ruby-stix2 0.1.0 → 0.1.2

data/lib/stix2/relationship_objects/relationship.rb

@@ -3,10 +3,163 @@ module Stix2
     class Relationship < Base
       property :relationship_type, required: true, coerce: String
       property :description, coerce: String
-      property :source_ref, coerce: String
-      property :target_ref, coerce: String
+      property :source_ref, required: true, coerce: String
+      property :target_ref, required: true, coerce: String
       property :start_time, coerce: Time
       property :stop_time, coerce: Time
+
+      def initialize(args)
+        if !args[:relationship_type] && args[:source_ref] && args[:target_ref]
+          objects = DOMAIN_OBJECTS + CYBEROBSERVABLE_OBJECTS
+          source_type = type_by_id(args[:source_ref])
+          target_type = type_by_id(args[:target_ref])
+          relationships = Array(RELATIONSHIP_TYPES.dig(source_type, target_type))
+          relationships += COMMON_RELATIONSHIPS if objects.include?(source_type) && objects.include?(target_type)
+          args[:relationship_type] = relationships.first unless relationships.empty?
+        end
+
+        super(args)
+      end
+
+      COMMON_RELATIONSHIPS = ["related-to", "derived-from", "duplicate-of"].freeze
+      DOMAIN_OBJECTS = ["attack-pattern", "campaign", "course-of-action", "grouping", "identity", "indicator",
+        "intrusion-set", "location", "malware-analysis", "malware", "note", "observed-data", "opinion", "report",
+        "threat_actor", "tool", "vulnerability"].freeze
+      CYBEROBSERVABLE_OBJECTS = ["artifact", "autonomous-system", "directory", "domain-name", "email-addr",
+        "email-message", "file", "ipv4-addr", "ipv6-addr", "mac-addr", "mutex", "network-traffic", "process",
+        "software", "url", "user-account", "windows-registry-key", "x509-certificate"].freeze
+
+      RELATIONSHIP_TYPES = {
+        "attack-pattern" => {
+          "identity" => "targets",
+          "location" => "targets",
+          "malware" => ["delivers", "uses"],
+          "tool" => "uses",
+          "vulnerability" => "targets"
+        },
+        "campaign" => {
+          "attack-pattern" => "uses",
+          "identity" => "targets",
+          "infrastructure" => ["compromises", "uses"],
+          "intrusion-set" => "attributed-to",
+          "location" => ["originates-from", "targets"],
+          "malware" => "uses",
+          "threat-actor" => "attributed-to",
+          "tool" => "uses",
+          "vulnerability" => "targets"
+        },
+        "course-of-action" => {
+          "attack-pattern" => "mitigates",
+          "indicator" => ["investigates", "mitigates"],
+          "malware" => ["mitigates", "remediates"],
+          "tool" => "mitigates",
+          "vulnerability" => ["mitigates", "remediates"]
+        },
+        "domain-name" => {
+          "domain-name" => "resolves-to",
+          "ipv4-addr" => "resolves-to",
+          "ipv6-addr" => "resolves-to"
+        },
+        "identity" => {
+          "location" => "located-at"
+        },
+        "indicator" => {
+          "attack-pattern" => "indicates",
+          "campaign" => "indicates",
+          "infrastructure" => "indicates",
+          "intrusion-set" => "indicates",
+          "malware" => "indicates",
+          "observed-data" => "based-on",
+          "threat-actor" => "indicates",
+          "tool" => "indicates"
+        },
+        "infrastructure" => {
+          "artifact" => "communicates-with",
+          "autonomous-system" => "communicates-with",
