From 47ac01ee96d7ea9c14d3032fcefbbcffda5cbf00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 13 Feb 2017 18:32:53 +0100 Subject: [PATCH] Initial Json schema --- .travis.yml | 21 ++++---- galaxies/exploit-kit.json | 10 ++-- galaxies/microsoft-activity-group.json | 10 ++-- galaxies/preventive-measure.json | 10 ++-- galaxies/tds.json | 10 ++-- galaxies/threat-actor.json | 10 ++-- galaxies/tool.json | 10 ++-- jq_all_the_things.sh | 13 +++++ schema.json | 72 ++++++++++++++++++++++++++ validate_all.sh | 21 ++++++++ 10 files changed, 146 insertions(+), 41 deletions(-) create mode 100755 jq_all_the_things.sh create mode 100644 schema.json create mode 100755 validate_all.sh diff --git a/.travis.yml b/.travis.yml index 96744ae..c413fe7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,17 +1,16 @@ -language: bash +language: python + +cache: pip + +python: + - "3.6" sudo: required -dist: trusty - install: - - git clone https://github.com/stedolan/jq.git - - pushd jq - - autoreconf -i - - ./configure --disable-maintainer-mode - - make - - sudo make install - - popd + - sudo apt-get update -qq + - sudo apt-get install -y -qq jq moreutils + - pip install jsonschema script: - - cat */*.json | jq . + - ./validate_all.sh diff --git a/galaxies/exploit-kit.json b/galaxies/exploit-kit.json index f86ddf1..4707448 100644 --- a/galaxies/exploit-kit.json +++ b/galaxies/exploit-kit.json @@ -1,7 +1,7 @@ { - "type" : "exploit-kit", - "name" : "Exploit-Kit", - "description":"Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years", - "version": 2, - "uuid": "6ab240ec-bd79-11e6-a4a6-cec0c932ce01" + "type": "exploit-kit", + "name": "Exploit-Kit", + "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years", + "version": 2, + "uuid": "6ab240ec-bd79-11e6-a4a6-cec0c932ce01" } diff --git a/galaxies/microsoft-activity-group.json b/galaxies/microsoft-activity-group.json index 6ddcfb0..9bfa2a3 100644 --- a/galaxies/microsoft-activity-group.json +++ b/galaxies/microsoft-activity-group.json @@ -1,7 +1,7 @@ { - "name": "Microsoft Activity Group actor", - "type": "microsoft-activity-group", - "description": "Activity groups as described by Microsoft", - "version": 1, - "uuid": "74c869e8-0b8e-4e5f-96e6-cd992e07a505" + "name": "Microsoft Activity Group actor", + "type": "microsoft-activity-group", + "description": "Activity groups as described by Microsoft", + "version": 1, + "uuid": "74c869e8-0b8e-4e5f-96e6-cd992e07a505" } diff --git a/galaxies/preventive-measure.json b/galaxies/preventive-measure.json index 9046977..40b5d91 100644 --- a/galaxies/preventive-measure.json +++ b/galaxies/preventive-measure.json @@ -1,7 +1,7 @@ { - "name": "Preventive Measure", - "type": "preventive-measure", - "description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.", - "version": 1, - "uuid": "8168995b-adcd-4684-9e37-206c5771505a" + "name": "Preventive Measure", + "type": "preventive-measure", + "description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.", + "version": 1, + "uuid": "8168995b-adcd-4684-9e37-206c5771505a" } diff --git a/galaxies/tds.json b/galaxies/tds.json index 2763cf0..e773d3a 100644 --- a/galaxies/tds.json +++ b/galaxies/tds.json @@ -1,7 +1,7 @@ { - "type" : "tds", - "name" : "TDS", - "description": "TDS is a list of Traffic Direction System used by adversaries", - "version": 2, - "uuid": "1b9a7d8e-bd7a-11e6-a4a6-cec0c932ce01" + "type": "tds", + "name": "TDS", + "description": "TDS is a list of Traffic Direction System used by adversaries", + "version": 2, + "uuid": "1b9a7d8e-bd7a-11e6-a4a6-cec0c932ce01" } diff --git a/galaxies/threat-actor.json b/galaxies/threat-actor.json index 9b1a57b..d5f64ec 100644 --- a/galaxies/threat-actor.json +++ b/galaxies/threat-actor.json @@ -1,7 +1,7 @@ { - "name" : "Threat Actor", - "type" : "threat-actor", - "description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.", - "version": 1, - "uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3" + "name": "Threat Actor", + "type": "threat-actor", + "description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.", + "version": 1, + "uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3" } diff --git a/galaxies/tool.json b/galaxies/tool.json index 2237162..b4adbfd 100644 --- a/galaxies/tool.json +++ b/galaxies/tool.json @@ -1,7 +1,7 @@ { - "type" : "tool", - "name" : "Tool", - "description": "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", - "version": 1, - "uuid": "9b8037f7-bc8f-4de1-a797-37266619bc0b" + "type": "tool", + "name": "Tool", + "description": "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", + "version": 1, + "uuid": "9b8037f7-bc8f-4de1-a797-37266619bc0b" } diff --git a/jq_all_the_things.sh b/jq_all_the_things.sh new file mode 100755 index 0000000..e87dd4c --- /dev/null +++ b/jq_all_the_things.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e +set -x + +# Seeds sponge, from moreutils + +for dir in galaxies/*.json +do + cat ${dir} | jq . | sponge ${dir} +done + +cat schema.json | jq . | sponge schema.json diff --git a/schema.json b/schema.json new file mode 100644 index 0000000..73acaba --- /dev/null +++ b/schema.json @@ -0,0 +1,72 @@ +{ + "$schema": "http://json-schema.org/schema#", + "title": "Validator for misp-galaxies", + "id": "https://www.github.com/MISP/misp-galaxies/schema.json", + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "type": { + "type": "string" + }, + "version": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "uuid": { + "type": "string" + }, + "source": { + "type": "string" + }, + "values": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "value": { + "type": "string" + }, + "type": { + "type": "string" + }, + "Possible Issues": { + "type": "string" + }, + "meta": { + "type": "object" + } + }, + "required": [ + "value" + ] + } + }, + "authors": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + } + }, + "required": [ + "description", + "type", + "version", + "name", + "uuid", + "values", + "authors", + "source" + ] +} diff --git a/validate_all.sh b/validate_all.sh new file mode 100755 index 0000000..f39f850 --- /dev/null +++ b/validate_all.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e +set -x + +./jq_all_the_things.sh + +diffs=`git status --porcelain | wc -l` + +if ! [ $diffs -eq 0 ]; then + echo "Please make sure you run ./jq_all_the_things.sh before commiting." + exit 1 +fi + +for dir in galaxies/*.json +do + echo -n "${dir}: " + jsonschema -i ${dir} schema.json + echo '' +done +