Merge branch 'develop' of https://github.com/mitre-attack/attack-scripts into develop

isaisabel · isaisabel · commit 4a108f538abe · 2020-07-08T10:32:52.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,8 +5,12 @@ Added scripts used to generate the [sample layers in the ATT&CK Navigator reposi
 - [bear_APT.py](scripts/layers/samples/bear_APT.py)
 - [apt3_apt29_software.py](scripts/layers/samples/apt3_apt29_software.py)
 - [software_execution.py](scripts/layers/samples/software_execution.py)
+## Fixes
+- Fixed a bug in diff_stix where sub-techniques had the wrong URL in hyperlinks.
 
 # v1.4.1 - 18 May 2020
+
+# V1.4.1 - 18 May 2020
 ## New Scripts
 - New script [technique_mappings_to_csv.py](technique_mappings_to_csv.py) added to support mapping Techniques with Mitigations, Groups or Software. The output is a CSV file. Added in PR [#23](https://github.com/mitre-attack/attack-scripts/pull/23)
 ## Improvements
diff --git a/scripts/diff_stix.py b/scripts/diff_stix.py
@@ -139,13 +139,14 @@ def verboseprint(self, *args, **kwargs):
             print(*args, **kwargs)
 
 
-    def getUrlFromStix(self, datum):
+    def getUrlFromStix(self, datum, is_subtechnique=False):
         """
         Parse the website url from a stix object.
         """
         url = datum['external_references'][0]['url']
         split_url = url.split('/')
-        link = '/'.join(split_url[-2:])
+        splitfrom = -3 if is_subtechnique else -2
+        link = '/'.join(split_url[splitfrom:])
         return link
 
 
@@ -400,13 +401,14 @@ def placard(item):
                         # get revoking technique's parent for display
                         parentID = list(filter(lambda rel: rel["source_ref"] == revoker["id"], subtechnique_of_rels))[0]["target_ref"]
                         parentName = id_to_technique[parentID]["name"] if parentID in id_to_technique else "ERROR NO PARENT"
-                        return f"{item['name']} (revoked by { parentName}: [{revoker['name']}]({self.site_prefix}/{self.getUrlFromStix(revoker)}))"
+                        return f"{item['name']} (revoked by { parentName}: [{revoker['name']}]({self.site_prefix}/{self.getUrlFromStix(revoker, True)}))"
                     else:
                         return f"{item['name']} (revoked by [{revoker['name']}]({self.site_prefix}/{self.getUrlFromStix(revoker)}))"
                 if section == "deletions":
                     return f"{item['name']}"
                 else:
-                    return f"[{item['name']}]({self.site_prefix}/{self.getUrlFromStix(item)})"
+                    is_subtechnique = item["type"] == "attack-pattern" and "x_mitre_is_subtechnique" in item and item["x_mitre_is_subtechnique"]
+                    return f"[{item['name']}]({self.site_prefix}/{self.getUrlFromStix(item, is_subtechnique)})"
 
 
             # build sectionList string
@@ -688,4 +690,4 @@ def verboseprint(*args, **kwargs):
             parser.error('-layers requires exactly three files to be specified or none at all')
 
         layers_dict = diffStix.get_layers_dict()
-        layers_dict_to_files(args.layers, layers_dict)
+        layers_dict_to_files(args.layers, layers_dict)
