ruby-stix2 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (70) hide show
  1. checksums.yaml +7 -0
  2. data/.github/workflows/build.yml +31 -0
  3. data/.gitignore +56 -0
  4. data/Gemfile +4 -0
  5. data/Gemfile.lock +43 -0
  6. data/LICENSE +339 -0
  7. data/README.md +116 -0
  8. data/Rakefile +8 -0
  9. data/lib/stix2/boolean.rb +18 -0
  10. data/lib/stix2/bundle.rb +7 -0
  11. data/lib/stix2/common.rb +62 -0
  12. data/lib/stix2/cyberobservable_objects/artifact.rb +12 -0
  13. data/lib/stix2/cyberobservable_objects/autonomous_system.rb +9 -0
  14. data/lib/stix2/cyberobservable_objects/base.rb +6 -0
  15. data/lib/stix2/cyberobservable_objects/directory.rb +12 -0
  16. data/lib/stix2/cyberobservable_objects/domain_name.rb +8 -0
  17. data/lib/stix2/cyberobservable_objects/email_addr.rb +9 -0
  18. data/lib/stix2/cyberobservable_objects/email_message.rb +21 -0
  19. data/lib/stix2/cyberobservable_objects/email_mime_part_type.rb +10 -0
  20. data/lib/stix2/cyberobservable_objects/file.rb +18 -0
  21. data/lib/stix2/cyberobservable_objects/ipv4_addr.rb +11 -0
  22. data/lib/stix2/cyberobservable_objects/ipv6_addr.rb +11 -0
  23. data/lib/stix2/cyberobservable_objects/mac_addr.rb +7 -0
  24. data/lib/stix2/cyberobservable_objects/mutex.rb +7 -0
  25. data/lib/stix2/cyberobservable_objects/network_traffic.rb +23 -0
  26. data/lib/stix2/cyberobservable_objects/software.rb +12 -0
  27. data/lib/stix2/cyberobservable_objects/url.rb +7 -0
  28. data/lib/stix2/cyberobservable_objects/user_account.rb +20 -0
  29. data/lib/stix2/cyberobservable_objects/windows_registry_key.rb +11 -0
  30. data/lib/stix2/cyberobservable_objects/windows_registry_value.rb +9 -0
  31. data/lib/stix2/cyberobservable_objects/x509_certificate.rb +19 -0
  32. data/lib/stix2/cyberobservable_objects/x509_v3_extension_type.rb +22 -0
  33. data/lib/stix2/domain_objects/attack_pattern.rb +12 -0
  34. data/lib/stix2/domain_objects/base.rb +6 -0
  35. data/lib/stix2/domain_objects/campaign.rb +12 -0
  36. data/lib/stix2/domain_objects/course_of_action.rb +9 -0
  37. data/lib/stix2/domain_objects/grouping.rb +10 -0
  38. data/lib/stix2/domain_objects/identity.rb +12 -0
  39. data/lib/stix2/domain_objects/indicator.rb +15 -0
  40. data/lib/stix2/domain_objects/infrastructure.rb +13 -0
  41. data/lib/stix2/domain_objects/intrusion-set.rb +15 -0
  42. data/lib/stix2/domain_objects/location.rb +17 -0
  43. data/lib/stix2/domain_objects/malware.rb +19 -0
  44. data/lib/stix2/domain_objects/malware_analysis.rb +22 -0
  45. data/lib/stix2/domain_objects/note.rb +10 -0
  46. data/lib/stix2/domain_objects/observed_data.rb +11 -0
  47. data/lib/stix2/domain_objects/opinion.rb +10 -0
