ruby-stix2 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +4 -3
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +54 -1
  5. data/README.md +49 -3
  6. data/lib/stix2/base.rb +7 -0
  7. data/lib/stix2/bundle.rb +1 -2
  8. data/lib/stix2/common.rb +104 -22
  9. data/lib/stix2/confidence_scale.rb +106 -0
  10. data/lib/stix2/custom_object.rb +20 -0
  11. data/lib/stix2/cyberobservable_objects/artifact.rb +1 -1
  12. data/lib/stix2/cyberobservable_objects/directory.rb +1 -1
  13. data/lib/stix2/cyberobservable_objects/domain_name.rb +1 -1
  14. data/lib/stix2/cyberobservable_objects/email_message.rb +7 -7
  15. data/lib/stix2/cyberobservable_objects/file.rb +2 -2
  16. data/lib/stix2/cyberobservable_objects/ipv4_addr.rb +4 -4
  17. data/lib/stix2/cyberobservable_objects/ipv6_addr.rb +4 -4
  18. data/lib/stix2/cyberobservable_objects/network_traffic.rb +3 -3
  19. data/lib/stix2/cyberobservable_objects/process.rb +17 -0
  20. data/lib/stix2/cyberobservable_objects/software.rb +1 -1
  21. data/lib/stix2/cyberobservable_objects/user_account.rb +4 -4
  22. data/lib/stix2/cyberobservable_objects/x509_certificate.rb +4 -2
  23. data/lib/stix2/domain_objects/attack_pattern.rb +3 -3
  24. data/lib/stix2/domain_objects/campaign.rb +1 -1
  25. data/lib/stix2/domain_objects/grouping.rb +1 -1
  26. data/lib/stix2/domain_objects/identity.rb +1 -1
  27. data/lib/stix2/domain_objects/indicator.rb +2 -2
  28. data/lib/stix2/domain_objects/infrastructure.rb +3 -3
  29. data/lib/stix2/domain_objects/intrusion-set.rb +3 -3
  30. data/lib/stix2/domain_objects/malware.rb +9 -9
  31. data/lib/stix2/domain_objects/malware_analysis.rb +3 -3
  32. data/lib/stix2/domain_objects/note.rb +2 -2
  33. data/lib/stix2/domain_objects/observed_data.rb +1 -1
  34. data/lib/stix2/domain_objects/opinion.rb +2 -2
  35. data/lib/stix2/domain_objects/report.rb +2 -2
  36. data/lib/stix2/domain_objects/threat_actor.rb +6 -6
  37. data/lib/stix2/domain_objects/tool.rb +3 -3
  38. data/lib/stix2/enum.rb +81 -22
  39. data/lib/stix2/extension_definition.rb +10 -0
  40. data/lib/stix2/extensions/alternate_data_stream_type.rb +9 -0
  41. data/lib/stix2/extensions/archive_file.rb +8 -0
  42. data/lib/stix2/extensions/http_request.rb +12 -0
  43. data/lib/stix2/extensions/icmp.rb +8 -0
  44. data/lib/stix2/extensions/ntfs.rb +10 -0
  45. data/lib/stix2/extensions/pdf.rb +11 -0
  46. data/lib/stix2/extensions/raster_image.rb +10 -0
  47. data/lib/stix2/extensions/socket.rb +13 -0
  48. data/lib/stix2/extensions/tcp.rb +8 -0
  49. data/lib/stix2/extensions/unix_account.rb +10 -0
  50. data/lib/stix2/extensions/windows_pe_optional_header_type.rb +37 -0
  51. data/lib/stix2/extensions/windows_pe_section_type.rb +10 -0
  52. data/lib/stix2/extensions/windows_pebinary.rb +21 -0
  53. data/lib/stix2/extensions/windows_process.rb +13 -0
  54. data/lib/stix2/extensions/windows_service.rb +14 -0
  55. data/lib/stix2/external_reference.rb +2 -6
  56. data/lib/stix2/identifier.rb +2 -12
  57. data/lib/stix2/kill_chain_phase.rb +3 -7
  58. data/lib/stix2/languages.rb +236 -0
  59. data/lib/stix2/meta_objects/data_markings/base.rb +1 -4
  60. data/lib/stix2/meta_objects/data_markings/granular_marking.rb +2 -6
  61. data/lib/stix2/meta_objects/data_markings/marking_definition.rb +2 -2
  62. data/lib/stix2/meta_objects/data_markings/object_marking.rb +3 -13
  63. data/lib/stix2/meta_objects/language_content.rb +1 -1
  64. data/lib/stix2/ov.rb +266 -255
  65. data/lib/stix2/relationship_objects/relationship.rb +155 -2
  66. data/lib/stix2/relationship_objects/sighting.rb +3 -3
