RubyGems - dradis-calculator_mitre - Versions diffs - 4.16.0 - Mend

dradis-calculator_mitre 4.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

data/app/assets/javascripts/dradis/plugins/calculators/mitre/base.js ADDED Viewed

@@ -0,0 +1,5 @@
+//= require jquery3
+//= require popper
+//= require bootstrap
+//= require dradis/plugins/calculators/mitre/mitre_calculator

data/app/assets/javascripts/dradis/plugins/calculators/mitre/manifests/hera.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ //= require dradis/plugins/calculators/mitre/mitre_calculator

data/app/assets/javascripts/dradis/plugins/calculators/mitre/mitre_calculator.js.erb ADDED Viewed

@@ -0,0 +1,283 @@
+document.addEventListener('turbo:load', () => {
+  if (!document.querySelector('[data-behavior~=mitre-calc]')) return;
+  class MitreCalculator {
+    constructor() {
+      this.matrices = ['enterprise', 'mobile', 'ics'];
+      this.mitreData = {};
+      this.result = document.querySelector('[data-behavior="mitre-result"]');
+      this.selects = {};
+      this.init();
+    }
+    async init() {
+      try {
+        await this.loadMitreData();
+        this.initializeSelectors();
+        this.setupEventListeners();
+        this.preSelectFromResult();
+      } catch (error) {
+        console.error('Failed to initialize MITRE Calculator:', error);
+      }
+    }
+    async loadMitreData() {
+      const response = await fetch("<%= asset_path('dradis/plugins/calculators/mitre/mitre_data.json') %>");
+      if (!response.ok)
+        throw new Error(`HTTP error! status: ${response.status}`);
+      this.mitreData = await response.json();
+    }
+    initializeSelectors() {
+      this.matrices.forEach((matrix) => {
+        const tacticSelect = document.querySelector(
+          `select[data-type="${matrix}-tactic"]`
+        );
+        const techniqueSelect = document.querySelector(
+          `select[data-type="${matrix}-technique"]`
+        );
+        const subtechniqueSelect = document.querySelector(
+          `select[data-type="${matrix}-subtechnique"]`
+        );
+        this.selects[matrix] = {
+          tactic: tacticSelect,
+          technique: techniqueSelect,
+          subtechnique: subtechniqueSelect,
+        };
+        this.setupMatrix(matrix);
+      });
+    }
+    setupMatrix(matrix) {
+      const { tactic, technique, subtechnique } = this.selects[matrix];
+      this.setPrompt(tactic, 'Select a tactic');
+      this.setPrompt(technique, 'Select a technique');
+      this.setPrompt(subtechnique, 'Select a sub-technique');
+      technique.disabled = true;
+      subtechnique.disabled = true;
+      this.mitreData[matrix].tactics.forEach((tacticData) => {
+        const option = document.createElement('option');
+        option.value = tacticData.id;
+        option.textContent = tacticData.name;
+        tactic.appendChild(option);
+      });
+    }
+    setupEventListeners() {
+      this.matrices.forEach((matrix) => {
+        const { tactic, technique, subtechnique } = this.selects[matrix];
+        tactic.addEventListener('change', () => {
+          this.handleTacticChange(matrix);
+        });
+        technique.addEventListener('change', () => {
+          this.handleTechniqueChange(matrix);
+        });
+        subtechnique.addEventListener('change', () => {
+          this.handleSubtechniqueChange(matrix);
+        });
+      });
+    }
+    handleTacticChange(matrix) {
+      const { tactic, technique, subtechnique } = this.selects[matrix];
+      const selectedTactic = this.mitreData[matrix].tactics.find(
+        (t) => t.id === tactic.value
+      );
+      this.setPrompt(technique, 'Select a technique');
+      this.setPrompt(subtechnique, 'Select a sub-technique');
+      technique.disabled = true;
+      subtechnique.disabled = true;
+      if (selectedTactic) {
+        this.populateTechniques(selectedTactic, technique);
+        technique.disabled = false;
+      }
+      this.updateTacticResults(matrix, selectedTactic);
+    }
+    handleTechniqueChange(matrix) {
+      const { tactic, technique, subtechnique } = this.selects[matrix];
+      const selectedTactic = this.mitreData[matrix].tactics.find(
+        (t) => t.id === tactic.value
+      );
+      const selectedTechnique = selectedTactic.techniques.find(
+        (tech) => tech.id === technique.value
+      );
+      this.setPrompt(subtechnique, 'Select a sub-technique');
+      subtechnique.disabled = true;
+      if (selectedTechnique.subtechniques.length > 0) {
+        this.populateSubtechniques(selectedTechnique, subtechnique);
+        subtechnique.disabled = false;
+      }
+      this.updateTechniqueResults(matrix, selectedTechnique);
+    }
+    handleSubtechniqueChange(matrix) {
+      const { tactic, technique, subtechnique } = this.selects[matrix];
+      const selectedTactic = this.mitreData[matrix].tactics.find(
+        (t) => t.id === tactic.value
+      );
