Uploading the Disarm-AttackFlow Builder

Modified version of the AttackFlow Builder from MITRE. Includes DISARM framework components with full integration of QOL and STIX objects.

database/.dockerignore

@@ -0,0 +1,2 @@
+node_modules/
+__pycache__/

database/.github/workflows/build.yml

@@ -0,0 +1,168 @@
+name: Build
+
+on:
+  push:
+    branches: [main]
+    tags:
+      - 'v*'
+  pull_request:
+
+permissions:
+  contents: read
+  id-token: write
+  pages: write
+  pull-requests: write
+
+jobs:
+  attack_flow_builder:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
+      with:
+        node-version: '19'
+    - name: Install dependencies
+      working-directory: ./src/attack_flow_builder/
+      run: npm ci
+    - name: Build
+      working-directory: ./src/attack_flow_builder/
+      env:
+        # Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532
+        NODE_OPTIONS: "--openssl-legacy-provider"
+      run: npm run build
+    - name: Upload artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: attack_flow_builder
+        path: src/attack_flow_builder/dist/
+
+  comment_flow_links:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/github-script@v6
+      if: github.event_name == 'pull_request'
+      env:
+        PR_NUMBER: ${{ github.event.number }}
+      with:
+          script: |
+            const { PR_NUMBER, GITHUB_SHA } = process.env;
+            const builderUrl = "https://center-for-threat-informed-defense.github.io/attack-flow/ui/?src=";
+            const baseRawUrl = "https://raw.githubusercontent.com/center-for-threat-informed-defense/attack-flow"
+            const response = await github.rest.pulls.listFiles({
+              "owner": "center-for-threat-informed-defense",
+              "repo": "attack-flow",
+              "pull_number": PR_NUMBER,
+              "per_page": 50,
+              "page": 1,
+            });
+            const bullets = [];
+            for (const file of response.data) {
+              if (file.filename.startsWith("corpus/")) {
+                const flowName = file.filename.split("/").pop();
+                const flowArg = `${baseRawUrl}/${GITHUB_SHA}/corpus/${flowName}`;
+                console.log(flowArg)
+                const flowUrl = builderUrl + encodeURIComponent(flowArg);
+                bullets.push(`* [${flowName}](${flowUrl})`);
+              }
+            }
+            if (bullets.length > 0) {
+              github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: "Open this PR's flows in Attack Flow Builder:\n\n" + bullets.join("\n") + "\n",
+              })
+            }
+
+  docs:
+    needs: attack_flow_builder
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v4
+      with:
+        python-version: '3.8'
+    - uses: actions/setup-node@v3
+      with:
+        node-version: '19'
+    - name: Update APT
+      run: sudo apt update
+    - name: Install APT dependencies
+      run: sudo apt install graphviz
+    - name: Install Poetry
+      run: curl -sSL https://install.python-poetry.org/ | python -
+    - name: Add Poetry to PATH
+      run: echo "$HOME/.poetry/bin" >> $GITHUB_PATH
+    - name: Install Python dependencies
+      run: poetry install
+    - name: Install Node dependencies
+      working-directory: ./src/attack_flow_builder/
+      run: npm ci
+    - name: Install Mermaid
+      run: npm install -g @mermaid-js/mermaid-cli
+    - name: Create client directory
+      run: mkdir docs/extra/ui
+    - name: Download Attack Flow Builder
+      uses: actions/download-artifact@v3
+      with:
+        name: attack_flow_builder
+        path: docs/extra/ui
+    - name: Make Attack Flow schema
+      run: poetry run make docs-schema
+    - name: Validate Corpus
+      env:
+        # Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532
+        NODE_OPTIONS: "--openssl-legacy-provider"
+      run: poetry run make validate
+    - name: Copy corpus into docs
+      env:
+        # Workaround for node.js bug: https://github.com/webpack/webpack/issues/14532
+        NODE_OPTIONS: "--openssl-legacy-provider"
+      run: poetry run make docs-examples
+    - name: Copy matrix-viz code into docs
+      run: poetry run make docs-matrix
+    - name: Build HTML docs
+      run: poetry run sphinx-build -M dirhtml docs docs/_build -W --keep-going
+    - name: Upload HTML docs
+      uses: actions/upload-artifact@v3
+      with:
+        name: attack_flow_docs_html
+        path: docs/_build/dirhtml/
+    - name: Install TeX Live
+      run: sudo apt install -y latexmk texlive texlive-latex-extra
+    - name: Build PDF docs
+      run: poetry run sphinx-build -M latexpdf docs docs/_build
+    - name: Upload PDF docs
+      uses: actions/upload-artifact@v3
+      with:
+        name: attack_flow_docs_pdf
+        path: docs/_build/latex/attackflow.pdf
+
+  github_pages:
+    # This job only runs when committing or merging to main branch.
+    if: startsWith(github.ref, 'refs/tags/v')
+    needs: docs
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    steps:
+    - name: Setup Pages
+      uses: actions/configure-pages@v2
+    - name: Download HTML docs
+      uses: actions/download-artifact@v3
+      with:
+        name: attack_flow_docs_html
+        path: docs
+    - name: Upload artifact
+      uses: actions/upload-pages-artifact@v1
+      with:
+        path: ./docs
+    - name: Deploy to GitHub Pages
+      id: deployment
+      uses: actions/deploy-pages@v1

