From 68454ba2695e66e4e62541f41d5cb40445c89be2 Mon Sep 17 00:00:00 2001
From: Jack Sheriff <jsheriff@mitre.org>
Date: Thu, 19 May 2022 17:54:14 -0400
Subject: [PATCH] Fix error with ICS domain name. Add relationship collection
 to clear database script.

---
 app/services/collection-bundles-service.js      | 15 +++++++++++----
 app/services/stix-bundles-service.js            | 10 ++++++----
 app/tests/api/stix-bundles/stix-bundles.spec.js |  2 +-
 scripts/clearDatabase.js                        |  4 ++++
 4 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/app/services/collection-bundles-service.js b/app/services/collection-bundles-service.js
index 5d4959dc..420e011b 100644
--- a/app/services/collection-bundles-service.js
+++ b/app/services/collection-bundles-service.js
@@ -747,8 +747,8 @@ async function addDerivedDataSources(bundleObjects) {
     const icsDataSourceValues = await systemConfigurationService.retrieveAllowedValuesForTypePropertyDomain('technique', 'x_mitre_data_sources', 'ics-attack');
     for (const bundleObject of bundleObjects) {
         if (bundleObject.type === 'attack-pattern') {
-            const enterpriseDomain = bundleObject.x_mitre_domains.find(domain => domain === 'enterprise-attack');
-            const icsDomain = bundleObject.x_mitre_domains.find(domain => domain === 'attack-ics');
+            const enterpriseDomain = bundleObject.x_mitre_domains.includes('enterprise-attack');
+            const icsDomain = bundleObject.x_mitre_domains.includes('ics-attack');
             if (enterpriseDomain && !icsDomain) {
                 // Remove any existing data sources
                 bundleObject.x_mitre_data_sources = [];
@@ -776,11 +776,18 @@ async function addDerivedDataSources(bundleObjects) {
             }
             else if (icsDomain && !enterpriseDomain) {
                 // Remove any data sources that are not in the list of valid ICS data sources
-                bundleObject.x_mitre_data_sources = bundleObject.x_mitre_data_sources.filter(source => icsDataSourceValues.allowedValues.find(value => value === source));
+                if (Array.isArray(bundleObject.x_mitre_data_sources)) {
+                    bundleObject.x_mitre_data_sources = bundleObject.x_mitre_data_sources.filter(source => icsDataSourceValues.allowedValues.includes(source));
+                }
             }
             else if (enterpriseDomain && icsDomain) {
                 // Remove any data sources that are not in the list of valid ICS data sources
-                bundleObject.x_mitre_data_sources = bundleObject.x_mitre_data_sources.filter(source => icsDataSourceValues.allowedValues.find(value => value === source));
+                if (Array.isArray(bundleObject.x_mitre_data_sources)) {
+                    bundleObject.x_mitre_data_sources = bundleObject.x_mitre_data_sources.filter(source => icsDataSourceValues.allowedValues.includes(source));
+                }
+                else {
+                    bundleObject.x_mitre_data_sources = [];
+                }
 
                 // Add in any enterprise data sources from detects relationships
                 const dataComponentIds = techniqueDetectedBy.get(bundleObject.id);
diff --git a/app/services/stix-bundles-service.js b/app/services/stix-bundles-service.js
index e39082d3..caf798d4 100644
--- a/app/services/stix-bundles-service.js
+++ b/app/services/stix-bundles-service.js
@@ -369,8 +369,8 @@ exports.exportBundle = async function(options) {
     const icsDataSourceValues = await systemConfigurationService.retrieveAllowedValuesForTypePropertyDomain('technique', 'x_mitre_data_sources', 'ics-attack');
     for (const bundleObject of bundle.objects) {
         if (bundleObject.type === 'attack-pattern') {
-            const enterpriseDomain = bundleObject.x_mitre_domains.find(domain => domain === 'enterprise-attack');
-            const icsDomain = bundleObject.x_mitre_domains.find(domain => domain === 'attack-ics');
+            const enterpriseDomain = bundleObject.x_mitre_domains.includes('enterprise-attack');
+            const icsDomain = bundleObject.x_mitre_domains.includes('ics-attack');
             if (enterpriseDomain && !icsDomain) {
                 // Remove any existing data source string entries
                 bundleObject.x_mitre_data_sources = [];
@@ -399,11 +399,13 @@ exports.exportBundle = async function(options) {
             }
             else if (icsDomain && !enterpriseDomain) {
                 // Remove any existing data source string entries that are not in the list of valid ICS data sources
-                bundleObject.x_mitre_data_sources = bundleObject.x_mitre_data_sources.filter(source => icsDataSourceValues.allowedValues.find(value => value === source));
+                if (Array.isArray(bundleObject.x_mitre_data_sources)) {
+                    bundleObject.x_mitre_data_sources = bundleObject.x_mitre_data_sources.filter(source => icsDataSourceValues.allowedValues.includes(source));
+                }
             }
             else if (enterpriseDomain && icsDomain) {
                 // Remove any existing data source string entries that are not in the list of valid ICS data sources
-                bundleObject.x_mitre_data_sources = bundleObject.x_mitre_data_sources.filter(source => icsDataSourceValues.allowedValues.find(value => value === source));
+                bundleObject.x_mitre_data_sources = bundleObject.x_mitre_data_sources.filter(source => icsDataSourceValues.allowedValues.includes(source));
 
                 // Add data source string entries based on the data sources associated with the technique
                 //   data component detects technique AND data component refers to data source
diff --git a/app/tests/api/stix-bundles/stix-bundles.spec.js b/app/tests/api/stix-bundles/stix-bundles.spec.js
index 6d276e70..e6b1074e 100644
--- a/app/tests/api/stix-bundles/stix-bundles.spec.js
+++ b/app/tests/api/stix-bundles/stix-bundles.spec.js
@@ -10,7 +10,7 @@ const login = require('../../shared/login');
 
 const enterpriseDomain = 'enterprise-attack';
 const mobileDomain = 'mobile-attack';
-const icsDomain = 'attack-ics';
+const icsDomain = 'ics-attack';
 
 const collectionId = 'x-mitre-collection--30ee11cf-0a05-4d9e-ab54-9b8563669647';
 const collectionTimestamp = new Date().toISOString();
diff --git a/scripts/clearDatabase.js b/scripts/clearDatabase.js
index d86a0691..7d99f524 100644
--- a/scripts/clearDatabase.js
+++ b/scripts/clearDatabase.js
@@ -14,6 +14,7 @@
 'use strict';
 
 const AttackObject = require('../app/models/attack-object-model');
+const Relationship = require('../app/models/relationship-model');
 const Reference = require('../app/models/reference-model');
 
 async function clearDatabase() {
@@ -24,6 +25,9 @@ async function clearDatabase() {
     let result = await AttackObject.deleteMany();
     console.log(`Deleted ${ result.deletedCount } objects from the attackObjects collection.`);
 
+    result = await Relationship.deleteMany();
+    console.log(`Deleted ${ result.deletedCount } objects from the relationships collection.`);
+
     result = await Reference.deleteMany();
     console.log(`Deleted ${ result.deletedCount } objects from the references collection.`);
 }