ruby-stix2 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1325e9bc73496954969bda48fbd2a096c63be31098e6207d72c8260e23a5118f
-  data.tar.gz: d3e59d85404608530150a0fce245f79a0de28598f0daa14bc68e96c598d623e9
+  metadata.gz: 67b0f8e82189d6f2afd28eeb4102d31a43be91ced1e7f465bee8d78d29a12241
+  data.tar.gz: 36d6920a1266d271daea0a38279d2236822d44272479cb739d711ed240f95c80
 SHA512:
-  metadata.gz: 4fa484ea080ce69d832a71fc45c27dc081385f769895fbbf345ef1eb81109982fa5b1b4bb187b1da6104dc1ee37acf75183164b2b11160609cb607db1c4976d7
-  data.tar.gz: 68ca00c8308ca9d3fd1b978ecd0525d81f169f4b85d21b03eef9ead386e7f0d4228a594755b442c77ea9c1f6ef1b4bf673c47834e71171fad725853cf30c9dca
+  metadata.gz: 5c26a394daae1a60380a6133efe29b1b7129b2c989a8ddc96639fb7059f81af4890551ab2762719c2f9f3a0198cae822b7bbfba8ce76f1a8e5c9d6b30a6abb64
+  data.tar.gz: 97d00572bdefaf35f055c5bab2d9840cd2f745a7a5489e11a0c18b793b2af71e320adcc0d4feee31bcef4588f01b067e58e10dd56d999b75fe6cdb5a80f5808a

data/.github/workflows/build.yml

@@ -9,7 +9,7 @@ jobs:
     name: Build
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest]
+        os: [ubuntu-latest, windows-latest, macos-latest]
         ruby: ['3.0', '3.1', '3.2', '3.3', head]
     runs-on: ${{ matrix.os }}
     permissions: write-all
@@ -23,6 +23,7 @@ jobs:
     - run: bundle
     - run: bundle exec rake test
     - run: bundle exec standardrb
+      if: ${{ matrix.ruby != 'head' }}
     - name: SimpleCov Ruby ${{ matrix.ruby }}
       uses: joshmfrankel/simplecov-check-action@main
       if: ${{ matrix.os == 'ubuntu-latest' && matrix.ruby == '3.2' }}

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    ruby-stix2 (0.1.3)
+    ruby-stix2 (0.1.4)
       hashie (~> 5.0.0)
 
 GEM
@@ -18,9 +18,11 @@ GEM
     json (2.7.2)
     language_server-protocol (3.17.0.3)
     lint_roller (1.1.0)
+    logger (1.6.5)
     method_source (1.0.0)
     minitest (5.18.1)
     mutex_m (0.2.0)
+    ostruct (0.6.1)
     parallel (1.24.0)
     parser (3.3.0.5)
       ast (~> 2.4.1)
@@ -83,8 +85,10 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 2.3)
   irb (~> 1.7.0)
+  logger (~> 1.6.5)
   minitest (~> 5.18.1)
   mutex_m (~> 0.2.0)
+  ostruct (~> 0.6.1)
   pry (~> 0.13.0)
   pry-byebug (~> 3.10.1)
   rake (~> 13.0)

data/README.md

@@ -159,4 +159,4 @@ the development
 
 # See also
 
-Ruby Stix2: https://github.com/crondaemon/ruby-taxii2
+Ruby Taxii2: https://github.com/crondaemon/ruby-taxii2

data/lib/stix2/bool.rb

@@ -0,0 +1,5 @@
+module Stix2
+  def self.bool
+    ->(value) { (value == true) || (value == "true") }
+  end
+end

data/lib/stix2/bundle.rb

@@ -3,7 +3,7 @@ module Stix2
     property :type, required: true, coerce: String
     property :objects, coerce: ->(array) do
       array.all? do |element|
-        element.is_a?(::Stix2::Common) || Stix2.parse(element).is_a?(::Stix2::Common) || raise("Invalid Object")
+        element.is_a?(::Stix2::Common) || Stix2.parse(element).is_a?(::Stix2::Common)
       end && array
     end
   end

