ruby-stix2 0.1.0 → 0.1.1

data/lib/stix2/extensions/unix_account.rb

@@ -0,0 +1,10 @@
+module Stix2
+  module Extensions
+    class UnixAccount < Stix2::Base
+      property :gid, coerce: Integer
+      property :groups, coerce: Array[String]
+      property :home_dir, coerce: String
+      property :shell, coerce: String
+    end
+  end
+end

data/lib/stix2/extensions/windows_pe_optional_header_type.rb

@@ -0,0 +1,37 @@
+module Stix2
+  module Extensions
+    class WindowsPeOptionalHeaderType < Stix2::Base
+      property :magic_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :major_linker_version, coerce: Integer
+      property :minor_linker_version, coerce: Integer
+      property :size_of_code, coerce: Integer
+      property :size_of_initialized_data, coerce: Integer
+      property :size_of_uninitialized_data, coerce: Integer
+      property :address_of_entry_point, coerce: Integer
+      property :base_of_code, coerce: Integer
+      property :base_of_data, coerce: Integer
+      property :image_base, coerce: Integer
+      property :section_alignment, coerce: Integer
+      property :file_alignment, coerce: Integer
+      property :major_os_version, coerce: Integer
+      property :minor_os_version, coerce: Integer
+      property :major_image_version, coerce: Integer
+      property :minor_image_version, coerce: Integer
+      property :major_subsystem_version, coerce: Integer
+      property :minor_subsystem_version, coerce: Integer
+      property :win32_version_value_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :size_of_image, coerce: Integer
+      property :size_of_headers, coerce: Integer
+      property :checksum_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :subsystem_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :dll_characteristics_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :size_of_stack_reserve, coerce: Integer
+      property :size_of_stack_commit, coerce: Integer
+      property :size_of_heap_reserve, coerce: Integer
+      property :size_of_heap_commit, coerce: Integer
+      property :loader_flags_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :number_of_rva_and_sizes, coerce: Integer
+      property :hashes, coerce: ->(hsh){ hash_dict(hsh) }
+    end
+  end
+end

data/lib/stix2/extensions/windows_pe_section_type.rb

@@ -0,0 +1,10 @@
+module Stix2
+  module Extensions
+    class WindowsPeSectionType < Stix2::Base
+      property :name, required: true, coerce: String
+      property :size, coerce: Integer
+      property :entropy, coerce: Float
+      property :hashes, coerce: ->(hsh){ hash_dict(hsh) }
+    end
+  end
+end

data/lib/stix2/extensions/windows_pebinary.rb

@@ -0,0 +1,21 @@
+require 'stix2/extensions/windows_pe_optional_header_type'
+require 'stix2/extensions/windows_pe_section_type'
+
+module Stix2
+  module Extensions
+    class WindowsPebinary < Stix2::Base
+      property :pe_type, required: true, values: WINDOWS_PEBINARY_TYPE_OV
+      property :imphash, coerce: String
+      property :machine_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :number_of_sections, coerce: Integer
+      property :time_date_stamp, coerce: Time
+      property :pointer_to_symbol_table_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :number_of_symbols, coerce: Integer
+      property :size_of_optional_header, coerce: Integer
+      property :characteristics_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
+      property :file_header_hashes, coerce: ->(hsh){ hash_dict(hsh) }
+      property :optional_header, coerce: WindowsPeOptionalHeaderType
+      property :sections, coerce: Array[WindowsPeSectionType]
+    end
+  end
+end

data/lib/stix2/extensions/windows_process.rb

@@ -0,0 +1,13 @@
+module Stix2
+  module Extensions
+    class WindowsProcess < Stix2::Base
+      property :aslr_enabled, coerce: ->(value){ Stix2.to_bool(value) }
+      property :dep_enabled, coerce: ->(value){ Stix2.to_bool(value) }
+      property :priority, coerce: String
+      property :owner_sid, coerce: String
+      property :window_title, coerce: String
+      property :startup_info, coerce: Hash
+      property :integrity_level, values: WINDOWS_INTEGRITY_LEVEL_ENUM
+    end
+  end
+end