  48. data/lib/stix2/domain_objects/report.rb +11 -0
  49. data/lib/stix2/domain_objects/threat_actor.rb +19 -0
  50. data/lib/stix2/domain_objects/tool.rb +12 -0
  51. data/lib/stix2/domain_objects/vulnerability.rb +8 -0
  52. data/lib/stix2/enum.rb +32 -0
  53. data/lib/stix2/external_reference.rb +13 -0
  54. data/lib/stix2/identifier.rb +18 -0
  55. data/lib/stix2/kill_chain_phase.rb +10 -0
  56. data/lib/stix2/meta_objects/base.rb +6 -0
  57. data/lib/stix2/meta_objects/data_markings/base.rb +11 -0
  58. data/lib/stix2/meta_objects/data_markings/granular_marking.rb +15 -0
  59. data/lib/stix2/meta_objects/data_markings/marking_definition.rb +19 -0
  60. data/lib/stix2/meta_objects/data_markings/object_marking.rb +22 -0
  61. data/lib/stix2/meta_objects/language_content.rb +9 -0
  62. data/lib/stix2/ov.rb +319 -0
  63. data/lib/stix2/relationship_objects/base.rb +6 -0
  64. data/lib/stix2/relationship_objects/relationship.rb +12 -0
  65. data/lib/stix2/relationship_objects/sighting.rb +14 -0
  66. data/lib/stix2/storage.rb +23 -0
  67. data/lib/stix2/version.rb +3 -0
  68. data/lib/stix2.rb +101 -0
  69. data/ruby-stix2.gemspec +27 -0
  70. metadata +208 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 123ddb57694307c96be2fbdf9a9d9f8c9ac55fbbbf35dc7f71c196aadad728b6
4
+ data.tar.gz: fff53b71f98c23069d7c3dd0da2a4ca3799f424a162f10629029361b0624800e
5
+ SHA512:
6
+ metadata.gz: e7aae57f5bf2b8415431df88dd2999ed85cfbf56f9f1634e750a0f00a53375c6dff96060ae96a4052eb2efca4471d38ac8244f1824f7f8f03df18ac883430517
7
+ data.tar.gz: 63a3575a2886265784846dccb94fe8e32f300ca4c3c8006311f27acb19c0dc3a87c792b2aa4530c73b5ce5e1a2fd8064a2bcf50c051778dd743e7f4fa6831d2a
@@ -0,0 +1,31 @@
1
+ name: Ruby Gem
2
+
3
+ on:
4
+ push:
5
+ branches: '**'
6
+
7
+ jobs:
8
+ build:
9
+ name: Build
10
+ strategy:
11
+ matrix:
12
+ os: [ubuntu-latest, windows-latest]
13
+ ruby: ['2.7', '3.0', '3.1', head]
14
+ runs-on: ${{ matrix.os }}
15
+ permissions: write-all
16
+ steps:
17
+ - uses: actions/checkout@v3
18
+ - name: Set up Ruby
19
+ uses: ruby/setup-ruby@v1
20
+ with:
21
+ ruby-version: ${{ matrix.ruby }}
22
+ bundler: latest
23
+ - run: bundle
24
+ - run: bundle exec rake test
25
+ - name: SimpleCov Ruby ${{ matrix.ruby }}
26
+ uses: joshmfrankel/simplecov-check-action@main
27
+ if: ${{ matrix.os == 'ubuntu-latest' && matrix.ruby == '3.1' }}
28
+ with:
29
+ github_token: ${{ secrets.GITHUB_TOKEN }}
30
+ check_job_name: SimpleCov ${{ matrix.ruby }}
31
+ - run: bundle exec gem build
data/.gitignore ADDED
@@ -0,0 +1,56 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ # Used by dotenv library to load environment variables.
14
+ # .env
15
+
16
+ # Ignore Byebug command history file.
