Environment
pyCTI version: all versions containing the current convert_markdown() implementation
Reproducible Steps
- Create a STIX bundle containing a Vulnerability (or any supported entity) with a description that includes the literal string
<code> as data content:
"description": "Run python3 -c \"<code>\" and pass it to subprocess.run(..., shell=True)"
-
Ingest the bundle via a connector using the standard ingestion path:
Connector → send_stix2_bundle() → RabbitMQ → Worker → pyCTI import_from_stix2() → convert_markdown(description) → GraphQL mutation → Database
-
Open the resulting entity in OpenCTI and inspect the description field.
Actual Outcome
The literal <code> string is replaced with a backtick character. The corruption is silent; no error or warning is raised during ingestion.
Expected Outcome
The description field is stored exactly as provided in the STIX bundle. Literal <code> strings in data content are preserved without modification.
Environment
pyCTI version: all versions containing the current convert_markdown() implementation
Reproducible Steps
<code>as data content:"description": "Run python3 -c \"<code>\" and pass it to subprocess.run(..., shell=True)"Ingest the bundle via a connector using the standard ingestion path:
Connector → send_stix2_bundle() → RabbitMQ → Worker → pyCTI import_from_stix2() → convert_markdown(description) → GraphQL mutation → DatabaseOpen the resulting entity in OpenCTI and inspect the description field.
Actual Outcome
The literal
<code>string is replaced with a backtick character. The corruption is silent; no error or warning is raised during ingestion.Expected Outcome
The description field is stored exactly as provided in the STIX bundle. Literal
<code>strings in data content are preserved without modification.