  67. data/lib/stix2/storage.rb +21 -15
  68. data/lib/stix2/version.rb +1 -1
  69. data/lib/stix2.rb +100 -72
  70. data/ruby-stix2.gemspec +25 -21
  71. metadata +73 -11
  72. data/lib/stix2/boolean.rb +0 -18
@@ -3,10 +3,163 @@ module Stix2
3
3
  class Relationship < Base
4
4
  property :relationship_type, required: true, coerce: String
5
5
  property :description, coerce: String
6
- property :source_ref, coerce: String
7
- property :target_ref, coerce: String
6
+ property :source_ref, required: true, coerce: String
7
+ property :target_ref, required: true, coerce: String
8
8
  property :start_time, coerce: Time
9
9
  property :stop_time, coerce: Time
10
+
11
+ def initialize(args)
12
+ if !args[:relationship_type] && args[:source_ref] && args[:target_ref]
13
+ objects = DOMAIN_OBJECTS + CYBEROBSERVABLE_OBJECTS
14
+ source_type = type_by_id(args[:source_ref])
15
+ target_type = type_by_id(args[:target_ref])
16
+ relationships = Array(RELATIONSHIP_TYPES.dig(source_type, target_type))
17
+ relationships += COMMON_RELATIONSHIPS if objects.include?(source_type) && objects.include?(target_type)
18
+ args[:relationship_type] = relationships.first unless relationships.empty?
19
+ end
20
+
21
+ super(args)
22
+ end
23
+
24
+ COMMON_RELATIONSHIPS = ["related-to", "derived-from", "duplicate-of"].freeze
25
+ DOMAIN_OBJECTS = ["attack-pattern", "campaign", "course-of-action", "grouping", "identity", "indicator",
26
+ "intrusion-set", "location", "malware-analysis", "malware", "note", "observed-data", "opinion", "report",
27
+ "threat_actor", "tool", "vulnerability"].freeze
28
+ CYBEROBSERVABLE_OBJECTS = ["artifact", "autonomous-system", "directory", "domain-name", "email-addr",
29
+ "email-message", "file", "ipv4-addr", "ipv6-addr", "mac-addr", "mutex", "network-traffic", "process",
30
+ "software", "url", "user-account", "windows-registry-key", "x509-certificate"].freeze
31
+
32
+ RELATIONSHIP_TYPES = {
33
+ "attack-pattern" => {
34
+ "identity" => "targets",
35
+ "location" => "targets",
36
+ "malware" => ["delivers", "uses"],
37
+ "tool" => "uses",
38
+ "vulnerability" => "targets"
39
+ },
40
+ "campaign" => {
41
+ "attack-pattern" => "uses",
42
+ "identity" => "targets",
43
+ "infrastructure" => ["compromises", "uses"],
44
+ "intrusion-set" => "attributed-to",
45
+ "location" => ["originates-from", "targets"],
46
+ "malware" => "uses",
47
+ "threat-actor" => "attributed-to",
48
+ "tool" => "uses",
49
+ "vulnerability" => "targets"
50
+ },
51
+ "course-of-action" => {
52
+ "attack-pattern" => "mitigates",
53
+ "indicator" => ["investigates", "mitigates"],
54
+ "malware" => ["mitigates", "remediates"],
55
+ "tool" => "mitigates",
56
+ "vulnerability" => ["mitigates", "remediates"]
57
+ },
58
+ "domain-name" => {
59
+ "domain-name" => "resolves-to",
60
+ "ipv4-addr" => "resolves-to",
61
+ "ipv6-addr" => "resolves-to"
62
+ },
63
+ "identity" => {
64
+ "location" => "located-at"
65
+ },
66
+ "indicator" => {
67
+ "attack-pattern" => "indicates",
68
+ "campaign" => "indicates",
69
+ "infrastructure" => "indicates",
70
+ "intrusion-set" => "indicates",
71
+ "malware" => "indicates",
72
+ "observed-data" => "based-on",
73
+ "threat-actor" => "indicates",
74
+ "tool" => "indicates"
75
+ },
76
+ "infrastructure" => {
77
+ "artifact" => "communicates-with",
78
+ "autonomous-system" => "communicates-with",
79
+ "directory" => "communicates-with",
80
+ "domain-name" => ["communicates-with", "consists-of"],
81
+ "email-addr" => "communicates-with",
82
+ "email-message" => "communicates-with",
83
+ "file" => "communicates-with",
84
