synapse 2.193.0__py311-none-any.whl → 2.195.0__py311-none-any.whl

synapse/lib/link.py

@@ -15,7 +15,8 @@ import synapse.lib.base as s_base
 import synapse.lib.const as s_const
 import synapse.lib.msgpack as s_msgpack
 
-readsize = 10 * s_const.megabyte
+READSIZE = 16 * s_const.mebibyte
+MAXWRITE = 64 * s_const.mebibyte
 
 async def connect(host, port, ssl=None, hostname=None, linkinfo=None):
     '''
@@ -114,8 +115,8 @@ class Link(s_base.Base):
         self.sock = self.writer.get_extra_info('socket')
         self.peercert = self.writer.get_extra_info('peercert')
 
+        self._txlock = asyncio.Lock()
         self._forceclose = forceclose
-        self._drain_lock = asyncio.Lock()
 
         if info is None:
             info = {}
@@ -234,11 +235,18 @@ class Link(s_base.Base):
         return dict(self._addrinfo)
 
     async def send(self, byts):
-        self.writer.write(byts)
-        # Avoid Python bug.  See https://github.com/python/cpython/issues/74116
-        # TODO Remove drain lock in 3.10+
-        async with self._drain_lock:
-            await self.writer.drain()
+
+        offs = 0
+        size = len(byts)
+
+        async with self._txlock:
+
+            while offs < size:
+
+                self.writer.write(byts[offs:offs + MAXWRITE])
+                offs += MAXWRITE
+
+                await self.writer.drain()
 
     async def tx(self, mesg):
         '''
@@ -247,23 +255,29 @@ class Link(s_base.Base):
         if self.isfini:
             raise s_exc.IsFini()
 
+        offs = 0
         byts = s_msgpack.en(mesg)
-        try:
+        size = len(byts)
 
-            self.writer.write(byts)
-            # Avoid Python bug.  See https://github.com/python/cpython/issues/74116
-            # TODO Remove drain lock in 3.10+
-            async with self._drain_lock:
-                await self.writer.drain()
+        async with self._txlock:
 
-        except (asyncio.CancelledError, Exception) as e:
+            try:
+
+                while offs < size:
 
-            await self.fini()
+                    self.writer.write(byts[offs:offs + MAXWRITE])
+                    offs += MAXWRITE
 
-            einfo = s_common.retnexc(e)
-            logger.debug('link.tx connection trouble %s', einfo)
+                    await self.writer.drain()
 
-            raise
+            except (asyncio.CancelledError, Exception) as e:
+
+                await self.fini()
+
+                einfo = s_common.retnexc(e)
+                logger.debug('link.tx connection trouble %s', einfo)
+
+                raise
 
     def txfini(self):
         self.sock.shutdown(1)
@@ -294,7 +308,7 @@ class Link(s_base.Base):
 
             try:
 
-                byts = await self.reader.read(readsize)
+                byts = await self.reader.read(READSIZE)
                 if not byts:
                     await self.fini()
                     return None

synapse/lib/modelrev.py

@@ -13,7 +13,7 @@ import synapse.models.infotech as s_infotech
 
 logger = logging.getLogger(__name__)
 
-maxvers = (0, 2, 31)
+maxvers = (0, 2, 32)
 
 class ModelRev:
 
@@ -50,6 +50,7 @@ class ModelRev:
             ((0, 2, 29), self.revModel_0_2_29),
             ((0, 2, 30), self.revModel_0_2_30),
             ((0, 2, 31), self.revModel_0_2_31),
+            ((0, 2, 32), self.revModel_0_2_32),
         )
 
     async def _uniqSortArray(self, todoprops, layers):
@@ -815,6 +816,10 @@ class ModelRev:
         await migr.revModel_0_2_31()
         await self._normFormSubs(layers, 'it:sec:cpe')
 
