infosecn1nja
/
DeTTECT
mirror of https://github.com/infosecn1nja/DeTTECT.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed a bug regarding the 'platform' kv-pair value 'all'

master
Marcus Bakker 2020-10-31 11:13:30 +01:00
parent 54d0259565
commit cd5b71ea9f
2 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
generic.py
View File

@ -1107,7 +1107,7 @@ def get_platform_from_yaml(yaml_content):
platform = [platform] platform = [platform]
platform = [p.lower() for p in platform if p is not None] platform = [p.lower() for p in platform if p is not None]
if platform == ['all']: if 'all' in platform:
platform = list(PLATFORMS.values()) platform = list(PLATFORMS.values())
else: else:
valid_platform_list = [] valid_platform_list = []

27
health.py
View File

@ -94,23 +94,22 @@ def check_health_data_sources(filename, ds_content, health_is_called, no_print=F
ATT&CK Platform is not part of the EQL search result ATT&CK Platform is not part of the EQL search result
:return: False if no errors have been found, otherwise True :return: False if no errors have been found, otherwise True
""" """
from generic import get_applicable_data_sources_platform from generic import get_applicable_data_sources_platform, get_platform_from_yaml
has_error = False has_error = False
platform = ds_content.get('platform', None) platform = get_platform_from_yaml(ds_content)
if not src_eql: if not src_eql:
if platform != 'all' and platform != ['all']: if isinstance(platform, str):
if isinstance(platform, str): platform = [platform]
platform = [platform] if platform is None or len(platform) == 0 or platform == '':
if platform is None or len(platform) == 0 or platform == '': platform = ['empty']
platform = ['empty'] for p in platform:
for p in platform: if p.lower() not in PLATFORMS.keys():
if p.lower() not in PLATFORMS.keys(): has_error = _print_error_msg(
has_error = _print_error_msg( '[!] EMPTY or INVALID value for \'platform\' within the data source admin. '
'[!] EMPTY or INVALID value for \'platform\' within the data source admin. ' 'file: %s (should be value(s) of: [%s] or all)' % (p, ', '.join(list(PLATFORMS.values()))),
'file: %s (should be value(s) of: [%s] or all)' % (p, ', '.join(list(PLATFORMS.values()))), health_is_called)
health_is_called)
ds_list = [kv['data_source_name'].lower() for kv in ds_content['data_sources']] ds_list = [kv['data_source_name'].lower() for kv in ds_content['data_sources']]
@ -275,7 +274,7 @@ def _check_health_techniques(filename, technique_content, health_is_called):
for p in platform: for p in platform:
if p.lower() not in PLATFORMS.keys(): if p.lower() not in PLATFORMS.keys():
has_error = _print_error_msg( has_error = _print_error_msg(
'[!] EMPTY or INVALID value for \'platform\' within the data source admin. ' '[!] EMPTY or INVALID value for \'platform\' within the technique admin. '
'file: %s (should be value(s) of: [%s] or all)' % (p, ', '.join(list(PLATFORMS.values()))), 'file: %s (should be value(s) of: [%s] or all)' % (p, ', '.join(list(PLATFORMS.values()))),
health_is_called) health_is_called)