+ "infrastructure" => ["communicates-with", "consists-of", "controls", "uses"],
85
+ "ipv4-addr" => ["communicates-with", "consists-of"],
86
+ "ipv6-addr" => ["communicates-with", "consists-of"],
87
+ "location" => "located-at",
88
+ "mac-addr" => "communicates-with",
89
+ "malware" => ["controls", "delivers", "hosts"],
90
+ "mutex" => "communicates-with",
91
+ "network-traffic" => "communicates-with",
92
+ "observed-data" => "consists-of",
93
+ "process" => "communicates-with",
94
+ "software" => "communicates-with",
95
+ "tool" => "hosts",
96
+ "url" => ["communicates-with", "consists-of"],
97
+ "user-account" => "communicates-with",
98
+ "vulnerability" => "has",
99
+ "windows registry-key" => "communicates-with",
100
+ "x509-certificate" => "communicates-with"
101
+ },
102
+ "intrusion-set" => {
103
+ "attack-pattern" => "uses",
104
+ "identity" => "targets",
105
+ "infrastructure" => ["compromises", "hosts", "owns", "uses"],
106
+ "location" => ["originates-from", "targets"],
107
+ "malware" => "uses",
108
+ "threat-actor" => "attributed-to",
109
+ "tool" => "uses",
110
+ "vulnerability" => "targets"
111
+ },
112
+ "ipv4-addr" => {
113
+ "mac-addr" => "resolves-to",
114
+ "autonomous-system" => "belongs-to"
115
+ },
116
+ "ipv6-addr" => {
117
+ "mac-addr" => "resolves-to",
118
+ "autonomous-system" => "belongs-to"
119
+ },
120
+ "malware" => {
121
+ "attack-pattern" => "uses",
122
+ "domain-name" => "communicates-with",
123
+ "identity" => "targets",
124
+ "infrastructure" => ["beacons-to", "exfiltrates-to", "targets", "uses"],
125
+ "intrusion-set" => "authored-by",
126
+ "ipv4-addr" => "communicates-with",
127
+ "ipv6-addr" => "communicates-with",
128
+ "location" => ["originates-from", "targets"],
129
+ "malware" => ["controls", "downloads", "drops", "uses", "variant-of"],
130
+ "threat-actor" => "authored-by",
131
+ "tool" => ["downloads", "drops", "uses"],
132
+ "url" => "communicates-with",
133
+ "vulnerability" => ["exploits", "targets"]
134
+ },
135
+ "malware-analysis" => {
136
+ "malware" => ["characterizes", "av-analysis-of", "static-analysis-of", "dynamic-analysis-of"]
137
+ },
138
+ "threat-actor" => {
139
+ "attack-pattern" => "uses",
140
+ "identity" => ["attributed-to", "impersonates", "targets"],
141
+ "infrastructure" => ["compromises", "hosts", "owns", "uses"],
142
+ "location" => ["located-at", "targets"],
143
+ "malware" => "uses",
144
+ "tool" => "uses",
145
+ "vulnerability" => "targets"
146
+ },
147
+ "tool" => {
148
+ "identity" => "targets",
149
+ "infrastructure" => ["targets", "uses"],
150
+ "location" => "targets",
151
+ "malware" => ["delivers", "drops"],
152
+ "vulnerability" => ["has", "targets"]
153
+ }
154
+ }.freeze
155
+
156
+ private_constant :COMMON_RELATIONSHIPS, :DOMAIN_OBJECTS, :CYBEROBSERVABLE_OBJECTS, :RELATIONSHIP_TYPES
157
+
158
+ private
159
+
160
+ def type_by_id(id)
161
+ id.split("--").first
162
+ end
10
163
  end
11
164
  end
12
165
  end
@@ -6,9 +6,9 @@ module Stix2
6
6
  property :last_seen, required: true, coerce: Time
7
7
  property :count, coerce: Integer
8
8
  property :sighting_of_ref, required: true, coerce: String
9
- property :observed_data_refs, coerce: Array[String]
10
- property :where_sighted_refs, coerce: Array[String]
11
- property :summary, coerce: ->(v){ is_boolean?(v) }
9
+ property :observed_data_refs, coerce: [String]
10
+ property :where_sighted_refs, coerce: [String]
11
+ property :summary, coerce: ->(v) { Stix2.to_bool(v) }
12
12
  end
13
13
  end
14
14
  end
data/lib/stix2/storage.rb CHANGED
@@ -1,23 +1,29 @@
1
1
  module Stix2
2
- @@storage = nil
2
+ class Storage
3
+ @@storage = nil
3
4
 