+    async def revModel_0_2_32(self, layers):
+        await self._normPropValu(layers, 'transport:air:craft:model')
+        await self._normPropValu(layers, 'transport:sea:vessel:model')
+
     async def runStorm(self, text, opts=None):
         '''
         Run storm code in a schedcoro and log the output messages.

synapse/lib/parser.py

@@ -95,6 +95,7 @@ terminalEnglishMap = {
     'TRYSETPLUS': '?+=',
     'TRYSETMINUS': '?-=',
     'UNIVNAME': 'universal property',
+    'UNSET': 'unset',
     'EXPRUNIVNAME': 'universal property',
     'VARTOKN': 'variable',
     'EXPRVARTOKN': 'variable',
@@ -642,6 +643,8 @@ ruleClassMap = {
     'andexpr': s_ast.AndCond,
     'baresubquery': s_ast.SubQuery,
     'catchblock': s_ast.CatchBlock,
+    'condsetoper': s_ast.CondSetOper,
+    'condtrysetoper': lambda astinfo, kids: s_ast.CondSetOper(astinfo, kids, errok=True),
     'condsubq': s_ast.SubqCond,
     'dollarexpr': s_ast.DollarExpr,
     'edgeaddn1': s_ast.EditEdgeAdd,
@@ -657,6 +660,7 @@ ruleClassMap = {
     'formname': s_ast.FormName,
     'editpropdel': lambda astinfo, kids: s_ast.EditPropDel(astinfo, kids[1:]),
     'editpropset': s_ast.EditPropSet,
+    'editcondpropset': s_ast.EditCondPropSet,
     'edittagadd': s_ast.EditTagAdd,
     'edittagdel': lambda astinfo, kids: s_ast.EditTagDel(astinfo, kids[1:]),
     'edittagpropset': s_ast.EditTagPropSet,

synapse/lib/scrape.py

@@ -128,6 +128,8 @@ _cpe23_regex = r'''(?P<valu>cpe:2\.3:[aho\*-]
 (?::(([?]+|\*)?([a-z0-9-._]|\\[\\?*!"#$%&\'()+,/:;<=>@\[\]^`{|}~])+([?]+|\*)?|[*-])){4})
 '''
 
+path_parts_limit = 1024
+
 linux_path_regex = r'''
 (?<![\w\d]+)
 (?P<valu>
@@ -142,17 +144,23 @@ linux_path_rootdirs = (
     'sys', 'tmp', 'usr', 'var'
 )
 
+# https://docs.kernel.org/filesystems/path-lookup.html#the-symlink-stack
+linux_path_limit = 4096
+
 def linux_path_check(match: regex.Match):
     mnfo = match.groupdict()
     valu = mnfo.get('valu')
 
+    if len(valu) > linux_path_limit:
+        return None, {}
+
     path = pathlib.PurePosixPath(valu)
     parts = path.parts
 
     if parts[0] != '/':
         return None, {}
 
-    if len(parts) < 2:
+    if len(parts) < 2 or len(parts) > path_parts_limit:
         return None, {}
 
     if parts[1] not in linux_path_rootdirs:
@@ -177,17 +185,26 @@ windows_path_reserved = (
 
 windows_drive_paths = [f'{letter}:\\' for letter in string.ascii_lowercase]
 
+# https://learn.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation
+windows_path_limit = 32_767
+
 # https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file#naming-conventions
 def windows_path_check(match: regex.Match):
     mnfo = match.groupdict()
     valu = mnfo.get('valu')
 
+    if len(valu) > windows_path_limit:
+        return None, {}
+
     path = pathlib.PureWindowsPath(valu)
     parts = path.parts
 
     if parts[0].lower() not in windows_drive_paths:
         return None, {}
 
+    if len(parts) > path_parts_limit:
+        return None, {}
+
     for part in parts:
         if part in windows_path_reserved:
             return None, {}

synapse/lib/snap.py

@@ -362,7 +362,7 @@ class ProtoNode:
             try:
                 valu, norminfo = prop.type.norm(valu)
             except s_exc.BadTypeValu as e:
-                oldm = e.errinfo.get('mesg')
+                oldm = e.get('mesg')
                 e.update({'prop': prop.name,
                           'form': prop.form.name,
                           'mesg': f'Bad prop value {prop.full}={valu!r} : {oldm}'})
@@ -1404,25 +1404,54 @@ class Snap(s_base.Base):
 
         trycast = vals.pop('$try', False)
         addprops = vals.pop('$props', None)
-        if addprops is not None:
-            props.update(addprops)
 
