[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Re: Common CybOX Object Refactoring
Kirillov, Ivan A. wrote this message on Mon, Feb 22, 2016 at 15:36 +0000: > File Object > * Proposal: https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-File-Object-Refactoring > * Open questions: I was reviewing this, and hit the FileMismatchEnum part... What do you do when you have a file that is a PNG w/ a ZIP file added at the end... no mater which mime-type you pick, image/png or application/zip, there will be a mismatch... and it'll mismatch on all three: magic, extension and type.. > * Are there any additional properties that belong in the base set of properties or basic set of file system properties? > * Current consensus: no additional properties have been raised. > * Which default extensions should be included with the Object? > * Current proposed list: > * File Metadata > * EXT3 File We should probably not name this EXT3FileExtension, because that means that UFS file systems "can't" use it, or it give misleading information... It could possibly be renamed UFS, as EXT was inspired UFS, though I'm open to other suggestions... There is also no support for extended attributes... This should be added, as MacOSX makes heavy use of extended attributes to record information like where a file was downloaded from, and if it is allowed to be open w/o a security warning or not... I would say that the field name for the hash type should not be named type, otherwise it could be confused w/ the TLO type field. Maybe algo instead of type? -- John-Mark
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]