diff options
| author | Ernst Widerberg <ernst@sunet.se> | 2022-04-11 16:14:47 +0200 |
|---|---|---|
| committer | Ernst Widerberg <ernst@sunet.se> | 2022-04-11 16:14:47 +0200 |
| commit | 83f25ea5cafb075474b7379eac0aa612b710e1a6 (patch) | |
| tree | 90ea8d43c9a3609f067525a428fb12b225b03710 | |
| parent | 95fbd871e8722cf31958f68ad161c611fd4091ef (diff) | |
Update example_data + schema
| -rw-r--r-- | example_data.json | 47 | ||||
| -rw-r--r-- | example_data_1.json | 51 | ||||
| -rw-r--r-- | example_data_2.json | 51 | ||||
| -rw-r--r-- | src/schema.py | 109 |
4 files changed, 168 insertions, 90 deletions
diff --git a/example_data.json b/example_data.json deleted file mode 100644 index 3af9f35..0000000 --- a/example_data.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "document_version": 1, - "ip": "192.0.2.10", - "port": 443, - "whois_description": "SOMENET", - "asn": "AS65001", - "asn_country_code": "SE", - "ptr": "host10.test.soc.sunet.se", - "abuse_mail": "abuse@test.soc.sunet.se", - "domain": "sunet.se", - "timestamp_in_utc": "2021-06-21T14:06 UTC", - "user_presentation": { - "description": "A presentation of the observation as a whole (optional)", - "data": { - "subject_cn": { - "data": "unknown", - "display_name": "Subject Common Name", - "description": "A description of this key (optional)" - }, - "subject_o": { - "data": "unknown", - "display_name": "Subject O", - "description": "..." - }, - "full_name": { - "data": "VMware ESXi 6.7.0 build-17700523", - "display_name": "Full Name" - }, - "end_of_general_support": { - "data": false, - "display_name": "End of general support" - }, - "cve_2021_21972": { - "data": "CVE-2021-21972 not applicable", - "display_name": "CVE 2021 21972" - }, - "cve_2021_21974": { - "data": "CVE-2021-21974 patched", - "display_name": "CVE 2021 21974" - }, - "cve_2021_21985": { - "data": "CVE-2021-21985 not applicable", - "display_name": "CVE 2021 21985" - } - } - } -} diff --git a/example_data_1.json b/example_data_1.json new file mode 100644 index 0000000..3b64472 --- /dev/null +++ b/example_data_1.json @@ -0,0 +1,51 @@ +{ + "document_version": 1, + "ip": "192.0.2.10", + "port": 443, + "whois_description": "SOMENET", + "asn": "AS65001", + "asn_country_code": "SE", + "ptr": "host10.test.soc.sunet.se", + "abuse_mail": "abuse@test.soc.sunet.se", + "domain": "sunet.se", + "timestamp_in_utc": "2021-06-21T14:06 UTC", + "system_name": "Apache 2.1.3", + "description": "The Apache HTTP Server is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0.", + "custom_data": { + "subject_cn": { + "data": "Apache", + "display_name": "Subject Common Name" + }, + "end_of_general_support": { + "data": false, + "display_name": "End of general support", + "description": "Is the software currently supported?" + } + }, + "result": { + "cve_2015_0049": { + "display_name": "CVE-2015-0049", + "vulnerable": false, + "description": "Allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)." + }, + "cve_2015_0050": { + "display_name": "CVE-2015-0050", + "vulnerable": false + }, + "cve_2015_0060": { + "display_name": "CVE-2015-0060", + "vulnerable": true, + "reliability": 2 + }, + "cve_2015_0063": { + "display_name": "CVE-2015-0063", + "vulnerable": false + }, + "insecure_cryptography": { + "display_name": "Insecure cryptography", + "vulnerable": true, + "reliability": 5, + "description": "Uses RSA instead of elliptic curve." + } + } +} diff --git a/example_data_2.json b/example_data_2.json new file mode 100644 index 0000000..e73d2b5 --- /dev/null +++ b/example_data_2.json @@ -0,0 +1,51 @@ +{ + "document_version": 1, + "ip": "192.0.2.20", + "port": 80, + "whois_description": "SOMENET", + "asn": "AS65001", + "asn_country_code": "SE", + "ptr": "host11.test.soc.sunet.se", + "abuse_mail": "abuse@test.soc.sunet.se", + "domain": "sunet.se", + "timestamp_in_utc": "2021-06-30T10:00 UTC", + "system_name": "VMware ESXi 6.7.0 build-17700523", + "description": "VMware ESXi