-        try:
-            for name, valu in list(props.items()):
+        if not vals:
+            mesg = f'No values provided for form {form.full}'
+            raise s_exc.BadTypeValu(mesg=mesg)
+
+        for name, valu in list(props.items()):
+            try:
                 props[name] = form.reqProp(name).type.norm(valu)
+            except s_exc.BadTypeValu as e:
+                mesg = e.get('mesg')
+                e.update({
+                    'prop': name,
+                    'form': form.name,
+                    'mesg': f'Bad value for prop {form.name}:{name}: {mesg}',
+                })
+                raise e
 
-            for name, valu in vals.items():
+        if addprops is not None:
+            for name, valu in addprops.items():
+                try:
+                    props[name] = form.reqProp(name).type.norm(valu)
+                except s_exc.BadTypeValu as e:
+                    mesg = e.get("mesg")
+                    if not trycast:
+                        e.update({
+                            'prop': name,
+                            'form': form.name,
+                            'mesg': f'Bad value for prop {form.name}:{name}: {mesg}'
+                        })
+                        raise e
+                    await self.warn(f'Skipping bad value for prop {form.name}:{name}: {mesg}')
+
+        for name, valu in vals.items():
 
+            try:
                 prop = form.reqProp(name)
                 norm, norminfo = prop.type.norm(valu)
 
                 norms[name] = (prop, norm, norminfo)
                 proplist.append((name, norm))
-        except s_exc.BadTypeValu as e:
-            if not trycast: raise
-            mesg = e.errinfo.get('mesg')
-            await self.warn(f'Bad value for prop {name}: {mesg}')
-            return
+            except s_exc.BadTypeValu as e:
+                mesg = e.get('mesg')
+                e.update({
+                    'prop': name,
+                    'form': form.name,
+                    'mesg': f'Bad value for prop {form.name}:{name}: {mesg}',
+                })
+                raise e
 
         proplist.sort()
 

synapse/lib/storm.lark

@@ -39,7 +39,7 @@ _editblock: "[" _editoper* "]"
 
 // A single edit operation
 _editoper: editnodeadd
-            | editpropset | editunivset | edittagpropset | edittagadd
+            | editpropset | editunivset | edittagpropset | edittagadd | editcondpropset
             | editpropdel | editunivdel | edittagpropdel | edittagdel
             | editparens | edgeaddn1 | edgedeln1 | edgeaddn2 | edgedeln2
 
@@ -49,11 +49,13 @@ edittagadd: "+" [SETTAGOPER] tagname [(EQSPACE | EQNOSPACE) _valu]
 editunivdel: EXPRMINUS univprop
 edittagdel: EXPRMINUS tagname
 editpropset: relprop (EQSPACE | EQNOSPACE | MODSET | TRYSET | TRYSETPLUS | TRYSETMINUS) _valu
+editcondpropset: relprop condsetoper _valu
 editpropdel: EXPRMINUS relprop
 editunivset: univprop (EQSPACE | EQNOSPACE | MODSET | TRYSET | TRYSETPLUS | TRYSETMINUS) _valu
 editnodeadd: formname (EQSPACE | EQNOSPACE | MODSET | TRYSET | TRYSETPLUS | TRYSETMINUS) _valu
 edittagpropset: "+" tagprop (EQSPACE | EQNOSPACE | MODSET | TRYSET | TRYSETPLUS | TRYSETMINUS) _valu
 edittagpropdel: EXPRMINUS tagprop
+
 EQSPACE: /((?<=\s)=|=(?=\s))/
 MODSET.4: "+=" | "-="
 TRYSETPLUS.1: "?+="
@@ -61,6 +63,19 @@ TRYSETMINUS.1: "?-="
 TRYSET.1: "?="
 SETTAGOPER: "?"
 
