From 6866b158b17493043521c058fd9b91b37c98c550 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Tue, 25 Jul 2017 17:39:06 +0200 Subject: [PATCH] Add validators for vocabularies and misp --- schema_clusters.json | 4 +- schema_galaxies.json | 4 +- schema_misp.json | 31 ++++++++++ schema_vocabularies.json | 58 +++++++++++++++++++ validate_all.sh | 30 +++++++++- .../threat-actor/intended-effect.json | 4 +- vocabularies/threat-actor/motivation.json | 4 +- .../planning-and-operational-support.json | 4 +- vocabularies/threat-actor/sophistication.json | 4 +- vocabularies/threat-actor/type.json | 4 +- 10 files changed, 130 insertions(+), 17 deletions(-) create mode 100644 schema_misp.json create mode 100644 schema_vocabularies.json diff --git a/schema_clusters.json b/schema_clusters.json index 64c63c0..9915ef0 100644 --- a/schema_clusters.json +++ b/schema_clusters.json @@ -1,7 +1,7 @@ { "$schema": "http://json-schema.org/schema#", - "title": "Validator for misp-galaxies", - "id": "https://www.github.com/MISP/misp-galaxies/schema.json", + "title": "Validator for misp-galaxies - Clusters", + "id": "https://www.github.com/MISP/misp-galaxies/schema_clusters.json", "type": "object", "additionalProperties": false, "properties": { diff --git a/schema_galaxies.json b/schema_galaxies.json index 5f4a629..bfea422 100644 --- a/schema_galaxies.json +++ b/schema_galaxies.json @@ -1,7 +1,7 @@ { "$schema": "http://json-schema.org/schema#", - "title": "Validator for misp-galaxies", - "id": "https://www.github.com/MISP/misp-galaxies/schema.json", + "title": "Validator for misp-galaxies - Galaxies", + "id": "https://www.github.com/MISP/misp-galaxies/schema_galaxies.json", "type": "object", "additionalProperties": false, "properties": { diff --git a/schema_misp.json b/schema_misp.json new file mode 100644 index 0000000..03c4005 --- /dev/null +++ b/schema_misp.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/schema#", + "title": "Validator for misp-galaxies - MISP", + "id": "https://www.github.com/MISP/misp-galaxies/schema_misp.json", + "type": "object", + "additionalProperties": false, + "properties": { + "elements_url": { + "type": "string" + }, + "default_predicate_value_in": { + "type": "string" + }, + "default_predicate_value": { + "type": "string" + }, + "cluster_url": { + "type": "string" + }, + "predicate_in": { + "type": "string" + } + }, + "required": [ + "elements_url", + "default_predicate_value_in", + "default_predicate_value", + "cluster_url", + "predicate_in" + ] +} diff --git a/schema_vocabularies.json b/schema_vocabularies.json new file mode 100644 index 0000000..664fa03 --- /dev/null +++ b/schema_vocabularies.json @@ -0,0 +1,58 @@ +{ + "$schema": "http://json-schema.org/schema#", + "title": "Validator for misp-galaxies - Vocabularies", + "id": "https://www.github.com/MISP/misp-galaxies/schema_vocabularies.json", + "type": "object", + "additionalProperties": false, + "properties": { + "version": { + "type": "integer" + }, + "description": { + "type": "string" + }, + "source": { + "type": "string" + }, + "author": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "uuid": { + "type": "string" + }, + "stix": { + "type": "string" + }, + "type": { + "type": "string" + }, + "values": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object", + "additionalProperties": false, + "properties": { + "description": { + "type": "string" + }, + "value": { + "type": "string" + } + } + } + } + }, + "required": [ + "version", + "description", + "author", + "uuid", + "type", + "values" + ] +} diff --git a/validate_all.sh b/validate_all.sh index 31f47d7..25db070 100755 --- a/validate_all.sh +++ b/validate_all.sh @@ -9,7 +9,7 @@ # Check Jsons format, and beautify ./jq_all_the_things.sh rc=$? -if [[ $rc != 0 ]]; then +if [[ $rc != 0 ]]; then exit $rc fi @@ -30,7 +30,7 @@ do echo -n "${dir}: " jsonschema -i ${dir} schema_clusters.json