17
+ .byebug_history
18
+
19
+ ## Specific to RubyMotion:
20
+ .dat*
21
+ .repl_history
22
+ build/
23
+ *.bridgesupport
24
+ build-iPhoneOS/
25
+ build-iPhoneSimulator/
26
+
27
+ ## Specific to RubyMotion (use of CocoaPods):
28
+ #
29
+ # We recommend against adding the Pods directory to your .gitignore. However
30
+ # you should judge for yourself, the pros and cons are mentioned at:
31
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
32
+ #
33
+ # vendor/Pods/
34
+
35
+ ## Documentation cache and generated files:
36
+ /.yardoc/
37
+ /_yardoc/
38
+ /doc/
39
+ /rdoc/
40
+
41
+ ## Environment normalization:
42
+ /.bundle/
43
+ /vendor/bundle
44
+ /lib/bundler/man/
45
+
46
+ # for a library or gem, you might want to ignore these files since the code is
47
+ # intended to run in multiple environments; otherwise, check them in:
48
+ # Gemfile.lock
49
+ # .ruby-version
50
+ # .ruby-gemset
51
+
52
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
53
+ .rvmrc
54
+
55
+ # Used by RuboCop. Remote config files pulled in from inherit_from directive.
56
+ # .rubocop-https?--*
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in ruby-taxii.gemspec
4
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,43 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ ruby-stix2 (0.1.0)
5
+ hashie (~> 5.0.0)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ byebug (11.1.3)
11
+ coderay (1.1.3)
12
+ docile (1.4.0)
13
+ hashie (5.0.0)
14
+ method_source (1.0.0)
15
+ minitest (5.18.1)
16
+ pry (0.13.1)
17
+ coderay (~> 1.1)
18
+ method_source (~> 1.0)
19
+ pry-byebug (3.10.1)
20
+ byebug (~> 11.0)
21
+ pry (>= 0.13, < 0.15)
22
+ rake (13.0.6)
23
+ simplecov (0.22.0)
24
+ docile (~> 1.1)
25
+ simplecov-html (~> 0.11)
26
+ simplecov_json_formatter (~> 0.1)
27
+ simplecov-html (0.12.3)
28
+ simplecov_json_formatter (0.1.4)
29
+
30
+ PLATFORMS
31
+ x86_64-linux
32
+
33
+ DEPENDENCIES
34
+ bundler (~> 2.3)
35
+ minitest (~> 5.18.1)
36
+ pry (~> 0.13.0)
37
+ pry-byebug (~> 3.10.1)
38
+ rake (~> 13.0)
39
+ ruby-stix2!
40
+ simplecov (~> 0.22.0)
41
+
42
+ BUNDLED WITH
43
+ 2.3.26
data/LICENSE ADDED
@@ -0,0 +1,339 @@
1
+ GNU GENERAL PUBLIC LICENSE
2
+ Version 2, June 1991
3
+
4
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6
+ Everyone is permitted to copy and distribute verbatim copies
7
+ of this license document, but changing it is not allowed.
8
+
9
+ Preamble
10
+
11
+ The licenses for most software are designed to take away your
12
+ freedom to share and change it. By contrast, the GNU General Public
13
+ License is intended to guarantee your freedom to share and change free
14
+ software--to make sure the software is free for all its users. This
15
+ General Public License applies to most of the Free Software
16
+ Foundation's software and to any other program whose authors commit to
17
+ using it. (Some other Free Software Foundation software is covered by
18
+ the GNU Lesser General Public License instead.) You can apply it to
19
+ your programs, too.
20
+
21
+ When we speak of free software, we are referring to freedom, not
22
+ price. Our General Public Licenses are designed to make sure that you
23
+ have the freedom to distribute copies of free software (and charge for
24
+ this service if you wish), that you receive source code or can get it
25
+ if you want it, that you can change the software or use pieces of it
26
+ in new free programs; and that you know you can do these things.
27
+
28
+ To protect your rights, we need to make restrictions that forbid
29
+ anyone to deny you these rights or to ask you to surrender the rights.
30
+ These restrictions translate to certain responsibilities for you if you
31
+ distribute copies of the software, or if you modify it.
32
+
33
+ For example, if you distribute copies of such a program, whether
34
+ gratis or for a fee, you must give the recipients all the rights that
35
+ you have. You must make sure that they, too, receive or can get the
36
+ source code. And you must show them these terms so they know their
37
+ rights.