+          "directory" => "communicates-with",
+          "domain-name" => ["communicates-with", "consists-of"],
+          "email-addr" => "communicates-with",
+          "email-message" => "communicates-with",
+          "file" => "communicates-with",
+          "infrastructure" => ["communicates-with", "consists-of", "controls", "uses"],
+          "ipv4-addr" => ["communicates-with", "consists-of"],
+          "ipv6-addr" => ["communicates-with", "consists-of"],
+          "location" => "located-at",
+          "mac-addr" => "communicates-with",
+          "malware" => ["controls", "delivers", "hosts"],
+          "mutex" => "communicates-with",
+          "network-traffic" => "communicates-with",
+          "observed-data" => "consists-of",
+          "process" => "communicates-with",
+          "software" => "communicates-with",
+          "tool" => "hosts",
+          "url" => ["communicates-with", "consists-of"],
+          "user-account" => "communicates-with",
+          "vulnerability" => "has",
+          "windows registry-key" => "communicates-with",
+          "x509-certificate" => "communicates-with"
+        },
+        "intrusion-set" => {
+          "attack-pattern" => "uses",
+          "identity" => "targets",
+          "infrastructure" => ["compromises", "hosts", "owns", "uses"],
+          "location" => ["originates-from", "targets"],
+          "malware" => "uses",
+          "threat-actor" => "attributed-to",
+          "tool" => "uses",
+          "vulnerability" => "targets"
+        },
+        "ipv4-addr" => {
+          "mac-addr" => "resolves-to",
+          "autonomous-system" => "belongs-to"
+        },
+        "ipv6-addr" => {
+          "mac-addr" => "resolves-to",
+          "autonomous-system" => "belongs-to"
+        },
+        "malware" => {
+          "attack-pattern" => "uses",
+          "domain-name" => "communicates-with",
+          "identity" => "targets",
+          "infrastructure" => ["beacons-to", "exfiltrates-to", "targets", "uses"],
+          "intrusion-set" => "authored-by",
+          "ipv4-addr" => "communicates-with",
+          "ipv6-addr" => "communicates-with",
+          "location" => ["originates-from", "targets"],
+          "malware" => ["controls", "downloads", "drops", "uses", "variant-of"],
+          "threat-actor" => "authored-by",
+          "tool" => ["downloads", "drops", "uses"],
+          "url" => "communicates-with",
+          "vulnerability" => ["exploits", "targets"]
+        },
+        "malware-analysis" => {
+          "malware" => ["characterizes", "av-analysis-of", "static-analysis-of", "dynamic-analysis-of"]
+        },
+        "threat-actor" => {
+          "attack-pattern" => "uses",
+          "identity" => ["attributed-to", "impersonates", "targets"],
+          "infrastructure" => ["compromises", "hosts", "owns", "uses"],
+          "location" => ["located-at", "targets"],
+          "malware" => "uses",
+          "tool" => "uses",
+          "vulnerability" => "targets"
+        },
+        "tool" => {
+          "identity" => "targets",
+          "infrastructure" => ["targets", "uses"],
+          "location" => "targets",
+          "malware" => ["delivers", "drops"],
+          "vulnerability" => ["has", "targets"]
+        }
+      }.freeze
+
+      private_constant :COMMON_RELATIONSHIPS, :DOMAIN_OBJECTS, :CYBEROBSERVABLE_OBJECTS, :RELATIONSHIP_TYPES
+
+      private
+
+      def type_by_id(id)
+        id.split("--").first
+      end
     end
   end
 end

