From dabf6cea9c1e71f4995dc5ea33562c5c98b5ca99 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <jlieskov@redhat.com>
Date: Thu, 4 Aug 2016 12:41:33 +0200
Subject: [PATCH] Add support for negative values of the "instance" element of
the textfilecontent54_object and textfilecontent54_state elements
---
...ent54-support-negative-instance-values.xsd | 2571 +++++++++++++++++
1 file changed, 2571 insertions(+)
create mode 100644 x-independent-definitions-schema-txtfilecontent54-support-negative-instance-values.xsd
diff --git a/x-independent-definitions-schema-txtfilecontent54-support-negative-instance-values.xsd b/x-independent-definitions-schema-txtfilecontent54-support-negative-instance-values.xsd
new file mode 100644
index 0000000..364550f
--- /dev/null
+++ b/x-independent-definitions-schema-txtfilecontent54-support-negative-instance-values.xsd
@@ -0,0 +1,2571 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" elementFormDefault="qualified" version="5.10.1">
+ <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-common-5" schemaLocation="oval-common-schema.xsd"/>
+ <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5" schemaLocation="oval-definitions-schema.xsd"/>
+ <xsd:annotation>
+ <xsd:documentation>The following is a description of the elements, types, and attributes that compose the tests found in Open Vulnerability and Assessment Language (OVAL) that are independent of a specific piece of software. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.</xsd:documentation>
+ <xsd:documentation>The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.</xsd:documentation>
+ <xsd:appinfo>
+ <schema>Independent Definition</schema>
+ <version>5.10.1</version>
+ <date>1/27/2012 1:22:32 PM</date>
+ <terms_of_use>Copyright (c) 2002-2012, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.</terms_of_use>
+ <sch:ns prefix="oval-def" uri="http://oval.mitre.org/XMLSchema/oval-definitions-5"/>
+ <sch:ns prefix="ind-def" uri="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"/>
+ <sch:ns prefix="xsi" uri="http://www.w3.org/2001/XMLSchema-instance"/>
+ </xsd:appinfo>
+ </xsd:annotation>
+
+ <!-- =============================================================================== -->
+ <!-- ================================ FAMILY TEST ================================ -->
+ <!-- =============================================================================== -->
+ <xsd:element name="family_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The family_test element is used to check the family a certain system belongs to. This test basically allows the high level system types (window, unix, ios, etc.) to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a family_object and the optional state element specifies the metadata to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>family_test</oval:test>
+ <oval:object>family_object</oval:object>
+ <oval:state>family_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">family_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_famtst">
+ <sch:rule context="ind-def:family_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:family_object/@id"><sch:value-of select="../@id"/> - the object child element of a family_test must reference a family_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:family_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:family_state/@id"><sch:value-of select="../@id"/> - the state child element of a family_test must reference a family_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="family_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The family_object element is used by a family test to define those objects to evaluate based on a specified state. There is actually only one object relating to family and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check the family will reference the same family_object which is basically an empty object element.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="family_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The family_state element contains a single entity that is used to check the family associated with the system. The family is a high-level classification of system types.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="family" type="ind-def:EntityStateFamilyType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>This element describes the high-level system OS type to test against. Please refer to the definition of the EntityFamilyType for more information about the possible values..</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- ============================== FILE HASH TEST =============================== -->
+ <!-- =============================================================================== -->
+ <xsd:element name="filehash_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The file hash test is used to check the hashes associated with a specified file. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a filehash_object and the optional state element specifies the different hashes to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>filehash_test</oval:test>
+ <oval:object>filehash_object</oval:object>
+ <oval:state>filehash_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">filehash_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.8</oval:version>
+ <oval:reason>Replaced by the filehash58_test.</oval:reason>
+ <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_filehash_test_dep">
+ <sch:rule context="ind-def:filehash_test">
+ <sch:report test="true()">DEPRECATED TEST: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_hashtst">
+ <sch:rule context="ind-def:filehash_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:filehash_object/@id"><sch:value-of select="../@id"/> - the object child element of a filehash_test must reference a filesha1_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:filehash_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:filehash_state/@id"><sch:value-of select="../@id"/> - the state child element of a filehash_test must reference a filesha1_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="filehash_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The filehash_object element is used by a file hash test to define the specific file(s) to be evaluated. The filehash_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:documentation>A filehash_object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileBehaviors complex type for more information about specific behaviors.</xsd:documentation>
+ <xsd:documentation>The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.</xsd:documentation>
+ <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.8</oval:version>
+ <oval:reason>Replaced by the filehash58_object.</oval:reason>
+ <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_filehash_object_dep">
+ <sch:rule context="ind-def:filehash_object">
+ <sch:report test="true()">DEPRECATED OBJECT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="behaviors" type="ind-def:FileBehaviors" minOccurs="0" maxOccurs="1"/>
+ <xsd:choice>
