objects.Code_Object.xsd Maven / Gradle / Ivy
The newest version!
This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org.
Code_Object
2.1
01/22/2014
The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML.
Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included.
The Code object is intended to characterize a body of computer code.
The CodeObjectType type is intended to characterize a body of computer code.
The Description field is intended for use in providing a brief description of the code that is encapsulated in this field.
The type field is intended to provide a way of specifying the type of code being characterized.
The type field is intended to provide a way of specifying the purpose or flavor of code being characterized.
The code_language field refers to the code language used in the code characterized in this field.
The Targeted_Platforms field specifies a list platforms that this code is targeted for.
The processor_family field specifies the class of processor that the code snippet is targeting. This field may be specified multiple times for code snippets that are applicable across multiple processor families.
The Discovery_Method field is intended to characterize the method and/or tool used to discover the code.
The start_address field can be used to reference the start address of the code, if it was discovered inside a binary.
The Code_Segment field encompasses any arbitrary code segment in unencoded (plaintext or binary) format. Code would typically be included here within a CDATA section.
The Code_Segment_XOR field encompasses any arbitrary code segment. Its contents should contain the actual code segment XORed with the pattern defined in the xorpattern property. This is so that the code contained in the pattern does not trigger IDS, AV, or other signature-based scanners. XOR'd Code would typically be included here within a CDATA section.
The Digital_Signatures field is optional and captures one or more digital signatures for the code.
A description of features extracted from this code segment.
CodeTypeType specifies types of code, via a union of the CodeTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
This field is optional and specifies the expected type for the value of the specified field.
Used to encapsulate a segment of code that has been XORed with a pattern in order to avoid tripping anti-virus detection.
The xor_pattern field contains a 16-hexadecimal-character hex string, which represents the pattern that the Code_Segment_XOR field should be XORed with in order to recover the actual code. The default value is 55AA55AA55AA55BB, as specified by IETF RFC 5901.
CodeTypeEnum is a (non-exhaustive) enumeration of code types.
The code represented is in the form of Source Code.
The code represented is in the form of Byte Code.
The code represented is in the form of binary code.
CodePurposeType specifies intended purposes of code, via a union of the CodePurposeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
This field is optional and specifies the expected type for the value of the specified field.
CodePurposeEnum is a (non-exhaustive) enumeration of classes of code intended purposes.
The code represented is intended as application code.
The code represented is intended as library code.
The code represented is intended as shellcode.
The code represented is intended as exploit code.
The code represented is intended for unknown purposes.
The code represented is intended for a purpose other than those listed in this enumeration.
CodeLanguageType specifies languages of code, via a union of the CodeLanguageEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
This field is optional and specifies the expected type for the value of the specified field.
The CodeLanguageEnum simple type is an (non-exhaustive) enumeration of computer code languages.
Indicates the code is written in the C programming language.
Indicates the code is written in the C++ programming language.
Indicates the code is written in the C# programming language.
Indicates the code is written in the Java programming language.
Indicates the code is written in the JSP (Java Server Pages) language.
Indicates the code is written in the Javascript programming language.
Indicates the code is written in the ASP.NET programming language.
Indicates the code is written in SQL (Standard Query Language).
Indicates the code is written in the Python programming language.
Indicates the code is written in the Perl programming language.
Indicates the code is written in the PHP programming language.
Indicates the code is written as a SOAP message.
Indicates the code is written in the Ruby programming language.
Indicates the code is written as a Shell script.
Indicates the code is written as pseudo code.
Indicates the code utilizes the .NET framework.
Indicates the code is written in an assembly language.
Indicates the code is written in XML (eXtensible Markup Language).
Indicates the code is written in HTML (HyperText Markup Language).
Indicates the code is written in a language not found in this enumeration.
ProcessorTypeType specifies relevant processor families, via a union of the ProcessorTypeEnum type and the atomic xs:string type. Its base type is the CybOX Core BaseObjectPropertyType, for permitting complex (i.e. regular-expression based) specifications.
This attribute is optional and specifies the expected type for the value of the specified property.
The ProcessorTypeEnum simple type is an (non-exhaustive) enumeration of computer processor architectures.
Indicates a x86 32bit processor.
Indicates a x86 64bit processor.
Indicates an IA (Intel Itanium) 64bit processor.
Indicates a PowerPC processor.
Indicates an ARM processor.
Indicates an Alpha processor.
Indicates a SPARC processor.
Indicates a z/Architecture (IBM) processor.
Indicates an eSi-RISC processor.
Indicates a MIPS processor.
Indicates a Motorola 68k processor.
Indicates a processor outside of this enumeration.
A list of targeted platforms.
The Targeted_Platform field specifies a particular platform that this code is targeted for.