data/lib/stix2/relationship_objects/sighting.rb

@@ -6,9 +6,9 @@ module Stix2
       property :last_seen, required: true, coerce: Time
       property :count, coerce: Integer
       property :sighting_of_ref, required: true, coerce: String
-      property :observed_data_refs, coerce: Array[String]
-      property :where_sighted_refs, coerce: Array[String]
-      property :summary, coerce: ->(v){ is_boolean?(v) }
+      property :observed_data_refs, coerce: [String]
+      property :where_sighted_refs, coerce: [String]
+      property :summary, coerce: ->(v) { Stix2.to_bool(v) }
     end
   end
 end

data/lib/stix2/storage.rb

@@ -1,23 +1,29 @@
 module Stix2
-  @@storage = nil
+  class Storage
+    @@storage = nil
 
-  def self.storage_add(obj)
-    @@storage && @@storage[obj.id.to_s] = obj
-  end
+    def self.add(obj)
+      @@storage && @@storage[obj.id.to_s] = obj
+    end
 
-  def self.storage_activate
-    @@storage = {}
-  end
+    def self.activate
+      @@storage = {}
+    end
 
-  def self.storage_deactivate
-    @storage = nil
-  end
+    def self.deactivate
+      @@storage = nil
+    end
 
-  def self.storage_find(id)
-    @@storage[id.to_s]
-  end
+    def self.active?
+      !@@storage.nil?
+    end
+
+    def self.find(id)
+      @@storage[id.to_s]
+    end
 
-  def self.storage
-    @@storage
+    def self.inspect
+      @@storage.inspect
+    end
   end
 end

data/lib/stix2/version.rb

@@ -1,3 +1,3 @@
 module Stix2
-  VERSION = '0.1.0'
+  VERSION = "0.1.2"
 end

data/lib/stix2.rb

@@ -1,101 +1,129 @@
-require 'hashie'
-require 'json'
-require 'time'
+require "hashie"
+require "json"
+require "time"
 
-require 'stix2/version'
-require 'stix2/boolean'
-require 'stix2/external_reference'
-require 'stix2/identifier'
-require 'stix2/kill_chain_phase'
-require 'stix2/ov'
-require 'stix2/enum'
+require "stix2/version"
+require "stix2/ov"
+require "stix2/enum"
+require "stix2/base"
+require "stix2/languages"
+require "stix2/external_reference"
+require "stix2/identifier"
+require "stix2/kill_chain_phase"
 
-require 'stix2/meta_objects/data_markings/granular_marking'
-require 'stix2/meta_objects/data_markings/object_marking'
+require "stix2/meta_objects/data_markings/granular_marking"
+require "stix2/meta_objects/data_markings/object_marking"
 
-require 'stix2/common'
-require 'stix2/domain_objects/base'
-require 'stix2/domain_objects/attack_pattern'
-require 'stix2/domain_objects/campaign'
-require 'stix2/domain_objects/course_of_action'
-require 'stix2/domain_objects/grouping'
-require 'stix2/domain_objects/identity'
-require 'stix2/domain_objects/indicator'
-require 'stix2/domain_objects/infrastructure'
-require 'stix2/domain_objects/intrusion-set'
-require 'stix2/domain_objects/location'
-require 'stix2/domain_objects/malware'
-require 'stix2/domain_objects/malware_analysis'
-require 'stix2/domain_objects/note'
-require 'stix2/domain_objects/observed_data'
-require 'stix2/domain_objects/opinion'
-require 'stix2/domain_objects/report'
-require 'stix2/domain_objects/threat_actor'
-require 'stix2/domain_objects/tool'
-require 'stix2/domain_objects/vulnerability'
+require "stix2/common"
+require "stix2/domain_objects/base"
+require "stix2/domain_objects/attack_pattern"
+require "stix2/domain_objects/campaign"
+require "stix2/domain_objects/course_of_action"
+require "stix2/domain_objects/grouping"
+require "stix2/domain_objects/identity"
+require "stix2/domain_objects/indicator"
+require "stix2/domain_objects/infrastructure"
+require "stix2/domain_objects/intrusion-set"
+require "stix2/domain_objects/location"
+require "stix2/domain_objects/malware"
+require "stix2/domain_objects/malware_analysis"
+require "stix2/domain_objects/note"
+require "stix2/domain_objects/observed_data"
+require "stix2/domain_objects/opinion"
+require "stix2/domain_objects/report"
+require "stix2/domain_objects/threat_actor"
+require "stix2/domain_objects/tool"
+require "stix2/domain_objects/vulnerability"
 
-require 'stix2/relationship_objects/base'
-require 'stix2/relationship_objects/relationship'
-require 'stix2/relationship_objects/sighting'
+require "stix2/relationship_objects/base"
+require "stix2/relationship_objects/relationship"
+require "stix2/relationship_objects/sighting"
 