+ <xsd:element name="filepath" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_hashobjfilepath">
+ <sch:rule context="ind-def:filehash_object/ind-def:filepath">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@max_depth or @recurse_direction])"><sch:value-of select="../@id"/> - the max_depth and recurse_direction behaviors are not allowed with a filepath entity</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ <sch:pattern id="ind-def_hashobjfilepath2">
+ <sch:rule context="ind-def:filehash_object/ind-def:filepath[not(@operation='equals' or not(@operation))]">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a filepath entity.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:sequence>
+ <xsd:element name="path" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_hashobjpath">
+ <sch:rule context="ind-def:filehash_object/ind-def:path[not(@operation='equals' or not(@operation))]">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@max_depth])"><sch:value-of select="../@id"/> - the max_depth behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_direction])"><sch:value-of select="../@id"/> - the recurse_direction behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse])"><sch:value-of select="../@id"/> - the recurse behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filename element specifies the name of the file.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_hashobjfilename">
+ <sch:rule context="ind-def:filehash_object/ind-def:filename">
+ <sch:assert test="(@var_ref and .='') or not(.='') or (.='' and @operation = 'pattern match')"><sch:value-of select="../@id"/> - filename entity cannot be empty unless the xsi:nil attribute is set to true or a var_ref is used</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="filehash_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The filehash_state element contains entities that are used to check the file path, name, and the different hashes associated with a specific file.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.8</oval:version>
+ <oval:reason>Replaced by the filehash58_state.</oval:reason>
+ <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_filehash_state_dep">
+ <sch:rule context="ind-def:filehash_state">
+ <sch:report test="true()">DEPRECATED STATE: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="filepath" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The filename element specifies the name of the file.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="md5" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The md5 element is the md5 hash of the file.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="sha1" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The sha1 element is the sha1 hash of the file.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="windows_view" type="ind-def:EntityStateWindowsViewType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The windows view value to which this was targeted. This is used to indicate which view (32-bit or 64-bit), the associated State applies to. This entity only applies to 64-bit Microsoft Windows operating systems.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- ============================ FILE HASH TEST (58) ============================ -->
+ <!-- =============================================================================== -->
+ <xsd:element name="filehash58_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The file hash test is used to check a specific hash type associated with a specified file. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a filehash58_object and the optional state element specifies an expected hash value.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>filehash58_test</oval:test>
+ <oval:object>filehash58_object</oval:object>
+ <oval:state>filehash58_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">filehash58_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_filehash58_test">
+ <sch:rule context="ind-def:filehash58_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:filehash58_object/@id"><sch:value-of select="../@id"/> - the object child element of a filehash58_test must reference a filehash58_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:filehash58_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:filehash58_state/@id"><sch:value-of select="../@id"/> - the state child element of a filehash58_test must reference a filehash58_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="filehash58_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The filehash58_object element is used by a file hash test to define the specific file(s) to be evaluated. The filehash58_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:documentation>A filehash58_object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileBehaviors complex type for more information about specific behaviors.</xsd:documentation>
+ <xsd:documentation>The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.</xsd:documentation>
+ <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_filehash58_object_verify_filter_state">
+ <sch:rule context="ind-def:filehash58_object//oval-def:filter">
+ <sch:let name="parent_object" value="ancestor::ind-def:filehash58_object"/>
+ <sch:let name="parent_object_id" value="$parent_object/@id"/>
+ <sch:let name="state_ref" value="."/>
+ <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/>
+ <sch:let name="state_name" value="local-name($reffed_state)"/>
+ <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/>
+ <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#independent') and ($state_name='filehash58_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="behaviors" type="ind-def:FileBehaviors" minOccurs="0" maxOccurs="1"/>
+ <xsd:choice>
+ <xsd:element name="filepath" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_hash58objfilepath">
+ <sch:rule context="ind-def:filehash58_object/ind-def:filepath">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@max_depth or @recurse_direction])"><sch:value-of select="../@id"/> - the max_depth and recurse_direction behaviors are not allowed with a filepath entity</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ <sch:pattern id="ind-def_hash58objfilepath2">
+ <sch:rule context="ind-def:filehash58_object/ind-def:filepath[not(@operation='equals' or not(@operation))]">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a filepath entity.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:sequence>
+ <xsd:element name="path" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The path entity specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_hash58objpath">
+ <sch:rule context="ind-def:filehash58_object/ind-def:path[not(@operation='equals' or not(@operation))]">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@max_depth])"><sch:value-of select="../@id"/> - the max_depth behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_direction])"><sch:value-of select="../@id"/> - the recurse_direction behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse])"><sch:value-of select="../@id"/> - the recurse behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filename entity specifies the name of the file.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_hash58objfilename">
