All committers have signed the CLA.

Hi @peasead,

I don't think this is the correct way to add TLP 2.0 CLEAR. The object exists in the common object repository, so you should use those. Remember, any STIX object of the same id and same version must be identical. Also, what you have done will probably not validate using the extension definition's schema or the base schema - since there is no TLP:CLEAR in TLP 1.0.

I suggest you add all five TLP 2.0 data marking objects to your environment, and then do something locally like you did in this pull request for all five.

Thanks @rpiazza. I've not worked with the project beyond using it, so sorry if this wasn't correct.

I suggest you add all five TLP 2.0 data marking objects to your environment, and then do something locally like you did in this pull request for all five.

For the errors here, this has to be fixed locally - only in my environment, not for the whole project?

Also, what you have done will probably not validate using the extension definition's schema or the base schema - since there is no TLP:CLEAR in TLP 1.0.

I assumed the path stix2/v21 would mean that this would only be for TLP 2, but maybe that's not correct?

Thanks again for the help.

@peasead,

I assumed the path stix2/v21 would mean that this would only be for TLP 2, but maybe that's not correct?

I am not sure what you are asking, but since TLP 2 is defined using extension definitions and they only exist in STIX 2.1 I think the answer is yes.

So is there any way to get TLP:CLEAR into this project?

Also, what you have done will probably not validate using the extension definition's schema or the base schema - since there is no TLP:CLEAR in TLP 1.0.

I assumed the path stix2/v21 would mean that this would only be for TLP 2, but maybe that's not correct?

Thanks again for the help.

Extension definitions reference schemas via the required schema property. The TLP 2 extension definition references https://github.com/oasis-open/cti-stix-common-objects/tree/master/extension-definition-specifications/tlp-2.0, which resolves to a directory; the schema is a file in that directory. TLP 2 markings which use that extension definition must be valid against that schema. Your proposed change results in a STIX object which is not schema-valid. It is also not spec-valid, since the spec says TLP markings (with definition_type="tlp", as your code has) must be one of those the spec defines. If you wanted to create a marking that way, you would have to use a different definition_type.

But definition and definition_type are deprecated properties: they should not be used anyway. The best way to do it is via the officially supported extension mechanism. That is what the objects in the common object repository do. If you wanted to add predefined objects to the library (or to your own code) which correspond to the common object repository markings, you'd have to create them with exactly that set of properties.

For example:

tlp_20_clear = stix2.MarkingDefinition(
    id="marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487",
    created="2022-10-01T00:00:00.000Z",
    name="TLP:CLEAR",
    extensions={
        "extension-definition--60a3c5c5-0d10-413e-aab3-9e08dde9e88d": {
            "extension_type": stix2.v21.vocab.EXTENSION_TYPE_PROPERTY_EXTENSION,
            "tlp_2_0": "clear"
        }
    }
)

One might also consider registering an extension object (e.g. with @CustomExtension), but you'd have to ensure somehow that the tlp_2_0 property in the extension matches with the name top-level property, so people couldn't accidentally create malformed markings. The above is just a simple demo for illustration.