+condsetoper: ("*" UNSET | _DEREF "$" _condvarvaluatom) "="
+    | ("*" UNSET | _DEREF "$" _condvarvaluatom) "?=" -> condtrysetoper
+UNSET: "unset"
+_condvarvaluatom: condvarvalue | condvarderef | condfunccall
+condvarvalue: VARTOKN -> varvalue
+
+!condvarderef: _condvarvaluatom "." (VARTOKN | "$" VARTOKN | _condderefexpr) -> varderef
+_condderefexpr: "$"? conddollarexpr
+conddollarexpr: "(" expror ")" -> dollarexpr
+
+condfunccall: _condvarvaluatom _condcallargs -> funccall
+_condcallargs: _LPARNOSPACE [(_valu | VARTOKN | (VARTOKN | NONQUOTEWORD) (EQSPACE | EQNOSPACE) _valu) ("," (_valu | VARTOKN | (VARTOKN | NONQUOTEWORD) (EQSPACE | EQNOSPACE) _valu))*] ","? ")"
+
 // The set of non-edit non-commands in storm
 
 _oper: stormfunc | initblock | emptyblock | finiblock | trycatch | subquery | _formpivot | formjoin

synapse/lib/storm.py

@@ -984,7 +984,9 @@ stormcmds = (
                 $ssl = $lib.true
                 if $cmdopts.ssl_noverify { $ssl = $lib.false }
 
-                $resp = $lib.inet.http.get($cmdopts.url, ssl_verify=$ssl)
+                $headers = ({'X-Synapse-Version': $lib.str.join('.', $lib.version.synapse())})
+
+                $resp = $lib.inet.http.get($cmdopts.url, ssl_verify=$ssl, headers=$headers)
 
                 if ($resp.code != 200) {
                     $lib.warn("pkg.load got HTTP code: {code} for URL: {url}", code=$resp.code, url=$cmdopts.url)
@@ -1603,7 +1605,7 @@ stormcmds = (
             function fetchnodes(url, ssl) {
                 $resp = $lib.inet.http.get($url, ssl_verify=$ssl)
                 if ($resp.code = 200) {
-                    $nodes = $lib.list()
+                    $nodes = ()
                     for $valu in $resp.msgpack() {
                         $nodes.append($valu)
                     }
@@ -3552,7 +3554,7 @@ class HelpCmd(Cmd):
                 await runt.printf(line)
 
         else:  # pragma: no cover
-            raise s_exc.StormRuntimeError(mesgf=f'Unknown bound method {func}')
+            raise s_exc.StormRuntimeError(mesg=f'Unknown bound method {func}')
 
     async def _handleStormLibMethod(self, func, runt: Runtime, verbose: bool =False):
         # Storm library methods must be derived from a library definition.
@@ -3583,7 +3585,7 @@ class HelpCmd(Cmd):
                 await runt.printf(line)
 
         else:  # pragma: no cover
-            raise s_exc.StormRuntimeError(mesgf=f'Unknown runtime lib method {func} {cls} {fname}')
+            raise s_exc.StormRuntimeError(mesg=f'Unknown runtime lib method {func} {cls} {fname}')
 
 class DiffCmd(Cmd):
     '''

synapse/lib/storm_format.py

@@ -77,6 +77,7 @@ TerminalPygMap = {
     'TRYSETMINUS': p_t.Operator,
     'TRYSETPLUS': p_t.Operator,
     'UNIVNAME': p_t.Name,
+    'UNSET': p_t.Operator,
     'EXPRUNIVNAME': p_t.Name,
     'VARTOKN': p_t.Name.Variable,
     'EXPRVARTOKN': p_t.Name.Variable,

