UNPKG

@mitre-attack/attack-data-model

Version:

A TypeScript API for the MITRE ATT&CK data model

github.com/mitre-attack/attack-data-model

mitre-attack/attack-data-model

101 lines (99 loc) 3.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
// src/schemas/common/stix-type.ts import { z } from "zod"; var stixTypeToTypeName = { "attack-pattern": "Technique", bundle: "StixBundle", campaign: "Campaign", "course-of-action": "Mitigation", identity: "Identity", "intrusion-set": "Group", malware: "Malware", tool: "Tool", "marking-definition": "MarkingDefinition", "x-mitre-data-component": "DataComponent", "x-mitre-data-source": "DataSource", "x-mitre-tactic": "Tactic", "x-mitre-asset": "Asset", "x-mitre-matrix": "Matrix", "x-mitre-collection": "Collection", relationship: "Relationship", file: "", // not used in ATT&CK but used in sample_refs for Malware artifact: "" // not used in ATT&CK but used in sample_refs for Malware // 'observed-data': 'ObservedData', // not used in ATT&CK // 'report': 'Report', // not used in ATT&CK // 'threat-actor': 'ThreatActor', // not used in ATT&CK // 'vulnerability': 'Vulnerability', // not used in ATT&CK }; var supportedStixTypes = [ "attack-pattern", "bundle", "campaign", "course-of-action", "identity", "intrusion-set", "malware", "tool", "marking-definition", "x-mitre-data-component", "x-mitre-data-source", "x-mitre-tactic", "x-mitre-asset", "x-mitre-matrix", "x-mitre-collection", "relationship", "file", // not used in ATT&CK but used in sample_refs for Malware "artifact" // not used in ATT&CK but used in sample_refs for Malware // "indicator", // not used in ATT&CK // "observed-data", // not used in ATT&CK // "report", // not used in ATT&CK // "threat-actor", // not used in ATT&CK // "vulnerability", // not used in ATT&CK ]; var stixTypeSchema = z.enum(supportedStixTypes, { errorMap: (issue, ctx) => { if (issue.code === "invalid_enum_value") { const received = typeof ctx.data === "string" ? ctx.data : String(ctx.data); return { message: `Invalid STIX type '${received}'. Expected one of the supported STIX types.` }; } return { message: ctx.defaultError }; } }).describe( "The type property identifies the type of STIX Object (SDO, Relationship Object, etc). The value of the type field MUST be one of the types defined by a STIX Object (e.g., indicator)." ); function createStixTypeValidator(stixType) { const objectName = stixTypeToTypeName[stixType]; return z.string().superRefine((val, ctx) => { if (val !== stixType) { ctx.addIssue({ code: z.ZodIssueCode.custom, message: `Invalid 'type' property. Expected '${stixType}' for ${objectName} object, but received '${val}'.` }); return z.NEVER; } }); } function createMultiStixTypeValidator(stixTypes) { const objectNames = stixTypes.map((type) => stixTypeToTypeName[type]).join(" or "); const typeList = stixTypes.map((t) => `'${t}'`).join(" or "); return z.string().superRefine((val, ctx) => { if (!stixTypes.includes(val)) { ctx.addIssue({ code: z.ZodIssueCode.custom, message: `Invalid 'type' property. Expected ${typeList} for ${objectNames} object, but received '${val}'.` }); return z.NEVER; } }); } export { stixTypeToTypeName, stixTypeSchema, createStixTypeValidator, createMultiStixTypeValidator };