search

mitre-attack / tram

Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.
Apache License 2.0
346 stars 66 forks source link

Review Dependencies #69

Closed jecarr closed 3 years ago

jecarr commented 3 years ago

Edit - This appears to be a dependency issue rather than a Python version issue

Hello,

I upgraded my Python environment ~from 3.7 to 3.9~ (which included updated dependencies) and had some issues. Just highlighting here if anyone wants to do a PR or make suggestions:

  1. Launching tram breaks because of taxii2client: temporary fix by changing the import from this file to from taxii2client.v20 import Collection
    • Edit - this is because my upgrade to Python 3.9 meant re-installing this dependency which gave me taxii-client v2.2.2. My 3.7 interpreter ran v0.5.0 (as per requirements.txt)
    • I raised an issue - oasis-open/cti-taxii-client#97 - to see if a try-except block can be designed here
    • The fix stated above should be temporary (and not committed) because this breaks Python 3.7 taxii-client v2.2.2 usage
  2. requirements.txt needs reviewing
    • The installation of requirements breaks for me when it reaches scipy==1.3.3
    • I had to manually do pip install scipy which gave me v1.6.0
    • Can minimum versions be defined? Like how this post suggests
    • Related to #66: if this file gets reviewed, hopefully this (and any other bugs) can be checked too

Optional to sort out too:

  1. Pandas warning:
    • ~~lib/python3.9/site-packages/pandas/compat/__init__.py:97: UserWarning: Could not import the lzma module. Your installed Python is incomplete. Attempting to use lzma compression will result in a RuntimeError. warnings.warn(msg)~~
    • Edit - this was down to my Python set up and uninstalling and re-installing Python 3.9 fixed this for me
  2. Async code styles
    • There are two deprecation warnings for where @asyncio.coroutine is used in tram.py

Thanks! Happy to hear if there's anything I said that's because of my set-up and not the codebase

MarkDavidson commented 3 years ago

Hello @jecarr and thank you for the bug report. TRAM has moved to https://github.com/center-for-threat-informed-defense/tram and this issue is no longer present in that repository so I am closing this issue. Thank you!