feat(phase-11): implement Red/Blue business logic services (T-106, T-107, T-108)
T-106: Create test_workflow_service.py with state-machine transitions for the complete test lifecycle (draft -> red_executing -> blue_evaluating -> in_review -> validated/rejected), dual validation by Red/Blue leads, and reopen capability with field cleanup. T-107: Update status_service.py to use detection_result from Blue Team instead of legacy result field, and differentiate between partial progress (some validated) vs all-in-progress states. T-108: Create atomic_import_service.py that downloads the Atomic Red Team repo as a ZIP (avoiding API rate limits), parses all atomics YAML files, and creates idempotent TestTemplate records mapped to MITRE techniques. Includes validation tests for all three tasks (19 checks total).
This commit is contained in:
@@ -2,12 +2,14 @@
|
||||
from app.models.user import User
|
||||
from app.models.technique import Technique
|
||||
from app.models.test import Test
|
||||
from app.models.test_template import TestTemplate
|
||||
from app.models.evidence import Evidence
|
||||
from app.models.intel import IntelItem
|
||||
from app.models.audit import AuditLog
|
||||
from app.models.enums import TechniqueStatus, TestState, TestResult
|
||||
from app.models.enums import TechniqueStatus, TestState, TestResult, TeamSide
|
||||
|
||||
__all__ = [
|
||||
"User", "Technique", "Test", "Evidence", "IntelItem", "AuditLog",
|
||||
"TechniqueStatus", "TestState", "TestResult"
|
||||
"User", "Technique", "Test", "TestTemplate", "Evidence",
|
||||
"IntelItem", "AuditLog",
|
||||
"TechniqueStatus", "TestState", "TestResult", "TeamSide",
|
||||
]
|
||||
|
||||
@@ -12,11 +12,18 @@ class TechniqueStatus(str, enum.Enum):
|
||||
|
||||
class TestState(str, enum.Enum):
|
||||
draft = "draft"
|
||||
red_executing = "red_executing" # Red Team documenting attack
|
||||
blue_evaluating = "blue_evaluating" # Blue Team evaluating detection
|
||||
in_review = "in_review"
|
||||
validated = "validated"
|
||||
rejected = "rejected"
|
||||
|
||||
|
||||
class TeamSide(str, enum.Enum):
|
||||
red = "red"
|
||||
blue = "blue"
|
||||
|
||||
|
||||
class TestResult(str, enum.Enum):
|
||||
detected = "detected"
|
||||
not_detected = "not_detected"
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
import uuid
|
||||
from datetime import datetime
|
||||
|
||||
from sqlalchemy import Column, String, DateTime, ForeignKey
|
||||
from sqlalchemy import Column, String, Text, DateTime, ForeignKey, Enum
|
||||
from sqlalchemy.dialects.postgresql import UUID
|
||||
from sqlalchemy.orm import relationship
|
||||
|
||||
from app.database import Base
|
||||
from app.models.enums import TeamSide
|
||||
|
||||
|
||||
class Evidence(Base):
|
||||
@@ -14,6 +15,9 @@ class Evidence(Base):
|
||||
|
||||
Files are stored in MinIO, and this model tracks the file location,
|
||||
integrity hash, and upload metadata.
|
||||
|
||||
The ``team`` field distinguishes whether this evidence was uploaded by
|
||||
Red Team (attack evidence) or Blue Team (detection evidence).
|
||||
"""
|
||||
__tablename__ = "evidences"
|
||||
|
||||
@@ -24,6 +28,8 @@ class Evidence(Base):
|
||||
sha256_hash = Column(String, nullable=False)
|
||||
uploaded_by = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=True)
|
||||
uploaded_at = Column(DateTime, default=datetime.utcnow)
|
||||
team = Column(Enum(TeamSide, name="teamside"), nullable=False, default=TeamSide.red)
|
||||
notes = Column(Text, nullable=True)
|
||||
|
||||
# Relationships
|
||||
test = relationship("Test", back_populates="evidences")
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import uuid
|
||||
from datetime import datetime
|
||||
|
||||
from sqlalchemy import Column, String, Text, DateTime, ForeignKey, Enum
|
||||
from sqlalchemy import Column, String, Text, Boolean, DateTime, ForeignKey, Enum
|
||||
from sqlalchemy.dialects.postgresql import UUID
|
||||
from sqlalchemy.orm import relationship
|
||||
|
||||
@@ -12,12 +12,14 @@ from app.models.enums import TestState, TestResult
|
||||
class Test(Base):
|
||||
"""
|
||||
Test model representing a security test for a MITRE ATT&CK technique.
|
||||
|
||||
|
||||
Each test documents an attempt to validate coverage of a specific technique,
|
||||
including the procedure, tools used, and outcome.
|
||||
including the procedure, tools used, and outcome. V2 introduces dual
|
||||
validation: Red Lead and Blue Lead must each approve independently.
