From bffb04d465a058ca9a07f876af861e6a99a03453 Mon Sep 17 00:00:00 2001 From: Rich Piazza Date: Wed, 6 Mar 2024 13:43:31 -0500 Subject: [PATCH 1/4] fix identity extension schema --- .../organization_contact_example.json | 1 - ...-66e2492a-bbd3-4be6-88f5-cc91a017a498.json | 269 ++++++++++-------- 2 files changed, 147 insertions(+), 123 deletions(-) diff --git a/extension-definition-specifications/identity-66e/examples/organization_contact_example.json b/extension-definition-specifications/identity-66e/examples/organization_contact_example.json index bef1bcf8bde..aebe896a425 100644 --- a/extension-definition-specifications/identity-66e/examples/organization_contact_example.json +++ b/extension-definition-specifications/identity-66e/examples/organization_contact_example.json @@ -11,7 +11,6 @@ "name": "Test Company", "description": "a company", "identity_class": "organization", - "contact_information": "info@testcompany.com", "extensions": { "extension-definition--66e2492a-bbd3-4be6-88f5-cc91a017a498": { "extension_type": "property-extension", diff --git a/extension-definition-specifications/identity-66e/extension-definition--66e2492a-bbd3-4be6-88f5-cc91a017a498.json b/extension-definition-specifications/identity-66e/extension-definition--66e2492a-bbd3-4be6-88f5-cc91a017a498.json index 87c9b03971e..c1b3345d857 100644 --- a/extension-definition-specifications/identity-66e/extension-definition--66e2492a-bbd3-4be6-88f5-cc91a017a498.json +++ b/extension-definition-specifications/identity-66e/extension-definition--66e2492a-bbd3-4be6-88f5-cc91a017a498.json @@ -1,152 +1,177 @@ { - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/identity-66e/extension-definition--66e2492a-bbd3-4be6-88f5-cc91a017a498.json", - "title": "Identity Contact Information", - "description": "This extension allows contact information to be included in identities in a manner that allows them to be machine parsable.", - "type": "object", - "required": [ - "extension_type" - ], - "minProperties": 2, - "additionalProperties": false, - "properties": { - "extension_type": { - "type": "string", - "description": "Defined by STIX 2.1 extension definition rules from 'extension-type-enum'.", - "enum": [ - "property-extension" - ] - }, - "contact_numbers": { - "type": "array", - "description": "A list of contact number objects that contain the phone and fax numbers.", - "minItems": 1, - "additionalProperties": false, - "items": { - "type": "object", - "required": ["contact_number", "contact_number_type"], - "properties": { - "contact_number": { + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/identity-66e/extension-definition--66e2492a-bbd3-4be6-88f5-cc91a017a498.json", + "title": "Identity Contact Information", + "description": "This extension allows contact information to be included in identities in a manner that allows them to be machine parsable.", + "type": "object", + "allOf": [ + { + "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/identity.json" + }, + { + "properties": { + "extensions": { + "additionalProperties": true, + "properties": { + "extension-definition--66e2492a-bbd3-4be6-88f5-cc91a017a498": { + "type": "object", + "additionalProperties": false, + "required": [ + "extension_type" + ], + "properties": { + "extension_type": { + "type": "string", + "description": "Defined by STIX 2.1 extension definition rules from 'extension-type-enum'.", + "enum": [ + "property-extension" + ] + }, + "contact_numbers": { + "type": "array", + "description": "A list of contact number objects that contain the phone and fax numbers.", + "minItems": 1, + "additionalProperties": false, + "items": { + "type": "object", + "required": [ + "contact_number", + "contact_number_type" + ], + "properties": { + "contact_number": { "type": "string", "description": "The contact number. Typically a phone number." - }, - "classified": { - "type": "boolean", - "default": false, - "description": "Can be used to reach the individual on a classified phone." - }, - "contact_number_type": { + }, + "classified": { + "type": "boolean", + "default": false, + "description": "Can be used to reach the individual on a classified phone." + }, + "contact_number_type": { "type": "string", "description": "The type of number this is used for. This SHOULD be drawn from contact-number-ov." - }, - "description": { + }, + "description": { "type": "string", "description": "An additional description for the phone number and its purpose" + } } - } - } - }, - "email_addresses": { - "type": "array", - "description": "A list of contact number objects that contain the phone and fax numbers.", - "minItems": 1, - "additionalProperties": false, - "items": { - "type": "object", - "required": ["email_address_ref", "digital_contact_type"], - "properties": { - "email_address_ref": { + } + }, + "email_addresses": { + "type": "array", + "description": "A