duplicate UUIDs in playbooks

[jmgnc]

When reviewing the data, I noticed that some objects have the same uuid, but different type. I believe that most people are under the assumption that the UUID part of the identifier is unique among all objects, and that the type prefix is NOT required to make the identifier unique. As it is, if someone makes this assumption, they will not be able to use your data.

For example, in https://github.com/pan-unit42/playbook_viewer/blob/master/playbook_json/patchwork.json , the UUID, 4832076b-7a4c-4952-8853-6446de513176, is used for a relationship, a report and a campaign.

$grep 4832076b-7a4c-4952-8853-6446de513176 patchwork.json | grep id 
      "id": "relationship--4832076b-7a4c-4952-8853-6446de513176",
      "id": "report--4832076b-7a4c-4952-8853-6446de513176",
      "id": "campaign--4832076b-7a4c-4952-8853-6446de513176",

This happens in other playbooks as well.

[borgendorf]

Good eye! Also note that the STIX 2.1 Specification calls this out explicitly in section 2.9 Identifier:

The UUID part of the identifier MUST be unique across all objects produced by a given producer regardless of the type identified by the object-type prefix. Meaning, a producer MUST NOT reuse the UUID portion of the identifier for objects of different types.

[jmgnc]

Yes, this clarification was added explicitly because of cases like these.

[eiyuki]

This issue has been resolved in 7adecdc as a prerequisite for updating the Playbooks to STIX 2.1.