anti
b7f206c8c5
Mounts /api/v1/ttp/* with empty-list / empty-Navigator responses.
GET endpoints viewer-gated; POST/DELETE /rules/{rule_id}/state
admin-gated server-side. POST parses JSON manually so a malformed
body returns the documented 400 (per feedback_schemathesis_400).
Drops xfail-strict markers from E.2.8 tests now that the router is
mounted; 26 tests pass against the contract handlers.
36 lines
1.0 KiB
Python
36 lines
1.0 KiB
Python
"""GET /api/v1/ttp/by-attacker/{attacker_uuid} — per-IP TTP slice.
|
|
|
|
Backs the AttackerDetail page's TTP section. See TTP_TAGGING.md
|
|
§"UI surface" + project_attacker_detail_keep memory.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from typing import Any
|
|
|
|
from fastapi import APIRouter, Depends
|
|
|
|
from decnet.telemetry import traced as _traced
|
|
from decnet.web.db.models import IdentityTechniqueRow
|
|
from decnet.web.dependencies import require_viewer
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.get(
|
|
"/ttp/by-attacker/{attacker_uuid}",
|
|
tags=["TTP Tagging"],
|
|
response_model=list[IdentityTechniqueRow],
|
|
responses={
|
|
401: {"description": "Could not validate credentials"},
|
|
403: {"description": "Insufficient permissions"},
|
|
404: {"description": "Attacker not found"},
|
|
},
|
|
)
|
|
@_traced("api.ttp.by_attacker")
|
|
async def api_ttp_by_attacker(
|
|
attacker_uuid: str,
|
|
user: dict[str, Any] = Depends(require_viewer),
|
|
) -> list[IdentityTechniqueRow]:
|
|
"""Per-Attacker (per-IP) TTP rows. Empty at contract phase."""
|
|
return []
|