ruby-stix2 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +7 -1
  3. data/README.md +49 -3
  4. data/lib/stix2/base.rb +7 -0
  5. data/lib/stix2/common.rb +80 -15
  6. data/lib/stix2/confidence_scale.rb +106 -0
  7. data/lib/stix2/custom_object.rb +20 -0
  8. data/lib/stix2/cyberobservable_objects/email_message.rb +1 -1
  9. data/lib/stix2/cyberobservable_objects/network_traffic.rb +1 -1
  10. data/lib/stix2/cyberobservable_objects/process.rb +17 -0
  11. data/lib/stix2/cyberobservable_objects/user_account.rb +4 -4
  12. data/lib/stix2/cyberobservable_objects/x509_certificate.rb +3 -1
  13. data/lib/stix2/domain_objects/malware.rb +1 -1
  14. data/lib/stix2/enum.rb +59 -0
  15. data/lib/stix2/extension_definition.rb +10 -0
  16. data/lib/stix2/extensions/alternate_data_stream_type.rb +9 -0
  17. data/lib/stix2/extensions/archive_file.rb +8 -0
  18. data/lib/stix2/extensions/http_request.rb +12 -0
  19. data/lib/stix2/extensions/icmp.rb +8 -0
  20. data/lib/stix2/extensions/ntfs.rb +10 -0
  21. data/lib/stix2/extensions/pdf.rb +11 -0
  22. data/lib/stix2/extensions/raster_image.rb +10 -0
  23. data/lib/stix2/extensions/socket.rb +13 -0
  24. data/lib/stix2/extensions/tcp.rb +8 -0
  25. data/lib/stix2/extensions/unix_account.rb +10 -0
  26. data/lib/stix2/extensions/windows_pe_optional_header_type.rb +37 -0
  27. data/lib/stix2/extensions/windows_pe_section_type.rb +10 -0
  28. data/lib/stix2/extensions/windows_pebinary.rb +21 -0
  29. data/lib/stix2/extensions/windows_process.rb +13 -0
  30. data/lib/stix2/extensions/windows_service.rb +14 -0
  31. data/lib/stix2/external_reference.rb +1 -5
  32. data/lib/stix2/identifier.rb +2 -12
  33. data/lib/stix2/kill_chain_phase.rb +3 -7
  34. data/lib/stix2/languages.rb +236 -0
  35. data/lib/stix2/meta_objects/data_markings/base.rb +1 -4
  36. data/lib/stix2/meta_objects/data_markings/granular_marking.rb +1 -5
  37. data/lib/stix2/meta_objects/data_markings/object_marking.rb +2 -12
  38. data/lib/stix2/meta_objects/language_content.rb +1 -1
  39. data/lib/stix2/ov.rb +6 -0
  40. data/lib/stix2/relationship_objects/sighting.rb +1 -1
  41. data/lib/stix2/storage.rb +21 -15
  42. data/lib/stix2/version.rb +1 -1
  43. data/lib/stix2.rb +35 -7
  44. data/ruby-stix2.gemspec +9 -5
  45. metadata +40 -6
  46. data/lib/stix2/boolean.rb +0 -18
@@ -0,0 +1,10 @@
1
+ module Stix2
2
+ module Extensions
3
+ class UnixAccount < Stix2::Base
4
+ property :gid, coerce: Integer
5
+ property :groups, coerce: Array[String]
6
+ property :home_dir, coerce: String
7
+ property :shell, coerce: String
8
+ end
9
+ end
10
+ end
@@ -0,0 +1,37 @@
1
+ module Stix2
2
+ module Extensions
3
+ class WindowsPeOptionalHeaderType < Stix2::Base
4
+ property :magic_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
5
+ property :major_linker_version, coerce: Integer
6
+ property :minor_linker_version, coerce: Integer
7
+ property :size_of_code, coerce: Integer
8
+ property :size_of_initialized_data, coerce: Integer
9
+ property :size_of_uninitialized_data, coerce: Integer
10
+ property :address_of_entry_point, coerce: Integer
11
