From a5fc4e7029ba48c6d55deb94916e228c6c72f9e2 Mon Sep 17 00:00:00 2001 From: Sean Sica <23294618+seansica@users.noreply.github.com> Date: Mon, 6 Nov 2023 15:23:19 -0500 Subject: [PATCH] Add 'type' member variable to BaseService and integrate object STIX type validation check to 'create' method --- app/controllers/groups-controller.js | 2 +- app/services/_base.service.js | 11 +++++++++-- app/services/assets-service.js | 3 +-- app/services/groups-service.js | 18 ++---------------- app/services/matrices-service.js | 6 +++--- app/tests/api/groups/groups.query.spec.js | 2 +- 6 files changed, 17 insertions(+), 25 deletions(-) diff --git a/app/controllers/groups-controller.js b/app/controllers/groups-controller.js index b093d3dd..99251314 100644 --- a/app/controllers/groups-controller.js +++ b/app/controllers/groups-controller.js @@ -100,7 +100,7 @@ exports.create = async function(req, res) { // Create the group try { - const group = await groupsService.createGroup(groupData, options); + const group = await groupsService.create(groupData, options); logger.debug('Success: Created group with id ' + group.stix.id); return res.status(201).send(group); } diff --git a/app/services/_base.service.js b/app/services/_base.service.js index 1e599bca..41a907fb 100644 --- a/app/services/_base.service.js +++ b/app/services/_base.service.js @@ -8,13 +8,15 @@ const config = require('../config/config'); const { DatabaseError, IdentityServiceError, MissingParameterError, - InvalidQueryStringParameterError } = require('../exceptions'); + InvalidQueryStringParameterError, + InvalidTypeError } = require('../exceptions'); const AbstractService = require('./_abstract.service'); class BaseService extends AbstractService { - constructor(repository) { + constructor(type, repository) { super(); + this.type = type; this.repository = repository; } @@ -216,6 +218,11 @@ class BaseService extends AbstractService { if (BaseService.isCallback(arguments[arguments.length - 1])) { callback = arguments[arguments.length - 1]; } + + if (data?.stix?.type !== this.type) { + throw new InvalidTypeError(); + } + // eslint-disable-next-line no-useless-catch try { // This function handles two use cases: diff --git a/app/services/assets-service.js b/app/services/assets-service.js index 6e30ed58..d9f6c52a 100644 --- a/app/services/assets-service.js +++ b/app/services/assets-service.js @@ -5,7 +5,6 @@ const assetsRepository = require('../repository/assets-repository'); const BaseService = require('./_base.service'); - class AssetsService extends BaseService { } -module.exports = new AssetsService(assetsRepository); \ No newline at end of file +module.exports = new AssetsService('x-mitre-asset', assetsRepository); \ No newline at end of file diff --git a/app/services/groups-service.js b/app/services/groups-service.js index 6a06a6c5..0a8b098e 100644 --- a/app/services/groups-service.js +++ b/app/services/groups-service.js @@ -2,21 +2,7 @@ const BaseService = require('./_base.service'); const groupsRepository = require('../repository/groups-repository'); -const { InvalidTypeError } = require('../exceptions'); -class GroupsService extends BaseService { +class GroupsService extends BaseService { } - createGroup(data, options) { - - // Overrides the base method for groups to inject an additional - // logic check to verify that the creation request is not for an - // intrusion-set, which is an unsupported/invalid use case. - - if (data.stix.type !== 'intrusion-set') { - throw new InvalidTypeError(); - } - return this.create(data, options); - } -} - -module.exports = new GroupsService(groupsRepository); \ No newline at end of file +module.exports = new GroupsService('intrusion-set', groupsRepository); \ No newline at end of file diff --git a/app/services/matrices-service.js b/app/services/matrices-service.js index 07020f42..858a2e18 100644 --- a/app/services/matrices-service.js +++ b/app/services/matrices-service.js @@ -9,8 +9,8 @@ const BaseService = require('./_base.service'); class MatrixService extends BaseService { - constructor(repository) { - super(repository); + constructor(type, repository) { + super(type, repository); this.retrieveTacticById = null; this.retrieveTechniquesForTactic = null; @@ -115,4 +115,4 @@ class MatrixService extends BaseService { } } -module.exports = new MatrixService(matrixRepository); \ No newline at end of file +module.exports = new MatrixService('x-mitre-matrix', matrixRepository); \ No newline at end of file diff --git a/app/tests/api/groups/groups.query.spec.js b/app/tests/api/groups/groups.query.spec.js index 6d06c5d3..7d6210b8 100644 --- a/app/tests/api/groups/groups.query.spec.js +++ b/app/tests/api/groups/groups.query.spec.js @@ -127,7 +127,7 @@ async function loadGroups(groups) { } // eslint-disable-next-line no-await-in-loop - await groupsService.createGroup(group, { import: false, userAccountId: group.userAccountId }); + await groupsService.create(group, { import: false, userAccountId: group.userAccountId }); } }