Skip to content

Commit 08c87c4

Browse files
tccontretccontre
authored
Merge pull request #1184 from splunk/fixed_attack_data_download_bug
fixed_attack_data_download_bug
2 parents 423589e + 2d7c2bc commit 08c87c4

1 file changed

Lines changed: 18 additions & 13 deletions

File tree

total_replay/utility/utility_helper.py

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -291,8 +291,8 @@ def download_via_attack_data(self, attack_data_link:str, attack_data_timestamp_d
291291
return {}
292292
else:
293293
attack_datasets_full_path = os.path.join(os.path.expanduser(self.read_config_settings('attack_data_dir_path')), datasets_path)
294-
if os.path.isfile(attack_datasets_full_path):
295-
ColorPrint.print_info_fg(f"[+][. INFO]: ... Attack data at: {attack_datasets_full_path} already exists. Download skipped.")
294+
if os.path.isfile(attack_datasets_full_path) and not self.is_lsf_managed_file(attack_datasets_full_path):
295+
ColorPrint.print_info_fg(f"[+][. INFO]: ... Attack data at: {attack_datasets_full_path} already exists and Git LFS File Check is: {self.is_lsf_managed_file(attack_datasets_full_path)}. Download skipped.")
296296
return (attack_datasets_full_path, datasets_path)
297297

298298
# Find the Git repository root
@@ -313,7 +313,14 @@ def download_via_attack_data(self, attack_data_link:str, attack_data_timestamp_d
313313

314314

315315
return (attack_datasets_full_path, datasets_path)
316-
316+
317+
def is_lsf_managed_file(self, file_path:str)->bool:
318+
"""Check if a file is managed by Git LFS."""
319+
try:
320+
with open(file_path, "rb") as f:
321+
return f.read(120).startswith(b"version https://git-lfs.github.com/spec/v1")
322+
except OSError:
323+
return False
317324

318325
def read_yaml_file(self, file_path:str)->dict:
319326
"""Read a YAML file and return its content as a dictionary."""
@@ -384,8 +391,8 @@ def create_metadata_cache(self, yaml_data: yaml) -> dict:
384391
needed_replay_yaml_field = {
385392
"name": yaml_data.get("name", "Unknown"),
386393
"id": yaml_data.get("id", "Unknown"),
387-
"mitre_attack_id": yaml_data.get("tags", {}).get("mitre_attack_id", "Unknown"),
388-
"analytic_story": yaml_data.get("tags", {}).get("analytic_story", "Unknown"),
394+
"mitre_attack_id": yaml_data.get("mitre_attack_id", "Unknown"),
395+
"analytic_story": yaml_data.get("analytic_story", "Unknown"),
389396
"description": yaml_data.get("description", "No description available"),
390397
#"file_path": yaml_data.get("file_path", "Unknown")
391398
}
@@ -613,16 +620,14 @@ def check_needed_yaml_field(self, yaml_key_name:str, field_name:str, yaml_data:y
613620
return True
614621

615622
elif yaml_key_name == "mitre_attack_id":
616-
if yaml_data['tags']:
617-
if "mitre_attack_id" in yaml_data['tags']:
618-
if field_name.lower() in [i.lower() for i in yaml_data['tags']['mitre_attack_id']]:
619-
return True
623+
if "mitre_attack_id" in yaml_data:
624+
if field_name.lower() in [i.lower() for i in yaml_data['mitre_attack_id']]:
625+
return True
620626

621627
elif yaml_key_name == "analytic_story":
622-
if yaml_data['tags']:
623-
if "analytic_story" in yaml_data['tags']:
624-
if field_name.lower() in [i.lower() for i in yaml_data['tags']['analytic_story']]:
625-
return True
628+
if "analytic_story" in yaml_data:
629+
if field_name.lower() in [i.lower() for i in yaml_data['analytic_story']]:
630+
return True
626631

627632
elif yaml_key_name == "id":
628633
if yaml_data.get(yaml_key_name).lower() == field_name.lower():

0 commit comments

Comments
 (0)