-require 'stix2/cyberobservable_objects/base'
-require 'stix2/cyberobservable_objects/artifact'
-require 'stix2/cyberobservable_objects/autonomous_system'
-require 'stix2/cyberobservable_objects/directory'
-require 'stix2/cyberobservable_objects/domain_name'
-require 'stix2/cyberobservable_objects/email_addr'
-require 'stix2/cyberobservable_objects/email_mime_part_type'
-require 'stix2/cyberobservable_objects/email_message'
-require 'stix2/cyberobservable_objects/file'
-require 'stix2/cyberobservable_objects/ipv4_addr'
-require 'stix2/cyberobservable_objects/ipv6_addr'
-require 'stix2/cyberobservable_objects/mac_addr'
-require 'stix2/cyberobservable_objects/mutex'
-require 'stix2/cyberobservable_objects/network_traffic'
-require 'stix2/cyberobservable_objects/software'
-require 'stix2/cyberobservable_objects/url'
-require 'stix2/cyberobservable_objects/user_account'
-require 'stix2/cyberobservable_objects/windows_registry_value'
-require 'stix2/cyberobservable_objects/windows_registry_key'
-require 'stix2/cyberobservable_objects/x509_v3_extension_type'
-require 'stix2/cyberobservable_objects/x509_certificate'
+require "stix2/cyberobservable_objects/base"
+require "stix2/cyberobservable_objects/artifact"
+require "stix2/cyberobservable_objects/autonomous_system"
+require "stix2/cyberobservable_objects/directory"
+require "stix2/cyberobservable_objects/domain_name"
+require "stix2/cyberobservable_objects/email_addr"
+require "stix2/cyberobservable_objects/email_mime_part_type"
+require "stix2/cyberobservable_objects/email_message"
+require "stix2/cyberobservable_objects/file"
+require "stix2/cyberobservable_objects/ipv4_addr"
+require "stix2/cyberobservable_objects/ipv6_addr"
+require "stix2/cyberobservable_objects/mac_addr"
+require "stix2/cyberobservable_objects/mutex"
+require "stix2/cyberobservable_objects/network_traffic"
+require "stix2/cyberobservable_objects/process"
+require "stix2/cyberobservable_objects/software"
+require "stix2/cyberobservable_objects/url"
+require "stix2/cyberobservable_objects/user_account"
+require "stix2/cyberobservable_objects/windows_registry_value"
+require "stix2/cyberobservable_objects/windows_registry_key"
+require "stix2/cyberobservable_objects/x509_certificate"
 
-require 'stix2/meta_objects/base'
-require 'stix2/meta_objects/language_content'
+require "stix2/meta_objects/base"
+require "stix2/meta_objects/language_content"
 
-require 'stix2/meta_objects/data_markings/base'
-require 'stix2/meta_objects/data_markings/marking_definition'
+require "stix2/meta_objects/data_markings/base"
+require "stix2/meta_objects/data_markings/marking_definition"
 
-require 'stix2/bundle'
+require "stix2/extension_definition"
+require "stix2/extensions/archive_file"
+require "stix2/extensions/socket"
+require "stix2/extensions/icmp"
+require "stix2/extensions/http_request"
+require "stix2/extensions/ntfs"
+require "stix2/extensions/tcp"
+require "stix2/extensions/windows_process"
+require "stix2/extensions/windows_service"
+require "stix2/extensions/unix_account"
+require "stix2/extensions/pdf"
+require "stix2/extensions/raster_image"
+require "stix2/extensions/windows_pebinary"
 
