UNPKG

@mitre-attack/attack-data-model

Version:

A TypeScript API for the MITRE ATT&CK data model

github.com/mitre-attack/attack-data-model

mitre-attack/attack-data-model

167 lines (163 loc) • 5.85 kB

JavaScript

"use strict"; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); // src/schemas/common/stix-identifier.ts var stix_identifier_exports = {}; __export(stix_identifier_exports, { createStixIdValidator: () => createStixIdValidator, stixIdentifierSchema: () => stixIdentifierSchema }); module.exports = __toCommonJS(stix_identifier_exports); var import_zod2 = require("zod"); // src/schemas/common/stix-type.ts var import_zod = require("zod"); var stixTypeToTypeName = { "attack-pattern": "Technique", bundle: "StixBundle", campaign: "Campaign", "course-of-action": "Mitigation", identity: "Identity", "intrusion-set": "Group", malware: "Malware", tool: "Tool", "marking-definition": "MarkingDefinition", "x-mitre-data-component": "DataComponent", "x-mitre-data-source": "DataSource", "x-mitre-tactic": "Tactic", "x-mitre-asset": "Asset", "x-mitre-matrix": "Matrix", "x-mitre-collection": "Collection", relationship: "Relationship", file: "", // not used in ATT&CK but used in sample_refs for Malware artifact: "" // not used in ATT&CK but used in sample_refs for Malware // 'observed-data': 'ObservedData', // not used in ATT&CK // 'report': 'Report', // not used in ATT&CK // 'threat-actor': 'ThreatActor', // not used in ATT&CK // 'vulnerability': 'Vulnerability', // not used in ATT&CK }; var supportedStixTypes = [ "attack-pattern", "bundle", "campaign", "course-of-action", "identity", "intrusion-set", "malware", "tool", "marking-definition", "x-mitre-data-component", "x-mitre-data-source", "x-mitre-tactic", "x-mitre-asset", "x-mitre-matrix", "x-mitre-collection", "relationship", "file", // not used in ATT&CK but used in sample_refs for Malware "artifact" // not used in ATT&CK but used in sample_refs for Malware // "indicator", // not used in ATT&CK // "observed-data", // not used in ATT&CK // "report", // not used in ATT&CK // "threat-actor", // not used in ATT&CK // "vulnerability", // not used in ATT&CK ]; var stixTypeSchema = import_zod.z.enum(supportedStixTypes, { errorMap: (issue, ctx) => { if (issue.code === "invalid_enum_value") { const received = typeof ctx.data === "string" ? ctx.data : String(ctx.data); return { message: `Invalid STIX type '${received}'. Expected one of the supported STIX types.` }; } return { message: ctx.defaultError }; } }).describe( "The type property identifies the type of STIX Object (SDO, Relationship Object, etc). The value of the type field MUST be one of the types defined by a STIX Object (e.g., indicator)." ); // src/schemas/common/stix-identifier.ts var isValidUuid = (uuid) => { return /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(uuid); }; var createStixIdError = (id, errorType) => { const parts = id.split("--"); const stixType = parts.length > 0 ? parts[0] : ""; const typeName = stixType in stixTypeToTypeName ? stixTypeToTypeName[stixType] : "STIX"; let message; switch (errorType) { case "format": message = `Invalid STIX Identifier for ${typeName} object: must comply with format 'type--UUIDv4'`; break; case "type": message = `Invalid STIX Identifier for ${typeName} object: contains invalid STIX type '${stixType}'`; break; case "uuid": message = `Invalid STIX Identifier for ${typeName} object: contains invalid UUIDv4 format`; break; } return { code: import_zod2.z.ZodIssueCode.custom, message, path: ["id"] }; }; var stixIdentifierSchema = import_zod2.z.string().refine( (val) => { if (typeof val !== "string") return false; if (!val.includes("--")) return false; const [type, uuid] = val.split("--"); const isValidType = stixTypeSchema.safeParse(type).success; const isValidUuidValue = isValidUuid(uuid); return isValidType && isValidUuidValue; }, (val) => { if (typeof val !== "string") { return createStixIdError(String(val), "format"); } if (!val.includes("--")) { return createStixIdError(val, "format"); } const [type, uuid] = val.split("--"); if (!stixTypeSchema.safeParse(type).success) { return createStixIdError(val, "type"); } if (!isValidUuid(uuid)) { return createStixIdError(val, "uuid"); } return createStixIdError(val, "format"); } ).describe( "Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4." ); function createStixIdValidator(expectedType) { const typeName = stixTypeToTypeName[expectedType] || expectedType; return stixIdentifierSchema.refine( (val) => val.startsWith(`${expectedType}--`), { message: `Invalid STIX Identifier for ${typeName}: must start with '${expectedType}--'`, path: ["id"] } ); } // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { createStixIdValidator, stixIdentifierSchema });