From 684d4d0631ccc9380e9fbe0e61880cd25e4974d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Larinier?= Date: Mon, 13 Mar 2017 17:32:51 +0100 Subject: [PATCH 1/4] delete attribute --- objects/elf/definition.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/objects/elf/definition.json b/objects/elf/definition.json index 7677c61..a539f59 100644 --- a/objects/elf/definition.json +++ b/objects/elf/definition.json @@ -13,10 +13,6 @@ "misp-attribute": "filename", "misp-usage-frequency": 1 }, - "internal-filename": { - "misp-attribute": "filename", - "misp-usage-frequency": 0 - }, "entrypoint-address": { "misp-attribute": "text", "misp-usage-frequency": 0, From 681d18f4eb5d8d8016955a78a124cc9e0cc20fdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Larinier?= Date: Mon, 13 Mar 2017 17:58:56 +0100 Subject: [PATCH 2/4] add attributes --- objects/elf-section/definition.json | 6 ++-- objects/elf/definition.json | 56 +++++++++++++++++++++++++---- 2 files changed, 53 insertions(+), 9 deletions(-) diff --git a/objects/elf-section/definition.json b/objects/elf-section/definition.json index 19a8642..e8b031b 100644 --- a/objects/elf-section/definition.json +++ b/objects/elf-section/definition.json @@ -4,12 +4,12 @@ "description": "Object describing a section of an Executable and Linkable Format", "version": 1, "attributes": { - "name": { + "sh_name": { "misp-attribute": "text", "misp-usage-frequency": 1, "disable_correlation": true }, - "Flags": { + "sh_flags": { "misp-attribute": "text", "misp-usage-frequency": 0, "sane_default": [ @@ -36,7 +36,7 @@ "misp-usage-frequency": 1, "disable_correlation": true }, - "size-in-bytes": { + "sh_size": { "misp-attribute": "size-in-bytes", "misp-usage-frequency": 1, "disable_correlation": true diff --git a/objects/elf/definition.json b/objects/elf/definition.json index a539f59..06454eb 100644 --- a/objects/elf/definition.json +++ b/objects/elf/definition.json @@ -13,7 +13,7 @@ "misp-attribute": "filename", "misp-usage-frequency": 1 }, - "entrypoint-address": { + "e_entry": { "misp-attribute": "text", "misp-usage-frequency": 0, "disable_correlation": true @@ -23,17 +23,61 @@ "misp-usage-frequency": 0, "disable_correlation": true }, - "file-version": { + "e_version": { "misp-attribute": "text", "misp-usage-frequency": 0, "disable_correlation": true }, - "elf-type": { + "e_type":{ "misp-attribute": "text", - "misp-usage-frequency": 0, - "disable_correlation": true - } + "misp-usage-frequency": 0, + "sane_default":[ + "relocatable", + "executable", + "shared", + "core" + ] + }, + "e_ident_abi":{ + "misp-attribute": "text", + "misp-usage-frequency": 0, + "sane_default":[ + "System V", + "HP_UX", + "NetBSD", + "Linux", + "Solaris", + "AIX", + "IRIX", + "FreeBSD", + "True64", + "Novell Modesto", + "OpenBSD", + "OpenVMS", + "NonStop Kernel", + "AROS", + "Fenis OS", + "CloudABI", + "Sortix" + ]}, + "e_machine":{ + "misp-attribute": "text", + "misp-usage-frequency": 0, + "sane_default":[ + "No specific instruction set", + "SPARC", + "X86", + "MISP", + "PowerPC", + "ARM", + "SuperH", + "IA-64", + "x86-64", + "AArch64", + "RISC-V" + ]} }, + "requiredOneOf": [ "text", "original-filename", From fb5ec25000a7c1b35f581c3784768a81dcd1e5d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Larinier?