+ property :base_of_code, coerce: Integer
12
+ property :base_of_data, coerce: Integer
13
+ property :image_base, coerce: Integer
14
+ property :section_alignment, coerce: Integer
15
+ property :file_alignment, coerce: Integer
16
+ property :major_os_version, coerce: Integer
17
+ property :minor_os_version, coerce: Integer
18
+ property :major_image_version, coerce: Integer
19
+ property :minor_image_version, coerce: Integer
20
+ property :major_subsystem_version, coerce: Integer
21
+ property :minor_subsystem_version, coerce: Integer
22
+ property :win32_version_value_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
23
+ property :size_of_image, coerce: Integer
24
+ property :size_of_headers, coerce: Integer
25
+ property :checksum_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
26
+ property :subsystem_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
27
+ property :dll_characteristics_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
28
+ property :size_of_stack_reserve, coerce: Integer
29
+ property :size_of_stack_commit, coerce: Integer
30
+ property :size_of_heap_reserve, coerce: Integer
31
+ property :size_of_heap_commit, coerce: Integer
32
+ property :loader_flags_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
33
+ property :number_of_rva_and_sizes, coerce: Integer
34
+ property :hashes, coerce: ->(hsh){ hash_dict(hsh) }
35
+ end
36
+ end
37
+ end
@@ -0,0 +1,10 @@
1
+ module Stix2
2
+ module Extensions
3
+ class WindowsPeSectionType < Stix2::Base
4
+ property :name, required: true, coerce: String
5
+ property :size, coerce: Integer
6
+ property :entropy, coerce: Float
7
+ property :hashes, coerce: ->(hsh){ hash_dict(hsh) }
8
+ end
9
+ end
10
+ end
@@ -0,0 +1,21 @@
1
+ require 'stix2/extensions/windows_pe_optional_header_type'
2
+ require 'stix2/extensions/windows_pe_section_type'
3
+
4
+ module Stix2
5
+ module Extensions
6
+ class WindowsPebinary < Stix2::Base
7
+ property :pe_type, required: true, values: WINDOWS_PEBINARY_TYPE_OV
8
+ property :imphash, coerce: String
9
+ property :machine_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
10
+ property :number_of_sections, coerce: Integer
11
+ property :time_date_stamp, coerce: Time
12
+ property :pointer_to_symbol_table_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
13
+ property :number_of_symbols, coerce: Integer
14
+ property :size_of_optional_header, coerce: Integer
15
+ property :characteristics_hex, coerce: ->(value){ Stix2.is_hex?(value) && value }
16
+ property :file_header_hashes, coerce: ->(hsh){ hash_dict(hsh) }
17
+ property :optional_header, coerce: WindowsPeOptionalHeaderType
18
+ property :sections, coerce: Array[WindowsPeSectionType]
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,13 @@
1
+ module Stix2
2
+ module Extensions
3
+ class WindowsProcess < Stix2::Base
4
+ property :aslr_enabled, coerce: ->(value){ Stix2.to_bool(value) }
5
+ property :dep_enabled, coerce: ->(value){ Stix2.to_bool(value) }
6
+ property :priority, coerce: String
7
+ property :owner_sid, coerce: String
8
+ property :window_title, coerce: String
9
+ property :startup_info, coerce: Hash