|
||||
"""
|
||||
__tablename__ = "tests"
|
||||
|
||||
# ── Core fields ─────────────────────────────────────────────────
|
||||
id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
|
||||
technique_id = Column(UUID(as_uuid=True), ForeignKey("techniques.id"), nullable=False)
|
||||
name = Column(String, nullable=False)
|
||||
@@ -29,12 +31,27 @@ class Test(Base):
|
||||
created_by = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=True)
|
||||
result = Column(Enum(TestResult, name="testresult"), nullable=True)
|
||||
state = Column(Enum(TestState, name="teststate"), default=TestState.draft)
|
||||
validated_by = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=True)
|
||||
validated_at = Column(DateTime, nullable=True)
|
||||
created_at = Column(DateTime, default=datetime.utcnow)
|
||||
|
||||
# Relationships
|
||||
# ── Red Team fields ─────────────────────────────────────────────
|
||||
red_summary = Column(Text, nullable=True)
|
||||
attack_success = Column(Boolean, nullable=True)
|
||||
red_validated_by = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=True)
|
||||
red_validated_at = Column(DateTime, nullable=True)
|
||||
red_validation_status = Column(String, nullable=True) # pending / approved / rejected
|
||||
red_validation_notes = Column(Text, nullable=True)
|
||||
|
||||
# ── Blue Team fields ────────────────────────────────────────────
|
||||
blue_summary = Column(Text, nullable=True)
|
||||
detection_result = Column(Enum(TestResult, name="testresult"), nullable=True)
|
||||
blue_validated_by = Column(UUID(as_uuid=True), ForeignKey("users.id"), nullable=True)
|
||||
blue_validated_at = Column(DateTime, nullable=True)
|
||||
blue_validation_status = Column(String, nullable=True) # pending / approved / rejected
|
||||
blue_validation_notes = Column(Text, nullable=True)
|
||||
|
||||
# ── Relationships ───────────────────────────────────────────────
|
||||
technique = relationship("Technique", back_populates="tests")
|
||||
evidences = relationship("Evidence", back_populates="test")
|
||||
creator = relationship("User", foreign_keys=[created_by])
|
||||
validator = relationship("User", foreign_keys=[validated_by])
|
||||
red_validator = relationship("User", foreign_keys=[red_validated_by])
|
||||
blue_validator = relationship("User", foreign_keys=[blue_validated_by])
|
||||
|
||||
45
backend/app/models/test_template.py
Normal file
45
backend/app/models/test_template.py
Normal file
@@ -0,0 +1,45 @@
|
||||
"""TestTemplate model — predefined test catalog entries."""
|
||||
|
||||
import uuid
|
||||
from datetime import datetime
|
||||
|
||||
from sqlalchemy import Column, String, Text, Boolean, DateTime, Index
|
||||
from sqlalchemy.dialects.postgresql import UUID
|
||||
|
||||
from app.database import Base
|
||||
|
||||
|
||||
class TestTemplate(Base):
|
||||
"""
|
||||
Predefined test template mapped to a MITRE ATT&CK technique.
|
||||
|
||||
Templates come from several sources:
|
||||
- **atomic_red_team**: Atomic Red Team by Red Canary
|
||||
- **mitre**: MITRE ATT&CK procedure examples
|
||||
- **custom**: Manually created by teams
|
||||
|
||||
Users can instantiate a real Test from a template.
|
||||
"""
|
||||
__tablename__ = "test_templates"
|
||||
|
||||
id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
|
||||
mitre_technique_id = Column(String, nullable=False) # e.g. "T1059.001"
|
||||
name = Column(String, nullable=False)
|
||||
description = Column(Text, nullable=True)
|
||||
source = Column(String, nullable=False) # atomic_red_team / mitre / custom
|
||||
source_url = Column(String, nullable=True)
|
||||
attack_procedure = Column(Text, nullable=True) # Suggested attack procedure
|
||||
expected_detection = Column(Text, nullable=True) # What blue team should detect
|
||||
platform = Column(String, nullable=True) # windows / linux / macos
|
||||
tool_suggested = Column(String, nullable=True)
|
||||
severity = Column(String, nullable=True) # low / medium / high / critical
|
||||
atomic_test_id = Column(String, nullable=True) # ID in Atomic Red Team repo
|
||||
is_active = Column(Boolean, default=True)
|
||||
created_at = Column(DateTime, default=datetime.utcnow)
|
||||
|
||||
__table_args__ = (
|
||||
Index('ix_test_templates_mitre_technique_id', 'mitre_technique_id'),
|
||||
Index('ix_test_templates_source', 'source'),
|
||||
Index('ix_test_templates_platform', 'platform'),
|
||||
Index('ix_test_templates_severity', 'severity'),
|
||||
)
|
||||
Reference in New Issue
Block a user