Refactor/Deprecate Base DataTypes

[ikiril01]

Given that we'll likely be splitting out patterning and instances in Observables, we'll need to significantly refactor (or even deprecate) the existing DataTypes in CybOX Common, such as the StringObjectPropertyType. The biggest issue is that these types are oriented around patterning, which we'll no longer need to support in instances; this will also require making the corresponding changes to the CybOX Objects that use these types.

[ikiril01]

More concretely, this change would involve the following:

• Deprecating the following enums and attribute groups in CybOX Common associated with patterning:
  • PatternFieldGroup
  • ConditionTypeEnum
  • PatternTypeEnum
• Modifying the existing BaseObjectPropertyType in CybOX Common to remove patterning and to serve as an abstract datatype that captures metadata about defanging/observed encoding/randomness (as defined in the existing BaseObjectPropertyGroup):
  • appears_random (boolean): whether the property appears random in nature
  • is_obfuscated (boolean): whether the property has been obfuscated
  • obfuscation_algorithm_ref (string): a reference to a description of the algorithm used to obfuscate the object property
  • is_defanged (boolean): whether the property has been defanged
  • defanging_algorithm_ref (string): a reference to a description of the algorithm used to defang the object property
  • refanging_transform_type (string): the type of refanging transform specified in the refanging_transform property
  • refanging_transform (string): an automated transform that can be applied to the object property in order to refang it to its original format
  • observed_encoding (string): the encoding of the string as observed
• Defining a new set of types that extend from the BaseObjectPropertyType, for the capture of datatype-specific values:
  • BaseStringObjectPropertyType
  • extends BaseObjectPropertyType with a value field of type string
  • BaseNumberObjectPropertyType
  • extends BaseObjectPropertyType with a value field of type number
• Modifying the existing set of Object property types to extend from the new BaseStringObjectPropertyType or BaseNumberObjectPropertyType
  • AnyURIObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • Base64BinaryObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • DateObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • DateTimeObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • DoubleObjectPropertyType
  • extends from BaseNumberObjectPropertyType
  • DurationObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • FloatObjectPropertyType
  • extends from BaseNumberObjectPropertyType
  • HexBinaryObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • IntegerObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • LongObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • NameObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • NonNegativeIntegerObjectPropertyType
  • extends from BaseNumberObjectPropertyType
  • PositiveIntegerObjectPropertyType
  • extends from BaseNumberObjectPropertyType
  • StringObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • TimeObjectPropertyType
  • extends from BaseStringObjectPropertyType
  • UnsignedIntegerObjectPropertyType
  • extends from BaseNumberObjectPropertyType
  • UnsignedLongObjectPropertyType
  • extends from BaseNumberObjectPropertyType
• Updating the existing Objects (those that will be included in CybOX 3.0) to use the new datatypes

Accordingly, this would result in instance content that looks like the following (a file in this example):

{
   "size": {"value": 23134},
   "file-system-properties" : {"file_name": {"value":"test.dll",
                                             "observed_encoding":"utf-8"}}
}