[client] Fix dates in the future during import (#68, #66)

examples/import_stix2_file.py

@@ -3,8 +3,8 @@
 from pycti import OpenCTIApiClient
 
 # Variables
-api_url = "http://localhost:4000"
-api_token = "0b23f787-d013-41a8-8078-97bee84cc99d"
+api_url = "https://demo.opencti.io"
+api_token = "2b4f29e3-5ea8-4890-8cf5-a76f61f1e2b2"
 
 # OpenCTI initialization
 opencti_api_client = OpenCTIApiClient(api_url, api_token)

pycti/entities/opencti_stix_observable.py

@@ -374,7 +374,10 @@ def update_field(self, **kwargs):
                 result["data"]["stixObservableEdit"]["fieldPatch"]
             )
         else:
-            self.opencti.log("error", "[opencti_stix_observable_update_field] Missing parameters: id and key and value")
+            self.opencti.log(
+                "error",
+                "[opencti_stix_observable_update_field] Missing parameters: id and key and value",
+            )
             return None
 
     """
@@ -498,4 +501,4 @@ def update_created_by_ref(self, **kwargs):
 
         else:
             self.opencti.log("error", "Missing parameters: id and identity_id")
-            return False
+            return False

pycti/utils/opencti_stix2.py

@@ -295,19 +295,21 @@ def extract_embedded_relationships(self, stix_object, types=None):
                     # Extract date
                     try:
                         if "description" in external_reference:
-                            matches = list(
-                                datefinder.find_dates(external_reference["description"])
+                            matches = datefinder.find_dates(
+                                external_reference["description"]
                             )
                         else:
-                            matches = list(datefinder.find_dates(source_name))
+                            matches = datefinder.find_dates(source_name)
                     except:
-                        matches = []
-                    if len(matches) > 0:
-                        published = list(matches)[0].strftime("%Y-%m-%dT%H:%M:%SZ")
-                    else:
-                        published = datetime.datetime.today().strftime(
-                            "%Y-%m-%dT%H:%M:%SZ"
-                        )
+                        matches = None
+                    published = None
+                    today = datetime.datetime.today()
+                    if matches is not None:
+                        for match in matches:
+                            if match < today:
+                                published = match.strftime("%Y-%m-%dT%H:%M:%SZ")
+                    if published is None:
+                        published = today.strftime("%Y-%m-%dT%H:%M:%SZ")
 
                     if "mitre" in source_name and "name" in stix_object:
                         title = "[MITRE ATT&CK] " + stix_object["name"]
@@ -595,25 +597,23 @@ def import_relationship(self, stix_relation, update=False, types=None):
             for external_reference in stix_relation["external_references"]:
                 try:
                     if "description" in external_reference:
-                        matches = list(
-                            datefinder.find_dates(external_reference["description"])
+                        matches = datefinder.find_dates(
+                            external_reference["description"]
                         )
                     else:
-                        matches = list(
-                            datefinder.find_dates(external_reference["source_name"])
+                        matches = datefinder.find_dates(
+                            external_reference["source_name"]
                         )
                 except:
-                    matches = []
-                if len(matches) > 0:
-                    date = matches[0].strftime("%Y-%m-%dT%H:%M:%SZ")
-                else:
-                    date = datetime.datetime.today().strftime("%Y-%m-%dT%H:%M:%SZ")
+                    matches = None
+                date = None
+                today = datetime.datetime.today()
+                if matches is not None:
+                    for match in matches:
+                        if match < today:
+                            date = match.strftime("%Y-%m-%dT%H:%M:%SZ")
         if date is None:
-            date = (
-                datetime.datetime.utcnow()
-                .replace(microsecond=0, tzinfo=datetime.timezone.utc)
-                .isoformat()
-            )
+            date = datetime.datetime.today().strftime("%Y-%m-%dT%H:%M:%SZ")
 
         stix_relation_result = None
         if StixObservableRelationTypes.has_value(stix_relation["relationship_type"]):
@@ -1284,11 +1284,15 @@ def prepare_export(
                 observables_stix_ids = (
                     observables_stix_ids + observable_object_data["stixIds"]
                 )
-                if stix_object['type'] == 'report':
-                    if 'object_refs' in stix_object:
-                        stix_object['object_refs'].append(observable_object_data['observedData']['id'])
+                if stix_object["type"] == "report":
+                    if "object_refs" in stix_object:
+                        stix_object["object_refs"].append(
+                            observable_object_data["observedData"]["id"]
+                        )
                     else:
-                        stix_object['object_refs'] = [observable_object_data['observedData']['id']]
+                        stix_object["object_refs"] = [
+                            observable_object_data["observedData"]["id"]
+                        ]
         result.append(stix_object)
 
         if mode == "simple":
@@ -1387,7 +1391,7 @@ def prepare_export(
             final_result = []
             for entity in result:
                 if entity["type"] == "report":
-                    if 'object_refs' in entity:
+                    if "object_refs" in entity:
                         entity["object_refs"] = [
                             k for k in entity["object_refs"] if k in uuids
                         ]

setup.py

@@ -13,7 +13,7 @@
     print("warning: pypandoc module not found, could not convert Markdown to RST")
     read_md = lambda f: open(f, "r").read()
 
-VERSION = "3.0.2"
+VERSION = "3.0.3"
 
 
 class VerifyVersionCommand(install):