facebookincubator / TTPForge / 16530976879
66%
main: 67%

LAST BUILD BRANCH: export-D89671295
DEFAULT BRANCH: main
Ran
Jobs 1
Files 65
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 66.235%. First build
16530976879

Pull #548

github

facebook-github-bot 
Parse YAML TTPs

Summary:
## Parse YAML TTPs

This diff introduces a new utility `parseutils` to TTPForge, which provides functionality to parse YAML TTPs. Using this, we updated the `enum ttps` command functionality.

This diff is a part of the future improvements discussed in the following [diff](https://www.internalfb.com/diff/D77619765).

### Context

Currently commands in TTPForge like Enum use the read file and regex functionalities to find certain data points in the YAML. This is not the most efficient way to extract/filter information from YAML as regex could lead to false positives and negatives.

To solve this problem, this diff implements parsing the YAML file to extract data on the basis of structures and updates the `enum ttps` command to use it as explored in this [document](https://docs.google.com/document/d/1OUihSxvrTHUK24kIH0VE3uHL-l6OBCL6iSPLIXLtx8E/edit?tab=t.0#heading=h.je60o44ihbi0).

### Impact
The added functionality allows **correct and easy data extraction** from TTPs also paving way for us to use this TTP data for other things like dashboard. This also promotes a more structured YAML file creation for TTPs going forward. This is highlighted by [TTPs](https://www.internalfb.com/code/security-ttpcode/ttps/purple-team-engagements/2025-Q2-Purple-Fleece/ttp01-exfil-model-to-s3-from-devserver-awscli/ttp.yaml) that were missed using the regex approach due to inverted commas being using in tactic and technique.

After implementing this diff, while testing we identified some TTPs that had errors. We also noted that when using the [security-ttpcode repo](https://www.internalfb.com/code/security-ttpcode/ttpforge-repo-config.yaml) gives us few redundant TTPs due to misconfiguration.

Following are the diffs created to fix the errors/improvements observed from this updated code while testing:
1) [Updating TTP Repo Config](https://www.internalfb.com/diff/D78836093)
2) [Fixing error in TTP for parsing](https://www.internalfb.com/diff/D78837... (continued)
Pull Request #548: Parse YAML TTPs

43 of 67 new or added lines in 2 files covered. (64.18%)

2405 of 3631 relevant lines covered (66.24%)

16.28 hits per line

New Missed Lines in Diff

Lines Coverage File
24
75.56
 cmd/enumttps.go
Jobs
ID Job ID Ran Files Coverage
1 16530976879.1 65
66.24
 GitHub Action Run
Source Files on build 16530976879