Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: jinja2.exceptions.UndefinedError: 'str object' has no attribute 'value' #313

Closed
Res260 opened this issue Oct 21, 2024 · 1 comment · Fixed by Res260/contentctl#2 · May be fixed by #318
Closed

Error: jinja2.exceptions.UndefinedError: 'str object' has no attribute 'value' #313

Res260 opened this issue Oct 21, 2024 · 1 comment · Fixed by Res260/contentctl#2 · May be fixed by #318

Comments

@Res260
Copy link
Contributor

Res260 commented Oct 21, 2024

When upgrading contentctl to 4.4.0 from 4.2.2, I got some new errors without changing my contentctl package. One of them is:

Verbose error logging is ENABLED.
The entire stack trace has been provided below (please include it if filing a bug report):

Traceback (most recent call last):
  File "\\wsl.localhost\Ubuntu\home\<user>\sigmastuff\contentctl\contentctl\contentctl.py", line 211, in main
    test_common_func(config)
  File "\\wsl.localhost\Ubuntu\home\<user>\sigmastuff\contentctl\contentctl\contentctl.py", line 107, in test_common_func
    director_output_dto = build_func(config)
                          ^^^^^^^^^^^^^^^^^^
  File "\\wsl.localhost\Ubuntu\home\<user>\sigmastuff\contentctl\contentctl\contentctl.py", line 80, in build_func
    return builder.execute(BuildInputDto(director_output_dto, config))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "\\wsl.localhost\Ubuntu\home\<user>\sigmastuff\contentctl\contentctl\actions\build.py", line 47, in execute
    updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.detections, SecurityContentType.detections))
                              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "\\wsl.localhost\Ubuntu\home\<user>\sigmastuff\contentctl\contentctl\output\conf_output.py", line 81, in writeObjects
    written_files.add(ConfWriter.writeConfFile(pathlib.Path(output_app_path),
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "\\wsl.localhost\Ubuntu\home\<user>\sigmastuff\contentctl\contentctl\output\conf_writer.py", line 163, in writeConfFile
    output = template.render(objects=objects, app=config.app)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\<user>\.virtualenvs\sigmastuff-YzDXeAfS\Lib\site-packages\jinja2\environment.py", line 1304, in render
    self.environment.handle_exception()
  File "C:\Users\<user>\.virtualenvs\sigmastuff-YzDXeAfS\Lib\site-packages\jinja2\environment.py", line 939, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "\\wsl.localhost\Ubuntu\home\<user>\sigmastuff\contentctl\contentctl\output\templates\analyticstories_detections.j2", line 8, in top-level template code
    asset_type = {{ detection.tags.asset_type.value }}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
jinja2.exceptions.UndefinedError: 'str object' has no attribute 'value'

When running contentctl test --enable-integration-testing --verbose mode:all

Here is my Detection YAML:

author: Someone
data_sources: []
date: '2024-10-21'
description: "something"
drilldown_searches:
- earliest_offset: $info_min_time$
  latest_offset: $info_max_time$
  name: DummyDrilldown1
  search: '%original_detection_search%'
- earliest_offset: $info_min_time$
  latest_offset: $info_max_time$
  name: DummyDrilldown2
  search: '%original_detection_search%'
how_to_implement: Nothing
id: 8e7eeb73-69f4-48cf-b1f4-19c4872f68eb
known_false_positives: Nonee
name: Some detection
references: []
search: 'something=something

  | `some_detection`'
status: production
tags:
  analytic_story: []
  asset_type: Account
  confidence: 1
  cve: []
  impact: 60
  message: N/A
  mitre_attack_id:
  - T1555
  observable:
  - name: ' '
    role:
    - Victim
    type: Unknown
  product:
  - Splunk Enterprise Security
  required_fields:
  - nothing
  risk_score: N/A
  security_domain: access
tests:
- attack_data:
  - data: ./tests/some_detection/shouldtrigger_1.test
    source: N/A
    sourcetype: N/A
  name: shouldtrigger_1
  test_type: unit
type: TTP
version: 1

When debugging, detection.tags.asset_type has the value Account and is a str object, which does not have a .value.
Res260 added a commit to Res260/contentctl that referenced this issue Oct 24, 2024
@Res260
Fix a bug where the jinja template for analyticsories_detection cra…
f7a0963 
…shed when specifying a `detection.tags.asset_type`. Fixes splunk#313.
@Res260 Res260 mentioned this issue Oct 24, 2024
Open
@Res260
Copy link
Contributor Author

Res260 commented Oct 24, 2024

I have opened #318 to fix the problem.

@Res260 Res260 mentioned this issue Oct 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@Res260