From 5c219adbe036639f6b332f1cae0339e9dd29065d Mon Sep 17 00:00:00 2001
From: ethanae <eemandien@protonmail.com>
Date: Fri, 2 Aug 2024 14:54:47 +0200
Subject: [PATCH] - add spamvertised schema

---
 .../development/spamvertised_sample.json      | 32 +++++++++++++
 schemas/development/spamvertised.schema.json  | 45 +++++++++++++++++++
 schemas/development/xarf.schema.json          |  3 ++
 3 files changed, 80 insertions(+)
 create mode 100644 samples/positive/development/spamvertised_sample.json
 create mode 100644 schemas/development/spamvertised.schema.json

diff --git a/samples/positive/development/spamvertised_sample.json b/samples/positive/development/spamvertised_sample.json
new file mode 100644
index 0000000..0235bb5
--- /dev/null
+++ b/samples/positive/development/spamvertised_sample.json
@@ -0,0 +1,32 @@
+{
+  "Version": "development",
+  "ReporterInfo": {
+    "ReporterOrg": "ExampleOrg",
+    "ReporterOrgDomain": "example.com",
+    "ReporterOrgEmail": "reports@example.com",
+    "ReporterContactEmail": "contact@example.com",
+    "ReporterContactName": "Mr. Example",
+    "ReporterContactPhone": "+ 01 000 1234567"
+  },
+  "Disclosure": true,
+  "Report": {
+    "ReportClass": "Activity",
+    "ReportType": "Spamvertised",
+    "Date": "2024-08-03T14:17:10Z",
+    "SourceIp": "192.0.2.55",
+    "SourcePort": 54321,
+    "SourceUrl": "http://bad-spamvertised.spam",
+    "DestinationIp": "198.51.100.33",
+    "DestinationPort": 25,
+    "SmtpMailFromAddress": "spamvertised@example.com",
+    "SmtpRcptToAddress": "victim@example.com",
+    "Samples": [
+      {
+        "ContentType": "message/rfc822",
+        "Base64Encoded": true,
+        "Description": "The spamvertised mail",
+        "Payload": "bWFpbA=="
+      }
+    ]
+  }
+}
diff --git a/schemas/development/spamvertised.schema.json b/schemas/development/spamvertised.schema.json
new file mode 100644
index 0000000..514f5fa
--- /dev/null
+++ b/schemas/development/spamvertised.schema.json
@@ -0,0 +1,45 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://raw.githubusercontent.com/xarf/schema-discussion/master/schemas/development/spamvertised.schema.json",
+  "title": "XARF SPAMVERTISED",
+  "description": "A format to report SPAMVERTISED events.",
+  "allOf": [
+    {
+      "$ref": "xarf_shared.schema.json#/properties/XarfBase"
+    },
+    {
+      "type": "object",
+      "properties": {
+        "Report": {
+          "allOf": [
+            {
+              "$ref": "xarf_shared.schema.json#/properties/IpAndUrlBasedReport"
+            },
+            {
+              "type": "object",
+              "properties": {
+                "ReportClass": {
+                  "type": "string",
+                  "enum": ["Activity"]
+                },
+                "ReportType": {
+                  "type": "string",
+                  "enum": ["Spamvertised"]
+                }
+              }
+            },
+            {
+              "$ref": "xarf_shared.schema.json#/properties/WithDestination"
+            },
+            {
+              "$ref": "xarf_shared.schema.json#/properties/CommonProps"
+            },
+            {
+              "$ref": "xarf_shared.schema.json#/properties/EMail"
+            }
+          ]
+        }
+      }
+    }
+  ]
+}
diff --git a/schemas/development/xarf.schema.json b/schemas/development/xarf.schema.json
index c91fcf2..98ce762 100644
--- a/schemas/development/xarf.schema.json
+++ b/schemas/development/xarf.schema.json
@@ -51,6 +51,9 @@
     },
     {
       "$ref": "harassment.schema.json"
+    },
+    {
+      "$ref": "spamvertised.schema.json"
     }
   ]
 }