cti-python-stix2
cti-python-stix2 copied to clipboard
oasis-open
Granular marking selector validation is incorrect
Selector validation fails to validate compliant selectors. Here is an example taken from STIX 2.1 spec section 7.2.3.1:
import stix2
vuln = stix2.parse(
{
"id": "vulnerability--ee916c28-c7a4-4d0d-ad56-a8d357f89fef",
"spec_version": "2.1",
"created": "2016-02-14T00:00:00.000Z",
"modified": "2016-02-14T00:00:00.000Z",
"type": "vulnerability",
"name": "CVE-2014-0160",
"description": "The (1) TLS...",
"external_references": [{
"source_name": "cve",
"external_id": "CVE-2014-0160"
}],
"labels": ["heartbleed", "has-logo"]
}
)
marked_vuln = vuln.add_markings(stix2.TLP_GREEN, "external_references.[0].source_name")
This results in error:
Traceback (most recent call last):
File "...\testx_selector_bug.py", line 42, in <module>
marked_vuln = vuln.add_markings(stix2.TLP_GREEN, "external_references.[0].source_name")
File "...\cti-python-stix2\stix2\markings\__init__.py", line 153, in add_markings
return granular_markings.add_markings(obj, marking, selectors)
File "...\cti-python-stix2\stix2\markings\granular_markings.py", line 165, in add_markings
utils.validate(obj, selectors)
File "...\cti-python-stix2\stix2\markings\utils.py", line 50, in validate
raise exceptions.InvalidSelectorError(obj, s)
stix2.exceptions.InvalidSelectorError: Selector external_references.[0].source_name in Vulnerability is not valid!
