anti
a3f1cea2d6
MITRE's ATT&CK Terms of Use require reproducing their copyright + license alongside any cached copy of ATT&CK data. Today we ship the bundle but not the license — this commit closes that compliance gap. - attack_version.py pins ATTACK_LICENSE_URL + ATTACK_LICENSE_SHA256 + ATTACK_LICENSE_FILENAME, sourced from the same attack-stix-data repo as the bundle. - attack_stix.py:_fetch_license downloads LICENSE.txt next to the bundle. License sha mismatch is logged + refreshed (license text gets occasional formatting tweaks; not a security event), unlike the bundle which stays fail-closed. - _ensure_license is the compliance ratchet: resolve_bundle_path refuses to return without LICENSE.txt on disk. Override-mode (DECNET_ATTACK_BUNDLE) checks for a sibling LICENSE.txt first, then DECNET_ATTACK_LICENSE, then the cache dir. - python -m decnet.ttp.attack_stix license prints the cached license to stdout for operator audit. - loaded_license_path() exposes the active license path read-only. - tests/ttp/test_attack_license.py covers happy paths (sibling + explicit env), refusal when DECNET_ATTACK_LICENSE points at a missing file, the CLI subcommand, and the pinned-sha shape.
2.2 KiB
2.2 KiB