Merge pull request #20 from mitre-attack/develop

Fix Discovery and Get API root Information endpoints
mitre-attack · Sep 12, 2024 · f8d4a9f · f8d4a9f
2 parents 618f493 + 210189e
commit f8d4a9f
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 21 deletions.
diff --git a/config/template.env b/config/template.env
@@ -27,7 +27,7 @@ CERTBOT_LE_RSA_KEY_SIZE=4096
 # **********************************************************
 # ***** CONTACT INFORMATION ********************************
 # **********************************************************
-TAXII_API_ROOT_PATH=api
+TAXII_API_ROOT_PATH=/api
 TAXII_API_ROOT_TITLE=ATT&CK Workbench TAXII 2.1 Server
 TAXII_API_ROOT_DESCRIPTION=Provides access to the latest version of ATT&CK data through a TAXII 2.1 compliant REST API
 TAXII_CONTACT=[email protected]

diff --git a/src/common/interceptors/snake-case.interceptor.ts b/src/common/interceptors/snake-case.interceptor.ts
@@ -0,0 +1,34 @@
+import { Injectable, NestInterceptor, ExecutionContext, CallHandler } from '@nestjs/common';
+import { Observable } from 'rxjs';
+import { map } from 'rxjs/operators';
+
+@Injectable()
+export class SnakeCaseInterceptor implements NestInterceptor {
+    intercept(context: ExecutionContext, next: CallHandler): Observable<any> {
+        return next.handle().pipe(
+            map(data => this.transform(data))
+        );
+    }
+
+    private transform(data: any) {
+        if (Array.isArray(data)) {
+            return data.map(item => this.transformToSnakeCase(item));
+        }
+        return this.transformToSnakeCase(data);
+    }
+
+    private transformToSnakeCase(data: any) {
+        if (typeof data !== 'object' || data === null) {
+            return data;
+        }
+
+        const snakeCaseData = {};
+        for (const key in data) {
+            if (Object.prototype.hasOwnProperty.call(data, key)) {
+                const snakeKey = key.replace(/[A-Z]/g, letter => `_${letter.toLowerCase()}`);
+                snakeCaseData[snakeKey] = this.transform(data[key]);
+            }
+        }
+        return snakeCaseData;
+    }
+}
diff --git a/src/common/middleware/content-negotiation/supported-media-types.ts b/src/common/middleware/content-negotiation/supported-media-types.ts
@@ -1,12 +1,14 @@
 export enum SupportedMediaTypes {
-  "application" = "application",
+  Application = "application",
 }
 
 export enum SupportedMediaSubTypes {
-  "taxii+json" = "taxii+json",
+  TaxiiJson = "taxii+json",
 }
 
 export enum SupportedMediaVersion {
   V21 = "2.1",
   LATEST = "2.1",
 }
+
+export const DEFAULT_CONTENT_TYPE = `${SupportedMediaTypes.Application}/${SupportedMediaSubTypes.TaxiiJson};version=${SupportedMediaVersion.LATEST}` as const;
diff --git a/src/config/defaults.ts b/src/config/defaults.ts
@@ -2,7 +2,7 @@ export const DEFAULT_ENV = "dev";
 export const DEFAULT_APP_ADDRESS = "0.0.0.0";
 export const DEFAULT_APP_PORT = 5002;
 export const DEFAULT_MAX_CONTENT_LENGTH = 1000;
-export const DEFAULT_API_ROOT_PATH = "api/v21";
+export const DEFAULT_API_ROOT_PATH = "/api/v21";
 export const DEFAULT_API_ROOT_TITLE = "MITRE ATT&CK TAXII 2.1";
 export const DEFAULT_API_ROOT_DESCRIPTION =
   "This API Root contains TAXII 2.1 REST API endpoints that serve MITRE ATT&CK STIX 2.1 data";

diff --git a/src/taxii/controllers/collections/collections.controller.ts b/src/taxii/controllers/collections/collections.controller.ts
@@ -8,9 +8,6 @@ import {
   UseFilters,
   UseInterceptors,
 } from "@nestjs/common";
-
-import { ApiExcludeEndpoint, ApiHeader, ApiOkResponse } from "@nestjs/swagger";
-
 // ** logger ** //
 import { TaxiiLoggerService as Logger } from "src/common/logger/taxii-logger.service";
 
@@ -38,6 +35,7 @@ import { TaxiiExceptionFilter } from "src/common/exceptions/taxii-exception.filt
 import { TimestampQuery } from "src/common/decorators/timestamp.query.decorator";
 import { NumberQuery } from "src/common/decorators/number.query.decorator";
 import { TaxiiServiceUnavailableException } from "src/common/exceptions";
+import { SnakeCaseInterceptor } from "src/common/interceptors/snake-case.interceptor";
 import {
   SetTaxiiDateHeadersInterceptor,
   TaxiiDateFrom,
@@ -46,8 +44,10 @@ import {
 // ** transformation pipes ** //
 import { ParseTimestampPipe } from "src/common/pipes/parse-timestamp.pipe";
 import { ParseMatchQueryParamPipe } from "src/common/pipes/parse-match-query-param.pipe";
+import { instanceToPlain } from "class-transformer";
 
