Giters

swimlane / pyattck

A Python package to interact with the Mitre ATT&CK Framework

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

KeyError on Nist Controls JSON Load

nbyt3 opened this issue · comments

commented

I'm running into an issue running Pyattck==5.0.0 on python3.8.

I'm instantiating pyattck and loading just the enterprise JSON v8.2 and am receiving errors against the nist_controls_json object.

from pyattck import Attck

attack = Attck(
    nested_subtechniques=False,
    enterprise_attck_json="/home/-----/projects/------/enterprise-attack.json",
)

Traceback (most recent call last):
  File "/home/------/projects/-----/mitre/ingest.py", line 25, in <module>
    for technique in attack.enterprise.techniques:
  File "/home/------/.local/lib/python3.8/site-packages/pyattck/attck.py", line 263, in enterprise
    from .enterprise.enterprise import Enterprise
  File "/home/------/.local/lib/python3.8/site-packages/pyattck/enterprise/__init__.py", line 1, in <module>
    from .enterprise import Enterprise
  File "/home/---/.local/lib/python3.8/site-packages/pyattck/enterprise/enterprise.py", line 1, in <module>
    from .technique import AttckTechnique
  File "/home/-----/.local/lib/python3.8/site-packages/pyattck/enterprise/technique.py", line 1, in <module>
    from .attckobject import AttckObject
  File "/home/---/.local/lib/python3.8/site-packages/pyattck/enterprise/attckobject.py", line 4, in <module>
    class AttckObject(object):
  File "/home/---/.local/lib/python3.8/site-packages/pyattck/enterprise/attckobject.py", line 17, in AttckObject
    nist_controls_json = Configuration.get_data('nist_controls_json')['objects']
KeyError: 'objects'
commented

While not an extensive review, a temporary solution seems to be to remove ['objects'] from line 17 in attackobject.py and from line 273 in enterprise.py.

So far this has allowed me to use the enterprise property again. However, I am not yet sure what the long-term effect of this removal could cause.

commented

Thanks for this @TheComputerDan . Just noticed that they changed the URL path (again - argggg!) so I'll add some logic in to fail gracefully if this happens again.

Sorry about that.

They changed the path to https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-control-framework-mappings/main/frameworks/attack_10_1/nist800_53_r4/stix/nist800-53-r4-controls.json FYI