+      const selectedTechnique = selectedTactic.techniques.find(
+        (tech) => tech.id === technique.value
+      );
+      const selectedSubtechnique = selectedTechnique.subtechniques.find(
+        (s) => s.id === subtechnique.value
+      );
+      this.updateSubtechniqueResults(matrix, selectedSubtechnique);
+    }
+    preSelectFromResult() {
+      this.matrices.forEach((matrix) => {
+        this.preSelectMatrix(matrix);
+      });
+    }
+    preSelectMatrix(matrix) {
+      const base = `MITRE.${this.titleCase(matrix)}`;
+      const tacticId = this.getResultValue(`${base}.Tactic.ID`);
+      if (!tacticId || tacticId === 'N/A') return;
+      const { tactic, technique, subtechnique } = this.selects[matrix];
+      if (this.selectOption(tactic, tacticId)) {
+        const selectedTactic = this.mitreData[matrix].tactics.find(
+          (t) => t.id === tacticId
+        );
+        this.populateTechniques(selectedTactic, technique);
+        technique.disabled = false;
+        const techniqueId = this.getResultValue(`${base}.Technique.ID`);
+        if (
+          techniqueId &&
+          techniqueId !== 'N/A' &&
+          this.selectOption(technique, techniqueId)
+        ) {
+          const selectedTechnique = selectedTactic.techniques.find(
+            (t) => t.id === techniqueId
+          );
+          if (selectedTechnique.subtechniques.length > 0) {
+            this.populateSubtechniques(selectedTechnique, subtechnique);
+            subtechnique.disabled = false;
+            const subtechniqueId = this.getResultValue(
+              `${base}.Sub-technique.ID`
+            );
+            if (subtechniqueId && subtechniqueId !== 'N/A') {
+              this.selectOption(subtechnique, subtechniqueId);
+            }
+          }
+        }
+      }
+    }
+    getResultValue(label) {
+      // Captures the line with the label and returns its value
+      const regex = new RegExp(
+        `\\#\\[${this.escapeRegex(label)}\\]\\#\\n(.*?)(?=\\n|$)`,
+        'i'
+      );
+      const match = this.result.value.match(regex);
+      return match ? match[1].trim() : null;
+    }
+    selectOption(select, value) {
+      const option = select.querySelector(`option[value="${value}"]`);
+      if (option) {
+        select.value = value;
+        return true;
+      }
+      return false;
+    }
+    escapeRegex(string) {
+      // Escapes special characters in a regex string since . and [] have special meanings
+      return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    }
+    setPrompt(select, prompt) {
+      select.innerHTML = `<option value="" disabled selected>${prompt}</option>`;
+    }
+    populateTechniques(tactic, select) {
+      tactic.techniques.forEach((tech) => {
+        const option = document.createElement('option');
+        option.value = tech.id;
+        option.textContent = tech.name;
+        select.appendChild(option);
+      });
+    }
+    populateSubtechniques(technique, select) {
+      technique.subtechniques.forEach((sub) => {
+        const option = document.createElement('option');
+        option.value = sub.id;
+        option.textContent = sub.name;
+        select.appendChild(option);
+      });
+    }
+    updateResult(label, value) {
+      // Captures the line with the label and replaces its value
+      const regex = new RegExp(`(\\#\\[${label}\\]\\#\\n)(.*?)(\\n|$)`, 'gi');
+      this.result.value = this.result.value.replace(regex, `$1${value}$3`);
+    }
+    updateTacticResults(matrix, tactic) {
+      const base = `MITRE.${this.titleCase(matrix)}`;
+      this.updateResult(`${base}.Tactic`, tactic.name);
+      this.updateResult(`${base}.Tactic.ID`, tactic.id);
+      this.resetTechniqueAndSubtechniqueResults(matrix);
+    }
+    updateTechniqueResults(matrix, technique) {
+      const base = `MITRE.${this.titleCase(matrix)}`;
+      this.updateResult(`${base}.Technique`, technique.name);
+      this.updateResult(`${base}.Technique.ID`, technique.id);
+      this.resetSubtechniqueResults(matrix);
+    }
+    updateSubtechniqueResults(matrix, subtechnique) {
+      const base = `MITRE.${this.titleCase(matrix)}`;
+      this.updateResult(`${base}.Sub-technique`, subtechnique.name);
+      this.updateResult(`${base}.Sub-technique.ID`, subtechnique.id);
+    }
+    resetTechniqueAndSubtechniqueResults(matrix) {
+      this.resetTechniqueResults(matrix);
+      this.resetSubtechniqueResults(matrix);
+    }
+    resetTechniqueResults(matrix) {
+      const base = `MITRE.${this.titleCase(matrix)}`;
+      this.updateResult(`${base}.Technique`, 'N/A');
+      this.updateResult(`${base}.Technique.ID`, 'N/A');
+    }
+    resetSubtechniqueResults(matrix) {
+      const base = `MITRE.${this.titleCase(matrix)}`;
+      this.updateResult(`${base}.Sub-technique`, 'N/A');
+      this.updateResult(`${base}.Sub-technique.ID`, 'N/A');
+    }
+    titleCase(str) {
+      return str.charAt(0).toUpperCase() + str.slice(1);
+    }
+  }
+  new MitreCalculator();
+});

