ruby-stix2 0.1.1 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (63) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build.yml +4 -3
  3. data/Gemfile +1 -1
  4. data/Gemfile.lock +48 -1
  5. data/README.md +1 -1
  6. data/lib/stix2/bundle.rb +5 -2
  7. data/lib/stix2/common.rb +47 -30
  8. data/lib/stix2/confidence_scale.rb +38 -38
  9. data/lib/stix2/custom_object.rb +5 -5
  10. data/lib/stix2/cyberobservable_objects/artifact.rb +1 -1
  11. data/lib/stix2/cyberobservable_objects/directory.rb +1 -1
  12. data/lib/stix2/cyberobservable_objects/domain_name.rb +1 -1
  13. data/lib/stix2/cyberobservable_objects/email_message.rb +7 -7
  14. data/lib/stix2/cyberobservable_objects/file.rb +2 -2
  15. data/lib/stix2/cyberobservable_objects/ipv4_addr.rb +4 -4
  16. data/lib/stix2/cyberobservable_objects/ipv6_addr.rb +4 -4
  17. data/lib/stix2/cyberobservable_objects/network_traffic.rb +3 -3
  18. data/lib/stix2/cyberobservable_objects/process.rb +3 -3
  19. data/lib/stix2/cyberobservable_objects/software.rb +1 -1
  20. data/lib/stix2/cyberobservable_objects/user_account.rb +4 -4
  21. data/lib/stix2/cyberobservable_objects/x509_certificate.rb +3 -3
  22. data/lib/stix2/domain_objects/attack_pattern.rb +3 -3
  23. data/lib/stix2/domain_objects/campaign.rb +1 -1
  24. data/lib/stix2/domain_objects/grouping.rb +1 -1
  25. data/lib/stix2/domain_objects/identity.rb +1 -1
  26. data/lib/stix2/domain_objects/indicator.rb +2 -2
  27. data/lib/stix2/domain_objects/infrastructure.rb +3 -3
  28. data/lib/stix2/domain_objects/intrusion-set.rb +3 -3
  29. data/lib/stix2/domain_objects/malware.rb +9 -9
  30. data/lib/stix2/domain_objects/malware_analysis.rb +3 -3
  31. data/lib/stix2/domain_objects/note.rb +2 -2
  32. data/lib/stix2/domain_objects/observed_data.rb +1 -1
  33. data/lib/stix2/domain_objects/opinion.rb +2 -2
  34. data/lib/stix2/domain_objects/report.rb +2 -2
  35. data/lib/stix2/domain_objects/threat_actor.rb +6 -6
  36. data/lib/stix2/domain_objects/tool.rb +3 -3
  37. data/lib/stix2/enum.rb +60 -60
  38. data/lib/stix2/extension_definition.rb +2 -2
  39. data/lib/stix2/extensions/alternate_data_stream_type.rb +1 -1
  40. data/lib/stix2/extensions/archive_file.rb +2 -2
  41. data/lib/stix2/extensions/icmp.rb +2 -2
  42. data/lib/stix2/extensions/ntfs.rb +2 -2
  43. data/lib/stix2/extensions/pdf.rb +2 -2
  44. data/lib/stix2/extensions/socket.rb +3 -3
  45. data/lib/stix2/extensions/unix_account.rb +1 -1
  46. data/lib/stix2/extensions/windows_pe_optional_header_type.rb +7 -7
  47. data/lib/stix2/extensions/windows_pe_section_type.rb +1 -1
  48. data/lib/stix2/extensions/windows_pebinary.rb +7 -7
  49. data/lib/stix2/extensions/windows_process.rb +2 -2
  50. data/lib/stix2/extensions/windows_service.rb +2 -2
  51. data/lib/stix2/external_reference.rb +1 -1
  52. data/lib/stix2/languages.rb +233 -233
  53. data/lib/stix2/meta_objects/data_markings/granular_marking.rb +1 -1
  54. data/lib/stix2/meta_objects/data_markings/marking_definition.rb +2 -2
  55. data/lib/stix2/meta_objects/data_markings/object_marking.rb +1 -1
  56. data/lib/stix2/meta_objects/language_content.rb +1 -1
  57. data/lib/stix2/ov.rb +263 -258
  58. data/lib/stix2/relationship_objects/relationship.rb +155 -2
  59. data/lib/stix2/relationship_objects/sighting.rb +3 -3
  60. data/lib/stix2/version.rb +1 -1
  61. data/lib/stix2.rb +90 -90
  62. data/ruby-stix2.gemspec +23 -23
