stones

package module
v0.0.0-...-2c30a47 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2019 License: MIT Imports: 7 Imported by: 8

README

Go Report Card Code Coverage Build Status Go Doc Go City Release

stones

A STIX 2.0 Validator and Creator written in Go

This is being written to separate STIX validation/processing from TAXII (github.com/pladdy/cabby).

Use cases

  • Serialize/Deserialize Bundles from JSON
  • Serialize/Deserialize Objects from JSON
  • Verify Bundles are valid
  • Verify Objects are valid
  • Validate objects based on their type
  • Return a generic object that has the attributes of its type?

Examples

Resources

Documentation

Overview

Package stones is for STIX object validation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ErrorsToString 

func ErrorsToString(errs []error) error

ErrorsToString converts a slice of errors to one error TODO: this is gross, how about a ValidationErrors type with a method to pretty print errors?

func Validate 

func Validate(b []byte) (bool, []error)

Validate will take a raw JSON object and run validation against it.

Types

type AttackPattern 

type AttackPattern struct {
	Object
	AttackPatternProperites
}

AttackPattern is a TTP (Tactic, technique, or procedure) that describes how advesaries attempt to compromise targets.

func NewAttackPattern 

func NewAttackPattern(name string) (ap AttackPattern, err error)

NewAttackPattern returns an AttackPattern object

func (*AttackPattern) UnmarshalJSON 

func (ap *AttackPattern) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the encoding/json Unmarshaler interface (https://golang.org/pkg/encoding/json/#Unmarshaler).

It will take JSON and deserialize to an Object. This should not be called directly, but instead json.Unmarshal(b []byte, v interface{}) should be used.

func (*AttackPattern) Valid 

func (ap *AttackPattern) Valid() (valid bool, errs []error)

Valid is called to check for STiX 2.0 specification conformance.

If the AttackPattern is invalid, it returns the list of errors from validation.

type AttackPatternProperites 

type AttackPatternProperites struct {
	Name            string           `json:"name" stones:"required"`
	Description     string           `json:"description,omitempty" stones:"optional"`
	KillChainPhases []KillChainPhase `json:"kill_chain_phases,omitempty" stones:"optional"`
}

AttackPatternProperites defines the fields only used by this SDO

type Bundle 

type Bundle struct {
	// required
	Type        string            `json:"type" stones:"required"`
	ID          Identifier        `json:"id" stones:"required"`
	SpecVersion string            `json:"spec_version" stones:"required"`
	Objects     []json.RawMessage `json:"objects" stones:"optional"`
}

Bundle is a collection of arbitrary STIX objects grouped in a container

func NewBundle 

func NewBundle() (b Bundle, err error)

NewBundle returns an empty STIX Bundle object (no objects).

It creates a new UUIDv4 and sets the Type, ID, and SpecVersion properties automatically.

func (*Bundle) AddObject 

func (b *Bundle) AddObject(o string)

AddObject adds an object to the Bundle. It expects a JSON string that will be appended as a json.RawMessage.

func (*Bundle) Valid 

func (b *Bundle) Valid() (valid bool, errs []error)

Valid is called to check for STiX 2.0 specification conformance.

If the Bundle is invalid, it returns the list of errors from validation.

type ExternalReference 

type ExternalReference struct {
	SourceName  string   `json:"source_name"`
	Description string   `json:"description"`
	URL         string   `json:"url"`
	Hashes      []string `json:"hashes"`
	ExternalID  string   `json:"external_id"`
}

ExternalReference data type for pointing to references that are external to STIX

type Hashes 

type Hashes map[string]string

Hashes represents 1 or more cryptographic hashes as key/value pairs hasing algorithm -> hash string

type Identifier 

type Identifier struct {
	Type string
	ID   uuid.UUID
}

Identifier represents a STIX Identifier Data Type.

Identifiers uniquely identify STIX Objects. They follow the form of <object type>--<uuid V4>.

