Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AF-10: Autocomplete #95

Merged
merged 20 commits into from
Aug 24, 2023
Merged

AF-10: Autocomplete #95

merged 20 commits into from
Aug 24, 2023

Conversation

mikecarenzo
Copy link
Contributor

@mikecarenzo mikecarenzo commented Aug 3, 2023
edited
Loading

Implements ATT&CK autocomplete features.

Overview:

In order to support this feature, this PR introduces the suggestions configuration key to StringProperty. Now, any StringProperty can be configured to suggest zero or more predefined strings to the user. Suggestions are presented to the user when they select an empty text field and are progressively filtered out as text is typed.

This PR also introduces an Intelligence File (builder.config.intel.ts). This new configuration file drives the application's autocomplete features. This file is generated automatically by a set of scripts which download and organize relevant ATT&CK information into a format the application can leverage.

The Intelligence File is imported into the builder's configuration file (builder.config.ts) and is used to configure the autocomplete functionality of the tactic_id and technique_id properties (via the new suggestions configuration key).

Updating the Intelligence File

Simply invoke npm run update-intel to update the Intelligence File.

image

The configured list of sources can be modified at any time from download_sources.js

image

Cross-field Autofill

In order to support Autofill (in which one autocompleted field automatically fills out other related fields), this PR introduces the Processor construct. A Processor extends from DiagramProcessor. Much like a DiagramPublisher or DiagramValidator, the developer must implement their own DiagramProcessor and configure it via the main configuration file (builder.config.ts). Only one DiagramProcessor can be registered with the application at a time.

A processor's job is to intercept and "process" commands issued, by the interface, to the Page. This construct allows any PageCommand to be captured, modified, and forwarded according to the needs of the application.

For the purposes of the builder, AttackFlowProcessor (builder.config.processor.ts) has been implemented and configured. This processor:

  1. Intercepts SetStringProperty commands that modify an action's tactic_id or technique_id properties.
  2. Inspects their associated property group and resolves related properties (tactic_ref, technique_ref, etc.)
  3. Mints new SetStringProperty for each related property that can be autofilled (using intel from the Intelligence File).
  4. Bundles all the SetStringProperty commands into a single GroupCommand.
  5. Forwards the GroupCommand along (to be executed by the application).

All other command types are forwarded along without modification.

@mikecarenzo mikecarenzo self-assigned this Aug 3, 2023
@mikecarenzo mikecarenzo marked this pull request as ready for review August 18, 2023 15:03
@mikecarenzo mikecarenzo linked an issue Aug 18, 2023 that may be closed by this pull request
Add ATT&CK Technique auto-complete #60
Closed
mehaase
mehaase requested changes Aug 22, 2023
View reviewed changes
Copy link
Contributor

@mehaase mehaase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good. A couple changes requested:

  1. Please add the explanation for updating the intel file to the developers.rst doc.
  2. Some of the other dropdowns are broken:
  • Screen Shot 2023-08-21 at 6 30 43 PM
  • Screen Shot 2023-08-21 at 6 36 50 PM
  1. The Tactic ID and Technique ID should only be the TA### and T### numbers, not including the technique name.

One other thing I noticed is that unfocusing the autocomplete list can be tricky. In the interest of shipping this feature, it shouldn't block this PR, but please add an issue to our backlog so we can keep track of this:

  1. My first attempt to unfocus was to click on the main canvas, but that of course also deselects the currently selected item. Would it be possible to only unfocus the text box?
  2. I also tried typing escape to dismiss the autocomplete, but

@mikecarenzo mikecarenzo requested a review from tiffb August 22, 2023 18:45
@mikecarenzo mikecarenzo removed the request for review from tiffb August 22, 2023 20:05
mehaase
mehaase approved these changes Aug 24, 2023
View reviewed changes
Copy link
Contributor

@mehaase mehaase left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved pending the item we discussed over the phone...

@sonarcloud
Copy link

sonarcloud bot commented Aug 24, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug B 1 Bug
Vulnerability A 0 Vulnerabilities
Security Hotspot E 1 Security Hotspot
Code Smell A 8 Code Smells

No Coverage information No Coverage information
52.5% 52.5% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

@mikecarenzo mikecarenzo merged commit 6f5bb26 into main Aug 24, 2023
2 of 4 checks passed
@mikecarenzo mikecarenzo deleted the AF-10_autocomplete branch August 24, 2023 17:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mehaase mehaase mehaase approved these changes

@tleef42 tleef42 tleef42 approved these changes

Assignees

@mikecarenzo mikecarenzo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add ATT&CK Technique auto-complete
3 participants
@mikecarenzo @mehaase @tleef42