Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AF-174: Artifact #97

Merged
merged 5 commits into from
Aug 29, 2023
Merged

AF-174: Artifact #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
46acfe1
Validation block for first group of OneOf
tleef42 Jul 31, 2023
b122637
Added optional fields encryption algs and decryption key
tleef42 Aug 1, 2023
bfc64f4
Merge branch 'main' of https://github.com/center-for-threat-informed-…
tleef42 Aug 9, 2023
5ee57ec
align artifact checks with STIX documentation
mikecarenzo Aug 29, 2023
16302d4
Merge branch 'main' into af174-artifact
mikecarenzo Aug 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion src/attack_flow_builder/src/assets/builder.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -612,7 +612,19 @@ const config: AppConfiguration = {
}
}
},
encryption_algorithm : { type: PropertyType.String },
encryption_algorithm : {
type: PropertyType.Enum,
options: {
type: PropertyType.List,
form: { type: PropertyType.String },
value: [
["AES-256-GCM", "AES-256-GCM"],
["ChaCha20-Poly1305", "ChaCha20-Poly1305"],
["mime-type-indicated", "Mime Type Indicated"],
]
},
value: null
},
decryption_key : { type: PropertyType.String },
},
anchor_template: "@__builtin__anchor",
Expand Down
42 changes: 41 additions & 1 deletion src/attack_flow_builder/src/assets/builder.config.validator.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,18 +155,57 @@ class AttackFlowValidator extends DiagramValidator {
// Validate links
switch(node.template.id) {
case "artifact": {
const payloadBin = node.props.value.get("payload_bin");
const url = node.props.value.get("url");
const hashes = node.props.value.get("hashes");
const mimeType = node.props.value.get("mime_type");
const decryptionKey = node.props.value.get("decryption_key");
const encryptionAlg = node.props.value.get("encryption_algorithm")

const payloadRegex = /^([a-z0-9+/]{4})*([a-z0-9+/]{4}|[a-z0-9+/]{3}=|[a-z0-9+/]{2}==)$/i;
const MIME_Regex = /^(application|audio|font|image|message|model|multipart|text|video)\/[a-zA-Z0-9.+_-]+/;

// Check regex
if(payloadBin?.isDefined()) {
if(!payloadRegex.test(payloadBin.toString())) {
this.addError(id, "Invalid Payload Bin.");
}
}
if(mimeType?.isDefined()) {
if(!MIME_Regex.test(mimeType.toString())) {
this.addError(id, "Invalid MIME Type.");
}
}

// Validate Payload Bin, URL, and Hashes
if(payloadBin?.isDefined() && url?.isDefined()) {
this.addError(id, "Artifact must have either have a Payload Bin or URL, not both.");
}
if(url?.isDefined() && !hashes?.isDefined()) {
this.addError(id, "Artifact URL must also have a Hash.");
}

// Check hashes
if(hashes?.isDefined()) {
this.validateHash(id, hashes as ListProperty);
}

// Validate encryption and decryption algorithms
if(encryptionAlg?.isDefined()) {
if(encryptionAlg.toRawValue()?.toString() == "mime-type-indicated" && !mimeType?.isDefined()) {
this.addError(id, "For Encryption Algorithm to be 'Mime Type Indicated', the field 'Mime Type' cannot be empty.");
}
} else if(decryptionKey?.isDefined()) {
this.addError(id, "An Artifact with a Decryption Key must also have an Encryption Algorithm.");
}
break;
}
case "email_address": // Additional validation for email addresses
if (!AttackFlowValidator.Emailregex.test(String(node.props.value.get("value")))) {
this.addError(id, "Invalid email address.")
}
break;
case "file":
case "file": {
const hashes = node.props.value.get("hashes");
const name = node.props.value.get("name");
if(!hashes?.isDefined() && !name?.isDefined()) {
Expand All @@ -176,6 +215,7 @@ class AttackFlowValidator extends DiagramValidator {
this.validateHash(id, hashes as ListProperty);
}
break;
}
case "grouping":
if(node.next.length === 0) {
this.addError(id, "A Grouping must point to at least one object.");
Expand Down
Loading