RubyGems - active_stix - Versions diffs - 0.1.21 - Mend

active_stix 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (289) hide show

data/app/models/active_stix/to_ref.rb ADDED

@@ -0,0 +1,6 @@
+module ActiveStix
+  class ToRef < ActiveStix::Recipient
+    belongs_to :email_message
+    belongs_to :email_address
+  end
+end

data/app/models/active_stix/tool.rb ADDED

@@ -0,0 +1,112 @@
+class ActiveStix::Tool < ApplicationRecord
+  has_many :reference_items, as: 'referrer'
+  has_many :external_references, through: :reference_items
+  has_many :markups, as: :labelable
+  has_many :labels, through: :markups
+  def self.expected_keys
+    [
+        'description',
+        'external_references',
+        'object_marking_refs',
+        'created_by_ref',
+        'labels'
+    ]
+  end
+  def type
+    'tool'
+  end
+  def self.ingest_json(obj)
+    tool = find_or_create_by(stix_id: obj['id'], name: obj['name'])
+    expected_keys.each do |expected_key|
+      if obj.has_key?(expected_key)
+        send(expected_key, *[tool, obj])
+      end
+    end
+    tool.save
+    tool
+  end
+  def self.object_marking_refs(tool, obj)
+    # obj['object_marking_refs'].each do |mr|
+    #   marking_definition = ActiveStix::MarkingDefinition.create_by_id(mr)
+    #   tool.marking_definitions << marking_definition unless ActiveStix::ReferenceObjectMarkingTool.find_by(stix_marking_definition_id:marking_definition.id, stix_tool_id:tool.id)
+    # end todo
+  end
+  def self.description(tool, obj)
+    tool.description = obj['description']
+  end
+  def self.created_by_ref(tool, obj)
+    tool.created_by_ref = obj['created_by_ref']
+  end
+  def self.external_references(tool, obj)
+    obj['external_references'].each do |er|
+      external_reference = ActiveStix::ExternalReference.ingest_json(er, obj['id'])
+      tool.external_references << external_reference unless ActiveStix::ReferenceItem.find_by(external_reference: external_reference, referrer: tool)
+    end
+  end
+  def self.labels(tool, obj)
+    obj['labels'].each do |lab|
+      label = ActiveStix::Label.ingest_label('tool', lab)
+      tool.labels << label unless ActiveStix::Markup.find_by(labelable: tool, label: label)
+    end
+  end
+  def as_stix(classification = nil, chess = nil)
+    as_json
+  end
+  def convert_to_json
+    external_refs_arr = []
+    external_references.each do |x|
+      external_refs_arr << x.convert_to_json
+    end
+    # marking_def_arr = []
+    # marking_definitions.each do | x |
+    #   marking_def_arr << x.convert_to_json
+    # end todo
+    platform_arr = []
+    platforms.each do |x|
+      platform_arr << x.convert_to_json
+    end
+    labels_arr = []
+    labels.each do |x|
+      labels_arr << x.open_vocabulary.convert_to_json
+    end
+    alias_arr = []
+    attack_aliases.each do |x|
+      alias_arr << x.convert_to_json
+    end
+    {
+        :external_references => external_refs_arr,
+        # :object_marking_refs => marking_def_arr,
+        :modified => updated_at.to_s,
+        :created_by_ref => created_by_ref,
+        :id => stix_id,
+        :name => name,
+        :created => created_at.to_s,
+        :labels => labels_arr,
+        :type => "tool",
+        :description => description
+    }
+  end
+end

data/app/models/active_stix/url.rb ADDED

@@ -0,0 +1,15 @@
+module ActiveStix
+  class Url < ApplicationRecord
+    has_many :cyber_observables, :class_name => 'ActiveStix::CyberObservable', foreign_key: :observable_object_id
+    has_many :observed_data, through: :cyber_observables, :class_name => "ActiveStix::ObservedDatum"
+    after_create do
+      ObservedDatum.wrap_object(self)
+    end
+    def type
+      "url"
+    end
+  end
+end

