Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

taxii_default_query.DefaultQuery.from_xml (Bug?) #169

Open
stkyle opened this issue Feb 10, 2015 · 2 comments
Open

taxii_default_query.DefaultQuery.from_xml (Bug?) #169

stkyle opened this issue Feb 10, 2015 · 2 comments

Comments

@stkyle
Copy link
Contributor

stkyle commented Feb 10, 2015

Assembling a DefaultQuery object from an XML string that contains a blank Parameter value results in that value being assigned the string 'None'.

Example (Note 2nd Parameter tag is empty string):

trial_query_str = """<taxii_11:Query xmlns:taxii="http://taxii.mitre.org/messages/taxii_xml_binding-1" xmlns:taxii_11="http://taxii.mitre.org/messages/taxii_xml_binding-1.1" xmlns:tdq="http://taxii.mitre.org/query/taxii_default_query-1" format_id="urn:taxii.mitre.org:query:default:1.0">
  <tdq:Default_Query targeting_expression_id="urn:stix.mitre.org:xml:1.1">
    <tdq:Criteria operator="AND">
      <tdq:Criterion negate="false">
        <tdq:Target>**</tdq:Target>
        <tdq:Test capability_id="urn:taxii.mitre.org:query:capability:core-1" relationship="equals">
          <tdq:Parameter name="match_type">case_sensitive_string</tdq:Parameter>
          <tdq:Parameter name="value"></tdq:Parameter>
        </tdq:Test>
      </tdq:Criterion>
    </tdq:Criteria>
  </tdq:Default_Query>
</taxii_11:Query>"""

import libtaxii.taxii_default_query as tdq

# Convert to Default Query Object
trial_query_obj = tdq.DefaultQuery.from_xml(trial_query_str)

# Get Criterion List
trial_query_criterion_list = trial_query_obj.criteria.criterion

# Get First Criterion Object
trial_query_criterion = trial_query_criterion_list[0]

# Print Criterion List
print("Parameters %s" % str(trial_query_criterion.test.parameters))
print("Note 2nd Parameter tag is nolonger empty string")
@MarkDavidson
Copy link
Contributor

@stkyle,

What you're seeing is due to how lxml, the underlying XML library that libtaxii uses, treats empty XML elements (<element/> is equivalent to <element></element>) and the fact that I've never run into this edge case before. I agree that what your seeing is unexpected (and therefore should be changed), but I'm having trouble figuring out what the change should be.

The two options that jump to my mind are:

  1. Treat Parameter.text == None as an empty string instead.
  2. Raise an error when Parameter.text == None

I think that the use cases that you and other are attempting to support will help guide the right choice. Are you trying to do something where matching on an empty string is desirable? Or is it just something you ran into? If it's the former, #1 might be a better options. If it's the latter, #2 might be the better option.

Let me know what you think - this is certainly interesting.

Thank you.

@stkyle
Copy link
Contributor Author

stkyle commented Feb 10, 2015

Thanks Mark, I really just ran into it. I'm assembling dynamic TAXII Queries given form field entries and I noticed this and it got me thinking....is it conceivable that someone would want to query for a blank parameter value and, if so, how would that be communicated using an XML message binding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarkDavidson @stkyle