chg: Enforce type in schema

2017-12-22 15:32:24 +01:00 · 2017-12-22 15:32:24 +01:00 · 60aeb28fe8
parent 0f23d9cb18
commit 60aeb28fe8
20 changed files with 47 additions and 49 deletions
--- a/lists/alexa/list.json
+++ b/lists/alexa/list.json
@ -1005,7 +1005,8 @@
    "hostname",
    "domain"
  ],
+  "type": "hostname",
  "name": "Top 1000 website from Alexa",
-  "version": 20170212,
+  "version": 20171222,
  "description": "Event contains one or more entries from the top 1000 of the most used website (Alexa)."
 }
--- a/lists/eicar.com/list.json
+++ b/lists/eicar.com/list.json
@ -1,6 +1,6 @@
 {
  "name": "List of hashes for EICAR test virus",
-  "version": 1,
+  "version": 2,
  "description": "Event contains one or more entries based on hashes for EICAR test virus",
  "matching_attributes": [
    "md5",
@ -12,6 +12,7 @@
    "filename|sha256",
    "filename|sha512"
  ],
+  "type": "string",
  "list": [
    "44d88612fea8a8f36de82e1278abb02f",
    "6ce6f415d8475545be5ba114f208b0ff",
--- a/lists/empty-hashes/list.json
+++ b/lists/empty-hashes/list.json
@ -1,6 +1,6 @@
 {
  "name": "List of known hashes for empty files",
-  "version": 1,
+  "version": 2,
  "description": "Event contains one or more entries of empty files based on known hashed",
  "matching_attributes": [
    "md5",
@ -14,6 +14,7 @@
    "filename|sha256",
    "filename|sha512"
  ],
+  "type": "string",
  "list": [
    "d41d8cd98f00b204e9800998ecf8427e",
    "da39a3ee5e6b4b0d3255bfef95601890afd80709",
--- a/lists/google/list.json
+++ b/lists/google/list.json
@ -1,7 +1,8 @@
 {
  "name": "List of known google domains",
-  "version": 3,
+  "version": 4,
  "description": "Event contains one or more entries of known google domains",
+  "type": "hostname",
  "matching_attributes": [
    "domain",
    "hostname",
--- a/lists/ipv6-linklocal/list.json
+++ b/lists/ipv6-linklocal/list.json
@ -2,15 +2,13 @@
  "list": [
    "FE80::/10"
  ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
  "matching_attributes": [
    "ip-src",
    "ip-dst",
    "domain|ip"
  ],
  "description": "Event contains one or more entries part of the IPv6 link local prefix (RFC 4291)",
-  "version": 1,
+  "version": 2,
  "name": "List of IPv6 link local blocks"
 }
--- a/lists/microsoft-office365/list.json
+++ b/lists/microsoft-office365/list.json
@ -1519,7 +1519,8 @@
  ],
  "name": "List of known Office 365 URLs and IP address ranges",
  "description": "Office 365 URLs and IP address ranges",
-  "version": 20170212,
+  "version": 20171222,
+  "type": "hostname",
  "matching_attributes": [
    "ip-src",
    "ip-dst",
--- a/lists/microsoft/list.json
+++ b/lists/microsoft/list.json
@ -1,12 +1,13 @@
 {
  "name": "List of known microsoft domains",
-  "version": 1,
+  "version": 2,
  "description": "Event contains one or more entries of known microsoft domains",
  "matching_attributes": [
    "domain",
    "hostname",
    "domain|ip"
  ],
+  "type": "hostname",
  "list": [
    ".files-df.1drv.com",
    ".files.1drv.com",
--- a/lists/multicast/list.json
+++ b/lists/multicast/list.json
@ -17,15 +17,13 @@
    "238.0.0.0/8",
    "239.0.0.0/8"
  ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
  "matching_attributes": [
    "ip-src",
    "ip-dst",
    "domain|ip"
  ],
  "description": "Event contains one or more entries part of the RFC 5771 multicast CIDR blocks",
-  "version": 2,
+  "version": 3,
  "name": "List of RFC 5771 multicast CIDR blocks"
 }
--- a/lists/public-dns-hostname/list.json
+++ b/lists/public-dns-hostname/list.json
@ -25347,9 +25347,7 @@
    "url",
    "domain|ip"
  ],
-  "type": [
-    "hostname"
-  ],
+  "type": "hostname",
  "name": "List of known public DNS resolvers expressed as hostname",
-  "version": 20171223
+  "version": 20171224
 }
--- a/lists/public-dns-v4/list.json
+++ b/lists/public-dns-v4/list.json
@ -40654,6 +40654,7 @@
    "ip-dst",
    "domain|ip"
  ],
+  "type": "string",
  "name": "List of known IPv4 public DNS resolvers",
