Merge branch 'development' of https://github.com/marcusbakker/DeTTECT-private into development

Dockerfile

@@ -1,6 +1,6 @@
 FROM python:3.8-slim-buster
 
-LABEL version="1.3.1"
+LABEL version="1.4.0"
 
 # copy DeTT&CT and install the requirements
 COPY . /opt/DeTTECT

README.md

@@ -1,7 +1,7 @@
 <img src="https://github.com/rabobank-cdc/DeTTECT/wiki/images/logo.png" alt="DeTT&CT" width=30% height=30%>
 
 #### Detect Tactics, Techniques & Combat Threats
-Latest version: [1.3.1](https://github.com/rabobank-cdc/DeTTECT/wiki/Changelog#version-131)
+Latest version: [1.4.0](https://github.com/rabobank-cdc/DeTTECT/wiki/Changelog#version-140)
 
 To get started with DeTT&CT, check out this [page](https://github.com/rabobank-cdc/DeTTECT/wiki/Getting-started), our [talk](https://www.youtube.com/watch?v=_kWpekkhomU) at hack.lu 2019 and our blog on:
 - [mbsecure.nl/blog/2019/5/dettact-mapping-your-blue-team-to-mitre-attack](https://www.mbsecure.nl/blog/2019/5/dettact-mapping-your-blue-team-to-mitre-attack) or

constants.py

@@ -2,7 +2,7 @@ import re
 
 APP_NAME = 'DeTT&CT'
 APP_DESC = 'Detect Tactics, Techniques & Combat Threats'
-VERSION = '1.3.1'
+VERSION = '1.4'
 
 EXPIRE_TIME = 60 * 60 * 24
 
@@ -119,14 +119,14 @@ V_UPDATE_ACTION_DIFF = 'the user decides to update or not'
 
 # YAML regex
 REGEX_YAML_VERSION_10 = re.compile(r'^\s*version:\s+1\.0\s*$', re.IGNORECASE)
-REGEX_YAML_TECHNIQUE_ID = re.compile(r'^-\s+technique_id:\s+T[0-9]{4}\s*$', re.IGNORECASE)
-REGEX_YAML_TECHNIQUE_ID_FORMAT = re.compile(r'T[0-9]{4}', re.IGNORECASE)
+REGEX_YAML_TECHNIQUE_ID = re.compile(r'^-\s+technique_id:\s+T\d{4}(\.\d{3}|)\s*$', re.IGNORECASE)
+REGEX_YAML_TECHNIQUE_ID_FORMAT = re.compile(r'T\d{4}(\.\d{3}|)', re.IGNORECASE)
 REGEX_YAML_DETECTION = re.compile(r'^\s+detection:\s*$', re.IGNORECASE)
 REGEX_YAML_VISIBILITY = re.compile(r'^\s+visibility:\s*$', re.IGNORECASE)
 REGEX_YAML_INDENT_CHARS = re.compile(r'(^[\s-]+).*', re.IGNORECASE)
 REGEX_YAML_VALID_DATE = re.compile(r'([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01]))', re.IGNORECASE)
 REGEX_YAML_DATE = re.compile(r'^[\s-]+date:.*$', re.IGNORECASE)
-REGEX_YAML_TECHNIQUE_ID_GROUP = re.compile(r'^-\s+technique_id:\s+(T[0-9]{4})\s*$', re.IGNORECASE)
+REGEX_YAML_TECHNIQUE_ID_GROUP = re.compile(r'^-\s+technique_id:\s+(T\d{4})\s*$', re.IGNORECASE)
 
 # YAML objects
 YAML_OBJ_VISIBILITY = {'applicable_to': ['all'],

editor/src/components/Inputs/AutoSuggestGroup.vue

@@ -42,23 +42,23 @@ import { notificationMixin } from '@/mixins/NotificationMixins.js';
 export default {
     data() {
         return {
-            newID: ''
+            newID: '',
         };
     },
     mixins: [autoSuggestMixins, notificationMixin],
     props: {
         group: {
             type: Object,
-            required: true
+            required: true,
         },
         valueAttr: {
             type: String,
-            required: true
+            required: true,
         },
         platforms: {
             type: Array,
-            required: true
-        }
+            required: true,
+        },
     },
     methods: {
         deleteItem(event) {
@@ -80,11 +80,11 @@ export default {
                 return;
             }
             // performs two checks for a valid ID, and exit if not valid
-            if (!this.newID.match(/\b(S|T)\d{4}\b/i)) {
+            if (!this.newID.match(/\b(S\d{4}|T\d{4}(\.\d{3}|))\b/i)) {
                 this.notifyInvalid(this.newID);
                 return;
             }
-            let id = this.newID.match(/\b((S|T)\d{4})\b/i)[0].toUpperCase();
+            let id = this.newID.match(/\b((S\d{4}|T\d{4}(\.\d{3}|)))\b/i)[0].toUpperCase();
             if ((this.itemIdName == 'technique_id' && !id.startsWith('T')) || (this.itemIdName == 'software_id' && !id.startsWith('S'))) {
                 this.notifyInvalid(id);
                 return;
@@ -113,7 +113,7 @@ export default {
             let title = 'Invalid ' + this.formattedTitle;
             let msg = "'" + id + "' is an invalid " + this.formattedTitle + '.';
             this.notifyWarning(title, msg);
-        }
+        },
     },
     computed: {
         filteredSuggestionList() {
@@ -123,7 +123,7 @@ export default {
             for (let i = 0; i < this.suggestionList.length; i++) {
                 if (
                     this.platforms[0] == 'all' ||
-                    (this.platforms.some(item => this.suggestionList[i]['platforms'].includes(item)) &&
+                    (this.platforms.some((item) => this.suggestionList[i]['platforms'].includes(item)) &&
                         !this.group[this.itemIdName].includes(this.suggestionList[i][this.itemIdName]))
                 ) {
                     tmpList.push(this.suggestionList[i]);
@@ -133,7 +133,7 @@ export default {
         },
         formattedTitle() {
             return this.itemIdName.replace('_', ' ').replace('id', 'ID');
-        }
-    }
+        },
+    },
 };
 </script>

