[client] Add toStix options for indicators

SamuelHassine · SamuelHassine · commit a228ab2795d7 · 2025-03-23T17:49:13.000+01:00
diff --git a/pycti/api/opencti_api_client.py b/pycti/api/opencti_api_client.py
@@ -280,7 +280,7 @@ def query(self, query, variables=None):
                 if is_multiple_files:
                     # [(var_name + "." + i)] if is_multiple_files else
                     for _ in file_var_item["file"]:
-                        file_vars[str(map_index)] = [(var_name + "." + str(map_index))]
+                        file_vars[str(map_index)] = [var_name + "." + str(map_index)]
                         map_index += 1
                 else:
                     file_vars[str(map_index)] = [var_name]
diff --git a/pycti/entities/opencti_indicator.py b/pycti/entities/opencti_indicator.py
@@ -3,6 +3,7 @@
 import json
 import uuid
 
+from requests_toolbelt.multipart.encoder import to_list
 from stix2.canonicalization.Canonicalize import canonicalize
 
 from .indicator.opencti_indicator_properties import (
@@ -48,6 +49,7 @@ def list(self, **kwargs):
         :param list customAttributes: (optional) list of attributes keys to return
         :param bool getAll: (optional) switch to return all entries (be careful to use this without any other filters)
         :param bool withPagination: (optional) switch to use pagination
+        :param bool toStix: (optional) get in STIX
 
         :return: List of Indicators
         :rtype: list
@@ -63,21 +65,26 @@ def list(self, **kwargs):
         get_all = kwargs.get("getAll", False)
         with_pagination = kwargs.get("withPagination", False)
         with_files = kwargs.get("withFiles", False)
+        to_stix = kwargs.get("toStix", False)
 
         self.opencti.app_logger.info(
             "Listing Indicators with filters", {"filters": json.dumps(filters)}
         )
         query = (
             """
-                query Indicators($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: IndicatorsOrdering, $orderMode: OrderingMode) {
-                    indicators(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode) {
+                query Indicators($filters: FilterGroup, $search: String, $first: Int, $after: ID, $orderBy: IndicatorsOrdering, $orderMode: OrderingMode, $toStix: Boolean) {
+                    indicators(filters: $filters, search: $search, first: $first, after: $after, orderBy: $orderBy, orderMode: $orderMode, toStix: $toStix) {
                         edges {
                             node {
                                 """
             + (
-                custom_attributes
-                if custom_attributes is not None
-                else (self.properties_with_files if with_files else self.properties)
+                "toStix"
+                if to_stix
+                else (
+                    custom_attributes
+                    if custom_attributes is not None
+                    else (self.properties_with_files if with_files else self.properties)
+                )
             )
             + """
                         }
@@ -102,6 +109,7 @@ def list(self, **kwargs):
                 "after": after,
                 "orderBy": order_by,
                 "orderMode": order_mode,
+                "toStix": to_stix,
             },
         )
         if get_all:
diff --git a/pycti/utils/constants.py b/pycti/utils/constants.py
@@ -1,6 +1,4 @@
-"""These are the custom STIX properties and observation types used internally by OpenCTI.
-
-"""
+"""These are the custom STIX properties and observation types used internally by OpenCTI."""
 
 from enum import Enum
 