data/lib/stix2/common.rb

@@ -12,36 +12,26 @@ module Stix2
     property :created_by_ref, coerce: Identifier
     property :created, coerce: Time
     property :modified, coerce: Time
-    property :revoked, coerce: ->(value) { Stix2.to_bool(value) }
+    property :revoked, coerce: Stix2.bool
     property :labels, coerce: [String]
-    property :confidence, coerce: ->(value) {
-                                    int = Integer(value)
-                                    [0..100].include?(int)
-                                    int
-                                  }
+    property :confidence, coerce: Integer
     property :lang, coerce: String
     property :external_references, coerce: [ExternalReference]
     property :object_marking_refs, coerce: [Stix2::MetaObject::DataMarking::ObjectMarking]
     property :granular_markings, coerce: [MetaObject::DataMarking::GranularMarking]
-    property :defanged, coerce: ->(value) { Stix2.to_bool(value) }
+    property :defanged, coerce: Stix2.bool
     property :extensions, coerce: Hash
 
     def initialize(options = {})
-      Hashie.symbolize_keys!(options)
-      type = to_dash(self.class.name.split("::").last)
-      if options[:type]
-        if !options[:type].start_with?("x-") && options[:type] != type
-          raise("Property 'type' must be '#{type}'")
-        end
-      else
-        options[:type] = type
-      end
-
-      options[:id] ||= "#{type}--#{SecureRandom.uuid}"
-
+      options_ = options.dup
+      Hashie.symbolize_keys!(options_)
+      set_strict(options_)
+      guess_type(options_)
+      autogenerate_id(options_)
       process_toplevel_property_extension(options[:extensions])
-      super(options)
-      process_extensions(options)
+      super(options_)
+      process_extensions(options_)
+      validate_confidence! if @strict
       Stix2::Storage.add(self)
     end
 
@@ -54,9 +44,8 @@ module Stix2
       end
       # Retrieve the original method
       ref_method = m.to_s.gsub(/_instance$/, "")
-      obj = send(ref_method)
-      raise("Can't get a Stix2::Identifier from #{ref_method}") if !obj.is_a?(Stix2::Identifier)
-      Stix2::Storage.find(obj)
+      obj_id = public_send(ref_method)
+      Stix2::Storage.find(obj_id)
     end
 
     def respond_to_missing?(method_name, include_private = false)
@@ -69,22 +58,35 @@ module Stix2
 
     private
 
-    def to_dash(string)
-      string.gsub(/[[:upper:]]/) { "-#{$&.downcase}" }[1..]
+    def set_strict(options_)
+      @strict = options_.fetch(:strict, false)
+      options_.delete(:strict)
+    end
+
+    def guess_type(options)
+      type = to_dash(self.class.name.split("::").last)
+      if options[:type]
+        if !options[:type].start_with?("x-") && options[:type] != type
+          raise(Exception::BadType.new(type))
+        end
+      else
+        options[:type] = type
+      end
+    end
+
+    def validate_confidence!
+      return if !confidence
+      valid_range = (0..100)
+      valid_range.include?(confidence) || raise(Exception::InvalidRange.new(valid_range, confidence))
     end
 
-    def self.validate_array(list, valid_values)
-      excess = (Array(list).map(&:to_s) - valid_values.map(&:to_s))
-      excess.empty? || raise("Invalid values: #{excess}")
-      list
+    def autogenerate_id(options)
+      options[:id] ||= "#{options[:type]}--#{SecureRandom.uuid}"
     end
-    private_class_method :validate_array
 
-    def self.hash_dict(hsh)
-      validate_array(hsh.keys, HASH_ALGORITHM_OV)
-      hsh
+    def to_dash(string)
+      string.gsub(/[[:upper:]]/) { "-#{$&.downcase}" }[1..]
     end
-    private_class_method :hash_dict
 