synapse/lib/stormctrl.py

@@ -1,9 +1,91 @@
 class StormCtrlFlow(Exception):
+    '''
+    Base class all StormCtrlFlow exceptions derive from.
+    '''
+    def __init__(self):
+        raise NotImplementedError
+
+class _SynErrMixin(Exception):
+    '''
+    An exception mixin to give some control flow classes functionality like SynErr.
+    '''
+    def __init__(self, *args, **info):
+        self.errinfo = info
+        Exception.__init__(self, self._getExcMsg())
+
+    def _getExcMsg(self):
+        props = sorted(self.errinfo.items())
+        displ = ' '.join(['%s=%r' % (p, v) for (p, v) in props])
+        return '%s: %s' % (self.__class__.__name__, displ)
+
+    def _setExcMesg(self):
+        '''Should be called when self.errinfo is modified.'''
+        self.args = (self._getExcMsg(),)
+
+    def __setstate__(self, state):
+        '''Pickle support.'''
+        super(StormCtrlFlow, self).__setstate__(state)
+        self._setExcMesg()
+
+    def items(self):
+        return {k: v for k, v in self.errinfo.items()}
+
+    def get(self, name, defv=None):
+        '''
+        Return a value from the errinfo dict.
+
+        Example:
+
+            try:
+                foothing()
+            except SynErr as e:
+                blah = e.get('blah')
+
+        '''
+        return self.errinfo.get(name, defv)
+
+    def set(self, name, valu):
+        '''
+        Set a value in the errinfo dict.
+        '''
+        self.errinfo[name] = valu
+        self._setExcMesg()
+
+    def setdefault(self, name, valu):
+        '''
+        Set a value in errinfo dict if it is not already set.
+        '''
+        if name in self.errinfo:
+            return
+        self.errinfo[name] = valu
+        self._setExcMesg()
+
+    def update(self, items: dict):
+        '''Update multiple items in the errinfo dict at once.'''
+        self.errinfo.update(items)
+        self._setExcMesg()
+
+class StormLoopCtrl(_SynErrMixin):
+    # Control flow statements for WHILE and FOR loop control
+    statement = ''
+
+class StormGenrCtrl(_SynErrMixin):
+    # Control flow statements for GENERATOR control
+    statement = ''
+
+class StormStop(StormGenrCtrl, StormCtrlFlow):
+    statement = 'stop'
+
+class StormBreak(StormLoopCtrl, StormCtrlFlow):
+    statement = 'break'
+
+class StormContinue(StormLoopCtrl, StormCtrlFlow):
+    statement = 'continue'
+
+class StormExit(_SynErrMixin, StormCtrlFlow): pass
+
+# StormReturn is kept thin since it is commonly used and just
+# needs to be the container for moving an item up a frame.
+class StormReturn(StormCtrlFlow):
     def __init__(self, item=None):
         self.item = item
-
-class StormExit(StormCtrlFlow): pass
-class StormStop(StormCtrlFlow): pass
-class StormBreak(StormCtrlFlow): pass
-class StormReturn(StormCtrlFlow): pass
-class StormContinue(StormCtrlFlow): pass

synapse/lib/stormlib/auth.py

@@ -583,12 +583,26 @@ stormcmds = (
     {
         'name': 'auth.perms.list',
         'descr': 'Display a list of the current permissions defined within the Cortex.',
-        'cmdargs': (),
+        'cmdargs': (
+            ('--find', {'type': 'str', 'help': 'A search string for permissions.'}),
+        ),
         'storm': '''
 
             for $pdef in $lib.auth.getPermDefs() {
                 $perm = $lib.str.join(".", $pdef.perm)
 