data/app/models/active_stix/user.rb ADDED

@@ -0,0 +1,4 @@
+module ActiveStix
+  class User < ApplicationRecord
+  end
+end

data/app/models/active_stix/user_account.rb ADDED

@@ -0,0 +1,3 @@
+class ActiveStix::UserAccount < ApplicationRecord
+  belongs_to :identity
+end

data/app/views/active_stix/artifacts/_form.html.erb ADDED

@@ -0,0 +1,57 @@
+<%= form_with(model: artifact, local: true) do |form| %>
+  <% if artifact.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(artifact.errors.count, "error") %> prohibited this artifact from being saved:</h2>
+      <ul>
+      <% artifact.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= form.label :stix_id %>
+    <%= form.text_field :stix_id %>
+  </div>
+  <div class="field">
+    <%= form.label :type %>
+    <%= form.text_field :type %>
+  </div>
+  <div class="field">
+    <%= form.label :mime_type %>
+    <%= form.text_field :mime_type %>
+  </div>
+  <div class="field">
+    <%= form.label :payload_bin %>
+    <%= form.text_field :payload_bin %>
+  </div>
+  <div class="field">
+    <%= form.label :url %>
+    <%= form.text_field :url %>
+  </div>
+  <div class="field">
+    <%= form.label :hashes %>
+    <%= form.text_field :hashes %>
+  </div>
+  <div class="field">
+    <%= form.label :encryption_algorithm %>
+    <%= form.text_field :encryption_algorithm %>
+  </div>
+  <div class="field">
+    <%= form.label :decryption_key %>
+    <%= form.text_field :decryption_key %>
+  </div>
+  <div class="actions">
+    <%= form.submit %>
+  </div>
+<% end %>

data/app/views/active_stix/artifacts/edit.html.erb ADDED

@@ -0,0 +1,6 @@
+<h1>Editing Artifact</h1>
+<%= render 'form', artifact: @artifact %>
+<%= link_to 'Show', @artifact %> |
+<%= link_to 'Back', artifacts_path %>

data/app/views/active_stix/artifacts/index.html.erb ADDED

@@ -0,0 +1,41 @@
+<p id="notice"><%= notice %></p>
+<h1>Artifacts</h1>
+<table>
+  <thead>
+    <tr>
+      <th>Stix</th>
+      <th>Type</th>
+      <th>Mime type</th>
+      <th>Payload bin</th>
+      <th>Url</th>
+      <th>Hashes</th>
+      <th>Encryption algorithm</th>
+      <th>Decryption key</th>
+      <th colspan="3"></th>
+    </tr>
+  </thead>
+  <tbody>
+    <% @artifacts.each do |artifact| %>
+      <tr>
+        <td><%= artifact.stix_id %></td>
+        <td><%= artifact.type %></td>
+        <td><%= artifact.mime_type %></td>
+        <td><%= artifact.payload_bin %></td>
+        <td><%= artifact.url %></td>
+        <td><%= artifact.hashes %></td>
+        <td><%= artifact.encryption_algorithm %></td>
+        <td><%= artifact.decryption_key %></td>
+        <td><%= link_to 'Show', artifact %></td>
+        <td><%= link_to 'Edit', edit_artifact_path(artifact) %></td>
+        <td><%= link_to 'Destroy', artifact, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+      </tr>
+    <% end %>
+  </tbody>
+</table>
+<br>
+<%= link_to 'New Artifact', new_artifact_path %>

data/app/views/active_stix/artifacts/new.html.erb ADDED

@@ -0,0 +1,5 @@
+<h1>New Artifact</h1>
+<%= render 'form', artifact: @artifact %>
+<%= link_to 'Back', artifacts_path %>