list of contact number objects that contain the phone and fax numbers.", + "minItems": 1, + "additionalProperties": false, + "items": { + "type": "object", + "properties": { + "email_address_ref": { "type": "string", "description": "A reference to the email address itself", "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/identifier.json", "pattern": "^email-addr--" - }, - "classified": { - "type": "boolean", - "default": false, - "description": "Can be used to reach the individual on a classified network." - }, - "digital_contact_type": { + }, + "classified": { + "type": "boolean", + "default": false, + "description": "Can be used to reach the individual on a classified network." + }, + "digital_contact_type": { "type": "string", "description": "The type of email that address is used for. This SHOULD be drawn from digital-contact-ov." - }, - "description": { + }, + "description": { "type": "string", "description": "An additional description for the email and its purpose" - } - } - } - }, - "social_media_accounts": { - "type": "array", - "description": "A list of contact number objects that contain the phone and fax numbers.", - "minItems": 1, - "additionalProperties": false, - "items": { - "type": "object", - "required": ["user_account_ref", "digital_contact_type"], - "properties": { - "user_account_ref": { + } + }, + "required": [ + "email_address_ref", + "digital_contact_type" + ] + } + }, + "social_media_accounts": { + "type": "array", + "description": "A list of contact number objects that contain the phone and fax numbers.", + "minItems": 1, + "additionalProperties": false, + "items": { + "type": "object", + "required": [ + "user_account_ref", + "digital_contact_type" + ], + "properties": { + "user_account_ref": { "type": "string", "description": "A reference to the social media account itself", - "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/sdos/identity.json", + "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/identifier.json", "pattern": "^user-account--" - }, - "classified": { - "type": "boolean", - "default": false, - "description": "Can be used to reach the individual on a classified network." - }, - "digital_contact_type": { + }, + "classified": { + "type": "boolean", + "default": false, + "description": "Can be used to reach the individual on a classified network." + }, + "digital_contact_type": { "type": "string", "description": "The type of social media account that relates to. This SHOULD be drawn from digital-contact-ov." - }, - "description": { + }, + "description": { "type": "string", "description": "An additional description for the social media account and its purpose" + } } + } + }, + "first_name": { + "type": "string", + "description": "The first name of an individual" + }, + "last_name": { + "type": "string", + "description": "The last name of an individual" + }, + "middle_name": { + "type": "string", + "description": "The middle name of an individual" + }, + "prefix": { + "type": "string", + "description": "A prefix or title for an individual such as “Mr” or “Ms”" + }, + "suffix": { + "type": "string", + "description": "A suffix for the individual such as “PhD”" } + } } - }, - "first_name": { - "type": "string", - "description": "The first name of an individual" - }, - "last_name": { - "type": "string", - "description": "The last name of an individual" - }, - "middle_name": { - "type": "string", - "description": "The middle name of an individual" - }, - "prefix": { - "type": "string", - "description": "A prefix or title for an individual such as “Mr” or “Ms”" - }, - "suffix": { - "type": "string", - "description": "A suffix for the individual such as “PhD”" + } } + } + } + ], + "definitions": { + "contact-number-ov": { + "type": "string", + "enum": [ + "personal-landline-phone", + "personal-mobile-phone", + "personal-fax", + "work-phone", + "work-fax" + ] }, - "defs": { - "contact-number-ov": { - "type": "string", - "enum": [ - "personal-landline-phone", - "personal-mobile-phone", - "personal-fax", - "work-phone", - "work-fax" - ] - }, - "digital-number-ov": { - "type": "string", - "enum": [ - "organizational", - "personal", - "work" - ] - } + "digital-number-ov": { + "type": "string", + "enum": [ + "organizational", + "personal", + "work" + ] } + } } From 25af5ea4669caa8c3c52ef11504253ac818ebb11 Mon Sep 17 00:00:00 2001 From: Rich Piazza Date: Wed, 6 Mar 2024 16:00:59 -0500 Subject: [PATCH 2/4] fix observed-string schema --- .../examples/mission_id.json | 6 +-- ...