Implement uniqueness validation for STIX bundle objects #63
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add createUniqueObjectsOnlyRefinement to validate that all objects in a STIX bundle have unique IDs. Includes comprehensive test coverage and removes unused helper code from generics.ts.
Contributor
Author
|
Notably:
|
…only for x_mitre_analytic_refs
… replace inline dupe checks Add a new validateNoDuplicates refinement factory function that provides flexible duplicate validation for: - Object arrays with single or composite keys - Primitive arrays (strings, numbers, etc.) - Nested array paths with custom error messages Replace inline duplicate checking logic in analytic, data-component, and detection-strategy schemas with the new generic refinement, improving code reuse and maintainability. The new function supports template-based error messages with placeholders for key values, primitive values, and array indices. Deprecate the existing createUniqueObjectsOnlyRefinement in favor of the more flexible approach.
… STIX bundle integrity Add a new validateXMitreContentsReferences refinement factory function that validates all STIX IDs referenced in a collection's x_mitre_contents property have corresponding objects in the bundle's objects array. This ensures referential integrity within STIX bundles. Replace the deprecated createUniqueObjectsOnlyRefinement with the more flexible validateNoDuplicates refinement in stix-bundle schema for improved consistency. Add comprehensive test coverage with 5 tests validating: - Valid references pass validation - Missing references are rejected with appropriate error messages - Multiple missing references are all reported - Multiple valid references are accepted Fix test setup to reference the collection's own ID instead of a non-existent object in the minimal test fixture.
seansica
deleted the
62-request-implement-uniqueness-validation-for-stix-bundle-objects
branch
|
🎉 This PR is included in version 4.7.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Implements validation to:
idkeyx_mitre_contentsare present in theobjectsarrayChanges
New Features
Reusable Refinement Functions
src/refinements/index.ts: ImplementedvalidateNoDuplicates, which can be used in any schema to validate that no duplicates exist for any key (including composite keys)src/refinements/index.ts: ImplementedvalidateXMitreContentsReferences, which validates that all STIX IDs referenced inx_mitre_contentsactually exist in the bundle'sobjectsarraySTIX Bundle Schema
objectsarary is of typex-mitre-collectionsx_mitre_contentsare present in theobjectsarrayobjectsarrayRefactors
analytics.schema.ts: Replaced custom refinement withvalidateNoDuplicatesfor validating that no duplicate log source references existdata-component.schema.ts: Replaced custom refinement withvalidateNoDuplicatesfor validating that no duplicate log sources inx_mitre_log_sourcesexistdetection-strategy.schema.ts: Replaced custom refinement withvalidateNoDuplicatesfor validating that no duplicate analytic refs inx_mitre_analytic_refsexistTesting
test/objects/detection-strategy.test.ts: Changed one of the test conditions to throw when the schema detections duplicate analytic refstest/objects/stix-bundle.test.ts: Added the following tests'should accept bundle with unique object IDs (true positive)''should reject bundle with duplicate object IDs (true negative)''should report the duplicate ID in error message''should handle multiple duplicates in a single bundle'x_mitre_contentsconstraints:'should accept bundle where all x_mitre_contents references exist in objects (true positive)''should reject bundle where x_mitre_contents references a missing object (true negative)''should report the missing STIX ID in error message''should handle multiple missing references in x_mitre_contents''should accept bundle with mix of valid and present references in x_mitre_contents'**test/refinements/validate-no-duplicates.test.ts:validateNoDuplicatesrefinement factory function.refinements/index.tsin a future change.