Data sources enrichment function removes data sources metadata from techniques that do not have 'detects` relationships

[Cyb3rWard0g]

In the following function, if the technique ID does not match the target of any detects relationships (data component relationship), it removes the x_mitre_data_sources attribute. This happens to Mobile and ICS matrices. This is because ATT&CK has not added relationships for Mobile and ICS yet.

def enrich_techniques_data_sources(self, stix_object):
        # Get 'detects' relationships
        relationships = self.get_relationships(relationship_type='detects')

        # Get all data component objects
        data_components = self.get_data_components()

        # Get all data source objects without data components objects
        data_sources = self.get_data_sources()

        # Create Data Sources and Data Components lookup tables
        ds_lookup = {ds['id']:ds for ds in data_sources}
        dc_lookup = {dc['id']:dc for dc in data_components}

        # https://stix2.readthedocs.io/en/latest/guide/versioning.html
        for i in range(len(stix_object)):
            if 'x_mitre_data_sources' in stix_object[i].keys():
                technique_ds = dict()
                for rl in relationships:
                    if stix_object[i]['id'] == rl['target_ref']:
                        dc = dc_lookup[rl['source_ref']]
                        dc_ds_ref = dc['x_mitre_data_source_ref']
                        if dc_ds_ref not in technique_ds.keys():
                            technique_ds[dc_ds_ref] = ds_lookup[dc_ds_ref].copy()
                            technique_ds[dc_ds_ref]['data_components'] = list()
                        if dc not in technique_ds[dc_ds_ref]['data_components']:
                            technique_ds[dc_ds_ref]['data_components'].append(dc)
                new_data_sources = [ v for v in technique_ds.values()]
                stix_object[i] = stix_object[i].new_version(x_mitre_data_sources = new_data_sources)
        return stix_object