-
Notifications
You must be signed in to change notification settings - Fork 0
Proposal: Add New Archive File Object
Status: Unreleased
Comment Period Closes:
Affects Backwards Compatibility: No
Relevant Issue: https://github.com/CybOXProject/schemas/issues/12
There are a number of common archive file formats (e.g. ZIP and RAR) that share similar structures. CybOX 2.0.1 does not provide a standard characterization of these files and their common set of properties.
We propose the creation of a new CybOX object capable of characterizing the common set of metadata associated with archive files.
The ArchiveFileObjectType
is an extension of the FileObj:FileObjectType
and will introduce a number of related fields. The archive object effectively consists of two sections, the first describing the fields that apply to the archive file itself, and the second containing 1 to n sets of fields for each of the files contained within the archive
There is one set of Archive Fields defined for each archive file
Field | Type | Description |
---|---|---|
Archive_File_Count | int | Number of files contained within the archive |
Archive_Type | enum | Method used to create the archive |
Archive_Version | string | Version of archive type used to create archive file |
Archive_File_Name | string | Name of the archive file |
Archive_File_Size | int | Size of the archive file |
Archive_File_Timestamp | timestamp | Date/time of the archive file |
Archive_Encryption_Algorithm | string | Encryption algorithm used to encrypt archive file |
Archive_Comment | string | Comment strings associated with archive file |
For each file within an archive, there is a set of File Fields defined
Field | Type | Description |
---|---|---|
File_Name | string | Name of archived file |
File_Size | int | Size of archived file |
File_Timestamp | timestamp | Date/time of archived file |
File_Encryption_Algorithm | string | Encryption algorithm used to encrypt archived file |
File_Compression_Algorithm | string | Compression algorithm used to compress archived file |
File_Comment | string | Comment strings associated with archived file |
The ArchiveFileFormatType
is a union of the base xs:string
type and the ArchiveFileFormatEnum
. The ArchiveFileFormatEnum
is intended to non-exhaustively enumerate possible types of image file format names and thus contains the following values:
Value | Description |
---|---|
ZIP | .zip and .zipx archive format |
RAR | .rar archive format |
GZIP | .gz archive format |
BZIP2 | .bz2 archive format |
TAR | .tar archive format |
7-Zip | .7z archive format |
For the full proposed schema, please see https://github.com/tbd
There is no expected compatibility impact.
- There is a definite distinction between compressing files, archiving files and compressing archived files. For example, GZIP is used to compress files, TAR is used to archive files and ZIP is used to compress and archive files. In this proposal, we're combining the two concepts into a single object which will simplify things by keeping the number of objects down, but could also raise issues as it may not cleanly support archives or compressed files. Will people be able to effectively make use of this as a single CybOX object, or would it make more sense to have ArchiveFile and CompressedFile objects and allow them to be combined as needed?
- Under this single object proposal there are a number of fields that aren't represented (e.g. CRC, compressed/uncompressed size, various flags) because they either aren't used consistently across object types, or are low level attributes that aren't efficient to represent with this approach. Are there specific fields left out that people would like to see represented?
- For the fields that are represented, are the data types appropriate?
- Are there any values that should be added to the
ArchiveFileFormatEnum
?