Skip to content

Commit

Permalink
Merge pull request #164 from clenk/stix2.1
Browse files Browse the repository at this point in the history
Update stix2.1 branch to latest
  • Loading branch information
rpiazza authored Apr 4, 2024
2 parents 9d86da9 + 08cd340 commit 818be8a
Show file tree
Hide file tree
Showing 60 changed files with 75 additions and 67 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/python-ci-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ jobs:

name: Python 3.x Build
steps:
- uses: actions/checkout@v2
- name: Use Node.js 12.x
uses: actions/setup-node@v1
- uses: actions/checkout@v3
- name: Use Node.js 16
uses: actions/setup-node@v3
with:
node-version: '12.x'
node-version: 16
- name: Set up Python 3.x
uses: actions/setup-python@v2
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install and update essential dependencies
Expand Down
4 changes: 2 additions & 2 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## <a id="openParticipation">Public Participation Invited</a>

This [OASIS TC Open Repository](https://www.oasis-open.org/resources/open-repositories) ( **[github.com/oasis-open/cti-stix2-json-schemas](https://github.com/oasis-open/cti-stix2-json-schemas)** ) is a community public repository that supports participation by anyone, whether affiliated with OASIS or not. Substantive contributions (repository "code") and related feedback is invited from all parties, following the common conventions for participation in GitHub public repository projects. Participation is expected to be consistent with the [OASIS TC Open Repository Guidelines and Procedures](https://www.oasis-open.org/policies-guidelines/open-repositories), the [LICENSE](https://www.oasis-open.org/sites/www.oasis-open.org/files/BSD-3-Clause.txt) designated for this particular repository (BSD-3-Clause License), and the requirement for an [Individual Contributor License Agreement](https://www.oasis-open.org/resources/open-repositories/cla/individual-cla). Please see the repository [README](https://github.com/oasis-open/cti-stix2-json-schemas/blob/master/README.md) document for other details.
This [OASIS TC Open Repository](https://www.oasis-open.org/resources/open-repositories) ( **[github.com/oasis-open/cti-stix2-json-schemas](https://github.com/oasis-open/cti-stix2-json-schemas)** ) is a community public repository that supports participation by anyone, whether affiliated with OASIS or not. Substantive contributions (repository "code") and related feedback is invited from all parties, following the common conventions for participation in GitHub public repository projects. Participation is expected to be consistent with the [OASIS TC Open Repository Guidelines and Procedures](https://www.oasis-open.org/policies-guidelines/open-repositories), the [LICENSE](https://www.oasis-open.org/sites/www.oasis-open.org/files/BSD-3-Clause.txt) designated for this particular repository (BSD-3-Clause License), and the requirement for an [Individual Contributor License Agreement](https://cla-assistant.io/oasis-open/Open-Repo-admin). Please see the repository [README](https://github.com/oasis-open/cti-stix2-json-schemas/blob/master/README.md) document for other details.

## <a id="distinctRules">Governance Distinct from OASIS TC Process</a>

Expand All @@ -14,7 +14,7 @@ Because different licenses apply to the OASIS TC's specification work, and this

## <a id="contributionDefined">Contributions Subject to Individual CLA</a>

Formally, <a id="openRepoContribution">"contribution"</a> to this TC Open Repository refers to content merged into the "Code" repository (repository changes represented by code [commits](https://github.com/oasis-open/cti-stix2-json-schemas/commits/master)), following the GitHub definition of _[contributor](https://help.github.com/articles/github-glossary/#contributor)_: "someone who has contributed to a project by having a pull request merged but does not have collaborator [*i.e.*, direct write] access." Anyone who signs the TC Open Repository [Individual Contributor License Agreement (CLA)](https://www.oasis-open.org/resources/open-repositories/cla/individual-cla), signifying agreement with the licensing requirement, may contribute substantive content — subject to evaluation of a GitHub pull request. The main web page for this repository, as with any GitHub public repository, displays a link to a document listing contributions to the repository's default branch (filtered by Commits, Additions, and Deletions).
Formally, <a id="openRepoContribution">"contribution"</a> to this TC Open Repository refers to content merged into the "Code" repository (repository changes represented by code [commits](https://github.com/oasis-open/cti-stix2-json-schemas/commits/master)), following the GitHub definition of _[contributor](https://help.github.com/articles/github-glossary/#contributor)_: "someone who has contributed to a project by having a pull request merged but does not have collaborator [*i.e.*, direct write] access." Anyone who signs the TC Open Repository [Individual Contributor License Agreement (CLA)](https://cla-assistant.io/oasis-open/Open-Repo-admin), signifying agreement with the licensing requirement, may contribute substantive content — subject to evaluation of a GitHub pull request. The main web page for this repository, as with any GitHub public repository, displays a link to a document listing contributions to the repository's default branch (filtered by Commits, Additions, and Deletions).