4
- def self.storage_add(obj)
5
- @@storage && @@storage[obj.id.to_s] = obj
6
- end
5
+ def self.add(obj)
6
+ @@storage && @@storage[obj.id.to_s] = obj
7
+ end
7
8
 
8
- def self.storage_activate
9
- @@storage = {}
10
- end
9
+ def self.activate
10
+ @@storage = {}
11
+ end
11
12
 
12
- def self.storage_deactivate
13
- @storage = nil
14
- end
13
+ def self.deactivate
14
+ @@storage = nil
15
+ end
15
16
 
16
- def self.storage_find(id)
17
- @@storage[id.to_s]
18
- end
17
+ def self.active?
18
+ !@@storage.nil?
19
+ end
20
+
21
+ def self.find(id)
22
+ @@storage[id.to_s]
23
+ end
19
24
 
20
- def self.storage
21
- @@storage
25
+ def self.inspect
26
+ @@storage.inspect
27
+ end
22
28
  end
23
29
  end
data/lib/stix2/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Stix2
2
- VERSION = '0.1.0'
2
+ VERSION = "0.1.2"
3
3
  end
data/lib/stix2.rb CHANGED
@@ -1,101 +1,129 @@
1
- require 'hashie'
2
- require 'json'
3
- require 'time'
1
+ require "hashie"
2
+ require "json"
3
+ require "time"
4
4
 
5
- require 'stix2/version'
6
- require 'stix2/boolean'
7
- require 'stix2/external_reference'
8
- require 'stix2/identifier'
9
- require 'stix2/kill_chain_phase'
10
- require 'stix2/ov'
11
- require 'stix2/enum'
5
+ require "stix2/version"
6
+ require "stix2/ov"
7
+ require "stix2/enum"
8
+ require "stix2/base"
9
+ require "stix2/languages"
10
+ require "stix2/external_reference"
11
+ require "stix2/identifier"
12
+ require "stix2/kill_chain_phase"
12
13
 
13
- require 'stix2/meta_objects/data_markings/granular_marking'
14
- require 'stix2/meta_objects/data_markings/object_marking'
14
+ require "stix2/meta_objects/data_markings/granular_marking"
15
+ require "stix2/meta_objects/data_markings/object_marking"
15
16
 