  63. metadata +32 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f69ada6e1bf635fb01ca7cfed49ed184447e14e8b85c2b5ff14e1640d1f18738
4
- data.tar.gz: 56712374f185dc57787679dd8060eb32320cbff393fada2d5285a924bc48b3a1
3
+ metadata.gz: 1325e9bc73496954969bda48fbd2a096c63be31098e6207d72c8260e23a5118f
4
+ data.tar.gz: d3e59d85404608530150a0fce245f79a0de28598f0daa14bc68e96c598d623e9
5
5
  SHA512:
6
- metadata.gz: cc04f1a76a4e79f2e57365201e1fdadaa4f29eecb1c61f2e4f7a4be4d9201b238ee36aac3f5c6bd094acc77ae2be8720b41d0e0a8a2b62a52279304c4fc8bb64
7
- data.tar.gz: 852ae67a130e1a0338fd0d44af58746caab042d92b7b2bbd3c09c4edba2b0860eb0ff4a2c76a9346c802b8b7a47150e4bfae2b6039b31c082fed9f4da3b7e8ea
6
+ metadata.gz: 4fa484ea080ce69d832a71fc45c27dc081385f769895fbbf345ef1eb81109982fa5b1b4bb187b1da6104dc1ee37acf75183164b2b11160609cb607db1c4976d7
7
+ data.tar.gz: 68ca00c8308ca9d3fd1b978ecd0525d81f169f4b85d21b03eef9ead386e7f0d4228a594755b442c77ea9c1f6ef1b4bf673c47834e71171fad725853cf30c9dca
@@ -10,11 +10,11 @@ jobs:
10
10
  strategy:
11
11
  matrix:
12
12
  os: [ubuntu-latest, windows-latest]
13
- ruby: ['2.7', '3.0', '3.1', head]
13
+ ruby: ['3.0', '3.1', '3.2', '3.3', head]
14
14
  runs-on: ${{ matrix.os }}
15
15
  permissions: write-all
16
16
  steps:
17
- - uses: actions/checkout@v3
17
+ - uses: actions/checkout@v4
18
18
  - name: Set up Ruby
19
19
  uses: ruby/setup-ruby@v1
20
20
  with:
@@ -22,9 +22,10 @@ jobs:
22
22
  bundler: latest
23
23
  - run: bundle
24
24
  - run: bundle exec rake test
25
+ - run: bundle exec standardrb
25
26
  - name: SimpleCov Ruby ${{ matrix.ruby }}
26
27
  uses: joshmfrankel/simplecov-check-action@main
27
- if: ${{ matrix.os == 'ubuntu-latest' && matrix.ruby == '3.1' }}
28
+ if: ${{ matrix.os == 'ubuntu-latest' && matrix.ruby == '3.2' }}
28
29
  with:
29
30
  github_token: ${{ secrets.GITHUB_TOKEN }}
30
31
  check_job_name: SimpleCov ${{ matrix.ruby }}
data/Gemfile CHANGED
@@ -1,4 +1,4 @@
1
- source 'https://rubygems.org'
1
+ source "https://rubygems.org"
2
2
 
3
3
  # Specify your gem's dependencies in ruby-taxii.gemspec
4
4
  gemspec
data/Gemfile.lock CHANGED
@@ -1,12 +1,13 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- ruby-stix2 (0.1.1)
4
+ ruby-stix2 (0.1.3)
5
5
  hashie (~> 5.0.0)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
9
9
  specs:
10
+ ast (2.4.2)
10
11
  byebug (11.1.3)
11
12
  coderay (1.1.3)
12
13
  docile (1.4.0)
@@ -14,23 +15,67 @@ GEM
14
15
  io-console (0.6.0)
15
16
  irb (1.7.0)
16
17
  reline (>= 0.3.0)
18
+ json (2.7.2)
19
+ language_server-protocol (3.17.0.3)
20
+ lint_roller (1.1.0)
17
21
  method_source (1.0.0)
18
22
  minitest (5.18.1)
23
+ mutex_m (0.2.0)
24
+ parallel (1.24.0)
25
+ parser (3.3.0.5)
26
+ ast (~> 2.4.1)
27
+ racc
19
28
  pry (0.13.1)
20
29
  coderay (~> 1.1)
21
30
  method_source (~> 1.0)
22
31
  pry-byebug (3.10.1)
23
32
  byebug (~> 11.0)
24
33
  pry (>= 0.13, < 0.15)
34
+ racc (1.7.3)
35
+ rainbow (3.1.1)
25
36
  rake (13.0.6)
37
+ regexp_parser (2.9.0)
26
38
  reline (0.3.5)
27
39
  io-console (~> 0.5)
40
+ rexml (3.2.6)
41
+ rubocop (1.62.1)
42
+ json (~> 2.3)
43
+ language_server-protocol (>= 3.17.0)
44
+ parallel (~> 1.10)
45
+ parser (>= 3.3.0.2)
46
+ rainbow (>= 2.2.2, < 4.0)
47
+ regexp_parser (>= 1.8, < 3.0)
48
+ rexml (>= 3.2.5, < 4.0)
49
+ rubocop-ast (>= 1.31.1, < 2.0)
50
+ ruby-progressbar (~> 1.7)
51
+ unicode-display_width (>= 2.4.0, < 3.0)
52
+ rubocop-ast (1.31.2)
53
+ parser (>= 3.3.0.4)
54
+ rubocop-performance (1.20.2)
55
+ rubocop (>= 1.48.1, < 2.0)
56