data/app/assets/stylesheets/dradis/plugins/calculators/mitre/base.css.scss ADDED Viewed

@@ -0,0 +1,10 @@
+@import '_bootstrap';
+@import 'hera/variables';
+@import 'hera/base';
+#mitre_fields {
+  font-size: 0.9rem;
+  height: 81em;
+  margin-bottom: 1rem;
+}

data/app/controllers/dradis/plugins/calculators/mitre/base_controller.rb ADDED Viewed

@@ -0,0 +1,9 @@
+module Dradis::Plugins::Calculators::MITRE
+  class BaseController < ActionController::Base
+    def index
+      @issue_fields = Dradis::Plugins::Calculators::MITRE::V1::FIELDS.map do |field|
+        "#[#{field}]#\nN/A"
+      end.join("\n\n")
+    end
+  end
+end

data/app/controllers/dradis/plugins/calculators/mitre/issues_controller.rb ADDED Viewed

@@ -0,0 +1,29 @@
+module Dradis::Plugins::Calculators::MITRE
+  class IssuesController < ::IssuesController
+    before_action only: :edit
+    def edit
+      @issue_fields = Dradis::Plugins::Calculators::MITRE::V1::FIELDS.map do |field|
+        value = @issue.fields[field]
+        value = 'N/A' if value.blank?
+        "#[#{field}]#\n#{value}"
+      end.join("\n\n")
+    end
+    def update
+      raw = params[:mitre_fields].to_s
+      mitre_fields = Hash[*raw.scan(FieldParser::FIELDS_REGEX).flatten.map(&:strip)]
+      mitre_fields.each do |name, value|
+        @issue.set_field(name, value)
+      end
+      if @issue.save
+        redirect_to main_app.project_issue_path(current_project, @issue), notice: 'MITRE fields updated.'
+      else
+        render :edit
+      end
+    end
+  end
+end

