def test_tech_of_tactic(self):
collection_tech = MitreAttackTechnique.get_by_tactic(
self.mitre_attack,
MitreAttackTactic.get_by_name(self.mitre_attack, "Collection")[0])
assert collection_tech is not None
assert len(collection_tech) > 1
assert MitreAttackTactic.get_by_name(self.mitre_attack, "Command and Control")[0]\
.get_techniques(self.mitre_attack) is not None
def get_tactics_and_techniques(tactic_names=None, tactic_ids=None, opts=None, function_opts=None):
"""
Get techniques for all input tactics
:param tactic_names: string of tactic names separated by comma
:param tactic_ids: string of tactic ids separated by comma
:param opts: Top level configuration options
:param function_opts: Function configuration options.
:return: techniques
"""
mitre_conn = MitreAttackConnection(opts, function_opts)
tactics = []
# Check ids first, as it takes priority in querying
if tactic_ids is not None:
t_ids = tactic_ids.split(',')
for tid in t_ids:
tactics_id = MitreAttackTactic.get_by_id(mitre_conn, tid)
if tactics_id is not None:
for tactic in tactics_id:
tactics.append(tactic.id)
else:
raise ValueError("Tactics with id {} do not exist.".format(tid))
elif tactic_names is not None:
# It's possible for multiple tactics to have the same name
# And we want to make sure that all of them are processed in that case
tactic_names = tactic_names.split(',')
for t_name in tactic_names:
tactics_named = MitreAttackTactic.get_by_name(mitre_conn, t_name)
if not tactics_named:
raise ValueError("Tactics with name {} do not exist.".format(t_name))
else:
for tactic in tactics_named:
tactics.append(tactic.id)
ret = []
for tactic_id in tactics:
t_obj = MitreAttackTactic.get_by_id(mitre_conn, tactic_id)[0] # since we search by id, its unique
techs = t_obj.get_techniques(mitre_conn)
# get the dict for tactic and include techniques into it
tactic_dict = t_obj.dict_form()
tactic_dict.update({
"mitre_techniques": [tech.dict_form() for tech in techs]
})
ret.append(tactic_dict)
return ret
def test_deprecated_tactic_states_so_in_description(self):
"""
Gets tactics with name Impact, and checks that deprecation message was added.
Deprecation flag was added to one of the mocked tactics.
"""
tactics = MitreAttackTactic.get_by_name(self.mitre_attack, "Impact")
assert any(x.description.startswith("Deprecated") for x in tactics)
def test_tactic_representation_doesnt_have_unsupported_tags(self):
"""
Mocked Impact has code tags added on purpose
"""
tactics = MitreAttackTactic.get_by_name(self.mitre_attack, "Impact")
dict_reps = [tactic.dict_form() for tactic in tactics]
# check for every tactic that every field of their representation doesn't container the tag.
assert all([("<code>" not in tactic_repr[key] for key in tactic_repr)
for tactic_repr in dict_reps])
def test_get_by_shortname_works(self):
tactics = MitreAttackTactic.get_by_shortname(self.mitre_attack,
"collection")
assert tactics
def test_mutiple_of_same_name_returns_list(self):
tactics = MitreAttackTactic.get_by_name(self.mitre_attack, "Impact")
assert isinstance(tactics, list)
def test_collection_name_included(self):
tactics = MitreAttackTactic.get_by_name(self.mitre_attack, "Impact")
assert len(tactics) == 2
assert tactics[0].collection is not None and tactics[
1].collection is not None
assert tactics[0].collection != tactics[1].collection
def test_get_all(self):
assert len(MitreAttackTactic.get_all(
self.mitre_attack)) == len(MitreQueryMocker.TACTICS[0]) + len(
MitreQueryMocker.TACTICS[1]) + len(MitreQueryMocker.TACTICS[2])
def test_extra_spaces_doent_fail_search(self):
assert MitreAttackTactic.get_by_id(self.mitre_attack,
" TA0007") is not None
assert MitreAttackTactic.get_by_name(self.mitre_attack,
" Collection ") is not None
def test_get_by_name_works(self):
assert MitreAttackTactic.get_by_name(self.mitre_attack,
"Collection") is not None
assert MitreAttackTactic.get_by_name(self.mitre_attack,
"Absurd Search") is None
def test_get_by_id_works(self):
assert MitreAttackTactic.get_by_id(self.mitre_attack,
"TA0007") is not None
assert MitreAttackTactic.get_by_id(self.mitre_attack,
"TA00007") is None
def test_get_tactic_url(self):
tactics = MitreAttackTactic.get_all(self.mitre_conn)
for tactic in tactics[:1]:
url = tactic.get_url()
assert url_get(url)
def test_get_all_tactics_from_all_frameworks(self):
tactics = MitreAttackTactic.get_all(self.mitre_conn)
# As 8/5/19 there are 40 tactics
assert len(tactics) >= 40