casework · kchason · Apr 4, 2023 · Apr 4, 2023 · Apr 4, 2023
@@ -49,6 +49,8 @@ class HashDict(typing.NamedTuple):
     sha1: str
     sha256: str
     sha512: str
+    sha3_256: str
+    sha3_512: str
 
 
 def create_file_node(
@@ -141,6 +143,8 @@ def create_file_node(
             sha1obj = hashlib.sha1()
             sha256obj = hashlib.sha256()
             sha512obj = hashlib.sha512()
+            sha3_256obj = hashlib.sha3_256()
+            sha3_512obj = hashlib.sha3_512()
             stashed_error = None
             byte_tally = 0
             with open(filepath, "rb") as in_fh:
@@ -159,6 +163,8 @@ def create_file_node(
                     sha1obj.update(buf)
                     sha256obj.update(buf)
                     sha512obj.update(buf)
+                    sha3_256obj.update(buf)
+                    sha3_512obj.update(buf)
             if stashed_error is not None:
                 raise stashed_error
             current_hashdict = HashDict(
@@ -167,6 +173,8 @@ def create_file_node(
                 sha1obj.hexdigest(),
                 sha256obj.hexdigest(),
                 sha512obj.hexdigest(),
+                sha3_256obj.hexdigest(),
+                sha3_512obj.hexdigest(),
             )
             if last_hashdict == current_hashdict:
                 successful_hashdict = current_hashdict
@@ -194,18 +202,25 @@ def create_file_node(
 
         # Add confirmed hashes into graph.
         for key in successful_hashdict._fields:
-            if key not in ("md5", "sha1", "sha256", "sha512"):
+            if key not in ("md5", "sha1", "sha256", "sha512", "sha3_256", "sha3_512"):
                 continue
             n_hash = node_namespace["hash-" + case_utils.local_uuid.local_uuid()]
             graph.add((n_contentdata_facet, NS_UCO_OBSERVABLE.hash, n_hash))
             graph.add((n_hash, NS_RDF.type, NS_UCO_TYPES.Hash))
+            if key in ("sha3_256", "sha3_512"):
+                l_hash_method = rdflib.Literal(
+                    key.replace("_", "-").upper(),
+                    datatype=NS_UCO_VOCABULARY.HashNameVocab,
+                )
+            else:
+                l_hash_method = rdflib.Literal(
+                    key.upper(), datatype=NS_UCO_VOCABULARY.HashNameVocab
+                )
             graph.add(
                 (
                     n_hash,
                     NS_UCO_TYPES.hashMethod,
-                    rdflib.Literal(
-                        key.upper(), datatype=NS_UCO_VOCABULARY.HashNameVocab
-                    ),
+                    l_hash_method,
                 )
             )
             hash_value = getattr(successful_hashdict, key)

@@ -23,6 +23,12 @@
                 },
                 {
                     "@id": "kb:hash-49e81fee-c6b3-5f5f-af8b-0746d32e4932"
+                },
+                {
+                    "@id": "kb:hash-720759b8-9544-5dab-ab12-003372b17a4e"
+                },
+                {
+                    "@id": "kb:hash-b02ebdb3-edf7-5fbf-8088-3d064e316b93"
                 }
             ],
             "uco-observable:sizeInBytes": {
@@ -122,6 +128,30 @@
                 "@type": "xsd:hexBinary",
                 "@value": "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff"
             }
+        },
+        {
+            "@id": "kb:hash-720759b8-9544-5dab-ab12-003372b17a4e",
+            "@type": "uco-types:Hash",
+            "uco-types:hashMethod": {
+                "@type": "uco-vocabulary:HashNameVocab",
+                "@value": "SHA3-512"
+            },
+            "uco-types:hashValue": {
+                "@type": "xsd:hexBinary",
+                "@value": "9ece086e9bac491fac5c1d1046ca11d737b92a2b2ebd93f005d7b710110c0a678288166e7fbe796883a4f2e9b3ca9f484f521d0ce464345cc1aec96779149c14"
+            }
+        },
+        {
+            "@id": "kb:hash-b02ebdb3-edf7-5fbf-8088-3d064e316b93",
+            "@type": "uco-types:Hash",
+            "uco-types:hashMethod": {
+                "@type": "uco-vocabulary:HashNameVocab",
+                "@value": "SHA3-256"
+            },
+            "uco-types:hashValue": {
+                "@type": "xsd:hexBinary",
+                "@value": "36f028580bb02cc8272a9a020f4200e346e276ae664e45ee80745574e2f5ab80"
+            }
         }
     ]
 }
@@ -14,7 +14,9 @@ kb:content-data-facet-1833f979-1f19-5543-9d82-6cefd144b169
 		kb:hash-24644904-83ea-5911-aea8-be687a9f3caf ,
 		kb:hash-295bdeb5-7f23-5a3f-8b7f-4bb1191b7c21 ,
 		kb:hash-39127f5c-598b-51d4-a720-2e949f18f85f ,
-		kb:hash-49e81fee-c6b3-5f5f-af8b-0746d32e4932
+		kb:hash-49e81fee-c6b3-5f5f-af8b-0746d32e4932 ,
+		kb:hash-720759b8-9544-5dab-ab12-003372b17a4e ,
+		kb:hash-b02ebdb3-edf7-5fbf-8088-3d064e316b93
 		;
 	uco-observable:sizeInBytes "4"^^xsd:integer ;
 	.
