ValueError: too many values to unpack (expected 2)
juancar1979 opened this issue · comments
Describe the bug
The problem is with the Industroyer malware. It seems that the data_source used to get the info from it is not well formed. When doing a split it gives more than two values (the expected)
attack-datasources/network_traffic.yml at main - mitre-attack/attack-datasources
It happens since the last pyattack update.
To Reproduce
Steps to reproduce the behavior:
"for technique in malware.techniques:" with malware "Industroyer"
- Go to '...'
- Click on '....'
- Scroll down to '....'
- See error
Expected behavior
A clear and concise description of what you expected to happen.
NA
Screenshots
If applicable, add screenshots to help explain your problem.
Added in explanation
Desktop (please complete the following information):
- OS: [e.g. iOS]. Windows 10
- Browser [e.g. chrome, safari] NA
- Version [e.g. 22] NA
Smartphone (please complete the following information): NA
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
Additional context
Add any other context about the problem here.
@juancar1979 I am unable to reproduce this - can you provide the code you used to reproduce this ?
I tried
from pyattck import Attck
attack = Attck()
for malware in attack.enterprise.malwares:
if malware.name == 'Industroyer':
for tech in malware.techniques:
print(tech.data_sources)
attack = Attck()
malware_name = "Industroyer"
for malware in attack.ics.malwares:
print(malware.name)
if malware.name == malware_name:
techMatrixICS = {}
for technique in malware.techniques:
tacticas = {}
mitigations = {}
is ICS matrix :)
@MSAdministrator
@juancar1979 I am unable to reproduce this - can you provide the code you used to reproduce this ?
I tried
from pyattck import Attck attack = Attck() for malware in attack.enterprise.malwares: if malware.name == 'Industroyer': for tech in malware.techniques: print(tech.data_sources)
attack = Attck()
malware_name = "Industroyer"
for malware in attack.ics.malwares:
print(malware.name)
if malware.name == malware_name:
techMatrixICS = {}
for technique in malware.techniques:
tacticas = {}
mitigations = {}
This code reproduces the stacktrace listed in this ticket using pyattck 5.4.0:
from pyattck import Attck
attck = Attck()
print(attck.ics.techniques)
The code on line 94 of pyattck/ics/attckobject.py
assumes that the data item only contains 1 colon:
data_source, data_component = item.split(':')
However, I'm seeing this present in an "item" variable:
Network Traffic: Network Traffic Flow [https://github.com/mitre-attack/attack-datasources/blob/main/contribution-ics/network_traffic.yml Network Traffic: Network Connection Creation
So either the data for this item needs to be correct, or the line of code needs to be updated to only split on the first colon:
data_source, data_component = item.split(':', 1)