Is it possible to disable validation, or allow additional labels?

[sean-scott-lr]

Hello, I am trying to use this project to parse stix2.0 from a variety of taxii endpoints. Initially I am testing with an anomali feed.

The issue is that with this feed:

https://limo.anomali.com/api/v1/taxii2/feeds/collections/107/objects/ ( You need to set the Authorization header for a basic auth credential user and pass are both "guest" )

Anyway, it returns some objects that look like this

        {
            "created": "2016-02-26T18:11:48.479Z",
            "description": "TS ID: 37323558; iType: phish_url; State: active; Org: Web Werks; Source: Phish Tank",
            "id": "indicator--1ac4d2b1-4f88-4960-b109-2180fa9bf144",
            "labels": [
                "malicious-activity",
                "threatstream-severity-very-high",
                "threatstream-confidence-85"
            ],
            "modified": "2016-02-26T18:11:48.479Z",
            "name": "phish_url: http://www.srbiohealth.com/London1/Eruku/nD/index.php",
            "object_marking_refs": [
                "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
            ],
            "pattern": "[url:value = 'http://www.srbiohealth.com/London1/Eruku/nD/index.php']",
            "type": "indicator",
            "valid_from": "2016-02-26T18:11:48.479Z"
        },

And I end up. with a validation error of

Caused by: javax.validation.ConstraintViolationException: labels: Items: [threatstream-confidence-85, threatstream-severity-very-high] are not found in class io.digitalstate.stix.vocabulary.vocabularies.IndicatorLabels
    at io.digitalstate.stix.validation.SdoDefaultValidator.validate(SdoDefaultValidator.java:19)
    at io.digitalstate.stix.common.StixCommonProperties.checkHydrationValidation(StixCommonProperties.java:116)
    at io.digitalstate.stix.sdo.objects.Indicator.validate(Indicator.java:1530)
    at io.digitalstate.stix.sdo.objects.Indicator.access$2700(Indicator.java:56)
    at io.digitalstate.stix.sdo.objects.Indicator$Builder.build(Indicator.java:2319)

Ideas?

[StephenOTT]

Are you using the 2.0 or 2.1 version of the library?

[sean-scott-lr]

I built from master yesterday.

I couldn't find a built version in maven repos, did I miss that?

[StephenOTT]

There is a 2.1 branch in the repo which was a major refactor.

The validations in the master (stix 2) uses https://immutables.github.io/ for the validation annotations. Would have to leverage that lib to disable (if it is possible). The 2.1 branch gives you many more config options for things like vocabs.

Given you have the code downloaded for 2.0, a quick fix is to just modify the content of the vocabs as needed: https://github.com/StephenOTT/STIX-Java/tree/master/src/main/java/io/digitalstate/stix/vocabulary/vocabularies

[sean-scott-lr]

Ok, Thanks for the feedback @StephenOTT .