-require 'stix2/storage'
+require "stix2/custom_object"
+require "stix2/bundle"
+require "stix2/confidence_scale"
+
+require "stix2/storage"
 
 class Time
-  class <<self
-    alias :coerce :parse
+  class << self
+    alias_method :coerce, :parse
   end
 end
 
 module Stix2
   def self.parse(options)
-    case options
+    options_ = case options
     when String
-      options_ = JSON.parse(options)
+      JSON.parse(options)
     when Hash
-      options_ = options.clone
+      options.clone
     else
-      options_ = JSON.parse(options.to_s)
+      JSON.parse(options.to_s)
     end
     Hashie.symbolize_keys!(options_)
     type = options_[:type]
     raise("Property 'type' is missing") if !type
     # Let's try to guess the domain of the object, among the known ones
-    ['DomainObject', 'RelationshipObject', 'CyberobservableObject', 'MetaObject', 
-      'MetaObject::DataMarking'].each do |family|
-      class_name = "Stix2::#{family}::#{type.split('-').map(&:capitalize).join}"
+    [nil, "DomainObject", "RelationshipObject", "CyberobservableObject", "MetaObject",
+      "MetaObject::DataMarking"].each do |family|
+      class_name = if type.start_with?("x-")
+        "Stix2::CustomObject"
+      else
+        ["Stix2", family, type.split("-").map(&:capitalize).join].compact.join("::")
+      end
       return Module.const_get(class_name).new(options_) if Module.const_defined?(class_name)
     end
     raise("Message unsupported: #{type}")
   end
-end
 
+  def self.to_bool(value)
+    (value == true) || (value == "true")
+  end
+
+  def self.is_hex?(value)
+    value.match?(/^\h*$/)
+  end
+end

data/ruby-stix2.gemspec

@@ -1,27 +1,31 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'stix2/version'
+require "stix2/version"
 
 Gem::Specification.new do |spec|
-  spec.name        = "ruby-stix2"
-  spec.version     = Stix2::VERSION
-  spec.summary     = "Ruby implementation for the STIX protocol version 2"
-  spec.description = "Ruby implementation for the STIX protocol version 2"
-  spec.authors     = ["Dario Lombardo"]
-  spec.email       = "lomato@gmail.com"
+  spec.name = "ruby-stix2"
+  spec.version = Stix2::VERSION
+  spec.summary = "Ruby implementation for the STIX protocol version 2.1"
+  spec.description = "Ruby implementation for the STIX protocol version 2.1. Full specs: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html"
+  spec.authors = ["Dario Lombardo"]
+  spec.email = "lomato@gmail.com"
 
-  spec.require_paths = ['lib']
-  spec.files       = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  spec.homepage    = "https://rubygemspec.org/gems/stix2"
-  spec.license     = "GPL-2.0-or-later"
+  spec.require_paths = ["lib"]
+  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.homepage = "https://github.com/crondaemon/ruby-stix2"
+  spec.license = "GPL-2.0-or-later"
 
-  spec.add_dependency 'hashie', '~> 5.0.0'
+  spec.required_ruby_version = ">= 2.7"
 