-  "version": 20171222
+  "version": 20171223
 }
--- a/lists/public-dns-v6/list.json
+++ b/lists/public-dns-v6/list.json
@ -278,6 +278,7 @@
    "ip-dst",
    "domain|ip"
  ],
+  "type": "string",
  "name": "List of known IPv6 public DNS resolvers",
-  "version": 20170212
+  "version": 20171222
 }
--- a/lists/rfc1918/list.json
+++ b/lists/rfc1918/list.json
@ -4,15 +4,13 @@
    "172.16.0.0/12",
    "192.168.0.0/16"
  ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
  "matching_attributes": [
    "ip-src",
    "ip-dst",
    "domain|ip"
  ],
  "description": "Event contains one or more entries part of the RFC 1918 CIDR blocks",
-  "version": 2,
+  "version": 3,
  "name": "List of RFC 1918 CIDR blocks"
 }
--- a/lists/rfc3849/list.json
+++ b/lists/rfc3849/list.json
@ -2,15 +2,13 @@
  "list": [
    "2001:DB8::/32"
  ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
  "matching_attributes": [
    "ip-src",
    "ip-dst",
    "domain|ip"
  ],
  "description": "Event contains one or more entries part of the IPv6 documentation prefix (RFC 3849)",
-  "version": 2,
+  "version": 3,
  "name": "List of RFC 3849 CIDR blocks"
 }
--- a/lists/rfc5735/list.json
+++ b/lists/rfc5735/list.json
@ -16,15 +16,13 @@
    "240.0.0.0/4",
    "255.255.255.255/32"
  ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
  "matching_attributes": [
    "ip-src",
    "ip-dst",
    "domain|ip"
  ],
  "description": "Event contains one or more entries part of the RFC 5735 CIDR blocks - Special Use IPv4 Addresses",
-  "version": 2,
+  "version": 3,
  "name": "List of RFC 5735 CIDR blocks"
 }
--- a/lists/rfc6598/list.json
+++ b/lists/rfc6598/list.json
@ -2,15 +2,13 @@
  "list": [
    "100.64.0.0/10"
  ],
-  "type": [
-    "cidr"
-  ],
+  "type": "cidr",
  "matching_attributes": [
    "ip-src",
    "ip-dst",
    "domain|ip"
  ],
  "description": "Event contains one or more entries part of the RFC 6598 CIDR blocks - Special Use IPv4 Addresses",
-  "version": 2,
+  "version": 3,
  "name": "List of RFC 6598 CIDR blocks"
 }
--- a/lists/second-level-tlds/list.json
+++ b/lists/second-level-tlds/list.json
@ -6469,6 +6469,7 @@
    "domain",
    "domain|ip"
  ],
+  "type": "substring",
  "name": "Second level TLDs as known by Mozilla Foundation",
-  "version": 2
+  "version": 3
 }
--- a/lists/tlds/list.json
+++ b/lists/tlds/list.json
@ -1296,7 +1296,8 @@
    "domain",
    "domain|ip"
  ],
+  "type": "substring",
  "description": "Event contains one or more TLDs as attribute with an IDS flag set",
-  "version": 2,
+  "version": 3,
  "name": "TLDs as known by IANA"
 }
--- a/lists/url-shortener/list.json
+++ b/lists/url-shortener/list.json
@ -1,6 +1,6 @@
 {
  "name": "List of known URL Shorteners domains",
-  "version": 4,
+  "version": 5,
  "description": "Event contains one or more entries of known Shorteners domains",
  "matching_attributes": [
    "domain",
@ -9,9 +9,7 @@
    "url",
    "uri"
  ],
-  "type": [
-    "hostname"
-  ],
+  "type": "hostname",
  "list": [
    "1url.com",
    "adcraft.co",
--- a/lists/whats-my-ip/list.json
+++ b/lists/whats-my-ip/list.json
@ -1,6 +1,6 @@
 {
  "name": "List of known domains to know external IP",
-  "version": 2,
+  "version": 3,
  "description": "Event contains one or more entries of known 'what's is my ip' domains",
  "matching_attributes": [
    "domain",
@ -9,6 +9,7 @@
    "uri",
    "url"
  ],
+  "type": "hostname",
  "list": [
    "2ip.ru",
    "2ip.tools",
--- a/schema.json
+++ b/schema.json
@ -22,11 +22,13 @@
      }
    },
    "type": {
-      "type": "array",
-      "uniqueItems": true,
-      "items": {
-        "type": "string"
-      }
+      "type": "string",
+      "enum": [
+        "string",
+        "substring",
+        "hostname",
+        "cidr"
+      ]
    },
    "matching_attributes": {
      "type": "array",
@ -40,6 +42,7 @@
    "list",
    "description",
    "version",
-    "name"
+    "name",
+    "type"
  ]
 }