Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation: #250

Open
MarkDavidson opened this issue Apr 6, 2015 · 2 comments
Open

Documentation: #250

MarkDavidson opened this issue Apr 6, 2015 · 2 comments

Comments

@MarkDavidson
Copy link
Contributor

http://stix.readthedocs.org/en/stable/getting_started.html#parsing-stix-xml

I was reading this in the context of parsing STIX out of a libtaxii object. I think it would be nice if the example included getting a handle on a STIX document out of libtaxii.

For instance, take this stub Inbox Message:

<taxii_11:Inbox_Message xmlns:taxii_11="http://taxii.mitre.org/messages/taxii_xml_binding-1.1"
    message_id="1">
    <taxii_11:Content_Block>
        <taxii_11:Content_Binding binding_id="urn:stix.mitre.org:xml:1.1.1"/>
        <taxii_11:Content>
            <stix:STIX_Package xmlns:stix="http://stix.mitre.org/stix-1" version="1.1.1"/>
        </taxii_11:Content>
    </taxii_11:Content_Block>
</taxii_11:Inbox_Message>

To get a libtaxii handle on the message, you'd do (I did not double check to see if this is well documented or not, so perhaps there's a corresponding issue for libtaxii...):

import libtaxii.messages_11 as tm11
taxii_xml = '<taxii_11:Inbox_Message>...</taxii_11:Inbox_Message>' # Use the above XML
msg = tm11.InboxMessage.from_xml(taxii_xml)
# This prints out the STIX XML
print msg.content_blocks[0].content

However, there's no obvious/documented connection to how to get a stix.core.STIXPackage object from here. I ended up with:

from StringIO import StringIO
from stix.core import STIXPackage
package = STIXPackage(StringIO(msg.content_blocks[0].content))
# <stix.core.stix_package.STIXPackage object at 0x7f6d19d6a5d0>

This issue has a couple items:

  1. Is this right? Or is there a cleaner way to go from libtaxii to python-stix
  2. Whatever the "right" way is, it probably makes sense to add it to RTD
  3. If it makes sense, I could add a mechanism to libtaxii to get the content etree directly (currently possible, but hacky).

Thank you.
-Mark
@bworrell
Copy link
Contributor

bworrell commented Apr 6, 2015

The only example I can think of that touches on a similar link between documentation efforts is the Working With python-stix for stix-ramrod. We have that documentation in stix-ramrod but we have a link to it on the python-stix index page under Versions. We could do something similar for libtaxii (you host the docs there and we point to it from python-stix). What do you think?

@bworrell
Copy link
Contributor

bworrell commented Apr 6, 2015

Sorry, I just realized that I didn't answer your first question.

You should use the STIXPackage.from_xml() method for parsing XML inputs. This can be an etree object, filename, or a read()-able object

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bworrell @MarkDavidson