Skip to content

Proposal: Add New Archive File Object

Ivan Kirillov edited this page Dec 19, 2013 · 21 revisions

Status: Open
Comment Period Closes: 01/02/2014
Affects Backwards Compatibility: No
Relevant Issue: https://github.com/CybOXProject/schemas/issues/12

Background Information

There are a number of common archive file formats (e.g. ZIP and RAR) that share similar structures. CybOX 2.0.1 does not provide a standard characterization of these files and their common set of properties.

Proposal

We propose the creation of a new CybOX object capable of characterizing the common set of metadata associated with archive files.

The ArchiveFileObjectType is an extension of the FileObj:FileObjectType and will introduce a number of related fields. The structure of an archive file object is a set of metadata pertaining to the archive, followed by 1 to n File Objects contained within the archive.

Field Type Description
Type ArchiveFileObject:ArchiveFileFormatType The method used to create the archive
Version cyboxCommon:StringObjectPropertyType Version of archive type used to create archive file
File_Count cyboxCommon:IntegerObjectPropertyType Number of files contained within the archive
Encryption_Algorithm cyboxCommon:StringObjectPropertyType Encryption algorithm used to encrypt archive file
Comment cyboxCommon:StringObjectPropertyType Comment strings associated with archive file
Archived_File FileObj:FileObjectType 0 to n File Objects within the archive

The ArchiveFileFormatType is a union of the base xs:string type and the ArchiveFileFormatEnum. The ArchiveFileFormatEnum is intended to non-exhaustively enumerate possible types of archive file format names and thus contains the following values:

Value Description
ZIP .zip and .zipx archive format
RAR .rar archive format
TAR .tar archive format
7-Zip .7z archive format
ISO .iso archive format
CAB .cab archive format

For the full proposed schema, please see https://github.com/mobhutu/schemas/blob/issue_12/objects/Archive_File_Object.xsd

Impact

There is no expected compatibility impact.

Requested Feedback

  1. As this object is meant to represent a number of archive formats under a general structure, it is not practical to represent all of the possible fields for each format. That being said, are there additional fields that should be added to the proposed structure?
  2. Are the data types appropriate for the proposed fields?
  3. Are there any values that should be added to the ArchiveFileFormatEnum?
Clone this wiki locally