-  spec.add_development_dependency 'bundler', '~> 2.3'
-  spec.add_development_dependency 'rake', '~> 13.0'
-  spec.add_development_dependency 'pry', '~> 0.13.0'
-  spec.add_development_dependency 'pry-byebug', '~> 3.10.1'
-  spec.add_development_dependency 'minitest', '~> 5.18.1'
-  spec.add_development_dependency 'simplecov', '~> 0.22.0'
-end
+  spec.add_dependency "hashie", "~> 5.0.0"
+
+  spec.add_development_dependency "bundler", "~> 2.3"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "pry", "~> 0.13.0"
+  spec.add_development_dependency "pry-byebug", "~> 3.10.1"
+  spec.add_development_dependency "minitest", "~> 5.18.1"
+  spec.add_development_dependency "simplecov", "~> 0.22.0"
+  spec.add_development_dependency "irb", "~> 1.7.0"
+  spec.add_development_dependency "mutex_m"
+  spec.add_development_dependency "standardrb"
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-stix2
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.2
 platform: ruby
 authors:
 - Dario Lombardo
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-20 00:00:00.000000000 Z
+date: 2024-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hashie
@@ -108,7 +108,49 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.22.0
-description: Ruby implementation for the STIX protocol version 2
+- !ruby/object:Gem::Dependency
+  name: irb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.7.0
+- !ruby/object:Gem::Dependency
+  name: mutex_m
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: standardrb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 'Ruby implementation for the STIX protocol version 2.1. Full specs: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html'
 email: lomato@gmail.com
 executables: []
 extensions: []
@@ -122,9 +164,11 @@ files:
 - README.md
 - Rakefile
 - lib/stix2.rb
-- lib/stix2/boolean.rb
+- lib/stix2/base.rb
 - lib/stix2/bundle.rb
 - lib/stix2/common.rb
+- lib/stix2/confidence_scale.rb
+- lib/stix2/custom_object.rb
 - lib/stix2/cyberobservable_objects/artifact.rb
 - lib/stix2/cyberobservable_objects/autonomous_system.rb
 - lib/stix2/cyberobservable_objects/base.rb
@@ -139,6 +183,7 @@ files:
 - lib/stix2/cyberobservable_objects/mac_addr.rb
 - lib/stix2/cyberobservable_objects/mutex.rb
 - lib/stix2/cyberobservable_objects/network_traffic.rb
+- lib/stix2/cyberobservable_objects/process.rb
 - lib/stix2/cyberobservable_objects/software.rb
 - lib/stix2/cyberobservable_objects/url.rb
 - lib/stix2/cyberobservable_objects/user_account.rb
@@ -166,9 +211,26 @@ files:
 - lib/stix2/domain_objects/tool.rb
 - lib/stix2/domain_objects/vulnerability.rb
 - lib/stix2/enum.rb
+- lib/stix2/extension_definition.rb
+- lib/stix2/extensions/alternate_data_stream_type.rb
+- lib/stix2/extensions/archive_file.rb
+- lib/stix2/extensions/http_request.rb
+- lib/stix2/extensions/icmp.rb
+- lib/stix2/extensions/ntfs.rb
+- lib/stix2/extensions/pdf.rb
+- lib/stix2/extensions/raster_image.rb
+- lib/stix2/extensions/socket.rb
+- lib/stix2/extensions/tcp.rb
+- lib/stix2/extensions/unix_account.rb
+- lib/stix2/extensions/windows_pe_optional_header_type.rb
+- lib/stix2/extensions/windows_pe_section_type.rb
+- lib/stix2/extensions/windows_pebinary.rb
+- lib/stix2/extensions/windows_process.rb
+- lib/stix2/extensions/windows_service.rb
 - lib/stix2/external_reference.rb
 - lib/stix2/identifier.rb
 - lib/stix2/kill_chain_phase.rb
+- lib/stix2/languages.rb
 - lib/stix2/meta_objects/base.rb
 - lib/stix2/meta_objects/data_markings/base.rb
 - lib/stix2/meta_objects/data_markings/granular_marking.rb
@@ -182,11 +244,11 @@ files:
 - lib/stix2/storage.rb
 - lib/stix2/version.rb
 - ruby-stix2.gemspec
-homepage: https://rubygemspec.org/gems/stix2
+homepage: https://github.com/crondaemon/ruby-stix2
 licenses:
 - GPL-2.0-or-later
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -194,15 +256,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.26
-signing_key:
+rubygems_version: 3.4.19
+signing_key: 
 specification_version: 4
-summary: Ruby implementation for the STIX protocol version 2
+summary: Ruby implementation for the STIX protocol version 2.1
 test_files: []

data/lib/stix2/boolean.rb

@@ -1,18 +0,0 @@
-module Stix2
-  class Boolean
-    def initialize(value)
-      case value
-      when String
-        @value = !!(value =~ /\A(true|t|yes|y|1)\z/i)
-      when Numeric
-        @value = !value.to_i.zero?
-      else
-        @value = (value == true)
-      end
-    end
-
-    def method_missing(m, *args, &block)
-      @value.send(m, *args, &block)
-    end
-  end
-end