MarkingSpecification removed, why?

[davidonzo]

MISP-STIX-Converter/misp_stix_converter/converters/convert.py

Line 123 in 8ebdb3d

# Remove any "marking" sections because the US-Cert is evil

# Remove any "marking" sections because the US-Cert is evil
log.debug("Removing Marking elements...")
for element in stixXml.findall(".//{http://data-marking.mitre.org/Marking-1}Marking"):
element.getparent().remove(element)

The script remove any marking specification. Why?

I'm working on a "misp_taxii_hook" for the opentaxii's misp implementation that is able to parse the marking structure of the stix package and create the tlp tags as needed.

In my local installation I just tried to edit the file, removing the quoted lines. And it seems to work fine.
The stix parsing works as before, bet I have marking specification to parse.

Can you consider to remove the quoted lines.

[davidonzo]

Here is the patch for your evaluation

davidonzo@2b10ea2

[FloatingGhost]

If I remember rightly the US-Cert's marking would crash the entire converter, hence why I purge it

[davidonzo]

Ok, so I can continue to test.
ATM all seems to work fine, no error reported, but of course, I need a bit more time.

I'll update you ASAP.
Thanks.