Documentation ¶
Overview ¶
Package stones is for STIX object validation
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ErrorsToString ¶
ErrorsToString converts a slice of errors to one error TODO: this is gross, how about a ValidationErrors type with a method to pretty print errors?
Types ¶
type AttackPattern ¶
type AttackPattern struct { Object AttackPatternProperites }
AttackPattern is a TTP (Tactic, technique, or procedure) that describes how advesaries attempt to compromise targets.
func NewAttackPattern ¶
func NewAttackPattern(name string) (ap AttackPattern, err error)
NewAttackPattern returns an AttackPattern object
func (*AttackPattern) UnmarshalJSON ¶
func (ap *AttackPattern) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the encoding/json Unmarshaler interface (https://golang.org/pkg/encoding/json/#Unmarshaler).
It will take JSON and deserialize to an Object. This should not be called directly, but instead json.Unmarshal(b []byte, v interface{}) should be used.
func (*AttackPattern) Valid ¶
func (ap *AttackPattern) Valid() (valid bool, errs []error)
Valid is called to check for STiX 2.0 specification conformance.
If the AttackPattern is invalid, it returns the list of errors from validation.
type AttackPatternProperites ¶
type AttackPatternProperites struct { Name string `json:"name" stones:"required"` Description string `json:"description,omitempty" stones:"optional"` KillChainPhases []KillChainPhase `json:"kill_chain_phases,omitempty" stones:"optional"` }
AttackPatternProperites defines the fields only used by this SDO
type Bundle ¶
type Bundle struct { // required Type string `json:"type" stones:"required"` ID Identifier `json:"id" stones:"required"` SpecVersion string `json:"spec_version" stones:"required"` Objects []json.RawMessage `json:"objects" stones:"optional"` }
Bundle is a collection of arbitrary STIX objects grouped in a container
func NewBundle ¶
NewBundle returns an empty STIX Bundle object (no objects).
It creates a new UUIDv4 and sets the Type, ID, and SpecVersion properties automatically.
type ExternalReference ¶
type ExternalReference struct { SourceName string `json:"source_name"` Description string `json:"description"` URL string `json:"url"` Hashes []string `json:"hashes"` ExternalID string `json:"external_id"` }
ExternalReference data type for pointing to references that are external to STIX
type Hashes ¶
Hashes represents 1 or more cryptographic hashes as key/value pairs hasing algorithm -> hash string
type Identifier ¶
Identifier represents a STIX Identifier Data Type.
Identifiers uniquely identify STIX Objects. They follow the form of <object type>--<uuid V4>.
The ID field is a v4 UUID
v4 UUID: 128 bit; 16 octets of 32 hexadecimal numbers String representation: 32 bit - 16 bit - 16 bit - 16 bit - 48 bit Example: 6ba7b810-9dad-11d1-80b4-00c04fd430c8
func IdentifierFromString ¶
func IdentifierFromString(s string) (id Identifier, err error)
IdentifierFromString takes a Identifier string representation and returns an Identifier struct.
func NewIdentifier ¶
func NewIdentifier(t string) (id Identifier, err error)
NewIdentifier takes a STIX Type string and returns an Identifier struct.
func (Identifier) MarshalJSON ¶
func (id Identifier) MarshalJSON() ([]byte, error)
MarshalJSON implements the encoding/json Marshaler interface (https://golang.org/pkg/encoding/json/#Marshaler)
It is used to serialize an Identifier into JSON format
func (*Identifier) String ¶
func (id *Identifier) String() string
func (*Identifier) UnmarshalJSON ¶
func (id *Identifier) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the encoding/json Unmarshaler interface (https://golang.org/pkg/encoding/json/#Unmarshaler).
It will take JSON and deserialize to an Object. This should not be called directly, but instead json.Unmarshal(b []byte, v interface{}) should be used.
func (*Identifier) Valid ¶
func (id *Identifier) Valid() (valid bool, errs []error)
Valid is called to check for STiX 2.0 specification conformance.
If the Identifier is invalid, it returns the list of errors from validation.
type KillChainPhase ¶
type KillChainPhase struct { KillChainName string `json:"kill_chain_name"` PhaseName string `json:"phase_name"` }
KillChainPhase represents a phase in a kill chain
func (*KillChainPhase) Valid ¶
func (k *KillChainPhase) Valid() (valid bool, errs []error)
Valid will run validation on a KillChainPhase
type Object ¶
type Object struct { ID Identifier `json:"id" stones:"required"` Type string `json:"type" stones:"required"` Created Timestamp `json:"created" stones:"required"` Modified Timestamp `json:"modified" stones:"required"` CreatedByRef Identifier `json:"created_by_ref,omitempty" stones:"optional"` Revoked bool `json:"revoked,omitempty" stones:"optional"` Labels []string `json:"labels,omitempty" stones:"optional"` ExternalReferences []ExternalReference `json:"external_references,omitempty" stones:"optional"` ObjectMarkingRefs []Identifier `json:"object_marking_refs,omitempty" stones:"optional"` GranularMarkings []string `json:"granular_markings,omitempty" stones:"optional"` Source []byte `stones:"optional"` }
Object is a generic STIX object with properties common to all SIIX objects.
func NewObject ¶
NewObject takes a STIX Type as a string and returns an Object with that Type and a new ID.
func ObjectFromBytes ¶
ObjectFromBytes takes a raw object in bytes and converts to an Object
func (*Object) UnmarshalJSON ¶
UnmarshalJSON implements the encoding/json Unmarshaler interface (https://golang.org/pkg/encoding/json/#Unmarshaler).
It will take JSON and deserialize to an Object. This should not be called directly, but instead json.Unmarshal(b []byte, v interface{}) should be used.
type Timestamp ¶
Timestamp represents a a STIX date/time format alias works (type Timestamp = time.Time) but can't extend it
func NewTimestamp ¶
func NewTimestamp() Timestamp
NewTimestamp returns a new Timestamp based on a timestamp string
func TimestampFromString ¶
TimestampFromString returns a new Timestamp based on a timestamp string
func (Timestamp) MarshalJSON ¶
MarshalJSON will serialize Timestamp into a JSON string
type Validatable ¶
Validatable defines the interface objects need to satisfy to be able to validate them selves