Skip to content

Proposal: Add New Archive File Object

mobhutu edited this page Dec 6, 2013 · 21 revisions

Status: Unreleased
Comment Period Closes:
Affects Backwards Compatibility: No
Relevant Issue: https://github.com/CybOXProject/schemas/issues/12

Background Information

There are a number of common archive file formats (e.g. ZIP and RAR) that share similar structures. CybOX 2.0.1 does not provide a standard characterization of these files and their common set of properties.

Proposal

We propose the creation of a new CybOX object capable of characterizing the common set of metadata associated with archive files.

The ArchiveFileObjectType is an extension of the FileObj:FileObjectType and will introduce a number of related fields. The structure of an archive file object is a set of metadata pertaining to the archive, followed by 1 to n File Objects contained within the archive.

Field Type Description
Type '''ArchiveFileObject:ArchiveFileFormatType''' Method used to create the archive
Version string Version of archive type used to create archive file
File_Count int Number of files contained within the archive
Encryption_Algorithm string Encryption algorithm used to encrypt archive file
Comment string Comment strings associated with archive file
Archived_File FileObj 1 to n File Objects within the archive

The ArchiveFileFormatType is a union of the base xs:string type and the ArchiveFileFormatEnum. The ArchiveFileFormatEnum is intended to non-exhaustively enumerate possible types of image file format names and thus contains the following values:

Value Description
ZIP .zip and .zipx archive format
RAR .rar archive format
TAR .tar archive format
7-Zip .7z archive format
ISO .iso archive format
CAB .cab archive format

For the full proposed schema, please see https://github.com/mobhutu/schemas/blob/issue_12/objects/Archive_File_Object.xsd

Impact

There is no expected compatibility impact.

Requested Feedback

  1. As this object is meant to represent a number of archive formats under a general structure, it is not practical to represent all of the possible fields for each format. That being said, are there additional fields that should be added to the proposed structure?
  2. Are the data types appropriate for the proposed fields?
  3. Are there any values that should be added to the ArchiveFileFormatEnum?
Clone this wiki locally