16
- require 'stix2/common'
17
- require 'stix2/domain_objects/base'
18
- require 'stix2/domain_objects/attack_pattern'
19
- require 'stix2/domain_objects/campaign'
20
- require 'stix2/domain_objects/course_of_action'
21
- require 'stix2/domain_objects/grouping'
22
- require 'stix2/domain_objects/identity'
23
- require 'stix2/domain_objects/indicator'
24
- require 'stix2/domain_objects/infrastructure'
25
- require 'stix2/domain_objects/intrusion-set'
26
- require 'stix2/domain_objects/location'
27
- require 'stix2/domain_objects/malware'
28
- require 'stix2/domain_objects/malware_analysis'
29
- require 'stix2/domain_objects/note'
30
- require 'stix2/domain_objects/observed_data'
31
- require 'stix2/domain_objects/opinion'
32
- require 'stix2/domain_objects/report'
33
- require 'stix2/domain_objects/threat_actor'
34
- require 'stix2/domain_objects/tool'
35
- require 'stix2/domain_objects/vulnerability'
17
+ require "stix2/common"
18
+ require "stix2/domain_objects/base"
19
+ require "stix2/domain_objects/attack_pattern"
20
+ require "stix2/domain_objects/campaign"
21
+ require "stix2/domain_objects/course_of_action"
22
+ require "stix2/domain_objects/grouping"
23
+ require "stix2/domain_objects/identity"
24
+ require "stix2/domain_objects/indicator"
25
+ require "stix2/domain_objects/infrastructure"
26
+ require "stix2/domain_objects/intrusion-set"
27
+ require "stix2/domain_objects/location"
28
+ require "stix2/domain_objects/malware"
29
+ require "stix2/domain_objects/malware_analysis"
30
+ require "stix2/domain_objects/note"
31
+ require "stix2/domain_objects/observed_data"
32
+ require "stix2/domain_objects/opinion"
33
+ require "stix2/domain_objects/report"
34
+ require "stix2/domain_objects/threat_actor"
35
+ require "stix2/domain_objects/tool"
36
+ require "stix2/domain_objects/vulnerability"
36
37
 
37
- require 'stix2/relationship_objects/base'
38
- require 'stix2/relationship_objects/relationship'
39
- require 'stix2/relationship_objects/sighting'
38
+ require "stix2/relationship_objects/base"
39
+ require "stix2/relationship_objects/relationship"
40
+ require "stix2/relationship_objects/sighting"
40
41
 
41
- require 'stix2/cyberobservable_objects/base'
42
- require 'stix2/cyberobservable_objects/artifact'
43
- require 'stix2/cyberobservable_objects/autonomous_system'
44
- require 'stix2/cyberobservable_objects/directory'
45
- require 'stix2/cyberobservable_objects/domain_name'
46
- require 'stix2/cyberobservable_objects/email_addr'
47
- require 'stix2/cyberobservable_objects/email_mime_part_type'
48
- require 'stix2/cyberobservable_objects/email_message'
49
- require 'stix2/cyberobservable_objects/file'
50
- require 'stix2/cyberobservable_objects/ipv4_addr'
51
- require 'stix2/cyberobservable_objects/ipv6_addr'
52
- require 'stix2/cyberobservable_objects/mac_addr'
53
- require 'stix2/cyberobservable_objects/mutex'
54
- require 'stix2/cyberobservable_objects/network_traffic'
55
- require 'stix2/cyberobservable_objects/software'
56
- require 'stix2/cyberobservable_objects/url'
57
- require 'stix2/cyberobservable_objects/user_account'
58
- require 'stix2/cyberobservable_objects/windows_registry_value'
59
- require 'stix2/cyberobservable_objects/windows_registry_key'
60
- require 'stix2/cyberobservable_objects/x509_v3_extension_type'
61
- require 'stix2/cyberobservable_objects/x509_certificate'
42
+ require "stix2/cyberobservable_objects/base"
43
+ require "stix2/cyberobservable_objects/artifact"
44
+ require "stix2/cyberobservable_objects/autonomous_system"
45
+ require "stix2/cyberobservable_objects/directory"
46
+ require "stix2/cyberobservable_objects/domain_name"
47
+ require "stix2/cyberobservable_objects/email_addr"
48
+ require "stix2/cyberobservable_objects/email_mime_part_type"
49
+ require "stix2/cyberobservable_objects/email_message"
50
+ require "stix2/cyberobservable_objects/file"
51
+ require "stix2/cyberobservable_objects/ipv4_addr"
52
+ require "stix2/cyberobservable_objects/ipv6_addr"
53
+ require "stix2/cyberobservable_objects/mac_addr"
54
+ require "stix2/cyberobservable_objects/mutex"
55
+ require "stix2/cyberobservable_objects/network_traffic"
56
+ require "stix2/cyberobservable_objects/process"
57
+ require "stix2/cyberobservable_objects/software"
58
+ require "stix2/cyberobservable_objects/url"
59
+ require "stix2/cyberobservable_objects/user_account"
60
+ require "stix2/cyberobservable_objects/windows_registry_value"
61
+ require "stix2/cyberobservable_objects/windows_registry_key"
62
+ require "stix2/cyberobservable_objects/x509_certificate"
62
63
 