data/lib/stix2/extensions/windows_service.rb

@@ -0,0 +1,14 @@
+module Stix2
+  module Extensions
+    class WindowsService < Stix2::Base
+      property :service_name, coerce: String
+      property :description, coerce: Array[String]
+      property :display_name, coerce: String
+      property :group_name, coerce: String
+      property :start_type, values: WINDOWS_SERVICE_START_TYPE_ENUM
+      property :service_dll_refs, coerce: Array[Identifier]
+      property :service_type, values: WINDOWS_SERVICE_TYPE_ENUM
+      property :service_status, values: WINDOWS_SERVICE_STATUS_ENUM
+    end
+  end
+end

data/lib/stix2/external_reference.rb

@@ -1,9 +1,5 @@
 module Stix2
-  class ExternalReference < Hashie::Dash
-    include Hashie::Extensions::Dash::PredefinedValues
-    include Hashie::Extensions::IndifferentAccess
-    include Hashie::Extensions::Dash::Coercion
-
+  class ExternalReference < Stix2::Base
     property :source_name, coerce: String, required: true
     property :description, coerce: String
     property :url, coerce: String

data/lib/stix2/identifier.rb

@@ -1,18 +1,8 @@
 module Stix2
-  class Identifier
+  class Identifier < String
     def initialize(value)
       value.match(/.*--.*/) || raise("Invalid identifier: #{value}")
-      @value = value
-    end
-
-    def to_s
-      @value
-    end
-
-    def pretty_print(pp)
-      # :nocov:
-      pp.text(@value.inspect)
-      # :nocov
+      super(value)
     end
   end
 end

data/lib/stix2/kill_chain_phase.rb

@@ -1,10 +1,6 @@
 module Stix2
-  class KillChainPhase < Hashie::Dash
-    include Hashie::Extensions::Dash::PredefinedValues
-    include Hashie::Extensions::IndifferentAccess
-    include Hashie::Extensions::Dash::Coercion
-    
-    property :kill_chain_name, coerce: String
-    property :phase_name, coerce: String
+  class KillChainPhase < Stix2::Base
+    property :kill_chain_name, required: true, coerce: String
+    property :phase_name, required: true, coerce: String
   end
 end