= Date: Mon, 13 Mar 2017 18:04:21 +0100 Subject: [PATCH 3/4] add type of sections --- objects/elf-section/definition.json | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/objects/elf-section/definition.json b/objects/elf-section/definition.json index e8b031b..ee63ac1 100644 --- a/objects/elf-section/definition.json +++ b/objects/elf-section/definition.json @@ -9,6 +9,33 @@ "misp-usage-frequency": 1, "disable_correlation": true }, + "sh_type":{ + "misp-attribute": "text", + "misp-usage-frequency": 0, + "sane_default": [ + "SHT_NULL", + "SHT_PROGBITS", + "SHT_SYMTAB", + "SHT_STRTAB", + "SHT_RELA", + "SHT_HASH", + "SHT_DYNAMIC", + "SHT_NOTE", + "SHT_NOBITS", + "SHT_REL", + "SHT_SHLIB", + "SHT_DYNSYM", + "SHT_INIT_ARRAY", + "SHT_FINI_ARRAY", + "SHT_PREINIT_ARRAY", + "SHT_GROUP", + "SHT_SYMTAB_SHNDX", + "SHT_NUM", + "SHT_LOOS" + ] + + } + , "sh_flags": { "misp-attribute": "text", "misp-usage-frequency": 0, From 16f41b2b4a241d9ffeebceeca3f6234833de595d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Larinier?= Date: Tue, 14 Mar 2017 10:05:48 +0100 Subject: [PATCH 4/4] correct travis failed --- objects/elf-section/definition.json | 6 +- objects/elf/definition.json | 93 +++++++++++++++-------------- 2 files changed, 49 insertions(+), 50 deletions(-) diff --git a/objects/elf-section/definition.json b/objects/elf-section/definition.json index ee63ac1..218faca 100644 --- a/objects/elf-section/definition.json +++ b/objects/elf-section/definition.json @@ -9,7 +9,7 @@ "misp-usage-frequency": 1, "disable_correlation": true }, - "sh_type":{ + "sh_type": { "misp-attribute": "text", "misp-usage-frequency": 0, "sane_default": [ @@ -33,9 +33,7 @@ "SHT_NUM", "SHT_LOOS" ] - - } - , + }, "sh_flags": { "misp-attribute": "text", "misp-usage-frequency": 0, diff --git a/objects/elf/definition.json b/objects/elf/definition.json index 06454eb..45100c6 100644 --- a/objects/elf/definition.json +++ b/objects/elf/definition.json @@ -28,56 +28,57 @@ "misp-usage-frequency": 0, "disable_correlation": true }, - "e_type":{ + "e_type": { "misp-attribute": "text", - "misp-usage-frequency": 0, - "sane_default":[ - "relocatable", - "executable", - "shared", - "core" + "misp-usage-frequency": 0, + "sane_default": [ + "relocatable", + "executable", + "shared", + "core" ] }, - "e_ident_abi":{ - "misp-attribute": "text", - "misp-usage-frequency": 0, - "sane_default":[ - "System V", - "HP_UX", - "NetBSD", - "Linux", - "Solaris", - "AIX", - "IRIX", - "FreeBSD", - "True64", - "Novell Modesto", - "OpenBSD", - "OpenVMS", - "NonStop Kernel", - "AROS", - "Fenis OS", - "CloudABI", - "Sortix" - ]}, - "e_machine":{ - "misp-attribute": "text", - "misp-usage-frequency": 0, - "sane_default":[ - "No specific instruction set", - "SPARC", - "X86", - "MISP", - "PowerPC", - "ARM", - "SuperH", - "IA-64", - "x86-64", - "AArch64", - "RISC-V" - ]} + "e_ident_abi": { + "misp-attribute": "text", + "misp-usage-frequency": 0, + "sane_default": [ + "System V", + "HP_UX", + "NetBSD", + "Linux", + "Solaris", + "AIX", + "IRIX", + "FreeBSD", + "True64", + "Novell Modesto", + "OpenBSD", + "OpenVMS", + "NonStop Kernel", + "AROS", + "Fenis OS", + "CloudABI", + "Sortix" + ] + }, + "e_machine": { + "misp-attribute": "text", + "misp-usage-frequency": 0, + "sane_default": [ + "No specific instruction set", + "SPARC", + "X86", + "MISP", + "PowerPC", + "ARM", + "SuperH", + "IA-64", + "x86-64", + "AArch64", + "RISC-V" + ] + } }, - "requiredOneOf": [ "text", "original-filename",