10
+ property :integrity_level, values: WINDOWS_INTEGRITY_LEVEL_ENUM
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,14 @@
1
+ module Stix2
2
+ module Extensions
3
+ class WindowsService < Stix2::Base
4
+ property :service_name, coerce: String
5
+ property :description, coerce: Array[String]
6
+ property :display_name, coerce: String
7
+ property :group_name, coerce: String
8
+ property :start_type, values: WINDOWS_SERVICE_START_TYPE_ENUM
9
+ property :service_dll_refs, coerce: Array[Identifier]
10
+ property :service_type, values: WINDOWS_SERVICE_TYPE_ENUM
11
+ property :service_status, values: WINDOWS_SERVICE_STATUS_ENUM
12
+ end
13
+ end
14
+ end
@@ -1,9 +1,5 @@
1
1
  module Stix2
2
- class ExternalReference < Hashie::Dash
3
- include Hashie::Extensions::Dash::PredefinedValues
4
- include Hashie::Extensions::IndifferentAccess
5
- include Hashie::Extensions::Dash::Coercion
6
-
2
+ class ExternalReference < Stix2::Base
7
3
  property :source_name, coerce: String, required: true
8
4
  property :description, coerce: String
9
5
  property :url, coerce: String
@@ -1,18 +1,8 @@
1
1
  module Stix2
2
- class Identifier
2
+ class Identifier < String
3
3
  def initialize(value)
4
4
  value.match(/.*--.*/) || raise("Invalid identifier: #{value}")
5
- @value = value
6
- end
7
-
8
- def to_s
9
- @value
10
- end
11
-
12
- def pretty_print(pp)
13
- # :nocov:
14
- pp.text(@value.inspect)
15
- # :nocov
5
+ super(value)
16
6
  end
17
7
  end
18
8
  end
@@ -1,10 +1,6 @@
1
1
  module Stix2
2
- class KillChainPhase < Hashie::Dash
3
- include Hashie::Extensions::Dash::PredefinedValues
4
- include Hashie::Extensions::IndifferentAccess
5
- include Hashie::Extensions::Dash::Coercion
6
-
7
- property :kill_chain_name, coerce: String
8
- property :phase_name, coerce: String
2
+ class KillChainPhase < Stix2::Base
3
+ property :kill_chain_name, required: true, coerce: String
4
+ property :phase_name, required: true, coerce: String
9
5
  end
10
6
  end
@@ -0,0 +1,236 @@
1
+ module Stix2
2
+ RFC5646_LANGUAGE_TAGS = {
3
+ 'af' => 'Afrikaans',
4
+ 'af-ZA' => 'Afrikaans (South Africa)',
5
+ 'ar' => 'Arabic',
6
+ 'ar-AE' => 'Arabic (U.A.E.)',
7
+ 'ar-BH' => 'Arabic (Bahrain)',
8
+ 'ar-DZ' => 'Arabic (Algeria)',
9
+ 'ar-EG' => 'Arabic (Egypt)',
10
+ 'ar-IQ' => 'Arabic (Iraq)',
11
+ 'ar-JO' => 'Arabic (Jordan)',
12
+ 'ar-KW' => 'Arabic (Kuwait)',
13
+ 'ar-LB' => 'Arabic (Lebanon)',
14
+ 'ar-LY' => 'Arabic (Libya)',
15
+ 'ar-MA' => 'Arabic (Morocco)',
16
+ 'ar-OM' => 'Arabic (Oman)',
17
+ 'ar-QA' => 'Arabic (Qatar)',
18
+ 'ar-SA' => 'Arabic (Saudi Arabia)',
19
+ 'ar-SY' => 'Arabic (Syria)',
20
+ 'ar-TN' => 'Arabic (Tunisia)',
21
+ 'ar-YE' => 'Arabic (Yemen)',
22
+ 'az' => 'Azeri (Latin)',
23
+ 'az-AZ' => 'Azeri (Latin) (Azerbaijan)',
24
+ 'az-Cyrl-AZ' => 'Azeri (Cyrillic) (Azerbaijan)',
25
+ 'be' => 'Belarusian',
26
+ 'be-BY' => 'Belarusian (Belarus)',
27
+ 'bg' => 'Bulgarian',
28
+ 'bg-BG' => 'Bulgarian (Bulgaria)',
29
+ 'bs-BA' => 'Bosnian (Bosnia and Herzegovina)',
30
+ 'ca' => 'Catalan',
31
+ 'ca-ES' => 'Catalan (Spain)',
32
+ 'cs' => 'Czech',
33
+ 'cs-CZ' => 'Czech (Czech Republic)',