data/lib/stix2/languages.rb

@@ -0,0 +1,236 @@
+module Stix2
+  RFC5646_LANGUAGE_TAGS = {
+    'af' => 'Afrikaans',
+    'af-ZA' => 'Afrikaans (South Africa)',
+    'ar' => 'Arabic',
+    'ar-AE' => 'Arabic (U.A.E.)',
+    'ar-BH' => 'Arabic (Bahrain)',
+    'ar-DZ' => 'Arabic (Algeria)',
+    'ar-EG' => 'Arabic (Egypt)',
+    'ar-IQ' => 'Arabic (Iraq)',
+    'ar-JO' => 'Arabic (Jordan)',
+    'ar-KW' => 'Arabic (Kuwait)',
+    'ar-LB' => 'Arabic (Lebanon)',
+    'ar-LY' => 'Arabic (Libya)',
+    'ar-MA' => 'Arabic (Morocco)',
+    'ar-OM' => 'Arabic (Oman)',
+    'ar-QA' => 'Arabic (Qatar)',
+    'ar-SA' => 'Arabic (Saudi Arabia)',
+    'ar-SY' => 'Arabic (Syria)',
+    'ar-TN' => 'Arabic (Tunisia)',
+    'ar-YE' => 'Arabic (Yemen)',
+    'az' => 'Azeri (Latin)',
+    'az-AZ' => 'Azeri (Latin) (Azerbaijan)',
+    'az-Cyrl-AZ' => 'Azeri (Cyrillic) (Azerbaijan)',
+    'be' => 'Belarusian',
+    'be-BY' => 'Belarusian (Belarus)',
+    'bg' => 'Bulgarian',
+    'bg-BG' => 'Bulgarian (Bulgaria)',
+    'bs-BA' => 'Bosnian (Bosnia and Herzegovina)',
+    'ca' => 'Catalan',
+    'ca-ES' => 'Catalan (Spain)',
+    'cs' => 'Czech',
+    'cs-CZ' => 'Czech (Czech Republic)',
+    'cy' => 'Welsh',
+    'cy-GB' => 'Welsh (United Kingdom)',
+    'da' => 'Danish',
+    'da-DK' => 'Danish (Denmark)',
+    'de' => 'German',
+    'de-AT' => 'German (Austria)',
+    'de-CH' => 'German (Switzerland)',
+    'de-DE' => 'German (Germany)',
+    'de-LI' => 'German (Liechtenstein)',
+    'de-LU' => 'German (Luxembourg)',
+    'dv' => 'Divehi',
+    'dv-MV' => 'Divehi (Maldives)',
+    'el' => 'Greek',
+    'el-GR' => 'Greek (Greece)',
+    'en' => 'English',
+    'en-AU' => 'English (Australia)',
+    'en-BZ' => 'English (Belize)',
+    'en-CA' => 'English (Canada)',
+    'en-CB' => 'English (Caribbean)',
+    'en-GB' => 'English (United Kingdom)',
+    'en-IE' => 'English (Ireland)',
+    'en-JM' => 'English (Jamaica)',
+    'en-NZ' => 'English (New Zealand)',
+    'en-PH' => 'English (Republic of the Philippines)',
+    'en-TT' => 'English (Trinidad and Tobago)',
+    'en-US' => 'English (United States)',
+    'en-ZA' => 'English (South Africa)',
+    'en-ZW' => 'English (Zimbabwe)',
+    'eo' => 'Esperanto',
+    'es' => 'Spanish',
+    'es-AR' => 'Spanish (Argentina)',
+    'es-BO' => 'Spanish (Bolivia)',
+    'es-CL' => 'Spanish (Chile)',
+    'es-CO' => 'Spanish (Colombia)',
+    'es-CR' => 'Spanish (Costa Rica)',
+    'es-DO' => 'Spanish (Dominican Republic)',
+    'es-EC' => 'Spanish (Ecuador)',
+    'es-ES' => 'Spanish (Spain)',
+    'es-GT' => 'Spanish (Guatemala)',
+    'es-HN' => 'Spanish (Honduras)',
+    'es-MX' => 'Spanish (Mexico)',