63
- require 'stix2/meta_objects/base'
64
- require 'stix2/meta_objects/language_content'
64
+ require "stix2/meta_objects/base"
65
+ require "stix2/meta_objects/language_content"
65
66
 
66
- require 'stix2/meta_objects/data_markings/base'
67
- require 'stix2/meta_objects/data_markings/marking_definition'
67
+ require "stix2/meta_objects/data_markings/base"
68
+ require "stix2/meta_objects/data_markings/marking_definition"
68
69
 
69
- require 'stix2/bundle'
70
+ require "stix2/extension_definition"
71
+ require "stix2/extensions/archive_file"
72
+ require "stix2/extensions/socket"
73
+ require "stix2/extensions/icmp"
74
+ require "stix2/extensions/http_request"
75
+ require "stix2/extensions/ntfs"
76
+ require "stix2/extensions/tcp"
77
+ require "stix2/extensions/windows_process"
78
+ require "stix2/extensions/windows_service"
79
+ require "stix2/extensions/unix_account"
80
+ require "stix2/extensions/pdf"
81
+ require "stix2/extensions/raster_image"
82
+ require "stix2/extensions/windows_pebinary"
70
83
 
71
- require 'stix2/storage'
84
+ require "stix2/custom_object"
85
+ require "stix2/bundle"
86
+ require "stix2/confidence_scale"
87
+
88
+ require "stix2/storage"
72
89
 
73
90
  class Time
74
- class <<self
75
- alias :coerce :parse
91
+ class << self
92
+ alias_method :coerce, :parse
76
93
  end
77
94
  end
78
95
 
79
96
  module Stix2
80
97
  def self.parse(options)
81
- case options
98
+ options_ = case options
82
99
  when String
83
- options_ = JSON.parse(options)
100
+ JSON.parse(options)
84
101
  when Hash
85
- options_ = options.clone
102
+ options.clone
86
103
  else
87
- options_ = JSON.parse(options.to_s)
104
+ JSON.parse(options.to_s)
88
105
  end
89
106
  Hashie.symbolize_keys!(options_)
90
107
  type = options_[:type]
91
108
  raise("Property 'type' is missing") if !type
92
109
  # Let's try to guess the domain of the object, among the known ones
93
- ['DomainObject', 'RelationshipObject', 'CyberobservableObject', 'MetaObject',
94
- 'MetaObject::DataMarking'].each do |family|
95
- class_name = "Stix2::#{family}::#{type.split('-').map(&:capitalize).join}"
110
+ [nil, "DomainObject", "RelationshipObject", "CyberobservableObject", "MetaObject",
111
+ "MetaObject::DataMarking"].each do |family|
112
+ class_name = if type.start_with?("x-")
113
+ "Stix2::CustomObject"
114
+ else
115
+ ["Stix2", family, type.split("-").map(&:capitalize).join].compact.join("::")
116
+ end
96
117
  return Module.const_get(class_name).new(options_) if Module.const_defined?(class_name)
97
118
  end
98
119
  raise("Message unsupported: #{type}")
99
120
  end
100
- end
101
121
 
122
+ def self.to_bool(value)
123
+ (value == true) || (value == "true")
124
+ end
125
+
126
+ def self.is_hex?(value)
127
+ value.match?(/^\h*$/)
128
+ end
129
+ end
data/ruby-stix2.gemspec CHANGED
@@ -1,27 +1,31 @@
1
- # coding: utf-8
2
- lib = File.expand_path('../lib', __FILE__)
1
+ lib = File.expand_path("../lib", __FILE__)
3
2
  $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'stix2/version'
3
+ require "stix2/version"
5
4
 
6
5
  Gem::Specification.new do |spec|
7
- spec.name = "ruby-stix2"
8
- spec.version = Stix2::VERSION
9
- spec.summary = "Ruby implementation for the STIX protocol version 2"
10
- spec.description = "Ruby implementation for the STIX protocol version 2"
11
- spec.authors = ["Dario Lombardo"]
12
- spec.email = "lomato@gmail.com"
6
+ spec.name = "ruby-stix2"
7
+ spec.version = Stix2::VERSION
8
+ spec.summary = "Ruby implementation for the STIX protocol version 2.1"
9
+ spec.description = "Ruby implementation for the STIX protocol version 2.1. Full specs: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html"
10
+ spec.authors = ["Dario Lombardo"]
11
+ spec.email = "lomato@gmail.com"
13
12
 
14
- spec.require_paths = ['lib']
15
- spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
16
- spec.homepage = "https://rubygemspec.org/gems/stix2"
17
- spec.license = "GPL-2.0-or-later"
13
+ spec.require_paths = ["lib"]
14
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
15
+ spec.homepage = "https://github.com/crondaemon/ruby-stix2"
16
+ spec.license = "GPL-2.0-or-later"
18
17
 
19
- spec.add_dependency 'hashie', '~> 5.0.0'
18
+ spec.required_ruby_version = ">= 2.7"
20
19
 
21
- spec.add_development_dependency 'bundler', '~> 2.3'
22
- spec.add_development_dependency 'rake', '~> 13.0'
23
- spec.add_development_dependency 'pry', '~> 0.13.0'
24
- spec.add_development_dependency 'pry-byebug', '~> 3.10.1'
25
- spec.add_development_dependency 'minitest', '~> 5.18.1'
26
- spec.add_development_dependency 'simplecov', '~> 0.22.0'
27
- end
20
+ spec.add_dependency "hashie", "~> 5.0.0"
21
+
22
+ spec.add_development_dependency "bundler", "~> 2.3"
23
+ spec.add_development_dependency "rake", "~> 13.0"
24
+ spec.add_development_dependency "pry", "~> 0.13.0"
25
+ spec.add_development_dependency "pry-byebug", "~> 3.10.1"
26
+ spec.add_development_dependency "minitest", "~> 5.18.1"
27
+ spec.add_development_dependency "simplecov", "~> 0.22.0"
28
+ spec.add_development_dependency "irb", "~> 1.7.0"
29
+ spec.add_development_dependency "mutex_m"
30
+ spec.add_development_dependency "standardrb"
31
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby-stix2
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dario Lombardo
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-06-20 00:00:00.000000000 Z
11
+ date: 2024-09-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: hashie
@@ -108,7 +108,49 @@ dependencies:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
110
  version: 0.22.0
111
- description: Ruby implementation for the STIX protocol version 2
111
+ - !ruby/object:Gem::Dependency
112
+ name: irb
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: 1.7.0
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: 1.7.0
125
+ - !ruby/object:Gem::Dependency
126
+ name: mutex_m
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - ">="
137
+ - !ruby/object:Gem::Version
138
+ version: '0'
139
+ - !ruby/object:Gem::Dependency
140
+ name: standardrb
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ version: '0'
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - ">="
151
+ - !ruby/object:Gem::Version
152
+ version: '0'
153
+ description: 'Ruby implementation for the STIX protocol version 2.1. Full specs: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html'
112
154
  email: lomato@gmail.com
113
155
  executables: []
114
156
  extensions: []
@@ -122,9 +164,11 @@ files:
122
164
  - README.md
123
165
  - Rakefile
124
166
  - lib/stix2.rb
125
- - lib/stix2/boolean.rb
167
+ - lib/stix2/base.rb
126
168
  - lib/stix2/bundle.rb
127
169
  - lib/stix2/common.rb
170
+ - lib/stix2/confidence_scale.rb
171
+ - lib/stix2/custom_object.rb
128
172
  - lib/stix2/cyberobservable_objects/artifact.rb
129
173
  - lib/stix2/cyberobservable_objects/autonomous_system.rb
130
174
  - lib/stix2/cyberobservable_objects/base.rb
@@ -139,6 +183,7 @@ files:
139
183
  - lib/stix2/cyberobservable_objects/mac_addr.rb
140
184
  - lib/stix2/cyberobservable_objects/mutex.rb
141
185
  - lib/stix2/cyberobservable_objects/network_traffic.rb
186
+ - lib/stix2/cyberobservable_objects/process.rb
142
187
  - lib/stix2/cyberobservable_objects/software.rb
143
188
  - lib/stix2/cyberobservable_objects/url.rb
144
189
  - lib/stix2/cyberobservable_objects/user_account.rb
@@ -166,9 +211,26 @@ files:
166
211
  - lib/stix2/domain_objects/tool.rb
167
212
  - lib/stix2/domain_objects/vulnerability.rb
168
213
  - lib/stix2/enum.rb
214
+ - lib/stix2/extension_definition.rb
215
+ - lib/stix2/extensions/alternate_data_stream_type.rb
216
+ - lib/stix2/extensions/archive_file.rb
217
+ - lib/stix2/extensions/http_request.rb
218
+ - lib/stix2/extensions/icmp.rb
219
+ - lib/stix2/extensions/ntfs.rb
220
+ - lib/stix2/extensions/pdf.rb
221
+ - lib/stix2/extensions/raster_image.rb
222
+ - lib/stix2/extensions/socket.rb
223
+ - lib/stix2/extensions/tcp.rb
224
+ - lib/stix2/extensions/unix_account.rb
225
+ - lib/stix2/extensions/windows_pe_optional_header_type.rb
226
+ - lib/stix2/extensions/windows_pe_section_type.rb
227
+ - lib/stix2/extensions/windows_pebinary.rb
228
+ - lib/stix2/extensions/windows_process.rb
229
+ - lib/stix2/extensions/windows_service.rb
169
230
  - lib/stix2/external_reference.rb
170
231
  - lib/stix2/identifier.rb
171
232
  - lib/stix2/kill_chain_phase.rb
233
+ - lib/stix2/languages.rb
172
234
  - lib/stix2/meta_objects/base.rb
173
235
  - lib/stix2/meta_objects/data_markings/base.rb
174
236
  - lib/stix2/meta_objects/data_markings/granular_marking.rb
@@ -182,11 +244,11 @@ files:
182
244
  - lib/stix2/storage.rb
183
245
  - lib/stix2/version.rb
184
246
  - ruby-stix2.gemspec
185
- homepage: https://rubygemspec.org/gems/stix2
247
+ homepage: https://github.com/crondaemon/ruby-stix2
186
248
  licenses:
187
249
  - GPL-2.0-or-later
188
250
  metadata: {}
189
- post_install_message:
251
+ post_install_message:
190
252
  rdoc_options: []
191
253
  require_paths:
192
254
  - lib
@@ -194,15 +256,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
194
256
  requirements:
195
257
  - - ">="
196
258
  - !ruby/object:Gem::Version
197
- version: '0'
259
+ version: '2.7'
198
260
  required_rubygems_version: !ruby/object:Gem::Requirement
199
261
  requirements:
200
262
  - - ">="
201
263
  - !ruby/object:Gem::Version
202
264
  version: '0'
203
265
  requirements: []
204
- rubygems_version: 3.3.26
205
- signing_key:
266
+ rubygems_version: 3.4.19
267
+ signing_key:
206
268
  specification_version: 4
207
- summary: Ruby implementation for the STIX protocol version 2
269
+ summary: Ruby implementation for the STIX protocol version 2.1
208
270
  test_files: []
data/lib/stix2/boolean.rb DELETED
@@ -1,18 +0,0 @@
1
- module Stix2
2
- class Boolean
3
- def initialize(value)
4
- case value
5
- when String
6
- @value = !!(value =~ /\A(true|t|yes|y|1)\z/i)
7
- when Numeric
8
- @value = !value.to_i.zero?
9
- else
10
- @value = (value == true)
11
- end
12
- end
13
-
14
- def method_missing(m, *args, &block)
15
- @value.send(m, *args, &block)
16
- end
17
- end
18
- end