Initial Json schema

2017-02-13 18:32:53 +01:00 · 2017-02-13 18:32:53 +01:00 · 47ac01ee96
parent 6fb89a644f
commit 47ac01ee96
10 changed files with 146 additions and 41 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,17 +1,16 @@
-language: bash
+language: python
+
+cache: pip
+
+python:
+    - "3.6"

 sudo: required

-dist: trusty
-
 install:
-    - git clone https://github.com/stedolan/jq.git
-    - pushd jq
-    - autoreconf -i
-    - ./configure --disable-maintainer-mode
-    - make
-    - sudo make install
-    - popd
+    - sudo apt-get update -qq
+    - sudo apt-get install -y -qq jq moreutils
+    - pip install jsonschema

 script:
-    - cat */*.json | jq .
+    - ./validate_all.sh
--- a/galaxies/exploit-kit.json
+++ b/galaxies/exploit-kit.json
@ -1,7 +1,7 @@
 {
-   "type" : "exploit-kit",
-   "name" : "Exploit-Kit",
-   "description":"Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
-   "version": 2,
-   "uuid": "6ab240ec-bd79-11e6-a4a6-cec0c932ce01"
+  "type": "exploit-kit",
+  "name": "Exploit-Kit",
+  "description": "Exploit-Kit is an enumeration of some exploitation kits used by adversaries. The list includes document, browser and router exploit kits.It's not meant to be totally exhaustive but aim at covering the most seen in the past 5 years",
+  "version": 2,
+  "uuid": "6ab240ec-bd79-11e6-a4a6-cec0c932ce01"
 }
--- a/galaxies/microsoft-activity-group.json
+++ b/galaxies/microsoft-activity-group.json
@ -1,7 +1,7 @@
 {
-   "name": "Microsoft Activity Group actor",
-   "type": "microsoft-activity-group",
-   "description": "Activity groups as described by Microsoft",
-   "version": 1,
-   "uuid": "74c869e8-0b8e-4e5f-96e6-cd992e07a505"
+  "name": "Microsoft Activity Group actor",
+  "type": "microsoft-activity-group",
+  "description": "Activity groups as described by Microsoft",
+  "version": 1,
+  "uuid": "74c869e8-0b8e-4e5f-96e6-cd992e07a505"
 }
--- a/galaxies/preventive-measure.json
+++ b/galaxies/preventive-measure.json
@ -1,7 +1,7 @@
 {
-   "name": "Preventive Measure",
-   "type": "preventive-measure",
-   "description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.",
-   "version": 1,
-   "uuid": "8168995b-adcd-4684-9e37-206c5771505a"
+  "name": "Preventive Measure",
+  "type": "preventive-measure",
+  "description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.",
+  "version": 1,
+  "uuid": "8168995b-adcd-4684-9e37-206c5771505a"
 }
--- a/galaxies/tds.json
+++ b/galaxies/tds.json
@ -1,7 +1,7 @@
 {
-   "type" : "tds",
-   "name" : "TDS",
-   "description": "TDS is a list of Traffic Direction System used by adversaries",
-   "version": 2,
-   "uuid": "1b9a7d8e-bd7a-11e6-a4a6-cec0c932ce01"
+  "type": "tds",
+  "name": "TDS",
+  "description": "TDS is a list of Traffic Direction System used by adversaries",
+  "version": 2,
+  "uuid": "1b9a7d8e-bd7a-11e6-a4a6-cec0c932ce01"
 }
--- a/galaxies/threat-actor.json
+++ b/galaxies/threat-actor.json
@ -1,7 +1,7 @@
 {
-   "name" : "Threat Actor",
-   "type" : "threat-actor",
-   "description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.",
-   "version": 1,
-   "uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3"
+  "name": "Threat Actor",
+  "type": "threat-actor",
+  "description": "Threat actors are characteristics of malicious actors (or adversaries) representing a cyber attack threat including presumed intent and historically observed behaviour.",
+  "version": 1,
+  "uuid": "698774c7-8022-42c4-917f-8d6e4f06ada3"
 }
--- a/galaxies/tool.json
+++ b/galaxies/tool.json
@ -1,7 +1,7 @@
 {
-   "type" : "tool",
-   "name" : "Tool",
-   "description": "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
-   "version": 1,
-   "uuid": "9b8037f7-bc8f-4de1-a797-37266619bc0b"
+  "type": "tool",
+  "name": "Tool",
+  "description": "Threat actors tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
+  "version": 1,
+  "uuid": "9b8037f7-bc8f-4de1-a797-37266619bc0b"
 }
--- a/jq_all_the_things.sh
+++ b/jq_all_the_things.sh
@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+set -x
+
+# Seeds sponge, from moreutils
+
+for dir in galaxies/*.json
+do
+    cat ${dir} | jq . | sponge ${dir}
+done
+
+cat schema.json | jq . | sponge schema.json
--- a/schema.json
+++ b/schema.json
@ -0,0 +1,72 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "title": "Validator for misp-galaxies",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema.json",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "description": {
+      "type": "string"
+    },
+    "type": {
+      "type": "string"
+    },
+    "version": {
+      "type": "integer"
+    },
+    "name": {
+      "type": "string"
+    },
+    "uuid": {
+      "type": "string"
+    },
+    "source": {
+      "type": "string"
+    },
+    "values": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+          "description": {
+            "type": "string"
+          },
+          "value": {
+            "type": "string"
+          },
+          "type": {
+            "type": "string"
+          },
+          "Possible Issues": {
+            "type": "string"
+          },
+          "meta": {
+            "type": "object"
+          }
+        },
+        "required": [
+          "value"
+        ]
+      }
+    },
+    "authors": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "type": "string"
+      }
+    }
+  },
+  "required": [
+    "description",
+    "type",
+    "version",
+    "name",
+    "uuid",
+    "values",
+    "authors",
+    "source"
+  ]
+}
--- a/validate_all.sh
+++ b/validate_all.sh
@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+set -x
+
+./jq_all_the_things.sh
+
+diffs=`git status --porcelain | wc -l`
+
+if ! [ $diffs -eq 0 ]; then
+	echo "Please make sure you run ./jq_all_the_things.sh before commiting."
+	exit 1
+fi
+
+for dir in galaxies/*.json
+do
+  echo -n "${dir}: "
+  jsonschema -i ${dir} schema.json
+  echo ''
+done
+