+ <sch:rule context="ind-def:filehash58_object/ind-def:filename">
+ <sch:assert test="(@var_ref and .='') or not(.='') or (.='' and @operation = 'pattern match')"><sch:value-of select="../@id"/> - filename entity cannot be empty unless the xsi:nil attribute is set to true or a var_ref is used</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:choice>
+ <xsd:element name="hash_type" type="ind-def:EntityObjectHashTypeType">
+ <xsd:annotation>
+ <xsd:documentation>The hash_type entity specifies the hash algorithm to use when collecting the hash for each of the specifed files.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="filehash58_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The filehash58_state element contains entities that are used to check the file path, name, hash_type, and hash associated with a specific file.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="filepath" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The filepath entity specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The path entity specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The filename entity specifies the name of the file.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="hash_type" type="ind-def:EntityStateHashTypeType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The hash_type entity specifies the hash algorithm to use when collecting the hash for each of the specifed files.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="hash" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The hash entity specifies the result of applying the hash algorithm to the file.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="windows_view" type="ind-def:EntityStateWindowsViewType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The windows view value to which this was targeted. This is used to indicate which view (32-bit or 64-bit), the associated State applies to. This entity only applies to 64-bit Microsoft Windows operating systems.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- ======================= ENVIRONMENT VARIABLE TEST =========================== -->
+ <!-- =============================================================================== -->
+ <xsd:element name="environmentvariable_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The environmentvariable_test element is used to check an environment variable found on the system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a environmentvariable_object and the optional state element specifies the metadata to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>environmentvariable_test</oval:test>
+ <oval:object>environmentvariable_object</oval:object>
+ <oval:state>environmentvariable_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">environmentvariable_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.8</oval:version>
+ <oval:reason>Replaced by the environmentvariable58_test.</oval:reason>
+ <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_environmentvariable_test_dep">
+ <sch:rule context="ind-def:environmentvariable_test">
+ <sch:report test="true()">DEPRECATED TEST: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_envtst">
+ <sch:rule context="ind-def:environmentvariable_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:environmentvariable_object/@id"><sch:value-of select="../@id"/> - the object child element of an environmentvariable_test must reference a environmentvariable_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:environmentvariable_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:environmentvariable_state/@id"><sch:value-of select="../@id"/> - the state child element of an environmentvariable_test must reference a environmentvariable_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="environmentvariable_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The environmentvariable_object element is used by an environment variable test to define the specific environment variable(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.8</oval:version>
+ <oval:reason>Replaced by the environmentvariable58_object.</oval:reason>
+ <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_environmentvariable_object_dep">
+ <sch:rule context="ind-def:environmentvariable_object">
+ <sch:report test="true()">DEPRECATED OBJECT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:element name="name" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>This element describes the name of an environment variable.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="environmentvariable_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The environmentvariable_state element contains two entities that are used to check the name of the specified environment variable and the value associated with it.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.8</oval:version>
+ <oval:reason>Replaced by the environmentvariable58_state.</oval:reason>
+ <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_environmentvariable_state_dep">
+ <sch:rule context="ind-def:environmentvariable_state">
+ <sch:report test="true()">DEPRECATED STATE: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>This element describes the name of an environment variable.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="value" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The actual value of the specified environment variable.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- ======================= ENVIRONMENT VARIABLE TEST (58) ======================= -->
+ <!-- =============================================================================== -->
+ <xsd:element name="environmentvariable58_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The environmentvariable_test element is used to check an environment variable for the specified process, which is identified by its process ID, on the system . It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a environmentvariable_object and the optional state element specifies the metadata to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>environmentvariable58_test</oval:test>
+ <oval:object>environmentvariable58_object</oval:object>
+ <oval:state>environmentvariable58_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">environmentvariable58_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_env58tst">
+ <sch:rule context="ind-def:environmentvariable58_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:environmentvariable58_object/@id"><sch:value-of select="../@id"/> - the object child element of an environmentvariable58_test must reference a environmentvariable58_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:environmentvariable58_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:environmentvariable58_state/@id"><sch:value-of select="../@id"/> - the state child element of an environmentvariable58_test must reference a environmentvariable58_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="environmentvariable58_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The environmentvariable58_object element is used by an environmentvariable_test to define the specific environment variable(s) and process IDs to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_environmentvariable58_object_verify_filter_state">