data/app/models/dradis/plugins/calculators/mitre/v1.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module Dradis::Plugins::Calculators::MITRE
+  class V1
+    FIELD_NAMES = %i[
+      Enterprise.Tactic
+      Enterprise.Tactic.ID
+      Enterprise.Technique
+      Enterprise.Technique.ID
+      Enterprise.Sub-technique
+      Enterprise.Sub-technique.ID
+      Mobile.Tactic
+      Mobile.Tactic.ID
+      Mobile.Technique
+      Mobile.Technique.ID
+      Mobile.Sub-technique
+      Mobile.Sub-technique.ID
+      ICS.Tactic
+      ICS.Tactic.ID
+      ICS.Technique
+      ICS.Technique.ID
+      ICS.Sub-technique
+      ICS.Sub-technique.ID
+    ].freeze
+    FIELDS = FIELD_NAMES.map { |name| "MITRE.#{name}".freeze }.freeze
+  end
+end

data/app/views/dradis/plugins/calculators/mitre/_ce_tools_menu.html.erb ADDED Viewed

@@ -0,0 +1,3 @@
+<li>
+  <%= link_to 'Risk Calculators - MITRE ATT&CK', mitre_calculator.calculators_mitre_path, class: 'dropdown-item', data: { turbolinks: false } %>
+</li>

data/app/views/dradis/plugins/calculators/mitre/_tools_menu.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<% if defined?(Dradis::Pro) && !current_user.role?(:contributor) %>
+  <li>
+    <%= link_to 'Risk Calculators - MITRE ATT&CK', mitre_calculator.calculators_mitre_path, class: 'dropdown-item', data: { turbolinks: false } %>
+  </li>
+<% end %>

data/app/views/dradis/plugins/calculators/mitre/base/_v1.html.erb ADDED Viewed

@@ -0,0 +1,67 @@
+<div data-behavior="mitre-calc">
+  <ul class="nav nav-pills w-100">
+    <li class="nav-item">
+      <a href="#enterprise" class="nav-link active" data-bs-toggle="tab"><strong>Enterprise</strong></a>
+    </li>
+    <li class="nav-item">
+      <a href="#mobile" class="nav-link" data-bs-toggle="tab"><strong>Mobile</strong></a>
+    </li>
+    <li class="nav-item">
+      <a href="#ics" class="nav-link" data-bs-toggle="tab"><strong>ICS</strong></a>
+    </li>
+  </ul>
+  <div class="row mt-3">
+    <div class="col-md-6">
+      <div class="tab-content">
+        <div id="enterprise" class="tab-pane active show">
+          <div class="mb-4">
+            <label class="form-label" for="enterprise-tactic-select">Enterprise Tactic</label>
+            <select id="enterprise-tactic-select" class="form-select" data-type="enterprise-tactic" data-combobox-config="no-combobox"></select>
+          </div>
+          <div class="mb-4">
+            <label class="form-label" for="enterprise-technique-select">Enterprise Technique</label>
+            <select id="enterprise-technique-select" class="form-select" data-type="enterprise-technique" data-combobox-config="no-combobox"></select>
+          </div>
+          <div class="mb-1">
+            <label class="form-label" for="enterprise-subtechnique-select">Enterprise Sub-Technique</label>
+            <select id="enterprise-subtechnique-select" class="form-select" data-type="enterprise-subtechnique" data-combobox-config="no-combobox"></select>
+          </div>
+        </div>
+        <div id="mobile" class="tab-pane">
+          <div class="mb-4">
+            <label class="form-label" for="mobile-tactic-select">Mobile Tactic</label>
+            <select id="mobile-tactic-select" class="form-select" data-type="mobile-tactic" data-combobox-config="no-combobox"></select>
+          </div>
+          <div class="mb-4">
+            <label class="form-label" for="mobile-technique-select">Mobile Technique</label>
+            <select id="mobile-technique-select" class="form-select" data-type="mobile-technique" data-combobox-config="no-combobox"></select>
+          </div>
+          <div class="mb-1">
+            <label class="form-label" for="mobile-subtechnique-select">Mobile Sub-Technique</label>
+            <select id="mobile-subtechnique-select" class="form-select" data-type="mobile-subtechnique" data-combobox-config="no-combobox"></select>
+          </div>
+        </div>
+        <div id="ics" class="tab-pane">
+          <div class="mb-4">
+            <label class="form-label" for="ics-tactic-select">ICS Tactic</label>
+            <select id="ics-tactic-select" class="form-select" data-type="ics-tactic" data-combobox-config="no-combobox"></select>
+          </div>
+          <div class="mb-4">
+            <label class="form-label" for="ics-technique-select">ICS Technique</label>
+            <select id="ics-technique-select" class="form-select" data-type="ics-technique" data-combobox-config="no-combobox"></select>
+          </div>
+          <div class="mb-1">
+            <label class="form-label" for="ics-subtechnique-select">ICS Sub-Technique</label>
+            <select id="ics-subtechnique-select" class="form-select" data-type="ics-subtechnique" data-combobox-config="no-combobox"></select>
+          </div>
+        </div>
+      </div>
+    </div>
+    <div class="col-md-6 d-flex flex-column">
+      <label for="mitre_fields" class="form-label">Result</label>
+      <%= text_area_tag :mitre_fields, @issue_fields, class: 'form-control flex-grow-1', data: { behavior: 'mitre-result' } %>
+    </div>
+  </div>
+</div>

