anti
f2b3393669
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends `SPDX-License-Identifier: AGPL-3.0-or-later` to every source file across decnet/, decnet_web/, tests/, scripts/, and tools/. Rationale: closes the GPLv3 ASP loophole so any party operating a modified DECNET as a network service must offer their modified source. Personal copyright (Samuel Paschuan) + inbound=outbound contributions make a future unilateral relicense infeasible. - LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt) - COPYRIGHT: project copyright notice - tools/add_spdx_headers.py: idempotent header injector (shebang- and PEP 263-aware) Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh). No behavior change; comments only.
60 lines
2.2 KiB
Python
60 lines
2.2 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""Pinned MITRE ATT&CK Enterprise STIX bundle version.
|
|
|
|
Bumping ``ATTACK_BUNDLE_VERSION`` is the *only* code change required
|
|
to track a new ATT&CK release — all technique/tactic names and
|
|
sub-technique parents are loaded from the bundle at runtime via
|
|
``decnet.ttp.attack_stix``. The hash is verified after fetch; a
|
|
mismatch refuses to load (fail-closed, mirroring the bundle-include
|
|
discipline used elsewhere in DECNET).
|
|
|
|
To regenerate the hash after a version bump::
|
|
|
|
.311/bin/python -m decnet.ttp.attack_stix fetch --print-sha
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from typing import Final
|
|
|
|
ATTACK_BUNDLE_VERSION: Final[str] = "19.0"
|
|
|
|
# sha256 of the canonical MITRE-published enterprise-attack-19.0.json
|
|
# from https://github.com/mitre-attack/attack-stix-data.
|
|
ATTACK_BUNDLE_SHA256: Final[str] = (
|
|
"df520ea0775a57db7bff760145b02fed89290802913e056b7ed5970b02f3626a"
|
|
)
|
|
|
|
# Raw download URL for the pinned version.
|
|
ATTACK_BUNDLE_URL: Final[str] = (
|
|
"https://raw.githubusercontent.com/mitre-attack/attack-stix-data"
|
|
f"/master/enterprise-attack/enterprise-attack-{ATTACK_BUNDLE_VERSION}.json"
|
|
)
|
|
|
|
# MITRE's ATT&CK Terms of Use (https://attack.mitre.org/resources/legal-and-branding/terms-of-use/)
|
|
# require reproducing their copyright + license alongside any cached
|
|
# copy of ATT&CK data. The license file lives at the root of the
|
|
# attack-stix-data repository and is fetched into the same cache dir
|
|
# as the bundle. ``resolve_bundle_path`` refuses to operate without
|
|
# this file present — a hard compliance ratchet, not a soft warning.
|
|
ATTACK_LICENSE_URL: Final[str] = (
|
|
"https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/LICENSE.txt"
|
|
)
|
|
|
|
# sha256 of the LICENSE.txt at the time of pinning. License text gets
|
|
# occasional formatting touch-ups, so a mismatch is logged + refreshed
|
|
# rather than fail-closed (see _fetch_license in attack_stix.py).
|
|
ATTACK_LICENSE_SHA256: Final[str] = (
|
|
"738144f7fb054722a4ef9d3367c51710341dc12fc574c6ac3a41daaaecd8bf5e"
|
|
)
|
|
|
|
ATTACK_LICENSE_FILENAME: Final[str] = "LICENSE.txt"
|
|
|
|
__all__ = [
|
|
"ATTACK_BUNDLE_SHA256",
|
|
"ATTACK_BUNDLE_URL",
|
|
"ATTACK_BUNDLE_VERSION",
|
|
"ATTACK_LICENSE_FILENAME",
|
|
"ATTACK_LICENSE_SHA256",
|
|
"ATTACK_LICENSE_URL",
|
|
]
|