Add validators for vocabularies and misp

schema_clusters.json

@@ -1,7 +1,7 @@
 {
   "$schema": "http://json-schema.org/schema#",
-  "title": "Validator for misp-galaxies",
-  "id": "https://www.github.com/MISP/misp-galaxies/schema.json",
+  "title": "Validator for misp-galaxies - Clusters",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema_clusters.json",
   "type": "object",
   "additionalProperties": false,
   "properties": {

schema_galaxies.json

@@ -1,7 +1,7 @@
 {
   "$schema": "http://json-schema.org/schema#",
-  "title": "Validator for misp-galaxies",
-  "id": "https://www.github.com/MISP/misp-galaxies/schema.json",
+  "title": "Validator for misp-galaxies - Galaxies",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema_galaxies.json",
   "type": "object",
   "additionalProperties": false,
   "properties": {

schema_misp.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "title": "Validator for misp-galaxies - MISP",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema_misp.json",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "elements_url": {
+      "type": "string"
+    },
+    "default_predicate_value_in": {
+      "type": "string"
+    },
+    "default_predicate_value": {
+      "type": "string"
+    },
+    "cluster_url": {
+      "type": "string"
+    },
+    "predicate_in": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "elements_url",
+    "default_predicate_value_in",
+    "default_predicate_value",
+    "cluster_url",
+    "predicate_in"
+  ]
+}

schema_vocabularies.json

@@ -0,0 +1,58 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "title": "Validator for misp-galaxies - Vocabularies",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema_vocabularies.json",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "version": {
+      "type": "integer"
+    },
+    "description": {
+      "type": "string"
+    },
+    "source": {
+      "type": "string"
+    },
+    "author": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "type": "string"
+      }
+    },
+    "uuid": {
+      "type": "string"
+    },
+    "stix": {
+      "type": "string"
+    },
+    "type": {
+      "type": "string"
+    },
+    "values": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+              "description": {
+                  "type": "string"
+              },
+              "value": {
+                  "type": "string"
+              }
+          }
+      }
+    }
+  },
+  "required": [
+    "version",
+    "description",
+    "author",
+    "uuid",
+    "type",
+    "values"
+  ]
+}

validate_all.sh

@@ -9,7 +9,7 @@
 # Check Jsons format, and beautify
 ./jq_all_the_things.sh
 rc=$?
-if [[ $rc != 0 ]]; then 
+if [[ $rc != 0 ]]; then
     exit $rc
 fi
 
@@ -30,7 +30,7 @@ do
   echo -n "${dir}: "
   jsonschema -i ${dir} schema_clusters.json
   rc=$?
-  if [[ $rc != 0 ]]; then 
+  if [[ $rc != 0 ]]; then
     echo "Error on ${dir}"
     exit $rc
   fi
@@ -42,7 +42,31 @@ do
   echo -n "${dir}: "
   jsonschema -i ${dir} schema_galaxies.json
   rc=$?
-  if [[ $rc != 0 ]]; then 
+  if [[ $rc != 0 ]]; then
+    echo "Error on ${dir}"
+    exit $rc
+  fi
+  echo ''
+done
+
+for dir in misp/*.json
+do
+  echo -n "${dir}: "
+  jsonschema -i ${dir} schema_misp.json
+  rc=$?
+  if [[ $rc != 0 ]]; then
+    echo "Error on ${dir}"
+    exit $rc
+  fi
+  echo ''
+done
+
+for dir in vocabularies/*/*.json
+do
+  echo -n "${dir}: "
+  jsonschema -i ${dir} schema_vocabularies.json
+  rc=$?
+  if [[ $rc != 0 ]]; then
     echo "Error on ${dir}"
     exit $rc
   fi

vocabularies/threat-actor/intended-effect.json

@@ -91,10 +91,10 @@
       "value": "Unauthorized Access"
     }
   ],
-  "version" : 1,
+  "version" : 2,
   "description": "The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor",
   "source": "STIX 1.0",
-  "author": "STIX",
+  "author": ["STIX"],
   "uuid": "b6975c96-296a-48cf-9006-034ed102bc85",
   "stix": "1.2.1",
   "type": "threat-actor-intended-effect-vocabulary"

vocabularies/threat-actor/motivation.json

@@ -56,10 +56,10 @@
       "description": "The threat actor is motivated by the desire to exercise some political advantage."
     }
   ],
-  "version" : 1,
+  "version" : 2,
   "description": "The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.",
   "source": "STIX 1.0",
-  "author": "STIX",
+  "author": ["STIX"],
   "uuid": "74183277-5ee6-436a-9859-cb16fb3f21e2",
   "stix": "1.2.1",
   "type": "threat-actor-motivation-vocabulary"

vocabularies/threat-actor/planning-and-operational-support.json

@@ -67,9 +67,9 @@
       "value": "Skill Development / Recruitment - University Programs"
     }
   ],
-  "version" : 1,
+  "version" : 2,
   "description": "The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.",
-  "author": "STIX",
+  "author": ["STIX"],
   "source": "STIX 1.0",
   "stix": "1.0.1",
   "uuid": "f91f69d2-fcd0-45f2-baeb-4f79f9458da7",

vocabularies/threat-actor/sophistication.json

@@ -17,9 +17,9 @@
       "description": "Demonstrates a nascent capability. A novice has basic computer skills and likely requires the assistance of a Practitioner or higher to engage in hacking activity. He uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet and lacks the ability to conduct his own reconnaissance and targeting research."
     }
   ],
-  "version" : 1,
+  "version" : 2,
   "description": "The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.",
-  "author": "STIX",
+  "author": ["STIX"],
   "uuid": "fcaf1309-28c4-4d09-b56f-84d6cf6afbb3",
   "stix": "1.0",
   "type": "threat-actor-sophistication-vocabulary"

vocabularies/threat-actor/type.json

@@ -52,10 +52,10 @@
       "value": "Disgruntled Customer / User"
     }
   ],
-  "version": 1,
+  "version": 2,
   "uuid": "3d7dc2ee-ca54-4a5e-96a3-2e7cba0ffe95",
   "description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.",
-  "author": "STIX",
+  "author": ["STIX"],
   "source": "STIX 1.0",
   "stix": "1.0",
   "type": "threat-actor-type-vocabulary"