[client] Self-referencing reports cause a recursion error (#267)

Author: richard-julien

pycti/utils/opencti_stix2_splitter.py

@@ -18,17 +18,24 @@ def enlist_element(self, item_id, raw_data):
         item = raw_data[item_id]
         for key, value in item.items():
             if key.endswith("_refs"):
+                to_keep = []
                 for element_ref in item[key]:
-                    nb_deps += self.enlist_element(element_ref, raw_data)
+                    if element_ref != item_id:
+                        nb_deps += self.enlist_element(element_ref, raw_data)
+                        to_keep.append(element_ref)
+                    item[key] = to_keep
             elif key.endswith("_ref"):
-                # Need to handle the special case of recursive ref for created by ref
-                is_created_by_ref = key == "created_by_ref"
-                if is_created_by_ref:
-                    is_marking = item["id"].startswith("marking-definition--")
-                    if is_marking is False:
-                        nb_deps += self.enlist_element(value, raw_data)
+                if item[key] == item_id:
+                    item[key] = None
                 else:
-                    nb_deps += self.enlist_element(value, raw_data)
+                    # Need to handle the special case of recursive ref for created by ref
+                    is_created_by_ref = key == "created_by_ref"
+                    if is_created_by_ref:
+                        is_marking = item["id"].startswith("marking-definition--")
+                        if is_marking is False:
+                            nb_deps += self.enlist_element(value, raw_data)
+                    else:
+                        nb_deps += self.enlist_element(value, raw_data)
         # Get the final dep counting and add in cache
         item["nb_deps"] = nb_deps
         self.elements.append(item)

tests/01-unit/utils/test_opencti_stix2_splitter.py

@@ -11,14 +11,17 @@ def test_split_bundle():
         content = file.read()
     bundles = stix_splitter.split_bundle(content)
     assert len(bundles) == 7029
-    #
-    # with open("./tests/data/test.pdf", 'w') as file:
-    #     content = file.read()
-    # with pytest.raises(Exception):
-    #     stix_splitter.split_bundle(content)
 
 
-def test_crate_bundle():
+def test_split_cyclic_bundle():
+    stix_splitter = OpenCTIStix2Splitter()
+    with open("./tests/data/cyclic-bundle.json") as file:
+        content = file.read()
+    bundles = stix_splitter.split_bundle(content)
+    assert len(bundles) == 3
+
+
+def test_create_bundle():
     stix_splitter = OpenCTIStix2Splitter()
     report = Report(
         report_types=["campaign"],

tests/data/cyclic-bundle.json

@@ -0,0 +1,50 @@
+{
+  "type": "bundle",
+  "id": "bundle--8c939929-688f-4a72-badb-3dd1bd6af0fa",
+  "objects": [
+    {
+      "id": "identity--7b82b010-b1c0-4dae-981f-7756374a17df",
+      "type": "identity",
+      "spec_version": "2.1",
+      "name": "ANSSI",
+      "identity_class": "organization",
+      "labels": ["identity"],
+      "created": "2020-02-23T23:40:53.575Z",
+      "modified": "2020-02-27T08:45:39.351Z",
+      "x_opencti_organization_type": "CSIRT",
+      "created_by_ref": "identity--7b82b010-b1c0-4dae-981f-7756374a17df"
+    },
+    {
+      "id": "marking-definition--78ca4366-f5b8-4764-83f7-34ce38198e27",
+      "type": "marking-definition",
+      "spec_version": "2.1",
+      "definition_type": "TLP",
+      "definition": {
+        "TLP": "TLP:TEST"
+      },
+      "created": "2020-02-25T09:02:29.040Z",
+      "modified": "2020-02-25T09:02:29.040Z",
+      "created_by_ref": "marking-definition--78ca4366-f5b8-4764-83f7-34ce38198e27"
+    },
+    {
+      "id": "report--a445d22a-db0c-4b5d-9ec8-e9ad0b6dbdd7",
+      "type": "report",
+      "spec_version": "2.1",
+      "name": "A demo report for testing purposes",
+      "labels": ["report"],
+      "description": "Report for testing purposes (random data).",
+      "published": "2020-03-01T14:02:48.111Z",
+      "created": "2020-03-01T14:02:55.327Z",
+      "modified": "2020-03-01T14:09:48.078Z",
+      "report_types": ["threat-report"],
+      "x_opencti_report_status": 2,
+      "confidence": 3,
+      "created_by_ref": "identity--7b82b010-b1c0-4dae-981f-7756374a17df",
+      "object_marking_refs": ["marking-definition--78ca4366-f5b8-4764-83f7-34ce38198e27"],
+      "object_refs": [
+        "observed-data--7d258c31-9a26-4543-aecb-2abc5ed366be",
+        "report--a445d22a-db0c-4b5d-9ec8-e9ad0b6dbdd7"
+      ]
+    }
+  ]
+}