@@ -70,3 +72,15 @@ kb:hash-49e81fee-c6b3-5f5f-af8b-0746d32e4932
 	uco-types:hashValue "ee26b0dd4af7e749aa1a8ee3c10ae9923f618980772e473f8819a5d4940e0db27ac185f8a0e1d5f84f88bc887fd67b143732c304cc5fa9ad8e6f57f50028a8ff"^^xsd:hexBinary ;
 	.
 
+kb:hash-720759b8-9544-5dab-ab12-003372b17a4e
+	a uco-types:Hash ;
+	uco-types:hashMethod "SHA3-512"^^uco-vocabulary:HashNameVocab ;
+	uco-types:hashValue "9ece086e9bac491fac5c1d1046ca11d737b92a2b2ebd93f005d7b710110c0a678288166e7fbe796883a4f2e9b3ca9f484f521d0ce464345cc1aec96779149c14"^^xsd:hexBinary ;
+	.
+
+kb:hash-b02ebdb3-edf7-5fbf-8088-3d064e316b93
+	a uco-types:Hash ;
+	uco-types:hashMethod "SHA3-256"^^uco-vocabulary:HashNameVocab ;
+	uco-types:hashValue "36f028580bb02cc8272a9a020f4200e346e276ae664e45ee80745574e2f5ab80"^^xsd:hexBinary ;
+	.
+
@@ -1,27 +1,76 @@
 {
   "@context": {
+    "brick": "https://brickschema.org/schema/Brick#",
+    "csvw": "http://www.w3.org/ns/csvw#",
+    "dc": "http://purl.org/dc/elements/1.1/",
+    "dcam": "http://purl.org/dc/dcam/",
+    "dcat": "http://www.w3.org/ns/dcat#",
+    "dcmitype": "http://purl.org/dc/dcmitype/",
+    "dcterms": "http://purl.org/dc/terms/",
+    "doap": "http://usefulinc.com/ns/doap#",
+    "foaf": "http://xmlns.com/foaf/0.1/",
+    "geo": "http://www.opengis.net/ont/geosparql#",
     "kb": "http://example.org/kb/",
+    "odrl": "http://www.w3.org/ns/odrl/2/",
+    "org": "http://www.w3.org/ns/org#",
     "owl": "http://www.w3.org/2002/07/owl#",
+    "prof": "http://www.w3.org/ns/dx/prof/",
+    "prov": "http://www.w3.org/ns/prov#",
+    "qb": "http://purl.org/linked-data/cube#",
     "rdf": "http://www.w3.org/1999/02/22-rdf-syntax-ns#",
     "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+    "schema": "https://schema.org/",
+    "sh": "http://www.w3.org/ns/shacl#",
+    "skos": "http://www.w3.org/2004/02/skos/core#",
+    "sosa": "http://www.w3.org/ns/sosa/",
+    "ssn": "http://www.w3.org/ns/ssn/",
+    "time": "http://www.w3.org/2006/time#",
     "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/",
     "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/",
     "uco-types": "https://ontology.unifiedcyberontology.org/uco/types/",
     "uco-vocabulary": "https://ontology.unifiedcyberontology.org/uco/vocabulary/",
+    "vann": "http://purl.org/vocab/vann/",
+    "void": "http://rdfs.org/ns/void#",
+    "wgs": "https://www.w3.org/2003/01/geo/wgs84_pos#",
     "xml": "http://www.w3.org/XML/1998/namespace",
     "xsd": "http://www.w3.org/2001/XMLSchema#"
   },
   "@graph": [
     {
-      "@id": "http://example.org/kb/hash-c77cb4f1-ac2a-52c7-b67e-016e209515cb",
+      "@id": "http://example.org/kb/content-data-facet-bda9b72d-2753-54ab-9292-e1e260be4f6d",
+      "@type": "https://ontology.unifiedcyberontology.org/uco/observable/ContentDataFacet",
+      "https://ontology.unifiedcyberontology.org/uco/observable/hash": [
+        {
+          "@id": "http://example.org/kb/hash-8ebb651a-314b-554a-b63e-78b9e69111d8"
+        },
+        {
