anti
d743d38cac
Replace the hand-maintained TECHNIQUE_NAMES dict (pinned to v15.1) with a runtime loader that reads the official enterprise-attack-N.json STIX bundle. Version bumps now require only updating attack_version.py; sub-technique parents, tactic IDs, and kill-chain phases all come from MITRE's published data. - decnet/ttp/attack_version.py pins version 19.0 + sha256 + URL - decnet/ttp/attack_stix.py is the lazy STIX loader. Resolution order: DECNET_ATTACK_BUNDLE env -> ~/.cache/decnet/attack/ -> fetch from the pinned MITRE GitHub URL. SHA-256 verified before parse; mismatch fails closed. - decnet/ttp/attack_catalog.py collapses to a shim re-exporting technique_name() so the ~9 router/repo call sites don't churn. - python -m decnet.ttp.attack_stix fetch warms the cache and can print sha256 for version-bump workflows. - test_attack_catalog.py now asserts every rule-emitted ID resolves in the loaded bundle (same contract, real source) and exercises the SHA-256-mismatch fail-closed path.
20 lines
747 B
Python
20 lines
747 B
Python
"""Backward-compatible shim over :mod:`decnet.ttp.attack_stix`.
|
|
|
|
Historically this module exposed a hand-maintained
|
|
``TECHNIQUE_NAMES`` dict pinned to ATT&CK Enterprise v15.1. Names now
|
|
come from the official STIX 2.1 bundle loaded by
|
|
:mod:`decnet.ttp.attack_stix`; this module preserves the
|
|
``technique_name(...)`` import path the rest of DECNET reaches for so
|
|
call sites in the web router, repo layer, and per-tag inspector keep
|
|
working unchanged.
|
|
|
|
``TECHNIQUE_NAMES`` is **gone**: there is no static dict to import.
|
|
Anything that needs an exhaustive list should iterate ATT&CK objects
|
|
through :mod:`decnet.ttp.attack_stix`.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from decnet.ttp.attack_stix import technique_name
|
|
|
|
__all__ = ["technique_name"]
|