+ rubocop-ast (>= 1.30.0, < 2.0)
57
+ ruby-progressbar (1.13.0)
28
58
  simplecov (0.22.0)
29
59
  docile (~> 1.1)
30
60
  simplecov-html (~> 0.11)
31
61
  simplecov_json_formatter (~> 0.1)
32
62
  simplecov-html (0.12.3)
33
63
  simplecov_json_formatter (0.1.4)
64
+ standard (1.35.1)
65
+ language_server-protocol (~> 3.17.0.2)
66
+ lint_roller (~> 1.0)
67
+ rubocop (~> 1.62.0)
68
+ standard-custom (~> 1.0.0)
69
+ standard-performance (~> 1.3)
70
+ standard-custom (1.0.2)
71
+ lint_roller (~> 1.0)
72
+ rubocop (~> 1.50)
73
+ standard-performance (1.3.1)
74
+ lint_roller (~> 1.1)
75
+ rubocop-performance (~> 1.20.2)
76
+ standardrb (1.0.1)
77
+ standard
78
+ unicode-display_width (2.5.0)
34
79
 
35
80
  PLATFORMS
36
81
  x86_64-linux
@@ -39,11 +84,13 @@ DEPENDENCIES
39
84
  bundler (~> 2.3)
40
85
  irb (~> 1.7.0)
41
86
  minitest (~> 5.18.1)
87
+ mutex_m (~> 0.2.0)
42
88
  pry (~> 0.13.0)
43
89
  pry-byebug (~> 3.10.1)
44
90
  rake (~> 13.0)
45
91
  ruby-stix2!
46
92
  simplecov (~> 0.22.0)
93
+ standardrb (~> 1.0.1)
47
94
 
48
95
  BUNDLED WITH
49
96
  2.3.26
data/README.md CHANGED
@@ -146,7 +146,7 @@ scales. To make this conversion smooth, an object offers the method `confidence_
146
146
  indicator = Stix2::DomainObject::Indicator.new(confidence: i)
147
147
  indicator.confidence # This is the raw integer
148
148
  indicator.confidence_scale.to_admiralty_credibility # this is a string in this scale
149
- indicator.confidence_scale.to_admiralty_credibility_strix # this is a string in stix mode
149
+ indicator.confidence_scale.to_admiralty_credibility_stix # this is a string in stix mode
150
150
  ```
151
151
 
152
152
  # Contribution
data/lib/stix2/bundle.rb CHANGED
@@ -1,7 +1,10 @@
1
1
  module Stix2
2
2
  class Bundle < Stix2::Common
3
3
  property :type, required: true, coerce: String
4
- property :id, coerce: String
5
- property :objects, coerce: ->(values){ values.map{ Stix2.parse(_1) } }
4
+ property :objects, coerce: ->(array) do
5
+ array.all? do |element|
6
+ element.is_a?(::Stix2::Common) || Stix2.parse(element).is_a?(::Stix2::Common) || raise("Invalid Object")
7
+ end && array
8
+ end
6
9
  end
7
10
  end
data/lib/stix2/common.rb CHANGED
@@ -1,33 +1,44 @@
1
+ require "securerandom"
2
+
1
3
  module Stix2
2
- SPEC_VERSIONS = ['2.1']
4
+ SPEC_VERSIONS = ["2.1"]
5
+ UUID_NAMESPACE = "00abedb4-aa42-466c-9c01-fed23315a9b7"
3
6
 
4
7
  class Common < Stix2::Base
8
+ include Hashie::Extensions::Dash::PropertyTranslation
5
9
  property :type, required: true, coerce: String
6
- property :spec_version, coerce: String, values: Stix2::SPEC_VERSIONS
7
- property :id, coerce: Identifier
10
+ property :spec_version, coerce: String, values: Stix2::SPEC_VERSIONS, default: SPEC_VERSIONS.last
11
+ property :id, coerce: Identifier, required: true
8
12
  property :created_by_ref, coerce: Identifier
9
13
  property :created, coerce: Time
10
14
  property :modified, coerce: Time
11
- property :revoked, coerce: ->(value){ Stix2.to_bool(value) }
12
- property :labels, coerce: Array[String]
13
- property :confidence, coerce: ->(value){ int = Integer(value) ; [0..100].include?(int) ; int }
15
+ property :revoked, coerce: ->(value) { Stix2.to_bool(value) }
16
+ property :labels, coerce: [String]
17
+ property :confidence, coerce: ->(value) {
18
+ int = Integer(value)
19
+ [0..100].include?(int)
20
+ int
21
+ }
14
22
  property :lang, coerce: String
15
- property :external_references, coerce: Array[ExternalReference]
16
