get_techniques_used_by_all_groups is broken by the new subtechniques change

[domiel]

Hi,

I'm getting the following error when running the "get_techniques_used_by_all_groups" function.
File "/Users/yallon/.virtualenvs/test_function/lib/python3.7/site-packages/attackcti/attack_api.py", line 660, in get_techniques_used_by_all_groups for phase in t['kill_chain_phases']: File "/Users/yallon/.virtualenvs/test_function/lib/python3.7/site-packages/stix2/base.py", line 216, in __getitem__ return self._inner[key] KeyError: 'kill_chain_phases'

[Cyb3rWard0g]

Let me try that. Thank you for letting me know.

[Cyb3rWard0g]

Same error

>>> from attackcti import attack_client
>>> 
>>> lift = attack_client()
>>> 
>>> techniques = lift.get_techniques_used_by_all_groups()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.7/site-packages/attackcti/attack_api.py", line 660, in get_techniques_used_by_all_groups
    for phase in t['kill_chain_phases']:
  File "/usr/local/lib/python3.7/site-packages/stix2/base.py", line 200, in __getitem__
    return self._inner[key]
KeyError: 'kill_chain_phases'
>>> 

It is failing in this technique:

{
    "type": "attack-pattern",
    "id": "attack-pattern--4b74a1d4-b0e9-4ef1-93f1-14ecc6e2f5b5",
    "created": "2017-05-31T21:30:35.334Z",
    "modified": "2020-03-21T00:43:01.387Z",
    "name": "Standard Cryptographic Protocol",
    "revoked": true,
    "external_references": [
        {
            "source_name": "mitre-attack",
            "url": "https://attack.mitre.org/techniques/T1032",
            "external_id": "T1032"
        },
        {
            "source_name": "SANS Decrypting SSL",
            "description": "Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.",
            "url": "http://www.sans.org/reading-room/whitepapers/analyst/finding-hidden-threats-decrypting-ssl-34840"
        },
        {
            "source_name": "SEI SSL Inspection Risks",
            "description": "Dormann, W. (2015, March 13). The Risks of SSL Inspection. Retrieved April 5, 2016.",
            "url": "https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html"
        },
        {
            "source_name": "Fidelis DarkComet",
            "description": "Fidelis Cybersecurity. (2015, August 4). Looking at the Sky for a DarkComet. Retrieved April 5, 2016.",
            "url": "https://www.fidelissecurity.com/sites/default/files/FTA_1018_looking_at_the_sky_for_a_dark_comet.pdf"
        },
        {
            "source_name": "University of Birmingham C2",
            "description": "Gardiner, J.,  Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.",
            "url": "https://arxiv.org/ftp/arxiv/papers/1408/1408.1136.pdf"
        }
    ]
}
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/cyb3rward0g/Documents/GitHub/ATTACK-Python-Client/attackcti/attack_api.py", line 673, in get_techniques_used_by_all_groups
    for phase in t['kill_chain_phases']:
  File "/usr/local/lib/python3.7/site-packages/stix2/base.py", line 200, in __getitem__
    return self._inner[key]
KeyError: 'kill_chain_phases'
>>>

That's a revoked one. I was thinking on keeping revoked ones too and let the user remove those in case they want to, for some reason. kill_chain_phases and description keys fail in some revoked techniques. I will just set those fields to empty if the keys do not exist. Pushing updates in a few mins.

Thank you for your patience!