[client] Fix creating vulnerability, fix stix_observable_relation

Author: Samuel Hassine

pycti/entities/opencti_stix_observable_relation.py

@@ -274,9 +274,9 @@ def create_raw(self, **kwargs):
         )
         query = (
             """
-                    mutation StixObservableRelationAdd($input: StixObservableRelationAddInput!) {
-                        stixObservableRelationAdd(input: $input) {
-                            """
+                mutation StixObservableRelationAdd($input: StixObservableRelationAddInput!) {
+                    stixObservableRelationAdd(input: $input) {
+            """
             + self.properties
             + """
                         }

pycti/entities/opencti_vulnerability.py

@@ -229,11 +229,11 @@ def create_raw(self, **kwargs):
         marking_definitions = kwargs.get("markingDefinitions", None)
 
         if name is not None and description is not None:
-            self.opencti.log("info", "Creating Tool {" + name + "}.")
+            self.opencti.log("info", "Creating Vulnerability {" + name + "}.")
             query = (
                 """
-                mutation ToolAdd($input: ToolAddInput) {
-                    toolAdd(input: $input) {
+                mutation VulnerabilityAdd($input: VulnerabilityAddInput) {
+                    vulnerabilityAdd(input: $input) {
                         """
                 + self.properties
                 + """
@@ -257,10 +257,13 @@ def create_raw(self, **kwargs):
                     }
                 },
             )
-            return self.opencti.process_multiple_fields(result["data"]["toolAdd"])
+            return self.opencti.process_multiple_fields(
+                result["data"]["vulnerabilityAdd"]
+            )
         else:
             self.opencti.log(
-                "error", "[opencti_tool] Missing parameters: name and description"
+                "error",
+                "[opencti_vulnerability] Missing parameters: name and description",
             )
 
     """

pycti/utils/constants.py

@@ -54,6 +54,19 @@ def has_value(cls, value):
         return value in lower_attr
 
 
+class StixObservableRelationTypes(Enum):
+    LINKED = "linked"
+    RESOLVES = "resolves"
+    BELONGS = "belongs"
+    CONTAINS = "contains"
+    CORRESPONDS = "corresponds"
+
+    @classmethod
+    def has_value(cls, value):
+        lower_attr = list(map(lambda x: x.lower(), cls._value2member_map_))
+        return value in lower_attr
+
+
 class CustomProperties:
     """These are the custom properies used by OpenCTI.
 

pycti/utils/opencti_stix2.py

@@ -20,7 +20,12 @@
     EqualityComparisonExpression,
     HashConstant,
 )
-from pycti.utils.constants import ObservableTypes, IdentityTypes, CustomProperties
+from pycti.utils.constants import (
+    ObservableTypes,
+    IdentityTypes,
+    CustomProperties,
+    StixObservableRelationTypes,
+)
 
 datefinder.ValueError = ValueError, OverflowError
 utc = pytz.UTC
@@ -542,7 +547,9 @@ def import_relationship(self, stix_relation, update=False, types=None):
             source_ref = stix_relation["source_ref"]
         if source_ref in self.mapping_cache:
             if (
-                stix_relation["relationship_type"] in OBSERVABLE_RELATIONS
+                StixObservableRelationTypes.has_value(
+                    stix_relation["relationship_type"]
+                )
                 and "observableRefs" in self.mapping_cache[source_ref]
                 and self.mapping_cache[source_ref]["observableRefs"] is not None
                 and len(self.mapping_cache[source_ref]["observableRefs"]) > 0
@@ -573,7 +580,9 @@ def import_relationship(self, stix_relation, update=False, types=None):
             target_ref = stix_relation["target_ref"]
         if target_ref in self.mapping_cache:
             if (
-                stix_relation["relationship_type"] in OBSERVABLE_RELATIONS
+                StixObservableRelationTypes.has_value(
+                    stix_relation["relationship_type"]
+                )
                 and "observableRefs" in self.mapping_cache[target_ref]
                 and self.mapping_cache[target_ref]["observableRefs"] is not None
                 and len(self.mapping_cache[target_ref]["observableRefs"]) > 0
@@ -622,38 +631,81 @@ def import_relationship(self, stix_relation, update=False, types=None):
                 .isoformat()
             )
 
