Support for pymisp.delete_object hard delete

[github-germ]

2.4.133

It appears pymisp.delete_object performs a soft delete. Is there any way to do a hard delete like what exists in pymisp.delete_attribute?

Thanks.

[github-germ]

A few possible concerns:

1. It appears that pymisp.search(controller='objects', eventid=eid, ...) is returning all objects in the event even when I tried to set deleted=False in the call. Yes, could act on the return list filtering out those deleted, but was trying to reduce the cargo.

2. I believe the WebUI count of member Attributes within an Event includes the soft deleted entities. This seems somewhat confusing.

Thx again for helping me better understand.

[chrisinmtown]

I see that the PyMISP's delete_object method does not accept a 'hard' parameter:

    def delete_object(self, misp_object: Union[MISPObject, int, str, UUID]) -> Dict:
        """Delete an object from a MISP instance

        :param misp_object: object to delete
        """
        object_id = get_uuid_or_id_from_abstract_misp(misp_object)
        response = self._prepare_request('POST', f'objects/delete/{object_id}')
        return self._check_json_response(response)

But I see in ObjectsController.php the delete method does accept a 'hard' parameter, and it defaults to false:

    public function delete($id, $hard = false)
    {
        if (!$this->userRole['perm_modify']) {
            throw new ForbiddenException(__('You don\'t have permissions to delete objects.'));
        }
...

So maybe the extension to allow a hard delete option in PyMISP is trivial? I see that the PyMISP delete_attribute method has this code:

    def delete_attribute(self, attribute: Union[MISPAttribute, int, str, UUID], hard: bool = False) -> Dict:
        """Delete an attribute from a MISP instance

        :param attribute: attribute to delete
        :param hard: flag for hard delete
        """
        attribute_id = get_uuid_or_id_from_abstract_misp(attribute)
        data = {}
        if hard:
            data['hard'] = 1
        r = self._prepare_request('POST', f'attributes/delete/{attribute_id}', data=data)

Is that enough? But I'm not confident the object controller delete method's $hard parameter will magically be populated by this. Might also need this chunk from the delete_attribute method in the delete_object method:

        if (isset($this->params['named']['hard'])) {
            $hard = $this->params['named']['hard'];
        }
        if (isset($this->request->data['hard'])) {
            $hard = $this->request->data['hard'];
        }

Please educate me, thanks.

[Rafiot]

Yep, I think you're right, simply POSTing {'hard': True} when deleting the object doesn't work.

@mokaddem @JakubOnderka is just adding the snippet mentioned by @chrisinmtown enough?

[chrisinmtown]

Should I open a MISP issue to request extension of the Object controller's delete function with those lines?

[JakubOnderka]

@mokaddem @JakubOnderka is just adding the snippet mentioned by @chrisinmtown enough?

It looks good for me, but I didn't test it.

[Rafiot]

Should I open a MISP issue to request extension of the Object controller's delete function with those lines?

sure, go for it.

[chrisinmtown]

sure, go for it.

@Rafiot it remains really unclear to me how the CIRCL teams coordinate their work, I'll go open that issue now.

MISP/MISP#6689

[Rafiot]

All good, thank you. It is generally easier to have a note in the repository where the work needs to be done.

[chrisinmtown]

Thanks for implementing this feature.