-
Notifications
You must be signed in to change notification settings - Fork 17
Proposal: Add is_case_sensitive attribute to PatternFieldGroup
Status: CLOSED
Comment Period Closes: 12/09/2013
Affects Backwards Compatibility: No
Relevant Issue: https://github.com/CybOXProject/schemas/issues/72
This proposal concerns CybOX patterns and a pattern author's ability to express whether a pattern is case-sensitive or not. Currently, there is no documentation or guidance regarding the case-sensitivity of CybOX patterns, nor is there a technical mechanism for declaring the case-sensitivity of a CybOX pattern. As such, Equals, DoesNotEqual, StartsWith, EndsWith, Contains, DoesNotContain, and FitsPattern pattern conditions are likely to be considered case-sensitive.
Add an is_case_sensitive attribute to the PatternFieldGroup found in the CybOX Common schema. This attribute will allow CybOX authors to declare the case-sensitivity of a pattern. Its default value with be true, indicating that a pattern should be evaluated as case-sensitive.
An example pattern would look like the following:
<!--
This pattern will evaluate to true when compared to instance data where a
File_Name field is set to "Foo.exe", "FOO.EXE", etc.
-->
<cybox:Observable id="example:Observable-58115a77-e24a-42b5-bb29-7bd66fa9655f">
<cybox:Description>This observable pattern matches files with a filename of equal to "foo.exe". This pattern is not case sensitive.</cybox:Description>
<cybox:Object id="example:Object-17e97e7c-d3e6-4139-891b-291576dc5d41">
<cybox:Properties xsi:type="FileObj:FileObjectType">
<FileObj:File_Name condition="Equals" is_case_sensitive="false">foo.exe</FileObj:File_Name>
</cybox:Properties>
</cybox:Object>
</cybox:Observable>No other datatypes are effected by this change and there are no foreseen backwards compatibility issues.
- Is this field sufficient for expressing the case-sensitivity of CybOX patterns?