add: [stix2 import] Handling clusters sharing group id for content converter from external STIX 2.x

chrisr3d · chrisr3d · commit b0a1dcffa44a · 2023-12-12T11:20:32.000+01:00
diff --git a/misp_stix_converter/__init__.py b/misp_stix_converter/__init__.py
@@ -151,6 +151,10 @@ def main():
         '-cd', '--cluster_distribution', type=int, default=0,
         help='Galaxy Clusters distribution level in case of External STIX 2 content.'
     )
+    import_parser.add_argument(
+        '-cg', '--cluster_sharing_group', type=int, default=None,
+        help='Galaxy Clusters sharing group ID in case of External STIX 2 content.'
+    )
     import_parser.set_defaults(func=_stix_to_misp)
 
     stix_args = parser.parse_args()
diff --git a/misp_stix_converter/misp_stix_converter.py b/misp_stix_converter/misp_stix_converter.py
@@ -662,6 +662,7 @@ def stix_1_to_misp(
 
 def stix_2_to_misp(filename: _files_type,
                    cluster_distribution: Optional[int] = 0,
+                   cluster_sharing_group_id: Optional[int] = None,
                    debug: Optional[bool] = False,
                    distribution: Optional[int] = 0,
                    galaxies_as_tags: Optional[bool] = False,
@@ -680,7 +681,7 @@ def stix_2_to_misp(filename: _files_type,
         return {'errors': [f'{filename} -  {error.__str__()}']}
     parser, args = _get_stix2_parser(
         _from_misp(bundle.objects), distribution, sharing_group_id,
-        galaxies_as_tags, cluster_distribution
+        galaxies_as_tags, cluster_distribution, cluster_sharing_group_id
     )
     stix_parser = parser(*args)
     stix_parser.load_stix_bundle(bundle)
@@ -715,7 +716,7 @@ def _from_misp(stix_objects):
 
 def _get_stix2_parser(from_misp: bool, *args: tuple) -> tuple:
     if from_misp:
-        return InternalSTIX2toMISPParser, args[:-1]
+        return InternalSTIX2toMISPParser, args[:-2]
     return ExternalSTIX2toMISPParser, args
 
 def _load_stix_event(filename, tries=0):
@@ -1016,6 +1017,7 @@ def _stix_to_misp(stix_args):
     for filename in stix_args.file:
         traceback = method(
             filename, cluster_distribution=stix_args.cluster_distribution,
+            cluster_sharing_group_id=stix_args.cluster_sharing_group,
             debug=stix_args.debug, distribution=stix_args.distribution,
             galaxies_as_tags=stix_args.galaxies_as_tags,
             output_dir=stix_args.output_dir,
diff --git a/misp_stix_converter/stix2misp/converters/stix2converter.py b/misp_stix_converter/stix2misp/converters/stix2converter.py
@@ -257,9 +257,8 @@ def _create_cluster_args(
             cluster_value: Optional[str] = None) -> dict:
         value = cluster_value or stix_object.name
         cluster_args = {
-            'distribution': self.main_parser.cluster_distribution,
             'uuid': self.main_parser._sanitise_uuid(stix_object.id),
-            'value': value
+            'value': value, **self.main_parser.cluster_distribution
         }
         if galaxy_type is None:
             version = getattr(stix_object, 'spec_version', '2.0')
diff --git a/misp_stix_converter/stix2misp/external_stix2_to_misp.py b/misp_stix_converter/stix2misp/external_stix2_to_misp.py
@@ -133,10 +133,12 @@ class ExternalSTIX2toMISPParser(STIX2toMISPParser):
     def __init__(self, distribution: Optional[int] = 0,
                  sharing_group_id: Optional[int] = None,
                  galaxies_as_tags: Optional[bool] = False,
-                 cluster_distribution: Optional[int] = 0):
+                 cluster_distribution: Optional[int] = 0,
+                 cluster_sharing_group_id: Optional[int] = None):
         super().__init__(distribution, sharing_group_id, galaxies_as_tags)
-        self.__cluster_distribution = self._sanitise_distribution(
-            cluster_distribution
+        self._set_cluster_distribution(
+            self._sanitise_distribution(cluster_distribution),
+            self._sanitise_sharing_group_id(cluster_sharing_group_id)
         )
         self._mapping = ExternalSTIX2toMISPMapping
         # parsers
@@ -155,7 +157,7 @@ def __init__(self, distribution: Optional[int] = 0,
         self._vulnerability_parser: ExternalSTIX2VulnerabilityConverter
 
     @property
-    def cluster_distribution(self) -> int:
+    def cluster_distribution(self) -> dict:
         return self.__cluster_distribution
 
     @property
@@ -173,6 +175,13 @@ def _set_campaign_parser(self) -> ExternalSTIX2CampaignConverter:
         self._campaign_parser = ExternalSTIX2CampaignConverter(self)
         return self._campaign_parser
 
+    def _set_cluster_distribution(
+            self, distribution: int, sharing_group_id: Union[int, None]):
+        cluster_distribution = {'distribution': distribution}
+        if distribution == 4 and sharing_group_id is not None:
+            cluster_distribution['sharing_group_id'] = sharing_group_id
+        self.__cluster_distribution = cluster_distribution
+
     def _set_course_of_action_parser(self) -> ExternalSTIX2CourseOfActionConverter:
         self._course_of_action_parser = ExternalSTIX2CourseOfActionConverter(self)
         return self._course_of_action_parser