database/.github/workflows/docker-compose.yml

@@ -0,0 +1,20 @@
+name: Test Docker image
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '*'
+
+jobs:
+  docker-compose:
+    # run docker-compose file and clean up before action finished
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Launch Attack Flow using Docker Compose
+        uses: isbang/compose-action@v1.4.1
+        with:
+          compose-file: "docker-compose.yml"

database/.github/workflows/docker.yml

@@ -0,0 +1,34 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '*'
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Log in to the Container registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Get Docker metadata
+        id: af_meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/${{ github.repository }}
+          labels: org.opencontainers.image.url=https://ctid.mitre-engenuity.org/our-work/attack-flow/
+      - name: Build Attack Flow Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.af_meta.outputs.tags }}
+          labels: ${{ steps.af_meta.outputs.labels }}

database/.github/workflows/test.yml

@@ -0,0 +1,32 @@
+name: Test
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  python_lib:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v4
+      with:
+        python-version: '3.8'
+    - name: Install Poetry
+      run: curl -sSL https://install.python-poetry.org/ | python -
+    - name: Add Poetry to PATH
+      run: echo "$HOME/.poetry/bin" >> $GITHUB_PATH
+    - name: Install Python dependencies
+      run: poetry install
+    - name: Check code formatting
+      run: poetry run black --check src/attack_flow/
+    - name: Run unit tests
+      run: poetry run make test-ci
+    - name: Upload coverage to CodeCov
+      uses: codecov/codecov-action@v4
+      with:
+        token: ${{ secrets.CODECOV_SECRET }}
+        files: coverage.xml
+        verbose: true

database/.gitignore

@@ -0,0 +1,138 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+docs/requirements.txt
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# IDE settings
+.vscode/
+
+# MacOS
+.DS_Store
+
+TODO.*

database/CONTRIBUTING.md

@@ -0,0 +1,56 @@
+# Contribute
+
+## How to contribute
+
+Thanks for contributing to Attack Flow!
+
+You are welcome to comment on issues, open new issues, and open pull requests.
+
+Pull requests should target the **main** branch of the repository, and should pass all tests.
+
+Also, if you contribute any source code, we need you to agree to the following Developer's Certificate of
+Origin below.
+
+## Reporting Issues
+
+* Describe (in detail) what should have happened. Include any supporting information that may be helpful in
+  resolving the issue.
+
+* Be sure to include any steps to replicate the issue.
+
+## Submission Guidelines
+
+You are welcome to comment on issues, open new issues, and open pull requests.
+
+Pull requests should target the **main** branch of the repository.
+
+Also, if you contribute any source code, we need you to agree to the following Developer's Certificate of
+Origin below.
+
+### Developer's Certificate of Origin v1.1
+
+```
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+ have the right to submit it under the open source license
+ indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+ of my knowledge, is covered under an appropriate open source
+ license and I have the right under that license to submit that
+ work with modifications, whether created in whole or in part
+ by me, under the same open source license (unless I am
+ permitted to submit under a different license), as indicated
+ in the file; or
+
+(c) The contribution was provided directly to me by some other
+ person who certified (a), (b) or (c) and I have not modified
+ it.
+
+(d) I understand and agree that this project and the contribution
+ are public and that a record of the contribution (including all
+ personal information I submit with it, including my sign-off) is
+ maintained indefinitely and may be redistributed consistent with
+ this project or the open source license(s) involved.
+```

