Skip to content
This repository was archived by the owner on Dec 5, 2025. It is now read-only.

Commit e6f6a20

Browse files
author
Samuel Hassine
committed
[client] Fix adding entities/observables to a report
1 parent 9192f7d commit e6f6a20

File tree

1 file changed

+75
-78
lines changed

1 file changed

+75
-78
lines changed

pycti/entities/opencti_report.py

Lines changed: 75 additions & 78 deletions
Original file line numberDiff line numberDiff line change
@@ -271,14 +271,15 @@ def contains_stix_entity(self, **kwargs):
271271
}
272272
"""
273273
result = self.opencti.query(query, {"id": id, "objectId": entity_id})
274-
if not result["data"]["reportContainsStixDomainEntity"]:
275-
query = """
276-
query ReportContainsStixRelation($id: String!, $objectId: String!) {
277-
reportContainsStixRelation(id: $id, objectId: $objectId)
278-
}
279-
"""
280-
result = self.opencti.query(query, {"id": id, "objectId": entity_id})
281-
return result["data"]["reportContainsStixRelation"]
274+
if result["data"]["reportContainsStixDomainEntity"]:
275+
return True
276+
query = """
277+
query ReportContainsStixRelation($id: String!, $objectId: String!) {
278+
reportContainsStixRelation(id: $id, objectId: $objectId)
279+
}
280+
"""
281+
result = self.opencti.query(query, {"id": id, "objectId": entity_id})
282+
return result["data"]["reportContainsStixRelation"]
282283
else:
283284
self.opencti.log(
284285
"error", "[opencti_report] Missing parameters: id or entity_id",
@@ -502,40 +503,40 @@ def add_stix_entity(self, **kwargs):
502503
report = kwargs.get("report", None)
503504
entity_id = kwargs.get("entity_id", None)
504505
if id is not None and entity_id is not None:
505-
if report is None:
506-
return self.contains_stix_entity(id=id, entity_id=entity_id)
507-
elif (
508-
entity_id in report["objectRefsIds"]
509-
or entity_id in report["relationRefsIds"]
510-
):
511-
return True
506+
if report is not None:
507+
if (
508+
entity_id in report["objectRefsIds"]
509+
or entity_id in report["relationRefsIds"]
510+
):
511+
return True
512512
else:
513-
self.opencti.log(
514-
"info",
515-
"Adding Stix-Entity {" + entity_id + "} to Report {" + id + "}",
516-
)
517-
query = """
518-
mutation ReportEdit($id: ID!, $input: RelationAddInput) {
519-
reportEdit(id: $id) {
520-
relationAdd(input: $input) {
521-
id
522-
}
523-
}
513+
if self.contains_stix_entity(id=id, entity_id=entity_id):
514+
return True
515+
self.opencti.log(
516+
"info", "Adding Stix-Entity {" + entity_id + "} to Report {" + id + "}",
517+
)
518+
query = """
519+
mutation ReportEdit($id: ID!, $input: RelationAddInput) {
520+
reportEdit(id: $id) {
521+
relationAdd(input: $input) {
522+
id
523+
}
524524
}
525-
"""
526-
self.opencti.query(
527-
query,
528-
{
529-
"id": id,
530-
"input": {
531-
"fromRole": "knowledge_aggregation",
532-
"toId": entity_id,
533-
"toRole": "so",
534-
"through": "object_refs",
535-
},
525+
}
526+
"""
527+
self.opencti.query(
528+
query,
529+
{
530+
"id": id,
531+
"input": {
532+
"fromRole": "knowledge_aggregation",
533+
"toId": entity_id,
534+
"toRole": "so",
535+
"through": "object_refs",
536536
},
537-
)
538-
return True
537+
},
538+
)
539+
return True
539540
else:
540541
self.opencti.log(
541542
"error", "[opencti_report] Missing parameters: id and entity_id"
@@ -555,48 +556,44 @@ def add_stix_observable(self, **kwargs):
555556
report = kwargs.get("report", None)
556557
stix_observable_id = kwargs.get("stix_observable_id", None)
557558
if id is not None and stix_observable_id is not None:
558-
if report is None:
559-
return self.contains_stix_observable(
560-
id=id, stix_observable_id=stix_observable_id
561-
)
562-
if report is None:
563-
self.opencti.log(
564-
"error", "[opencti_report] Cannot add Object Ref, report not found"
565-
)
566-
return False
567-
if stix_observable_id in report["observableRefsIds"]:
568-
return True
559+
if report is not None:
560+
if stix_observable_id in report["observableRefsIds"]:
561+
return True
569562
else:
570-
self.opencti.log(
571-
"info",
572-
"Adding Stix-Observable {"
573-
+ stix_observable_id
574-
+ "} to Report {"
575-
+ id
576-
+ "}",
577-
)
578-
query = """
579-
mutation ReportEdit($id: ID!, $input: RelationAddInput) {
580-
reportEdit(id: $id) {
581-
relationAdd(input: $input) {
582-
id
583-
}
584-
}
563+
if self.contains_stix_observable(
564+
id=id, stix_observable_id=stix_observable_id
565+
):
566+
return True
567+
self.opencti.log(
568+
"info",
569+
"Adding Stix-Observable {"
570+
+ stix_observable_id
571+
+ "} to Report {"
572+
+ id
573+
+ "}",
574+
)
575+
query = """
576+
mutation ReportEdit($id: ID!, $input: RelationAddInput) {
577+
reportEdit(id: $id) {
578+
relationAdd(input: $input) {
579+
id
580+
}
585581
}
586-
"""
587-
self.opencti.query(
588-
query,
589-
{
590-
"id": id,
591-
"input": {
592-
"fromRole": "observables_aggregation",
593-
"toId": stix_observable_id,
594-
"toRole": "soo",
595-
"through": "observable_refs",
596-
},
582+
}
583+
"""
584+
self.opencti.query(
585+
query,
586+
{
587+
"id": id,
588+
"input": {
589+
"fromRole": "observables_aggregation",
590+
"toId": stix_observable_id,
591+
"toRole": "soo",
592+
"through": "observable_refs",
597593
},
598-
)
599-
return True
594+
},
595+
)
596+
return True
600597
else:
601598
self.opencti.log(
602599
"error",

0 commit comments

Comments
 (0)