+ <sch:rule context="ind-def:environmentvariable58_object//oval-def:filter">
+ <sch:let name="parent_object" value="ancestor::ind-def:environmentvariable58_object"/>
+ <sch:let name="parent_object_id" value="$parent_object/@id"/>
+ <sch:let name="state_ref" value="."/>
+ <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/>
+ <sch:let name="state_name" value="local-name($reffed_state)"/>
+ <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/>
+ <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#independent') and ($state_name='environmentvariable58_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="pid" type="oval-def:EntityObjectIntType" nillable="true">
+ <xsd:annotation>
+ <xsd:documentation>The process ID of the process from which the environment variable should be retrieved. If the xsi:nil attribute is set to true, the process ID shall be the tool's running process.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="name" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>This element describes the name of an environment variable.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="environmentvariable58_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The environmentvariable_state element contains three entities that are used to check the name of the specified environment variable, the process ID of the process from which the environment variable was retrieved, and the value associated with the environment variable.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="pid" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The process ID of the process from which the environment variable was retrieved.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>This element describes the name of an environment variable.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="value" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The actual value of the specified environment variable.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- ================================= LDAP TEST ================================= -->
+ <!-- =============================================================================== -->
+ <xsd:element name="ldap_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The LDAP test is used to check information about specific entries in an LDAP directory. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an ldap_object and the optional state element, ldap_state, specifies the metadata to check.</xsd:documentation>
+ <xsd:documentation>Note that this test supports only simple (string based) value collection. For more complex values see the ldap57_test.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>ldap_test</oval:test>
+ <oval:object>ldap_object</oval:object>
+ <oval:state>ldap_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">ldap_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_ldaptst">
+ <sch:rule context="ind-def:ldap_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:ldap_object/@id"><sch:value-of select="../@id"/> - the object child element of an ldap_test must reference an ldap_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:ldap_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:ldap_state/@id"><sch:value-of select="../@id"/> - the state child element of an ldap_test must reference an ldap_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType"/>
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ldap_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The ldap_object element is used by an LDAP test to define the objects to be evaluated based on a specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:documentation>Note that this object is paired with a state that supports only simple (string based) value collection. For more complex values see the ldap57_object.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="behaviors" type="ind-def:LdapBehaviors" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="suffix" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="relative_dn" type="oval-def:EntityObjectStringType" nillable="true">
+ <xsd:annotation>
+ <xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified suffix. It contains all of the parts of the object's distinguished name except those outlined by the suffix. If the xsi:nil attribute is set to true, then the object being specified is the higher level suffix. In this case, the relative_dn element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every relative distinguished name under a given suffix.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="attribute" type="oval-def:EntityObjectStringType" nillable="true">
+ <xsd:annotation>
+ <xsd:documentation>Specifies a named value contained by the object. If the xsi:nil attribute is set to true, the attribute element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every attribute under a given relative distinguished name.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ldap_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The ldap_state element defines the different information that can be used to evaluate the specified entries in an LDAP directory. An ldap_test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation>
+ <xsd:documentation>Note that this state supports only simple (string based) value collection. For more complex values see the ldap57_state.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="suffix" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="relative_dn" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified suffix. It contains all of the parts of the object's distinguished name except those outlined by the suffix.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="attribute" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Specifies a named value contained by the object.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="object_class" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The name of the class of which the object is an instance.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ldaptype" type="ind-def:EntityStateLdaptypeType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Specifies the type of information that the specified attribute represents.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="value" type="oval-def:EntityStateAnySimpleType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The actual value of the specified LDAP attribute.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="LdapBehaviors">
+ <xsd:annotation>
+ <xsd:documentation>The LdapBehaviors complex type defines a number of behaviors that allow a more detailed definition of the ldap_object being specified.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="scope" use="optional" default="BASE">
