From 33d283042510c3da169575d93d12dea0138b893e Mon Sep 17 00:00:00 2001 From: Evan Lucchesi Leon <189633144+elucchesileon@users.noreply.github.com> Date: Thu, 23 Oct 2025 13:03:31 -0400 Subject: [PATCH 1/2] refactor: no longer exclude any relationship patterns --- app/services/stix-bundles-service.js | 67 ---------------------------- 1 file changed, 67 deletions(-) diff --git a/app/services/stix-bundles-service.js b/app/services/stix-bundles-service.js index 8cdf587c..59cc7a67 100644 --- a/app/services/stix-bundles-service.js +++ b/app/services/stix-bundles-service.js @@ -106,67 +106,6 @@ class StixBundlesService extends BaseService { }; } - // ============================ - // Deprecated Pattern Filtering - // ============================ - - /** - * Defines deprecated patterns that should be excluded from new spec bundles. - * This centralized list makes it easy to manage which deprecated patterns - * are filtered out of exports when using the new ATT&CK specification. - * - * Each entry defines criteria for filtering: - * - type: The STIX object type (e.g., 'relationship') - * - conditions: Object with properties that must match for exclusion - * - * DEPRECATED PATTERNS (ATT&CK v17+): - * - SRO - * Reason: Data components no longer detect techniques; detection strategies do - */ - static DEPRECATED_PATTERNS = [ - { - type: 'relationship', - conditions: { - relationship_type: 'detects', - sourceTypePrefix: 'x-mitre-data-component--', - }, - reason: 'Data components cannot detect techniques in v17+ (only detection strategies can)', - }, - ]; - - /** - * Checks if a STIX object matches any deprecated pattern and should be excluded. - * @param {Object} stixObject - The STIX object to check - * @returns {boolean} True if the object matches a deprecated pattern - */ - static isDeprecatedPattern(stixObject) { - for (const pattern of StixBundlesService.DEPRECATED_PATTERNS) { - if (stixObject.type !== pattern.type) { - continue; - } - - // Check all conditions for this pattern - let matchesAllConditions = true; - for (const [key, value] of Object.entries(pattern.conditions)) { - if (key === 'sourceTypePrefix') { - // Special handling for source_ref prefix matching - if (!stixObject.source_ref?.startsWith(value)) { - matchesAllConditions = false; - break; - } - } else if (stixObject[key] !== value) { - matchesAllConditions = false; - break; - } - } - - if (matchesAllConditions) { - return true; - } - } - return false; - } - // ============================ // Domain and Type Validation // ============================ @@ -296,18 +235,12 @@ class StixBundlesService extends BaseService { * Adds a relationship to the STIX bundle, if: * - It is active, as per relationshipIsActive() * - Its source_ref and target_ref exist in objectsMap - * - It does not match any deprecated patterns * * @param {Object} relationship - The relationship object to add * @param {Object} bundle - The STIX bundle being built * @param {Map} objectsMap - Map tracking objects in the bundle */ static addRelationshipToBundle(relationship, bundle, objectsMap) { - // Filter out deprecated patterns (e.g., data component detects relationships) - if (StixBundlesService.isDeprecatedPattern(relationship.stix)) { - return; - } - if ( StixBundlesService.relationshipIsActive(relationship) && objectsMap.has(relationship.stix.source_ref) && From 6cd28ea92b35d3e1e672fd6c3e056519442d3a9d Mon Sep 17 00:00:00 2001 From: Evan Lucchesi Leon <189633144+elucchesileon@users.noreply.github.com> Date: Fri, 24 Oct 2025 09:54:39 -0400 Subject: [PATCH 2/2] fix: changes to tests for previos refactor --- app/tests/api/stix-bundles/stix-bundles.spec.js | 1 + 1 file changed, 1 insertion(+) diff --git a/app/tests/api/stix-bundles/stix-bundles.spec.js b/app/tests/api/stix-bundles/stix-bundles.spec.js index 153a2814..e4092d25 100644 --- a/app/tests/api/stix-bundles/stix-bundles.spec.js +++ b/app/tests/api/stix-bundles/stix-bundles.spec.js @@ -424,6 +424,7 @@ const newSpecBundleData = { object_marking_refs: [markingDefinitionId], created_by_ref: mitreIdentityId, external_references: [], + x_mitre_deprecated: true, }, // ========================================