- property :object_marking_refs, coerce: Array[Stix2::MetaObject::DataMarking::ObjectMarking]
17
- property :granular_markings, coerce: Array[MetaObject::DataMarking::GranularMarking]
18
- property :defanged, coerce: ->(value){ Stix2.to_bool(value) }
23
+ property :external_references, coerce: [ExternalReference]
24
+ property :object_marking_refs, coerce: [Stix2::MetaObject::DataMarking::ObjectMarking]
25
+ property :granular_markings, coerce: [MetaObject::DataMarking::GranularMarking]
26
+ property :defanged, coerce: ->(value) { Stix2.to_bool(value) }
19
27
  property :extensions, coerce: Hash
20
28
 
21
29
  def initialize(options = {})
22
30
  Hashie.symbolize_keys!(options)
23
- type = to_dash(self.class.name.split('::').last)
31
+ type = to_dash(self.class.name.split("::").last)
24
32
  if options[:type]
25
- if !options[:type].start_with?('x-') && options[:type] != type
33
+ if !options[:type].start_with?("x-") && options[:type] != type
26
34
  raise("Property 'type' must be '#{type}'")
27
35
  end
28
36
  else
29
37
  options[:type] = type
30
38
  end
39
+
40
+ options[:id] ||= "#{type}--#{SecureRandom.uuid}"
41
+
31
42
  process_toplevel_property_extension(options[:extensions])
32
43
  super(options)
33
44
  process_extensions(options)
@@ -35,19 +46,23 @@ module Stix2
35
46
  end
36
47
 
37
48
  def method_missing(m, *args, &block)
38
- if !m.to_s.end_with?('_instance')
49
+ if !m.to_s.end_with?("_instance")
39
50
  # :nocov:
40
51
  super(m, args, block)
41
52
  return
42
53
  # :nocov:
43
54
  end
44
55
  # Retrieve the original method
45
- ref_method = m.to_s.gsub(/_instance$/, '')
56
+ ref_method = m.to_s.gsub(/_instance$/, "")
46
57
  obj = send(ref_method)
47
58
  raise("Can't get a Stix2::Identifier from #{ref_method}") if !obj.is_a?(Stix2::Identifier)
48
59
  Stix2::Storage.find(obj)
49
60
  end
50
61
 
62
+ def respond_to_missing?(method_name, include_private = false)
63
+ method_name.to_s.start_with?("_instance") || super
64
+ end
65
+
51
66
  def confidence_scale
52
67
  Stix2::ConfidenceScale.new(confidence)
53
68
  end
@@ -63,20 +78,22 @@ module Stix2
63
78
  excess.empty? || raise("Invalid values: #{excess}")
64
79
  list
65
80
  end
81
+ private_class_method :validate_array
66
82
 
67
83
  def self.hash_dict(hsh)
68
84
  validate_array(hsh.keys, HASH_ALGORITHM_OV)
69
85
  hsh
70
86
  end
87
+ private_class_method :hash_dict
71
88
 
72
89
  def process_toplevel_property_extension(extensions)
73
- extension_definition = extensions&.find{ |key, val| key.to_s.start_with?('extension-definition') }
90
+ extension_definition = extensions&.find { |key, val| key.to_s.start_with?("extension-definition") }
74
91
  return if !extension_definition
75
92
 
76
93
  id = extension_definition.first
77
94
  type = extension_definition.last[:extension_type]
78
- if type == 'toplevel-property-extension'
79
- Stix2::Storage.active? || raise('Stix.storage must be active to use toplevel-property-extension')
95
+ if type == "toplevel-property-extension"
96
+ Stix2::Storage.active? || raise("Stix.storage must be active to use toplevel-property-extension")
80
97
  ext = Stix2::Storage.find(id)
81
98
  ext.extension_properties.each do |prop|
82
99
  self.class.class_eval do
@@ -90,32 +107,32 @@ module Stix2
90
107
  options[:extensions]&.each do |id, value|
91
108
  case id.to_s
92
109
  when /[A-Z]/
93
- raise('Invalid extension name format.')
94
- when 'archive-ext'
110
+ raise("Invalid extension name format.")
