search

TcM1911 / stix2

A pure Go library for working with Structured Threat Information Expression (STIX™) version 2.x data
BSD 2-Clause "Simplified" License
22 stars 6 forks source link

Custom object parsing improvements #51

Closed TcM1911 closed 2 years ago

TcM1911 commented 2 years ago

Adding the option to provide a custom parser. This can be used to extract the data into a concrete type that implements the STIXObject interface.

Example of how to use it:

type mitreTactic struct {
    Domains            []string             `json:"x_mitre_domains"`
    ObjectMarkingRefs  []Identifier         `json:"object_marking_refs"`
    ID                 Identifier           `json:"id"`
    Type               STIXType             `json:"type"`
    Created            Timestamp            `json:"created"`
    CreatedBy          Identifier           `json:"created_by_ref"`
    ExternalReferences []*ExternalReference `json:"external_references"`
    Modified           Timestamp            `json:"modified"`
    Name               string               `json:"name"`
    Description        string               `json:"description"`
    Version            string               `json:"x_mitre_version"`
    AttackSpecVersion  string               `json:"x_mitre_attack_spec_version"`
    ModifiedBy         Identifier           `json:"x_mitre_modified_by_ref"`
    ShortName          string               `json:"x_mitre_shortname"`
}

// GetID returns the identifier for the object.
func (m mitreTactic) GetID() Identifier {
    return m.ID
}

// GetType returns the object's type.
func (m mitreTactic) GetType() STIXType {
    return m.Type
}

// GetCreated returns the created time for the STIX object. If the object
// does not have a time defined, nil is returned.
func (m mitreTactic) GetCreated() *time.Time {
    return &m.Created.Time
}

// GetModified returns the modified time for the STIX object. If the object
// does not have a time defined, nil is returned.
func (m mitreTactic) GetModified() *time.Time {
    return &m.Modified.Time
}

// GetExtendedTopLevelProperties returns the extra top level properties or
// nil for the object.
func (m mitreTactic) GetExtendedTopLevelProperties() *CustomObject {
    return nil
}
    data := []byte(`{
        "type": "bundle",
        "id": "bundle--099f4d3b-9c94-4472-a5b9-b26186b786b0",
        "spec_version": "2.0",
        "objects": [
            {
                "x_mitre_domains": [
                    "enterprise-attack"
                ],
                "object_marking_refs": [
                    "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
                ],
                "id": "x-mitre-tactic--2558fd61-8c75-4730-94c4-11926db2a263",
                "type": "x-mitre-tactic",
                "created": "2018-10-17T00:14:20.652Z",
                "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
                "external_references": [
                    {
                        "external_id": "TA0006",
                        "url": "https://attack.mitre.org/tactics/TA0006",
                        "source_name": "mitre-attack"
                    }
                ],
                "modified": "2019-07-19T17:43:41.967Z",
                "name": "Credential Access",
                "description": "The adversary is trying to steal account names and passwords.\n\nCredential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.",
                "x_mitre_version": "1.0",
                "x_mitre_attack_spec_version": "2.1.0",
                "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
                "x_mitre_shortname": "credential-access"
            }
        ]
    }`)

    col, err := FromJSON(data, UseCustomParser("x-mitre-tactic", func(data []byte) (STIXObject, error) {
        var tactic mitreTactic
        err := json.Unmarshal(data, &tactic)
        if err != nil {
            return nil, err
        }
        return &tactic, nil
    }))

    objs := col.GetAll("x-mitre-tactic")
    obj := objs[0].(*mitreTactic)
    fmt.Println(obj.ExternalReferences[0].ExternalID)
}
codecov[bot] commented 2 years ago

Codecov Report

Merging #51 (fb06d4c) into master (4bbdcab) will increase coverage by 0.00%. The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master      #51   +/-   ##
=======================================
  Coverage   99.29%   99.29%           
=======================================
  Files          43       43           
  Lines        1982     1993   +11     
=======================================
+ Hits         1968     1979   +11     
  Misses          7        7           
  Partials        7        7
Impacted Files Coverage Δ
extension.go 100.00% <100.00%> (ø)
stix.go 99.62% <100.00%> (+<0.01%) :arrow_up:

Help us with your feedback. Take ten seconds to tell us how you rate us.

TcM1911 commented 2 years ago

Version v0.9.0 released with this feature.