+                if $cmdopts.find {
+                    $find = $cmdopts.find.lower()
+                    $match = (
+                        $perm.lower().find($find) != (null) or
+                        $pdef.desc.lower().find($find) != (null) or
+                        $pdef.gate.lower().find($find) != (null) or
+                        ($pdef.ex and $pdef.ex.lower().find($find) != (null))
+                    )
+
+                    if (not $match) { continue }
+                }
+
                 $lib.print($perm)
                 $lib.print(`    {$pdef.desc}`)
                 $lib.print(`    gate: {$pdef.gate}`)

synapse/lib/stormlib/cache.py

@@ -172,8 +172,12 @@ class FixedCache(s_stormtypes.StormType):
                     await asyncio.sleep(0)
             except s_stormctrl.StormReturn as e:
                 return await s_stormtypes.toprim(e.item)
-            except s_stormctrl.StormCtrlFlow:
-                pass
+            except s_stormctrl.StormCtrlFlow as e:
+                name = e.__class__.__name__
+                if hasattr(e, 'statement'):
+                    name = e.statement
+                exc = s_exc.StormRuntimeError(mesg=f'Storm control flow "{name}" not allowed in cache callbacks.')
+                raise exc from None
 
     async def _reqKey(self, key):
         if s_stormtypes.ismutable(key):

synapse/lib/stormlib/cell.py

@@ -120,6 +120,9 @@ class CellLib(s_stormtypes.Lib):
     A Storm Library for interacting with the Cortex.
     '''
     _storm_locals = (
+        {'name': 'iden', 'desc': 'The Cortex service identifier.',
+         'type': {'type': 'gtor', '_gtorfunc': '_getCellIden',
+                  'returns': {'type': 'str', 'desc': 'The Cortex service identifier.'}}},
         {'name': 'getCellInfo', 'desc': 'Return metadata specific for the Cortex.',
          'type': {'type': 'function', '_funcname': '_getCellInfo', 'args': (),
                   'returns': {'type': 'dict', 'desc': 'A dictionary containing metadata.', }}},
@@ -174,6 +177,10 @@ class CellLib(s_stormtypes.Lib):
     )
     _storm_lib_path = ('cell',)
 
+    def __init__(self, runt, name=()):
+        s_stormtypes.Lib.__init__(self, runt, name=name)
+        self.gtors['iden'] = self._getCellIden
+
     def getObjLocals(self):
         return {
             'getCellInfo': self._getCellInfo,
@@ -187,6 +194,10 @@ class CellLib(s_stormtypes.Lib):
             'uptime': self._uptime,
         }
 
+    @s_stormtypes.stormfunc(readonly=True)
+    async def _getCellIden(self):
+        return self.runt.snap.core.getCellIden()
+
     async def _hotFixesApply(self):
         if not self.runt.isAdmin():
             mesg = '$lib.cell.stormFixesApply() requires admin privs.'

synapse/lib/stormlib/infosec.py

@@ -515,6 +515,7 @@ class CvssLib(s_stormtypes.Lib):
     '''
     _storm_locals = (
         {'name': 'calculate', 'desc': 'Calculate the CVSS score values for an input risk:vuln node.',
+         'deprecated': {'eolvers': 'v3.0.0'},
          'type': {'type': 'function', '_funcname': 'calculate',
                   'args': (
                       {'name': 'node', 'type': 'node',
@@ -527,6 +528,7 @@ class CvssLib(s_stormtypes.Lib):
                   'returns': {'type': 'dict', 'desc': 'A dictionary containing the computed score and subscores.', }
         }},
         {'name': 'calculateFromProps', 'desc': 'Calculate the CVSS score values from a props dict.',
+         'deprecated': {'eolvers': 'v3.0.0'},
          'type': {'type': 'function', '_funcname': 'calculateFromProps',
                   'args': (
                       {'name': 'props', 'type': 'dict',

synapse/lib/stormlib/scrape.py

@@ -71,7 +71,7 @@ class LibScrape(s_stormtypes.Lib):
                 $form="ps:name"
 
