atternio


Nameatternio JSON
Version 0.2.0 PyPI version JSON
download
home_pagehttps://github.com/seppzer0/atternio
SummaryA PoC tool for CWE prioritization according to MITRE CAPEC dictionary.
upload_time2023-07-22 19:22:51
maintainer
docs_urlNone
authorseppzer0
requires_python>=3.9,<4.0
license
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls. 
            # Introduction

Atternio is a PoC tool powered by [flawfinder](https://github.com/david-a-wheeler/flawfinder) for CWE prioritization according to MITRE CAPEC dictionary.

The tool utilises open source CAPEC data provided in the form of JSON (STIX 2.x) files.

## Algorithm

The tool receives a path to C/C++ sources as an input, which is passed to flawfinder to find CWEs.

Each CWE is searched through CAPEC data to determine attack patterns (CAPEC-IDs) it can used in.

When analyzing CAPEC data, the following metrics are taken into account:

* Severity (`x_capec_severity`);
* Likelihood (`x_capec_likelihood_of_attack`).

An individual CWE can be found in multiple CAPEC-IDs.

For each CWE in CAPEC-ID risk points are calculated using the following formula:

```text
cwe_risk = severity + likelihood
```

Each CAPEC-ID can contain multiple detected CWEs:

```text
capec_risk = sum(cwe_risk)
```

Finally, the total number of risk points:

```text
total_risk = sum(capec_risk)
```

When the risk enumeration is complete, the tool will output 2 tables:

* **CWE Records** - all CWEs detected with their location in provided sources;
* **Prioritized CWE Records** - prioritized CWEs with related CAPECs and percentage of shared risk.

## Usage

```help
$ python3 atternio/ --help
usage: [-h] --source PATH_INPUT [--install-dictionary] [-o OUTPUT] [--results]

Atternio - a PoC tool for CWE prioritization according to MITRE CAPEC dictionary.

optional arguments:
  -h, --help            show this help message and exit
  --source PATH_INPUT   path to file or directory
  --install-dictionary  if CAPEC dictionary is not present, install it
                        automatically
  -o OUTPUT, --output OUTPUT
                        path to output file
  --results             show only RESULTS section
 ```

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/seppzer0/atternio",
    "name": "atternio",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.9,<4.0",
    "maintainer_email": "",
    "keywords": "",
    "author": "seppzer0",
    "author_email": "",
    "download_url": "https://files.pythonhosted.org/packages/99/70/a5ebb24ad514502f76ab7404d7f7ee40207e90ff81ce5811cc0bc280e778/atternio-0.2.0.tar.gz",
    "platform": null,
    "description": "# Introduction\n\nAtternio is a PoC tool powered by [flawfinder](https://github.com/david-a-wheeler/flawfinder) for CWE prioritization according to MITRE CAPEC dictionary.\n\nThe tool utilises open source CAPEC data provided in the form of JSON (STIX 2.x) files.\n\n## Algorithm\n\nThe tool receives a path to C/C++ sources as an input, which is passed to flawfinder to find CWEs.\n\nEach CWE is searched through CAPEC data to determine attack patterns (CAPEC-IDs) it can used in.\n\nWhen analyzing CAPEC data, the following metrics are taken into account:\n\n* Severity (`x_capec_severity`);\n* Likelihood (`x_capec_likelihood_of_attack`).\n\nAn individual CWE can be found in multiple CAPEC-IDs.\n\nFor each CWE in CAPEC-ID risk points are calculated using the following formula:\n\n```text\ncwe_risk = severity + likelihood\n```\n\nEach CAPEC-ID can contain multiple detected CWEs:\n\n```text\ncapec_risk = sum(cwe_risk)\n```\n\nFinally, the total number of risk points:\n\n```text\ntotal_risk = sum(capec_risk)\n```\n\nWhen the risk enumeration is complete, the tool will output 2 tables:\n\n* **CWE Records** - all CWEs detected with their location in provided sources;\n* **Prioritized CWE Records** - prioritized CWEs with related CAPECs and percentage of shared risk.\n\n## Usage\n\n```help\n$ python3 atternio/ --help\nusage: [-h] --source PATH_INPUT [--install-dictionary] [-o OUTPUT] [--results]\n\nAtternio - a PoC tool for CWE prioritization according to MITRE CAPEC dictionary.\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --source PATH_INPUT   path to file or directory\n  --install-dictionary  if CAPEC dictionary is not present, install it\n                        automatically\n  -o OUTPUT, --output OUTPUT\n                        path to output file\n  --results             show only RESULTS section\n ```\n\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "A PoC tool for CWE prioritization according to MITRE CAPEC dictionary.",
    "version": "0.2.0",
    "project_urls": {
        "Homepage": "https://github.com/seppzer0/atternio",
        "Repository": "https://github.com/seppzer0/atternio"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "aa848654ecc5435de20d54a2426d9d7da0706cd670ca204775e0fdd0b0c1a4e2",
                "md5": "e5522d45903bc713a316365494522a21",
                "sha256": "7642b648d15f9cae2acc45f92ad37ff69cb656ffb48e738eea45d67225b0e5da"
            },
            "downloads": -1,
            "filename": "atternio-0.2.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "e5522d45903bc713a316365494522a21",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.9,<4.0",
            "size": 9539,
            "upload_time": "2023-07-22T19:22:50",
            "upload_time_iso_8601": "2023-07-22T19:22:50.500581Z",
            "url": "https://files.pythonhosted.org/packages/aa/84/8654ecc5435de20d54a2426d9d7da0706cd670ca204775e0fdd0b0c1a4e2/atternio-0.2.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "9970a5ebb24ad514502f76ab7404d7f7ee40207e90ff81ce5811cc0bc280e778",
                "md5": "a346569751a56ab265c256efcd27f5af",
                "sha256": "764adcd891cf2d59281d77fa43495be093a901c4900778fee4d28bffcebc1369"
            },
            "downloads": -1,
            "filename": "atternio-0.2.0.tar.gz",
            "has_sig": false,
            "md5_digest": "a346569751a56ab265c256efcd27f5af",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.9,<4.0",
            "size": 7248,
            "upload_time": "2023-07-22T19:22:51",
            "upload_time_iso_8601": "2023-07-22T19:22:51.820386Z",
            "url": "https://files.pythonhosted.org/packages/99/70/a5ebb24ad514502f76ab7404d7f7ee40207e90ff81ce5811cc0bc280e778/atternio-0.2.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-07-22 19:22:51",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "seppzer0",
    "github_project": "atternio",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "atternio"
}
seppzer0
Elapsed time: 0.11248s