[client] Fix relations creation in some cases (#47)

Samuel Hassine · Samuel Hassine · commit 59e7aba84f1d · 2019-12-20T12:47:49.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,70 @@
 # Changelog
 
+## Version 2.1.5 (19/12/2019)
+
+#### Enhancements:
+
+- [#40](https://github.com/OpenCTI-Platform/client-python/issues/40) Handle indicators as observables AND indicators
+
+---
+
+## Version 2.1.4 (07/12/2019)
+
+#### Bug Fixes:
+
+- [#45](https://github.com/OpenCTI-Platform/client-python/issues/45) Indicators cannot be parsed
+
+---
+
+## Version 2.1.3 (05/12/2019)
+
+#### Enhancements:
+
+- [#41](https://github.com/OpenCTI-Platform/client-python/issues/41) Handle relations creation with first_seen and last_seen
+- [#39](https://github.com/OpenCTI-Platform/client-python/issues/39) Handle observed data as observables
+- [#37](https://github.com/OpenCTI-Platform/client-python/issues/37) Update the methods to be able to export all entities in STIX2
+- [#14](https://github.com/OpenCTI-Platform/client-python/issues/14) Refactor the client to make it more maintainable/understandable
+- [#13](https://github.com/OpenCTI-Platform/client-python/issues/13) Use **kwargs for all API client methods
+
+---
+
+## Version 2.0.1 (27/10/2019)
+
+#### Enhancements:
+
+- [#32](https://github.com/OpenCTI-Platform/client-python/issues/32) Introduce methods in API and connectors helper to store connectors states
+- [#28](https://github.com/OpenCTI-Platform/client-python/issues/28) removing commercial reports. 
+
+#### Bug Fixes:
+
+- [#30](https://github.com/OpenCTI-Platform/client-python/issues/30) Use proper function to update observables
+
+---
+
+## Version 2.0.0 (23/10/2019)
+
+#### Enhancements:
+
+- [#25](https://github.com/OpenCTI-Platform/client-python/issues/25) Implement methods for export/import upload/download
+- [#24](https://github.com/OpenCTI-Platform/client-python/issues/24) Upgrade the library with methods for new generation connectors (2.0.0)
+- [#22](https://github.com/OpenCTI-Platform/client-python/issues/22) Handle update of all entities
+
+#### Bug Fixes:
+
+- [#26](https://github.com/OpenCTI-Platform/client-python/issues/26) Packaging problem
+- [#21](https://github.com/OpenCTI-Platform/client-python/issues/21) Case sensitivity
+- [#18](https://github.com/OpenCTI-Platform/client-python/issues/18) Possible race condition when creating non-existing objects?
+
+---
+
+## Version 1.2.13 (01/08/2019)
+
+#### Bug Fixes:
+
+- [#15](https://github.com/OpenCTI-Platform/client-python/issues/15) Queue delete leads to messages lost
+
+---
+
 ## Version 1.2.12 (21/07/2019)
 
 #### Enhancements:
diff --git a/pycti/api/opencti_api_client.py b/pycti/api/opencti_api_client.py
@@ -1762,7 +1762,7 @@ def resolve_role(self, relation_type, from_type, to_type):
         relation_type = relation_type.lower()
         from_type = from_type.lower()
         from_type = 'observable' if ((ObservableTypes.has_value(from_type) and (
-                    relation_type == 'localization' or relation_type == 'gathering')) or from_type == 'stix-observable'
+                relation_type == 'localization' or relation_type == 'gathering')) or from_type == 'stix-observable'
                                      ) else from_type
         to_type = to_type.lower()
         mapping = {
@@ -1887,7 +1887,7 @@ def resolve_role(self, relation_type, from_type, to_type):
                     'country': {'from_role': 'localized', 'to_role': 'location'},
                     'city': {'from_role': 'localized', 'to_role': 'location'}
                 },
-                'relation': {
+                'stix_relation': {
                     'region': {'from_role': 'localized', 'to_role': 'location'},
                     'country': {'from_role': 'localized', 'to_role': 'location'},
                     'city': {'from_role': 'localized', 'to_role': 'location'}
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -115,8 +115,9 @@ def extract_embedded_relationships(self, stix_object, types=None):
                 created_by_ref_result = self.mapping_cache[created_by_ref]
             else:
                 created_by_ref_result = self.opencti.stix_domain_entity.read(id=created_by_ref)
+                if created_by_ref_result is not None:
+                    self.mapping_cache[created_by_ref] = {'id': created_by_ref_result['id'], 'type': created_by_ref_result['entity_type']}
             if created_by_ref_result is not None:
-                self.mapping_cache[created_by_ref] = {'id': created_by_ref_result['id']}
                 created_by_ref_id = created_by_ref_result['id']
 
