Merge branch 'master' into master

Author: allrob23

.circleci/config.yml

@@ -5,7 +5,7 @@ orbs:
 jobs:
   ensure_formatting:
     docker:
-      - image: cimg/python:3.12
+      - image: cimg/python:3.13
     working_directory: ~/repo
     steps:
       - checkout
@@ -44,7 +44,7 @@ jobs:
   build:
     working_directory: ~/opencti-client
     docker:
-      - image: cimg/python:3.12
+      - image: cimg/python:3.13
     steps:
       - checkout
       - run:
@@ -75,7 +75,7 @@ jobs:
   deploy:
     working_directory: ~/opencti-client
     docker:
-      - image: cimg/python:3.12
+      - image: cimg/python:3.13
     steps:
       - checkout
       - attach_workspace:

.drone.yml

@@ -3,16 +3,15 @@ kind: pipeline
 name: client-python-tests
 
 steps:
+  - name: Runner information
+    image: alpine:3.19
+    commands:
+    - echo DRONE_STAGE_MACHINE ${DRONE_STAGE_MACHINE}
+
   - name: sleep-for-opencti
     image: python:3.11
     commands:
       - sleep 180
-  - name: client-test-38
-    image: python:3.8
-    commands:
-      - pip3 install -r requirements.txt --user
-      - pip3 install -r test-requirements.txt --user
-      - python3 -m pytest --no-header -vv --disable-warnings --cov=pycti --drone
   - name: client-test-39
     image: python:3.9
     commands:
@@ -63,9 +62,9 @@ steps:
 
 services:
   - name: redis
-    image: redis:7.4.2
+    image: redis:8.2.0
   - name: elastic
-    image: docker.elastic.co/elasticsearch/elasticsearch:8.17.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:8.18.2
     environment:
       discovery.type: single-node
       xpack.security.enabled: false
@@ -77,12 +76,14 @@ services:
       MINIO_ROOT_PASSWORD: ChangeMe
     command: [ server, /data ]
   - name: rabbitmq
-    image: rabbitmq:4.0-management
+    image: rabbitmq:4.1-management
   - name: opencti
-    image: nikolaik/python-nodejs:python3.10-nodejs18-alpine
+    image: nikolaik/python-nodejs:python3.11-nodejs22-alpine
     environment:
       APP__ADMIN__PASSWORD: admin
       APP__ADMIN__TOKEN: bfa014e0-e02e-4aa6-a42b-603b19dcf159
+      APP__ENTERPRISE_EDITION_LICENSE:
+        from_secret: ee_license
       REDIS__HOSTNAME: redis
       REDIS__NAMESPACE: raw-start
       ELASTICSEARCH__URL: http://elastic:9200
@@ -97,11 +98,13 @@ services:
     commands:
       - apk add build-base git libffi-dev cargo github-cli
       - chmod 777 scripts/*
+      - pip3 install . --upgrade --force
       - echo "DRONE_SOURCE_BRANCH:${DRONE_SOURCE_BRANCH}, DRONE_PULL_REQUEST:${DRONE_PULL_REQUEST}"
       - ./scripts/clone-opencti.sh "${DRONE_SOURCE_BRANCH}" "${DRONE_TARGET_BRANCH}" "$(pwd)" "${DRONE_PULL_REQUEST}"
       - ls -lart
       - cd opencti/opencti-platform/opencti-graphql
       - yarn install
+      - sed -i '/^pycti==/d' src/python/requirements.txt
       - yarn install:python
       - NODE_OPTIONS=--max_old_space_size=8192 yarn start
 

.github/workflows/auto-set-labels.yml

@@ -3,6 +3,9 @@ on: pull_request
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - uses: actions/checkout@v4
       - name: Setting labels

.github/workflows/check-verified-commit.yml

@@ -0,0 +1,19 @@
+name: Check signed commits in PR 
+on: [pull_request,pull_request_target]
+jobs:
+  check-signed-commits:
+    name: Check signed commits in PR
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+    - name: Information about how to sign commits see https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits
+      # "with comment" below does not work for forks.
+      run: |
+        echo "If you need to sign commits, Please see https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits"
+    - name: Check signed commits in PR on fail see above information.
+      uses: 1Password/check-signed-commits-action@v1
+      with:
+        comment: |
+          Thank you for your contribution, but we need you to sign your commits. Please see https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits

