feat(ttp/ipv6_leak): wire Ipv6LeakLifter into composite tagger and worker
- Add "ipv6_leak" to KNOWN_SOURCE_KINDS in ttp/base.py - Register Ipv6LeakLifter(store) in factory.py get_tagger() - Subscribe worker to attacker.fingerprinted; route by Event.type so JARM/HASSH/ipv6_leak share the topic without source_kind collision - Add bump_attacker_ipv6_leak() to BaseRepository (abstract) + TTPMixin (implementation): increments ipv6_leak_count, sets last_ipv6_* denorm fields, appends-with-dedup to AttackerIdentity.ipv6_link_local_iids - Call bump_attacker_ipv6_leak from _process_event after insert_tags - Add DummyRepo stub + coverage call in tests/db/test_base_repo.py
This commit is contained in:
@@ -136,6 +136,8 @@ class DummyRepo(BaseRepository):
|
||||
await super().list_tags_by_scope_and_technique(**kw); return []
|
||||
async def list_distinct_techniques(self):
|
||||
await super().list_distinct_techniques(); return []
|
||||
async def bump_attacker_ipv6_leak(self, attacker_uuid, identity_uuid, evidence):
|
||||
await super().bump_attacker_ipv6_leak(attacker_uuid, identity_uuid, evidence)
|
||||
async def list_ttp_tags_by_attacker(self, uuid, limit=2000):
|
||||
return []
|
||||
async def list_attacker_commands_deduped(self, uuid):
|
||||
@@ -289,6 +291,8 @@ async def test_base_repo_coverage():
|
||||
)
|
||||
with pytest.raises(NotImplementedError):
|
||||
await dr.list_distinct_techniques()
|
||||
with pytest.raises(NotImplementedError):
|
||||
await dr.bump_attacker_ipv6_leak("uuid-1", None, {})
|
||||
with pytest.raises(NotImplementedError):
|
||||
from decnet.web.db.repository import BaseRepository
|
||||
await BaseRepository.list_ttp_tags_by_attacker(dr, "a")
|
||||
|
||||
Reference in New Issue
Block a user