Add modules utils under mix_utils folder to avoid duplication in JSON…

.github/workflows/ci.yml

@@ -2,6 +2,7 @@ name: Continuous Integration
 
 on:
   push:
+  pull_request:
 
 jobs:
   build:
@@ -42,10 +43,6 @@ jobs:
           case-path: ./
           case-version: "case-1.3.0"
           extension-filter: "jsonld"
-          report-in-pr: "true"
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          repository: ${{ github.repository }}
-          pull-request: ${{ github.event.pull_request.number }}
 
       # Always build the package as a sanity check to ensure no issues with the build system
       # exist as part of the CI process

.gitignore

@@ -9,6 +9,13 @@
 .venv/
 venv/
 
+# Wing IDE
+*wpr
+*wpu
+
+__pycache__/
+*.pyc
+
 # Build Artifacts
 build/
 dist/

case_mapping/uco/observable.py

@@ -373,64 +373,58 @@ def __init__(self, has_changed=None, state=None, facets=None):
 
 
 class FacetUrlHistory(FacetEntity):
-    def __init__(self, browser_info, history_entries=None):
+    def __init__(self, browser=None, history_entries=None):
         """
         :param browser_info: An observable object containing a URLHistoryFacet
         :param history_entries: A list of URLHistoryEntry types
         """
-
         super().__init__()
         self["@type"] = "uco-observable:URLHistoryFacet"
-        self._node_reference_vars(**{"uco-observable:browserInformation": browser_info})
-        self.append_history_entries(history_entries)
-
-    @unpack_args_array
-    def append_history_entries(self, *args):
-        """
-        Used to add history entries to this URL History facet
-        :param args: A single/tuple of URLHistoryEntry class types
-        """
-        self._append_observable_objects("uco-observable:urlHistoryEntry", *args)
+        self._node_reference_vars(
+            **{
+                "uco-observable:browserInformation": browser,
+                "uco-observable:urlHistoryEntry": history_entries,
+            }
+        )
 
 
 class UrlHistoryEntry(FacetEntity):
     def __init__(
         self,
+        browser_user_profile=None,
+        expiration_time=None,
         first_visit=None,
+        host_name=None,
+        keyword_search_term=None,
         last_visit=None,
-        expiration_time=None,
         manually_entered_count=None,
-        url=None,
-        user_profile=None,
         page_title=None,
         referrer_url=None,
+        url=None,
         visit_count=None,
-        keyword_search_term=None,
-        allocation_status=None,
     ):
         """
-        :param first_visit:
-        :param last_visit:
-        :param expiration_time:
-        :param manually_entered_count:
-        :param url: An observable object with a URLFacet
-        :param user_profile:
-        :param page_title:
-        :param referrer_url:
-        :param visit_count:
-        :param keyword_search_term:
-        :param allocation_status:
+        :param browser_user_profile: The web browser user profile for which the URL history entry was created.
+        :param expiration_time: The date and time at which the validity of the object expires.
+        :param first_visit: The date/time that the URL referred to by the URL field was first visited.
+        :param host_name: The hostname of the system.
+        :param keyword_search_term: The string representing a keyword search term contained within the URL field.
+        :param last_visit: The date/time that the URL referred to by the URL field was last visited.
+        :param manually_entered_count: The number of times the URL referred to by the URL field was manually entered into the browser's address field by the user.
+        :param page_title: The title of a web page
+        :param referrer_url: The origination point (i.e., URL) of a URL request.
+        :param url: An observable object with a URLFacet.
+        :param visit_count:  The number of times a URL has been visited by a particular web browser.
         """
 
         super().__init__()
         self["@type"] = "uco-observable:URLHistoryEntry"
         self._str_vars(
             **{
-                "uco-observable:userProfile": user_profile,  # todo: referral?
+                "uco-observable:browserUserProfile": browser_user_profile,
+                "uco-observable:hostname": host_name,
                 "uco-observable:pageTitle": page_title,
-                "uco-observable:referrerUrl": referrer_url,
                 "uco-observable:keywordSearchTerm": keyword_search_term,
-                "uco-observable:allocationStatus": allocation_status,
             }
         )
         self._int_vars(**{"uco-observable:visitCount": visit_count})
@@ -441,10 +435,20 @@ def __init__(
                 "uco-observable:expirationTime": expiration_time,
             }
         )
-        self._nonegative_int_vars(
-            **{"uco-observable:manuallyEnteredCount": manually_entered_count}
+        self._node_reference_vars(
+            **{
+                "uco-observable:ble:referrerUrl": referrer_url,
+                "uco-observable:url": url,
+            }
         )
-        self._node_reference_vars(**{"uco-observable:url": url})
+        # TODO AJN: This is one instance of xsd:nonNegativeInteger.
+        # I'm uncertain at the moment if there are other instances in
+        # the ontology requiring nonNegativeIntegers; if so, the
+        # FacetEntity class needs to have a helper function added.
+        self["uco-observable:manuallyEnteredCount"] = {
+            "@type": "xsd:nonNegativeInteger",
+            "@value": "%d" % manually_entered_count,
+        }
 
 
 class FacetUrl(FacetEntity):
@@ -488,6 +492,47 @@ def __init__(
         self._int_vars(**{"uco-observable:port": url_port})
 
