UNPKG

@mitre-attack/attack-data-model

Version:

A TypeScript API for the MITRE ATT&CK data model

github.com/mitre-attack/attack-data-model

mitre-attack/attack-data-model

81 lines (79 loc) 3.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
"use strict"; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/schemas/common/attack-id.ts var attack_id_exports = {}; __export(attack_id_exports, { attackIdPatterns: () => attackIdPatterns, createAttackIdSchema: () => createAttackIdSchema, stixTypeToAttackIdMapping: () => stixTypeToAttackIdMapping }); module.exports = __toCommonJS(attack_id_exports); var import_zod = require("zod"); var stixTypeToAttackIdMapping = { "x-mitre-tactic": "tactic", "attack-pattern": "technique", // Note: subtechniques are also attack-patterns, but need separate handling "intrusion-set": "group", malware: "software", tool: "software", "course-of-action": "mitigation", "x-mitre-asset": "asset", "x-mitre-data-source": "data-source", campaign: "campaign" }; var attackIdPatterns = { tactic: /^TA\d{4}$/, technique: /^T\d{4}$/, subtechnique: /^T\d{4}\.\d{3}$/, group: /^G\d{4}$/, software: /^S\d{4}$/, mitigation: /^M\d{4}$/, asset: /^A\d{4}$/, "data-source": /^DS\d{4}$/, campaign: /^C\d{4}$/ }; var attackIdMessages = { tactic: "Must match ATT&CK Tactic ID format (TA####)", technique: "Must match ATT&CK Technique ID format (T####)", subtechnique: "Must match ATT&CK Sub-technique ID format (T####.###)", group: "Must match ATT&CK Group ID format (G####)", software: "Must match ATT&CK Software ID format (S####)", mitigation: "Must match ATT&CK Mitigation ID format (M####)", asset: "Must match ATT&CK Asset ID format (A####)", "data-source": "Must match ATT&CK Data Source ID format (DS####)", campaign: "Must match ATT&CK Campaign ID format (C####)" }; var createAttackIdSchema = (stixType) => { const format = stixTypeToAttackIdMapping[stixType]; if (stixType === "attack-pattern") { return import_zod.z.string().refine( (id) => attackIdPatterns.technique.test(id) || attackIdPatterns.subtechnique.test(id), () => ({ message: `Must match either ATT&CK Technique ID format (T####) or Sub-technique ID format (T####.###)` }) ); } return import_zod.z.string().regex(attackIdPatterns[format], attackIdMessages[format]); }; // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { attackIdPatterns, createAttackIdSchema, stixTypeToAttackIdMapping });