From 277dfcdb97ed9de75a08e0d10676538d76ffee78 Mon Sep 17 00:00:00 2001 From: haraksin Date: Wed, 6 May 2020 21:05:36 -0700 Subject: [PATCH] Dealing with key issue in search Line 70 --- .gitignore | 1 + misp_taxii_hooks/hooks.py | 20 +++++++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 55a48d0..b09e2b4 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ config.yaml __pycache__ build dist +hooks_2.py \ No newline at end of file diff --git a/misp_taxii_hooks/hooks.py b/misp_taxii_hooks/hooks.py index 85d7566..8a7ae0d 100644 --- a/misp_taxii_hooks/hooks.py +++ b/misp_taxii_hooks/hooks.py @@ -67,12 +67,22 @@ def post_stix(manager, content_block, collection_ids, service_id): for attrib in values: log.info("Checking for existence of %s", attrib) search = MISP.search("attributes", values=str(attrib)) - if search["response"]["Attribute"] != []: - # This means we have it! - log.info("%s is a duplicate, we'll ignore it.", attrib) - package.attributes.pop([x.value for x in package.attributes].index(attrib)) + if 'response' in search: + if search["response"]["Attribute"] != []: + # This means we have it! + log.info("%s is a duplicate, we'll ignore it.", attrib) + package.attributes.pop([x.value for x in package.attributes].index(attrib)) + else: + log.info("%s is unique, we'll keep it", attrib) + elif 'Attribute' in search: + if search["Attribute"] != []: + # This means we have it! + log.info("%s is a duplicate, we'll ignore it.", attrib) + package.attributes.pop([x.value for x in package.attributes].index(attrib)) + else: + log.info("%s is unique, we'll keep it", attrib) else: - log.info("%s is unique, we'll keep it", attrib) + log.error("Something went wrong with search, and it doesn't have an 'attribute' or a 'response' key: {}".format(search.keys())) # Push the event to MISP # TODO: There's probably a proper method to do this rather than json_full