38
+
39
+ We protect your rights with two steps: (1) copyright the software, and
40
+ (2) offer you this license which gives you legal permission to copy,
41
+ distribute and/or modify the software.
42
+
43
+ Also, for each author's protection and ours, we want to make certain
44
+ that everyone understands that there is no warranty for this free
45
+ software. If the software is modified by someone else and passed on, we
46
+ want its recipients to know that what they have is not the original, so
47
+ that any problems introduced by others will not reflect on the original
48
+ authors' reputations.
49
+
50
+ Finally, any free program is threatened constantly by software
51
+ patents. We wish to avoid the danger that redistributors of a free
52
+ program will individually obtain patent licenses, in effect making the
53
+ program proprietary. To prevent this, we have made it clear that any
54
+ patent must be licensed for everyone's free use or not licensed at all.
55
+
56
+ The precise terms and conditions for copying, distribution and
57
+ modification follow.
58
+
59
+ GNU GENERAL PUBLIC LICENSE
60
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61
+
62
+ 0. This License applies to any program or other work which contains
63
+ a notice placed by the copyright holder saying it may be distributed
64
+ under the terms of this General Public License. The "Program", below,
65
+ refers to any such program or work, and a "work based on the Program"
66
+ means either the Program or any derivative work under copyright law:
67
+ that is to say, a work containing the Program or a portion of it,
68
+ either verbatim or with modifications and/or translated into another
69
+ language. (Hereinafter, translation is included without limitation in
70
+ the term "modification".) Each licensee is addressed as "you".
71
+
72
+ Activities other than copying, distribution and modification are not
73
+ covered by this License; they are outside its scope. The act of
74
+ running the Program is not restricted, and the output from the Program
75
+ is covered only if its contents constitute a work based on the
76
+ Program (independent of having been made by running the Program).
77
+ Whether that is true depends on what the Program does.
78
+
79
+ 1. You may copy and distribute verbatim copies of the Program's
80
+ source code as you receive it, in any medium, provided that you
81
+ conspicuously and appropriately publish on each copy an appropriate
82
+ copyright notice and disclaimer of warranty; keep intact all the
83
+ notices that refer to this License and to the absence of any warranty;
84
+ and give any other recipients of the Program a copy of this License
85
+ along with the Program.
86
+
87
+ You may charge a fee for the physical act of transferring a copy, and
88
+ you may at your option offer warranty protection in exchange for a fee.
89
+
90
+ 2. You may modify your copy or copies of the Program or any portion
91
+ of it, thus forming a work based on the Program, and copy and
92
+ distribute such modifications or work under the terms of Section 1
93
+ above, provided that you also meet all of these conditions:
94
+
95
+ a) You must cause the modified files to carry prominent notices
96
+ stating that you changed the files and the date of any change.
97
+
98
+ b) You must cause any work that you distribute or publish, that in
99
+ whole or in part contains or is derived from the Program or any
100
+ part thereof, to be licensed as a whole at no charge to all third
101
+ parties under the terms of this License.
102
+
103
+ c) If the modified program normally reads commands interactively
104
+ when run, you must cause it, when started running for such
105
+ interactive use in the most ordinary way, to print or display an
106
+ announcement including an appropriate copyright notice and a
107
+ notice that there is no warranty (or else, saying that you provide
108
+ a warranty) and that users may redistribute the program under
109
+ these conditions, and telling the user how to view a copy of this
110
+ License. (Exception: if the Program itself is interactive but
111
+ does not normally print such an announcement, your work based on
112
+ the Program is not required to print an announcement.)
113
+
114
+ These requirements apply to the modified work as a whole. If
115
+ identifiable sections of that work are not derived from the Program,
116
+ and can be reasonably considered independent and separate works in
117
+ themselves, then this License, and its terms, do not apply to those
118
+ sections when you distribute them as separate works. But when you
119
+ distribute the same sections as part of a whole which is a work based
120
+ on the Program, the distribution of the whole must be on the terms of
121
+ this License, whose permissions for other licensees extend to the
122
+ entire whole, and thus to each and every part regardless of who wrote it.