-        stix_relation_result = self.opencti.stix_relation.create(
-            fromId=source_id,
-            fromType=source_type,
-            toId=target_id,
-            toType=target_type,
-            relationship_type=stix_relation["relationship_type"],
-            description=self.convert_markdown(stix_relation["description"])
-            if "description" in stix_relation
-            else None,
-            first_seen=stix_relation[CustomProperties.FIRST_SEEN]
-            if CustomProperties.FIRST_SEEN in stix_relation
-            else date,
-            last_seen=stix_relation[CustomProperties.LAST_SEEN]
-            if CustomProperties.LAST_SEEN in stix_relation
-            else date,
-            weight=stix_relation[CustomProperties.WEIGHT]
-            if CustomProperties.WEIGHT in stix_relation
-            else 1,
-            role_played=stix_relation[CustomProperties.ROLE_PLAYED]
-            if CustomProperties.ROLE_PLAYED in stix_relation
-            else None,
-            id=stix_relation[CustomProperties.ID]
-            if CustomProperties.ID in stix_relation
-            else None,
-            stix_id_key=stix_relation["id"] if "id" in stix_relation else None,
-            created=stix_relation["created"] if "created" in stix_relation else None,
-            modified=stix_relation["modified"] if "modified" in stix_relation else None,
-            update=update,
-            ignore_dates=stix_relation[CustomProperties.IGNORE_DATES]
-            if CustomProperties.IGNORE_DATES in stix_relation
-            else None,
-        )
+        stix_relation_result = None
+        if StixObservableRelationTypes.has_value(stix_relation["relationship_type"]):
+            stix_relation_result = self.opencti.stix_observable_relation.create(
+                fromId=source_id,
+                fromType=source_type,
+                toId=target_id,
+                toType=target_type,
+                relationship_type=stix_relation["relationship_type"],
+                description=self.convert_markdown(stix_relation["description"])
+                if "description" in stix_relation
+                else None,
+                first_seen=stix_relation[CustomProperties.FIRST_SEEN]
+                if CustomProperties.FIRST_SEEN in stix_relation
+                else date,
+                last_seen=stix_relation[CustomProperties.LAST_SEEN]
+                if CustomProperties.LAST_SEEN in stix_relation
+                else date,
+                weight=stix_relation[CustomProperties.WEIGHT]
+                if CustomProperties.WEIGHT in stix_relation
+                else 1,
+                role_played=stix_relation[CustomProperties.ROLE_PLAYED]
+                if CustomProperties.ROLE_PLAYED in stix_relation
+                else None,
+                id=stix_relation[CustomProperties.ID]
+                if CustomProperties.ID in stix_relation
+                else None,
+                stix_id_key=stix_relation["id"] if "id" in stix_relation else None,
+                created=stix_relation["created"]
+                if "created" in stix_relation
+                else None,
+                modified=stix_relation["modified"]
+                if "modified" in stix_relation
+                else None,
+                update=update,
+                ignore_dates=stix_relation[CustomProperties.IGNORE_DATES]
+                if CustomProperties.IGNORE_DATES in stix_relation
+                else None,
+            )
+        else:
+            stix_relation_result = self.opencti.stix_relation.create(
+                fromId=source_id,
+                fromType=source_type,
+                toId=target_id,
+                toType=target_type,
+                relationship_type=stix_relation["relationship_type"],
+                description=self.convert_markdown(stix_relation["description"])
+                if "description" in stix_relation
+                else None,
+                first_seen=stix_relation[CustomProperties.FIRST_SEEN]
+                if CustomProperties.FIRST_SEEN in stix_relation
+                else date,
+                last_seen=stix_relation[CustomProperties.LAST_SEEN]
+                if CustomProperties.LAST_SEEN in stix_relation
+                else date,
+                weight=stix_relation[CustomProperties.WEIGHT]
+                if CustomProperties.WEIGHT in stix_relation
+                else 1,
+                role_played=stix_relation[CustomProperties.ROLE_PLAYED]
+                if CustomProperties.ROLE_PLAYED in stix_relation
+                else None,
+                id=stix_relation[CustomProperties.ID]
+                if CustomProperties.ID in stix_relation
+                else None,
+                stix_id_key=stix_relation["id"] if "id" in stix_relation else None,
+                created=stix_relation["created"]
+                if "created" in stix_relation
+                else None,
+                modified=stix_relation["modified"]
+                if "modified" in stix_relation
+                else None,
+                update=update,
+                ignore_dates=stix_relation[CustomProperties.IGNORE_DATES]
+                if CustomProperties.IGNORE_DATES in stix_relation
+                else None,
+            )
         if stix_relation_result is not None:
             self.mapping_cache[stix_relation["id"]] = {
                 "id": stix_relation_result["id"],