AttributeError: 'function' object has no attribute 'query' when using get_techniques_used_by_group_software

[cudeso]

I'm unable to use get_techniques_used_by_group_software. Latest version of library is installed.

When using

group_name = lift.get_group_by_alias('APT12')
techniques_group_software = lift.get_techniques_used_by_group_software(group_name[0])

this error is raised

File ~/Documents/playbooks/lib/python3.10/site-packages/attackcti/attack_api.py:1787, in attack_client.get_techniques_used_by_group_software(self, stix_object, stix_format)
   1781 # Get all used by the software that is used by group
   1782 filter_objects = [
   1783     Filter('type', '=', 'relationship'),
   1784     Filter('relationship_type', '=', 'uses'),
   1785     Filter('source_ref', 'in', [r.target_ref for r in software_relationships])
   1786 ]
-> 1787 software_uses = self.COMPOSITE_DS.query.query(filter_objects)
   1788 # Get all techniques used by the software that is used by group
   1789 filter_techniques = [
   1790     Filter('type', '=', 'attack-pattern'),
   1791     Filter('id', 'in', [s.target_ref for s in software_uses])
   1792 ]

AttributeError: 'function' object has no attribute 'query'

[Cyb3rWard0g]

Hey @cudeso !

It seemed that there was a double 'query' method being called. I removed the extra 'query' from

ATTACK-Python-Client/attackcti/attack_api.py

Line 1912 in 127a8eb

software_uses = self.COMPOSITE_DS.query.query(filter_objects)

and tested the quick fix:

>>> from attackcti.attack_api import attack_client
>>> lift = attack_client()
>>> 
>>> group = lift.get_group_by_alias('APT12')
>>> 
>>> techniques_group_software = lift.get_techniques_used_by_group_software(group[0])
>>> 
>>> len(techniques_group_software)
19
>>> techniques_group_software[0]
AttackPattern(type='attack-pattern', id='attack-pattern--24bfaeba-cb0d-4525-b3dc-507c77ecec41', created_by_ref='identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5', created='2020-03-16T15:45:17.032Z', modified='2020-03-26T21:25:37.306Z', name='Symmetric Cryptography', description='Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Symmetric encryption algorithms use the same key for plaintext encryption and ciphertext decryption. Common symmetric encryption algorithms include AES, DES, 3DES, Blowfish, and RC4.', kill_chain_phases=[KillChainPhase(kill_chain_name='mitre-attack', phase_name='command-and-control')], revoked=False, external_references=[ExternalReference(source_name='mitre-attack', url='https://attack.mitre.org/techniques/T1573/001', external_id='T1573.001'), ExternalReference(source_name='University of Birmingham C2', description='Gardiner, J.,  Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.', url='https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf')], object_marking_refs=['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'], x_mitre_data_sources=['Network Traffic: Network Traffic Content'], x_mitre_detection='With symmetric encryption, it may be possible to obtain the algorithm and key from samples and use them to decode network traffic to detect malware communications signatures.\n\nIn general, analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used.(Citation: University of Birmingham C2)', x_mitre_domains=['enterprise-attack'], x_mitre_is_subtechnique=True, x_mitre_modified_by_ref='identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5', x_mitre_platforms=['Linux', 'Windows', 'macOS'], x_mitre_version='1.0')

I will push the quick fix and then update the library