File name too long

[d3fs0n]

Hello,
When you have a YAML file with many groups defined, and run
python dettect.py g -g output/group.yaml

The output shows the following error:

Traceback (most recent call last):
File "dettect.py", line 309, in
_menu(_init_menu())
File "dettect.py", line 243, in _menu
include_all_score_objs=args.all_scores):
File "/opt/DeTTECT/group_mapping.py", line 584, in generate_group_heat_map
write_file(stage, filename[:242], json_string)
File "/opt/DeTTECT/generic.py", line 357, in write_file
with open(output_filename, 'w') as f:
OSError: [Errno 36] File name too long: 'output/attack_all_apt41-(mitre-att&ck-data)_machete-(mitre-att&ck-data)_kimsuky-(mitre-att&ck-data)_soft-cell-(mitre-att&ck-data)_ta505-(mitre-att&ck-data)_silence-(mitre-att&ck-data)_wirte-(mitre-att&ck-data)_the-white-company-(mitre-att&ck-data)_temp.vel_1.json'

I've been investigating this error, and I've can find the problem. It is because in the line 584 in File "/opt/DeTTECT/group_mapping.py", creates a filename of 255 character as limit, but later in the next function, is added the path of this file "output/" (7 char) and the extension ".json" (5 char), so in the end, the filename is of 267 characters, so it isn't possible.

Then for I propose that you change the number in line 584 in File "/opt/DeTTECT/group_mapping.py" such as 200 , set a same filename like as other functions or you can choose the output file with new parameter.

I love your tool and I want to share this kind of issues, because I want to collaborate in this kind of projects.

[rubinatorz]

hi @d3fs0n

Thank you reaching out. You are completely right and the proposed solution is a good fix. We also have the plan to make a parameter to set the filename yourself. We also reconsider using the group/campaign names in the filenames because they can be very long and may contain special characters. We will take along one or more solutions for this issue in the next release.

Regards,
Ruben

[d3fs0n]

Great!!