+          "@id": "http://example.org/kb/hash-c77cb4f1-ac2a-52c7-b67e-016e209515cb"
+        },
+        {
+          "@id": "http://example.org/kb/hash-bdb2ba7d-8cb2-5591-a051-0c20d134e894"
+        },
+        {
+          "@id": "http://example.org/kb/hash-bf689e82-1cc4-507f-a6fb-7fc01b9289c6"
+        },
+        {
+          "@id": "http://example.org/kb/hash-dd2161f0-4943-55c0-b08e-a2ad8a85dce8"
+        },
+        {
+          "@id": "http://example.org/kb/hash-28dd6731-4eda-5ae7-9810-efedc7593912"
+        }
+      ],
+      "https://ontology.unifiedcyberontology.org/uco/observable/sizeInBytes": 4
+    },
+    {
+      "@id": "http://example.org/kb/hash-bdb2ba7d-8cb2-5591-a051-0c20d134e894",
       "@type": "https://ontology.unifiedcyberontology.org/uco/types/Hash",
       "https://ontology.unifiedcyberontology.org/uco/types/hashMethod": {
         "@type": "https://ontology.unifiedcyberontology.org/uco/vocabulary/HashNameVocab",
-        "@value": "SHA1"
+        "@value": "SHA256"
       },
       "https://ontology.unifiedcyberontology.org/uco/types/hashValue": {
         "@type": "http://www.w3.org/2001/XMLSchema#hexBinary",
-        "@value": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"
+        "@value": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
       }
     },
     {
@@ -37,15 +86,37 @@
       ]
     },
     {
-      "@id": "http://example.org/kb/hash-bdb2ba7d-8cb2-5591-a051-0c20d134e894",
+      "@id": "http://example.org/kb/hash-28dd6731-4eda-5ae7-9810-efedc7593912",
       "@type": "https://ontology.unifiedcyberontology.org/uco/types/Hash",
       "https://ontology.unifiedcyberontology.org/uco/types/hashMethod": {
         "@type": "https://ontology.unifiedcyberontology.org/uco/vocabulary/HashNameVocab",
-        "@value": "SHA256"
+        "@value": "SHA3-512"
       },
       "https://ontology.unifiedcyberontology.org/uco/types/hashValue": {
         "@type": "http://www.w3.org/2001/XMLSchema#hexBinary",
-        "@value": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
+        "@value": "9ece086e9bac491fac5c1d1046ca11d737b92a2b2ebd93f005d7b710110c0a678288166e7fbe796883a4f2e9b3ca9f484f521d0ce464345cc1aec96779149c14"
+      }
+    },
+    {
+      "@id": "http://example.org/kb/file-facet-a5d9606e-a5cf-5531-9462-5bed0ac4219c",
+      "@type": "https://ontology.unifiedcyberontology.org/uco/observable/FileFacet",
+      "https://ontology.unifiedcyberontology.org/uco/observable/fileName": "sample.txt",
+      "https://ontology.unifiedcyberontology.org/uco/observable/modifiedTime": {
+        "@type": "http://www.w3.org/2001/XMLSchema#dateTime",
+        "@value": "2010-01-02T03:04:56+00:00"
+      },
+      "https://ontology.unifiedcyberontology.org/uco/observable/sizeInBytes": 4
+    },
+    {
+      "@id": "http://example.org/kb/hash-8ebb651a-314b-554a-b63e-78b9e69111d8",
+      "@type": "https://ontology.unifiedcyberontology.org/uco/types/Hash",
+      "https://ontology.unifiedcyberontology.org/uco/types/hashMethod": {
+        "@type": "https://ontology.unifiedcyberontology.org/uco/vocabulary/HashNameVocab",
