Open saaj opened 2 years ago
Hi @saaj, the pattern validator has so far been more concerned with the syntax of the pattern than the content, fields, and values used in it. It is definitely possible to add checks for every STIX property, but would involve adding a lot of checks. It's not something we can devote time to right now, but I'm not opposed to it, and would welcome a Pull Request to add additional checks. If there is enough interest on this issue we can make this more of a priority.
Here is an example with
stix2-patterns==1.3.2
:For
email-addr:value
the example above explicitly contradicts what the spec requires:For
ipv4-addr:value
the spec is softer, but an URL is obviously not a CIDR:And so on for bunch of MUSTs and plain definitions of what is what in the spec about SCOs.
Invalid
ipv4-addr
STIX 2.1 SCOs is already something that one can see in the wild.Code-wise property-level validation happens here. I think the same regex-based approach can cover many if not most of the constraints (though that's understandingly quite a bit of work).
https://github.com/oasis-open/cti-pattern-validator/blob/52de2bc3373a334125fbeee0232d05fb96aa4bd8/stix2patterns/v21/object_validator.py#L24-L42