diff --git a/app/controllers/matrices-controller.js b/app/controllers/matrices-controller.js index 078ffd33..b969fbd2 100644 --- a/app/controllers/matrices-controller.js +++ b/app/controllers/matrices-controller.js @@ -169,9 +169,8 @@ exports.deleteById = function(req, res) { }); }; - -exports.retrieveVersionTechniquesById = async function(req, res) { - await matricesService.retrieveVersionTechniquesById(req.params.stixId, req.params.modified, function (err, matrix) { +exports.retrieveTechniquesForMatrix = function(req, res) { + matricesService.retrieveTechniquesForMatrix(req.params.stixId, req.params.modified, function (err, techniquesByTactic) { if (err) { if (err.message === matricesService.errors.badlyFormattedParameter) { logger.warn('Badly formatted stix id: ' + req.params.stixId); @@ -179,15 +178,15 @@ exports.retrieveVersionTechniquesById = async function(req, res) { } else { logger.error('Failed with error: ' + err); - return res.status(500).send('Unable to get matrix techniques. Server error.'); + return res.status(500).send('Unable to get techniques for matrix. Server error.'); } } else { - if (!matrix) { + if (!techniquesByTactic) { return res.status(404).send('Matrix not found.'); } else { - logger.debug(`Success: Retrieved matrix techniques with id ${matrix.id}`); - return res.status(200).send(matrix); + logger.debug(`Success: Retrieved techniques for matrix with id ${ req.params.stixId }`); + return res.status(200).send(techniquesByTactic); } } }); diff --git a/app/routes/matrices-routes.js b/app/routes/matrices-routes.js index 62b1a1de..c666f09b 100644 --- a/app/routes/matrices-routes.js +++ b/app/routes/matrices-routes.js @@ -53,7 +53,7 @@ router.route('/matrices/:stixId/modified/:modified/techniques') .get( authn.authenticate, authz.requireRole(authz.visitorOrHigher, authz.readOnlyService), - matricesController.retrieveVersionTechniquesById + matricesController.retrieveTechniquesForMatrix ); module.exports = router; diff --git a/app/services/matrices-service.js b/app/services/matrices-service.js index 7a648a68..b5dd6312 100644 --- a/app/services/matrices-service.js +++ b/app/services/matrices-service.js @@ -216,7 +216,7 @@ exports.retrieveVersionById = function(stixId, modified, callback) { let retrieveTacticById; let retrieveTechniquesForTactic; -exports.retrieveVersionTechniquesById = async function(stixId, modified, callback) { +exports.retrieveTechniquesForMatrix = function(stixId, modified, callback) { // Retrieve the versions of the matrix techniques with the matching stixId and modified date // Late binding to avoid circular dependency between modules @@ -239,7 +239,7 @@ exports.retrieveVersionTechniquesById = async function(stixId, modified, callbac error.parameterName = 'modified'; return callback(error); } - + Matrix.findOne({ 'stix.id': stixId, 'stix.modified': modified }, async function(err, matrix) { if (err) { if (err.name === 'CastError') { @@ -255,40 +255,39 @@ exports.retrieveVersionTechniquesById = async function(stixId, modified, callbac if (matrix) { // get tactics, then query for techniques and sub-techniques const options = { versions: 'latest', offset: 0, limit: 0 }; - const tactics_techniques = {}; - for (const tactic_id of matrix['stix']['tactic_refs']) { - let tactic = await retrieveTacticById(tactic_id, options); - if (tactic) { - tactic = tactic[0]; - const techniques = await retrieveTechniquesForTactic(tactic_id, tactic['stix']['modified'], options); - // Organize sub-techniques under super techniques - const super_techniques = []; - const sub_techniques = []; + const tacticsTechniques = {}; + for (const tacticId of matrix.stix.tactic_refs) { + const tactics = await retrieveTacticById(tacticId, options); + if (tactics.length) { + const tactic = tactics[0]; + const techniques = await retrieveTechniquesForTactic(tacticId, tactic.stix.modified, options); + // Organize sub-techniques under parent techniques + const parentTechniques = []; + const subtechniques = []; for (const technique of techniques) { - if (technique['stix']['x_mitre_is_subtechnique'] === false) { - super_techniques.push(technique); + if (!technique.stix.x_mitre_is_subtechnique) { + parentTechniques.push(technique); } else { - sub_techniques.push(technique); + subtechniques.push(technique); } } - for (const super_technique of super_techniques) { - super_technique['subtechniques'] = []; - for (const sub_technique of sub_techniques) { - if (sub_technique['workspace']['attack_id'].split(".")[0] === super_technique['workspace']['attack_id']) { - super_technique['subtechniques'].push(sub_technique); + for (const parentTechnique of parentTechniques) { + parentTechnique.subtechniques = []; + for (const subtechnique of subtechniques) { + if (subtechnique.workspace.attack_id.split(".")[0] === parentTechnique.workspace.attack_id) { + parentTechnique.subtechniques.push(subtechnique); } } } // Add techniques to tactic & store tactic - tactic['techniques'] = super_techniques; - tactics_techniques[tactic['stix']['name']] = tactic; + tactic.techniques = parentTechniques; + tacticsTechniques[tactic.stix.name] = tactic; } } - return callback(null, tactics_techniques); + return callback(null, tacticsTechniques); } else { - console.log('** NOT FOUND'); return callback(); } }