UNPKG

sra-stix2-validator

Version:

stix 2.0 validator

github.com/SecurityRiskAdvisors/sra-stix2-validator

SecurityRiskAdvisors/sra-stix2-validator

188 lines 7.44 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
{ "$id": "../observables/email-message.json", "$schema": "http://json-schema.org/draft-06/schema#", "title": "email-message", "description": "The Email Message Object represents an instance of an email message.", "type": "object", "allOf": [ { "$ref": "../common/cyber-observable-core.json" }, { "properties": { "type": { "type": "string", "description": "The value of this property MUST be `email-message`.", "const": "email-message" }, "date": { "$ref": "../common/timestamp.json", "description": "Specifies the date/time that the email message was sent." }, "content_type": { "type": "string", "description": "Specifies the value of the 'Content-Type' header of the email message." }, "from_ref": { "type": "string", "description": "Specifies the value of the 'From:' header of the email message." }, "sender_ref": { "type": "string", "description": "Specifies the value of the 'From' field of the email message" }, "to_refs": { "type": "array", "description": "Specifies the mailboxes that are 'To:' recipients of the email message", "items": { "type": "string" } }, "cc_refs": { "type": "array", "description": "Specifies the mailboxes that are 'CC:' recipients of the email message", "items": { "type": "string" } }, "bcc_refs": { "type": "array", "description": "Specifies the mailboxes that are 'BCC:' recipients of the email message.", "items": { "type": "string" } }, "subject": { "type": "string", "description": "Specifies the subject of the email message." }, "received_lines": { "type": "array", "description": "Specifies one or more Received header fields that may be included in the email headers.", "items": { "type": "string" } }, "additional_header_fields": { "$ref": "#/definitions/email-additional-header-fields", "description": "Specifies any other header fields found in the email message, as a dictionary." }, "raw_email_ref": { "type": "string", "description": "Specifies the raw binary contents of the email message, including both the headers and body, as a reference to an Artifact Object." } } } ], "oneOf": [ { "properties": { "is_multipart": { "type": "boolean", "const": false, "description": "Indicates whether the email body contains multiple MIME parts." }, "body": { "type": "string", "description": "Specifies a string containing the email body. This field MAY only be used if is_multipart is false." } }, "required": [ "is_multipart" ], "not": { "required": [ "body_multipart" ] } }, { "properties": { "is_multipart": { "type": "boolean", "const": true, "description": "Indicates whether the email body contains multiple MIME parts." }, "body_multipart": { "type": "array", "description": "Specifies a list of the MIME parts that make up the email body. This property MAY only be used if is_multipart is true.", "items": { "$ref": "#/definitions/mime-part-type" } } }, "required": [ "is_multipart" ], "not": { "required": [ "body" ] } } ], "definitions": { "mime-part-type": { "type": "object", "description": "Specifies a component of a multi-part email body.", "properties": { "body": { "type": "string", "description": "Specifies the contents of the MIME part if the content_type is not provided OR starts with text/" }, "body_raw_ref": { "type": "string", "description": "Specifies the contents of non-textual MIME parts, that is those whose content_type does not start with text/, as a reference to an Artifact Object or File Object." }, "content_type": { "type": "string", "description": "Specifies the value of the 'Content-Type' header field of the MIME part." }, "content_disposition": { "type": "string", "description": "Specifies the value of the 'Content-Disposition' header field of the MIME part." } }, "oneOf": [ { "required": [ "body" ] }, { "required": [ "body_raw_ref" ] } ] }, "email-additional-header-fields": { "type": "object", "description": "Specifies any other header fields (except for date, received_lines, content_type, from_ref, sender_ref, to_refs, cc_refs, bcc_refs, and subject) found in the email message, as a dictionary.", "not": { "patternProperties": { "^date|received_lines|content_type|from_ref|sender_ref|to_refs|cc_refs|bcc_refs|subject$": { "description": "Invalid additional header field types" } }, "additionalProperties": false }, "patternProperties": { "^[a-zA-Z0-9_-]{3,256}$": { "oneOf": [ { "type": "array", "items": { "type": "string" }, "minItems": 2 }, { "type": "string" } ] } } } } }