-
Notifications
You must be signed in to change notification settings - Fork 0
Proposal: Add New Archive File Object
Status: Unreleased
Comment Period Closes:
Affects Backwards Compatibility: No
Relevant Issue: https://github.com/CybOXProject/schemas/issues/12
There are a number of common archive file formats (e.g. ZIP and RAR) that share similar structures. CybOX 2.0.1 does not provide a standard characterization of these files and their common set of properties.
We propose the creation of a new CybOX object capable of characterizing the common set of metadata associated with archive files.
The ArchiveFileObjectType is an extension of the FileObj:FileObjectType and will introduce a number of related fields. The archive object effectively consists of two sections, the first describing the fields that apply to the archive file itself, and the second containing 1 to n sets of fields for each of the files contained within the archive
There is one set of Archive Fields defined for each archive file
| Field | Type | Description |
|---|---|---|
| Archive_File_Count | int | Number of files contained within the archive |
| Archive_Type | enum | Method used to create the archive |
| Archive_Version | string | Version of archive type used to create archive file |
| Archive_File_Name | string | Name of the archive file |
| Archive_File_Size | int | Size of the archive file |
| Archive_File_Timestamp | timestamp | Date/time of the archive file |
| Archive_Encryption_Algorithm | string | Encryption algorithm used to encrypt archive file |
| Archive_Comment | string | Comment strings associated with archive file |
For each file within an archive, there is a set of File Fields defined
| Field | Type | Description |
|---|---|---|
| File_Name | string | Name of archived file |
| File_Size | int | Size of archived file |
| File_Timestamp | timestamp | Date/time of archived file |
| File_Encryption_Algorithm | string | Encryption algorithm used to encrypt archived file |
| File_Compression_Algorithm | string | Compression algorithm used to compress archived file |
| File_Comment | string | Comment strings associated with archived file |
The ArchiveFileFormatType is a union of the base xs:string type and the ArchiveFileFormatEnum. The ArchiveFileFormatEnum is intended to non-exhaustively enumerate possible types of image file format names and thus contains the following values:
| Value | Description |
|---|---|
| ZIP | .zip and .zipx archive format |
| RAR | .rar archive format |
| GZIP | .gz archive format |
| BZIP2 | .bz2 archive format |
| TAR | .tar archive format |
| 7-Zip | .7z archive format |
For the full proposed schema, please see https://github.com/tbd
There is no expected compatibility impact.
- There is a definite distinction between compressing files, archiving files and compressing archived files. For example, GZIP is used to compress files, TAR is used to archive files and ZIP is used to compress and archive files. In this proposal, we're Does it make sense to add such an object to CybOX?
- Are there any fields we should add to the
ArchiveFileObjectType? Should we change any of the types used to capture the fields we've defined? - Are there any values we should add to the
ArchiveFileFormatEnum?