), is because it ignores the Contributing_Sources property. STIX 1.x allowed a dependency tree of sources. STIX 2.x doesn't support this. Also, I think if you put the Description tag outside of the Contributing_Sources tag, you would see it in the JSON.

However, the elevator should print a warning that it is skipping the Contributing_Sources property.

rpiazza avatar Feb 11 '19 17:02 rpiazza