database/Dockerfile

@@ -0,0 +1,9 @@
+FROM node:16 AS builder
+
+COPY src/attack_flow_builder /attack_flow_builder
+WORKDIR /attack_flow_builder
+RUN npm ci
+RUN npm run build
+
+FROM nginx:1.21-alpine
+COPY --from=builder /attack_flow_builder/dist /usr/share/nginx/html

database/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

database/Makefile

@@ -0,0 +1,61 @@
+ROOTDIR := $(dir $(abspath $(lastword $(MAKEFILE_LIST))))
+SOURCEDIR = docs/
+BUILDDIR = docs/_build/
+
+.PHONY: help
+help:
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' | sort
+
+.PHONY: docs
+docs: ## Build Sphinx documentation
+	sphinx-build -M dirhtml "$(SOURCEDIR)" "$(BUILDDIR)"
+
+docs-server: ## Run the Sphinx dev server
+	sphinx-autobuild -b dirhtml -a "$(SOURCEDIR)" "$(BUILDDIR)"
+
+src/attack_flow_builder/dist/cli.common.js: src/attack_flow_builder/src/cli.ts
+	cd src/attack_flow_builder && env VUE_CLI_SERVICE_CONFIG_PATH="${ROOTDIR}src/attack_flow_builder/vue.cli.config.js" npx vue-cli-service build --target lib --name cli --formats commonjs --no-clean src/cli.ts
+
+docs-examples: src/attack_flow_builder/dist/cli.common.js ## Build example flows
+	mkdir -p docs/extra/corpus
+	cp corpus/*.afb docs/extra/corpus
+	node src/attack_flow_builder/dist/cli.common.js --verbose corpus/*.afb
+	cp corpus/*.json docs/extra/corpus
+	ls -1 corpus/*.json | sed 's/corpus\/\(.*\)\.json/\1/' | xargs -t -I {} af graphviz "corpus/{}.json" "docs/extra/corpus/{}.dot"
+	ls -1 docs/extra/corpus/*.dot | xargs -t -I {} dot -Tpng -O -q1 "{}"
+	ls -1 corpus/*.json | sed 's/corpus\/\(.*\)\.json/\1/' | xargs -t -I {} af mermaid "corpus/{}.json" "docs/extra/corpus/{}.mmd"
+	ls -1 corpus/*.json | sed 's/corpus\/\(.*\)\.json/\1/' | xargs -t -I {} mmdc -i "docs/extra/corpus/{}.mmd" -o "docs/extra/corpus/{}.mmd.png"
+	af doc-examples corpus/ docs/example_flows.rst
+
+docs-matrix: ## Build the Navigator visualization JS code
+	mkdir -p docs/extra/matrix
+	cp src/matrix-viz/* docs/extra/matrix/
+
+docs-schema: ## Build the schema documentation
+	af doc-schema stix/attack-flow-schema-2.0.0.json stix/attack-flow-example.json docs/language.rst
+
+docs-pdf: ## Build Sphinx documentation in PDF format.
+	poetry export --dev --without-hashes -f requirements.txt -o docs/requirements.txt
+	docker run --rm -v "$(PWD)/docs":/docs sphinxdoc/sphinx-latexpdf:4.3.1 \
+		bash -c "pip install -r requirements.txt && sphinx-build -M latexpdf /docs /docs/_build"
+	rm docs/requirements.txt
+
+test: ## Run Python tests
+	pytest --cov=src/ --cov-report=term-missing
+
+test-ci: ## Run Python tests with XML coverage.
+	pytest --cov=src/ --cov-report=xml
+
+validate: src/attack_flow_builder/dist/cli.common.js ## Validate all flows in the corpus.
+	mkdir -p docs/extra/corpus
+	cp corpus/*.afb docs/extra/corpus
+	node src/attack_flow_builder/dist/cli.common.js --verbose corpus/*.afb
+	af validate \
+		stix/attack-flow-example.json \
+		corpus/*.json
+
+docker-build: ## Build the Docker image.
+	docker build . -t attack-flow-builder:latest
+
+docker-run: ## Run the Docker image.
+	docker run --rm -p 8080:80 attack-flow-builder:latest