data/app/views/active_stix/artifacts/show.html.erb ADDED

@@ -0,0 +1,44 @@
+<p id="notice"><%= notice %></p>
+<p>
+  <strong>Stix:</strong>
+  <%= @artifact.stix_id %>
+</p>
+<p>
+  <strong>Type:</strong>
+  <%= @artifact.type %>
+</p>
+<p>
+  <strong>Mime type:</strong>
+  <%= @artifact.mime_type %>
+</p>
+<p>
+  <strong>Payload bin:</strong>
+  <%= @artifact.payload_bin %>
+</p>
+<p>
+  <strong>Url:</strong>
+  <%= @artifact.url %>
+</p>
+<p>
+  <strong>Hashes:</strong>
+  <%= @artifact.hashes %>
+</p>
+<p>
+  <strong>Encryption algorithm:</strong>
+  <%= @artifact.encryption_algorithm %>
+</p>
+<p>
+  <strong>Decryption key:</strong>
+  <%= @artifact.decryption_key %>
+</p>
+<%= link_to 'Edit', edit_artifact_path(@artifact) %> |
+<%= link_to 'Back', artifacts_path %>

data/app/views/active_stix/attack_patterns/_form.html.erb ADDED

@@ -0,0 +1,37 @@
+<%= form_with(model: attack_pattern, local: true) do |form| %>
+  <% if attack_pattern.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(attack_pattern.errors.count, "error") %> prohibited this attack_pattern from being saved:</h2>
+      <ul>
+      <% attack_pattern.errors.full_messages.each do |message| %>
+        <li><%= message %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= form.label :name %>
+    <%= form.text_field :name %>
+  </div>
+  <div class="field">
+    <%= form.label :description %>
+    <%= form.text_area :description %>
+  </div>
+  <div class="field">
+    <%= form.label :kill_chain_phases %>
+    <%= form.text_field :kill_chain_phases %>
+  </div>
+  <div class="field">
+    <%= form.label :stix_id %>
+    <%= form.text_field :stix_id %>
+  </div>
+  <div class="actions">
+    <%= form.submit %>
+  </div>
+<% end %>

data/app/views/active_stix/attack_patterns/edit.html.erb ADDED

	@@ -0,0 +1,2 @@
1	+ <h1>ActiveStix::AttackPatterns#edit</h1>
2	+ <p>Find me in app/views/stix/attack_patterns/edit.html.erb</p>

data/app/views/active_stix/attack_patterns/index.html.erb ADDED

	@@ -0,0 +1,2 @@
1	+ <h1>ActiveStix::AttackPatterns#index</h1>
2	+ <p>Find me in app/views/stix/attack_patterns/index.html.erb</p>

data/app/views/active_stix/attack_patterns/new.html.erb ADDED

	@@ -0,0 +1,2 @@
1	+ <h1>ActiveStix::AttackPatterns#new</h1>
2	+ <p>Find me in app/views/stix/attack_patterns/new.html.erb</p>

