refactor navigator layer metadata (#88)

* refactor navigator layer metadata * fix errors * fix tests --------- Co-authored-by: Eva <[email protected]>
center-for-threat-informed-defense · Feb 27, 2024 · 560953d · 560953d
1 parent 1e44e4b
commit 560953d
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 37 deletions.
diff --git a/src/mapex/write_parsed_mappings.py b/src/mapex/write_parsed_mappings.py
@@ -364,46 +364,42 @@ def get_techniques_dict(mapping_objects):
         tehchnique_id = mapping["attack_object_id"]
         capability_id = mapping["capability_id"]
 
-        # add score metadata if it is a scoring mapping
-        score_metadata = mapping["mapping_type"] == "technique_scores"
-
-        if score_metadata:
-            # define metadata objects
-            metadata_control = {"name": "control", "value": mapping["capability_id"]}
-            metadata_score_category = {
-                "name": "category",
-                "value": mapping["score_category"],
-            }
-            metadata_score_value = {"name": "value", "value": mapping["score_value"]}
-            metadata_comment = {"name": "comment", "value": mapping["comments"]}
-            divider = {"divider": True}
+        # define metadata
+        metadata = []
+        if mapping.get("score_category"):
+            metadata.append(
+                {
+                    "name": "category",
+                    "value": mapping["score_category"],
+                }
+            )
+
+        if mapping.get("score_value"):
+            metadata.append({"name": "value", "value": mapping["score_value"]})
+
+        if mapping.get("comments"):
+            metadata.append({"name": "comment", "value": mapping["comments"]})
 
         if techniques_dict.get(tehchnique_id):
             # add capability information to technique it is mapped to
             techniques_dict[tehchnique_id]["capability_ids"].append(capability_id)
-            if score_metadata:
-                metadata_info = [
-                    metadata_control,
-                    metadata_score_category,
-                    metadata_score_value,
-                    metadata_comment,
-                    divider,
-                ]
-                if "metadata" in techniques_dict[tehchnique_id]:
-                    techniques_dict[tehchnique_id]["metadata"].extend(metadata_info)
-                else:
-                    techniques_dict[tehchnique_id]["metadata"] = metadata_info
+            metadata_info = [{"name": "control", "value": mapping["capability_id"]}]
+            metadata_info.extend(metadata)
+            metadata_info.append({"divider": True})
+
+            if "metadata" in techniques_dict[tehchnique_id]:
+                techniques_dict[tehchnique_id]["metadata"].extend(metadata_info)
+            else:
+                techniques_dict[tehchnique_id]["metadata"] = metadata_info
         else:
             # add capability information to technique it is mapped to
             techniques_dict[tehchnique_id] = {"capability_ids": [capability_id]}
-            if score_metadata:
-                techniques_dict[tehchnique_id]["metadata"] = [
-                    metadata_control,
-                    metadata_score_category,
-                    metadata_score_value,
-                    metadata_comment,
-                    divider,
-                ]
+            techniques_dict[tehchnique_id]["metadata"] = [
+                {"name": "control", "value": mapping["capability_id"]}
+            ]
+            techniques_dict[tehchnique_id]["metadata"].extend(metadata)
+            techniques_dict[tehchnique_id]["metadata"].append({"divider": True})
+
     return techniques_dict
 
 

diff --git a/src/mapex_convert/parse_cve_mappings.py b/src/mapex_convert/parse_cve_mappings.py
@@ -80,8 +80,7 @@ def configure_cve_mappings(df, attack_id_to_name_dict):
                     # get capability product description from cve api
                     try:
                         response = requests.get(
-                            f"https://cveawg.mitre.org/api/cve/{capability_id}/",
-                            verify=False,
+                            f"https://cveawg.mitre.org/api/cve/{capability_id}/"
                         ).json()
                         descriptions = response["containers"]["cna"]["affected"]
                         capability_description = descriptions[0]["product"].strip()

diff --git a/tests/expected_results/expected_results_navigator_layer.py b/tests/expected_results/expected_results_navigator_layer.py
@@ -9,13 +9,13 @@
             "techniqueID": "T1137",
             "score": 1,
             "comment": "Related to AC-10",
-            "metadata": [],
+            "metadata": [{"name": "control", "value": "AC-10"}, {"divider": True}],
         },
         {
             "techniqueID": "T1137.002",
             "score": 1,
             "comment": "Related to AC-10",
-            "metadata": [],
+            "metadata": [{"name": "control", "value": "AC-10"}, {"divider": True}],
         },
     ],
     "gradient": {"colors": ["#ffe766", "#ffaf66"], "minValue": 1, "maxValue": 1},