123
+
124
+ Thus, it is not the intent of this section to claim rights or contest
125
+ your rights to work written entirely by you; rather, the intent is to
126
+ exercise the right to control the distribution of derivative or
127
+ collective works based on the Program.
128
+
129
+ In addition, mere aggregation of another work not based on the Program
130
+ with the Program (or with a work based on the Program) on a volume of
131
+ a storage or distribution medium does not bring the other work under
132
+ the scope of this License.
133
+
134
+ 3. You may copy and distribute the Program (or a work based on it,
135
+ under Section 2) in object code or executable form under the terms of
136
+ Sections 1 and 2 above provided that you also do one of the following:
137
+
138
+ a) Accompany it with the complete corresponding machine-readable
139
+ source code, which must be distributed under the terms of Sections
140
+ 1 and 2 above on a medium customarily used for software interchange; or,
141
+
142
+ b) Accompany it with a written offer, valid for at least three
143
+ years, to give any third party, for a charge no more than your
144
+ cost of physically performing source distribution, a complete
145
+ machine-readable copy of the corresponding source code, to be
146
+ distributed under the terms of Sections 1 and 2 above on a medium
147
+ customarily used for software interchange; or,
148
+
149
+ c) Accompany it with the information you received as to the offer
150
+ to distribute corresponding source code. (This alternative is
151
+ allowed only for noncommercial distribution and only if you
152
+ received the program in object code or executable form with such
153
+ an offer, in accord with Subsection b above.)
154
+
155
+ The source code for a work means the preferred form of the work for
156
+ making modifications to it. For an executable work, complete source
157
+ code means all the source code for all modules it contains, plus any
158
+ associated interface definition files, plus the scripts used to
159
+ control compilation and installation of the executable. However, as a
160
+ special exception, the source code distributed need not include
161
+ anything that is normally distributed (in either source or binary
162
+ form) with the major components (compiler, kernel, and so on) of the
163
+ operating system on which the executable runs, unless that component
164
+ itself accompanies the executable.
165
+
166
+ If distribution of executable or object code is made by offering
167
+ access to copy from a designated place, then offering equivalent
168
+ access to copy the source code from the same place counts as
169
+ distribution of the source code, even though third parties are not
170
+ compelled to copy the source along with the object code.
171
+
172
+ 4. You may not copy, modify, sublicense, or distribute the Program
173
+ except as expressly provided under this License. Any attempt
174
+ otherwise to copy, modify, sublicense or distribute the Program is
175
+ void, and will automatically terminate your rights under this License.
176
+ However, parties who have received copies, or rights, from you under
177
+ this License will not have their licenses terminated so long as such
178
+ parties remain in full compliance.
179
+
180
+ 5. You are not required to accept this License, since you have not
181
+ signed it. However, nothing else grants you permission to modify or
182
+ distribute the Program or its derivative works. These actions are
183
+ prohibited by law if you do not accept this License. Therefore, by
184
+ modifying or distributing the Program (or any work based on the
185
+ Program), you indicate your acceptance of this License to do so, and
186
+ all its terms and conditions for copying, distributing or modifying
187
+ the Program or works based on it.
188
+
189
+ 6. Each time you redistribute the Program (or any work based on the
190
+ Program), the recipient automatically receives a license from the
191
+ original licensor to copy, distribute or modify the Program subject to
192
+ these terms and conditions. You may not impose any further
193
+ restrictions on the recipients' exercise of the rights granted herein.
194
+ You are not responsible for enforcing compliance by third parties to
195
+ this License.