.github/workflows/codeql-analysis.yml

@@ -24,6 +24,11 @@ on:
   schedule:
     - cron: "21 11 * * 0"
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
   analyze:
     name: Analyze

docs/requirements.txt

@@ -1,4 +1,4 @@
 autoapi==2.0.1
 sphinx==8.2.3
-sphinx-autodoc-typehints==2.5.0
+sphinx-autodoc-typehints==3.2.0
 sphinx_rtd_theme==3.0.2

pycti/__init__.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-__version__ = "6.6.3"
+__version__ = "6.8.0"
 
 from .api.opencti_api_client import OpenCTIApiClient
 from .api.opencti_api_connector import OpenCTIApiConnector
@@ -65,9 +65,11 @@
     CustomObservableBankAccount,
     CustomObservableCredential,
     CustomObservableCryptocurrencyWallet,
+    CustomObservableCryptographicKey,
     CustomObservableHostname,
     CustomObservableMediaContent,
     CustomObservablePaymentCard,
+    CustomObservablePersona,
     CustomObservablePhoneNumber,
     CustomObservableText,
     CustomObservableTrackingNumber,
@@ -149,8 +151,10 @@
     "CustomObservableHostname",
     "CustomObservableUserAgent",
     "CustomObservableBankAccount",
+    "CustomObservableCryptographicKey",
     "CustomObservableCryptocurrencyWallet",
     "CustomObservablePaymentCard",
+    "CustomObservablePersona",
     "CustomObservablePhoneNumber",
     "CustomObservableTrackingNumber",
     "CustomObservableText",

pycti/api/opencti_api_client.py

@@ -10,8 +10,15 @@
 
 from pycti import __version__
 from pycti.api.opencti_api_connector import OpenCTIApiConnector
+from pycti.api.opencti_api_draft import OpenCTIApiDraft
+from pycti.api.opencti_api_internal_file import OpenCTIApiInternalFile
+from pycti.api.opencti_api_notification import OpenCTIApiNotification
+from pycti.api.opencti_api_pir import OpenCTIApiPir
 from pycti.api.opencti_api_playbook import OpenCTIApiPlaybook
+from pycti.api.opencti_api_public_dashboard import OpenCTIApiPublicDashboard
+from pycti.api.opencti_api_trash import OpenCTIApiTrash
 from pycti.api.opencti_api_work import OpenCTIApiWork
+from pycti.api.opencti_api_workspace import OpenCTIApiWorkspace
 from pycti.entities.opencti_attack_pattern import AttackPattern
 from pycti.entities.opencti_campaign import Campaign
 from pycti.entities.opencti_capability import Capability
@@ -71,6 +78,25 @@
 from pycti.utils.opencti_stix2_utils import OpenCTIStix2Utils
 
 
+def build_request_headers(token: str, custom_headers: str, app_logger):
+    headers_dict = {
+        "User-Agent": "pycti/" + __version__,
+        "Authorization": "Bearer " + token,
+    }
+    # Build and add custom headers
+    if custom_headers is not None:
+        for header_pair in custom_headers.strip().split(";"):
+            if header_pair:  # Skip empty header pairs
+                try:
+                    key, value = header_pair.split(":", 1)
+                    headers_dict[key.strip()] = value.strip()
+                except ValueError:
+                    app_logger.warning(
+                        "Ignored invalid header pair", {"header_pair": header_pair}
+                    )
+    return headers_dict
+
+
 class File:
     def __init__(self, name, data, mime="text/plain"):
         self.name = name
@@ -99,24 +125,28 @@ class OpenCTIApiClient:
         ```
     :param json_logging: format the logs as json if set to True
     :type json_logging: bool, optional
+    :param bundle_send_to_queue: if bundle will be sent to queue
+    :type bundle_send_to_queue: bool, optional
     :param cert: If String, file path to pem file. If Tuple, a ('path_to_cert.crt', 'path_to_key.key') pair representing the certificate and the key.
     :type cert: str, tuple, optional
-    :param auth: Add a AuthBase class with custom authentication for you OpenCTI infrastructure.
-    :type auth: requests.auth.AuthBase, optional
+    :param custom_headers: Add custom headers to use with the graphql queries
+    :type custom_headers: str, optional must in the format header01:value;header02:value
+    :param perform_health_check: if client init must check the api access
+    :type perform_health_check: bool, optional
     """
 
     def __init__(
         self,
         url: str,
         token: str,
-        log_level="info",
+        log_level: str = "info",
         ssl_verify: Union[bool, str] = False,
         proxies: Union[Dict[str, str], None] = None,
-        json_logging=False,
-        bundle_send_to_queue=True,
+        json_logging: bool = False,
+        bundle_send_to_queue: bool = True,
         cert: Union[str, Tuple[str, str], None] = None,
-        auth=None,
-        perform_health_check=True,
+        custom_headers: str = None,
+        perform_health_check: bool = True,
     ):
         """Constructor method"""
 
