search

OpenCTI-Platform / opencti

Open Cyber Threat Intelligence Platform
https://opencti.io
Other
5.12k stars 813 forks source link

Domain name values should be case insensitive #7311

Open SamuelHassine opened 2 weeks ago

SamuelHassine commented 2 weeks ago

Description

Create domain 1: Google.com Create domain 2: google.com

=> Duplicate

SarahBocognano commented 2 weeks ago

What about url, email adress, hostname ? And is there others that are case sensitive ?

richard-julien commented 2 weeks ago

In my memories i have implemented the STIX specification. They explicitly describe that the data must be canonicalize but nothing about removing the case.

The value of the name portion SHOULD be the list of "ID Contributing Properties" (property-name and property value pairs) as defined on each SCO object and SHOULD be represented as a JSON object that is then serialized / stringified according to [
[RFC8785](https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#kvy09cwtcw71)
] to ensure a canonical representation of the JSON data.

@SamuelHassine, I think the solution will be to lowercase the value before creating the standard_id instead of changing the way the standard_id is generated.