database/README.md

@@ -0,0 +1,84 @@
+[![MITRE ATT&CK® v15](https://img.shields.io/badge/MITRE%20ATT%26CK®-v15-red)](https://attack.mitre.org/versions/v15/)
+[![test](https://github.com/center-for-threat-informed-defense/attack-flow/actions/workflows/test.yml/badge.svg)](https://github.com/center-for-threat-informed-defense/attack-flow/actions/workflows/test.yml)
+[![build](https://github.com/center-for-threat-informed-defense/attack-flow/actions/workflows/build.yml/badge.svg)](https://github.com/center-for-threat-informed-defense/attack-flow/actions/workflows/build.yml)
+[![codecov](https://codecov.io/gh/center-for-threat-informed-defense/attack-flow/branch/main/graph/badge.svg?token=MSGpc9mM6U)](https://codecov.io/gh/center-for-threat-informed-defense/attack-flow)
+
+<!--
+When updating README.md, take a look at overview.rst and consider if you should
+make the same updates there.
+-->
+
+# Attack Flow
+
+Attack Flow is a language for describing how cyber adversaries combine and sequence various offensive
+techniques to achieve their goals. The project helps defenders and leaders understand how adversaries operate
+and improve their own defensive posture. This project is created and maintained by the [MITRE Engenuity Center
+for Threat-Informed Defense](https://ctid.mitre-engenuity.org/) in futherance of our mission to advance the
+start of the art and and the state of the practice in threat-informed defense globally. The project is funded
+by our [research participants](https://ctid.mitre-engenuity.org/our-work/attack-flow/#RESEARCH-PARTICIPANTS).
+
+**Table Of Contents:**
+
+- [Getting Started](#getting-started)
+- [Getting Involved](#getting-involved)
+- [Questions and Feedback](#questions-and-feedback)
+- [How Do I Contribute?](#how-do-i-contribute)
+- [Notice](#notice)
+
+## Getting Started
+
+To get started, we suggest skimming the documentation to get familiar with the project. Next, you may want to try creating
+your own attack flows using the Attack Flow Builder, which is an easy-to-use GUI tool. When you are ready to dive deep,
+review the Example Flows and JSON Schema for the language.
+
+| Resource                                                                                    | Description                                            |
+| ------------------------------------------------------------------------------------------- | ------------------------------------------------------ |
+| [Documentation](https://center-for-threat-informed-defense.github.io/attack-flow/)          | Complete documentation for the Attack Flow project.    |
+| [Attack Flow Builder](https://center-for-threat-informed-defense.github.io/attack-flow/ui/) | An online GUI tool for building Attack Flows.          |
+| [JSON Schema](/stix/attack-flow-schema-2.0.0.json)                                          | The language specification expressed as a JSON Schema. |
+| [Example Flows](/corpus/)                                                                   | A corpus of example Attack Flows.                      |
+
+## Getting Involved
+
+There are several ways that you can get involved with this project and help
+advance threat-informed defense:
+
+- **Review the language specification, use the builder to create some flows, and tell us what you think.** We
+  welcome your review and feedback on the data model and our methodology.
+- **Help us prioritize additional example flows to create.** Let us know what examples you would like to
+  turned into an Attack Flow. Your input will help us prioritize how we expand our corpus.
+- **Share your use cases.** We are interested in developing additional tools and resources to help the
+  community understand and make threat-informed decisions in their risk management programs. If you have ideas
+  or suggestions, we consider them as we explore additional research projects.
+
+## Questions and Feedback
+
+Please submit issues for any technical questions/concerns or contact ctid@mitre-engenuity.org directly for
+more general inquiries.
+
+Also see the guidance for contributors if are you interested in contributing or simply reporting issues.
+
+## How Do I Contribute?
+
+We welcome your feedback and contributions to help advance Attack Flow. Please see the guidance for
+contributors if are you interested in [contributing or simply reporting issues.](/CONTRIBUTING.md)
+
+Please submit [issues](https://github.com/center-for-threat-informed-defense/attack-flow/issues) for any
+technical questions/concerns or contact ctid@mitre-engenuity.org directly for more general inquiries.
+
+## Notice
+
+Copyright 2021 MITRE Engenuity. Approved for public release. Document number CT0040
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is
+distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See
+the License for the specific language governing permissions and limitations under the License.
+
+This project makes use of MITRE ATT&CK®
+
+[ATT&CK Terms of Use](https://attack.mitre.org/resources/terms-of-use/)

