OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Parsing corrupt STIXPackages in python-stix


I am running into issues parsing STIX Packages containing corrupted Indicators 
and/or Observables reliably with python-stix.

Performing some research on the python-stix code, it appears there is not a 
good way to catch exceptions at a very granular, per-entity level.

There is some code in the stix.utils.parser module, which in theory seems like 
it would help with this, but it doesn't appear to have granular 
exception-catching capability either.

Therefore, when the code comes across a CybOX FileObj w/ a bogus 
Size_In_Bytes, the exception disrupts parsing the entire STIX Package not just 
the corrupted / invalid entity:

<FileObj:Size_In_Bytes condition="Equals">380058 bytes</FileObj:Size_In_Bytes>

ValueError: invalid literal for long() with base 10: '380058 bytes'
File ".../venv/lib/python2.7/site-packages/cybox/common/properties.py", line 514, in _parse_value
  return long(value, 0)

How can I perform a best-effort parse with python-stix in order to operate as 
properly as possible in such situations?

Thanks,
Matthew.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]