196
+
197
+ 7. If, as a consequence of a court judgment or allegation of patent
198
+ infringement or for any other reason (not limited to patent issues),
199
+ conditions are imposed on you (whether by court order, agreement or
200
+ otherwise) that contradict the conditions of this License, they do not
201
+ excuse you from the conditions of this License. If you cannot
202
+ distribute so as to satisfy simultaneously your obligations under this
203
+ License and any other pertinent obligations, then as a consequence you
204
+ may not distribute the Program at all. For example, if a patent
205
+ license would not permit royalty-free redistribution of the Program by
206
+ all those who receive copies directly or indirectly through you, then
207
+ the only way you could satisfy both it and this License would be to
208
+ refrain entirely from distribution of the Program.
209
+
210
+ If any portion of this section is held invalid or unenforceable under
211
+ any particular circumstance, the balance of the section is intended to
212
+ apply and the section as a whole is intended to apply in other
213
+ circumstances.
214
+
215
+ It is not the purpose of this section to induce you to infringe any
216
+ patents or other property right claims or to contest validity of any
217
+ such claims; this section has the sole purpose of protecting the
218
+ integrity of the free software distribution system, which is
219
+ implemented by public license practices. Many people have made
220
+ generous contributions to the wide range of software distributed
221
+ through that system in reliance on consistent application of that
222
+ system; it is up to the author/donor to decide if he or she is willing
223
+ to distribute software through any other system and a licensee cannot
224
+ impose that choice.
225
+
226
+ This section is intended to make thoroughly clear what is believed to
227
+ be a consequence of the rest of this License.
228
+
229
+ 8. If the distribution and/or use of the Program is restricted in
230
+ certain countries either by patents or by copyrighted interfaces, the
231
+ original copyright holder who places the Program under this License
232
+ may add an explicit geographical distribution limitation excluding
233
+ those countries, so that distribution is permitted only in or among
234
+ countries not thus excluded. In such case, this License incorporates
235
+ the limitation as if written in the body of this License.
236
+
237
+ 9. The Free Software Foundation may publish revised and/or new versions
238
+ of the General Public License from time to time. Such new versions will
239
+ be similar in spirit to the present version, but may differ in detail to
240
+ address new problems or concerns.
241
+
242
+ Each version is given a distinguishing version number. If the Program
243
+ specifies a version number of this License which applies to it and "any
244
+ later version", you have the option of following the terms and conditions
245
+ either of that version or of any later version published by the Free
246
+ Software Foundation. If the Program does not specify a version number of
247
+ this License, you may choose any version ever published by the Free Software
248
+ Foundation.
249
+
250
+ 10. If you wish to incorporate parts of the Program into other free
251
+ programs whose distribution conditions are different, write to the author
252
+ to ask for permission. For software which is copyrighted by the Free
253
+ Software Foundation, write to the Free Software Foundation; we sometimes
254
+ make exceptions for this. Our decision will be guided by the two goals
255
+ of preserving the free status of all derivatives of our free software and
256
+ of promoting the sharing and reuse of software generally.
257
+
258
+ NO WARRANTY
259
+
260
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261
+ FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
262
+ OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263
+ PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264
+ OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265
+ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
266
+ TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
267
+ PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268
+ REPAIR OR CORRECTION.
269
+
270
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271
+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272
+ REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273
+ INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274
+ OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275
+ TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276
+ YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277
+ PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278
+ POSSIBILITY OF SUCH DAMAGES.
279
+
280
+ END OF TERMS AND CONDITIONS
281
+
282
+ How to Apply These Terms to Your New Programs
283
+
284
+ If you develop a new program, and you want it to be of the greatest
285
+ possible use to the public, the best way to achieve this is to make it
286
+ free software which everyone can redistribute and change under these terms.
287
+
288
+ To do so, attach the following notices to the program. It is safest
289
+ to attach them to the start of each source file to most effectively
290
+ convey the exclusion of warranty; and each file should have at least
291
+ the "copyright" line and a pointer to where the full notice is found.