34
+ 'cy' => 'Welsh',
35
+ 'cy-GB' => 'Welsh (United Kingdom)',
36
+ 'da' => 'Danish',
37
+ 'da-DK' => 'Danish (Denmark)',
38
+ 'de' => 'German',
39
+ 'de-AT' => 'German (Austria)',
40
+ 'de-CH' => 'German (Switzerland)',
41
+ 'de-DE' => 'German (Germany)',
42
+ 'de-LI' => 'German (Liechtenstein)',
43
+ 'de-LU' => 'German (Luxembourg)',
44
+ 'dv' => 'Divehi',
45
+ 'dv-MV' => 'Divehi (Maldives)',
46
+ 'el' => 'Greek',
47
+ 'el-GR' => 'Greek (Greece)',
48
+ 'en' => 'English',
49
+ 'en-AU' => 'English (Australia)',
50
+ 'en-BZ' => 'English (Belize)',
51
+ 'en-CA' => 'English (Canada)',
52
+ 'en-CB' => 'English (Caribbean)',
53
+ 'en-GB' => 'English (United Kingdom)',
54
+ 'en-IE' => 'English (Ireland)',
55
+ 'en-JM' => 'English (Jamaica)',
56
+ 'en-NZ' => 'English (New Zealand)',
57
+ 'en-PH' => 'English (Republic of the Philippines)',
58
+ 'en-TT' => 'English (Trinidad and Tobago)',
59
+ 'en-US' => 'English (United States)',
60
+ 'en-ZA' => 'English (South Africa)',
61
+ 'en-ZW' => 'English (Zimbabwe)',
62
+ 'eo' => 'Esperanto',
63
+ 'es' => 'Spanish',
64
+ 'es-AR' => 'Spanish (Argentina)',
65
+ 'es-BO' => 'Spanish (Bolivia)',
66
+ 'es-CL' => 'Spanish (Chile)',
67
+ 'es-CO' => 'Spanish (Colombia)',
68
+ 'es-CR' => 'Spanish (Costa Rica)',
69
+ 'es-DO' => 'Spanish (Dominican Republic)',
70
+ 'es-EC' => 'Spanish (Ecuador)',
71
+ 'es-ES' => 'Spanish (Spain)',
72
+ 'es-GT' => 'Spanish (Guatemala)',
73
+ 'es-HN' => 'Spanish (Honduras)',
74
+ 'es-MX' => 'Spanish (Mexico)',
75
+ 'es-NI' => 'Spanish (Nicaragua)',
76
+ 'es-PA' => 'Spanish (Panama)',
77
+ 'es-PE' => 'Spanish (Peru)',
78
+ 'es-PR' => 'Spanish (Puerto Rico)',
79
+ 'es-PY' => 'Spanish (Paraguay)',
80
+ 'es-SV' => 'Spanish (El Salvador)',
81
+ 'es-UY' => 'Spanish (Uruguay)',
82
+ 'es-VE' => 'Spanish (Venezuela)',
83
+ 'et' => 'Estonian',
84
+ 'et-EE' => 'Estonian (Estonia)',
85
+ 'eu' => 'Basque',
86
+ 'eu-ES' => 'Basque (Spain)',
87
+ 'fa' => 'Farsi',
88
+ 'fa-IR' => 'Farsi (Iran)',
89
+ 'fi' => 'Finnish',
90
+ 'fi-FI' => 'Finnish (Finland)',
91
+ 'fo' => 'Faroese',
92
+ 'fo-FO' => 'Faroese (Faroe Islands)',
93
+ 'fr' => 'French',
94
+ 'fr-BE' => 'French (Belgium)',
95
+ 'fr-CA' => 'French (Canada)',
96
+ 'fr-CH' => 'French (Switzerland)',
97
+ 'fr-FR' => 'French (France)',
98
+ 'fr-LU' => 'French (Luxembourg)',
99
+ 'fr-MC' => 'French (Principality of Monaco)',
100
+ 'gl' => 'Galician',
101
+ 'gl-ES' => 'Galician (Spain)',
102
+ 'gu' => 'Gujarati',
103
+ 'gu-IN' => 'Gujarati (India)',
104
+ 'he' => 'Hebrew',
105
+ 'he-IL' => 'Hebrew (Israel)',
106
+ 'hi' => 'Hindi',
107
+ 'hi-IN' => 'Hindi (India)',
108
+ 'hr' => 'Croatian',
109
+ 'hr-BA' => 'Croatian (Bosnia and Herzegovina)',
110
+ 'hr-HR' => 'Croatian (Croatia)',
111
+ 'hu' => 'Hungarian',
112
+ 'hu-HU' => 'Hungarian (Hungary)',
113
+ 'hy' => 'Armenian',
114
+ 'hy-AM' => 'Armenian (Armenia)',
115
+ 'id' => 'Indonesian',
116
+ 'id-ID' => 'Indonesian (Indonesia)',
117
+ 'is' => 'Icelandic',
118
+ 'is-IS' => 'Icelandic (Iceland)',
119
+ 'it' => 'Italian',
120
+ 'it-CH' => 'Italian (Switzerland)',
121
+ 'it-IT' => 'Italian (Italy)',
122
+ 'ja' => 'Japanese',
