Merge pull request #177 from hcristea/master

isaisabel · web-flow · commit 7f0276c3b906 · 2021-08-30T08:54:16.000-04:00
Fix examples of software_used_by_groups and techniques_using_software: Combine malware with tools instead of overwriting.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 hashes.json
 *.pyc
 .DS_Store
+.idea
diff --git a/USAGE.md b/USAGE.md
@@ -764,8 +764,13 @@ def get_related(thesrc, src_type, rel_type, target_type, reverse=False):
 # software:group
 def software_used_by_groups(thesrc):
     """returns group_id => {software, relationship} for each software used by the group."""
-    x = get_related(thesrc, "intrusion-set", "uses", "tool")
-    x.update(get_related(thesrc, "intrusion-set", "uses", "malware"))
+    x = get_related(thesrc, "intrusion-set", "uses", "malware")
+    x_tool = get_related(thesrc, "intrusion-set", "uses", "tool")
+    for key in x_tool:
+      if key in x:
+        x[key].extend(x_tool[key])
+      else:
+        x[key] = x_tool[key]
     return x
 
 def groups_using_software(thesrc):
@@ -793,7 +798,12 @@ def techniques_used_by_software(thesrc):
 def software_using_technique(thesrc):
     """return technique_id  => {software, relationship} for each software using the technique."""
     x = get_related(thesrc, "malware", "uses", "attack-pattern", reverse=True)
-    x.update(get_related(thesrc, "tool", "uses", "attack-pattern", reverse=True))
+    x_tool = get_related(thesrc, "tool", "uses", "attack-pattern", reverse=True)
+    for key in x_tool:
+      if key in x:
+        x[key].extend(x_tool[key])
+      else:
+        x[key] = x_tool[key]
     return x
 
 # technique:mitigation
