Comments (11)
tlhampton13
commented on June 1, 2024
1
@ikiril01 Thank you for pointing out the specific language in the Spec.
from cti-stix-validator.
longdhnguyen
commented on June 1, 2024
1
I have created a new issue #72 for the comment above. Thanks @gtback
from cti-stix-validator.
gtback
commented on June 1, 2024
Thanks, @tlhampton13 ! I thought there was a statement in the spec that SROs could never be the source_ref or target_ref in a relationship; I know that was the intent. The only things I can find in the spec right now only seem to suggest rather than require that.
This is certainly something we need to address, either (most likely) as an error or (possibly) as a warning.
from cti-stix-validator.
tlhampton13
commented on June 1, 2024
Thanks, @gtback
I know this comment is not applicable to the validator and that the STIX 2 spec is already published, but I would prefer the Sighting object to be an SDO instead of an SRO. Connected to the other SDOs by "sighting-of", "where-sighted", and "observed" relationships. That's what some of our folks are trying to do with the above. It would make some things easier. Oh well, can't change the spec.
Given that the validator may enforce we'll avoid creating relationships to SROs.
from cti-stix-validator.
ikiril01
commented on June 1, 2024
I think the language is fairly clear in the definition of the Relationship SRO that it can only reference SDOs. If you look at the definition of source_ref/target_ref:
"The id of the source (from) object. The value MUST be an ID reference to an SDO (i.e., it cannot point to an SRO, Bundle, or Marking Definition)."
from cti-stix-validator.
gtback
commented on June 1, 2024
Thanks @ikiril01 , that's exactly what I was looking for!
from cti-stix-validator.
longdhnguyen
commented on June 1, 2024
Edited August 11, 2018: Issue #72
from cti-stix-validator.
gtback
commented on June 1, 2024
I would say that's a separate issue, @longdhnguyen (enforcing that all referenced objects are contained within the same bundle). There's nothing in the STIX spec that prohibits STIX objects from referencing objects not included in the same bundle. There may be some restrictions in the interoperability specification, in which case I can imagine adding a mode to the validator to check that, but I wouldn't make it the default.
from cti-stix-validator.
tlhampton13
commented on June 1, 2024
@gtback are you responding to @longdhnguyen comment or the original issue?
from cti-stix-validator.
gtback
commented on June 1, 2024
Sorry, that was for @longdhnguyen . I edited the above issue. Thanks for pointing that out.
from cti-stix-validator.
clenk
commented on June 1, 2024
The validator currently enforces this. The above stix content should result in the following error:
[X] relationship--5b6c5dc9-5d0b-4f0b-be23-626531b250f3: source_ref: Relationships cannot link bundles, marking definitions, sightings, or other relationships. This field must contain the id of an SDO.
I'm closing this, but if you are still facing this issue @tlhampton13 feel free to reopen!
from cti-stix-validator.
Related Issues (20)
- Stix2-validator taking long time for validating input with network-traffic SCO
- Issue in timestamp_compare when dates don't have the same length
- Unclear Artifact error message
- [CS03] location.administrative_area SHOULD contain valid 3166-2 code
- [CS03] software.languages must be RFC5646
- [CS03] Network Traffic Protocol Property and Extensions
- SDOs should not be allowed in in Observed Data's object_refs property
- 2.1 validator does not handle top-level extension definition properly HOT 5
- malware-analysis schema requires 'result', spec says 'av_result'. HOT 1
- windows-registry-key SCO doesn't have to start with a hive portion
- STIX Cyber-observable Objects SHOULD use UUIDv5. It is not a MUST. HOT 1
- SCOs are allowed in Observable Containers as per Section 2.13 of the spec - so the validator must allow it HOT 1
- KeyError Exceptions in validate_instance HOT 3
- Get string representation of validation results the way print_results() displays HOT 1
- UUIDv5 validation HOT 2
- draft7_format_checker is deprecated HOT 13
- 3.1.0 missing schemas HOT 3
- Better warning messages for open vocabs and relationship types
- Enhanced Interoperability Support
- TAXII Support?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cti-stix-validator.