From 2b2ce09b3b2e98cb4ff19d9c9529b52727a60e72 Mon Sep 17 00:00:00 2001 From: Rich Piazza Date: Thu, 5 Dec 2024 20:44:24 -0500 Subject: [PATCH] update to 2020-12, use relative paths for --- .../artifact-805/artifact.json | 32 ------- ...-8053ffa0-dec7-4aef-870e-a56d0082cf69.json | 59 ++++++------ ...-8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1.json | 2 +- ...-d57b7c9c-7fa6-436b-b82c-8e6f69cdc3d0.json | 2 +- .../malware-behavior.json | 2 +- .../malware-extension.json | 89 ++++++++++--------- .../malware-behavior-8e9/malware-method.json | 4 +- .../malware-objective.json | 4 +- .../object-definition.json | 2 +- 9 files changed, 89 insertions(+), 107 deletions(-) delete mode 100644 extension-definition-specifications/artifact-805/artifact.json diff --git a/extension-definition-specifications/artifact-805/artifact.json b/extension-definition-specifications/artifact-805/artifact.json deleted file mode 100644 index cc88da26b78..00000000000 --- a/extension-definition-specifications/artifact-805/artifact.json +++ /dev/null @@ -1,32 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema#", - "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/artifact-805/artifact.json", - "title": "malware-sample-artifact-extension", - "description": "An extension of the Artifact object to allow capture of malware samples.", - "type": "object", - "properties": { - "extensions": { - "type": "object", - "properties": { - "extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69": { - "type": "object", - "properties": {"extension_type": { - "type": "string", - "description": "Defined by STIX 2.1 extension definition rules from 'extension-type-enum'.", - "enum": ["toplevel-property-extension"] - }}, - "required": ["extension_type"] - }, - "required": ["extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69"] - } - }, - "is_safe": { - "type": "boolean", - "description": "Indicates whether the artifact is safe, i.e., can be opened or processed without risking harm or infection. The default value is false." - } - }, - "required": [ - "extensions", - "is_safe" - ] -} diff --git a/extension-definition-specifications/artifact-805/extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69.json b/extension-definition-specifications/artifact-805/extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69.json index 86d24745424..7efcdde3216 100644 --- a/extension-definition-specifications/artifact-805/extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69.json +++ b/extension-definition-specifications/artifact-805/extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69.json @@ -1,32 +1,39 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/artifact-805/extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69.json", "title": "malware-sample-artifact-extension", "description": "An extension of the Artifact object to allow capture of malware samples.", "type": "object", - "properties": { - "extensions": { - "type": "object", - "properties": { - "extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69": { - "type": "object", - "properties": {"extension_type": { - "type": "string", - "description": "Defined by STIX 2.1 extension definition rules from 'extension-type-enum'.", - "enum": ["toplevel-property-extension"] - }}, - "required": ["extension_type"] - }, - "required": ["extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69"] - } - }, - "is_safe": { - "type": "boolean", - "description": "Indicates whether the artifact is safe, i.e., can be opened or processed without risking harm or infection. The default value is false." - } - }, - "required": [ - "extensions", - "is_safe" - ] + "allOf:": [ + { + "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/artifact.json" + }, + { + "properties": { + "extensions": { + "type": "object", + "properties": { + "extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69": { + "type": "object", + "properties": {"extension_type": { + "type": "string", + "description": "Defined by STIX 2.1 extension definition rules from 'extension-type-enum'.", + "enum": ["toplevel-property-extension"] + }}, + "required": ["extension_type"] + }, + "required": ["extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69"] + } + }, + "is_safe": { + "type": "boolean", + "description": "Indicates whether the artifact is safe, i.e., can be opened or processed without risking harm or infection. The default value is false." + } + }, + "required": [ + "extensions", + "is_safe" + ] + } + ] } diff --git a/extension-definition-specifications/malware-behavior-8e9/extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1.json b/extension-definition-specifications/malware-behavior-8e9/extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1.json index cbabb6533c0..274cd535c2f 100644 --- a/extension-definition-specifications/malware-behavior-8e9/extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1.json +++ b/extension-definition-specifications/malware-behavior-8e9/extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1.json @@ -15,7 +15,7 @@ "properties": { "extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1": { "type": "object", - "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/malware-extension.json" + "$ref": "malware-extension.json" } }, "required": ["extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1"] diff --git a/extension-definition-specifications/malware-behavior-8e9/extension-definition--d57b7c9c-7fa6-436b-b82c-8e6f69cdc3d0.json b/extension-definition-specifications/malware-behavior-8e9/extension-definition--d57b7c9c-7fa6-436b-b82c-8e6f69cdc3d0.json