-8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json | 35 +++++++++++---- .../observed-string-8b1/observed-string.json | 44 ------------------- 3 files changed, 30 insertions(+), 55 deletions(-) delete mode 100644 extension-definition-specifications/observed-string-8b1/observed-string.json diff --git a/extension-definition-specifications/observed-string-8b1/examples/mission_id.json b/extension-definition-specifications/observed-string-8b1/examples/mission_id.json index 405629a1447..93032c4b8b5 100644 --- a/extension-definition-specifications/observed-string-8b1/examples/mission_id.json +++ b/extension-definition-specifications/observed-string-8b1/examples/mission_id.json @@ -6,7 +6,7 @@ "purpose": "mission-id", "extensions": { "extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d": { - "extension_type": "new-sco" - } + "extension_type": "new-sco" } - } \ No newline at end of file + } +} diff --git a/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json b/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json index 04250a2d002..b87b6508ca4 100644 --- a/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json +++ b/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json @@ -6,7 +6,7 @@ "type": "object", "allOf": [ { - "$ref": "http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/cyber-observerable-core.json" + "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/schemas/common/cyber-observable-core.json" }, { "properties": { @@ -15,14 +15,33 @@ "properties": { "extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d": { "type": "object", - "$ref": "observed-string.json" - } - } - } + "additionalProperties": false, + "properties": { + "extension_type": { + "type": "string", + "const": "new-sco" + } + }, + "required": [ + "extension_type" + ] + } + } }, - "required": [ - "extensions" - ] + "purpose": { + "type": "string", + "description": "What this string is used for" + }, + "value": { + "type": "string", + "description": "The Unicode encoded value of the string. It SHOULD come from string-purpose-ov" + }, + "required": [ + "extensions", + "purpose", + "value" + ] + } } ] } diff --git a/extension-definition-specifications/observed-string-8b1/observed-string.json b/extension-definition-specifications/observed-string-8b1/observed-string.json deleted file mode 100644 index 296246ffb0e..00000000000 --- a/extension-definition-specifications/observed-string-8b1/observed-string.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/observed-string-8b1/observed-string.json", - "$schema": "http://json-schema.org/draft-07/schema#", - "title": "observed-string-extension-schema", - "description": "This is the observed-string extension schema", - "type": "object", - "properties": { - "extension_type": { - "type": "string", - "enum": [ - "property-extension" - ] - }, - "purpose": { - "type": "string", - "description": "What this string is used for" - }, - "value": { - "type": "string", - "description": "The Unicode encoded value of the string. It SHOULD come from string-purpose-ov" - } - }, - "required": [ - "extension_type", - "purpose", - "value" - ], - "additionalProperties": false, - "definitions": { - "string-purpose-ov": { - "type": "string", - "enum": [ - "decoded", - "document-text", - "gui-text", - "mission-id", - "pipe", - "unknown", - "user-agent", - "uuid" - ] - } - } -} From 60621c848a48d30f65b69ddc7ddc4d8ac5b0452d Mon Sep 17 00:00:00 2001 From: Rich Piazza Date: Wed, 6 Mar 2024 17:50:21 -0500 Subject: [PATCH 3/4] update json schema version for observed string extension --- ...ension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json b/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json index b87b6508ca4..29405a15f9a 100644 --- a/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json +++ b/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json @@ -1,6 +1,6 @@ { "$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json", - "$schema": "http://json-schema.org/draft-07/schema#", + "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "observed-string-extension-schema", "description": "This is the wrapper for the observed-strings extension", "type": "object", From bedc63391a1d0cc502445a464c2f9a8b05228474 Mon Sep 17 00:00:00 2001 From: Rich Piazza Date: Wed, 13 Mar 2024 20:51:10 -0400 Subject: [PATCH 4/4] Update extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json Co-authored-by: Chris Lenk --- ...ension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json b/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json index 29405a15f9a..d0980510d7b 100644 --- a/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json +++ b/extension-definition-specifications/observed-string-8b1/extension-definition--8b1aa84c-5532-4c69-a8e7-b6170facfd3d.json @@ -6,7 +6,7 @@ "type": "object", "allOf": [ { - "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/schemas/common/cyber-observable-core.json" + "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/common/cyber-observable-core.json" }, { "properties": {