Class: ActiveStix::Bundle

Inherits:
ApplicationRecord show all
Defined in:
app/models/active_stix/bundle.rb

Constant Summary collapse

@@stix_map = 
{
    'bundle' => ActiveStix::Bundle,
    'attack-pattern' => ActiveStix::AttackPattern,
    'relationship' => ActiveStix::Relationship,
    'course-of-action' => ActiveStix::CourseOfAction,
    'identity' => ActiveStix::Identity,
    'intrusion-set' => ActiveStix::IntrusionSet,
    'malware' => ActiveStix::Malware,
    'tool' => ActiveStix::Tool,
    'marking-definition' => ActiveStix::MarkingDefinition,
    'report' => ActiveStix::Report,
    'campaign' => ActiveStix::Campaign,
    'indicator' => ActiveStix::Indicator
}

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.ingest(filename) ⇒ Object 



29
30
31
32
33
34
35
 
# File 'app/models/active_stix/bundle.rb', line 29

def self.ingest(filename)
  file_handle = ::File.open(filename, "r")
  file_data = file_handle.read
  json_file_data = JSON.parse(file_data)
  bundle = ingest_json(json_file_data, nil)
  bundle
end

.ingest_json(obj, parent) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'app/models/active_stix/bundle.rb', line 37

def self.ingest_json(obj, parent)
  #first create all the objects and then create the relationships to simplify associations
  # first create all objects then reference object_refs in reports
  list_relationships = []
  list_reports = []
  bundle = ActiveStix::Bundle.find_or_create_by(stix_id: obj['id'], spec_version: obj['spec_version'])
  objects = obj['objects'].collect do |o|
    #puts "Loc A: #{o['type']}"
    if o['type'] == 'relationship'
      list_relationships << o
    else
      begin
        #puts o['type']
        if o['type'].starts_with?("x-") and !ActiveStix.process_x_attrs?
        else
          bundle.add(@@stix_map[o['type']].ingest_json(o))
        end
        if o['type'] == 'report'
          #add all report object_refs after all objects are created
          list_reports << o
        end
      rescue
        Rails.logger.info "Failed trying to ingest type #{o['type']}"
        raise
      end
    end
  end
  list_relationships.each do |rel|
    bundle.add(ActiveStix::Relationship.ingest_json(rel))
  end

  list_reports.each do |rep|
    ActiveStix::Report.add_obj_refs(rep)
  end
  bundle
end

Instance Method Details

#add(stix_object) ⇒ Object 



74
75
76
77
78
79
80
81
82
83
84
 
# File 'app/models/active_stix/bundle.rb', line 74

def add(stix_object)
  if stix_object.is_a? Enumerable
    stix_object.each do |so|
      add(so)
    end
  else
    unless bundled_objects.where(object_ref: stix_object.stix_id).any?
      bundled_objects.create(stix_object: stix_object)
    end
  end
end

#as_stixObject 



90
91
92
93
94
95
96
97
 
# File 'app/models/active_stix/bundle.rb', line 90

def as_stix
  {
      "type" => type,
      "id" => stix_id,
      "spec_version" => "2.0",
      "objects" => bundled_objects.collect {|bo| bo.stix_object.as_stix}
  }
end

#convert_to_jsonObject 



99
100
101
102
103
104
105
106
 
# File 'app/models/active_stix/bundle.rb', line 99

def convert_to_json
  {
      :type => "bundle",
      :id => stix_id,
      :spec_version => spec_version,
      :objects => bundled_objects.collect {|bo| bo.stix_object.convert_to_json}
  }.to_json
end

#includes?(stix_object) ⇒ Boolean

Returns:

  • (Boolean) 


86
87
88
 
# File 'app/models/active_stix/bundle.rb', line 86

def includes?(stix_object)
  bundled_objects.where(object_ref: stix_object.stix_id).any?
end

#typeObject 



25
26
27
 
# File 'app/models/active_stix/bundle.rb', line 25

def type
  'bundle'
end