Should python-cybox try to validate passed input values?

[marlontaylor]

In this example the API tries to cast portObj/port_value as a number rather than leave it as a string.

input.xml

<?xml version="1.0" encoding="UTF-8" ?>
<stix:STIX_Package 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:stix="http://stix.mitre.org/stix-1" 
xmlns:stixCommon="http://stix.mitre.org/common-1" 
xmlns:cybox="http://cybox.mitre.org/cybox-2" 
xmlns:PortObj="http://cybox.mitre.org/objects#PortObject-2" 
xsi:schemaLocation="
http://stix.mitre.org/stix-1 http://stix.mitre.org/XMLSchema/core/1.1.1/stix_core.xsd 
http://stix.mitre.org/common-1 http://stix.mitre.org/XMLSchema/common/1.1.1/stix_common.xsd 
http://cybox.mitre.org/cybox-2 http://cybox.mitre.org/XMLSchema/core/2.1/cybox_core.xsd 
http://cybox.mitre.org/objects#PortObject-2 http://cybox.mitre.org/XMLSchema/objects/Port/2.1/Port_Object.xsd 
" 
version="1.1.1" 
xmlns:example_namespace="example_namespace/">

  <stix:Observables cybox_major_version="2" cybox_minor_version="1" cybox_update_version="0">
    <cybox:Observable id="example_namespace:Observable-e4a7f977-687b-4e0f-9e50-0e9dfa6e4d99">
      <cybox:Title>PortObj Title</cybox:Title>
      <cybox:Description>PortObj Description</cybox:Description>
      <cybox:Object id="example_namespace:Object-893dcdb4-312a-4dd7-8e6d-40c991d51ab6">
        <cybox:Properties xsi:type="PortObj:PortObjectType">
          <PortObj:Port_Value>port value</PortObj:Port_Value>
          <PortObj:Layer4_Protocol>DCCP</PortObj:Layer4_Protocol>
        </cybox:Properties>
      </cybox:Object>
    </cybox:Observable>
  </stix:Observables>
</stix:STIX_Package>

script.py

#!/usr/bin/env python
# Copyright (c) 2014, The MITRE Corporation. All rights reserved.
# See LICENSE.txt for complete terms.
'''
Description: Round-trip example. This script takes a STIX instance document from XML to
a binding object, then to a api object and then to a dictionary. That dictionary is then
converted back into an api object, which is then used to generate an XML document.
'''
import io
from pprint import pprint
from stix.core import STIXPackage
from stix.indicator import Indicator
import stix.bindings.stix_core as stix_core_binding

def main():
    fn = 'input.xml'
    stix_package = STIXPackage.from_xml(fn)
    stix_dict = stix_package.to_dict() # parse to dictionary
    pprint(stix_dict)
    stix_package_two = STIXPackage.from_dict(stix_dict) # create python-stix object from dictionary
    xml = stix_package_two.to_xml() # generate xml from python-stix object
    print(xml)

if __name__ == '__main__':
    main()

error

Traceback (most recent call last):
  File "script.py", line 25, in <module>
    main()
  File "script.py", line 17, in main
    stix_package = STIXPackage.from_xml(fn)
  File "/usr/lib/python2.6/site-packages/stix/core/stix_package.py", line 431, in from_xml
    return parser.parse_xml(xml_file)
  File "/usr/lib/python2.6/site-packages/stix/utils/parser.py", line 185, in parse_xml
    stix_package = STIXPackage().from_obj(stix_package_obj)
  File "/usr/lib/python2.6/site-packages/stix/core/stix_package.py", line 395, in from_obj
    return_obj.observables = Observables.from_obj(obj.Observables)
  File "/usr/lib/python2.6/site-packages/cybox/core/observable.py", line 326, in from_obj
    obs.add(Observable.from_obj(o))
  File "/usr/lib/python2.6/site-packages/cybox/core/observable.py", line 212, in from_obj
    obs.object_ = Object.from_obj(observable_obj.Object)
  File "/usr/lib/python2.6/site-packages/cybox/core/object.py", line 130, in from_obj
    obj.properties = ObjectProperties.from_obj(object_obj.Properties)
  File "/usr/lib/python2.6/site-packages/cybox/common/object_properties.py", line 158, in from_obj
    defobj = klass.from_obj(defobj_obj)
  File "/usr/lib/python2.6/site-packages/cybox/common/object_properties.py", line 145, in from_obj
    return super(ObjectProperties, cls()).from_obj(defobj_obj)
  File "/usr/lib/python2.6/site-packages/cybox/__init__.py", line 194, in from_obj
    val = field.type_.from_obj(val)
  File "/usr/lib/python2.6/site-packages/cybox/common/properties.py", line 275, in from_obj
    attr._populate_from_obj(attr_obj)
  File "/usr/lib/python2.6/site-packages/cybox/common/properties.py", line 297, in _populate_from_obj
    self.delimiter)
  File "/usr/lib/python2.6/site-packages/cybox/common/properties.py", line 68, in value
    self._value = self._parse_value(value_)
  File "/usr/lib/python2.6/site-packages/cybox/common/properties.py", line 362, in _parse_value
    return int(value, 0)
ValueError: invalid literal for int() with base 0: 'port value'

[gtback]

Under what cases do you anticipate needing to use non-integer values for Port_Value?

The default datatype value is integer. I forget whether we actually implemented logic that checks for non-default data types and parses the value differently.

[gtback]

I think it makes sense to try to do the int conversion, but if it fails, store the value as a string rather than raising a cryptic ValueError to the user.