 
+class FacetBrowserBookmark(FacetEntity):
+    def __init__(
+        self,
+        accessedTime=None,
+        application_id=None,
+        bookmarkPath=None,
+        modifiedTime=None,
+        createdTime=None,
+        urlTargeted_id=None,
+        visitCount=None,
+    ):
+        """
+        This CASEObject represents a grouping of characteristics unique to a saved shortcut that directs a
+        WWW (World Wide Web) browser software program to a particular WWW accessible resource.
+        :param accessedTime: The date and time at which the Object was accessed (dateTime).
+        :param application_id: The application associated with this object (ObservableObject).
+        :param bookmarkPath: The folder containing the bookmark (string).
+        :param modifiedTime: The date and time at which the Object was last modified (dateTime).
+        :param createdTime: The date and time at which the observable object being characterized was created (dateTime).
+        :param urlTargeted_id: The target of the bookmark. (anyURI).
+        :param visitCount: Specifies the number of times a URL has been visited by a particular web browser (integer).
+        """
+        super().__init__()
+        self["@type"] = "uco-observable:BrowserBookmarkFacet"
+        self._str_vars(**{"observable:bookmarkPath": bookmarkPath})
+        self._int_vars(**{"uco-observable:visitCount": visitCount})
+        self._node_reference_vars(
+            **{
+                "uco-observable:application": application_id,
+                "uco-observable:urlTargeted": urlTargeted_id,
+            }
+        )
+        self._datetime_vars(
+            **{
+                "uco-observable:observableCreatedTime": accessedTime,
+                "uco-observable:modifiedTime": modifiedTime,
+                "uco-observable:accessedTime": accessedTime,
+            }
+        )
+
+
 class FacetRasterPicture(FacetEntity):
     def __init__(
         self,
@@ -1015,6 +1060,8 @@ def __init__(
         cyber_action=None,
         computer_name=None,
         created_time=None,
+        start_time=None,
+        end_time=None,
     ):
         """
          An event facet is a grouping of characteristics unique to something that happens in a digital context
@@ -1023,10 +1070,12 @@ def __init__(
         :param event_text: The textual representation of the event.
         :param event_id: The identifier of the event.
         :param cyber_action: The action taken in response to the event.
-        :param computer_name: A name of the computer on which the log entry was created.
+        :param created_time: The date and time at which the observable object being characterized was created.
+        :param start_time: The date and time at which the observable object being characterized started.
+        :param end_time: The date and time at which the observable object being characterized ended.
         """
         super().__init__()
-        self["@type"] = "uco-observable:EventFacet"
+        self["@type"] = "uco-observable:EventRecordFacet"
         self._str_vars(
             **{
                 "uco-observable:eventType": event_type,
@@ -1036,7 +1085,12 @@ def __init__(
             }
         )
         self._node_reference_vars(**{"uco-observable:cyberAction": cyber_action})
-        self._datetime_vars(**{"uco-observable:observableCreatedTime": created_time})
+        self._datetime_vars(
+            **{
+                "uco-observable:startTime": start_time,
+                "uco-observable:endTime": end_time,
+            }
+        )
 
 
 class ObservableRelationship(ObjectEntity):

case_mapping/uco/tool.py

@@ -8,7 +8,7 @@ def __init__(
         """
         The Uco tool is a way to define the specifics of a tool used in an investigation
         :param tool_name: The name of the tool (e.g., "exiftool")
-        :param tool_creator: The developer and or organisation that produces this tool {might need to add a dict here}
+        :param tool_creator: An ObservableObject The developer and or organisation that produces this tool {might need to add a dict here}
         :param tool_type: The type of tool
         :param tool_version: The version of the tool
         """
@@ -19,9 +19,9 @@ def __init__(
                 "uco-core:name": tool_name,
                 "uco-tool:version": tool_version,
                 "uco-tool:toolType": tool_type,
-                "uco-tool:creator": tool_creator,
             }
         )
+        self._node_reference_vars(**{"uco-tool:creator": tool_creator})
 
 
 directory = {"uco-tool:Tool": Tool}

example.py

@@ -159,6 +159,48 @@ def _next_timestamp() -> datetime:
 bundle.append_to_uco_object(cyber_item3)
 
 
+###################################################
+#  Adding an FacetUrlHistory and aUrlHistoryEntry #
+###################################################
+url_object = uco.observable.ObservableObject()
+url_facet = uco.observable.FacetUrl(url_address="www.docker.com/howto")
+url_object.append_facets(url_facet)
+bundle.append_to_uco_object(url_object)
+
+url_date_expiration = datetime.strptime("2024-12-27T14:55:01", "%Y-%m-%dT%H:%M:%S")
+url_date_first = datetime.strptime("2024-01-02T15:55:01", "%Y-%m-%dT%H:%M:%S")
+url_date_last = datetime.strptime("2024-02-10T10:55:01", "%Y-%m-%dT%H:%M:%S")
+
+url_history_entry_object = uco.observable.ObservableObject()
+url_history_entry = uco.observable.UrlHistoryEntry(
+    browser_user_profile="Jill",
+    expiration_time=url_date_expiration,
+    first_visit=url_date_first,
+    host_name="case_test",
+    keyword_search_term="docker",
+    last_visit=url_date_last,
+    manually_entered_count=10,
+    page_title="Docker tutorial",
+    referrer_url=url_object,
+    url=url_object,
+    visit_count=18,
+)
+url_history_entry_object.append_facets(url_history_entry)
+bundle.append_to_uco_object(url_history_entry_object)
+
+browser_object = uco.observable.ObservableObject()
+browser_facet = uco.observable.FacetApplication(app_name="Safari")
+browser_object.append_facets(browser_facet)
+bundle.append_to_uco_object(browser_object)
+
+url_history_object = uco.observable.ObservableObject()
+url_history_facet = uco.observable.FacetUrlHistory(
+    browser=browser_object, history_entries=[url_history_entry_object]
+)
+url_history_object.append_facets(url_history_facet)
+bundle.append_to_uco_object(url_history_object)
+
+
 ############################
 #  Adding an SMS Account   #
 ############################