Documentation ¶
Overview ¶
Package sqlite3 implements the SQLite 3 datastore for TAXII 2.
Index ¶
- Constants
- type Store
- func (ds *Store) AddObject(obj interface{}) error
- func (ds *Store) AddTAXIIObject(obj interface{}) error
- func (ds *Store) AddToCollection(collectionid, stixid string) error
- func (ds *Store) Close() error
- func (ds *Store) CreateSTIXTables()
- func (ds *Store) CreateTAXIITables()
- func (ds *Store) CreateVocabTables()
- func (ds *Store) GetAllCollections() (*collections.Collections, error)
- func (ds *Store) GetAllEnabledCollections() (*collections.Collections, error)
- func (ds *Store) GetCollections() (*collections.Collections, error)
- func (ds *Store) GetManifestData(query collections.CollectionQuery) (*collections.CollectionQueryResult, error)
- func (ds *Store) GetObjects(query collections.CollectionQuery) (*collections.CollectionQueryResult, error)
- func (ds *Store) GetVersions(query collections.CollectionQuery) (*collections.CollectionQueryResult, error)
- func (ds *Store) PopulateVocabTables()
Constants ¶
const ( DB_TABLE_STIX_BASE_OBJECT = "s_base_object" DB_TABLE_STIX_ATTACK_PATTERN = "s_attack_pattern" DB_TABLE_STIX_CAMPAIGN = "s_campaign" DB_TABLE_STIX_COURSE_OF_ACTION = "s_course_of_action" DB_TABLE_STIX_IDENTITY = "s_identity" DB_TABLE_STIX_IDENTITY_SECTORS = "s_identity_sectors" DB_TABLE_STIX_INDICATOR = "s_indicator" DB_TABLE_STIX_INDICATOR_TYPES = "s_indicator_types" DB_TABLE_STIX_INTRUSION_SET = "s_intrusion_set" DB_TABLE_STIX_LOCATION = "s_location" DB_TABLE_STIX_MALWARE = "s_malware" DB_TABLE_STIX_NOTE = "s_note" DB_TABLE_STIX_OBSERVED_DATA = "s_observed_data" DB_TABLE_STIX_OPINION = "s_opinion" DB_TABLE_STIX_REPORT = "s_report" DB_TABLE_STIX_THREAT_ACTOR = "s_threat_actor" DB_TABLE_STIX_THREAT_ACTOR_ROLES = "s_threat_actor_roles" DB_TABLE_STIX_TOOL = "s_tool" DB_TABLE_STIX_VULNERABILITY = "s_vulnerability" DB_TABLE_STIX_ALIASES = "s_aliases" DB_TABLE_STIX_AUTHORS = "s_authors" DB_TABLE_STIX_EXTERNAL_REFERENCES = "s_external_references" DB_TABLE_STIX_GOALS = "s_goals" DB_TABLE_STIX_HASHES = "s_hashes" DB_TABLE_STIX_KILL_CHAIN_PHASES = "s_kill_chain_phases" DB_TABLE_STIX_LABELS = "s_labels" DB_TABLE_STIX_OBJECT_MARKING_REFS = "s_object_marking_refs" DB_TABLE_STIX_OBJECT_REFS = "s_object_refs" DB_TABLE_STIX_SECONDARY_MOTIVATIONS = "s_secondary_motivations" DB_TABLE_STIX_PERSONAL_MOTIVATIONS = "s_personal_motivations" DB_TABLE_VOCAB_ATTACK_MOTIVATIONS = "v_attack_motivation" DB_TABLE_VOCAB_ATTACK_RESOURCE_LEVEL = "v_attack_resource_level" DB_TABLE_VOCAB_IDENTITY_CLASS = "v_identity_class" DB_TABLE_VOCAB_INDICATOR_LABEL = "v_indicator_label" DB_TABLE_VOCAB_INDUSTRY_SECTOR = "v_industry_sector" DB_TABLE_VOCAB_MALWARE_LABEL = "v_malware_label" DB_TABLE_VOCAB_REPORT_LABEL = "v_report_label" DB_TABLE_VOCAB_THREAT_ACTOR_LABEL = "v_threat_actor_label" DB_TABLE_VOCAB_THREAT_ACTOR_ROLE = "v_threat_actor_role" DB_TABLE_VOCAB_THREAT_ACTOR_SOPHISTICATION = "v_threat_actor_sophistication" DB_TABLE_VOCAB_TOOL_LABEL = "v_tool_label" DB_TABLE_TAXII_COLLECTIONS = "t_collections" DB_TABLE_TAXII_COLLECTION_MEDIA_TYPE = "t_collection_media_type" DB_TABLE_TAXII_COLLECTION_DATA = "t_collection_data" DB_TABLE_TAXII_MEDIA_TYPES = "t_media_types" )
The following constants define database tables names for a relational database. All of the SQL statements and other code uses these constants, so it should be pretty safe, if needed, to change the actual table names without problems.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Store ¶
type Store struct { Filename string DB *sql.DB Logger *log.Logger Cache struct { BaseObjectIDIndex int Collections map[string]*collections.Collection } Strict struct { IDs bool Types bool } }
Store defines all of the properties and information associated with connecting and talking to the database.