+    'es-NI' => 'Spanish (Nicaragua)',
+    'es-PA' => 'Spanish (Panama)',
+    'es-PE' => 'Spanish (Peru)',
+    'es-PR' => 'Spanish (Puerto Rico)',
+    'es-PY' => 'Spanish (Paraguay)',
+    'es-SV' => 'Spanish (El Salvador)',
+    'es-UY' => 'Spanish (Uruguay)',
+    'es-VE' => 'Spanish (Venezuela)',
+    'et' => 'Estonian',
+    'et-EE' => 'Estonian (Estonia)',
+    'eu' => 'Basque',
+    'eu-ES' => 'Basque (Spain)',
+    'fa' => 'Farsi',
+    'fa-IR' => 'Farsi (Iran)',
+    'fi' => 'Finnish',
+    'fi-FI' => 'Finnish (Finland)',
+    'fo' => 'Faroese',
+    'fo-FO' => 'Faroese (Faroe Islands)',
+    'fr' => 'French',
+    'fr-BE' => 'French (Belgium)',
+    'fr-CA' => 'French (Canada)',
+    'fr-CH' => 'French (Switzerland)',
+    'fr-FR' => 'French (France)',
+    'fr-LU' => 'French (Luxembourg)',
+    'fr-MC' => 'French (Principality of Monaco)',
+    'gl' => 'Galician',
+    'gl-ES' => 'Galician (Spain)',
+    'gu' => 'Gujarati',
+    'gu-IN' => 'Gujarati (India)',
+    'he' => 'Hebrew',
+    'he-IL' => 'Hebrew (Israel)',
+    'hi' => 'Hindi',
+    'hi-IN' => 'Hindi (India)',
+    'hr' => 'Croatian',
+    'hr-BA' => 'Croatian (Bosnia and Herzegovina)',
+    'hr-HR' => 'Croatian (Croatia)',
+    'hu' => 'Hungarian',
+    'hu-HU' => 'Hungarian (Hungary)',
+    'hy' => 'Armenian',
+    'hy-AM' => 'Armenian (Armenia)',
+    'id' => 'Indonesian',
+    'id-ID' => 'Indonesian (Indonesia)',
+    'is' => 'Icelandic',
+    'is-IS' => 'Icelandic (Iceland)',
+    'it' => 'Italian',
+    'it-CH' => 'Italian (Switzerland)',
+    'it-IT' => 'Italian (Italy)',
+    'ja' => 'Japanese',
+    'ja-JP' => 'Japanese (Japan)',
+    'ka' => 'Georgian',
+    'ka-GE' => 'Georgian (Georgia)',
+    'kk' => 'Kazakh',
+    'kk-KZ' => 'Kazakh (Kazakhstan)',
+    'kn' => 'Kannada',
+    'kn-IN' => 'Kannada (India)',
+    'ko' => 'Korean',
+    'ko-KR' => 'Korean (Korea)',
+    'kok' => 'Konkani',
+    'kok-IN' => 'Konkani (India)',
+    'ky' => 'Kyrgyz',
+    'ky-KG' => 'Kyrgyz (Kyrgyzstan)',
+    'lt' => 'Lithuanian',
+    'lt-LT' => 'Lithuanian (Lithuania)',
+    'lv' => 'Latvian',
+    'lv-LV' => 'Latvian (Latvia)',
+    'mi' => 'Maori',
+    'mi-NZ' => 'Maori (New Zealand)',
+    'mk' => 'FYRO Macedonian',
+    'mk-MK' => 'FYRO Macedonian (Former Yugoslav Republic of Macedonia)',
+    'mn' => 'Mongolian',
+    'mn-MN' => 'Mongolian (Mongolia)',
+    'mr' => 'Marathi',
+    'mr-IN' => 'Marathi (India)',
+    'ms' => 'Malay',
+    'ms-BN' => 'Malay (Brunei Darussalam)',
+    'ms-MY' => 'Malay (Malaysia)',
+    'mt' => 'Maltese',
+    'mt-MT' => 'Maltese (Malta)',
+    'nb' => 'Norwegian (Bokm?l)',
+    'nb-NO' => 'Norwegian (Bokm?l) (Norway)',
+    'nl' => 'Dutch',