111
+ when "archive-ext"
95
112
  extensions[id] = Stix2::Extensions::ArchiveFile.new(value)
96
113
  when /^extension-definition/
97
114
  # Ignore it, already processes
98
- when 'socket-ext'
115
+ when "socket-ext"
99
116
  extensions[id] = Stix2::Extensions::Socket.new(value)
100
- when 'icmp-ext'
117
+ when "icmp-ext"
101
118
  extensions[id] = Stix2::Extensions::Icmp.new(value)
102
- when 'http-request-ext'
119
+ when "http-request-ext"
103
120
  extensions[id] = Stix2::Extensions::HttpRequest.new(value)
104
- when 'ntfs-ext'
121
+ when "ntfs-ext"
105
122
  extensions[id] = Stix2::Extensions::Ntfs.new(value)
106
- when 'tcp-ext'
123
+ when "tcp-ext"
107
124
  extensions[id] = Stix2::Extensions::Tcp.new(value)
108
- when 'windows-process-ext'
125
+ when "windows-process-ext"
109
126
  extensions[id] = Stix2::Extensions::WindowsProcess.new(value)
110
- when 'windows-service-ext'
127
+ when "windows-service-ext"
111
128
  extensions[id] = Stix2::Extensions::WindowsService.new(value)
112
- when 'unix-account-ext'
129
+ when "unix-account-ext"
113
130
  extensions[id] = Stix2::Extensions::UnixAccount.new(value)
114
- when 'pdf-ext'
131
+ when "pdf-ext"
115
132
  extensions[id] = Stix2::Extensions::Pdf.new(value)
116
- when 'raster-image-ext'
133
+ when "raster-image-ext"
117
134
  extensions[id] = Stix2::Extensions::RasterImage.new(value)
118
- when 'windows-pebinary-ext'
135
+ when "windows-pebinary-ext"
119
136
  extensions[id] = Stix2::Extensions::WindowsPebinary.new(value)
120
137
  else
121
138
  # Ensure we have a hash
@@ -1,52 +1,52 @@
1
1
  module Stix2
2
2
  class ConfidenceScale
3
3
  SCALE_NONE_LOW_MED_HIGH = {
4
- 0..0 => { scale: 'None', stix: 0 },
5
- 1..29 => { scale: 'Low', stix: 15 },
6
- 30..69 => { scale: 'Med', stix: 50 },
7
- 70..100 => { scale: 'High', stix: 85 }
4
+ 0..0 => {scale: "None", stix: 0},
5
+ 1..29 => {scale: "Low", stix: 15},
6
+ 30..69 => {scale: "Med", stix: 50},
7
+ 70..100 => {scale: "High", stix: 85}
8
8
  }.freeze
9
9
 
10
10
  SCALE_0_10 = {
11
- 0..4 => { scale: 0, stix: 0 },
12
- 5..14 => { scale: 1, stix: 10 },
13
- 15..24 => { scale: 2, stix: 20 },
14
- 25..34 => { scale: 3, stix: 30 },
15
- 35..44 => { scale: 4, stix: 40 },
16
- 45..54 => { scale: 5, stix: 50 },
17
- 55..64 => { scale: 6, stix: 60 },
18
- 65..74 => { scale: 7, stix: 70 },
19
- 75..84 => { scale: 8, stix: 80 },
20
- 85..94 => { scale: 9, stix: 90 },
21
- 95..100 => { scale: 10, stix: 100 }
11
+ 0..4 => {scale: 0, stix: 0},
12
+ 5..14 => {scale: 1, stix: 10},
13
+ 15..24 => {scale: 2, stix: 20},
14
+ 25..34 => {scale: 3, stix: 30},
15
+ 35..44 => {scale: 4, stix: 40},
16
+ 45..54 => {scale: 5, stix: 50},
17
+ 55..64 => {scale: 6, stix: 60},
18
+ 65..74 => {scale: 7, stix: 70},
19
+ 75..84 => {scale: 8, stix: 80},
20
+ 85..94 => {scale: 9, stix: 90},
21
+ 95..100 => {scale: 10, stix: 100}
22
22
  }.freeze
23
23
 
24
24
  SCALE_ADMIRALTY_CREDIBILITY = {
25
- 0..19 => { scale: 5, stix: 10 },
26
- 20..39 => { scale: 4, stix: 30 },
27
- 40..59 => { scale: 3, stix: 50 },
28
- 60..79 => { scale: 2, stix: 70 },
29
- 80..100 => { scale: 1, stix: 90 }
25
+ 0..19 => {scale: 5, stix: 10},
26
+ 20..39 => {scale: 4, stix: 30},
27
+ 40..59 => {scale: 3, stix: 50},
28
+ 60..79 => {scale: 2, stix: 70},
29
+ 80..100 => {scale: 1, stix: 90}
30
30
  }.freeze
31
31
 
32
32
  SCALE_WEP = {
33
- 0..0 => { scale: 'Impossible', stix: 0 },
