Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running the validator from the elevator with different options causes an exception #94

Open
rpiazza opened this issue Sep 30, 2019 · 1 comment
Open

Running the validator from the elevator with different options causes an exception #94

rpiazza opened this issue Sep 30, 2019 · 1 comment

Comments

@rpiazza
Copy link
Contributor

rpiazza commented Sep 30, 2019

From the 2.1-wd05 branch of the elevator, run both of the followiing:

cli.py /Users/rpiazza/git/stix/cti-stix-elevator/idioms-xml/issue62.xml -v 2.1 --validator-args "--version 2.1"
cli.py /Users/rpiazza/git/stix/cti-stix-elevator/idioms-xml/issue62.xml -v 2.1

The first will run and generate STIX 2.1. The second one causes this exception:

Traceback (most recent call last):
  File "/Users/rpiazza/py-envs/python3.7/lib/python3.7/site-packages/stix2_patterns-1.1.0-py3.7.egg/stix2patterns/grammars/STIXPatternParser.py", line 1226, in propTest
    la_ = self._interp.adaptivePredict(self._input,15,self._ctx)
  File "/Users/rpiazza/py-envs/python3.7/lib/python3.7/site-packages/antlr4_python3_runtime-4.7.2-py3.7.egg/antlr4/atn/ParserATNSimulator.py", line 342, in adaptivePredict
    alt = self.execATN(dfa, s0, input, index, outerContext)
  File "/Users/rpiazza/py-envs/python3.7/lib/python3.7/site-packages/antlr4_python3_runtime-4.7.2-py3.7.egg/antlr4/atn/ParserATNSimulator.py", line 414, in execATN
    raise e
antlr4.error.Errors.NoViableAltException: None

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/rpiazza/git/stix/cti-stix-elevator/stix2elevator/cli.py", line 200, in <module>
    main()
  File "/Users/rpiazza/git/stix/cti-stix-elevator/stix2elevator/cli.py", line 192, in main
    result = elevate_file(elevator_args.file_)
  File "/Users/rpiazza/git/stix/cti-stix-elevator/stix2elevator/__init__.py", line 82, in elevate_file
    validation_results = validate_stix2_string(json_string, validator_options, fn)
  File "/Users/rpiazza/git/stix/cti-stix-elevator/stix2elevator/__init__.py", line 36, in validate_stix2_string
    results = validate_string(json_string, validator_options)
  File "/Users/rpiazza/git/stix/cti-stix-validator/stix2validator/validator.py", line 486, in validate_string
    return validate(stream, options)
  File "/Users/rpiazza/git/stix/cti-stix-validator/stix2validator/validator.py", line 421, in validate
    results = validate_parsed_json(obj_json, options)
  File "/Users/rpiazza/git/stix/cti-stix-validator/stix2validator/validator.py", line 398, in validate_parsed_json
    results = validate_instance(obj_json, options)
  File "/Users/rpiazza/git/stix/cti-stix-validator/stix2validator/validator.py", line 755, in validate_instance
    warnings = [pretty_error(x, options.verbose) for x in warnings]
  File "/Users/rpiazza/git/stix/cti-stix-validator/stix2validator/validator.py", line 755, in <listcomp>
    warnings = [pretty_error(x, options.verbose) for x in warnings]
  File "/Users/rpiazza/git/stix/cti-stix-validator/stix2validator/validator.py", line 62, in _iter_errors_custom
    for err in _iter_errors_custom(obj, checks, options):
  File "/Users/rpiazza/git/stix/cti-stix-validator/stix2validator/validator.py", line 52, in _iter_errors_custom
    for x in result:
  File "/Users/rpiazza/git/stix/cti-stix-validator/stix2validator/v21/shoulds.py", line 1069, in types_strict
    p = Pattern(pattern)
  File "/Users/rpiazza/py-envs/python3.7/lib/python3.7/site-packages/stix2_patterns-1.1.0-py3.7.egg/stix2patterns/pattern.py", line 34, in __init__
    self.__parse_tree = self.__do_parse(pattern_str)
  File "/Users/rpiazza/py-envs/python3.7/lib/python3.7/site-packages/stix2_patterns-1.1.0-py3.7.egg/stix2patterns/pattern.py", line 117, in __do_parse
    real_exc)
  File "<string>", line 3, in raise_from
stix2patterns.pattern.ParseException: 1:897: no viable alternative at input 'unconverted_term:WinExecutableFileObj.exportsAND'
@rpiazza
Copy link
Contributor Author

rpiazza commented Oct 2, 2019

These two pull requests oasis-open/cti-pattern-validator#63 and oasis-open/cti-pattern-validator#64 seems to be unrelated.
Here is the pattern:

"[((file:hashes.MD5 = '5d8129be965fab8115eca34fc84bd7f0' OR file:hashes.'SHA-1' = '2b999e7db890cc77f0098a091de756a1803a3c2b' OR file:hashes.'SHA-256' = '2c5dd8a64437cb2dd4b6747139c61d2d7f53ab3ddedbf22df3cb01bae170715b' OR file:hashes.ssdeep = '768:mvAFYk0IOqi7RKW1RD1ZCrm82+AnbaAOdoOKL70ehP:cDIOqctz2rBmbZoa71hP') AND file:name = 'VirusShare_5d8129be965fab8115eca34fc84bd7f0' AND file:size = 40654 AND (((file:extensions.'windows-pebinary-ext'.section[*].name = '.rdata' AND file:extensions.'windows-pebinary-ext'.section[*].entropy = 7.74202363178) AND (file:extensions.'windows-pebinary-ext'.section[*].name = '.data' AND file:extensions.'windows-pebinary-ext'.section[*].entropy = 7.89204688601) AND (file:extensions.'windows-pebinary-ext'.section[*].name = '.upx' AND file:extensions.'windows-pebinary-ext'.section[*].entropy = 7.31815613066)) AND unconverted_term:WinExecutableFileObj.exports AND unconverted_term:WinExecutableFileObj.imports))]",

The AND is at the end....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rpiazza