The ID field is a v4 UUID 

v4 UUID:
  128 bit; 16 octets of 32 hexadecimal numbers
  String representation: 32 bit - 16 bit - 16 bit - 16 bit - 48 bit
  Example:               6ba7b810-9dad-11d1-80b4-00c04fd430c8

func IdentifierFromString 

func IdentifierFromString(s string) (id Identifier, err error)

IdentifierFromString takes a Identifier string representation and returns an Identifier struct.

func NewIdentifier 

func NewIdentifier(t string) (id Identifier, err error)

NewIdentifier takes a STIX Type string and returns an Identifier struct.

func (Identifier) MarshalJSON 

func (id Identifier) MarshalJSON() ([]byte, error)

MarshalJSON implements the encoding/json Marshaler interface (https://golang.org/pkg/encoding/json/#Marshaler)

It is used to serialize an Identifier into JSON format

func (*Identifier) String 

func (id *Identifier) String() string

func (*Identifier) UnmarshalJSON 

func (id *Identifier) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the encoding/json Unmarshaler interface (https://golang.org/pkg/encoding/json/#Unmarshaler).

It will take JSON and deserialize to an Object. This should not be called directly, but instead json.Unmarshal(b []byte, v interface{}) should be used.

func (*Identifier) Valid 

func (id *Identifier) Valid() (valid bool, errs []error)

Valid is called to check for STiX 2.0 specification conformance.

If the Identifier is invalid, it returns the list of errors from validation.

type KillChainPhase 

type KillChainPhase struct {
	KillChainName string `json:"kill_chain_name"`
	PhaseName     string `json:"phase_name"`
}

KillChainPhase represents a phase in a kill chain

func (*KillChainPhase) Valid 

func (k *KillChainPhase) Valid() (valid bool, errs []error)

Valid will run validation on a KillChainPhase

type Object 

type Object struct {
	ID                 Identifier          `json:"id" stones:"required"`
	Type               string              `json:"type" stones:"required"`
	Created            Timestamp           `json:"created" stones:"required"`
	Modified           Timestamp           `json:"modified" stones:"required"`
	CreatedByRef       Identifier          `json:"created_by_ref,omitempty" stones:"optional"`
	Revoked            bool                `json:"revoked,omitempty" stones:"optional"`
	Labels             []string            `json:"labels,omitempty" stones:"optional"`
	ExternalReferences []ExternalReference `json:"external_references,omitempty" stones:"optional"`
	ObjectMarkingRefs  []Identifier        `json:"object_marking_refs,omitempty" stones:"optional"`
	GranularMarkings   []string            `json:"granular_markings,omitempty" stones:"optional"`
	Source             []byte              `stones:"optional"`
}

Object is a generic STIX object with properties common to all SIIX objects.

func NewObject 

func NewObject(t string) (o Object, err error)

NewObject takes a STIX Type as a string and returns an Object with that Type and a new ID.

func ObjectFromBytes 

func ObjectFromBytes(b []byte) (Object, error)

ObjectFromBytes takes a raw object in bytes and converts to an Object

func (*Object) UnmarshalJSON 

func (o *Object) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the encoding/json Unmarshaler interface (https://golang.org/pkg/encoding/json/#Unmarshaler).

It will take JSON and deserialize to an Object. This should not be called directly, but instead json.Unmarshal(b []byte, v interface{}) should be used.

func (*Object) Valid 

func (o *Object) Valid() (valid bool, errs []error)

Valid is called to check for STiX 2.0 specification conformance.

If the Object is invalid, it returns the list of errors from validation.

type Timestamp 

type Timestamp struct {
	time.Time
}

Timestamp represents a a STIX date/time format alias works (type Timestamp = time.Time) but can't extend it

func NewTimestamp 

func NewTimestamp() Timestamp

NewTimestamp returns a new Timestamp based on a timestamp string

func TimestampFromString 

func TimestampFromString(s string) (Timestamp, error)

TimestampFromString returns a new Timestamp based on a timestamp string

func (Timestamp) MarshalJSON 

func (t Timestamp) MarshalJSON() ([]byte, error)

MarshalJSON will serialize Timestamp into a JSON string

func (*Timestamp) String 

func (t *Timestamp) String() string

type Validatable 

type Validatable interface {
	Valid() (bool, []error)
}

Validatable defines the interface objects need to satisfy to be able to validate them selves

type Validator 

type Validator interface {
	Valid() (bool, []error)
}

Validator specfies what methods each object should implement for validation

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.