The `hideDisabled=True` option in the layer is not working.

mitre-attack / attack-navigator

Web app that provides basic navigation and annotation of ATT&CK matrices

https://mitre-attack.github.io/attack-navigator

Apache License 2.0

1.92k stars 578 forks source link

The `hideDisabled=True` option in the layer is not working. #602

Closed gnh1201 closed 7 months ago

gnh1201 commented 7 months ago

I recently confirmed that the hideDisabled=True option is not functioning in the MITRE ATT&CK Navigator. The cause is unknown, but it seems that there is a similar issue in the current version, such as #50.

Additionally, the show/hide disabled button in the MITRE ATT&CK Navigator is also not working.

I was unable to hide information for techniques without relevant details through any method.

clemiller commented 7 months ago

Hi @gnh1201,

Would you be able to provide any further details on the steps to reproduce this issue or an example layer you could share? It appears #50 was addressed in an old version (v2.1) of Navigator and I have not been able to reproduce this issue in the latest version (v4.9.1) with the details provided.

gnh1201 commented 7 months ago

Below is the method to reproduce this issue:

Copy the first example described in the layers/LAYERFORMATv4_5.md file and create a JSON file exactly as it is. In my case, I changed hideDisabled to true, but leaving it as false should not hinder reproducing the issue.
Upload it to the MITRE ATT&CK Navigator.
A popup will appear suggesting an upgrade due to a new schema. Click "No."
The disabled items are not hidden. Pressing the show/hide disabled button has the same result.

gnh1201 commented 7 months ago

My environments

Microsoft Edge 119.0.2151.72
Google Chrome 119.0.6045.160

gnh1201 commented 7 months ago

While reading through existing closed issues, I found a little bit that seem to be related. It might not be helpful, but I'll add references. #470 #466

adpare commented 7 months ago

Hi @gnh1201,

We followed the steps you outlined to reproduce the issue. It is working as expected on our end. The hide/show disabled button is working based on the value of hideDisabled in the layer file. What may be causing the issue could be our example layer file layers/LAYERFORMATv4_5.md. Technique T1078 does not fall under the tactic discovery. If you change that to privilege-escalation, you will be able to see the disabled technique. In addition, disabled techniques with enabled sub-techniques will not be hidden when you click on show/hide.

Hope this solves your issue.

gnh1201 commented 7 months ago

Hi @adpare

In addition, disabled techniques with enabled sub-techniques will not be hidden when you click on show/hide.

This is the behavior I expected. However, the problem is that it's not working as intended at the moment.

What may be causing the issue could be our example layer file layers/LAYERFORMATv4_5.md.

The same issue exists in both layers/LAYERFORMAT*.MD and layers/data/samples/*.json.

This issue has not been resolved yet.

gnh1201 commented 7 months ago

Sorry. I misunderstood this feature. I wanted to hide techniques that were not highlighted. As I continued to try, I realized that this is different from the show/hide disabled feature.

I have decided to create a separate 'show/hide not-highlighted' button. Link to the commit

Thank you for addressing this issue.