fix(1.2): relocate ATT&CK bundle to decnet/data/, bump 19.0 -> 19.1

Bundle pointer moved from repo root to decnet/data/ (with LICENSE.txt), gitignored + fetched on demand (51MB, MITRE-licensed). Version pin bumped 19.0->19.1 with the new sha256; license unchanged. All _REPO_BUNDLE test constants repointed. Fixes test-web failures after the repo-root bundle was deleted.
2026-06-18 19:02:58 -04:00
parent a5e11f7d86
commit 1a765854ec
14 changed files with 28 additions and 15 deletions
--- a/decnet/data/.gitignore
+++ b/decnet/data/.gitignore
@@ -0,0 +1,7 @@
+# MITRE ATT&CK STIX bundle + license live here but are NOT committed:
+# ~51MB and MITRE-licensed (fetched on demand, hash-pinned in attack_version.py).
+#
+# Populate locally / in CI with:
+#   DECNET_ATTACK_CACHE_DIR=decnet/data python -m decnet.ttp.attack_stix fetch
+/enterprise-attack-*.json
+/LICENSE.txt
--- a/decnet/ttp/attack_version.py
+++ b/decnet/ttp/attack_version.py
@@ -16,12 +16,12 @@ from __future__ import annotations

 from typing import Final

-ATTACK_BUNDLE_VERSION: Final[str] = "19.0"
+ATTACK_BUNDLE_VERSION: Final[str] = "19.1"

-# sha256 of the canonical MITRE-published enterprise-attack-19.0.json
+# sha256 of the canonical MITRE-published enterprise-attack-19.1.json
 # from https://github.com/mitre-attack/attack-stix-data.
 ATTACK_BUNDLE_SHA256: Final[str] = (
-    "df520ea0775a57db7bff760145b02fed89290802913e056b7ed5970b02f3626a"
+    "bdf1ce86a4e604214c5076d37ae4dcb322678afc528df8492e6fdc1b554f5da3"
 )

 # Raw download URL for the pinned version.