-
Notifications
You must be signed in to change notification settings - Fork 0
Proposal: Add New Archive File Object
Status: Unreleased
Comment Period Closes:
Affects Backwards Compatibility: No
Relevant Issue: https://github.com/CybOXProject/schemas/issues/12
There are a number of common archive file formats (e.g. ZIP and RAR) that share similar structures. CybOX 2.0.1 does not provide a standard characterization of these files and their common set of properties.
We propose the creation of a new CybOX object capable of characterizing the common set of metadata associated with archive files.
The ArchiveFileObjectType is an extension of the FileObj:FileObjectType and will introduce a number of related fields. The archive object effectively consists of two sections, the first describing the fields that apply to the archive file itself, and the second containing 1 to n field sets for each of the files contained within the archive
There is one set of Archive Fields defined for each archive file
| Field | Type | Description |
|---|---|---|
| Archive_File_Count | int | Number of files |
| Archive_Type | enum | .rar, .zip |
| Archive_File_Name | string | Name |
| Archive_File_Size | int | File size |
| Archive_File_Timestamp | timestamp | Timestamp |
| Archive_Version | string | archive version used to create archive |
| Archive_Encryption_Algorithm | string | encryption algorithm used |
| Archive_Comment | string | comment |
For each file within an archive, there is a set of File Fields defined
| Field | Type | Description |
|---|---|---|
| File_Name | string | Name |
| File_Size | int | File size |
| File_Timestamp | timestamp | Timestamp |
| File_Encryption_Algorithm | string | encryption algorithm used |
| File_Comment | string | comment |
| File_Compression_Algorithm | string | compression algorithm |
The ArchiveFileFormatType is a union of the base xs:string type and the ArchiveFileFormatEnum. The ArchiveFileFormatEnum is intended to non-exhaustively enumerate possible types of image file format names and thus contains the following values:
| Value | Description |
|---|---|
| ZIP | .zip and .zipx archive format |
| RAR | .rar archive format |
| GZIP | .gz archive format |
| BZIP2 | .bz2 archive format |
| TAR | .tar archive format |
| 7-Zip | .7z archive format |
For the full proposed schema, please see https://github.com/tbd
There is no expected compatibility impact.
- Does it make sense to add such an object to CybOX?
- Are there any fields we should add to the
ArchiveFileObjectType? Should we change any of the types used to capture the fields we've defined? - Are there any values we should add to the
ArchiveFileFormatEnum?