Failed to parse STIX file because hash value is empty #320
Description
According to the following schema, hash value is allowed to be empty because there is no 'minLength' setting.
<xs:complexType name="HexBinaryObjectPropertyType">
<xs:annotation>
<xs:documentation>The HexBinaryObjectPropertyType is a type (extended from BaseObjectPropertyType) representing the specification of a single Object property whose core value is of type HexBinary. This type will be assigned to any property of a CybOX object that should contain content of type HexBinary and enables the use of relevant metadata for the property.</xs:documentation>
<xs:documentation>Properties that use this type can express multiple values by providing them using a delimiter-separated list. The default delimiter is '##comma##' (no quotes) but can be overridden through use of the delimiter field. Note that whitespace is preserved and so, when specifying a list of values, do not include a space following the delimiter in a list unless the first character of the next list item should, in fact, be a space.</xs:documentation>
</xs:annotation>
<xs:simpleContent>
<xs:restriction base="cyboxCommon:BaseObjectPropertyType">
<xs:simpleType>
<xs:union memberTypes="xs:string"/>
</xs:simpleType>
<xs:attribute name="datatype" type="cyboxCommon:DatatypeEnum" default="hexBinary">
<xs:annotation>
<xs:documentation>This attribute is optional and specifies the type of the value of the specified property. If a type different than the default is used, it MUST be specified here.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:restriction>
</xs:simpleContent>
</xs:complexType>But I got an error when I parsed the following STIX file.
<stix:STIX_Package
xmlns:stix="http://stix.mitre.org/stix-1"
xmlns:FileObj="http://cybox.mitre.org/objects#FileObject-2"
xmlns:cybox="http://cybox.mitre.org/cybox-2"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:cyboxVocabs="http://cybox.mitre.org/default_vocabularies-2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:ihstix="http://www.qcert.org"
xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1"
xmlns:indicator="http://stix.mitre.org/Indicator-2"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:stixCommon="http://stix.mitre.org/common-1"
xmlns:cyboxCommon="http://cybox.mitre.org/common-2"
xmlns:xlink="http://www.w3.org/1999/xlink"
id="ihstix:Package-0c5ca78f-ae58-4d30-96b8-c056d62ac0b1" version="1.1.1">
<stix:STIX_Header>
<stix:Description>Email- link to malicious Powershell, malicious Alfa Web Shell developed since a long time </stix:Description>
</stix:STIX_Header>
<stix:Indicators>
<stix:Indicator id="ihstix:indicator-c341725d-e11e-4908-806a-93fb80f2bacc" timestamp="2019-03-29T09:05:07.870837+00:00" xsi:type="indicator:IndicatorType">
<indicator:Title>: hashes</indicator:Title>
<indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.1">File Hash Watchlist</indicator:Type>
<indicator:Description/>
<indicator:Observable id="ihstix:Observable-9df9c7d2-5cab-4bea-9451-467654028f01">
<cybox:Object id="ihstix:IhFile-c56f3632-c762-4f20-b344-37ea24dd4a0b">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:File_Name condition="Equals"/>
<FileObj:Hashes>
<cyboxCommon:Hash>
<cyboxCommon:Type condition="Equals" xsi:type="cyboxVocabs:HashNameVocab-1.0">MD5</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value condition="Equals">09ffd414668ee6cf12e30fad2f0799cb</cyboxCommon:Simple_Hash_Value>
</cyboxCommon:Hash>
<cyboxCommon:Hash>
<cyboxCommon:Type condition="Equals" xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA256</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value condition="Equals"/>
</cyboxCommon:Hash>
<cyboxCommon:Hash>
<cyboxCommon:Type condition="Equals" xsi:type="cyboxVocabs:HashNameVocab-1.0">SHA1</cyboxCommon:Type>
<cyboxCommon:Simple_Hash_Value condition="Equals"/>
</cyboxCommon:Hash>
</FileObj:Hashes>
</cybox:Properties>
</cybox:Object>
</indicator:Observable>
<indicator:Confidence timestamp="2019-03-29T09:05:07.871038+00:00">
<stixCommon:Value>Low</stixCommon:Value>
</indicator:Confidence>
</stix:Indicator>
</stix:Indicators>
</stix:STIX_Package>Error
Traceback (most recent call last):
File "script.py", line 13, in <module>
main(sys.argv[1])
File "script.py", line 8, in main
package = parser.parse_xml(f, check_version=False)
File "/usr/lib/python2.7/site-packages/mixbox/parser.py", line 187, in parse_xml
entity = self.get_entity_class(xml_root_node.tag).from_obj(entity_obj)
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 377, in from_obj
val = transformer.from_obj(val)
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 375, in from_obj
val = [transformer.from_obj(x) for x in val]
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 377, in from_obj
val = transformer.from_obj(val)
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 377, in from_obj
val = transformer.from_obj(val)
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 377, in from_obj
val = transformer.from_obj(val)
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 185, in from_obj
return klass.from_obj(cls_obj)
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 377, in from_obj
val = transformer.from_obj(val)
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 375, in from_obj
val = [transformer.from_obj(x) for x in val]
File "/usr/lib/python2.7/site-packages/mixbox/entities.py", line 379, in from_obj
field.__set__(entity, val)
File "/usr/lib/python2.7/site-packages/mixbox/fields.py", line 218, in __set__
self.postset_hook(instance, value)
File "/usr/lib/python2.7/site-packages/cybox/common/hashes.py", line 30, in _set_hash_type
hashlen = len(value.value)
TypeError: object of type 'NoneType' has no len()
script.py
from stix.core import STIXPackage
from stix.utils.parser import EntityParser
def main(file_path):
with open(file_path) as f:
parser = EntityParser()
package = parser.parse_xml(f, check_version=False)
if __name__ == "__main__":
import sys
main(sys.argv[1])