Add schema

.travis.yml

@@ -7,26 +7,22 @@ sudo: required
 dist: trusty
 
 python:
-    - "2.7"
-    - "3.3"
     - "3.4"
     - "3.5"
     - "3.5-dev"
+    - "3.6"
+    - "3.6-dev"
     - "nightly"
 
 install:
-    - git clone https://github.com/stedolan/jq.git
+    - sudo apt-get update -qq
-    - pushd jq
+    - sudo apt-get install -y -qq jq moreutils
-    - autoreconf -i
+    - pip install jsonschema
-    - ./configure --disable-maintainer-mode
-    - make
-    - sudo make install
-    - popd
     - git clone https://github.com/MISP/PyTaxonomies.git
     - pushd PyTaxonomies
     - pip install .
     - popd
 
 script:
-    - cat */*.json | jq .
+    - ./validate_all.sh
     - pytaxonomies -l MANIFEST.json -a

PAP/machinetag.json

@@ -24,6 +24,5 @@
       "expanded": "(PAP:WHITE) No restrictions in using this information.",
       "colour": "#ffffff"
     }
-  ],
+  ]
-  "values": null
 }

diamond-model/machinetag.json

@@ -21,6 +21,5 @@
       "value": "Victim",
       "expanded": "A victim is the target of the adversary and against whom vulnerabilities and exposures are exploited and capabilities used. A victim can be described in whichever way necessary and appropriate: organization, person, target email address, IP address, domain, etc. However, it is useful to define the victim persona and their assets separately as they serve different analytic functions. Victim personae are useful in non-technical analysis such as cyber-victimology and social-political centered approaches whereas victim assets are associated with common technical approaches such as vulnerability analysis.."
     }
-  ],
+  ]
-  "values": null
 }

euci/machinetag.json

@@ -23,6 +23,5 @@
       "expanded": "RESTREINT UE/EU RESTRICTED",
       "description": "Information and material the unauthorised disclosure of which could be disadvantageous to the interests of the European Union or of one or more of the Member States."
     }
-  ],
+  ]
-  "values": null
 }

europol-event/machinetag.json

@@ -234,6 +234,5 @@
       "expanded": "Undetermined",
       "description": "Field aimed at the classification of unprocessed events, which have remained undetermined from the beginning."
     }
-  ],
+  ]
-  "values": null
 }

information-security-indicators/machinetag.json

@@ -1,7 +1,7 @@
 {
   "namespace": "information-security-indicators",
   "description": "A full set of operational indicators for organizations to use to benchmark their security posture.",
-  "version": "1",
+  "version": 1,
   "predicates": [
     {
       "value": "IEX",

jq_all_the_things.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+set -x
+
+# Seeds sponge, from moreutils
+
+for dir in ./*/list.json
+do
+    cat ${dir} | jq . | sponge ${dir}
+done
+
+cat schema.json | jq . | sponge schema.json
+cat MANIFEST.json | jq . | sponge MANIFEST.json

kill-chain/machinetag.json

@@ -32,6 +32,5 @@
       "value": "Actions on Objectives",
       "expanded": "Only now, after progressing through the first six phases, can intruders take actions to achieve their original objectives. Typically, this objective is data exfiltration which involves collecting, encrypting and extracting information from the victim environment; violations of data integrity or availability are potential objectives as well. Alternatively, the intruders may only desire access to the initial victim box for use as a hop point to compromise additional systems and move laterally inside the network."
     }
-  ],
+  ]
-  "values": null
 }

rt_event_status/machinetag.json

@@ -1,7 +1,7 @@
 {
   "namespace": "rt_event_status",
   "description": "Status of events used in Request Tracker.",
-  "version": "1.0",
+  "version": 1,
   "predicates": [
     {
       "value": "event-status",

schema.json

@@ -0,0 +1,36 @@
+{
+  "$schema": "http://json-schema.org/schema#",
+  "title": "Validator for misp-taxonomies",
+  "id": "https://www.github.com/MISP/misp-taxonomies/schema.json",
+  "type": "object",
+  "properties": {
+    "namespace": {
+      "type": "string"
+    },
+    "description": {
+      "type": "string"
+    },
+    "version": {
+      "type": "integer"
+    },
+    "predicates": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "type": "object"
+      }
+    },
+    "values": {
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "type": "object"
+      }
+    }
+  },
+  "required": [
+    "namespace",
+    "description",
+    "version"
+  ]
+}

tlp/machinetag.json

@@ -1,5 +1,4 @@
 {
-  "values": null,
   "predicates": [
     {
       "colour": "#CC0033",

validate_all.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+set -x
+
+./jq_all_the_things.sh
+
+diffs=`git status --porcelain | wc -l`
+
+if ! [ $diffs -eq 1 ]; then
+	echo "Please make sure you run ./jq_all_the_things.sh before commiting."
+	exit 1
+fi
+
+for dir in */machinetag.json
+do
+  echo -n "${dir}: "
+  jsonschema -i ${dir} schema.json
+  echo ''
+done
+