     def process_toplevel_property_extension(extensions)
       extension_definition = extensions&.find { |key, val| key.to_s.start_with?("extension-definition") }
@@ -93,7 +95,7 @@ module Stix2
       id = extension_definition.first
       type = extension_definition.last[:extension_type]
       if type == "toplevel-property-extension"
-        Stix2::Storage.active? || raise("Stix.storage must be active to use toplevel-property-extension")
+        Stix2::Storage.active? || raise(Exception::StorageInactive.new)
         ext = Stix2::Storage.find(id)
         ext.extension_properties.each do |prop|
           self.class.class_eval do
@@ -107,7 +109,7 @@ module Stix2
       options[:extensions]&.each do |id, value|
         case id.to_s
         when /[A-Z]/
-          raise("Invalid extension name format.")
+          raise(Exception::InvalidExtensionNameFormat.new(id))
         when "archive-ext"
           extensions[id] = Stix2::Extensions::ArchiveFile.new(value)
         when /^extension-definition/
@@ -136,7 +138,7 @@ module Stix2
           extensions[id] = Stix2::Extensions::WindowsPebinary.new(value)
         else
           # Ensure we have a hash
-          value.is_a?(Hash) || raise("Custom extension must be Hash: #{value}")
+          value.is_a?(Hash) || raise(Exception::CustomExtensionFormat.new(value))
         end
       end
     end

data/lib/stix2/custom_object.rb

@@ -1,20 +1,24 @@
+require "rubygems"
+
 module Stix2
   class CustomObject < Stix2::Common
-    include Hashie::Extensions::IgnoreUndeclared
+    class << self
+      extend Gem::Deprecate
+      deprecate :new, "Stix2::ExtensionDefinition.new", 2025, 1
+    end
 
-    property :id, coerce: Identifier
+    def initialize(attributes = {})
+      attributes.each_key do |attribute|
+        self.class.property(attribute) unless self.class.property?(attribute)
+      end
 
-    def initialize(options)
-      Hashie.symbolize_keys!(options)
-      raise("A CustomObject must have at least one property") if options[:type] && options.count == 1
-      errors = Hash.new { |k, v| k[v] = [] }
-      options.each do |key, value|
-        errors["Too short"] << key if key != :id && key.size < 3
-        errors["Invalid name"] << key if !key.match?(/^[a-z0-9_]*$/)
-        errors["Too long"] << key if key.size > 250
+      super
+      h = to_hash
+      h.each do |property, value|
+        next if property == "id"
+        raise(Exception::PropertyInvalidSize.new(property)) if property.size < 3 || property.size > 250
+        raise(Exception::PropertyInvalidName.new(property)) if !property.match?(/^[a-z0-9_]*$/)
       end
-      raise("Error creating CustomObject: #{errors}") if !errors.empty?
-      super(options)
     end
   end
 end

data/lib/stix2/cyberobservable_objects/artifact.rb

@@ -4,9 +4,20 @@ module Stix2
       property :mime_type, coerce: String
       property :payload_bin, coerce: String
       property :url, coerce: String
-      property :hashes, coerce: ->(hsh) { hash_dict(hsh) }
+      property :hashes, coerce: Hash
       property :encryption_algorithm, values: ENCRYPTION_ALGORITHM_ENUM
       property :decryption_key, coerce: String
+
+      def initialize(args = {})
+        super
+        validate_hashes! if @strict
+      end
+
+      private
+
+      def validate_hashes!
+        Stix2::Validators::Hashes.new(hashes)
+      end
     end
   end
 end

data/lib/stix2/cyberobservable_objects/email_message.rb

@@ -1,7 +1,7 @@
 module Stix2
   module CyberobservableObject
     class EmailMessage < Base
-      property :is_multipart, required: true, coerce: ->(value) { Stix2.to_bool(value) }
+      property :is_multipart, required: true, coerce: Stix2.bool
       property :date, coerce: Time
       property :content_type, coerce: String
       property :from_ref, coerce: Identifier

data/lib/stix2/cyberobservable_objects/file.rb

@@ -1,7 +1,7 @@
 module Stix2
   module CyberobservableObject
     class File < Base
-      property :hashes, coerce: ->(hsh) { hash_dict(hsh) }
+      property :hashes, coerce: Hash
       property :size, coerce: Integer
       property :name, coerce: String
       property :name_enc, coerce: String
@@ -13,6 +13,17 @@ module Stix2
       property :parent_directory_ref, coerce: Identifier
       property :contains_refs, coerce: [Identifier]
       property :content_ref, coerce: Identifier
+
+      def initialize(args = {})
+        super
+        validate_hashes! if @strict
+      end
+
+      private
+
+      def validate_hashes!
+        Stix2::Validators::Hashes.new(hashes)
+      end
     end
   end
 end