is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers. As a type-1 hypervisor, ESXi is not a software application that is installed on an operating system; instead, it includes and integrates vital OS components, such as a kernel.", + "custom_data": { + "subject_cn": { + "data": "VMware ESXi", + "display_name": "Subject Common Name" + }, + "end_of_general_support": { + "data": true, + "display_name": "End of general support", + "description": "Is the software currently supported?" + } + }, + "result": { + "cve_2019_0001": { + "cve": "CVE-2019-0001", + "vulnerable": false + }, + "cve_2015_0002": { + "display_name": "CVE-2015-0002", + "vulnerable": false, + "description": "There is a use of insufficiently random values vulnerability. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak." + }, + "cve_2015_0003": { + "display_name": "CVE-2015-0003", + "vulnerable": true, + "reliability": 2, + "description": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash." + }, + "cve_2015_0004": { + "display_name": "CVE-2015-0004", + "vulnerable": false + }, + "cve_2015_0005": { + "display_name": "CVE-2015-0005", + "vulnerable": true, + "reliability": 4 + } + } +} diff --git a/src/schema.py b/src/schema.py index 37da5aa..7e106d1 100644 --- a/src/schema.py +++ b/src/schema.py @@ -1,75 +1,98 @@ import json +import sys import jsonschema +# fmt:off +# NOTE: Commented out properties are left intentionally, so it is easier to see +# what properties are optional. schema = { "$schema": "http://json-schema.org/schema#", "type": "object", "properties": { - "document_version": { - "type": "integer" - }, - "ip": { - "type": "string" - }, - "port": { - "type": "integer" - }, - "whois_description": { - "type": "string" - }, - "asn": { - "type": "string" - }, - "asn_country_code": { - "type": "string" - }, - "ptr": { - "type": "string" - }, - "abuse_mail": { - "type": "string" - }, - "domain": { - "type": "string" - }, - "timestamp_in_utc": { - "type": "string" + "document_version": {"type": "integer"}, + "ip": {"type": "string"}, + "port": {"type": "integer"}, + "whois_description": {"type": "string"}, + "asn": {"type": "string"}, + "asn_country_code": {"type": "string"}, + "ptr": {"type": "string"}, + "abuse_mail": {"type": "string"}, + "domain": {"type": "string"}, + "timestamp_in_utc": {"type": "string"}, + "system_name": {"type": "string"}, + "description": {"type": "string"}, + "custom_data": { + "type": "object", + "patternProperties": { + ".*": { + "type": "object", + "properties": { + "display_name": {"type": "string"}, + "data": {"type": ["string", "boolean", "integer"]}, + "description": {"type": "string"}, + }, + "required": [ + "display_name", + "data", + # "description" + ] + }, + }, }, - "user_presentation": { + "result": { "type": "object", - "properties": { - "description": { - "type": "string" + "patternProperties": { + ".*": { + "type": "object", + "properties": { + "display_name": {"type": "string"}, + "vulnerable": {"type": "boolean"}, + "reliability": {"type": "integer"}, + "description": {"type": "string"}, + }, + "required": [ + "display_name", + "vulnerable", + # "reliability", # TODO: reliability is required if vulnerable = true + # "description", + ] }, - "data": { - "type": "object" - } - } - } + }, + }, }, "required": [ "document_version", "ip", "port", + "whois_description", + "asn", + "asn_country_code", + "ptr", + "abuse_mail", + "domain", "timestamp_in_utc", - "user_presentation" - ] + "system_name", + # "description", + # "custom_data", + "result", + ], } +# fmt:on def validate_collector_data(json_blob): try: jsonschema.validate(json_blob, schema) except jsonschema.exceptions.ValidationError as e: - print(f'Validation failed with error: {e}') + print(f"Validation failed with error: {e}") return False return True -if __name__ == '__main__': - with open('example_data.json') as fd: +if __name__ == "__main__": + with open(sys.argv[1]) as fd: json_data = json.loads(fd.read()) validate_collector_data(json_data) |