+    'nl-BE' => 'Dutch (Belgium)',
+    'nl-NL' => 'Dutch (Netherlands)',
+    'nn-NO' => 'Norwegian (Nynorsk) (Norway)',
+    'ns' => 'Northern Sotho',
+    'ns-ZA' => 'Northern Sotho (South Africa)',
+    'pa' => 'Punjabi',
+    'pa-IN' => 'Punjabi (India)',
+    'pl' => 'Polish',
+    'pl-PL' => 'Polish (Poland)',
+    'ps' => 'Pashto',
+    'ps-AR' => 'Pashto (Afghanistan)',
+    'pt' => 'Portuguese',
+    'pt-BR' => 'Portuguese (Brazil)',
+    'pt-PT' => 'Portuguese (Portugal)',
+    'qu' => 'Quechua',
+    'qu-BO' => 'Quechua (Bolivia)',
+    'qu-EC' => 'Quechua (Ecuador)',
+    'qu-PE' => 'Quechua (Peru)',
+    'ro' => 'Romanian',
+    'ro-RO' => 'Romanian (Romania)',
+    'ru' => 'Russian',
+    'ru-RU' => 'Russian (Russia)',
+    'sa' => 'Sanskrit',
+    'sa-IN' => 'Sanskrit (India)',
+    'se' => 'Sami',
+    'se-FI' => 'Sami (Finland)',
+    'se-NO' => 'Sami (Norway)',
+    'se-SE' => 'Sami (Sweden)',
+    'sk' => 'Slovak',
+    'sk-SK' => 'Slovak (Slovakia)',
+    'sl' => 'Slovenian',
+    'sl-SI' => 'Slovenian (Slovenia)',
+    'sq' => 'Albanian',
+    'sq-AL' => 'Albanian (Albania)',
+    'sr-BA' => 'Serbian (Latin) (Bosnia and Herzegovina)',
+    'sr-Cyrl-BA' => 'Serbian (Cyrillic) (Bosnia and Herzegovina)',
+    'sr-SP' => 'Serbian (Latin) (Serbia and Montenegro)',
+    'sr-Cyrl-SP' => 'Serbian (Cyrillic) (Serbia and Montenegro)',
+    'sv' => 'Swedish',
+    'sv-FI' => 'Swedish (Finland)',
+    'sv-SE' => 'Swedish (Sweden)',
+    'sw' => 'Swahili',
+    'sw-KE' => 'Swahili (Kenya)',
+    'syr' => 'Syriac',
+    'syr-SY' => 'Syriac (Syria)',
+    'ta' => 'Tamil',
+    'ta-IN' => 'Tamil (India)',
+    'te' => 'Telugu',
+    'te-IN' => 'Telugu (India)',
+    'th' => 'Thai',
+    'th-TH' => 'Thai (Thailand)',
+    'tl' => 'Tagalog',
+    'tl-PH' => 'Tagalog (Philippines)',
+    'tn' => 'Tswana',
+    'tn-ZA' => 'Tswana (South Africa)',
+    'tr' => 'Turkish',
+    'tr-TR' => 'Turkish (Turkey)',
+    'tt' => 'Tatar',
+    'tt-RU' => 'Tatar (Russia)',
+    'ts' => 'Tsonga',
+    'uk' => 'Ukrainian',
+    'uk-UA' => 'Ukrainian (Ukraine)',
+    'ur' => 'Urdu',
+    'ur-PK' => 'Urdu (Islamic Republic of Pakistan)',
+    'uz' => 'Uzbek (Latin)',
+    'uz-UZ' => 'Uzbek (Latin) (Uzbekistan)',
+    'uz-Cyrl-UZ' => 'Uzbek (Cyrillic) (Uzbekistan)',
+    'vi' => 'Vietnamese',
+    'vi-VN' => 'Vietnamese (Viet Nam)',
+    'xh' => 'Xhosa',
+    'xh-ZA' => 'Xhosa (South Africa)',
+    'zh' => 'Chinese',
+    'zh-CN' => 'Chinese (S)',
+    'zh-HK' => 'Chinese (Hong Kong)',
+    'zh-MO' => 'Chinese (Macau)',
+    'zh-SG' => 'Chinese (Singapore)',
+    'zh-TW' => 'Chinese (T)',
+    'zu' => 'Zulu',
+    'zu-ZA' => 'Zulu (South Africa)'
+  }
+end

