我使用的是FastAPI,我需要表示不同的STIX 2对象(来自MITRE ATT&;CK) 使用相应的/等效的Pydantic模型,以便将它们作为JSON响应返回
让我们考虑攻击者模式对象。
from stix2.v20.sdo import AttackPattern
它有以下类别
class AttackPattern(_DomainObject):
"""For more detailed information on this object's properties, see
`the STIX 2.0 specification <http://docs.oasis-open.org/cti/stix/v2.0/cs01/part2-stix-objects/stix-v2.0-cs01-part2-stix-objects.html#_Toc496714302>`__.
"""
_type = 'attack-pattern'
_properties = OrderedDict([
('type', TypeProperty(_type, spec_version='2.0')),
('id', IDProperty(_type, spec_version='2.0')),
('created_by_ref', ReferenceProperty(valid_types='identity', spec_version='2.0')),
('created', TimestampProperty(default=lambda: NOW, precision='millisecond')),
('modified', TimestampProperty(default=lambda: NOW, precision='millisecond')),
('name', StringProperty(required=True)),
('description', StringProperty()),
('kill_chain_phases', ListProperty(KillChainPhase)),
('revoked', BooleanProperty(default=lambda: False)),
('labels', ListProperty(StringProperty)),
('external_references', ListProperty(ExternalReference)),
('object_marking_refs', ListProperty(ReferenceProperty(valid_types='marking-definition', spec_version='2.0'))),
('granular_markings', ListProperty(GranularMarking)),
])
@property
def properties(self):
return self._properties
它以这种方式序列化为JSON
{
"created": "2021-04-13T12:45:26.506Z",
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
"description": "An adversary may attempt to get detailed information about remote systems and their peripherals, such as make/model, role, and configuration. Adversaries may use information from Remote System Information Discovery to aid in targeting and shaping follow-on behaviors. For example, the system\u2019s operational role and model information can dictate whether it is a relevant target for the adversary\u2019s operational objectives. In addition, the system\u2019s configuration may be used to scope subsequent technique usage. Requests for system information are typically implemented using automation and management protocols and are often automatically requested by vendor software during normal operation. This information may be used to tailor management actions, such as program download and system or module firmware. An adversary may leverage this same information by issuing calls directly to the system\u2019s API.",
"external_references": [
{
"external_id": "T0888",
"source_name": "mitre-ics-attack",
"url": "https://collaborate.mitre.org/attackics/index.php/Technique/T0888"
}
],
"id": "attack-pattern--2fedbe69-581f-447d-8a78-32ee7db939a9",
"kill_chain_phases": [
{
"kill_chain_name": "mitre-ics-attack",
"phase_name": "discovery-ics"
}
],
"modified": "2021-04-13T12:45:26.506Z",
"name": "Remote System Information Discovery",
"object_marking_refs": [
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
],
"type": "attack-pattern",
"x_mitre_data_sources": [
"Network protocol analysis",
"Packet capture"
],
"x_mitre_platforms": [
"Safety Instrumented System/Protection Relay",
"Field Controller/RTU/PLC/IED"
]
}
如您所见,该对象还有一些嵌套对象作为属性。
从对象itsel或其__dict__
表示开始,为攻击模式创建等效Pydantic模型的最佳方法是什么
我创建了一个simle测试类来处理它:
from stix2.v20.sdo import AttackPattern
from mitre.attack.ics.mitre_attack_ics import MitreAttackICS
if __name__ == '__main__':
mitre_attack_ics = MitreAttackICS()
techniques: list[AttackPattern] = mitre_attack_ics.get_techniques()
technique = techniques[0]
print(technique.serialize(sort_keys=True, indent=4))
# print(technique.__dict__)
# print(technique.object_properties())
# print(technique.properties)
包括实用程序类和FastAPI在内的整个源代码也可以在GitHub上找到
一种可能且有希望的方法是从STIX对象的相应JSON模式开始生成Pydantic模型
幸运的是,所有stix2对象的JSON模式都是由GitHub存储库CTI-STIX2-JSON-Schemas上的OASIS Open组织定义的
特别是,针对攻击模式的JSON模式可用here
生成Pydantic模型的项目datamodel-code-generator也在官方的documentation中链接
使用上述生成器,我可以使用以下命令生成Pydantic模型:
结果类
AttackPatternDTO
不是完美的,但一点也不坏,例如,它不扩展BaseModel
类,并定义了Core
类id
的两倍属性&type
。因此,需要进行一些工作来修复这些问题或更正生成的代码相关问题 更多 >
编程相关推荐