Fix a bug that I discovered in LP's flows

center-for-threat-informed-defense · Sep 19, 2023 · 1253cfa · 1253cfa
1 parent 8150e54
commit 1253cfa
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 21 deletions.
diff --git a/Makefile b/Makefile
@@ -2,14 +2,21 @@ ROOTDIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
 SOURCEDIR = docs/
 BUILDDIR = docs/_build/
 
+.PHONY: help
+help:
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' | sort
+
 .PHONY: docs
-docs:
+docs: ## Build Sphinx documentation
 	sphinx-build -M dirhtml "$(SOURCEDIR)" "$(BUILDDIR)"
 
+docs-server: ## Run the Sphinx dev server
+	sphinx-autobuild -b dirhtml -a "$(SOURCEDIR)" "$(BUILDDIR)"
+
 src/attack_flow_builder/dist/cli.common.js: src/attack_flow_builder/src/cli.ts
 	cd src/attack_flow_builder && env VUE_CLI_SERVICE_CONFIG_PATH="${ROOTDIR}src/attack_flow_builder/vue.cli.config.js" npx vue-cli-service build --target lib --name cli --formats commonjs --no-clean src/cli.ts
 
-docs-examples: src/attack_flow_builder/dist/cli.common.js
+docs-examples: src/attack_flow_builder/dist/cli.common.js ## Build example flows
 	mkdir -p docs/extra/corpus
 	cp corpus/*.afb docs/extra/corpus
 	node src/attack_flow_builder/dist/cli.common.js --verbose corpus/*.afb
@@ -20,38 +27,35 @@ docs-examples: src/attack_flow_builder/dist/cli.common.js
 	ls -1 corpus/*.json | sed 's/corpus\/\(.*\)\.json/\1/' | xargs -t -I {} mmdc -i "docs/extra/corpus/{}.mmd" -o "docs/extra/corpus/{}.mmd.png"
 	af doc-examples corpus/ docs/example_flows.rst
 
-docs-matrix:
+docs-matrix: ## Build the Navigator visualization JS code
 	mkdir -p docs/extra/matrix
 	cp src/matrix-viz/* docs/extra/matrix/
 
-docs-schema:
+docs-schema: ## Build the schema documentation
 	af doc-schema stix/attack-flow-schema-2.0.0.json stix/attack-flow-example.json docs/language.rst
 
-docs-server:
-	sphinx-autobuild -b dirhtml -a "$(SOURCEDIR)" "$(BUILDDIR)"
-
-docs-pdf:
+docs-pdf: ## Build Sphinx documentation in PDF format.
 	poetry export --dev --without-hashes -f requirements.txt -o docs/requirements.txt
 	docker run --rm -v "$(PWD)/docs":/docs sphinxdoc/sphinx-latexpdf:4.3.1 \
 		bash -c "pip install -r requirements.txt && sphinx-build -M latexpdf /docs /docs/_build"
 	rm docs/requirements.txt
 
-test:
+test: ## Run Python tests
 	pytest --cov=src/ --cov-report=term-missing
 
-test-ci:
+test-ci: ## Run Python tests with XML coverage.
 	pytest --cov=src/ --cov-report=xml
 
-validate: src/attack_flow_builder/dist/cli.common.js
+validate: src/attack_flow_builder/dist/cli.common.js ## Validate all flows in the corpus.
 	mkdir -p docs/extra/corpus
 	cp corpus/*.afb docs/extra/corpus
 	node src/attack_flow_builder/dist/cli.common.js --verbose corpus/*.afb
 	af validate \
 		stix/attack-flow-example.json \
 		corpus/*.json
 
-docker-build:
+docker-build: ## Build the Docker image.
 	docker build . -t attack-flow-builder:latest
 
-docker-run:
+docker-run: ## Run the Docker image.
 	docker run --rm -p 8080:80 attack-flow-builder:latest
diff --git a/src/attack_flow/graphviz.py b/src/attack_flow/graphviz.py
@@ -1,4 +1,5 @@
 import html
+import logging
 import textwrap
 
 import graphviz
@@ -11,6 +12,9 @@
 )
 
 
+logger = logging.getLogger(__name__)
+
+
 def label_escape(text):
     return graphviz.escape(html.escape(text))
 
@@ -28,6 +32,7 @@ def convert(bundle):
     ignored_ids = get_viz_ignored_ids(bundle)
 
     for o in bundle.objects:
+        logger.debug("Processing object id=%s", o.id)
         if o.type == "attack-action":
             gv.node(
                 o.id,

diff --git a/src/attack_flow/model.py b/src/attack_flow/model.py
@@ -5,7 +5,7 @@
 sure how best to refactor: generate JSON schema from this code, or generate this code
 from the JSON scheme?
 """
-from stix2 import CustomObject, parse
+from stix2 import Bundle, CustomObject, parse
 from stix2.properties import ListProperty, ReferenceProperty, StringProperty
 
 ATTACK_FLOW_EXTENSION_ID = "extension-definition--fb9c968a-745b-4ade-9b25-c324172197f4"
@@ -136,6 +136,12 @@ def load_attack_flow_bundle(path):
     """
     with path.open() as f:
         bundle = parse(f, allow_custom=True)
+    # The STIX library will not parse unknown objects; it just returns them as dict. We should
+    # throw an error since it will break downstream code that expects real STIX objects.
+    if isinstance(bundle, Bundle):
+        for o in bundle.objects:
+            if type(o) == dict:
+                raise Exception("This object could not be parsed into STIX: %s", o)
     return bundle
 
 

diff --git a/src/attack_flow_builder/src/assets/configuration/builder.config.publisher.ts b/src/attack_flow_builder/src/assets/configuration/builder.config.publisher.ts
@@ -70,6 +70,7 @@ const AttackFlowTemplatesMap: Map<string, string>
         ["condition", "attack-condition"],
         ["or", "attack-operator"],
         ["and", "attack-operator"],
+        ["email_address", "email-addr"],
     ]);
 
 

diff --git a/tests/test_schema.py b/tests/test_schema.py
@@ -311,13 +311,8 @@ def test_cannot_validate_unknown_type():
     ]
 
     with temporary_flow_file(flow_json) as flow_path:
-        result = validate_doc(flow_path)
-        # assert result.success
-        assert len(result.messages) == 1
-        assert (
-            str(result.messages[0])
-            == "[warning] Cannot validate objects of type: foobar"
-        )
+        with pytest.raises(Exception):
+            result = validate_doc(flow_path)
 
 
 def test_invalid_ref():