diff --git a/.travis.yml b/.travis.yml index 4ae87b0..96bf29f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,26 +7,22 @@ sudo: required dist: trusty python: - - "2.7" - - "3.3" - "3.4" - "3.5" - "3.5-dev" + - "3.6" + - "3.6-dev" - "nightly" install: - - git clone https://github.com/stedolan/jq.git - - pushd jq - - autoreconf -i - - ./configure --disable-maintainer-mode - - make - - sudo make install - - popd + - sudo apt-get update -qq + - sudo apt-get install -y -qq jq moreutils + - pip install jsonschema - git clone https://github.com/MISP/PyTaxonomies.git - pushd PyTaxonomies - pip install . - popd script: - - cat */*.json | jq . + - ./validate_all.sh - pytaxonomies -l MANIFEST.json -a diff --git a/PAP/machinetag.json b/PAP/machinetag.json index 2da266f..febab6a 100644 --- a/PAP/machinetag.json +++ b/PAP/machinetag.json @@ -24,6 +24,5 @@ "expanded": "(PAP:WHITE) No restrictions in using this information.", "colour": "#ffffff" } - ], - "values": null + ] } diff --git a/diamond-model/machinetag.json b/diamond-model/machinetag.json index beeec6c..fc6882e 100644 --- a/diamond-model/machinetag.json +++ b/diamond-model/machinetag.json @@ -21,6 +21,5 @@ "value": "Victim", "expanded": "A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. A victim can be described in whichever way necessary and appropriate: organization, person, target email address, IP address, domain, etc. However, it is useful to define the victim persona and their assets separately as they serve different analytic functions. Victim personae are useful in non-technical analysis such as cyber-victimology and social-political centered approaches whereas victim assets are associated with common technical approaches such as vulnerability analysis.." } - ], - "values": null + ] } diff --git a/euci/machinetag.json b/euci/machinetag.json index b83c003..238f705 100644 --- a/euci/machinetag.json +++ b/euci/machinetag.json @@ -23,6 +23,5 @@ "expanded": "RESTREINT UE/EU RESTRICTED", "description": "Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States." } - ], - "values": null + ] } diff --git a/europol-event/machinetag.json b/europol-event/machinetag.json index fb285a1..f74e3d1 100644 --- a/europol-event/machinetag.json +++ b/europol-event/machinetag.json @@ -234,6 +234,5 @@ "expanded": "Undetermined", "description": "Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning." } - ], - "values": null + ] } diff --git a/information-security-indicators/machinetag.json b/information-security-indicators/machinetag.json index 7a263cd..fa1c4f3 100644 --- a/information-security-indicators/machinetag.json +++ b/information-security-indicators/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "information-security-indicators", "description": "A full set of operational indicators for organizations to use to benchmark their security posture.", - "version": "1", + "version": 1, "predicates": [ { "value": "IEX", @@ -582,4 +582,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/jq_all_the_things.sh b/jq_all_the_things.sh new file mode 100755 index 0000000..617456d --- /dev/null +++ b/jq_all_the_things.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e +set -x + +# Seeds sponge, from moreutils + +for dir in ./*/list.json +do + cat ${dir} | jq . | sponge ${dir} +done + +cat schema.json | jq . | sponge schema.json +cat MANIFEST.json | jq . | sponge MANIFEST.json diff --git a/kill-chain/machinetag.json b/kill-chain/machinetag.json index c18ad3c..dd23fcd 100644 --- a/kill-chain/machinetag.json +++ b/kill-chain/machinetag.json @@ -32,6 +32,5 @@ "value": "Actions on Objectives", "expanded": "Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network." } - ], - "values": null + ] } diff --git a/rt_event_status/machinetag.json b/rt_event_status/machinetag.json index 003b84b..094c5f5 100644 --- a/rt_event_status/machinetag.json +++ b/rt_event_status/machinetag.json @@ -1,7 +1,7 @@ { "namespace": "rt_event_status", "description": "Status of events used in Request Tracker.", - "version": "1.0", + "version": 1, "predicates": [ { "value": "event-status", diff --git a/schema.json b/schema.json new file mode 100644 index 0000000..61630b8 --- /dev/null +++ b/schema.json @@ -0,0 +1,36 @@ +{ + "$schema": "http://json-schema.org/schema#", + "title": "Validator for misp-taxonomies", + "id": "https://www.github.com/MISP/misp-taxonomies/schema.json", + "type": "object", + "properties": { + "namespace": { + "type": "string" + }, + "description": { + "type": "string" + }, + "version": { + "type": "integer" + }, + "predicates": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object" + } + }, + "values": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "object" + } + } + }, + "required": [ + "namespace", + "description", + "version" + ] +} diff --git a/tlp/machinetag.json b/tlp/machinetag.json index 11a05a9..bb967a7 100644 --- a/tlp/machinetag.json +++ b/tlp/machinetag.json @@ -1,5 +1,4 @@ { - "values": null, "predicates": [ { "colour": "#CC0033", diff --git a/validate_all.sh b/validate_all.sh new file mode 100755 index 0000000..e68a443 --- /dev/null +++ b/validate_all.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e +set -x + +./jq_all_the_things.sh + +diffs=`git status --porcelain | wc -l` + +if ! [ $diffs -eq 1 ]; then + echo "Please make sure you run ./jq_all_the_things.sh before commiting." + exit 1 +fi + +for dir in */machinetag.json +do + echo -n "${dir}: " + jsonschema -i ${dir} schema.json + echo '' +done +