data/lib/stix2/cyberobservable_objects/ipv4_addr.rb

@@ -3,9 +3,20 @@ require "ipaddr"
 module Stix2
   module CyberobservableObject
     class Ipv4Addr < Base
-      property :value, required: true, coerce: ->(v) { IPAddr.new(v, Socket::AF_INET).to_s }
+      property :value, required: true, coerce: String
       property :resolves_to_refs, coerce: [Identifier]
       property :resolves_to_refs, coerce: [Identifier]
+
+      def initialize(args = {})
+        super
+        validate_ipv4! if @strict
+      end
+
+      private
+
+      def validate_ipv4!
+        IPAddr.new(value, Socket::AF_INET)
+      end
     end
   end
 end

data/lib/stix2/cyberobservable_objects/ipv6_addr.rb

@@ -3,9 +3,20 @@ require "ipaddr"
 module Stix2
   module CyberobservableObject
     class Ipv6Addr < Base
-      property :value, required: true, coerce: ->(v) { IPAddr.new(v, Socket::AF_INET6).to_s }
+      property :value, required: true, coerce: String
       property :resolves_to_refs, coerce: [Identifier]
       property :resolves_to_refs, coerce: [Identifier]
+
+      def initialize(args = {})
+        super
+        validate_ipv6! if @strict
+      end
+
+      private
+
+      def validate_ipv6!
+        IPAddr.new(value, Socket::AF_INET6)
+      end
     end
   end
 end

data/lib/stix2/cyberobservable_objects/network_traffic.rb

@@ -3,7 +3,7 @@ module Stix2
     class NetworkTraffic < Base
       property :start, coerce: Time
       property :end, coerce: Time
-      property :is_active, coerce: ->(v) { Stix2.to_bool(v) }
+      property :is_active, coerce: Stix2.bool
       property :src_ref, coerce: Identifier
       property :dst_ref, coerce: Identifier
       property :src_port, coerce: Integer

data/lib/stix2/cyberobservable_objects/process.rb

@@ -1,7 +1,7 @@
 module Stix2
   module CyberobservableObject
     class Process < Base
-      property :is_hidden, coerce: ->(value) { Stix2.to_bool(value) }
+      property :is_hidden, coerce: Stix2.bool
       property :pid, coerce: Integer
       property :created_time, coerce: Time
       property :cwd, coerce: String

data/lib/stix2/cyberobservable_objects/user_account.rb

@@ -6,10 +6,10 @@ module Stix2
       property :account_login, coerce: String
       property :account_type, values: ACCOUNT_TYPE_OV
       property :display_name, coerce: String
-      property :is_service_account, coerce: ->(value) { Stix2.to_bool(value) }
-      property :is_privileged, coerce: ->(value) { Stix2.to_bool(value) }
-      property :can_escalate_privs, coerce: ->(value) { Stix2.to_bool(value) }
-      property :is_disabled, coerce: ->(value) { Stix2.to_bool(value) }
+      property :is_service_account, coerce: Stix2.bool
+      property :is_privileged, coerce: Stix2.bool
+      property :can_escalate_privs, coerce: Stix2.bool
+      property :is_disabled, coerce: Stix2.bool
       property :account_created, coerce: Time
       property :account_expires, coerce: Time
       property :credential_last_changed, coerce: Time

data/lib/stix2/cyberobservable_objects/x509_certificate.rb

@@ -3,8 +3,8 @@ require "stix2/cyberobservable_objects/x509_v3_extension_type"
 module Stix2
   module CyberobservableObject
     class X509Certificate < Base
-      property :is_self_signed, coerce: ->(v) { Stix2.to_bool(v) }
-      property :hashes, coerce: ->(hsh) { hash_dict(hsh) }
+      property :is_self_signed, coerce: Stix2.bool
+      property :hashes, coerce: Hash
       property :version, coerce: String
       property :serial_number, coerce: String
       property :signature_algorithm, coerce: String
@@ -16,6 +16,17 @@ module Stix2
       property :subject_public_key_modulus, coerce: String
       property :subject_public_key_exponent, coerce: String
       property :x509_v3_extensions, coerce: X509V3ExtensionType
+
+      def initialize(args = {})
+        super
+        validate_hashes! if @strict
+      end
+
+      private
+
+      def validate_hashes!
+        Stix2::Validators::Hashes.new(hashes)
+      end
     end
   end
 end