data/app/views/dradis/plugins/calculators/mitre/base/index.html.erb ADDED Viewed

@@ -0,0 +1,5 @@
+<%= content_tag :div, class: 'page-header' do %>
+  <h1>MITRE ATT&CK Calculator</h1>
+<% end %>
+ <%= render 'dradis/plugins/calculators/mitre/base/v1' %>

data/app/views/dradis/plugins/calculators/mitre/issues/_show-content.html.erb ADDED Viewed

@@ -0,0 +1,20 @@
+<div class="tab-pane" id="mitre-tab">
+  <div class="inner">
+    <h4 class="header-underline">MITRE ATT&CK -
+      <span class="actions">
+        <%= link_to mitre_calculator.mitre_project_issue_path(current_project, @issue) do %>
+          <i class="fa-solid fa-pencil"></i> Edit
+        <% end %>
+    </h4>
+    <div class="mb-4 content-textile">
+      <%=
+        markup(
+          @issue.fields
+            .select { |k,v| Dradis::Plugins::Calculators::MITRE::V1::FIELDS.include?(k) }
+            .map { |k,v| "#[#{k}]#\n#{v}" }.join("\n\n")
+        )
+      %>
+    </div>
+  </div>
+</div>

data/app/views/dradis/plugins/calculators/mitre/issues/_show-tabs.html.erb ADDED Viewed

@@ -0,0 +1,3 @@
+<li class="nav-item">
+  <a href="#mitre-tab" data-bs-toggle="tab" class="nav-link"><i class="fa-solid fa-calculator"></i> MITRE</a>
+</li>

data/app/views/dradis/plugins/calculators/mitre/issues/edit.html.erb ADDED Viewed

@@ -0,0 +1,32 @@
+<% content_for :title, 'Edit MITRE' %>
+<% content_for :sidebar do %>
+  <%= render 'issues/sidebar' %>
+<% end %>
+<ol class="breadcrumb">
+  <li class="breadcrumb-item">
+    <%= link_to current_project.name, main_app.project_path(current_project) %>
+  </li>
+  <li class="breadcrumb-item">
+    <%= link_to 'All issues', main_app.project_issues_path(current_project) %>
+  </li>
+  <li class="breadcrumb-item">
+    <%= link_to @issue.title? ? @issue.title : "Issue ##{@issue.id}", main_app.project_issue_path(current_project, @issue) %>
+  </li>
+  <li class="breadcrumb-item active">
+    MITRE ATT&CK
+  </li>
+</ol>
+<div class="content-container">
+  <h4 class="header-underline mb-2">Edit MITRE ATT&CK</h4>
+  <%= simple_form_for [:mitre, current_project, @issue], method: :patch do |f| %>
+    <%= render 'dradis/plugins/calculators/mitre/base/v1' %>
+    <div class="form-actions mt-2">
+      <%= f.button :submit, nil, class: 'btn btn-primary' %> or
+      <%= link_to 'Cancel', main_app.project_issue_path(current_project, @issue), class: 'cancel-link' %>
+    </div>
+  <% end %>
+</div>

data/app/views/layouts/dradis/plugins/calculators/mitre/base.html.erb ADDED Viewed