34
- 1..19 => { scale: 'Highly Unlikely/Almost Certainly Not', stix: 10 },
35
- 20..39 => { scale: 'Unlikely/Probably Not', stix: 30 },
36
- 40..59 => { scale: 'Even Chance', stix: 50 },
37
- 60..79 => { scale: 'Likely/Probable', stix: 70 },
38
- 80..99 => { scale: 'Highly likely/Almost Certain', stix: 90 },
39
- 100..100 => { scale: 'Certain', stix: 100 }
33
+ 0..0 => {scale: "Impossible", stix: 0},
34
+ 1..19 => {scale: "Highly Unlikely/Almost Certainly Not", stix: 10},
35
+ 20..39 => {scale: "Unlikely/Probably Not", stix: 30},
36
+ 40..59 => {scale: "Even Chance", stix: 50},
37
+ 60..79 => {scale: "Likely/Probable", stix: 70},
38
+ 80..99 => {scale: "Highly likely/Almost Certain", stix: 90},
39
+ 100..100 => {scale: "Certain", stix: 100}
40
40
  }.freeze
41
41
 
42
42
  SCALE_DNI = {
43
- 0..9 => { scale: 'Almost No Chance / Remote' , stix: 5 },
44
- 10..19 => { scale: 'Very Unlikely / Highly Improbable', stix: 15 },
45
- 20..39 => { scale: 'Unlikely / Improbable', stix: 30 },
46
- 40..59 => { scale: 'Roughly Even Chance / Roughly Even Odds', stix: 50 },
47
- 60..79 => { scale: 'Likely / Probable', stix: 70 },
48
- 80..89 => { scale: 'Very Likely / Highly Probable', stix: 85 },
49
- 90..100 => { scale: 'Almost Certain / Nearly Certain', stix: 95 }
43
+ 0..9 => {scale: "Almost No Chance / Remote", stix: 5},
44
+ 10..19 => {scale: "Very Unlikely / Highly Improbable", stix: 15},
45
+ 20..39 => {scale: "Unlikely / Improbable", stix: 30},
46
+ 40..59 => {scale: "Roughly Even Chance / Roughly Even Odds", stix: 50},
47
+ 60..79 => {scale: "Likely / Probable", stix: 70},
48
+ 80..89 => {scale: "Very Likely / Highly Probable", stix: 85},
49
+ 90..100 => {scale: "Almost Certain / Nearly Certain", stix: 95}
50
50
  }.freeze
51
51
 
52
52
  def initialize(value = nil)
@@ -54,12 +54,12 @@ module Stix2
54
54
  end
55
55
 
56
56
  def to_none_low_med_high
57
- !@value && 'Not Specified'
57
+ !@value && "Not Specified"
58
58
  find_range(SCALE_NONE_LOW_MED_HIGH, :scale)
59
59
  end
60
60
 
61
61
  def to_none_low_med_high_stix
62
- !@value && 'Not Specified'
62
+ !@value && "Not Specified"
63
63
  find_range(SCALE_NONE_LOW_MED_HIGH, :stix)
64
64
  end
65
65
 
@@ -99,8 +99,8 @@ module Stix2
99
99
  private
100
100
 
101
101
  def find_range(constant, type)
102
- !@value || 'Not Specified'
103
- constant.find{ |k,v| k.cover?(@value) }.last[type]
102
+ !@value || "Not Specified"
103
+ constant.find { |k, v| k.cover?(@value) }.last[type]
104
104
  end
105
105
  end
106
106
  end
@@ -6,12 +6,12 @@ module Stix2
6
6
 
7
7
  def initialize(options)
8
8
  Hashie.symbolize_keys!(options)
9
- raise('A CustomObject must have at least one property') if options[:type] && options.count == 1
10
- errors = Hash.new{ |k, v| k[v] = [] }
9
+ raise("A CustomObject must have at least one property") if options[:type] && options.count == 1
10
+ errors = Hash.new { |k, v| k[v] = [] }
11
11
  options.each do |key, value|
12
- errors['Too short'] << key if key != :id && key.size < 3
13
- errors['Invalid name'] << key if !key.match?(/^[a-z0-9_]*$/)
14
- errors['Too long'] << key if key.size > 250
12
+ errors["Too short"] << key if key != :id && key.size < 3
13
+ errors["Invalid name"] << key if !key.match?(/^[a-z0-9_]*$/)
14
+ errors["Too long"] << key if key.size > 250
15
15
  end
16
16
  raise("Error creating CustomObject: #{errors}") if !errors.empty?