When Strict.IDs = false, then the system will allow vanity STIX IDs like: indicator--1, indicator--2
When Strict.Types = false, then the system will allow unknown STIX types
func New ¶
func New(logger *log.Logger, filename string, collections map[string]collections.Collection) *Store
New - This function will return a Store.
func (*Store) AddObject ¶
AddObject - This method will take in a STIX object and add it to the database.
func (*Store) AddTAXIIObject ¶
AddTAXIIObject - This method will take in a TAXII object and add it to the database.
func (*Store) AddToCollection ¶
AddToCollection - This method will add an entry to a collection as defined in addToCollection() in t_collectiondata.go
func (*Store) CreateSTIXTables ¶
func (ds *Store) CreateSTIXTables()
CreateSTIXTables - This method will create all of the tables needed to store STIX content in the database.
func (*Store) CreateTAXIITables ¶
func (ds *Store) CreateTAXIITables()
CreateTAXIITables - This method will create all of the tables needed to store STIX content in the database.
func (*Store) CreateVocabTables ¶
func (ds *Store) CreateVocabTables()
CreateVocabTables - This method will create all of the tables needed to store STIX content in the database.
func (*Store) GetAllCollections ¶
func (ds *Store) GetAllCollections() (*collections.Collections, error)
GetAllCollections - This method will return all collections, even those that are disabled and hidden. This is primarily used for administration tools that need to see all collections.
func (*Store) GetAllEnabledCollections ¶
func (ds *Store) GetAllEnabledCollections() (*collections.Collections, error)
GetAllEnabledCollections - This method will return only enabled collections, even those that are hidden. This is used for setup up the HTTP MUX routers.
func (*Store) GetCollections ¶
func (ds *Store) GetCollections() (*collections.Collections, error)
GetCollections - This method will return just those collections that are both enabled and visible. This is primarily used to populate the results for clients that pull a collections resource. Clients may be able to talk to a hidden collection, but they should not see it in the list.
func (*Store) GetManifestData ¶
func (ds *Store) GetManifestData(query collections.CollectionQuery) (*collections.CollectionQueryResult, error)
GetManifestData - This method will take in query struct for a collection and will return a TAXII manifest resource that contains all of the records that match the query parameters.
func (*Store) GetObjects ¶
func (ds *Store) GetObjects(query collections.CollectionQuery) (*collections.CollectionQueryResult, error)
GetObjects - This method will take in a query struct for a collection and will return a TAXII Enveloper resource that contains all of the STIX objects that are in that collection that meet those query parameters.
func (*Store) GetVersions ¶
func (ds *Store) GetVersions(query collections.CollectionQuery) (*collections.CollectionQueryResult, error)
GetVersions - This method will take in a query struct for a collection and will return a TAXII versions resource that contains all of the versions of the STIX objects that are in that collection that meet those query parameters.
func (*Store) PopulateVocabTables ¶
func (ds *Store) PopulateVocabTables()
PopulateVocabTables - This method will insert all of the vocabulary data into the right database tables.