This TC Open Repository, as with GitHub public repositories generally, also accepts public feedback from any GitHub user. Public feedback includes opening issues, authoring and editing comments, participating in conversations, making wiki edits, creating repository stars, and making suggestions via pull requests. Such feedback does not constitute an OASIS TC Open Repository [contribution](#openRepoContribution). Some details are presented under "Read permissions" in the table of [permission levels](https://help.github.com/articles/repository-permission-levels-for-an-organization/) for a GitHub organization. Technical content intended as a substantive contribution (repository "Code") to an TC Open Repository is subject to evaluation, and requires a signed Individual CLA.

Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ Initially, the associated TC members have designated one or more persons to serv

* [Jason Keirstead](mailto:[email protected]); GitHub ID: [https://github.com/JasonKeirstead](https://github.com/JasonKeirstead); WWW: [IBM](http://www.ibm.com/)
* [Emily Ratliff](mailto:[email protected]); GitHub ID: [https://github.com/ejratl](https://github.com/ejratl); WWW: [IBM](http://www.ibm.com/)
* [Duncan Sparrell](mailto:[email protected]); GitHub ID: [https://github.com/sparrell](https://github.com/sparrell); WWW: [sFractal](http://sfractal.com/)
* [Rich Piazza](mailto:[email protected]); GitHub ID: [https://github.com/rpiazza](https://github.com/rpiazza) WWW: [MITRE](http://www.mitre.org/)

## <a id="aboutOpenRepos">About OASIS TC Open Repositories</a>

Expand Down
4 changes: 2 additions & 2 deletions pattern_grammar/STIXPattern.g4
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// This is an ANTLR4 grammar for the STIX Patterning Language.
//
// http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part5-stix-patterning.html
// https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_e8slinrhxcc9

grammar STIXPattern;

Expand Down Expand Up @@ -50,7 +50,7 @@ propTest
| objectPath NOT? ISSUBSET StringLiteral # propTestIsSubset
| objectPath NOT? ISSUPERSET StringLiteral # propTestIsSuperset
| LPAREN comparisonExpression RPAREN # propTestParen
| EXISTS objectPath # propTestExists
| NOT? EXISTS objectPath # propTestExists
;