17
17
  super(options)
@@ -4,7 +4,7 @@ module Stix2
4
4
  property :mime_type, coerce: String
5
5
  property :payload_bin, coerce: String
6
6
  property :url, coerce: String
7
- property :hashes, coerce: ->(hsh){ hash_dict(hsh) }
7
+ property :hashes, coerce: ->(hsh) { hash_dict(hsh) }
8
8
  property :encryption_algorithm, values: ENCRYPTION_ALGORITHM_ENUM
9
9
  property :decryption_key, coerce: String
10
10
  end
@@ -6,7 +6,7 @@ module Stix2
6
6
  property :ctime, coerce: Time
7
7
  property :mtime, coerce: Time
8
8
  property :atime, coerce: Time
9
- property :contains_refs, coerce: Array[Identifier]
9
+ property :contains_refs, coerce: [Identifier]
10
10
  end
11
11
  end
12
12
  end
@@ -2,7 +2,7 @@ module Stix2
2
2
  module CyberobservableObject
3
3
  class DomainName < Base
4
4
  property :value, required: true, coerce: String
5
- property :resolves_to_refs, coerce: Array[Identifier]
5
+ property :resolves_to_refs, coerce: [Identifier]
6
6
  end
7
7
  end
8
8
  end
@@ -1,20 +1,20 @@
1
1
  module Stix2
2
2
  module CyberobservableObject
3
3
  class EmailMessage < Base
4
- property :is_multipart, required: true, coerce: ->(value){ Stix2.to_bool(value) }
4
+ property :is_multipart, required: true, coerce: ->(value) { Stix2.to_bool(value) }
5
5
  property :date, coerce: Time
6
6
  property :content_type, coerce: String
7
7
  property :from_ref, coerce: Identifier
8
8
  property :sender_ref, coerce: Identifier
9
- property :to_refs, coerce: Array[Identifier]
10
- property :cc_refs, coerce: Array[Identifier]
11
- property :bcc_refs, coerce: Array[Identifier]
9
+ property :to_refs, coerce: [Identifier]
10
+ property :cc_refs, coerce: [Identifier]
11
+ property :bcc_refs, coerce: [Identifier]
12
12
  property :message_id, coerce: String
13
13
  property :subject, coerce: String
14
- property :received_lines, coerce: Array[String]
15
- property :additional_header_fields, coerce: Hash[String => String]
14
+ property :received_lines, coerce: [String]
15
+ property :additional_header_fields, coerce: {String => String}
16
16
  property :body, coerce: String
17
- property :body_multipart, coerce: Array[EmailMimePartType]
17
+ property :body_multipart, coerce: [EmailMimePartType]
18
18
  property :raw_email_ref, coerce: Identifier
19
19
  end
20
20
  end
@@ -1,7 +1,7 @@
1
1
  module Stix2
2
2
  module CyberobservableObject
3
3
  class File < Base
4
- property :hashes, coerce: ->(hsh){ hash_dict(hsh) }
4
+ property :hashes, coerce: ->(hsh) { hash_dict(hsh) }
5
5
  property :size, coerce: Integer
6
6
  property :name, coerce: String
7
7
  property :name_enc, coerce: String
@@ -11,7 +11,7 @@ module Stix2
11
11
  property :mtime, coerce: String
12
12
  property :atime, coerce: String
13
13
  property :parent_directory_ref, coerce: Identifier
14
- property :contains_refs, coerce: Array[Identifier]
14
+ property :contains_refs, coerce: [Identifier]
15
15
  property :content_ref, coerce: Identifier
16
16
  end
17
17
  end
@@ -1,11 +1,11 @@
1
- require 'ipaddr'
1
+ require "ipaddr"
2
2
 
3
3
  module Stix2
4
4
  module CyberobservableObject
5
5
  class Ipv4Addr < Base
6
- property :value, required: true, coerce: ->(v){ IPAddr.new(v, Socket::AF_INET).to_s }
7
- property :resolves_to_refs, coerce: Array[Identifier]
8
- property :resolves_to_refs, coerce: Array[Identifier]
6
+ property :value, required: true, coerce: ->(v) { IPAddr.new(v, Socket::AF_INET).to_s }
7
+ property :resolves_to_refs, coerce: [Identifier]
8
+ property :resolves_to_refs, coerce: [Identifier]
9
9
  end
10
10
  end
11
11
  end
@@ -1,11 +1,11 @@
1
- require 'ipaddr'
1
+ require "ipaddr"
2
2
 
3
3
  module Stix2
4
4
  module CyberobservableObject
5
5
  class Ipv6Addr < Base
6
- property :value, required: true, coerce: ->(v){ IPAddr.new(v, Socket::AF_INET6).to_s }
7
- property :resolves_to_refs, coerce: Array[Identifier]
8
- property :resolves_to_refs, coerce: Array[Identifier]
6
+ property :value, required: true, coerce: ->(v) { IPAddr.new(v, Socket::AF_INET6).to_s }
