New tool to validate Attribute values #1361
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Behaves like the built-in validation with `modifyBeforeValidation` and `validate` - Will include also the tooling to use this validation on PyMISP objects or JSON format to validate data that is not coming from MISP
…that happens before validation
…& `filename|hash` attributes
…attributes - Avoiding issues with non str values that don't support some str built-in operations - Avoiding issues with wrong filename|hash value format
- Avoiding issues with wrong composite attribute value format
…s in events - Takes dict or MISPEvent as input - Prepares the attribute values for validation - Validates the attribute values - Returns the validated Event with only valid Attributes - Logs warning messages with the skipped values
…ble outside of the single cli scope
Member
|
Looks great, should I merge it? |
…ng already a datetime object
…ibutes and Objects
… validation - As validation should not be a change per se, we do not want the `edited` flag to be set when we set the value field in attributes, or the `Attribute` field in MISP objects - This avoids `timestamp` fields to be skipped when using `.to_json()`
- As PyMISP already handles properly the different possible types of input given to `from_dict`, it makes more sense here to test whether the type we're expecting is NOT one of the PyMISP classes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As the validation happens on MISP and the idea was not to duplicate it on PyMISP, we simply added it as a new PyMISP tool to make sure we can validate MISP Events that are
dictorMISPEventand pushed to other tools without going through MISP, such as misp-stix or cti-transmute