-
Notifications
You must be signed in to change notification settings - Fork 176
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add format checker script and update makefile
- Loading branch information
1 parent
a39d69c
commit a03c98b
Showing
2 changed files
with
61 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| """ This script checks all the MITRE Mappings in the Reports section of each analysis item to | ||
| ensure they follow the formal TAXXXX:TXXXX. If MITRE mappings aren't in this format, they don't | ||
| display properly in Panther's UI. """ | ||
|
|
||
| import re | ||
| import sys | ||
| from pathlib import Path | ||
|
|
||
| from panther_analysis_tool.analysis_utils import load_analysis_specs | ||
|
|
||
| # All MITRE Tags must match this regex pattern | ||
| MITRE_PATTERN = re.compile("^TA\d+\:T\d+(\.\d+)?$") | ||
|
|
||
| def main(path: Path) -> bool: | ||
| # Load Repo | ||
| analysis_items = load_analysis_specs([path], ignore_files=[]) | ||
|
|
||
| items_with_invalid_mappings = [] # Record all items with bad tags | ||
| for analysis_item in analysis_items: | ||
| rel_path = analysis_item[0] # Relative path to YAML file | ||
| spec = analysis_item[2] # YAML spec as a dict | ||
|
|
||
| bad_tags = [] # Record the invalid tags for this analysis item | ||
| if reports := spec.get("Reports"): | ||
| if mitre := reports.get("MITRE ATT&CK"): | ||
| for mapping in mitre: | ||
| if not MITRE_PATTERN.match(mapping): | ||
| bad_tags.append(mapping) | ||
|
|
||
| if bad_tags: | ||
| items_with_invalid_mappings.append({ | ||
| "rel_path": rel_path, | ||
| "bad_tags": bad_tags | ||
| }) | ||
|
|
||
| if items_with_invalid_mappings: | ||
| print("❌ Some items had invalid MITRE mapping formats:") | ||
| print() | ||
| for invalid_item in items_with_invalid_mappings: | ||
| print(invalid_item.get("rel_path", "<UNKNOWN PATH>")) | ||
| for bad_tag in invalid_item.get("bad_tags", []): | ||
| print("\t" + bad_tag) | ||
| print() | ||
|
|
||
| print(("To ensure that your MITRE mappings are correctly displayed in the Panther " | ||
| "console, make sure your MITRE mappings are formatted like 'TA0000:T0000'.")) | ||
| else: | ||
| print("✅ No invalid MITRE mappings found! You're in the clear! 👍") | ||
|
|
||
| return bool(items_with_invalid_mappings) | ||
|
|
||
| if __name__ == "__main__": | ||
| path = Path.cwd() # Default to current directory | ||
| if len(sys.argv) > 1: | ||
| path = Path(sys.argv[1]) | ||
| if main(path): | ||
| exit(1) # Exit with error if issues were found |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters