ruby-stix2 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. checksums.yaml +7 -0
  2. data/.github/workflows/build.yml +31 -0
  3. data/.gitignore +56 -0
  4. data/Gemfile +4 -0
  5. data/Gemfile.lock +43 -0
  6. data/LICENSE +339 -0
  7. data/README.md +116 -0
  8. data/Rakefile +8 -0
  9. data/lib/stix2/boolean.rb +18 -0
  10. data/lib/stix2/bundle.rb +7 -0
  11. data/lib/stix2/common.rb +62 -0
  12. data/lib/stix2/cyberobservable_objects/artifact.rb +12 -0
  13. data/lib/stix2/cyberobservable_objects/autonomous_system.rb +9 -0
  14. data/lib/stix2/cyberobservable_objects/base.rb +6 -0
  15. data/lib/stix2/cyberobservable_objects/directory.rb +12 -0
  16. data/lib/stix2/cyberobservable_objects/domain_name.rb +8 -0
  17. data/lib/stix2/cyberobservable_objects/email_addr.rb +9 -0
  18. data/lib/stix2/cyberobservable_objects/email_message.rb +21 -0
  19. data/lib/stix2/cyberobservable_objects/email_mime_part_type.rb +10 -0
  20. data/lib/stix2/cyberobservable_objects/file.rb +18 -0
  21. data/lib/stix2/cyberobservable_objects/ipv4_addr.rb +11 -0
  22. data/lib/stix2/cyberobservable_objects/ipv6_addr.rb +11 -0
  23. data/lib/stix2/cyberobservable_objects/mac_addr.rb +7 -0
  24. data/lib/stix2/cyberobservable_objects/mutex.rb +7 -0
  25. data/lib/stix2/cyberobservable_objects/network_traffic.rb +23 -0
  26. data/lib/stix2/cyberobservable_objects/software.rb +12 -0
  27. data/lib/stix2/cyberobservable_objects/url.rb +7 -0
  28. data/lib/stix2/cyberobservable_objects/user_account.rb +20 -0
  29. data/lib/stix2/cyberobservable_objects/windows_registry_key.rb +11 -0
  30. data/lib/stix2/cyberobservable_objects/windows_registry_value.rb +9 -0
  31. data/lib/stix2/cyberobservable_objects/x509_certificate.rb +19 -0
  32. data/lib/stix2/cyberobservable_objects/x509_v3_extension_type.rb +22 -0
  33. data/lib/stix2/domain_objects/attack_pattern.rb +12 -0
  34. data/lib/stix2/domain_objects/base.rb +6 -0
  35. data/lib/stix2/domain_objects/campaign.rb +12 -0
  36. data/lib/stix2/domain_objects/course_of_action.rb +9 -0
  37. data/lib/stix2/domain_objects/grouping.rb +10 -0
  38. data/lib/stix2/domain_objects/identity.rb +12 -0
  39. data/lib/stix2/domain_objects/indicator.rb +15 -0
  40. data/lib/stix2/domain_objects/infrastructure.rb +13 -0
  41. data/lib/stix2/domain_objects/intrusion-set.rb +15 -0
  42. data/lib/stix2/domain_objects/location.rb +17 -0
  43. data/lib/stix2/domain_objects/malware.rb +19 -0
  44. data/lib/stix2/domain_objects/malware_analysis.rb +22 -0
  45. data/lib/stix2/domain_objects/note.rb +10 -0
  46. data/lib/stix2/domain_objects/observed_data.rb +11 -0
  47. data/lib/stix2/domain_objects/opinion.rb +10 -0
  48. data/lib/stix2/domain_objects/report.rb +11 -0
  49. data/lib/stix2/domain_objects/threat_actor.rb +19 -0
  50. data/lib/stix2/domain_objects/tool.rb +12 -0
  51. data/lib/stix2/domain_objects/vulnerability.rb +8 -0
  52. data/lib/stix2/enum.rb +32 -0
  53. data/lib/stix2/external_reference.rb +13 -0
  54. data/lib/stix2/identifier.rb +18 -0
  55. data/lib/stix2/kill_chain_phase.rb +10 -0
  56. data/lib/stix2/meta_objects/base.rb +6 -0
  57. data/lib/stix2/meta_objects/data_markings/base.rb +11 -0
  58. data/lib/stix2/meta_objects/data_markings/granular_marking.rb +15 -0
  59. data/lib/stix2/meta_objects/data_markings/marking_definition.rb +19 -0
  60. data/lib/stix2/meta_objects/data_markings/object_marking.rb +22 -0
  61. data/lib/stix2/meta_objects/language_content.rb +9 -0
  62. data/lib/stix2/ov.rb +319 -0
  63. data/lib/stix2/relationship_objects/base.rb +6 -0
  64. data/lib/stix2/relationship_objects/relationship.rb +12 -0
  65. data/lib/stix2/relationship_objects/sighting.rb +14 -0
  66. data/lib/stix2/storage.rb +23 -0
  67. data/lib/stix2/version.rb +3 -0
  68. data/lib/stix2.rb +101 -0
  69. data/ruby-stix2.gemspec +27 -0
  70. metadata +208 -0
data/lib/stix2/enum.rb ADDED
@@ -0,0 +1,32 @@
1
+ module Stix2
2
+ OPINION_ENUM = [
3
+ 'strongly-disagree',
4
+ 'disagree',
5
+ 'neutral',
6
+ 'agree',
7
+ 'strongly-agree'
8
+ ].freeze
9
+
10
+ ENCRYPTION_ALGORITHM_ENUM = [
11
+ 'AES-256-GCM',
12
+ 'ChaCha20-Poly1305',
13
+ 'mime-type-indicated'
14
+ ].freeze
15
+
16
+ WINDOWS_REGISTRY_DATATYPE_ENUM = [
17
+ 'REG_NONE',
18
+ 'REG_SZ',
19
+ 'REG_EXPAND_SZ',
20
+ 'REG_BINARY',
21
+ 'REG_DWORD',
22
+ 'REG_DWORD_BIG_ENDIAN',
23
+ 'REG_DWORD_LITTLE_ENDIAN',
24
+ 'REG_LINK',
25
+ 'REG_MULTI_SZ',
26
+ 'REG_RESOURCE_LIST',
27
+ 'REG_FULL_RESOURCE_DESCRIPTION',
28
+ 'REG_RESOURCE_REQUIREMENTS_LIST',
29
+ 'REG_QWORD',
30
+ 'REG_INVALID_TYPE'
31
+ ].freeze
32
+ end
@@ -0,0 +1,13 @@
1
+ module Stix2
2
+ class ExternalReference < Hashie::Dash
3
+ include Hashie::Extensions::Dash::PredefinedValues
4
+ include Hashie::Extensions::IndifferentAccess
5
+ include Hashie::Extensions::Dash::Coercion
6
+
7
+ property :source_name, coerce: String, required: true
8
+ property :description, coerce: String
9
+ property :url, coerce: String
10
+ property :hashes, coerce: ->(hsh){ hash_dict(hsh) }
11
+ property :external_id, coerce: String
12
+ end
13
+ end
@@ -0,0 +1,18 @@
1
+ module Stix2
2
+ class Identifier
3
+ def initialize(value)
4
+ value.match(/.*--.*/) || raise("Invalid identifier: #{value}")
5
+ @value = value
6
+ end
7
+
8
+ def to_s
9
+ @value
10
+ end
11
+
12
+ def pretty_print(pp)
13
+ # :nocov:
14
+ pp.text(@value.inspect)
15
+ # :nocov
16
+ end
17
+ end
18
+ end
@@ -0,0 +1,10 @@
1
+ module Stix2
2
+ class KillChainPhase < Hashie::Dash
3
+ include Hashie::Extensions::Dash::PredefinedValues
4
+ include Hashie::Extensions::IndifferentAccess
5
+ include Hashie::Extensions::Dash::Coercion
6
+
7
+ property :kill_chain_name, coerce: String
8
+ property :phase_name, coerce: String
9
+ end
10
+ end
@@ -0,0 +1,6 @@
1
+ module Stix2
2
+ module MetaObject
3
+ class Base < Stix2::Common
4
+ end
5
+ end
6
+ end
@@ -0,0 +1,11 @@
1
+ module Stix2
2
+ module MetaObject
3
+ module DataMarking
4
+ class Base < Hashie::Dash
5
+ include Hashie::Extensions::Dash::PredefinedValues
6
+ include Hashie::Extensions::IndifferentAccess
7
+ include Hashie::Extensions::Dash::Coercion
8
+ end
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,15 @@
1
+ module Stix2
2
+ module MetaObject
3
+ module DataMarking
4
+ class GranularMarking < Hashie::Dash
5
+ include Hashie::Extensions::Dash::PredefinedValues
6
+ include Hashie::Extensions::IndifferentAccess
7
+ include Hashie::Extensions::Dash::Coercion
8
+
9
+ property :lang, coerce: String
10
+ property :marking_ref, coerce: Identifier
11
+ property :selectors, coerce: Array[String]
12
+ end
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,19 @@
1
+ module Stix2
2
+ module MetaObject
3
+ module DataMarking
4
+ class MarkingDefinition < Stix2::Common
5
+ property :name, coerce: String
6
+ property :definition_type, required: true, coerce: String
7
+ property :definition, required: true, coerce: Hash[String => String]
8
+
9
+ def initialize(args)
10
+ super(args)
11
+ raise("Property 'definition' must contain a single key") if definition.size > 1
12
+ if definition_type != definition.keys.first
13
+ raise("Property 'definition_type' and 'definition' must have a matching key")
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,22 @@
1
+ module Stix2
2
+ module MetaObject
3
+ module DataMarking
4
+ class ObjectMarking
5
+ def initialize(value)
6
+ value.match(/marking-definition--.*/) || raise("Invalid value: #{value}")
7
+ @value = value
8
+ end
9
+
10
+ def to_s
11
+ @value
12
+ end
13
+
14
+ def pretty_print(pp)
15
+ # :nocov:
16
+ pp.text(@value.inspect)
17
+ # :nocov
18
+ end
19
+ end
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,9 @@
1
+ module Stix2
2
+ module MetaObject
3
+ class LanguageContent < Base
4
+ property :object_ref, coerce: Identifier
5
+ property :object_modified, coerce: Time
6
+ property :contents, coerce: Hash # TODO
7
+ end
8
+ end
9
+ end
data/lib/stix2/ov.rb ADDED
@@ -0,0 +1,319 @@
1
+ module Stix2
2
+ INDICATOR_TYPE_OV = [
3
+ 'anomalous-activity',
4
+ 'anonymization',
5
+ 'benign',
6
+ 'compromised',
7
+ 'malicious-activity',
8
+ 'attribution',
9
+ 'unknown'
10
+ ].freeze
11
+
12
+ PATTERN_TYPE_OV = [
13
+ 'stix',
14
+ 'pcre',
15
+ 'sigma',
16
+ 'snort',
17
+ 'suricata',
18
+ 'yara'
19
+ ].freeze
20
+
21
+ GROUPING_CONTEXT_OV = [
22
+ 'suspicious-activity',
23
+ 'malware-analysis',
24
+ 'unspecified'
25
+ ].freeze
26
+
27
+ IDENTITY_CLASS_OV = [
28
+ 'individual',
29
+ 'group',
30
+ 'system',
31
+ 'organization',
32
+ 'class',
33
+ 'unspecified'
34
+ ].freeze
35
+
36
+ INDUSTRY_SECTOR_OV = [
37
+ 'agriculture',
38
+ 'aerospace',
39
+ 'automotive',
40
+ 'chemical',
41
+ 'commercial',
42
+ 'communications',
43
+ 'construction',
44
+ 'defense',
45
+ 'education',
46
+ 'energy',
47
+ 'entertainment',
48
+ 'financial-services',
49
+ 'government (emergency-services, government-local, government-national, government-public-services, government-regional)',
50
+ 'healthcare',
51
+ 'hospitality-leisure',
52
+ 'infrastructure (dams, nuclear, water)',
53
+ 'insurance',
54
+ 'manufacturing',
55
+ 'mining',
56
+ 'non-profit',
57
+ 'pharmaceuticals',
58
+ 'retail',
59
+ 'technology',
60
+ 'telecommunications',
61
+ 'transportation',
62
+ 'utilities'
63
+ ].freeze
64
+
65
+ MALWARE_TYPE_OV = [
66
+ 'adware',
67
+ 'backdoor',
68
+ 'bot',
69
+ 'bootkit',
70
+ 'ddos',
71
+ 'downloader',
72
+ 'dropper',
73
+ 'exploit-kit',
74
+ 'keylogger',
75
+ 'ransomware',
76
+ 'remote-access-trojan',
77
+ 'resource-exploitation',
78
+ 'rogue-security-software',
79
+ 'rootkit',
80
+ 'screen-capture',
81
+ 'spyware',
82
+ 'trojan',
83
+ 'unknown',
84
+ 'virus',
85
+ 'webshell',
86
+ 'wiper',
87
+ 'worm'
88
+ ].freeze
89
+
90
+ PROCESSOR_ARCHITECTURE_OV = [
91
+ 'alpha',
92
+ 'arm',
93
+ 'ia-64',
94
+ 'mips',
95
+ 'powerpc',
96
+ 'sparc',
97
+ 'x86',
98
+ 'x86-64'
99
+ ].freeze
100
+
101
+ IMPLEMENTATION_LANGUAGE_OV = [
102
+ 'applescript',
103
+ 'bash',
104
+ 'c',
105
+ 'c++',
106
+ 'c#',
107
+ 'go',
108
+ 'java',
109
+ 'javascript',
110
+ 'lua',
111
+ 'objective-c',
112
+ 'perl',
113
+ 'php',
114
+ 'powershell',
115
+ 'python',
116
+ 'ruby',
117
+ 'scala',
118
+ 'swift',
119
+ 'typescript',
120
+ 'visual-basic',
121
+ 'x86-32',
122
+ 'x86-64'
123
+ ].freeze
124
+
125
+ IMPLEMENTATION_CAPABILITIES_OV = [
126
+ 'accesses-remote-machines',
127
+ 'anti-debugging',
128
+ 'anti-disassembly',
129
+ 'anti-emulation',
130
+ 'anti-memory-forensics',
131
+ 'anti-sandbox',
132
+ 'anti-vm',
133
+ 'captures-input-peripherals',
134
+ 'captures-output-peripherals',
135
+ 'captures-system-state-data',
136
+ 'cleans-traces-of-infection',
137
+ 'commits-fraud',
138
+ 'communicates-with-c2',
139
+ 'compromises-data-availability',
140
+ 'compromises-data-integrity',
141
+ 'compromises-system-availability',
142
+ 'controls-local-machine',
143
+ 'degrades-security-software',
144
+ 'degrades-system-updates',
145
+ 'determines-c2-server',
146
+ 'emails-spam',
147
+ 'escalates-privileges',
148
+ 'evades-av',
149
+ 'exfiltrates-data',
150
+ 'fingerprints-host',
151
+ 'hides-artifacts',
152
+ 'hides-executing-code',
153
+ 'infects-files',
154
+ 'infects-remote-machines',
155
+ 'installs-other-components',
156
+ 'persists-after-system-reboot',
157
+ 'prevents-artifact-access',
158
+ 'prevents-artifact-deletion',
159
+ 'probes-network-environment',
160
+ 'self-modifies',
161
+ 'steals-authentication-credentials',
162
+ 'violates-system-operational-integrity'
163
+ ].freeze
164
+
165
+ INFRASTRUCTURE_TYPE_OV = [
166
+ 'amplification',
167
+ 'anonymization',
168
+ 'botnet',
169
+ 'command-and-control',
170
+ 'exfiltration',
171
+ 'hosting-malware',
172
+ 'hosting-target-lists',
173
+ 'phishing',
174
+ 'reconnaissance',
175
+ 'staging',
176
+ 'undefined'
177
+ ].freeze
178
+
179
+ ATTACK_RESOURCE_LEVEL_OV = [
180
+ 'individual',
181
+ 'club',
182
+ 'contest',
183
+ 'team',
184
+ 'organization',
185
+ 'government'
186
+ ].freeze
187
+
188
+ ATTACK_MOTIVATION_OV = [
189
+ 'accidental',
190
+ 'coercion',
191
+ 'dominance',
192
+ 'ideology',
193
+ 'notoriety',
194
+ 'organizational-gain',
195
+ 'personal-gain',
196
+ 'personal-satisfaction',
197
+ 'revenge',
198
+ 'unpredictable'
199
+ ].freeze
200
+
201
+ REGION_OV = [
202
+ 'eastern-africa',
203
+ 'middle-africa',
204
+ 'northern-africa',
205
+ 'southern-africa',
206
+ 'western-africa',
207
+ 'caribbean',
208
+ 'central-america',
209
+ 'latin-america-caribbean',
210
+ 'northern-america',
211
+ 'south-america',
212
+ 'central-asia',
213
+ 'eastern-asia',
214
+ 'southern-asia',
215
+ 'south-eastern-asia',
216
+ 'western-asia',
217
+ 'eastern-europe',
218
+ 'northern-europe',
219
+ 'southern-europe',
220
+ 'western-europe',
221
+ 'antarctica',
222
+ 'australia-new-zealand',
223
+ 'melanesia',
224
+ 'micronesia',
225
+ 'polynesia'
226
+ ].freeze
227
+
228
+ MALWARE_RESULT_OV = [
229
+ 'malicious',
230
+ 'suspicious',
231
+ 'benign',
232
+ 'unknown'
233
+ ].freeze
234
+
235
+ REPORT_TYPE_OV = [
236
+ 'attack-pattern',
237
+ 'campaign',
238
+ 'identity',
239
+ 'indicator',
240
+ 'intrusion-set',
241
+ 'malware',
242
+ 'observed-data',
243
+ 'threat-actor',
244
+ 'threat-report',
245
+ 'tool',
246
+ 'vulnerability'
247
+ ].freeze
248
+
249
+ THREAT_ACTOR_TYPE_OV = [
250
+ 'activist',
251
+ 'competitor',
252
+ 'crime-syndicate',
253
+ 'criminal',
254
+ 'hacker',
255
+ 'insider-accidental',
256
+ 'insider-disgruntled',
257
+ 'nation-state',
258
+ 'sensationalist',
259
+ 'spy',
260
+ 'terrorist',
261
+ 'unknown'
262
+ ].freeze
263
+
264
+ THREAT_ACTOR_ROLE_OV = [
265
+ 'agent',
266
+ 'director',
267
+ 'independent',
268
+ 'infrastructure-architect',
269
+ 'infrastructure-operator',
270
+ 'malware-author',
271
+ 'sponsor'
272
+ ].freeze
273
+
274
+ THREAT_ACTOR_SOPHISTICATION_OV = [
275
+ 'none',
276
+ 'minimal',
277
+ 'intermediate',
278
+ 'advanced',
279
+ 'expert',
280
+ 'innovator',
281
+ 'strategic'
282
+ ].freeze
283
+
284
+ TOOL_TYPES_OV = [
285
+ 'denial-of-service',
286
+ 'exploitation',
287
+ 'information-gathering',
288
+ 'network-capture',
289
+ 'credential-exploitation',
290
+ 'remote-access',
291
+ 'vulnerability-scanning',
292
+ 'unknown'
293
+ ].freeze
294
+
295
+ HASH_ALGORITHM_OV = [
296
+ 'MD5',
297
+ 'SHA-1',
298
+ 'SHA-256',
299
+ 'SHA-512',
300
+ 'SHA3-256',
301
+ 'SHA3-512',
302
+ 'SSDEEP',
303
+ 'TLSH'
304
+ ].freeze
305
+
306
+ ACCOUNT_TYPE_OV = [
307
+ 'facebook',
308
+ 'ldap',
309
+ 'nis',
310
+ 'openid',
311
+ 'radius',
312
+ 'skype',
313
+ 'tacacs',
314
+ 'twitter',
315
+ 'unix',
316
+ 'windows-local',
317
+ 'windows-domain'
318
+ ].freeze
319
+ end
@@ -0,0 +1,6 @@
1
+ module Stix2
2
+ module RelationshipObject
3
+ class Base < Stix2::Common
4
+ end
5
+ end
6
+ end
@@ -0,0 +1,12 @@
1
+ module Stix2
2
+ module RelationshipObject
3
+ class Relationship < Base
4
+ property :relationship_type, required: true, coerce: String
5
+ property :description, coerce: String
6
+ property :source_ref, coerce: String
7
+ property :target_ref, coerce: String
8
+ property :start_time, coerce: Time
9
+ property :stop_time, coerce: Time
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,14 @@
1
+ module Stix2
2
+ module RelationshipObject
3
+ class Sighting < Base
4
+ property :description, coerce: String
5
+ property :first_seen, required: true, coerce: Time
6
+ property :last_seen, required: true, coerce: Time
7
+ property :count, coerce: Integer
8
+ property :sighting_of_ref, required: true, coerce: String
9
+ property :observed_data_refs, coerce: Array[String]
10
+ property :where_sighted_refs, coerce: Array[String]
11
+ property :summary, coerce: ->(v){ is_boolean?(v) }
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,23 @@
1
+ module Stix2
2
+ @@storage = nil
3
+
4
+ def self.storage_add(obj)
5
+ @@storage && @@storage[obj.id.to_s] = obj
6
+ end
7
+
8
+ def self.storage_activate
9
+ @@storage = {}
10
+ end
11
+
12
+ def self.storage_deactivate
13
+ @storage = nil
14
+ end
15
+
16
+ def self.storage_find(id)
17
+ @@storage[id.to_s]
18
+ end
19
+
20
+ def self.storage
21
+ @@storage
22
+ end
23
+ end
@@ -0,0 +1,3 @@
1
+ module Stix2
2
+ VERSION = '0.1.0'
3
+ end
data/lib/stix2.rb ADDED
@@ -0,0 +1,101 @@
1
+ require 'hashie'
2
+ require 'json'
3
+ require 'time'
4
+
5
+ require 'stix2/version'
6
+ require 'stix2/boolean'
7
+ require 'stix2/external_reference'
8
+ require 'stix2/identifier'
9
+ require 'stix2/kill_chain_phase'
10
+ require 'stix2/ov'
11
+ require 'stix2/enum'
12
+
13
+ require 'stix2/meta_objects/data_markings/granular_marking'
14
+ require 'stix2/meta_objects/data_markings/object_marking'
15
+
16
+ require 'stix2/common'
17
+ require 'stix2/domain_objects/base'
18
+ require 'stix2/domain_objects/attack_pattern'
19
+ require 'stix2/domain_objects/campaign'
20
+ require 'stix2/domain_objects/course_of_action'
21
+ require 'stix2/domain_objects/grouping'
22
+ require 'stix2/domain_objects/identity'
23
+ require 'stix2/domain_objects/indicator'
24
+ require 'stix2/domain_objects/infrastructure'
25
+ require 'stix2/domain_objects/intrusion-set'
26
+ require 'stix2/domain_objects/location'
27
+ require 'stix2/domain_objects/malware'
28
+ require 'stix2/domain_objects/malware_analysis'
29
+ require 'stix2/domain_objects/note'
30
+ require 'stix2/domain_objects/observed_data'
31
+ require 'stix2/domain_objects/opinion'
32
+ require 'stix2/domain_objects/report'
33
+ require 'stix2/domain_objects/threat_actor'
34
+ require 'stix2/domain_objects/tool'
35
+ require 'stix2/domain_objects/vulnerability'
36
+
37
+ require 'stix2/relationship_objects/base'
38
+ require 'stix2/relationship_objects/relationship'
39
+ require 'stix2/relationship_objects/sighting'
40
+
41
+ require 'stix2/cyberobservable_objects/base'
42
+ require 'stix2/cyberobservable_objects/artifact'
43
+ require 'stix2/cyberobservable_objects/autonomous_system'
44
+ require 'stix2/cyberobservable_objects/directory'
45
+ require 'stix2/cyberobservable_objects/domain_name'
46
+ require 'stix2/cyberobservable_objects/email_addr'
47
+ require 'stix2/cyberobservable_objects/email_mime_part_type'
48
+ require 'stix2/cyberobservable_objects/email_message'
49
+ require 'stix2/cyberobservable_objects/file'
50
+ require 'stix2/cyberobservable_objects/ipv4_addr'
51
+ require 'stix2/cyberobservable_objects/ipv6_addr'
52
+ require 'stix2/cyberobservable_objects/mac_addr'
53
+ require 'stix2/cyberobservable_objects/mutex'
54
+ require 'stix2/cyberobservable_objects/network_traffic'
55
+ require 'stix2/cyberobservable_objects/software'
56
+ require 'stix2/cyberobservable_objects/url'
57
+ require 'stix2/cyberobservable_objects/user_account'
58
+ require 'stix2/cyberobservable_objects/windows_registry_value'
59
+ require 'stix2/cyberobservable_objects/windows_registry_key'
60
+ require 'stix2/cyberobservable_objects/x509_v3_extension_type'
61
+ require 'stix2/cyberobservable_objects/x509_certificate'
62
+
63
+ require 'stix2/meta_objects/base'
64
+ require 'stix2/meta_objects/language_content'
65
+
66
+ require 'stix2/meta_objects/data_markings/base'
67
+ require 'stix2/meta_objects/data_markings/marking_definition'
68
+
69
+ require 'stix2/bundle'
70
+
71
+ require 'stix2/storage'
72
+
73
+ class Time
74
+ class <<self
75
+ alias :coerce :parse
76
+ end
77
+ end
78
+
79
+ module Stix2
80
+ def self.parse(options)
81
+ case options
82
+ when String
83
+ options_ = JSON.parse(options)
84
+ when Hash
85
+ options_ = options.clone
86
+ else
87
+ options_ = JSON.parse(options.to_s)
88
+ end
89
+ Hashie.symbolize_keys!(options_)
90
+ type = options_[:type]
91
+ raise("Property 'type' is missing") if !type
92
+ # Let's try to guess the domain of the object, among the known ones
93
+ ['DomainObject', 'RelationshipObject', 'CyberobservableObject', 'MetaObject',
94
+ 'MetaObject::DataMarking'].each do |family|
95
+ class_name = "Stix2::#{family}::#{type.split('-').map(&:capitalize).join}"
96
+ return Module.const_get(class_name).new(options_) if Module.const_defined?(class_name)
97
+ end
98
+ raise("Message unsupported: #{type}")
99
+ end
100
+ end
101
+
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'stix2/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "ruby-stix2"
8
+ spec.version = Stix2::VERSION
9
+ spec.summary = "Ruby implementation for the STIX protocol version 2"
10
+ spec.description = "Ruby implementation for the STIX protocol version 2"
11
+ spec.authors = ["Dario Lombardo"]
12
+ spec.email = "lomato@gmail.com"
13
+
14
+ spec.require_paths = ['lib']
15
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
16
+ spec.homepage = "https://rubygemspec.org/gems/stix2"
17
+ spec.license = "GPL-2.0-or-later"
18
+
19
+ spec.add_dependency 'hashie', '~> 5.0.0'
20
+
21
+ spec.add_development_dependency 'bundler', '~> 2.3'
22
+ spec.add_development_dependency 'rake', '~> 13.0'
23
+ spec.add_development_dependency 'pry', '~> 0.13.0'
24
+ spec.add_development_dependency 'pry-byebug', '~> 3.10.1'
25
+ spec.add_development_dependency 'minitest', '~> 5.18.1'
26
+ spec.add_development_dependency 'simplecov', '~> 0.22.0'
27
+ end