atternio is a PoC tool powered by flawfinder that is designed to prioritize CWE identificators according to MITRE CAPEC dictionary.
The data used for conducting this procedure is open source CAPEC data provided in the form of JSON (STIX 2.x) files.
atternio receives a path to C/C++ sources as an input, which is then passed to flawfinder for finding out CWEs.
Each CWE identificator is searched through CAPEC data to determine the attack patterns (CAPEC-IDs) it can be a part of.
When analyzing CAPEC data, the following metrics are taken into account:
- severity (
x_capec_severity); - likelihood (
x_capec_likelihood_of_attack).
An individual CWE can be found in multiple CAPEC patterns.
For each CWE (CWE-ID) in a CAPEC pattern (CAPEC-ID) risk points are calculated using the following formula:
cwe_risk = severity + likelihood
Each CAPEC-ID can contain multiple detected CWE-IDs:
capec_risk = sum(cwe_risk)
Finally, the total number of risk points:
total_risk = sum(capec_risk)
When the risk enumeration is complete, the tool will output 2 tables:
- CWE Records - all CWEs detected with their location in provided sources;
- Prioritized CWE Records - prioritized CWEs with related CAPECs and percentage of shared risk.
$ python3 -m atternio --help
usage: [-h] --source PATH_INPUT [--install-dictionary] [-o OUTPUT] [--results]
Atternio - a PoC tool for CWE prioritization according to MITRE CAPEC dictionary.
options:
-h, --help show this help message and exit
--source PATH_INPUT path to file or directory
--install-dictionary if CAPEC dictionary is not present, install it automatically
-o OUTPUT, --output OUTPUT
path to output file
--results show only RESULTS sectionTo install latest atternio package from PyPI, use:
python3 -m pip install atternioTo install and debug atternio locally, in the root of repository use:
python3 -m pip install -e .To run atternio without any installation into local cache, in the root of repository use:
export PYTHONPATH=$(pwd)
python3 -m poetry install --no-root
python3 atternio <arguments>