From 13f877bc50071e52357464d9c2478376fa6bd6cc Mon Sep 17 00:00:00 2001 From: Alex Nelson Date: Fri, 10 May 2024 10:14:55 -0400 Subject: [PATCH 1/2] Warn if an AlternateDataStream instance is not also a FileSystemObject A follow-on patch will regenerate Make-managed files. References: * https://github.com/ucoProject/UCO/issues/590 Signed-off-by: Alex Nelson --- ontology/uco/observable/observable.ttl | 8 +++++++ tests/examples/Makefile | 2 ++ .../examples/alternate_data_stream_PASS.json | 21 +++++++++++++++++++ tests/examples/test_validation.py | 9 ++++++++ 4 files changed, 40 insertions(+) create mode 100644 tests/examples/alternate_data_stream_PASS.json diff --git a/ontology/uco/observable/observable.ttl b/ontology/uco/observable/observable.ttl index 6f5553b2..37dc84be 100644 --- a/ontology/uco/observable/observable.ttl +++ b/ontology/uco/observable/observable.ttl @@ -239,6 +239,14 @@ observable:AlternateDataStream rdfs:subClassOf observable:ObservableObject ; rdfs:label "AlternateDataStream"@en ; rdfs:comment "An alternate data stream is data content stored within an NTFS file that is independent of the standard content stream of the file and is hidden from access by default NTFS file viewing mechanisms."@en ; + rdfs:seeAlso [ + a sh:NodeShape ; + rdfs:comment "This anonymous shape is attached with rdfs:seeAlso in order to associate a warning-severity class constraint, that will only be necessary as an independent shape until UCO 2.0.0."@en ; + sh:class observable:FileSystemObject ; + sh:message "In UCO 2.0.0, uco-observable:AlternateDataStream will be a subclass of uco-observable:FileSystemObject. In preparation for UCO 2.0.0, the additional type uco-observable:FileSystemObject should be assigned to this node."@en ; + sh:severity sh:Warning ; + sh:targetClass observable:AlternateDataStream ; + ] ; sh:targetClass observable:AlternateDataStream ; . diff --git a/tests/examples/Makefile b/tests/examples/Makefile index 80f59e04..712ba277 100644 --- a/tests/examples/Makefile +++ b/tests/examples/Makefile @@ -21,6 +21,7 @@ all: \ action_inheritance_PASS_validation.ttl \ action_inheritance_XFAIL_validation.ttl \ action_result_PASS_validation.ttl \ + alternate_data_stream_PASS_validation.ttl \ co_PASS_validation.ttl \ co_XFAIL_validation.ttl \ configuration_setting_PASS_validation.ttl \ @@ -92,6 +93,7 @@ check: \ action_inheritance_PASS_validation.ttl \ action_inheritance_XFAIL_validation.ttl \ action_result_PASS_validation.ttl \ + alternate_data_stream_PASS_validation.ttl \ co_PASS_validation.ttl \ co_XFAIL_validation.ttl \ configuration_setting_PASS_validation.ttl \ diff --git a/tests/examples/alternate_data_stream_PASS.json b/tests/examples/alternate_data_stream_PASS.json new file mode 100644 index 00000000..e6abd5bb --- /dev/null +++ b/tests/examples/alternate_data_stream_PASS.json @@ -0,0 +1,21 @@ +{ + "@context": { + "kb": "http://example.org/kb/", + "observable": "https://ontology.unifiedcyberontology.org/uco/observable/", + "rdfs": "http://www.w3.org/2000/01/rdf-schema#" + }, + "@graph": [ + { + "@id": "kb:AlternateDataStream-07b3c41a-080c-4916-8375-c18148763e13", + "@type": "observable:AlternateDataStream", + "rdfs:comment": "This node should trigger a sh:Warning from not being a observable:FileSystemObject" + }, + { + "@id": "kb:AlternateDataStream-b2d4968b-4490-4b44-a56b-832058834454", + "@type": [ + "observable:AlternateDataStream", + "observable:FileSystemObject" + ] + } + ] +} diff --git a/tests/examples/test_validation.py b/tests/examples/test_validation.py index c714d0c3..a2ef1138 100644 --- a/tests/examples/test_validation.py +++ b/tests/examples/test_validation.py @@ -177,6 +177,15 @@ def test_action_result_PASS_validation() -> None: g = load_validation_graph("action_result_PASS_validation.ttl", True) assert isinstance(g, rdflib.Graph) +def test_alternate_data_stream_PASS_validation() -> None: + confirm_validation_results( + "alternate_data_stream_PASS_validation.ttl", + True, + expected_focus_node_severities={ + ("http://example.org/kb/AlternateDataStream-07b3c41a-080c-4916-8375-c18148763e13", str(NS_SH.Warning)), + } + ) + def test_configuration_setting_PASS_validation() -> None: g = load_validation_graph("configuration_setting_PASS_validation.ttl", True) assert isinstance(g, rdflib.Graph) From 5a40aa46f7ead5290ab180e4b40e9c184bb50c2d Mon Sep 17 00:00:00 2001 From: Alex Nelson Date: Fri, 10 May 2024 10:15:15 -0400 Subject: [PATCH 2/2] Regenerate Make-managed files References: * https://github.com/ucoProject/UCO/issues/590 Signed-off-by: Alex Nelson --- .../alternate_data_stream_PASS_validation.ttl | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 tests/examples/alternate_data_stream_PASS_validation.ttl diff --git a/tests/examples/alternate_data_stream_PASS_validation.ttl b/tests/examples/alternate_data_stream_PASS_validation.ttl new file mode 100644 index 00000000..d13a07eb --- /dev/null +++ b/tests/examples/alternate_data_stream_PASS_validation.ttl @@ -0,0 +1,28 @@ +@prefix observable: . +@prefix owl: . +@prefix rdf: . +@prefix rdfs: . +@prefix sh: . +@prefix xsd: . + +[] + a sh:ValidationReport ; + sh:conforms "true"^^xsd:boolean ; + sh:result [ + a sh:ValidationResult ; + sh:focusNode ; + sh:resultMessage "In UCO 2.0.0, uco-observable:AlternateDataStream will be a subclass of uco-observable:FileSystemObject. In preparation for UCO 2.0.0, the additional type uco-observable:FileSystemObject should be assigned to this node."@en ; + sh:resultSeverity sh:Warning ; + sh:sourceConstraintComponent sh:ClassConstraintComponent ; + sh:sourceShape [ + a sh:NodeShape ; + rdfs:comment "This anonymous shape is attached with rdfs:seeAlso in order to associate a warning-severity class constraint, that will only be necessary as an independent shape until UCO 2.0.0."@en ; + sh:class observable:FileSystemObject ; + sh:message "In UCO 2.0.0, uco-observable:AlternateDataStream will be a subclass of uco-observable:FileSystemObject. In preparation for UCO 2.0.0, the additional type uco-observable:FileSystemObject should be assigned to this node."@en ; + sh:severity sh:Warning ; + sh:targetClass observable:AlternateDataStream ; + ] ; + sh:value ; + ] ; + . +