data/lib/stix2/domain_objects/indicator.rb

@@ -3,13 +3,25 @@ module Stix2
     class Indicator < Base
       property :name, coerce: String
       property :description, coerce: String
-      property :indicator_types, coerce: ->(v) { validate_array(v, Stix2::INDICATOR_TYPE_OV) }
+      property :indicator_types, coerce: [String]
+      property :indicator_types
       property :pattern, coerce: String
       property :pattern_type, coerce: String, values: PATTERN_TYPE_OV
       property :pattern_version, coerce: String
       property :valid_from, coerce: Time
       property :valid_until, coerce: Time
       property :kill_chain_phases, coerce: [KillChainPhase]
+
+      def initialize(args = {})
+        super
+        validate_indicator_types! if @strict
+      end
+
+      private
+
+      def validate_indicator_types!
+        Stix2::Validators::Array.new(indicator_types, Stix2::INDICATOR_TYPE_OV)
+      end
     end
   end
 end

data/lib/stix2/domain_objects/infrastructure.rb

@@ -3,11 +3,22 @@ module Stix2
     class Infrastructure < Base
       property :name, required: true, coerce: String
       property :description, coerce: String
-      property :infrastructure_types, coerce: ->(v) { validate_array(v, Stix2::INFRASTRUCTURE_TYPE_OV) }
+      property :infrastructure_types, coerce: [String]
       property :aliases, coerce: [String]
       property :kill_chain_phases, coerce: [KillChainPhase]
       property :first_seen, coerce: Time
       property :last_seen, coerce: Time
+
+      def initialize(args = {})
+        super
+        validate_infrastructure_types! if @strict
+      end
+
+      private
+
+      def validate_infrastructure_types!
+        Stix2::Validators::Array.new(infrastructure_types, Stix2::INFRASTRUCTURE_TYPE_OV)
+      end
     end
   end
 end

data/lib/stix2/domain_objects/intrusion-set.rb

@@ -9,7 +9,18 @@ module Stix2
       property :goals, coerce: [String]
       property :resource_level, values: ATTACK_RESOURCE_LEVEL_OV
       property :primary_motivation, values: ATTACK_MOTIVATION_OV
-      property :secondary_motivations, coerce: ->(v) { validate_array(v, Stix2::ATTACK_MOTIVATION_OV) }
+      property :secondary_motivations, coerce: [String]
+
+      def initialize(args = {})
+        super
+        validate_secondary_motivations! if @strict
+      end
+
+      private
+
+      def validate_secondary_motivations!
+        Stix2::Validators::Array.new(secondary_motivations, Stix2::ATTACK_MOTIVATION_OV)
+      end
     end
   end
 end

data/lib/stix2/domain_objects/malware.rb

@@ -3,17 +3,43 @@ module Stix2
     class Malware < Base
       property :name, coerce: String
       property :description, coerce: String
-      property :malware_types, coerce: ->(v) { validate_array(v, Stix2::MALWARE_TYPE_OV) }
-      property :is_family, coerce: ->(v) { Stix2.to_bool(v) }
+      property :malware_types, coerce: [String]
+      property :is_family, coerce: Stix2.bool
       property :aliases, coerce: [String]
       property :kill_chain_phases, coerce: [KillChainPhase]
       property :first_seen, coerce: Time
       property :last_seen, coerce: Time
       property :operating_system_refs, coerce: [Identifier]
-      property :architecture_execution_envs, coerce: ->(v) { validate_array(v, Stix2::PROCESSOR_ARCHITECTURE_OV) }
-      property :implementation_languages, coerce: ->(v) { validate_array(v, Stix2::IMPLEMENTATION_LANGUAGE_OV) }
-      property :capabilities, coerce: ->(v) { validate_array(v, Stix2::IMPLEMENTATION_CAPABILITIES_OV) }
+      property :architecture_execution_envs, coerce: [String]
+      property :implementation_languages, coerce: [String]
+      property :capabilities, coerce: [String]
       property :sample_refs, coerce: [Identifier]
+
+      def initialize(args = {})
+        super
+        validate_malware_types! if @strict
+        validate_architecture_execution_envs! if @strict
+        validate_implementation_languages! if @strict
+        validate_capabilities! if @strict
+      end
+
+      private
+
+      def validate_malware_types!
+        Stix2::Validators::Array.new(malware_types, Stix2::MALWARE_TYPE_OV)
+      end
+
+      def validate_architecture_execution_envs!
+        Stix2::Validators::Array.new(architecture_execution_envs, Stix2::PROCESSOR_ARCHITECTURE_OV)
+      end
+
+      def validate_implementation_languages!
+        Stix2::Validators::Array.new(implementation_languages, Stix2::IMPLEMENTATION_LANGUAGE_OV)
+      end
+
+      def validate_capabilities!
+        Stix2::Validators::Array.new(capabilities, Stix2::IMPLEMENTATION_CAPABILITIES_OV)
+      end
     end
   end
 end

