chore: relicense to AGPL-3.0-or-later and add SPDX headers
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends `SPDX-License-Identifier: AGPL-3.0-or-later` to every source file across decnet/, decnet_web/, tests/, scripts/, and tools/. Rationale: closes the GPLv3 ASP loophole so any party operating a modified DECNET as a network service must offer their modified source. Personal copyright (Samuel Paschuan) + inbound=outbound contributions make a future unilateral relicense infeasible. - LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt) - COPYRIGHT: project copyright notice - tools/add_spdx_headers.py: idempotent header injector (shebang- and PEP 263-aware) Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh). No behavior change; comments only.
This commit is contained in:
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""TTP-tagging subsystem.
|
||||
|
||||
Maps DECNET telemetry to MITRE ATT&CK technique tags. See
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Backward-compatible shim over :mod:`decnet.ttp.attack_stix`.
|
||||
|
||||
Historically this module exposed a hand-maintained
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""STIX 2.1 backed MITRE ATT&CK lookups.
|
||||
|
||||
Replaces the hand-maintained technique-name dict that used to live in
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Pinned MITRE ATT&CK Enterprise STIX bundle version.
|
||||
|
||||
Bumping ``ATTACK_BUNDLE_VERSION`` is the *only* code change required
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Tagger ABC — input shape, base class, tolerant mixin.
|
||||
|
||||
Contract step E.1.3 of ``development/TTP_TAGGING.md``. Defines the type
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Data files used at runtime by the TTP layer.
|
||||
|
||||
See ``decnet/ttp/data/intel/`` for provider-signal → ATT&CK technique
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Per-provider intel-signal → ATT&CK technique mapping data.
|
||||
|
||||
One YAML file per intel provider (abuseipdb / greynoise / feodo /
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""YAML-backed loader for intel-provider → ATT&CK technique mappings.
|
||||
|
||||
Replaces the ``_*_TO_TECHNIQUES`` ``Final[dict]`` tables that used to
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Tagger factory + composite tagger.
|
||||
|
||||
Contract step E.1.4 of ``development/TTP_TAGGING.md``. Mirrors the
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""TTP tagger implementations — rule engine + per-source lifters.
|
||||
|
||||
Subpackage layout per the provider-subpackage convention used in
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Shared TTPTag emission helper used by per-source lifters.
|
||||
|
||||
The rule engine assembles a tag inline inside ``_evaluate_rules``; the
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Hot-swappable rule registry shared by RuleEngine and per-source lifters.
|
||||
|
||||
The dispatch index originally lived inline on
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Shared state-modulation helpers for rule consumers.
|
||||
|
||||
Both :class:`~decnet.ttp.impl.rule_engine.RuleEngine` and the per-source
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Behavioral lifter — derives techniques from cross-event session signal.
|
||||
|
||||
E.3.9 of ``development/TTP_TAGGING.md``. Owns YAML rules R0031–R0040 by
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Canary fingerprint lifter — browser-payload derived technique tagger (E.3.11).
|
||||
|
||||
Reads canary-payload fingerprints (navigator properties, canvas hashes,
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Credential lifter — credential-capture / reuse / brute-force tagger.
|
||||
|
||||
E.3.13 of ``development/TTP_TAGGING.md``. Owns rules whose
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Email lifter — SMTP message-level technique tagger (E.3.12).
|
||||
|
||||
Reads pre-parsed SMTP message payload (headers as a name-only list,
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""HTTP fingerprint lifter — JA4H / H2-settings / H3-settings / JA4-QUIC tagger.
|
||||
|
||||
Reads ``http_fingerprint`` source-kind events and emits Reconnaissance
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Identity lifter — cross-attacker identity-rollup tagger.
|
||||
|
||||
E.3.13 of ``development/TTP_TAGGING.md``. Owns rules whose
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Intel lifter — opportunistic third-party verdict translator (E.3.10).
|
||||
|
||||
Reads ``AttackerIntel``-derived payload fields and emits ATT&CK
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""IPv6 link-local leak lifter — opsec-failure tagger (R0059).
|
||||
|
||||
Reads ``ipv6_leak`` source-kind events emitted by the passive sniffer
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Rule engine contract — `CompiledRule`, `RuleEngine`, `RuleSchema`.
|
||||
|
||||
Contract step E.1.5 of ``development/TTP_TAGGING.md``. Shape only — no
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""MISP event builder for DECNET attacker data.
|
||||
|
||||
Converts a STIX 2.1 Bundle (built by stix_export.build_attacker_bundle /
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""DECNET-defined STIX 2.1 custom extension and object types.
|
||||
|
||||
Import this module before parsing any DECNET-produced bundle so the types are
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""STIX 2.1 bundle builder for a DECNET attacker observation.
|
||||
|
||||
Pure function — no I/O. The caller (router) does all DB reads and
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""TTP rule store — pluggable backend for rule definitions + state.
|
||||
|
||||
Contract step E.1.11 of ``development/TTP_TAGGING.md``. Two backends
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Rule store ABC + change/state value types.
|
||||
|
||||
Contract step E.1.11. The two backends (``impl/filesystem.py``,
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Rule store factory.
|
||||
|
||||
Mirrors :mod:`decnet.ttp.factory` and :mod:`decnet.intel.factory`:
|
||||
|
||||
@@ -1 +1,2 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Rule store backend implementations — filesystem + database."""
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Database-backed rule store — ``ttp_rule`` + ``ttp_rule_state``.
|
||||
|
||||
E.3.6 implementation. Right for swarm: master syncs filesystem changes
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Filesystem-backed rule store — reads ``./rules/ttp/`` + inotify watch.
|
||||
|
||||
E.3.5 implementation. Linux-only by construction: the inotify dep
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
"""Long-running TTP-tagging worker.
|
||||
|
||||
E.3.14 of ``development/TTP_TAGGING.md``. Drains the bus topics
|
||||
|
||||
Reference in New Issue
Block a user