292
+
293
+ <one line to give the program's name and a brief idea of what it does.>
294
+ Copyright (C) <year> <name of author>
295
+
296
+ This program is free software; you can redistribute it and/or modify
297
+ it under the terms of the GNU General Public License as published by
298
+ the Free Software Foundation; either version 2 of the License, or
299
+ (at your option) any later version.
300
+
301
+ This program is distributed in the hope that it will be useful,
302
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
303
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304
+ GNU General Public License for more details.
305
+
306
+ You should have received a copy of the GNU General Public License along
307
+ with this program; if not, write to the Free Software Foundation, Inc.,
308
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309
+
310
+ Also add information on how to contact you by electronic and paper mail.
311
+
312
+ If the program is interactive, make it output a short notice like this
313
+ when it starts in an interactive mode:
314
+
315
+ Gnomovision version 69, Copyright (C) year name of author
316
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317
+ This is free software, and you are welcome to redistribute it
318
+ under certain conditions; type `show c' for details.
319
+
320
+ The hypothetical commands `show w' and `show c' should show the appropriate
321
+ parts of the General Public License. Of course, the commands you use may
322
+ be called something other than `show w' and `show c'; they could even be
323
+ mouse-clicks or menu items--whatever suits your program.
324
+
325
+ You should also get your employer (if you work as a programmer) or your
326
+ school, if any, to sign a "copyright disclaimer" for the program, if
327
+ necessary. Here is a sample; alter the names:
328
+
329
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
331
+
332
+ <signature of Ty Coon>, 1 April 1989
333
+ Ty Coon, President of Vice
334
+
335
+ This General Public License does not permit incorporating your program into
336
+ proprietary programs. If your program is a subroutine library, you may
337
+ consider it more useful to permit linking proprietary applications with the
338
+ library. If this is what you want to do, use the GNU Lesser General
339
+ Public License instead of this License.
data/README.md ADDED
@@ -0,0 +1,116 @@
1
+ # ruby-stix2
2
+ Ruby implementation for the STIX protocol version 2
3
+
4
+ # Installation
5
+
6
+ Install the gem as standalone
7
+
8
+ ```
9
+ gem install ruby-stix2
10
+ ```
11
+
12
+ or as part of the bundle
13
+
14
+ ```
15
+ bundle add typhoeus
16
+ ```
17
+
18
+ # Usage
19
+
20
+ The gem implements the Stix2 v2.1 specifications: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html. Every object
21
+ is under the Stix2 namespace, and under a more specific namespace.
22
+
23
+ Example
24
+
25
+ ```ruby
26
+ Stix2::DomainObject::Indicator.new(
27
+ type: 'indicator',
28
+ id: 'file--1389b98d-a3d3-5190-a996-716fd444059a',
29
+ description: 'description',
30
+ indicator_types: ['anomalous-activity', 'anonymization'],
31
+ pattern: 'pattern',
32
+ pattern_type: 'yara',
33
+ pattern_version: 1,
34
+ valid_from: Time.now,
35
+ valid_until: Time.now,
36
+ kill_chain_phases: [
37
+ {
38
+ kill_chain_name: "lockheed-martin-cyber-kill-chain",
39
+ phase_name: "reconnaissance"
40
+ },
41
+ {
42
+ kill_chain_name: "foo",
43
+ phase_name: "pre-attack"
44
+ }
45
+ ]
46
+ )
47
+ ```
48
+
49
+ The real objects can be created just starting from properties. However a `Stix2.parse` complimentary function is provided. This function gives the user few advantages, listed below.
50
+
51
+ ## Parse input
52
+
53
+ The function accept a `Hash` (containing the attributes), a string (containing a JSON, on which `JSON.parse` is
54
+ executed). If the input is not hash or string, the function tries to run `to_s` on the object and then JSON.parse.
55
+
56
+ ```ruby
57
+ Stix2.parse(type: 'indicator')
58
+ Stix2.parse('type' => 'indicator')
59
+ Stix2.parse('{"type":"indicator"}')
60
+ Stix2.parse(MyObject.new(...))