data/lib/stix2/domain_objects/report.rb

@@ -3,9 +3,20 @@ module Stix2
     class Report < Base
       property :name, required: true, coerce: String
       property :description, coerce: String
-      property :report_types, coerce: ->(v) { validate_array(v, Stix2::REPORT_TYPE_OV) }
+      property :report_types, coerce: [String]
       property :published, coerce: Time
       property :object_refs, coerce: [Identifier]
+
+      def initialize(args = {})
+        super
+        validate_report_types! if @strict
+      end
+
+      private
+
+      def validate_report_types!
+        Stix2::Validators::Array.new(report_types, Stix2::REPORT_TYPE_OV)
+      end
     end
   end
 end

data/lib/stix2/domain_objects/threat_actor.rb

@@ -3,17 +3,43 @@ module Stix2
     class ThreatActor < Base
       property :name, required: true, coerce: String
       property :description, coerce: String
-      property :threat_actor_types, coerce: ->(v) { validate_array(v, THREAT_ACTOR_TYPE_OV) }
+      property :threat_actor_types, coerce: [String]
       property :aliases, coerce: [String]
       property :first_seen, coerce: Time
       property :last_seen, coerce: Time
-      property :roles, coerce: ->(v) { validate_array(v, THREAT_ACTOR_ROLE_OV) }
+      property :roles, coerce: [String]
       property :goals, coerce: [String]
       property :sophistication, values: THREAT_ACTOR_SOPHISTICATION_OV
       property :resource_level, values: ATTACK_RESOURCE_LEVEL_OV
       property :primary_motivation, values: ATTACK_MOTIVATION_OV
-      property :secondary_motivations, coerce: ->(v) { validate_array(v, ATTACK_MOTIVATION_OV) }
-      property :personal_motivations, coerce: ->(v) { validate_array(v, ATTACK_MOTIVATION_OV) }
+      property :secondary_motivations, coerce: [String]
+      property :personal_motivations, coerce: [String]
+
+      def initialize(args = {})
+        super
+        validate_threat_actor_types! if @strict
+        validate_roles! if @strict
+        validate_secondary_motivations! if @strict
+        validate_personal_motivations! if @strict
+      end
+
+      private
+
+      def validate_threat_actor_types!
+        Stix2::Validators::Array.new(threat_actor_types, Stix2::THREAT_ACTOR_TYPE_OV)
+      end
+
+      def validate_roles!
+        Stix2::Validators::Array.new(roles, Stix2::THREAT_ACTOR_ROLE_OV)
+      end
+
+      def validate_secondary_motivations!
+        Stix2::Validators::Array.new(secondary_motivations, Stix2::ATTACK_MOTIVATION_OV)
+      end
+
+      def validate_personal_motivations!
+        Stix2::Validators::Array.new(personal_motivations, Stix2::ATTACK_MOTIVATION_OV)
+      end
     end
   end
 end

data/lib/stix2/domain_objects/tool.rb

@@ -3,10 +3,21 @@ module Stix2
     class Tool < Base
       property :name, required: true, coerce: String
       property :description, coerce: String
-      property :tool_types, coerce: ->(v) { validate_array(v, TOOL_TYPES_OV) }
+      property :tool_types, coerce: [String]
       property :aliases, coerce: [String]
       property :kill_chain_phases, coerce: [KillChainPhase]
       property :tool_version, coerce: String
+
+      def initialize(args = {})
+        super
+        validate_tool_types! if @strict
+      end
+
+      private
+
+      def validate_tool_types!
+        Stix2::Validators::Array.new(tool_types, Stix2::TOOL_TYPES_OV)
+      end
     end
   end
 end