infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added an extra health check for an empty item in the key-value pair 'location' of a detection. Reported by @Sreeman.

master
Marcus Bakker 2019-11-29 12:22:10 +01:00
parent dc092696f2
commit 4e2f7b1adc
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
health.py
View File

@ -278,9 +278,11 @@ def _check_health_techniques(filename, technique_content, health_is_called):
for obj in v[obj_type]: for obj in v[obj_type]:
obj_keys = ['applicable_to', 'comment', 'score_logbook'] obj_keys = ['applicable_to', 'comment', 'score_logbook']
obj_keys_list = ['applicable_to'] obj_keys_list = ['applicable_to']
obj_keys_not_none = []
if obj_type == 'detection': if obj_type == 'detection':
obj_keys.append('location') obj_keys.append('location')
obj_keys_list.append('location') obj_keys_list.append('location')
obj_keys_not_none.append('location')
for okey in obj_keys: for okey in obj_keys:
if okey not in obj: if okey not in obj:
@ -291,6 +293,17 @@ def _check_health_techniques(filename, technique_content, health_is_called):
if not isinstance(obj[okey], list): if not isinstance(obj[okey], list):
has_error = _print_error_msg('[!] Technique ID: ' + tech + ' the key-value pair \'' + okey + '\' in \'' + obj_type + '\' is NOT a list', health_is_called) has_error = _print_error_msg('[!] Technique ID: ' + tech + ' the key-value pair \'' + okey + '\' in \'' + obj_type + '\' is NOT a list', health_is_called)
for okey in obj_keys_not_none:
if okey in obj:
none_count = 0
for item in obj[okey]:
if item is None:
none_count += 1
if none_count == 1:
has_error = _print_error_msg('[!] Technique ID: ' + tech + ' the key-value pair \'' + okey + '\' in \'' + obj_type + '\' has an EMPTY value (an empty string value is allowed: \'\')', health_is_called)
elif none_count > 1:
has_error = _print_error_msg('[!] Technique ID: ' + tech + ' the key-value pair \'' + okey + '\' in \'' + obj_type + '\' has multiple EMPTY values (an empty string value is allowed: \'\')', health_is_called)
health = _check_health_score_object(obj, obj_type, tech, health_is_called) health = _check_health_score_object(obj, obj_type, tech, health_is_called)
has_error = _update_health_state(has_error, health) has_error = _update_health_state(has_error, health)