Logic Errors in CybOX Objects

[c-x]

Because current objects are not atomic, that could lead to logic errors and a lot of confusion, like in the following example. Regarding the current specifications, the following object is valid (and validated by the script stix_validator.py):

<cybox:Properties xsi:type="AddressObj:AddressObjectType" category=“e-mail">
    <AddressObj:Address_Value>pouet@whatever.tld</AddressObj:Address_Value>
    <AddressObj:VLAN_Name>This is the name of a VLAN</AddressObj:VLAN_name>
</cybox:Properties>

This is a valid object mixing an email definition and a VLAN name, which in my understanding, has no meaning. Note also that I let the “Address_Value” for demonstration purpose, but the very same object is still valid without this field, which is even more awkward.

[ikiril01]

Good point. In most cases, this is due to us creating relatively abstract Objects that are intended to capture different types of entities – the upside is that we end up with a single Object, but the downside is that this makes semantic validation impossible to do in the schema itself (without additional rules via schematron or other methods). This can likely be addressed by making Objects more atomic entities, as you’ve discussed in #379.

[JasonKeirstead]

:+1: