Merge pull request #138 from ahouseholder/feature/fix_135

Add python lookup helper for v2
CERTCC · Apr 5, 2021 · c1aca71 · c1aca71
2 parents 16ee77f + 39677f5
commit c1aca71
Show file tree

Hide file tree

Showing 2 changed files with 139 additions and 25 deletions.
diff --git a/data/v2/csv/ssvc_2_coord-triage.csv b/data/v2/csv/ssvc_2_coord-triage.csv
@@ -1,49 +1,49 @@
-Public?,Contacted?,Credible?,Cardinality,Engagement,Utility,PublicSafetyImpact,Outcome
-No,Yes,Yes,one,active,laborious,minor,decline
+Public,Contacted,Credible,Cardinality,Engagement,Utility,PublicSafetyImpact,Outcome
+No,Yes,Yes,one,active,laborious,minimal,decline
 No,Yes,Yes,one,active,laborious,significant,decline
-No,Yes,Yes,one,active,efficient,minor,decline
+No,Yes,Yes,one,active,efficient,minimal,decline
 No,Yes,Yes,one,active,efficient,significant,track
-No,Yes,Yes,one,active,super-effective,minor,decline
+No,Yes,Yes,one,active,super-effective,minimal,decline
 No,Yes,Yes,one,active,super-effective,significant,track
-No,Yes,Yes,one,unresponsive,laborious,minor,track
+No,Yes,Yes,one,unresponsive,laborious,minimal,track
 No,Yes,Yes,one,unresponsive,laborious,significant,coordinate
-No,Yes,Yes,one,unresponsive,efficient,minor,coordinate
+No,Yes,Yes,one,unresponsive,efficient,minimal,coordinate
 No,Yes,Yes,one,unresponsive,efficient,significant,coordinate
-No,Yes,Yes,one,unresponsive,super-effective,minor,coordinate
+No,Yes,Yes,one,unresponsive,super-effective,minimal,coordinate
 No,Yes,Yes,one,unresponsive,super-effective,significant,coordinate
-No,Yes,Yes,multiple,active,laborious,minor,decline
+No,Yes,Yes,multiple,active,laborious,minimal,decline
 No,Yes,Yes,multiple,active,laborious,significant,track
-No,Yes,Yes,multiple,active,efficient,minor,decline
+No,Yes,Yes,multiple,active,efficient,minimal,decline
 No,Yes,Yes,multiple,active,efficient,significant,track
-No,Yes,Yes,multiple,active,super-effective,minor,coordinate
+No,Yes,Yes,multiple,active,super-effective,minimal,coordinate
 No,Yes,Yes,multiple,active,super-effective,significant,coordinate
-No,Yes,Yes,multiple,unresponsive,laborious,minor,coordinate
+No,Yes,Yes,multiple,unresponsive,laborious,minimal,coordinate
 No,Yes,Yes,multiple,unresponsive,laborious,significant,coordinate
-No,Yes,Yes,multiple,unresponsive,efficient,minor,coordinate
+No,Yes,Yes,multiple,unresponsive,efficient,minimal,coordinate
 No,Yes,Yes,multiple,unresponsive,efficient,significant,coordinate
-No,Yes,Yes,multiple,unresponsive,super-effective,minor,coordinate
+No,Yes,Yes,multiple,unresponsive,super-effective,minimal,coordinate
 No,Yes,Yes,multiple,unresponsive,super-effective,significant,coordinate
-No,Yes,No,one,active,laborious,minor,decline
+No,Yes,No,one,active,laborious,minimal,decline
 No,Yes,No,one,active,laborious,significant,decline
-No,Yes,No,one,active,efficient,minor,decline
+No,Yes,No,one,active,efficient,minimal,decline
 No,Yes,No,one,active,efficient,significant,track
-No,Yes,No,one,active,super-effective,minor,decline
+No,Yes,No,one,active,super-effective,minimal,decline
 No,Yes,No,one,active,super-effective,significant,track
-No,Yes,No,one,unresponsive,laborious,minor,decline
+No,Yes,No,one,unresponsive,laborious,minimal,decline
 No,Yes,No,one,unresponsive,laborious,significant,decline
-No,Yes,No,one,unresponsive,efficient,minor,decline
+No,Yes,No,one,unresponsive,efficient,minimal,decline
 No,Yes,No,one,unresponsive,efficient,significant,track
-No,Yes,No,one,unresponsive,super-effective,minor,decline
+No,Yes,No,one,unresponsive,super-effective,minimal,decline
 No,Yes,No,one,unresponsive,super-effective,significant,track
-No,Yes,No,multiple,active,laborious,minor,decline
+No,Yes,No,multiple,active,laborious,minimal,decline
 No,Yes,No,multiple,active,laborious,significant,track
-No,Yes,No,multiple,active,efficient,minor,decline
+No,Yes,No,multiple,active,efficient,minimal,decline
 No,Yes,No,multiple,active,efficient,significant,track
-No,Yes,No,multiple,active,super-effective,minor,track
+No,Yes,No,multiple,active,super-effective,minimal,track
 No,Yes,No,multiple,active,super-effective,significant,coordinate
-No,Yes,No,multiple,unresponsive,laborious,minor,decline
+No,Yes,No,multiple,unresponsive,laborious,minimal,decline
 No,Yes,No,multiple,unresponsive,laborious,significant,track
-No,Yes,No,multiple,unresponsive,efficient,minor,decline
+No,Yes,No,multiple,unresponsive,efficient,minimal,decline
 No,Yes,No,multiple,unresponsive,efficient,significant,track
-No,Yes,No,multiple,unresponsive,super-effective,minor,track
+No,Yes,No,multiple,unresponsive,super-effective,minimal,track
 No,Yes,No,multiple,unresponsive,super-effective,significant,coordinate
diff --git a/src/ssvc_v2.py b/src/ssvc_v2.py
@@ -0,0 +1,114 @@
+#!/usr/bin/env python
+'''
+file: ssvc_v2
+author: adh
+created_at: 3/23/21 3:23 PM
+'''
+
+import os
+import pandas as pd
+
+DATAPATH="../data/v2/csv"
+
+PATHS = {
+    'coord_pub': os.path.join(DATAPATH,"ssvc_2_coord-publish.csv"),
+    'coord_triage': os.path.join(DATAPATH,"ssvc_2_coord-triage.csv"),
+    'deployer': os.path.join(DATAPATH,"ssvc_2_deployer.csv"),
+    'supplier': os.path.join(DATAPATH,"ssvc_2_supplier.csv"),
+}
+
+DEFAULTS = {
+    'coord_pub': {
+        # An analyst should feel comfortable selecting none if they (or their search scripts) have performed searches
+        # in the appropriate places for public PoCs and active exploitation (as described above) and found none.
+        "Exploitation": "none",
+    },
+    'coord_triage': {
+
+    },
+    'deployer': {
+        # An analyst should feel comfortable selecting none if they (or their search scripts) have performed searches
+        # in the appropriate places for public PoCs and active exploitation (as described above) and found none.
+        "Exploitation": "none",
+        "Exposure": "unavoidable"
+    },
+    'supplier': {
+        # An analyst should feel comfortable selecting none if they (or their search scripts) have performed searches
+        # in the appropriate places for public PoCs and active exploitation (as described above) and found none.
+        "Exploitation": "none",
+    },
+}
+
+# confirm that PATHS and DEFAULTS keys match
+assert(set(PATHS.keys()) == set(DEFAULTS.keys()))
+
+def _load_csvs(path_dict):
+    data = {}
+    for key,path in path_dict.items():
+        df = pd.read_csv(path)
+        data[key] = df
+    return data
+
+DATA = _load_csvs(PATHS)
+
+# confirm that PATHS and DATA keys match
+assert(set(PATHS.keys()) == set(DATA.keys()))
+
+
+def lookup(key, query_dict,use_defaults=True):
+    # get the full table
+    df = DATA[key]
+
+    if use_defaults:
+        # copy the defaults before we use them
+        defaults = DEFAULTS.get(key,{})
+        q = dict(defaults)
+    else:
+        q = {}
+
+    q.update(query_dict)
+
+    # with each pass, slice the table
+    for k,v in q.items():
+
+        df = df.loc[df[k] == v]
+    return df
+
+def outcome_dist(df,normalize=True):
+    '''
+    Given a dataframe representing an SSVC tree fragment,
+    compute and return the distribution of outcomes
+    '''
+    return df['Outcome'].value_counts(normalize=normalize)
+
+
+def main():
+    for key,df in DATA.items():
+        print(key, df.columns)
+
+    print()
+    query = {
+        "Utility": "laborious",
+        "PublicSafetyImpact": "minimal",
+    }
+    df = lookup('coord_triage',query)
+    print(query)
+    print(df)
+    print(outcome_dist(df).round(decimals=3).to_dict())
+
+    print()
+    query = {'Value added': "precedence"}
+    df = lookup('coord_pub',query)
+    print(query)
+    print(df)
+    print(outcome_dist(df).round(decimals=3).to_dict())
+
+    print()
+    query = {"PublicSafetyImpact": "minimal"}
+    df = lookup('supplier',query)
+    print(query)
+    print(df)
+    print(outcome_dist(df).round(decimals=3).to_dict())
+
+if __name__ == '__main__':
+    main()