[client] Fix some bugs and take into account the update of existing data

Samuel Hassine · Samuel Hassine · commit c1c0c5dac636 · 2019-12-04T21:47:47.000+01:00
diff --git a/pycti/api/opencti_api_client.py b/pycti/api/opencti_api_client.py
@@ -580,7 +580,7 @@ def create_marking_definition_if_not_exists(self,
                                                 ):
         object_result = None
         if stix_id_key is not None:
-            object_result = self.marking_definition.read(filters=[{'key': 'stix_id_key', 'values': [stix_id_key]}])
+            object_result = self.marking_definition.read(id=stix_id_key)
             if object_result is None:
                 object_result = self.marking_definition.read(filters=[
                     {'key': 'definition_type', 'values': [definition_type]},
@@ -1977,7 +1977,7 @@ def get_reports(self, limit=10000):
 
     @deprecated(version='2.1.0', reason="Replaced by the Report class in pycti")
     def get_reports_by_stix_entity_stix_id(self, stix_entity_stix_id, limit=10000):
-        stix_entity_result = self.stix_entity.read(filters=[{'key': 'stix_id_key', 'values': [stix_entity_stix_id]}])
+        stix_entity_result = self.stix_entity.read(id=stix_entity_stix_id)
         if stix_entity_result is not None:
             return self.report.list(filters=[
                 {'key': 'knowledgeContains', 'values': [stix_entity_result['id']]},
diff --git a/pycti/connector/opencti_connector_helper.py b/pycti/connector/opencti_connector_helper.py
@@ -166,7 +166,7 @@ def date_now(self):
         return datetime.datetime.utcnow().replace(microsecond=0, tzinfo=datetime.timezone.utc).isoformat()
 
     # Push Stix2 helper
-    def send_stix2_bundle(self, bundle, entities_types=None):
+    def send_stix2_bundle(self, bundle, entities_types=None, update=False, confidence_level=1):
         if entities_types is None:
             entities_types = []
         bundles = self.split_stix2_bundle(bundle)
@@ -175,11 +175,11 @@ def send_stix2_bundle(self, bundle, entities_types=None):
         pika_connection = pika.BlockingConnection(pika.URLParameters(self.config['uri']))
         channel = pika_connection.channel()
         for bundle in bundles:
-            self._send_bundle(channel, bundle, entities_types)
+            self._send_bundle(channel, bundle, entities_types, update, confidence_level)
         channel.close()
         return bundles
 
-    def _send_bundle(self, channel, bundle, entities_types=None):
+    def _send_bundle(self, channel, bundle, entities_types=None, update=False, confidence_level=1):
         """
             This method send a STIX2 bundle to RabbitMQ to be consumed by workers
             :param bundle: A valid STIX2 bundle
@@ -205,6 +205,8 @@ def _send_bundle(self, channel, bundle, entities_types=None):
         message = {
             'job_id': job_id,
             'entities_types': entities_types,
+            'update': update,
+            'confidence_level': confidence_level,
             'content': base64.b64encode(bundle.encode('utf-8')).decode('utf-8')
         }
 
diff --git a/pycti/entities/opencti_report.py b/pycti/entities/opencti_report.py
@@ -213,7 +213,7 @@ def get_by_stix_id_or_name(self, **kwargs):
         published = kwargs.get('published', None)
         object_result = None
         if stix_id_key is not None:
-            object_result = self.read(filters=[{'key': 'stix_id_key', 'values': [stix_id_key]}])
+            object_result = self.read(id=stix_id_key)
         if object_result is None and name is not None and published is not None:
             published_final = parse(published).strftime('%Y-%m-%d')
             object_result = self.read(filters=[
diff --git a/pycti/utils/opencti_stix2.py b/pycti/utils/opencti_stix2.py
@@ -1276,15 +1276,13 @@ def create_indicator(self, stix_object, update=False):
 
         # check that the indicator type and value have been set before creating the indicator
         if indicator_type and indicator_value:
-            return self.opencti.create_stix_observable_if_not_exists(
-                indicator_type,
-                indicator_value,
-                self.convert_markdown(stix_object['description']) if 'description' in stix_object else '',
-                stix_object[CustomProperties.ID] if CustomProperties.ID in stix_object else None,
-                stix_object['id'] if 'id' in stix_object else None,
-                stix_object['created'] if 'created' in stix_object else None,
-                stix_object['modified'] if 'modified' in stix_object else None,
-                update
+            return self.opencti.stix_observable.create(
+                type=indicator_type,
+                observable_value=indicator_value,
+                description=self.convert_markdown(stix_object['description']) if 'description' in stix_object else '',
+                id=stix_object[CustomProperties.ID] if CustomProperties.ID in stix_object else None,
+                stix_id_key=stix_object['id'] if 'id' in stix_object else None,
+                update=update
             )
         else:
             # log that the indicator could not be parsed
diff --git a/setup.py b/setup.py
@@ -13,7 +13,7 @@
     print("warning: pypandoc module not found, could not convert Markdown to RST")
     read_md = lambda f: open(f, 'r').read()
 
-VERSION = "2.1.1"
+VERSION = "2.1.2"
 
 
 class VerifyVersionCommand(install):