123
+ 'ja-JP' => 'Japanese (Japan)',
124
+ 'ka' => 'Georgian',
125
+ 'ka-GE' => 'Georgian (Georgia)',
126
+ 'kk' => 'Kazakh',
127
+ 'kk-KZ' => 'Kazakh (Kazakhstan)',
128
+ 'kn' => 'Kannada',
129
+ 'kn-IN' => 'Kannada (India)',
130
+ 'ko' => 'Korean',
131
+ 'ko-KR' => 'Korean (Korea)',
132
+ 'kok' => 'Konkani',
133
+ 'kok-IN' => 'Konkani (India)',
134
+ 'ky' => 'Kyrgyz',
135
+ 'ky-KG' => 'Kyrgyz (Kyrgyzstan)',
136
+ 'lt' => 'Lithuanian',
137
+ 'lt-LT' => 'Lithuanian (Lithuania)',
138
+ 'lv' => 'Latvian',
139
+ 'lv-LV' => 'Latvian (Latvia)',
140
+ 'mi' => 'Maori',
141
+ 'mi-NZ' => 'Maori (New Zealand)',
142
+ 'mk' => 'FYRO Macedonian',
143
+ 'mk-MK' => 'FYRO Macedonian (Former Yugoslav Republic of Macedonia)',
144
+ 'mn' => 'Mongolian',
145
+ 'mn-MN' => 'Mongolian (Mongolia)',
146
+ 'mr' => 'Marathi',
147
+ 'mr-IN' => 'Marathi (India)',
148
+ 'ms' => 'Malay',
149
+ 'ms-BN' => 'Malay (Brunei Darussalam)',
150
+ 'ms-MY' => 'Malay (Malaysia)',
151
+ 'mt' => 'Maltese',
152
+ 'mt-MT' => 'Maltese (Malta)',
153
+ 'nb' => 'Norwegian (Bokm?l)',
154
+ 'nb-NO' => 'Norwegian (Bokm?l) (Norway)',
155
+ 'nl' => 'Dutch',
156
+ 'nl-BE' => 'Dutch (Belgium)',
157
+ 'nl-NL' => 'Dutch (Netherlands)',
158
+ 'nn-NO' => 'Norwegian (Nynorsk) (Norway)',
159
+ 'ns' => 'Northern Sotho',
160
+ 'ns-ZA' => 'Northern Sotho (South Africa)',
161
+ 'pa' => 'Punjabi',
162
+ 'pa-IN' => 'Punjabi (India)',
163
+ 'pl' => 'Polish',
164
+ 'pl-PL' => 'Polish (Poland)',
165
+ 'ps' => 'Pashto',
166
+ 'ps-AR' => 'Pashto (Afghanistan)',
167
+ 'pt' => 'Portuguese',
168
+ 'pt-BR' => 'Portuguese (Brazil)',
169
+ 'pt-PT' => 'Portuguese (Portugal)',
170
+ 'qu' => 'Quechua',
171
+ 'qu-BO' => 'Quechua (Bolivia)',
172
+ 'qu-EC' => 'Quechua (Ecuador)',
173
+ 'qu-PE' => 'Quechua (Peru)',
174
+ 'ro' => 'Romanian',
175
+ 'ro-RO' => 'Romanian (Romania)',
176
+ 'ru' => 'Russian',
177
+ 'ru-RU' => 'Russian (Russia)',
178
+ 'sa' => 'Sanskrit',
179
+ 'sa-IN' => 'Sanskrit (India)',
180
+ 'se' => 'Sami',
181
+ 'se-FI' => 'Sami (Finland)',
182
+ 'se-NO' => 'Sami (Norway)',
183
+ 'se-SE' => 'Sami (Sweden)',
184
+ 'sk' => 'Slovak',
185
+ 'sk-SK' => 'Slovak (Slovakia)',
186
+ 'sl' => 'Slovenian',
187
+ 'sl-SI' => 'Slovenian (Slovenia)',
188
+ 'sq' => 'Albanian',
189
+ 'sq-AL' => 'Albanian (Albania)',
190
+ 'sr-BA' => 'Serbian (Latin) (Bosnia and Herzegovina)',
191
+ 'sr-Cyrl-BA' => 'Serbian (Cyrillic) (Bosnia and Herzegovina)',
192
+ 'sr-SP' => 'Serbian (Latin) (Serbia and Montenegro)',
193
+ 'sr-Cyrl-SP' => 'Serbian (Cyrillic) (Serbia and Montenegro)',
194
+ 'sv' => 'Swedish',
195
+ 'sv-FI' => 'Swedish (Finland)',
196
+ 'sv-SE' => 'Swedish (Sweden)',
197
+ 'sw' => 'Swahili',
198
+ 'sw-KE' => 'Swahili (Kenya)',
199
+ 'syr' => 'Syriac',
200
+ 'syr-SY' => 'Syriac (Syria)',
201
+ 'ta' => 'Tamil',
202
+ 'ta-IN' => 'Tamil (India)',
203
+ 'te' => 'Telugu',
204
+ 'te-IN' => 'Telugu (India)',
205
+ 'th' => 'Thai',
206
+ 'th-TH' => 'Thai (Thailand)',
207
+ 'tl' => 'Tagalog',
208
+ 'tl-PH' => 'Tagalog (Philippines)',
209
+ 'tn' => 'Tswana',
210
+ 'tn-ZA' => 'Tswana (South Africa)',
211
+ 'tr' => 'Turkish',
212
+ 'tr-TR' => 'Turkish (Turkey)',