 // ** open-api ** //
+import { ApiExcludeEndpoint, ApiHeader, ApiOkResponse } from "@nestjs/swagger";
 import { SwaggerDocumentation as SWAGGER } from "./collections.controller.swagger.json";
 import { VersionsResource } from "../../providers/version/dto/versions-resource";
 import { EnvelopeResource } from "src/taxii/providers/envelope/dto/envelope-resource";
@@ -60,6 +60,7 @@ import { ManifestResource } from "../../providers/manifest/dto";
   description: SWAGGER.AcceptHeader.Description,
 })
 @Controller("/collections")
+@UseInterceptors(SnakeCaseInterceptor)
 @UseFilters(new TaxiiExceptionFilter())
 export class CollectionsController {
   constructor(
@@ -97,7 +98,8 @@ export class CollectionsController {
       `Received request for a single collection with options { collectionId: ${collectionId} }`,
       this.constructor.name
     );
-    return await this.collectionService.findOne(collectionId);
+    const collection = await this.collectionService.findOne(collectionId);
+    return instanceToPlain(collection, { excludeExtraneousValues: true }) as TaxiiCollectionDto;
   }
 
   @ApiOkResponse({

diff --git a/src/taxii/controllers/root/root.controller.ts b/src/taxii/controllers/root/root.controller.ts
@@ -1,4 +1,4 @@
-import { Controller, Get, Param } from "@nestjs/common";
+import { ClassSerializerInterceptor, Controller, Get, Param, UseInterceptors } from "@nestjs/common";
 import { TaxiiServiceUnavailableException } from "src/common/exceptions";
 import { TaxiiLoggerService as Logger } from "src/common/logger/taxii-logger.service";
 import { DiscoveryService } from "src/taxii/providers";
@@ -7,8 +7,10 @@ import { ApiOkResponse } from "@nestjs/swagger";
 import { DiscoveryResource } from "../../providers/discovery/dto";
 import { SwaggerDocumentation as SWAGGER } from "./root.controller.swagger.json";
 import { ApiRootResource } from "../../providers/discovery/dto";
+import { SnakeCaseInterceptor } from "src/common/interceptors/snake-case.interceptor";
 
 @Controller()
+@UseInterceptors(SnakeCaseInterceptor)
 export class RootController {
   constructor(
     private readonly discoveryService: DiscoveryService,

diff --git a/src/taxii/providers/discovery/discovery.service.ts b/src/taxii/providers/discovery/discovery.service.ts
@@ -1,6 +1,7 @@
 import { Injectable } from "@nestjs/common";
 import { TaxiiConfigService } from "src/config";
 import { DiscoverOptions, DiscoveryDto, ApiRootDto } from "./dto";
+import { DEFAULT_CONTENT_TYPE } from "src/common/middleware/content-negotiation/supported-media-types";
 
 @Injectable()
 export class DiscoveryService {
@@ -22,9 +23,9 @@ export class DiscoveryService {
     return new ApiRootDto({
       title: this.config.API_ROOT_TITLE,
       description: this.config.API_ROOT_DESCRIPTION,
-      version: "application/taxii+json;version=2.1", // ** A value of "application/taxii+json;version=2.1" MUST
-      // be included in this list to indicate conformance with
-      // this specification. ** //
+      versions: [
+        DEFAULT_CONTENT_TYPE, // ** A value of "application/taxii+json;version=2.1" MUST be included in this list to indicate conformance with this specification. ** //
+      ],
       maxContentLength: this.config.MAX_CONTENT_LENGTH,
     });
   }

diff --git a/src/taxii/providers/discovery/dto/api-root.dto.ts b/src/taxii/providers/discovery/dto/api-root.dto.ts
@@ -1,11 +1,11 @@
-import { IsEnum, IsOptional, IsString } from "class-validator";
+import { IsNumber, IsOptional, IsString } from "class-validator";
 import { Exclude, Expose } from "class-transformer";
 
 export interface ApiRootOptions {
-  title?: string;
+  title: string;
   description?: string;
-  version?: string;
-  maxContentLength?: number;
+  versions: string[];
+  maxContentLength: number;
 }
 
 @Exclude()
@@ -37,8 +37,7 @@ export class ApiRootDto {
    * @required    true
    */
   @Expose()
-  //@IsEnum(DEFAULT_MEDIA_TYPE)  TODO: determine how to validate that string is equal to MediaType.get()
-  version: string;
+  versions: string[]; // TODO validate each media type in the list
 
   /**
    * @descr       The maximum size of the request body in octets (8-bit bytes) that the server can support. The
@@ -51,9 +50,9 @@ export class ApiRootDto {
    * @type        Number (integer)
    * @required    true
    */
-  @Expose()
-  //@IsEnum(MaxContentLength)
-  maxContentLength: 1000;
+  @Expose({ name: 'max_content_length' })
+  @IsNumber()
+  maxContentLength: 1000; // TODO revisit this. 1000 is just a placeholder and has no bearing on server functionality. it is also a static unchangable value.
 
   constructor(options: ApiRootOptions) {
     Object.assign(this, options);