Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add swid property to the software SCO #358

Merged
merged 2 commits into from
Mar 12, 2020
Merged

Add swid property to the software SCO #358

merged 2 commits into from
Mar 12, 2020

Conversation

chisholm
Copy link
Contributor

@chisholm chisholm commented Mar 2, 2020

Fixes #349

@codecov-io
Copy link

codecov-io commented Mar 2, 2020
edited
Loading

Codecov Report

Merging #358 into master will increase coverage by 0.03%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #358      +/-   ##
==========================================
+ Coverage   98.15%   98.18%   +0.03%     
==========================================
  Files         124      124              
  Lines       14176    14229      +53     
==========================================
+ Hits        13914    13971      +57     
+ Misses        262      258       -4
Impacted Files Coverage Δ
stix2/test/v21/test_observed_data.py 100.00% <ø> (ø)
stix2/v21/observables.py 96.93% <ø> (ø)
stix2/pattern_visitor.py 72.81% <0.00%> (-1.75%) ⬇️
stix2/utils.py 97.15% <0.00%> (-0.57%) ⬇️
stix2/v21/sdo.py 94.53% <0.00%> (ø)
stix2/test/v21/test_custom.py 100.00% <0.00%> (ø)
stix2/test/v21/test_malware.py 100.00% <0.00%> (ø)
stix2/test/v21/test_indicator.py 100.00% <0.00%> (ø)
stix2/test/v21/test_infrastructure.py 100.00% <0.00%> (ø)
stix2/test/v21/test_malware_analysis.py 100.00% <0.00%> (ø)
... and 4 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c2b7167...2472af3. Read the comment docs.

@emmanvg emmanvg added this to the 1.4.0 milestone Mar 3, 2020
@clenk
Copy link
Contributor

clenk commented Mar 11, 2020

I think the format of swid tags is more like org.fedoraproject.Fedora-29. Should we update the test example? I don't know the swid tag for MS Word, though.

@rpiazza
Copy link
Contributor

rpiazza commented Mar 11, 2020

@clenk, @chisholm - looked at examples in https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf

Here is a good one:
tagId="com.acme.rms-ce-v4-1-5-0".

Maybe change the cpe one to correspond to this?

@chisholm
Copy link
Contributor Author

chisholm commented Mar 11, 2020
edited
Loading

I was looking for info about tagIds too when I was developing this. I couldn't get a free spec anywhere, so I was just trying to uncover whatever bits of information I could. I don't remember where I saw it, but I remember reading that they aren't required to be any particular thing. There may be some "should" rules around them though. So a UUID seemed good enough, and not technically wrong. But I'll change the test.

@rpiazza
Copy link
Contributor

rpiazza commented Mar 11, 2020

Yes - I agree - its not defined very well. It took the text for the STIX spec directly from the document I referred to above.

@clenk clenk merged commit 87c5ef3 into oasis-open:master Mar 12, 2020
@clenk
Copy link
Contributor

clenk commented Mar 12, 2020

Thanks @chisholm!

@chisholm chisholm deleted the software_cpe_swid branch April 3, 2020 22:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.4.0
Development

Successfully merging this pull request may close these issues.

Changes made to Software SCO, and its usage.
5 participants
@chisholm @codecov-io @clenk @rpiazza @emmanvg