                 function scrape(text, form) {
-                        $ret = $lib.list()
+                        $ret = ()
                         for ($valu, $info) in $lib.scrape.genMatches($text, $re) {
                             $ret.append(($form, $valu, $info))
                         }

synapse/lib/stormlib/stix.py

@@ -74,7 +74,7 @@ _DefaultConfig = {
                         'created': 'return($lib.stix.export.timestamp(.created))',
                         'modified': 'return($lib.stix.export.timestamp(.created))',
                         'sectors': '''
-                            init { $list = $lib.list() }
+                            init { $list = () }
                             -> ou:industry +:name $list.append(:name)
                             fini { if $list { return($list) } }
                         ''',
@@ -88,7 +88,7 @@ _DefaultConfig = {
                         'first_seen': '+.seen $seen=.seen return($lib.stix.export.timestamp($seen.0))',
                         'last_seen': '+.seen $seen=.seen return($lib.stix.export.timestamp($seen.1))',
                         'goals': '''
-                            init { $goals = $lib.list() }
+                            init { $goals = () }
                             -> ou:campaign:org -> ou:goal | uniq | +:name $goals.append(:name)
                             fini { if $goals { return($goals) } }
                         ''',
@@ -183,7 +183,7 @@ _DefaultConfig = {
                     'props': {
                         'value': 'return($node.repr())',
                         'resolves_to_refs': '''
-                            init { $refs = $lib.list() }
+                            init { $refs = () }
                             { -> inet:dns:a -> inet:ipv4 $refs.append($bundle.add($node)) }
                             { -> inet:dns:aaaa -> inet:ipv6 $refs.append($bundle.add($node)) }
                             { -> inet:dns:cname:fqdn :cname -> inet:fqdn $refs.append($bundle.add($node)) }
@@ -257,7 +257,7 @@ _DefaultConfig = {
                         ''',
                         'mime_type': '+:mime return(:mime)',
                         'contains_refs': '''
-                            init { $refs = $lib.list() }
+                            init { $refs = () }
                             -(refs)> *
                             $stixid = $bundle.add($node)
                             if $stixid { $refs.append($stixid) }
@@ -279,7 +279,7 @@ _DefaultConfig = {
                         'is_multipart': 'return($lib.false)',
                         'from_ref': ':from -> inet:email return($bundle.add($node))',
                         'to_refs': '''
-                            init { $refs = $lib.list() }
+                            init { $refs = () }
                             { :to -> inet:email $refs.append($bundle.add($node)) }
                             fini { if $refs { return($refs) } }
                         ''',
@@ -311,7 +311,7 @@ _DefaultConfig = {
                         'created': 'return($lib.stix.export.timestamp(.created))',
                         'modified': 'return($lib.stix.export.timestamp(.created))',
                         'sample_refs': '''
-                            init { $refs = $lib.list() }
+                            init { $refs = () }
                             -> file:bytes $refs.append($bundle.add($node))
                             fini { if $refs { return($refs) } }
                         ''',
@@ -393,7 +393,7 @@ _DefaultConfig = {
                         'description': 'if (:desc) { return (:desc) }',
                         'created': 'return($lib.stix.export.timestamp(.created))',
                         'modified': 'return($lib.stix.export.timestamp(.created))',
-                        'external_references': 'if :cve { $cve=:cve $cve=$cve.upper() $list=$lib.list(({"source_name": "cve", "external_id": $cve})) return($list) }'
+                        'external_references': 'if :cve { $cve=:cve $cve=$cve.upper() return(([{"source_name": "cve", "external_id": $cve}])) }'
                     },
                     'rels': (
 
@@ -439,7 +439,7 @@ _DefaultConfig = {
                         'modified': 'return($lib.stix.export.timestamp(.created))',
                         'published': 'return($lib.stix.export.timestamp(:published))',
                         'object_refs': '''
-                            init { $refs = $lib.list() }
+                            init { $refs = () }
                             -(refs)> *
                             $stixid = $bundle.add($node)
                             if $stixid { $refs.append($stixid) }