rc=$? - if [[ $rc != 0 ]]; then + if [[ $rc != 0 ]]; then echo "Error on ${dir}" exit $rc fi @@ -42,7 +42,31 @@ do echo -n "${dir}: " jsonschema -i ${dir} schema_galaxies.json rc=$? - if [[ $rc != 0 ]]; then + if [[ $rc != 0 ]]; then + echo "Error on ${dir}" + exit $rc + fi + echo '' +done + +for dir in misp/*.json +do + echo -n "${dir}: " + jsonschema -i ${dir} schema_misp.json + rc=$? + if [[ $rc != 0 ]]; then + echo "Error on ${dir}" + exit $rc + fi + echo '' +done + +for dir in vocabularies/*/*.json +do + echo -n "${dir}: " + jsonschema -i ${dir} schema_vocabularies.json + rc=$? + if [[ $rc != 0 ]]; then echo "Error on ${dir}" exit $rc fi diff --git a/vocabularies/threat-actor/intended-effect.json b/vocabularies/threat-actor/intended-effect.json index da9e5f6..07d922a 100644 --- a/vocabularies/threat-actor/intended-effect.json +++ b/vocabularies/threat-actor/intended-effect.json @@ -91,10 +91,10 @@ "value": "Unauthorized Access" } ], - "version" : 1, + "version" : 2, "description": "The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor", "source": "STIX 1.0", - "author": "STIX", + "author": ["STIX"], "uuid": "b6975c96-296a-48cf-9006-034ed102bc85", "stix": "1.2.1", "type": "threat-actor-intended-effect-vocabulary" diff --git a/vocabularies/threat-actor/motivation.json b/vocabularies/threat-actor/motivation.json index 9056883..ca5dba3 100644 --- a/vocabularies/threat-actor/motivation.json +++ b/vocabularies/threat-actor/motivation.json @@ -56,10 +56,10 @@ "description": "The threat actor is motivated by the desire to exercise some political advantage." } ], - "version" : 1, + "version" : 2, "description": "The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.", "source": "STIX 1.0", - "author": "STIX", + "author": ["STIX"], "uuid": "74183277-5ee6-436a-9859-cb16fb3f21e2", "stix": "1.2.1", "type": "threat-actor-motivation-vocabulary" diff --git a/vocabularies/threat-actor/planning-and-operational-support.json b/vocabularies/threat-actor/planning-and-operational-support.json index b9f1c3e..72bc9c1 100644 --- a/vocabularies/threat-actor/planning-and-operational-support.json +++ b/vocabularies/threat-actor/planning-and-operational-support.json @@ -67,9 +67,9 @@ "value": "Skill Development / Recruitment - University Programs" } ], - "version" : 1, + "version" : 2, "description": "The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.", - "author": "STIX", + "author": ["STIX"], "source": "STIX 1.0", "stix": "1.0.1", "uuid": "f91f69d2-fcd0-45f2-baeb-4f79f9458da7", diff --git a/vocabularies/threat-actor/sophistication.json b/vocabularies/threat-actor/sophistication.json index 30dad11..386a3c3 100644 --- a/vocabularies/threat-actor/sophistication.json +++ b/vocabularies/threat-actor/sophistication.json @@ -17,9 +17,9 @@ "description": "Demonstrates a nascent capability. A novice has basic computer skills and likely requires the assistance of a Practitioner or higher to engage in hacking activity. He uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet and lacks the ability to conduct his own reconnaissance and targeting research." } ], - "version" : 1, + "version" : 2, "description": "The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.", - "author": "STIX", + "author": ["STIX"], "uuid": "fcaf1309-28c4-4d09-b56f-84d6cf6afbb3", "stix": "1.0", "type": "threat-actor-sophistication-vocabulary" diff --git a/vocabularies/threat-actor/type.json b/vocabularies/threat-actor/type.json index 8ce82f6..790a93d 100644 --- a/vocabularies/threat-actor/type.json +++ b/vocabularies/threat-actor/type.json @@ -52,10 +52,10 @@ "value": "Disgruntled Customer / User" } ], - "version": 1, + "version": 2, "uuid": "3d7dc2ee-ca54-4a5e-96a3-2e7cba0ffe95", "description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.", - "author": "STIX", + "author": ["STIX"], "source": "STIX 1.0", "stix": "1.0", "type": "threat-actor-type-vocabulary"