Skip to content

Commit

Permalink
Merge pull request #167 from openmorse/bugfix/182-do-not-allow-sdo-in…
Browse files Browse the repository at this point in the history
…-sco-obj-ref-prop

Adds allow/deny to object_refs to prevent SDOs as refs in observed data
  • Loading branch information
rpiazza authored Oct 22, 2024
2 parents 688248b + 093eb8f commit 31eb60d
Showing 1 changed file with 19 additions and 2 deletions.
21 changes: 19 additions & 2 deletions schemas/sdos/observed-data.json
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,24 @@
"type": "array",
"description": "A list of SCOs and SROs representing the observation.",
"items": {
"$ref": "../common/identifier.json"
"type" : "string",
"anyOf": [
{
"allOf": [
{
"$ref": "../common/identifier.json"
},
{
"not": {
"pattern": "^(attack-pattern|campaign|course-of-action|grouping|identity|incident|indicator|infrastructure|intrusion-set|location|malware-analysis|malware|note|observed-data|opinion|report|threat-actor|tool|vulnerability)"
}
}
]
},
{
"pattern": "^(autonomous-system--|directory--|domain-name--|email-addr--|email-message--|file--|ipv4-addr--|ipv6-addr--|mac-addr--|mutex--|network-traffic--|process--|software--|url--|user-account--|windows-registry-key--|x509-certificate--|relationship--|sighting--)"
}
]
},
"minItems": 1
}
Expand All @@ -147,4 +164,4 @@
]
}
]
}
}

0 comments on commit 31eb60d

Please sign in to comment.