data/lib/stix2/meta_objects/data_markings/base.rb

@@ -1,10 +1,7 @@
 module Stix2
   module MetaObject
     module DataMarking
-      class Base < Hashie::Dash
-        include Hashie::Extensions::Dash::PredefinedValues
-        include Hashie::Extensions::IndifferentAccess
-        include Hashie::Extensions::Dash::Coercion
+      class Base < Stix2::Base
       end
     end
   end

data/lib/stix2/meta_objects/data_markings/granular_marking.rb

@@ -1,11 +1,7 @@
 module Stix2
   module MetaObject
     module DataMarking
-      class GranularMarking < Hashie::Dash
-        include Hashie::Extensions::Dash::PredefinedValues
-        include Hashie::Extensions::IndifferentAccess
-        include Hashie::Extensions::Dash::Coercion
-
+      class GranularMarking < Stix2::Base
         property :lang, coerce: String
         property :marking_ref, coerce: Identifier
         property :selectors, coerce: Array[String]

data/lib/stix2/meta_objects/data_markings/object_marking.rb

@@ -1,20 +1,10 @@
 module Stix2
   module MetaObject
     module DataMarking
-      class ObjectMarking
+      class ObjectMarking < String
         def initialize(value)
           value.match(/marking-definition--.*/) || raise("Invalid value: #{value}")
-          @value = value
-        end
-
-        def to_s
-          @value
-        end
-
-        def pretty_print(pp)
-          # :nocov:
-          pp.text(@value.inspect)
-          # :nocov
+          super(value)
         end
       end
     end

data/lib/stix2/meta_objects/language_content.rb

@@ -3,7 +3,7 @@ module Stix2
     class LanguageContent < Base
       property :object_ref, coerce: Identifier
       property :object_modified, coerce: Time
-      property :contents, coerce: Hash # TODO
+      property :contents, coerce: ->(hsh){ validate_array(hsh.keys, Stix2::RFC5646_LANGUAGE_TAGS.keys) && hsh }
     end
   end
 end

data/lib/stix2/ov.rb

@@ -316,4 +316,10 @@ module Stix2
     'windows-local',
     'windows-domain'
   ].freeze
+
+  WINDOWS_PEBINARY_TYPE_OV = [
+    'dll',
+    'exe',
+    'sys'
+  ].freeze
 end

data/lib/stix2/relationship_objects/sighting.rb

@@ -8,7 +8,7 @@ module Stix2
       property :sighting_of_ref, required: true, coerce: String
       property :observed_data_refs, coerce: Array[String]
       property :where_sighted_refs, coerce: Array[String]
-      property :summary, coerce: ->(v){ is_boolean?(v) }
+      property :summary, coerce: ->(v){ Stix2.to_bool(v) }
     end
   end
 end

data/lib/stix2/storage.rb

@@ -1,23 +1,29 @@
 module Stix2
-  @@storage = nil
+  class Storage
+    @@storage = nil
 
-  def self.storage_add(obj)
-    @@storage && @@storage[obj.id.to_s] = obj
-  end
+    def self.add(obj)
+      @@storage && @@storage[obj.id.to_s] = obj
+    end
 
-  def self.storage_activate
-    @@storage = {}
-  end
+    def self.activate
+      @@storage = {}
+    end
 
-  def self.storage_deactivate
-    @storage = nil
-  end
+    def self.deactivate
+      @@storage = nil
+    end
 
-  def self.storage_find(id)
-    @@storage[id.to_s]
-  end
+    def self.active?
+      !@@storage.nil?
+    end
+
+    def self.find(id)
+      @@storage[id.to_s]
+    end
 
-  def self.storage
-    @@storage
+    def self.inspect
+      @@storage.inspect
+    end
   end
 end

data/lib/stix2/version.rb

@@ -1,3 +1,3 @@
 module Stix2
-  VERSION = '0.1.0'
+  VERSION = '0.1.1'
 end

data/lib/stix2.rb

@@ -3,12 +3,13 @@ require 'json'
 require 'time'
 
 require 'stix2/version'
-require 'stix2/boolean'
+require 'stix2/ov'
+require 'stix2/enum'
+require 'stix2/base'
+require 'stix2/languages'
 require 'stix2/external_reference'
 require 'stix2/identifier'
 require 'stix2/kill_chain_phase'
-require 'stix2/ov'
-require 'stix2/enum'
 