database/corpus/.gitignore

@@ -0,0 +1 @@
+*.json

database/data/.gitignore

@@ -0,0 +1 @@
+*.json

database/docker-compose.yml

@@ -0,0 +1,12 @@
+version: '3.8'
+
+services:
+  attack-flow:
+    image: ghcr.io/center-for-threat-informed-defense/attack-flow:latest
+    ## Uncomment this to use the local Dockerfile instead of the official image
+    #build:
+    #  context: .
+    #  dockerfile: ./Dockerfile
+    ports:
+      - 8080:80
+    restart: always

database/docs/_static/css/ctid.css

@@ -0,0 +1,277 @@
+/* Document styles */
+
+body {
+    --text-color: #0B2338;
+    --text-color-inverse: #FFFFFF;
+    --text-background: #FFFFFF;
+    --side-nav-background: #404040;
+
+    color: var(--text-color);
+    font-family: Arial, Helvetica, sans-serif;
+
+    /* MITRE Engenuity Core Colors */
+    --me-core-yellow: #FFF601;
+    --me-core-green: #7DEA49;
+    --me-core-purple-light: #726DE2;
+    --me-core-purple: #6241C5;
+    --me-core-purple-dark: #2B1972;
+    --me-core-blue-dark: #212C5E;
+    --me-core-blue-darker: #0F1538;
+    --me-core-gray-light: #F0F1F2;
+    --me-core-gray: #B2B2B2;
+    --me-hyperlink: #005B94;
+
+    /* MITRE Engenuity Extended Colors */
+    --me-ext-navy: #212C5E;
+    --me-ext-navy-dark: #0F1538;
+    --me-ext-blue: #0096D1;
+    --me-ext-blue-dark: #005B94;
+    --me-ext-gray-green: #4DA185;
+    --me-ext-gray-green-dark: #024F48;
+    --me-ext-teal-highlighter: #29E6D0;
+    --me-ext-teal-dark: #15B7AD;
+    --me-ext-green-highlighter: #7DEA49;
+    --me-ext-green-dark: #3CAB41;
+    --me-ext-yellow-highlighter: #FFF601;
+    --me-ext-yellow-dark: #FEDB22;
+    --me-ext-orange-highlighter: #FF8A36;
+    --me-ext-orange-dark: #F56600;
+    --me-ext-cranberry-highlighter: #FF006B;
+    --me-ext-cranberry-dark: #BD0044;
+}
+
+@media screen and (min-width: 1100px) {
+    .wy-nav-content-wrap {
+        background-color: var(--me-core-gray-light);
+    }
+
+    .wy-nav-content {
+        background-color: var(--text-background);
+    }
+}
+
+em.newsgroup {
+    background-color: var(--me-core-yellow);
+    padding: 5px;
+    font-style: normal;
+    font-weight: 700;
+}
+
+/* Anchor styles */
+
+.rst-content a,
+.rst-content a:active,
+.rst-content a:visited {
+    color: var(--me-hyperlink);
+    text-decoration: underline;
+}
+
+/* Don't underline font awesome icons in links. */
+.rst-content a .fa,
+.rst-content a:active .fa,
+.rst-content a:visited .fa {
+    text-decoration: none;
+    padding-right: 0.25em;
+}
+
+/* Don't underline the permalink icon next to headers. */
+.rst-content a.headerlink,
+.rst-content a.headerlink:active,
+.rst-content a.headerlink:visited {
+    text-decoration: none;
+}
+
+.rst-content a:hover {
+    color: var(--me-text-color);
+}
+
+.rst-content.style-external-links a.reference.external {
+    padding-right: 1em;
+}
+
+.rst-content.style-external-links a.reference.external:after {
+    font-size: 80%;
+    position: absolute;
+}
+
+/* Bootstrap button styles */
+
+.btn,
+.btn:focus,
+.btn-primary,
+.btn-primary:focus {
+    background-color: var(--me-core-purple);
+}
+
+.btn:hover,
+.btn-primary:hover {
+    background-color: var(--me-core-purple-light);
+}
+
+.btn-secondary,
+.btn-secondary:focus {
+    background-color: var(--text-color);
+}
+
+.btn-secondary:hover {
+    background-color: #737373;
+}
+
+.btn-link,
+.btn-link:focus {
+    color: var(--me-core-purple);
+}
+
+.btn-link:hover {