index 49cf8630531..1c3f9ef4dc0 100644 --- a/extension-definition-specifications/malware-behavior-8e9/extension-definition--d57b7c9c-7fa6-436b-b82c-8e6f69cdc3d0.json +++ b/extension-definition-specifications/malware-behavior-8e9/extension-definition--d57b7c9c-7fa6-436b-b82c-8e6f69cdc3d0.json @@ -1,5 +1,5 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/extension-definition--d57b7c9c-7fa6-436b-b82c-8e6f69cdc3d0.json", "title": "Malware Behavior Extension", "description": "This schema defines new SDOs to capture malware behaviors.", diff --git a/extension-definition-specifications/malware-behavior-8e9/malware-behavior.json b/extension-definition-specifications/malware-behavior-8e9/malware-behavior.json index 287fbf5dc41..2940ec81091 100644 --- a/extension-definition-specifications/malware-behavior-8e9/malware-behavior.json +++ b/extension-definition-specifications/malware-behavior-8e9/malware-behavior.json @@ -1,5 +1,5 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/malware-behavior.json", "title": "malware-behavior", "description": "malware-behavior SDO", diff --git a/extension-definition-specifications/malware-behavior-8e9/malware-extension.json b/extension-definition-specifications/malware-behavior-8e9/malware-extension.json index 860202620d5..c16049743c9 100644 --- a/extension-definition-specifications/malware-behavior-8e9/malware-extension.json +++ b/extension-definition-specifications/malware-behavior-8e9/malware-extension.json @@ -1,46 +1,53 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/malware-extension.json", "title": "Malware extension for Malware Behavior", "description": "Extension to the malware object to support Malware Behavior", - "properties": { - "extension_type": { - "type": "string", - "enum": [ - "property-extension" - ] - }, - "obj_defn": { - "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/object-definition.json" - }, - "year": { - "description": "This property denotes the year the malware instance or family was first seen.", - "type": "string", - "pattern": "^\\d{4}$" - }, - "platforms": { - "description": "This property denotes the operating system affected by the malware. The values for this property SHOULD come from the os-type-ov open vocabulary.", - "type": "array", - "item": { - "type": "string" - }, - "minItems": 1, - "$comment": "not required, but if used, there must be 1 item" - } - }, - "required": [ - "obj_defn" - ], - "definitions": { - "os-type-ov": { - "type": "string", - "enum": [ - "android", - "ios", - "linux", - "macos", - "windows" - ] - } - } + "allOf:": [ + { + "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/sdos/malware.json" + }, + { + "properties": { + "extension_type": { + "type": "string", + "enum": [ + "property-extension" + ] + }, + "obj_defn": { + "$ref": "object-definition.json" + }, + "year": { + "description": "This property denotes the year the malware instance or family was first seen.", + "type": "string", + "pattern": "^\\d{4}$" + }, + "platforms": { + "description": "This property denotes the operating system affected by the malware. The values for this property SHOULD come from the os-type-ov open vocabulary.", + "type": "array", + "item": { + "type": "string" + }, + "minItems": 1, + "$comment": "not required, but if used, there must be 1 item" + } + }, + "required": [ + "obj_defn" + ], + "definitions": { + "os-type-ov": { + "type": "string", + "enum": [ + "android", + "ios", + "linux", + "macos", + "windows" + ] + } + } + } + ] } diff --git a/extension-definition-specifications/malware-behavior-8e9/malware-method.json b/extension-definition-specifications/malware-behavior-8e9/malware-method.json index 383bf20af9f..b8153b081a2 100644 --- a/extension-definition-specifications/malware-behavior-8e9/malware-method.json +++ b/extension-definition-specifications/malware-behavior-8e9/malware-method.json @@ -1,5 +1,5 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/malware-method.json", "title": "malware-method", "description": "malware-method SDO", @@ -25,7 +25,7 @@ "description": "The name of the behavior (e.g., Request Email Address List)." }, "obj_defn": { - "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/object-definition.json" + "$ref": "object-definition.json" }, "behavior_ref": { "allOf": [ diff --git a/extension-definition-specifications/malware-behavior-8e9/malware-objective.json b/extension-definition-specifications/malware-behavior-8e9/malware-objective.json index 7f1736c8479..70f0131a3b7 100644 --- a/extension-definition-specifications/malware-behavior-8e9/malware-objective.json +++ b/extension-definition-specifications/malware-behavior-8e9/malware-objective.json @@ -1,5 +1,5 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/malware-objective.json", "title": "malware-objective", "description": "malware-objective SDO", @@ -25,7 +25,7 @@ "description": "The name of the behavior (e.g., Request Email Address List)." }, "obj_defn": { - "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/object-definition.json" + "$ref": "object-definition.json" } } } diff --git a/extension-definition-specifications/malware-behavior-8e9/object-definition.json b/extension-definition-specifications/malware-behavior-8e9/object-definition.json index 2d8ac83b571..0583307c834 100644 --- a/extension-definition-specifications/malware-behavior-8e9/object-definition.json +++ b/extension-definition-specifications/malware-behavior-8e9/object-definition.json @@ -1,5 +1,5 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior/object-definition.json", "title": "object-definition", "properties": {