Add validators for vocabularies and misp

2017-07-25 17:39:06 +02:00 · 2017-07-25 17:39:06 +02:00 · 6866b158b1
parent 8163c7295f
commit 6866b158b1
10 changed files with 130 additions and 17 deletions
--- a/schema_clusters.json
+++ b/schema_clusters.json
@ -1,7 +1,7 @@
 {
  "$schema": "http://json-schema.org/schema#",
-  "title": "Validator for misp-galaxies",
-  "id": "https://www.github.com/MISP/misp-galaxies/schema.json",
+  "title": "Validator for misp-galaxies - Clusters",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema_clusters.json",
  "type": "object",
  "additionalProperties": false,
  "properties": {
--- a/schema_galaxies.json
+++ b/schema_galaxies.json
@ -1,7 +1,7 @@
 {
  "$schema": "http://json-schema.org/schema#",
-  "title": "Validator for misp-galaxies",
-  "id": "https://www.github.com/MISP/misp-galaxies/schema.json",
+  "title": "Validator for misp-galaxies - Galaxies",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema_galaxies.json",
  "type": "object",
  "additionalProperties": false,
  "properties": {
--- a/schema_misp.json
+++ b/schema_misp.json
@ -0,0 +1,31 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "title": "Validator for misp-galaxies - MISP",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema_misp.json",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "elements_url": {
+      "type": "string"
+    },
+    "default_predicate_value_in": {
+      "type": "string"
+    },
+    "default_predicate_value": {
+      "type": "string"
+    },
+    "cluster_url": {
+      "type": "string"
+    },
+    "predicate_in": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "elements_url",
+    "default_predicate_value_in",
+    "default_predicate_value",
+    "cluster_url",
+    "predicate_in"
+  ]
+}
--- a/schema_vocabularies.json
+++ b/schema_vocabularies.json
@ -0,0 +1,58 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "title": "Validator for misp-galaxies - Vocabularies",
+  "id": "https://www.github.com/MISP/misp-galaxies/schema_vocabularies.json",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "version": {
+      "type": "integer"
+    },
+    "description": {
+      "type": "string"
+    },
+    "source": {
+      "type": "string"
+    },
+    "author": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "type": "string"
+      }
+    },
+    "uuid": {
+      "type": "string"
+    },
+    "stix": {
+      "type": "string"
+    },
+    "type": {
+      "type": "string"
+    },
+    "values": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+              "description": {
+                  "type": "string"
+              },
+              "value": {
+                  "type": "string"
+              }
+          }
+      }
+    }
+  },
+  "required": [
+    "version",
+    "description",
+    "author",
+    "uuid",
+    "type",
+    "values"
+  ]
+}
--- a/validate_all.sh
+++ b/validate_all.sh
@ -9,7 +9,7 @@
 # Check Jsons format, and beautify
 ./jq_all_the_things.sh
 rc=$?
-if [[ $rc != 0 ]]; then 
+if [[ $rc != 0 ]]; then
    exit $rc
 fi

@ -30,7 +30,7 @@ do
  echo -n "${dir}: "
  jsonschema -i ${dir} schema_clusters.json
  rc=$?
-  if [[ $rc != 0 ]]; then 
+  if [[ $rc != 0 ]]; then
    echo "Error on ${dir}"
    exit $rc
  fi
@ -42,7 +42,31 @@ do
  echo -n "${dir}: "
  jsonschema -i ${dir} schema_galaxies.json
  rc=$?
-  if [[ $rc != 0 ]]; then 
+  if [[ $rc != 0 ]]; then
+    echo "Error on ${dir}"
+    exit $rc
+  fi
+  echo ''
+done
+
+for dir in misp/*.json
+do
+  echo -n "${dir}: "
+  jsonschema -i ${dir} schema_misp.json
+  rc=$?
+  if [[ $rc != 0 ]]; then
+    echo "Error on ${dir}"
+    exit $rc
+  fi
+  echo ''
+done
+
+for dir in vocabularies/*/*.json
+do
+  echo -n "${dir}: "
+  jsonschema -i ${dir} schema_vocabularies.json
+  rc=$?
+  if [[ $rc != 0 ]]; then
    echo "Error on ${dir}"
    exit $rc
  fi
--- a/vocabularies/threat-actor/intended-effect.json
+++ b/vocabularies/threat-actor/intended-effect.json
@ -91,10 +91,10 @@
      "value": "Unauthorized Access"
    }
  ],
-  "version" : 1,
+  "version" : 2,
  "description": "The IntendedEffectVocab is the default STIX vocabulary for expressing the intended effect of a threat actor",
  "source": "STIX 1.0",
-  "author": "STIX",
+  "author": ["STIX"],
  "uuid": "b6975c96-296a-48cf-9006-034ed102bc85",
  "stix": "1.2.1",
  "type": "threat-actor-intended-effect-vocabulary"
--- a/vocabularies/threat-actor/motivation.json
+++ b/vocabularies/threat-actor/motivation.json
@ -56,10 +56,10 @@
      "description": "The threat actor is motivated by the desire to exercise some political advantage."
    }
  ],
-  "version" : 1,
+  "version" : 2,
  "description": "The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor.",
  "source": "STIX 1.0",
-  "author": "STIX",
+  "author": ["STIX"],
  "uuid": "74183277-5ee6-436a-9859-cb16fb3f21e2",
  "stix": "1.2.1",
  "type": "threat-actor-motivation-vocabulary"
--- a/vocabularies/threat-actor/planning-and-operational-support.json
+++ b/vocabularies/threat-actor/planning-and-operational-support.json
@ -67,9 +67,9 @@
      "value": "Skill Development / Recruitment - University Programs"
    }
  ],
-  "version" : 1,
+  "version" : 2,
  "description": "The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor.",
-  "author": "STIX",
+  "author": ["STIX"],
  "source": "STIX 1.0",
  "stix": "1.0.1",
  "uuid": "f91f69d2-fcd0-45f2-baeb-4f79f9458da7",
--- a/vocabularies/threat-actor/sophistication.json
+++ b/vocabularies/threat-actor/sophistication.json
@ -17,9 +17,9 @@
      "description": "Demonstrates a nascent capability. A novice has basic computer skills and likely requires the assistance of a Practitioner or higher to engage in hacking activity. He uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet and lacks the ability to conduct his own reconnaissance and targeting research."
    }
  ],
-  "version" : 1,
+  "version" : 2,
  "description": "The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor.",
-  "author": "STIX",
+  "author": ["STIX"],
  "uuid": "fcaf1309-28c4-4d09-b56f-84d6cf6afbb3",
  "stix": "1.0",
  "type": "threat-actor-sophistication-vocabulary"
--- a/vocabularies/threat-actor/type.json
+++ b/vocabularies/threat-actor/type.json
@ -52,10 +52,10 @@
      "value": "Disgruntled Customer / User"
    }
  ],
-  "version": 1,
+  "version": 2,
  "uuid": "3d7dc2ee-ca54-4a5e-96a3-2e7cba0ffe95",
  "description": "The ThreatActorTypeVocab enumeration is used to define the default STIX vocabulary for expressing the subjective type of a threat actor.",
-  "author": "STIX",
+  "author": ["STIX"],
  "source": "STIX 1.0",
  "stix": "1.0",
  "type": "threat-actor-type-vocabulary"