+    color: var(--me-core-purple-dark) !important;
+}
+
+.rst-content a.btn,
+.rst-content a.btn:active,
+.rst-content a.btn:visited {
+    color: var(--text-color-inverse);
+    font-weight: normal;
+    text-decoration: none;
+}
+
+/* Table styles */
+.rst-content div.wy-table-responsive table.docutils {
+    width: 100%;
+    table-layout: fixed;
+}
+
+.rst-content div.wy-table-responsive table.docutils thead th,
+.rst-content div.wy-table-responsive table.docutils tbody td {
+    white-space: normal;
+}
+
+.rst-content div.wy-table-responsive table.docutils thead th p,
+.rst-content div.wy-table-responsive table.docutils tbody td p {
+    margin: 0.5em 0;
+}
+
+.rst-content div.wy-table-responsive table.docutils thead th code.docutils,
+.rst-content div.wy-table-responsive table.docutils tbody td code.docutils {
+    white-space: pre-wrap;
+}
+
+/* Table of contents styles */
+.rst-content .toctree-wrapper a {
+    font-weight: normal;
+}
+
+.rst-content .toctree-wrapper ul li ul {
+    margin-top: 0;
+}
+
+/* Side bar styles */
+
+.wy-side-nav-search div.version {
+    color: var(--text-color-inverse);
+}
+
+.wy-nav-top {
+    background-color: var(--me-core-purple-dark);
+}
+
+.wy-nav-side {
+    background-color: var(--side-nav-background);
+}
+
+.wy-side-nav-search a {
+    font-size: 1.6em;
+}
+
+.wy-side-nav-search a.icon img.logo {
+    max-width: 10rem;
+}
+
+.wy-side-nav-search {
+    background-color: var(--me-core-purple);
+}
+
+.wy-menu-vertical p.caption {
+    color: var(--text-color-inverse);
+}
+
+.wy-menu-vertical li.current {
+    background-color: var(--me-core-gray-light);
+}
+
+/* Admonition styles */
+
+.admonition {
+    background-color: var(--me-core-gray-light) !important;
+    color: var(--text-color);
+}
+
+.admonition .admonition-title {
+    padding: 0.8em 1em !important;
+}
+
+.admonition a,
+.admonition a.reference.external:after {
+    color: var(--text-color) !important;
+}
+
+.admonition.attention .admonition-title {
+    background-color: var(--me-ext-yellow-dark);
+    color: var(--text-color);
+}
+
+.admonition.caution .admonition-title,
+.admonition.warning .admonition-title {
+    background-color: var(--me-ext-orange-highlighter);
+    color: var(--text-color);
+}
+
+.admonition.danger .admonition-title,
+.admonition.error .admonition-title {
+    background-color: var(--me-ext-cranberry-highlighter);
+    color: var(--text-color-inverse);
+}
+
+.admonition.important .admonition-title {
+    background-color: var(--me-ext-gray-green);
+    color: var(--text-color-inverse);
+}
+
+.admonition.hint .admonition-title,
+.admonition.tip .admonition-title {
+    background-color: var(--me-ext-blue);
+    color: var(--text-color-inverse);
+}
+
+.admonition.note .admonition-title,
+.admonition.seealso .admonition-title {
+    background-color: var(--me-ext-teal-highlighter);
+    color: var(--text-color);
+}
+
+/* Figure styles */
+
+.rst-content figcaption p span.caption-text {
+    font-size: 10pt;
+    font-style: initial;
+    color: #999;
+}
+
+/* Epigraph styles */
+
+blockquote.epigraph {
+    background-color: var(--me-core-gray-light);
+    margin: 2em 0;
+    padding: 1em;
+    border-top: 3px solid #c9c9c9;
+    border-bottom: 3px solid #c9c9c9;
+}
+
+blockquote.epigraph p {
+    font-size: 16pt;
+}
+
+blockquote.epigraph p.attribution {
+    margin: 0;
+    font-size: 12pt;
+    font-style: italic;
+}