         # Object Marking Refs
@@ -127,31 +128,32 @@ def extract_embedded_relationships(self, stix_object, types=None):
                     object_marking_ref_result = self.mapping_cache[object_marking_ref]
                 else:
                     object_marking_ref_result = self.opencti.marking_definition.read(id=object_marking_ref)
+                    if object_marking_ref_result is not None:
+                        self.mapping_cache[object_marking_ref] = {'id': object_marking_ref_result['id'], 'type': object_marking_ref_result['entity_type']}
                 if object_marking_ref_result is not None:
-                    self.mapping_cache[object_marking_ref] = {'id': object_marking_ref_result['id']}
                     marking_definitions_ids.append(object_marking_ref_result['id'])
 
-        # TODO Import tags
         # Object Tags
         tags_ids = []
-        # if CustomProperties.TAG_TYPE in stix_object:
-        #    for tag in stix_object[CustomProperties.TAG_TYPE]:
-        #        if tag['id'] in self.mapping_cache:
-        #            tag_result = self.mapping_cache[tag['id']]
-        #        else:
-        #            object_marking_ref_result = self.opencti.tag.read(id=object_marking_ref)
-        #        if object_marking_ref_result is not None:
-        #           self.mapping_cache[object_marking_ref] = {'id': object_marking_ref_result['id']}
-        #           marking_definitions_ids.append(object_marking_ref_result['id'])
+        if CustomProperties.TAG_TYPE in stix_object:
+            for tag in stix_object[CustomProperties.TAG_TYPE]:
+                if tag['id'] in self.mapping_cache:
+                    tag_result = self.mapping_cache[tag['id']]
+                else:
+                    tag_result = self.opencti.tag.read(id=tag['id'])
+                    if tag_result is not None:
+                        self.mapping_cache[tag['id']] = {'id': tag_result['id']}
+                if tag_result is not None:
+                    tags_ids.append(tag_result['id'])
 
         # Kill Chain Phases
         kill_chain_phases_ids = []
         if 'kill_chain_phases' in stix_object:
             for kill_chain_phase in stix_object['kill_chain_phases']:
                 if kill_chain_phase['phase_name'] in self.mapping_cache:
-                    kill_chain_phase_id = self.mapping_cache[kill_chain_phase['phase_name']]['id']
+                    kill_chain_phase = self.mapping_cache[kill_chain_phase['phase_name']]['id']
                 else:
-                    kill_chain_phase_id = self.opencti.kill_chain_phase.create(
+                    kill_chain_phase = self.opencti.kill_chain_phase.create(
                         kill_chain_name=kill_chain_phase['kill_chain_name'],
                         phase_name=kill_chain_phase['phase_name'],
                         phase_order=kill_chain_phase[
@@ -162,9 +164,9 @@ def extract_embedded_relationships(self, stix_object, types=None):
                             CustomProperties.CREATED] if CustomProperties.CREATED in kill_chain_phase else None,
                         modified=kill_chain_phase[
                             CustomProperties.MODIFIED] if CustomProperties.MODIFIED in kill_chain_phase else None,
-                    )['id']
-                self.mapping_cache[kill_chain_phase['phase_name']] = {'id': kill_chain_phase_id}
-                kill_chain_phases_ids.append(kill_chain_phase_id)
+                    )
+                self.mapping_cache[kill_chain_phase['phase_name']] = {'id': kill_chain_phase['id'], 'type': kill_chain_phase['entity_type']}
+                kill_chain_phases_ids.append(kill_chain_phase['id'])
 