213
+ 'tt' => 'Tatar',
214
+ 'tt-RU' => 'Tatar (Russia)',
215
+ 'ts' => 'Tsonga',
216
+ 'uk' => 'Ukrainian',
217
+ 'uk-UA' => 'Ukrainian (Ukraine)',
218
+ 'ur' => 'Urdu',
219
+ 'ur-PK' => 'Urdu (Islamic Republic of Pakistan)',
220
+ 'uz' => 'Uzbek (Latin)',
221
+ 'uz-UZ' => 'Uzbek (Latin) (Uzbekistan)',
222
+ 'uz-Cyrl-UZ' => 'Uzbek (Cyrillic) (Uzbekistan)',
223
+ 'vi' => 'Vietnamese',
224
+ 'vi-VN' => 'Vietnamese (Viet Nam)',
225
+ 'xh' => 'Xhosa',
226
+ 'xh-ZA' => 'Xhosa (South Africa)',
227
+ 'zh' => 'Chinese',
228
+ 'zh-CN' => 'Chinese (S)',
229
+ 'zh-HK' => 'Chinese (Hong Kong)',
230
+ 'zh-MO' => 'Chinese (Macau)',
231
+ 'zh-SG' => 'Chinese (Singapore)',
232
+ 'zh-TW' => 'Chinese (T)',
233
+ 'zu' => 'Zulu',
234
+ 'zu-ZA' => 'Zulu (South Africa)'
235
+ }
236
+ end
@@ -1,10 +1,7 @@
1
1
  module Stix2
2
2
  module MetaObject
3
3
  module DataMarking
4
- class Base < Hashie::Dash
5
- include Hashie::Extensions::Dash::PredefinedValues
6
- include Hashie::Extensions::IndifferentAccess
7
- include Hashie::Extensions::Dash::Coercion
4
+ class Base < Stix2::Base
8
5
  end
9
6
  end
10
7
  end
@@ -1,11 +1,7 @@
1
1
  module Stix2
2
2
  module MetaObject
3
3
  module DataMarking
4
- class GranularMarking < Hashie::Dash
5
- include Hashie::Extensions::Dash::PredefinedValues
6
- include Hashie::Extensions::IndifferentAccess
7
- include Hashie::Extensions::Dash::Coercion
8
-
4
+ class GranularMarking < Stix2::Base
9
5
  property :lang, coerce: String
10
6
  property :marking_ref, coerce: Identifier
11
7
  property :selectors, coerce: Array[String]
@@ -1,20 +1,10 @@
1
1
  module Stix2
2
2
  module MetaObject
3
3
  module DataMarking
4
- class ObjectMarking
4
+ class ObjectMarking < String
5
5
  def initialize(value)
6
6
  value.match(/marking-definition--.*/) || raise("Invalid value: #{value}")
7
- @value = value
8
- end
9
-
10
- def to_s
11
- @value
12
- end
13
-
14
- def pretty_print(pp)
15
- # :nocov:
16
- pp.text(@value.inspect)
17
- # :nocov
7
+ super(value)
18
8
  end
19
9
  end
20
10
  end
@@ -3,7 +3,7 @@ module Stix2
3
3
  class LanguageContent < Base
4
4
  property :object_ref, coerce: Identifier
5
5
  property :object_modified, coerce: Time
6
- property :contents, coerce: Hash # TODO
6
+ property :contents, coerce: ->(hsh){ validate_array(hsh.keys, Stix2::RFC5646_LANGUAGE_TAGS.keys) && hsh }
7
7
  end
8
8
  end
9
9
  end
data/lib/stix2/ov.rb CHANGED
@@ -316,4 +316,10 @@ module Stix2
316
316
  'windows-local',
317
317
  'windows-domain'
318
318
  ].freeze
319
+
320
+ WINDOWS_PEBINARY_TYPE_OV = [
321
+ 'dll',
322
+ 'exe',
323
+ 'sys'
324
+ ].freeze
319
325
  end
@@ -8,7 +8,7 @@ module Stix2
8
8
  property :sighting_of_ref, required: true, coerce: String
9
9
  property :observed_data_refs, coerce: Array[String]
10
10
  property :where_sighted_refs, coerce: Array[String]
11
- property :summary, coerce: ->(v){ is_boolean?(v) }
11
+ property :summary, coerce: ->(v){ Stix2.to_bool(v) }
12
12
  end
13
13
  end
14
14
  end
data/lib/stix2/storage.rb CHANGED
@@ -1,23 +1,29 @@
1
1
  module Stix2
2
- @@storage = nil
2
+ class Storage
3
+ @@storage = nil
3
4
 
