All,

I saw in the release notes 40.2 that we can now edit workflow properties in post-process scripts. Is this only available in post-process scripts and not in stand alone scripts?

I am trying to set, get, edit and get the same workflow property with standalone scripts in the following workflow:


When the 'data mutator' script executes the following error is displayed on the incident that I triggered the workflow on:

Script 'data mutator' from Workflow 'Workflow Property test' was unable to complete because: File "copy.py", line 169, in deepcopy
rv = reductor(4)
TypeError: 'NoneType' object is not callable

and the following stack trace is found in `/var/log/resilient-scripting/resilient-scripting.log`:

09:25:34.691 [qtp1611188160-41] WARN v=unknown c.r.s.rest.ExceptionMapperBase - Error executing script, 'File "copy.py", line 169, in deepcopy rv = reductor(4) TypeError: 'NoneType' object is not callable' on line number 19com.resilient.scripting.exception.UserScriptingException: nullat com.resilient.scripting.cpython.process.CPythonProcessCommsHandler.handleFrame(CPythonProcessCommsHandler.java:114)at com.resilient.scripting.cpython.process.CPythonProcessCommsHandler.lambda$handleMessagesFromProcess$0(CPythonProcessCommsHandler.java:143)at com.resilient.scripting.cpython.process.CPythonProcessCommsHandler$$Lambda$83/00000000A81832D0.run(Unknown Source)at java.lang.Thread.run(Thread.java:822)

Here's the 'data mutator' script:

d = workflow.properties.data
incident.addNote(f"d object: {d}")

# d['response'][0]['events'][1]['id'] = "NEWLY CHANGED VALUE"
# d['response'][0]['events'][1]['logsource'] = "NEWLY CHANGED LOG SOURCE"
# d['response'][0]['events'][1]['username'] = "NEW USERNAME"

new_event = {
"id": 4,
"logsource": "windows_logsource",
"username": "new_username"
}

d['response'][0]['events'].append(new_event)

incident.addNote(f"d object after mutation: {d}")

workflow.addProperty("data", d)

I verified that the object `d` in the script looks as expected before and after the change by adding it as a note to the incident, so I'm not sure what's wrong.

I want to make sure this is expected behavior. 

Thanks,

------------------------------
Liam Mahoney
------------------------------

I've found that the workflow properties is not always exactly pythonic in all respects.

I've found that this works:

import json

new_event = {
"id": 4,
"logsource": "windows_logsource",
"username": "new_username"
}

new_prop = json.loads(str(workflow.properties.prop1).replace("\'", "\""))
new_prop['response'][0]['events'].append(new_event)
workflow.addProperty("prop1", new_prop)

Maybe it is just best to convert to actual python json and then manipulate after?

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Wed May 05, 2021 10:32 AM
From: Liam Mahoney
Subject: Edit Workflow Properties

All,

I saw in the release notes 40.2 that we can now edit workflow properties in post-process scripts. Is this only available in post-process scripts and not in stand alone scripts?

I am trying to set, get, edit and get the same workflow property with standalone scripts in the following workflow:

When the 'data mutator' script executes the following error is displayed on the incident that I triggered the workflow on:

Script 'data mutator' from Workflow 'Workflow Property test' was unable to complete because: File "copy.py", line 169, in deepcopy
rv = reductor(4)
TypeError: 'NoneType' object is not callable

and the following stack trace is found in `/var/log/resilient-scripting/resilient-scripting.log`:

09:25:34.691 [qtp1611188160-41] WARN v=unknown c.r.s.rest.ExceptionMapperBase - Error executing script, 'File "copy.py", line 169, in deepcopy rv = reductor(4) TypeError: 'NoneType' object is not callable' on line number 19com.resilient.scripting.exception.UserScriptingException: nullat com.resilient.scripting.cpython.process.CPythonProcessCommsHandler.handleFrame(CPythonProcessCommsHandler.java:114)at com.resilient.scripting.cpython.process.CPythonProcessCommsHandler.lambda$handleMessagesFromProcess$0(CPythonProcessCommsHandler.java:143)at com.resilient.scripting.cpython.process.CPythonProcessCommsHandler$$Lambda$83/00000000A81832D0.run(Unknown Source)at java.lang.Thread.run(Thread.java:822)

Here's the 'data mutator' script:

d = workflow.properties.data
incident.addNote(f"d object: {d}")

# d['response'][0]['events'][1]['id'] = "NEWLY CHANGED VALUE"
# d['response'][0]['events'][1]['logsource'] = "NEWLY CHANGED LOG SOURCE"
# d['response'][0]['events'][1]['username'] = "NEW USERNAME"

new_event = {
"id": 4,
"logsource": "windows_logsource",
"username": "new_username"
}

d['response'][0]['events'].append(new_event)

incident.addNote(f"d object after mutation: {d}")

workflow.addProperty("data", d)

I verified that the object `d` in the script looks as expected before and after the change by adding it as a note to the incident, so I'm not sure what's wrong.

I want to make sure this is expected behavior. 

Thanks,

------------------------------
Liam Mahoney
------------------------------