61
+ ```
62
+
63
+ ## Return
64
+
65
+ The function infers the `type` attribute of the input and determines which is the proper instance to create. This
66
+ results in a fancy way of processing Stix2 input: basically give whatever you have to it and you will get the proper
67
+ Stix2 message.
68
+
69
+ # Storage
70
+
71
+ The Stix2 standard has several object types, some of which are containers of other objects (like `Bundle`). However we
72
+ may want to save and retrieve Stix2 objects in a fast way. The gem provides a `storage` support for that.
73
+
74
+ For any Stix2 attribute that is an `identifier` (`Stix2::Identifier` in the gem) the class gives one more method called
75
+ `_instance` to retrieve the actual instance. If we have a `threat-actor` like this
76
+
77
+ ```json
78
+ {
79
+ "type": "threat-actor",
80
+ "spec_version": "2.1",
81
+ "id": "threat-actor--8e2e2d2b-17d4-4cbf-938f-98ee46b3cd3f",
82
+ "created_by_ref": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
83
+ "created": "2016-04-06T20:03:48.000Z",
84
+ "modified": "2016-04-06T20:03:48.000Z",
85
+ "threat_actor_types": ["crime-syndicate"],
86
+ "name": "Evil Org",
87
+ "description": "The Evil Org threat actor group",
88
+ "aliases": ["Syndicate 1", "Evil Syndicate 99"],
89
+ "roles": ["director"],
90
+ "goals": ["Steal bank money", "Steal credit cards"],
91
+ "sophistication": "advanced",
92
+ "resource_level": "team",
93
+ "primary_motivation": "organizational-gain"
94
+ }
95
+ ```
96
+
97
+ we know that this object has been created by an identity `identity--f431f809-377b-45e0-aa1c-6a4751cae5ff`. We can
98
+ retrieve the other object if already seen
99
+
100
+ ```ruby
101
+ Stix2.storage_activate # Activate the storage
102
+
103
+ identity = Stix2::DomainObject::Identity.new(id: 'identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', ...)
104
+ threat_actor = Stix2::DomainObject::ThreatActor.new(created_by_ref: 'identity--f431f809-377b-45e0-aa1c-6a4751cae5ff', ...)
105
+
106
+ threat_actor.created_by_ref # this gives the identifier => identity--f431f809-377b-45e0-aa1c-6a4751cae5ff
107
+ threat_actor.created_by_ref_instance # this gives the actual object => Stix2::DomainObject::Identity
108
+ ```
109
+
110
+ # Contribution
111
+
112
+ You can contribute to this project in 2 ways:
113
+
114
+ - with a PR: just follow the standard github workflow
115
+ - by pointing out missing support: open an issue and please provide a json containing the missing support, to simplify
116
+ the development
data/Rakefile ADDED
@@ -0,0 +1,8 @@
1
+ require "rake/testtask"
2
+
3
+ Rake::TestTask.new do |t|
4
+ t.libs << "test"
5
+ end
6
+
7
+ desc "Run tests"
8
+ task default: :test
@@ -0,0 +1,18 @@
1
+ module Stix2
2
+ class Boolean
3
+ def initialize(value)
4
+ case value
5
+ when String
6
+ @value = !!(value =~ /\A(true|t|yes|y|1)\z/i)
7
+ when Numeric
8
+ @value = !value.to_i.zero?
9
+ else
10
+ @value = (value == true)
11
+ end
12
+ end
13
+
14
+ def method_missing(m, *args, &block)
15
+ @value.send(m, *args, &block)
16
+ end
17
+ end
18
+ end
@@ -0,0 +1,7 @@
1
+ module Stix2
2
+ class Bundle < Stix2::Common
3
+ property :type, required: true, coerce: String
4
+ property :id, coerce: String
5
+ property :objects, coerce: ->(values){ values.map{ Stix2.parse(_1) } }
6
+ end
7
+ end