7
+ property :resolves_to_refs, coerce: [Identifier]
8
+ property :resolves_to_refs, coerce: [Identifier]
9
9
  end
10
10
  end
11
11
  end
@@ -3,12 +3,12 @@ module Stix2
3
3
  class NetworkTraffic < Base
4
4
  property :start, coerce: Time
5
5
  property :end, coerce: Time
6
- property :is_active, coerce: ->(v){ Stix2.to_bool(v) }
6
+ property :is_active, coerce: ->(v) { Stix2.to_bool(v) }
7
7
  property :src_ref, coerce: Identifier
8
8
  property :dst_ref, coerce: Identifier
9
9
  property :src_port, coerce: Integer
10
10
  property :dst_port, coerce: Integer
11
- property :protocols, required: true, coerce: Array[String]
11
+ property :protocols, required: true, coerce: [String]
12
12
  property :src_byte_count, coerce: Integer
13
13
  property :dst_byte_count, coerce: Integer
14
14
  property :src_packets, coerce: Integer
@@ -16,7 +16,7 @@ module Stix2
16
16
  property :ipfix, coerce: Hash
17
17
  property :src_payload_ref, coerce: Identifier
18
18
  property :dst_payload_ref, coerce: Identifier
19
- property :encapsulates_refs, coerce: Array[Identifier]
19
+ property :encapsulates_refs, coerce: [Identifier]
20
20
  property :encapsulated_by_ref, coerce: Identifier
21
21
  end
22
22
  end
@@ -1,17 +1,17 @@
1
1
  module Stix2
2
2
  module CyberobservableObject
3
3
  class Process < Base
4
- property :is_hidden, coerce: ->(value){ Stix2.to_bool(value) }
4
+ property :is_hidden, coerce: ->(value) { Stix2.to_bool(value) }
5
5
  property :pid, coerce: Integer
6
6
  property :created_time, coerce: Time
7
7
  property :cwd, coerce: String
8
8
  property :command_line, coerce: String
9
9
  property :environment_variables, coerce: Hash
10
- property :opened_connection_refs, coerce: Array[Identifier]
10
+ property :opened_connection_refs, coerce: [Identifier]
11
11
  property :creator_user_ref, coerce: Identifier
12
12
  property :image_ref, coerce: Identifier
13
13
  property :parent_ref, coerce: Identifier
14
- property :child_refs, coerce: Array[Identifier]
14
+ property :child_refs, coerce: [Identifier]
15
15
  end
16
16
  end
17
17
  end
@@ -4,7 +4,7 @@ module Stix2
4
4
  property :name, required: true, coerce: String
5
5
  property :cpe, coerce: String
6
6
  property :swid, coerce: String
7
- property :languages, coerce: Array[String]
7
+ property :languages, coerce: [String]
8
8
  property :vendor, coerce: String
9
9
  property :version, coerce: String
10
10
  end
@@ -6,10 +6,10 @@ module Stix2
6
6
  property :account_login, coerce: String
7
7
  property :account_type, values: ACCOUNT_TYPE_OV
8
8
  property :display_name, coerce: String
9
- property :is_service_account, coerce: ->(value){ Stix2.to_bool(value) }
10
- property :is_privileged, coerce: ->(value){ Stix2.to_bool(value) }
11
- property :can_escalate_privs, coerce: ->(value){ Stix2.to_bool(value) }
12
- property :is_disabled, coerce: ->(value){ Stix2.to_bool(value) }
9
+ property :is_service_account, coerce: ->(value) { Stix2.to_bool(value) }
10
+ property :is_privileged, coerce: ->(value) { Stix2.to_bool(value) }
11
+ property :can_escalate_privs, coerce: ->(value) { Stix2.to_bool(value) }
12
+ property :is_disabled, coerce: ->(value) { Stix2.to_bool(value) }
13
13
  property :account_created, coerce: Time
14
14
  property :account_expires, coerce: Time
15
15
  property :credential_last_changed, coerce: Time
@@ -1,10 +1,10 @@
1
- require 'stix2/cyberobservable_objects/x509_v3_extension_type'
1
+ require "stix2/cyberobservable_objects/x509_v3_extension_type"
2
2
 
3
3
  module Stix2
4
4
  module CyberobservableObject
5
5
  class X509Certificate < Base
6
- property :is_self_signed, coerce: ->(v){ Stix2.to_bool(v) }
7
- property :hashes, coerce: ->(hsh){ hash_dict(hsh) }
6
+ property :is_self_signed, coerce: ->(v) { Stix2.to_bool(v) }
7
+ property :hashes, coerce: ->(hsh) { hash_dict(hsh) }
8
8
  property :version, coerce: String
9
9
  property :serial_number, coerce: String
10
10
  property :signature_algorithm, coerce: String