+        "@value": "MD5"
+      },
+      "https://ontology.unifiedcyberontology.org/uco/types/hashValue": {
+        "@type": "http://www.w3.org/2001/XMLSchema#hexBinary",
+        "@value": "098f6bcd4621d373cade4e832627b4f6"
       }
     },
     {
@@ -61,44 +132,27 @@
       }
     },
     {
-      "@id": "http://example.org/kb/content-data-facet-bda9b72d-2753-54ab-9292-e1e260be4f6d",
-      "@type": "https://ontology.unifiedcyberontology.org/uco/observable/ContentDataFacet",
-      "https://ontology.unifiedcyberontology.org/uco/observable/hash": [
-        {
-          "@id": "http://example.org/kb/hash-8ebb651a-314b-554a-b63e-78b9e69111d8"
-        },
-        {
-          "@id": "http://example.org/kb/hash-c77cb4f1-ac2a-52c7-b67e-016e209515cb"
-        },
-        {
-          "@id": "http://example.org/kb/hash-bdb2ba7d-8cb2-5591-a051-0c20d134e894"
-        },
-        {
-          "@id": "http://example.org/kb/hash-bf689e82-1cc4-507f-a6fb-7fc01b9289c6"
-        }
-      ],
-      "https://ontology.unifiedcyberontology.org/uco/observable/sizeInBytes": 4
-    },
-    {
-      "@id": "http://example.org/kb/file-facet-a5d9606e-a5cf-5531-9462-5bed0ac4219c",
-      "@type": "https://ontology.unifiedcyberontology.org/uco/observable/FileFacet",
-      "https://ontology.unifiedcyberontology.org/uco/observable/fileName": "sample.txt",
-      "https://ontology.unifiedcyberontology.org/uco/observable/modifiedTime": {
-        "@type": "http://www.w3.org/2001/XMLSchema#dateTime",
-        "@value": "2010-01-02T03:04:56+00:00"
+      "@id": "http://example.org/kb/hash-dd2161f0-4943-55c0-b08e-a2ad8a85dce8",
+      "@type": "https://ontology.unifiedcyberontology.org/uco/types/Hash",
+      "https://ontology.unifiedcyberontology.org/uco/types/hashMethod": {
+        "@type": "https://ontology.unifiedcyberontology.org/uco/vocabulary/HashNameVocab",
+        "@value": "SHA3-256"
       },
-      "https://ontology.unifiedcyberontology.org/uco/observable/sizeInBytes": 4
+      "https://ontology.unifiedcyberontology.org/uco/types/hashValue": {
+        "@type": "http://www.w3.org/2001/XMLSchema#hexBinary",
+        "@value": "36f028580bb02cc8272a9a020f4200e346e276ae664e45ee80745574e2f5ab80"
+      }
     },
     {
-      "@id": "http://example.org/kb/hash-8ebb651a-314b-554a-b63e-78b9e69111d8",
+      "@id": "http://example.org/kb/hash-c77cb4f1-ac2a-52c7-b67e-016e209515cb",
       "@type": "https://ontology.unifiedcyberontology.org/uco/types/Hash",
       "https://ontology.unifiedcyberontology.org/uco/types/hashMethod": {
         "@type": "https://ontology.unifiedcyberontology.org/uco/vocabulary/HashNameVocab",
-        "@value": "MD5"
+        "@value": "SHA1"
       },
       "https://ontology.unifiedcyberontology.org/uco/types/hashValue": {
         "@type": "http://www.w3.org/2001/XMLSchema#hexBinary",
-        "@value": "098f6bcd4621d373cade4e832627b4f6"
+        "@value": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"
       }
     }
   ]