4
- def self.storage_add(obj)
5
- @@storage && @@storage[obj.id.to_s] = obj
6
- end
5
+ def self.add(obj)
6
+ @@storage && @@storage[obj.id.to_s] = obj
7
+ end
7
8
 
8
- def self.storage_activate
9
- @@storage = {}
10
- end
9
+ def self.activate
10
+ @@storage = {}
11
+ end
11
12
 
12
- def self.storage_deactivate
13
- @storage = nil
14
- end
13
+ def self.deactivate
14
+ @@storage = nil
15
+ end
15
16
 
16
- def self.storage_find(id)
17
- @@storage[id.to_s]
18
- end
17
+ def self.active?
18
+ !@@storage.nil?
19
+ end
20
+
21
+ def self.find(id)
22
+ @@storage[id.to_s]
23
+ end
19
24
 
20
- def self.storage
21
- @@storage
25
+ def self.inspect
26
+ @@storage.inspect
27
+ end
22
28
  end
23
29
  end
data/lib/stix2/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Stix2
2
- VERSION = '0.1.0'
2
+ VERSION = '0.1.1'
3
3
  end
data/lib/stix2.rb CHANGED
@@ -3,12 +3,13 @@ require 'json'
3
3
  require 'time'
4
4
 
5
5
  require 'stix2/version'
6
- require 'stix2/boolean'
6
+ require 'stix2/ov'
7
+ require 'stix2/enum'
8
+ require 'stix2/base'
9
+ require 'stix2/languages'
7
10
  require 'stix2/external_reference'
8
11
  require 'stix2/identifier'
9
12
  require 'stix2/kill_chain_phase'
10
- require 'stix2/ov'
11
- require 'stix2/enum'
12
13
 
13
14
  require 'stix2/meta_objects/data_markings/granular_marking'
14
15
  require 'stix2/meta_objects/data_markings/object_marking'
@@ -52,12 +53,12 @@ require 'stix2/cyberobservable_objects/ipv6_addr'
52
53
  require 'stix2/cyberobservable_objects/mac_addr'
53
54
  require 'stix2/cyberobservable_objects/mutex'
54
55
  require 'stix2/cyberobservable_objects/network_traffic'
56
+ require 'stix2/cyberobservable_objects/process'
55
57
  require 'stix2/cyberobservable_objects/software'
56
58
  require 'stix2/cyberobservable_objects/url'
57
59
  require 'stix2/cyberobservable_objects/user_account'
58
60
  require 'stix2/cyberobservable_objects/windows_registry_value'
59
61
  require 'stix2/cyberobservable_objects/windows_registry_key'
60
- require 'stix2/cyberobservable_objects/x509_v3_extension_type'
61
62
  require 'stix2/cyberobservable_objects/x509_certificate'
62
63
 