startStopQualifier
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/binary.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/binary.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "binary",
"description": "The ​binary data type represents a sequence of bytes. In order to allow pattern matching on custom objects, for all properties that use the binary type, the property name MUST end with '_bin'. The JSON MTI serialization represents this as a base64-­encoded string as specified in RFC4648​. Other serializations SHOULD use a native binary type, if available.",
"type": "string",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/bundle.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/bundle.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "bundle",
"description": "A Bundle is a collection of arbitrary STIX Objects and Marking Definitions grouped together in a single container.",
"type": "object",
Expand Down
7 changes: 6 additions & 1 deletion schemas/common/core.json
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,11 @@
"type": "object",
"minProperties": 1,
"patternProperties": {
"^([a-z][a-z0-9]*)+(-[a-z0-9]+)*\\-ext$": {
"type": "object",
"minProperties": 1,
"allOf": [{ "$ref": "../common/properties.json" }]
},
"^extension-definition--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$": {
"allOf": [{ "$ref": "../common/extension.json" }]
}
Expand Down Expand Up @@ -148,4 +153,4 @@
"created",
"modified"
]
}
}
2 changes: 1 addition & 1 deletion schemas/common/cyber-observable-core.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/cyber-observable-core.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "cyber-observable-core",
"description": "Common properties and behavior across all Cyber Observable Objects.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/dictionary.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/dictionary.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "dictionary",
"description": "A dictionary captures a set of key/value pairs",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/extension-definition.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension-definition.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "extension-definition",
"description": "The STIX Extension Definition object allows producers of threat intelligence to extend existing STIX objects or to create entirely new STIX objects in a standardized way.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/extension.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/extension.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"minProperties": 1,
"properties": {
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/external-reference.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/external-reference.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "external-reference",
"description": "External references are used to describe pointers to information represented outside of STIX.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/granular-marking.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/granular-marking.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "granular-marking",
"description": "The granular-marking type defines how the list of marking-definition objects referenced by the marking_refs property to apply to a set of content identified by the list of selectors in the selectors property.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/hashes-type.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hashes-type.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "hashes",
"description": "The Hashes type represents one or more cryptographic hashes, as a special set of key/value pairs",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/hex.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/hex.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "hex",
"description": "The hex data type encodes an array of octets (8-bit bytes) as hexadecimal. The string MUST consist of an even number of hexadecimal characters, which are the digits '0' through '9' and the letters 'a' through 'f'. In order to allow pattern matching on custom objects, all properties that use the hex type, the property name MUST end with '_hex'.",
"type": "string",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/identifier.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/identifier.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "identifier",
"description": "Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.",
"type": "string",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/kill-chain-phase.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/kill-chain-phase.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "kill-chain-phase",
"description": "The kill-chain-phase represents a phase in a kill chain.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/language-content.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/language-content.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "language-content",
"description": "The language-content object represents text content for STIX Objects represented in languages other than that of the original object.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/marking-definition.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/marking-definition.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "marking-definition",
"description": "The marking-definition object represents a specific marking.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/properties.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/properties.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "properties",
"description": "Rules for custom properties",
"patternProperties": {
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/timestamp.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/timestamp.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "timestamp",
"description": "Represents timestamps across the CTI specifications. The format is an RFC3339 timestamp, with a required timezone specification of 'Z'.",
"type": "string",
Expand Down
2 changes: 1 addition & 1 deletion schemas/common/url-regex.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/url-regex.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "url-regex",
"description": "Matches a URI according to RFC 3986.",
"type": "string",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/artifact.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/artifact.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "artifact",
"description": "The Artifact Object permits capturing an array of bytes (8-bits), as a base64-encoded string string, or linking to a file-like payload.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/autonomous-system.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/autonomous-system.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "autonomous-system",
"description": "The AS object represents the properties of an Autonomous Systems (AS).",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/directory.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/directory.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "directory",
"description": "The Directory Object represents the properties common to a file system directory.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/domain-name.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/domain-name.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "domain-name",
"description": "The Domain Name represents the properties of a network domain name.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/email-addr.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-addr.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "email-addr",
"description": "The Email Address Object represents a single email address.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/email-message.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/email-message.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "email-message",
"description": "The Email Message Object represents an instance of an email message.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/file.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/file.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "file",
"description": "The File Object represents the properties of a file.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/ipv4-addr.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv4-addr.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "ipv4-addr",
"description": "The IPv4 Address Object represents one or more IPv4 addresses expressed using CIDR notation.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/ipv6-addr.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/ipv6-addr.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "ipv6-addr",
"description": "The IPv6 Address Object represents one or more IPv6 addresses expressed using CIDR notation.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/mac-addr.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mac-addr.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "mac-addr",
"description": "The MAC Address Object represents a single Media Access Control (MAC) address.",
"type": "object",
Expand Down
2 changes: 1 addition & 1 deletion schemas/observables/mutex.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"$id": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/mutex.json",
"$schema": "http://json-schema.org/draft/2020-12/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "mutex",
"description": "The Mutex Object represents the properties of a mutual exclusion (mutex) object.",
"type": "object",
Expand Down
Loading

0 comments on commit 818be8a

Please sign in to comment.