         # Object refs
         object_refs_ids = []
@@ -174,11 +176,13 @@ def extract_embedded_relationships(self, stix_object, types=None):
                     object_ref_result = self.mapping_cache[object_ref]
                 elif 'relationship' in object_ref:
                     object_ref_result = self.opencti.stix_relation.read(id=object_ref)
+                    if object_ref_result is not None:
+                        self.mapping_cache[object_ref] = {'id': object_ref_result['id'], 'type': object_ref_result['entity_type']}
                 else:
                     object_ref_result = self.opencti.stix_entity.read(id=object_ref)
-
+                    if object_ref_result is not None:
+                        self.mapping_cache[object_ref] = {'id': object_ref_result['id'], 'type': object_ref_result['entity_type']}
                 if object_ref_result is not None:
-                    self.mapping_cache[object_ref] = {'id': object_ref_result['id']}
                     object_refs_ids.append(object_ref_result['id'])
 
         # External References
@@ -284,6 +288,7 @@ def extract_embedded_relationships(self, stix_object, types=None):
         return {
             'created_by_ref': created_by_ref_id,
             'marking_definitions': marking_definitions_ids,
+            'tags': tags_ids,
             'kill_chain_phases': kill_chain_phases_ids,
             'object_refs': object_refs_ids,
             'external_references': external_references_ids,
@@ -397,8 +402,8 @@ def import_relationship(self, stix_relation, update=False, types=None):
         else:
             source_ref = stix_relation['source_ref']
         if source_ref in self.mapping_cache:
-            source_id = self.mapping_cache[stix_relation['source_ref']]['id']
-            source_type = self.mapping_cache[stix_relation['source_ref']]['type']
+            source_id = self.mapping_cache[source_ref]['id']
+            source_type = self.mapping_cache[source_ref]['type']
         else:
             stix_object_result = self.opencti.stix_entity.read(id=source_ref)
             if stix_object_result is not None:
@@ -413,8 +418,8 @@ def import_relationship(self, stix_relation, update=False, types=None):
         else:
             target_ref = stix_relation['target_ref']
         if target_ref in self.mapping_cache:
-            target_id = self.mapping_cache[stix_relation['target_ref']]['id']
-            target_type = self.mapping_cache[stix_relation['target_ref']]['type']
+            target_id = self.mapping_cache[target_ref]['id']
+            target_type = self.mapping_cache[target_ref]['type']
         else:
             stix_object_result = self.opencti.stix_entity.read(id=target_ref)
             if stix_object_result is not None:
@@ -465,7 +470,7 @@ def import_relationship(self, stix_relation, update=False, types=None):
                 CustomProperties.IGNORE_DATES] if CustomProperties.IGNORE_DATES in stix_relation else None,
         )
         if stix_relation_result is not None:
-            self.mapping_cache[stix_relation['id']] = {'id': stix_relation_result['id']}
+            self.mapping_cache[stix_relation['id']] = {'id': stix_relation_result['id'], 'type': stix_relation_result['entity_type']}
         else:
             return None
 
diff --git a/setup.py b/setup.py
@@ -13,7 +13,7 @@
     print("warning: pypandoc module not found, could not convert Markdown to RST")
     read_md = lambda f: open(f, 'r').read()
 
-VERSION = "2.1.5"
+VERSION = "2.1.6"
 
 
 class VerifyVersionCommand(install):