63
64
  require 'stix2/meta_objects/base'
@@ -66,7 +67,23 @@ require 'stix2/meta_objects/language_content'
66
67
  require 'stix2/meta_objects/data_markings/base'
67
68
  require 'stix2/meta_objects/data_markings/marking_definition'
68
69
 
70
+ require 'stix2/extension_definition'
71
+ require 'stix2/extensions/archive_file'
72
+ require 'stix2/extensions/socket'
73
+ require 'stix2/extensions/icmp'
74
+ require 'stix2/extensions/http_request'
75
+ require 'stix2/extensions/ntfs'
76
+ require 'stix2/extensions/tcp'
77
+ require 'stix2/extensions/windows_process'
78
+ require 'stix2/extensions/windows_service'
79
+ require 'stix2/extensions/unix_account'
80
+ require 'stix2/extensions/pdf'
81
+ require 'stix2/extensions/raster_image'
82
+ require 'stix2/extensions/windows_pebinary'
83
+
84
+ require 'stix2/custom_object'
69
85
  require 'stix2/bundle'
86
+ require 'stix2/confidence_scale'
70
87
 
71
88
  require 'stix2/storage'
72
89
 
@@ -90,12 +107,23 @@ module Stix2
90
107
  type = options_[:type]
91
108
  raise("Property 'type' is missing") if !type
92
109
  # Let's try to guess the domain of the object, among the known ones
93
- ['DomainObject', 'RelationshipObject', 'CyberobservableObject', 'MetaObject',
110
+ [nil, 'DomainObject', 'RelationshipObject', 'CyberobservableObject', 'MetaObject',
94
111
  'MetaObject::DataMarking'].each do |family|
95
- class_name = "Stix2::#{family}::#{type.split('-').map(&:capitalize).join}"
112
+ if type.start_with?('x-')
113
+ class_name = 'Stix2::CustomObject'
114
+ else
115
+ class_name = ['Stix2', family, type.split('-').map(&:capitalize).join].compact.join('::')
116
+ end
96
117
  return Module.const_get(class_name).new(options_) if Module.const_defined?(class_name)
97
118
  end
98
119
  raise("Message unsupported: #{type}")
99
120
  end
100
- end
101
121
 
122
+ def self.to_bool(value)
123
+ (value == true) || (value == 'true')
124
+ end
125
+
126
+ def self.is_hex?(value)
127
+ value.match?(/^\h*$/)
128
+ end
129
+ end
data/ruby-stix2.gemspec CHANGED
@@ -6,15 +6,18 @@ require 'stix2/version'
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = "ruby-stix2"
8
8
  spec.version = Stix2::VERSION
9
- spec.summary = "Ruby implementation for the STIX protocol version 2"
10
- spec.description = "Ruby implementation for the STIX protocol version 2"
9
+ spec.summary = "Ruby implementation for the STIX protocol version 2.1"
10
+ spec.description = "Ruby implementation for the STIX protocol version 2.1. Full specs: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html"
11
11
  spec.authors = ["Dario Lombardo"]
12
12
  spec.email = "lomato@gmail.com"
13
13
 
14
14
  spec.require_paths = ['lib']
15
- spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
16
- spec.homepage = "https://rubygemspec.org/gems/stix2"
17
- spec.license = "GPL-2.0-or-later"
15
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
16
+ spec.homepage = "https://rubygemspec.org/gems/stix2"
17
+ spec.license = "GPL-2.0-or-later"
18
+ spec.require_paths = ['lib']
19
+
20
+ spec.required_ruby_version = '>= 2.7'
18
21
 
19
22
  spec.add_dependency 'hashie', '~> 5.0.0'
20
23
 
@@ -24,4 +27,5 @@ Gem::Specification.new do |spec|
24
27
  spec.add_development_dependency 'pry-byebug', '~> 3.10.1'
25
28
  spec.add_development_dependency 'minitest', '~> 5.18.1'
26
29
  spec.add_development_dependency 'simplecov', '~> 0.22.0'
30
+ spec.add_development_dependency 'irb', '~> 1.7.0'
27
31
  end