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>MITRE ATT&CK Calculator | Dradis Framework</title>
+    <%= stylesheet_link_tag    'dradis/plugins/calculators/mitre/base', media: 'all', 'data-turbo-track': 'reload' %>
+    <%= javascript_include_tag 'dradis/plugins/calculators/mitre/base', 'data-turbo-track': 'reload' %>
+    <%= csrf_meta_tags %>
+    <%= javascript_importmap_tags %>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  </head>
+  <body class="authenticated">
+    <div class="container">
+      <nav class="navbar">
+        <a href="javascript:void(0)" class="navbar-brand">MITRE ATT&CK Calculator</a>
+        <ul class="navbar-nav pull-right">
+          <li class="nav-item">
+            <%= link_to main_app.root_path, class: 'nav-link', data: { turbo: false } do %>
+            Back to the app  &rarr;
+            <% end %>
+          </li>
+        </ul>
+      </nav>
+      <%= yield %>
+    </div>
+  </body>
+</html>

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,12 @@
+Dradis::Plugins::Calculators::MITRE::Engine.routes.draw do
+  get '/calculators/mitre' => 'base#index'
+  resources :projects, only: [] do
+    resources :issues, only: [] do
+      member do
+        get 'mitre' => 'issues#edit'
+        patch 'mitre' => 'issues#update'
+      end
+    end
+  end
+end

data/lib/dradis/plugins/calculators/mitre/engine.rb ADDED Viewed

@@ -0,0 +1,36 @@
+module Dradis::Plugins::Calculators::MITRE
+  class Engine < ::Rails::Engine
+    isolate_namespace Dradis::Plugins::Calculators::MITRE
+    include Dradis::Plugins::Base
+    provides :addon
+    description 'Risk Calculators: MITRE'
+    initializer 'calculator_mitre.asset_precompile_paths' do |app|
+      app.config.assets.precompile += [
+        'dradis/plugins/calculators/mitre/base.css',
+        'dradis/plugins/calculators/mitre/base.js',
+        'dradis/plugins/calculators/mitre/manifests/hera.css',
+        'dradis/plugins/calculators/mitre/manifests/hera.js',
+        'dradis/plugins/calculators/mitre/mitre_data.json'
+      ]
+    end
+    initializer "calculator_mitre.inflections" do |app|
+      ActiveSupport::Inflector.inflections do |inflect|
+        inflect.acronym('MITRE')
+      end
+    end
+    initializer 'calculator_mitre.mount_engine' do
+        Rails.application.routes.append do
+          # Enabling/disabling integrations calls Rails.application.reload_routes! we need the enable
+          # check inside the block to ensure the routes can be re-enabled without a server restart
+          if Engine.enabled?
+            mount Engine => '/', as: :mitre_calculator
+          end
+        end
+      # end
+    end
+  end
+end

data/lib/dradis/plugins/calculators/mitre/gem_version.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module Dradis
+  module Plugins
+    module Calculators
+      module MITRE
+        # Returns the version of the currently loaded Nessus as a <tt>Gem::Version</tt>
+        def self.gem_version
+          Gem::Version.new VERSION::STRING
+        end
+        module VERSION
+          MAJOR = 4
+          MINOR = 16
+          TINY = 0
+          PRE = nil
+          STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
+        end
+      end
+    end
+  end
+end

data/lib/dradis/plugins/calculators/mitre/version.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require_relative 'gem_version'
+module Dradis
+  module Plugins
+    module Calculators
+      module MITRE
+        # Returns the version of the currently loaded Nessus as a
+        # <tt>Gem::Version</tt>.
+        def self.version
+          gem_version
+        end
+      end
+    end
+  end
+end

data/lib/dradis-calculator_mitre.rb ADDED Viewed

@@ -0,0 +1,13 @@
+require 'dradis-plugins'
+module Dradis
+  module Plugins
+    module Calculators
+      module MITRE
+      end
+    end
+  end
+end
+require 'dradis/plugins/calculators/mitre/engine'
+require 'dradis/plugins/calculators/mitre/version'