editor/src/components/Inputs/AutoSuggestTitle.vue

@@ -113,13 +113,13 @@ export default {
                     return;
                 }
                 // performs two checks for a valid ID, and exit if not valid
-                if (!this.tmpItemId.match(/\bT\d{4}\b/i)) {
+                if (!this.tmpItemId.match(/\bT\d{4}(\.\d{3}|)\b/i)) {
                     if (event.target.id != 'checkmark') {
                         this.notifyInvalid(this.tmpItemId);
                     }
                     return;
                 }
-                let id = this.tmpItemId.match(/\b(T\d{4})\b/i)[0].toUpperCase();
+                let id = this.tmpItemId.match(/\b(T\d{4}(\.\d{3}|))\b/i)[0].toUpperCase();
                 if (!id.startsWith('T')) {
                     if (event.target.id != 'checkmark') {
                         this.notifyInvalid(id);

editor/src/pages/GroupsPage.vue

@@ -127,19 +127,19 @@ export default {
             filters: {
                 filter: {
                     value: '',
-                    keys: ['group_name', 'campaign', 'enabled']
-                }
+                    keys: ['group_name', 'campaign', 'enabled'],
+                },
             },
             data_columns: ['group_name', 'campaign', 'enabled'],
             groupFileToRender: 'https://raw.githubusercontent.com/wiki/rabobank-cdc/DeTTECT/YAML-administration-groups.md',
             groupHelpText: null,
-            emptyGroupObject: constants.YAML_OBJ_GROUP
+            emptyGroupObject: constants.YAML_OBJ_GROUP,
         };
     },
     mixins: [pageMixin, notificationMixin],
     components: {
         GroupsDetail,
-        Icons
+        Icons,
     },
     created: function() {
         this.preloadMarkDown();
@@ -215,7 +215,7 @@ export default {
                             }
 
                             for (let x = 0; x < yaml_input.groups[i].technique_id.length; x++) {
-                                if (yaml_input.groups[i].technique_id[x].match(/^T[0-9]{4}$/i) == null) {
+                                if (yaml_input.groups[i].technique_id[x].match(/^T\d{4}(\.\d{3}|)$/i) == null) {
                                     yaml_input.groups[i].technique_id.splice(x, 1);
                                 }
                                 if (yaml_input.groups[i].technique_id[x] != undefined) {
@@ -223,7 +223,7 @@ export default {
                                 }
                             }
                             for (let x = 0; x < yaml_input.groups[i].software_id.length; x++) {
-                                if (yaml_input.groups[i].software_id[x].match(/^S[0-9]{4}$/i) == null) {
+                                if (yaml_input.groups[i].software_id[x].match(/^S\d{4}$/i) == null) {
                                     yaml_input.groups[i].software_id.splice(x, 1);
                                 }
                                 if (yaml_input.groups[i].software_id[x] != undefined) {
@@ -289,20 +289,20 @@ export default {
 
             this.groupHelpText = 'Loading the help content...';
             this.$http.get(this.groupFileToRender).then(
-                response => {
+                (response) => {
                     this.groupHelpText = response.body.replace(/\[(.+)\](\([#\w-]+\))/gm, '$1'); // remove links to other wiki pages
                     this.groupHelpText = this.groupHelpText.match(/## Group object((.*|\n)*)/gim, '$1')[0];
                     this.groupHelpText = this.groupHelpText.replace(/^## Group object/gim, '');
                 },
                 // eslint-disable-next-line no-unused-vars
-                response => {
+                (response) => {
                     this.groupHelpText = 'An error occurred while loading the help content.';
                 }
             );
         },
         notifyInvalidFileType(filename) {
             this.notifyDanger('Invalid YAML file type', "The file '" + filename + "' is not a valid group administration file.");
-        }
+        },
     },
     filters: {
         listToString: function(value) {
@@ -311,8 +311,8 @@ export default {
             } else {
                 return value;
             }
-        }
-    }
+        },
+    },
 };
 </script>