 require 'stix2/meta_objects/data_markings/granular_marking'
 require 'stix2/meta_objects/data_markings/object_marking'
@@ -52,12 +53,12 @@ require 'stix2/cyberobservable_objects/ipv6_addr'
 require 'stix2/cyberobservable_objects/mac_addr'
 require 'stix2/cyberobservable_objects/mutex'
 require 'stix2/cyberobservable_objects/network_traffic'
+require 'stix2/cyberobservable_objects/process'
 require 'stix2/cyberobservable_objects/software'
 require 'stix2/cyberobservable_objects/url'
 require 'stix2/cyberobservable_objects/user_account'
 require 'stix2/cyberobservable_objects/windows_registry_value'
 require 'stix2/cyberobservable_objects/windows_registry_key'
-require 'stix2/cyberobservable_objects/x509_v3_extension_type'
 require 'stix2/cyberobservable_objects/x509_certificate'
 
 require 'stix2/meta_objects/base'
@@ -66,7 +67,23 @@ require 'stix2/meta_objects/language_content'
 require 'stix2/meta_objects/data_markings/base'
 require 'stix2/meta_objects/data_markings/marking_definition'
 
+require 'stix2/extension_definition'
+require 'stix2/extensions/archive_file'
+require 'stix2/extensions/socket'
+require 'stix2/extensions/icmp'
+require 'stix2/extensions/http_request'
+require 'stix2/extensions/ntfs'
+require 'stix2/extensions/tcp'
+require 'stix2/extensions/windows_process'
+require 'stix2/extensions/windows_service'
+require 'stix2/extensions/unix_account'
+require 'stix2/extensions/pdf'
+require 'stix2/extensions/raster_image'
+require 'stix2/extensions/windows_pebinary'
+
+require 'stix2/custom_object'
 require 'stix2/bundle'
+require 'stix2/confidence_scale'
 
 require 'stix2/storage'
 
@@ -90,12 +107,23 @@ module Stix2
     type = options_[:type]
     raise("Property 'type' is missing") if !type
     # Let's try to guess the domain of the object, among the known ones
-    ['DomainObject', 'RelationshipObject', 'CyberobservableObject', 'MetaObject', 
+    [nil, 'DomainObject', 'RelationshipObject', 'CyberobservableObject', 'MetaObject',
       'MetaObject::DataMarking'].each do |family|
-      class_name = "Stix2::#{family}::#{type.split('-').map(&:capitalize).join}"
+      if type.start_with?('x-')
+        class_name = 'Stix2::CustomObject'
+      else
+        class_name = ['Stix2', family, type.split('-').map(&:capitalize).join].compact.join('::')
+      end
       return Module.const_get(class_name).new(options_) if Module.const_defined?(class_name)
     end
     raise("Message unsupported: #{type}")
   end
-end
 
+  def self.to_bool(value)
+    (value == true) || (value == 'true')
+  end
+
+  def self.is_hex?(value)
+    value.match?(/^\h*$/)
+  end
+end

data/ruby-stix2.gemspec

@@ -6,15 +6,18 @@ require 'stix2/version'
 Gem::Specification.new do |spec|
   spec.name        = "ruby-stix2"
   spec.version     = Stix2::VERSION
-  spec.summary     = "Ruby implementation for the STIX protocol version 2"
-  spec.description = "Ruby implementation for the STIX protocol version 2"
+  spec.summary     = "Ruby implementation for the STIX protocol version 2.1"
+  spec.description = "Ruby implementation for the STIX protocol version 2.1. Full specs: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html"
   spec.authors     = ["Dario Lombardo"]
   spec.email       = "lomato@gmail.com"
 
   spec.require_paths = ['lib']
-  spec.files       = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.homepage    = "https://rubygemspec.org/gems/stix2"
-  spec.license     = "GPL-2.0-or-later"
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.homepage      = "https://rubygemspec.org/gems/stix2"
+  spec.license       = "GPL-2.0-or-later"
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = '>= 2.7'
 
   spec.add_dependency 'hashie', '~> 5.0.0'
 
@@ -24,4 +27,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'pry-byebug', '~> 3.10.1'
   spec.add_development_dependency 'minitest', '~> 5.18.1'
   spec.add_development_dependency 'simplecov', '~> 0.22.0'
+  spec.add_development_dependency 'irb', '~> 1.7.0'
 end