Bug: misp2stix.py tries to map MISP Sighting's 'source' field to non-existing 'description' field in STIX Sighting SRO

[cj-gyorgy-luptak]

MISP-STIX usage

Within MISP core

Expected behavior

I tried to export a MISP Event to STIX2 via the web GUI's 'Download as...' functionality. This event contained Attributes with such Sightings, where the 'source' field was set. The export should be successful.

Actual behavior

The export failed with the message on the web GUI: "An Internal Error Has Occurred."

Looking into var/www/MISP/app/tmp/logs/error.log the following error msg was shown (full log msg below):
2022-11-04 15:43:18 Error: [Exception] Error while processing your query during STIX export: Unexpected properties for Sighting: (description).

Looking into exec-errors.log (log excerpt included below) I found the ExtraPropertiesError, which produces the same error message as I saw in the error.log (Unexpected properties for...) Going up from here it looks like to me, that upon the creation of the Sighting SRO from a MISP Sighting, the 'description' field has been set somewhere.

Looking into STIX2.0 standard, the Sighting SRO does not include a 'description' field (http://docs.oasis-open.org/cti/stix/v2.0/cs01/part2-stix-objects/stix-v2.0-cs01-part2-stix-objects.html#_Toc496714342).
In STIX2.1, it does have one (https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_a795guqsap3r).

In L336 of misp_to_stix2.py, the mapping of MISP Sighting's 'source' field to STIX Sightings 'description' field is made. I believe it is done regardless of the output STIX standard (2.0 or 2.1) to be used.

Steps to reproduce

1. Get an event in MISP with Attributes, whose Sightings have the 'source' field set.
2. Using the web GUI's 'Download as...' functionality, try to export the event in STIX2 format.

Version

2.4.164

Python version

3.6.9

Relevant log output

/var/www/MISP/app/tmp/logs/exec-errors.log:

[2022-11-04 15:43:17 31692] Running command python3 /var/www/MISP/app/files/scripts/stix2/misp2stix2.py -v 2.0 -i /var/www/MISP/app/tmp/MISPPzwAoF
  File "/var/www/MISP/app/files/scripts/stix2/misp2stix2.py", line 52, in _process_misp_files
    parser.parse_json_content(name)
  File "/var/www/MISP/app/files/scripts/misp-stix/misp_stix_converter/misp2stix/misp_to_stix2.py", line 57, in parse_json_content
    self._parse_misp_event(event)
  File "/var/www/MISP/app/files/scripts/misp-stix/misp_stix_converter/misp2stix/misp_to_stix2.py", line 115, in _parse_misp_event
    self._parse_event_data()
  File "/var/www/MISP/app/files/scripts/misp-stix/misp_stix_converter/misp2stix/misp_to_stix20.py", line 108, in _parse_event_data
    self._resolve_attribute(attribute)
  File "/var/www/MISP/app/files/scripts/misp-stix/misp_stix_converter/misp2stix/misp_to_stix2.py", line 363, in _resolve_attribute
    self._attribute_error(attribute, exception)
  File "/var/www/MISP/app/files/scripts/misp-stix/misp_stix_converter/misp2stix/exportparser.py", line 211, in _attribute_error
    self._parse_custom_attribute(attribute)
  File "/var/www/MISP/app/files/scripts/misp-stix/misp_stix_converter/misp2stix/misp_to_stix2.py", line 511, in _parse_custom_attribute
    self._handle_sightings(attribute['Sighting'], custom_id)
  File "/var/www/MISP/app/files/scripts/misp-stix/misp_stix_converter/misp2stix/misp_to_stix2.py", line 337, in _handle_sightings
    getattr(self, self._results_handling_function)(self._create_sighting(sighting_args))
  File "/var/www/MISP/app/files/scripts/misp-stix/misp_stix_converter/misp2stix/misp_to_stix20.py", line 1163, in _create_sighting
    return Sighting(**sighting_args)
  File "/var/www/MISP/app/files/scripts/cti-python-stix2/stix2/v20/sro.py", line 87, in __init__
    super(Sighting, self).__init__(**kwargs)
  File "/var/www/MISP/app/files/scripts/cti-python-stix2/stix2/base.py", line 166, in __init__
    raise ExtraPropertiesError(cls, custom_kwargs)

/var/www/MISP/app/tmp/logs/error.log:

2022-11-04 15:43:18 Error: [Exception] Error while processing your query during STIX export: Unexpected properties for Sighting: (description).
Request URL: /events/restSearch/stix2/eventid:2890
Stack Trace:
#0 /var/www/MISP/app/Model/Event.php(7036): StixExport->footer(Array)
#1 /var/www/MISP/app/Controller/AppController.php(1260): Event->restSearch(Array, 'stix2', Array, false, false, 1, false)
#2 [internal function]: AppController->restSearch('stix2')
#3 /var/www/MISP/app/Lib/cakephp/lib/Cake/Controller/Controller.php(499): ReflectionMethod->invokeArgs(Object(EventsController), Array)
#4 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction(Object(CakeRequest))
#5 /var/www/MISP/app/Lib/cakephp/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(EventsController), Object(CakeRequest))
#6 /var/www/MISP/app/webroot/index.php(99): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
#7 {main}

Extra attachments

No response

Code of Conduct

• I agree to follow this project's Code of Conduct