search

center-for-threat-informed-defense / attack-flow

Attack Flow helps executives, SOC managers, and defenders easily understand how attackers compose ATT&CK techniques into attacks by developing a representation of attack flows, modeling attack flows for a small corpus of incidents, and creating visualization tools to display attack flows.
https://ctid.io/attack-flow
Apache License 2.0
522 stars 83 forks source link

Allow same-origin credentials for loading flow files #112

Closed initstring closed 9 months ago

initstring commented 10 months ago

We host our own Builder and credentials are required to access the site. Our instance of Builder has a local folder of .afb files inside the web root. This allows us to send authorised users direct links to flows, like this:

https://builder-site.com/?src=flows/flow1.afb

... while ensuring the site and the flow files are protected.

However, this doesn't work using the current version. The reason for this is it is not sending the site's cookies to flow files defined as the src URL parameter. This is due to the specific omit flag in the fromUrl function.

This PR makes one small change to remove the omit flag to fetch, and let it use its default behaviour of sending credentials for same-origin requests.

I am not a Javascript expert, so I apologise if I am making some obvious mistakes here.

Thanks so much for all the work you do at MITRE, we really appreciate the great resources you share with the world.

Documentation on fetch

sonarcloud[bot] commented 10 months ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

mehaase commented 9 months ago

@mikecarenzo took a look at this and gave it 👍

codecov[bot] commented 9 months ago

Codecov Report

Patch has no changes to coverable lines.

:loudspeaker: Thoughts on this report? Let us know!.