@@ -138,22 +168,22 @@ def __init__(
         # Define API
         self.api_token = token
         self.api_url = url + "/graphql"
-        self.request_headers = {
-            "User-Agent": "pycti/" + __version__,
-            "Authorization": "Bearer " + token,
-        }
-
-        if auth is not None:
-            self.session = requests.session()
-            self.session.auth = auth
-        else:
-            self.session = requests.session()
-
+        self.request_headers = build_request_headers(
+            token, custom_headers, self.app_logger
+        )
+        self.session = requests.session()
         # Define the dependencies
         self.work = OpenCTIApiWork(self)
+        self.notification = OpenCTIApiNotification(self)
+        self.trash = OpenCTIApiTrash(self)
+        self.draft = OpenCTIApiDraft(self)
+        self.workspace = OpenCTIApiWorkspace(self)
+        self.public_dashboard = OpenCTIApiPublicDashboard(self)
         self.playbook = OpenCTIApiPlaybook(self)
         self.connector = OpenCTIApiConnector(self)
         self.stix2 = OpenCTIStix2(self)
+        self.pir = OpenCTIApiPir(self)
+        self.internal_file = OpenCTIApiInternalFile(self)
 
         # Define the entities
         self.vocabulary = Vocabulary(self)
@@ -248,13 +278,15 @@ def set_retry_number(self, retry_number):
             "" if retry_number is None else str(retry_number)
         )
 
-    def query(self, query, variables=None):
+    def query(self, query, variables=None, disable_impersonate=False):
         """submit a query to the OpenCTI GraphQL API
 
         :param query: GraphQL query string
         :type query: str
         :param variables: GraphQL query variables, defaults to {}
         :type variables: dict, optional
+        :param disable_impersonate: removes impersonate header if set to True, defaults to False
+        :type disable_impersonate: bool, optional
         :return: returns the response json content
         :rtype: Any
         """
@@ -279,6 +311,9 @@ def query(self, query, variables=None):
             else:
                 query_var[key] = val
 
+        query_headers = self.request_headers.copy()
+        if disable_impersonate and "opencti-applicant-id" in query_headers:
+            del query_headers["opencti-applicant-id"]
         # If yes, transform variable (file to null) and create multipart query
         if len(files_vars) > 0:
             multipart_data = {
@@ -345,7 +380,7 @@ def query(self, query, variables=None):
                 self.api_url,
                 data=multipart_data,
                 files=multipart_files,
-                headers=self.request_headers,
+                headers=query_headers,
                 verify=self.ssl_verify,
                 cert=self.cert,
                 proxies=self.proxies,
@@ -356,7 +391,7 @@ def query(self, query, variables=None):
             r = self.session.post(
                 self.api_url,
                 json={"query": query, "variables": variables},
-                headers=self.request_headers,
+                headers=query_headers,
                 verify=self.ssl_verify,
                 cert=self.cert,
                 proxies=self.proxies,

pycti/api/opencti_api_draft.py

@@ -0,0 +1,19 @@
+class OpenCTIApiDraft:
+    """OpenCTIApiDraft"""
+
+    def __init__(self, api):
+        self.api = api
+
+    def delete(self, **kwargs):
+        id = kwargs.get("id", None)
+        query = """
+            mutation DraftWorkspaceDelete($id: ID!) {
+                draftWorkspaceDelete(id: $id)
+            }
+           """
+        self.api.query(
+            query,
+            {
+                "id": id,
+            },
+        )

pycti/api/opencti_api_internal_file.py

@@ -0,0 +1,26 @@
+class OpenCTIApiInternalFile:
+    """OpenCTIApiInternalFile"""
+
+    def __init__(self, api):
+        self.api = api
+
+    def delete(self, **kwargs):
+        item = kwargs.get("item", None)
+        file_name = self.api.get_attribute_in_extension("id", item)
+        if file_name is not None:
+            query = """
+                mutation InternalFileDelete($fileName: String) {
+                    deleteImport(fileName: $fileName)
+                }
+               """
+            self.api.query(
+                query,
+                {
+                    "fileName": file_name,
+                },
+            )
+        else:
+            self.api.app_logger.error(
+                "[stix_internal_file] Cant delete internal file, missing parameters: fileName"
+            )
+            return None