data/app/views/active_stix/attack_patterns/show.html.erb ADDED

@@ -0,0 +1,140 @@
+<p id="notice"><%= notice %></p>
+<% markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, fenced_code_blocks: true) %>
+<% if @attack_pattern.external_references.collect {|x| x.source_name }.include?("mitre-attack") %>
+  <div>
+    <div style="max-width:70%; margin-left:2%;color:black">
+      <h2><%= @attack_pattern.name %></h2>
+      <br>
+      <strong style="color:black">Description:</strong>
+      <br>
+      <div style="margin-left:1%;color:black">
+        <%= markdown.render(@attack_pattern.description).html_safe %>
+      </div>
+      <br>
+      <br>
+      <strong style="color:black">Examples</strong>
+      <br>
+      <table style="margin-left:1%;border:1px solid black;color:black">
+        <tr bgcolor="#F0F0F0">
+          <th style="border:1px solid black">Name</th>
+          <th style="border:1px solid black">Description</th>
+        </tr>
+        <% @attack_pattern.target_relationships.where("relationship_type = 'uses'").each do | rel | %>
+          <!-- make sure stix tools objects aren't included in the list -->
+          <% next if rel.source.name.include?("--") %>
+          <tr>
+            <td style="border:1px solid black;color:black"> <%= rel.source.name  %> </td>
+            <td style="border:1px solid black;color:black"> <%= markdown.render(rel.description).html_safe  %></td>
+          </tr>
+        <% end %>
+      </table>
+      <br>
+      <br>
+      <strong style="color:black">Mitigation:</strong>
+      <br>
+      <div style="margin-left:1%;color:black">
+        <%= markdown.render(@attack_pattern.target_relationships.where("relationship_type='mitigates'").first.source.description).html_safe %>
+      </div>
+      <br>
+      <br>
+      <strong style="color:black">Detection:</strong>
+      <br>
+      <div style="margin-left:1%;color:black">
+        <%= markdown.render(@attack_pattern.detections.first.description).html_safe %>
+      </div>
+      <br>
+      <br>
+      <div style="position:absolute;top:150px;right:100px;width:300px;height:400px;border:1px solid black;padding:10px;color:black">
+        <strong>ID:</strong>
+        <%= @attack_pattern.external_references.find_by("source_name = 'mitre-attack'").external_id %>
+        <br>
+        <Strong>Tactic:</Strong>
+        <%= @attack_pattern.phases.first.name %>
+        <br>
+        <Strong>Platform:</Strong>
+        <% platform_array = [] %>
+        <% @attack_pattern.platforms.each do | plat | %>
+          <% platform_array << plat.platform %>
+        <% end %>
+        <%= platform_array.join(", ") %>
+        <br>
+        <Strong>Permissions Required:</Strong>
+        <% perm_array = [] %>
+        <% @attack_pattern.permissions_requireds.each do | perm | %>
+          <% perm_array << perm.permission %>
+        <% end %>
+        <%= perm_array.join(", ") %>
+        <br>
+        <Strong>Data Sources:</Strong>
+        <% src_array = [] %>
+        <% platform_array = [] %>
+        <% @attack_pattern.data_sources.each do | src | %>
+          <% src_array << src.source %>
+        <% end %>
+        <%= src_array.join(", ") %>
+        <br>
+        <Strong>Version:</Strong>
+        <%= @attack_pattern.versions.first.version %>
+      </div>
+    </div>
+  </div>
+<% elsif @attack_pattern.external_references.collect {|x| x.source_name }.include?("mitre-pre-attack")  %>
+  <div>
+    <div style="max-width:70%; margin-left:2%;color:black">
+      <h2><%= @attack_pattern.name %></h2>
+      <br>
+      <strong style="color:black">Description:</strong>
+      <br>
+      <div style="margin-left:1%;color:black">
+        <%= markdown.render(@attack_pattern.description).html_safe %>
+      </div>
+      <br>
+      <strong style="color:black">Detection:</strong>
+      <br>
+      <div style="margin-left:1%;">
+        <strong>Detectable by Common Defenses (Yes/No/Partial):</strong>   <%= @attack_pattern.detectable_by_common_defenses.first.detectable %>
+      </div>
+      <br>
+      <div style="margin-left:1%">
+        <strong>Explanation:</strong> <%= @attack_pattern.detectable_by_common_defenses_explanations.first.explanation %>
+      </div>
+      <br>
+      <strong>Difficulty for the Adversary:</strong>
+      <div style="margin-left:1%;">
+        <strong>Easy for the Adversary (Yes/No):</strong> <%= @attack_pattern.difficulty_for_adversaries.first.difficulty %>
+      </div>
+      <br>
+      <div style="margin-left:1%">
+        <strong>Explanation:</strong> <%= @attack_pattern.difficulty_for_adversary_explanations.first.explanation %>
+      </div>
+      <div style="position:absolute;top:150px;right:100px;width:300px;height:300px;border:1px solid black;padding:10px;color:black">
+        <strong>ID:</strong>
+        <%= @attack_pattern.external_references.find_by("source_name = 'mitre-pre-attack'").external_id %>
+        <br>
+        <Strong>Tactic:</Strong>
+        <%= @attack_pattern.phases.first.name %>
+        <br>
+        <Strong>Version:</Strong>
+        <%= @attack_pattern.versions.first.version %>
+      </div>
+    </div>
+  </div>
+<% else %>
+  <%= "Error" %>
+<% end %>