+ <xsd:annotation>
+ <xsd:documentation>'scope' defines the depth from the base distinguished name to which the search should occur. The base distinguished name is the starting point of the search and is composed of the specified suffix and relative distinguished name. A value of 'BASE' indicates to search only the entry at the base distinguished name, a value of 'ONE' indicates to search all entries one level under the base distinguished name - but NOT including the base distinguished name, and a value of 'SUBTREE' indicates to search all entries at all levels under, and including, the specified base distinguished name. The default value is 'BASE'.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="BASE"/>
+ <xsd:enumeration value="ONE"/>
+ <xsd:enumeration value="SUBTREE"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <!-- =============================================================================== -->
+ <!-- ================================= LDAP TEST (57) ============================ -->
+ <!-- =============================================================================== -->
+ <xsd:element name="ldap57_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The LDAP test is used to check information about specific entries in an LDAP directory. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an ldap57_object and the optional state element, ldap57_state, specifies the metadata to check.</xsd:documentation>
+ <xsd:documentation>Note that this test supports complex values that are in the form of a record. For simple (string based) value collection see the ldap_test.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>ldap57_test</oval:test>
+ <oval:object>ldap57_object</oval:object>
+ <oval:state>ldap57_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">ldap57_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_ldap57_test">
+ <sch:rule context="ind-def:ldap57_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:ldap57_object/@id"><sch:value-of select="../@id"/> - the object child element of an ldap57_test must reference an ldap57_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:ldap57_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:ldap57_state/@id"><sch:value-of select="../@id"/> - the state child element of an ldap57_test must reference an ldap57_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType"/>
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ldap57_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The ldap57_object element is used by an LDAP test to define the objects to be evaluated based on a specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:documentation>Note that this object supports complex values that are in the form of a record. For simple (string based) value collection see the ldap_object.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_ldap57_object_verify_filter_state">
+ <sch:rule context="ind-def:ldap57_object//oval-def:filter">
+ <sch:let name="parent_object" value="ancestor::ind-def:ldap57_object"/>
+ <sch:let name="parent_object_id" value="$parent_object/@id"/>
+ <sch:let name="state_ref" value="."/>
+ <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/>
+ <sch:let name="state_name" value="local-name($reffed_state)"/>
+ <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/>
+ <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#independent') and ($state_name='ldap57_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="behaviors" type="ind-def:LdapBehaviors" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="suffix" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="relative_dn" type="oval-def:EntityObjectStringType" nillable="true">
+ <xsd:annotation>
+ <xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified suffix. It contains all of the parts of the object's distinguished name except those outlined by the suffix. If the xsi:nil attribute is set to true, then the object being specified is the higher level suffix. In this case, the relative_dn element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every relative distinguished name under a given suffix.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="attribute" type="oval-def:EntityObjectStringType" nillable="true">
+ <xsd:annotation>
+ <xsd:documentation>Specifies a named value contained by the object. If the xsi:nil attribute is set to true, the attribute element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every attribute under a given relative distinguished name.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ldap57_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The ldap57_state element defines the different information that can be used to evaluate the specified entries in an LDAP directory. An ldap57_test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation>
+ <xsd:documentation>Note that this state supports complex values that are in the form of a record. For simple (string based) value collection see the ldap_state.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="suffix" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="relative_dn" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified suffix. It contains all of the parts of the object's distinguished name except those outlined by the suffix.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="attribute" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Specifies a named value contained by the object.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="object_class" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The name of the class of which the object is an instance.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ldaptype" type="ind-def:EntityStateLdaptypeType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Specifies the type of information that the specified attribute represents.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="value" type="oval-def:EntityStateRecordType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The actual value of the specified LDAP attribute. Note that while an LDAP attribute can contain structured data where it is necessary to collect multiple related fields that can be described by the 'record' datatype, it is not always the case. It also is possible that an LDAP attribute can contain only a single value or an array of values. In these cases, there is not a name to uniquely identify the corresponding field which is a requirement for fields in the 'record' datatype. As a result, the name of the LDAP attribute will be used to uniquely identify the field and satisfy this requirement.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_ldap57stevalue">
+ <sch:rule context="ind-def:ldap57_state/ind-def:value">
+ <sch:assert test="@datatype='record'"><sch:value-of select="../@id"/> - datatype attribute for the value entity of a ldap57_state must be 'record'</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:unique name="UniqueLdapValueFieldName">
+ <xsd:selector xpath="./oval-def:field"/>
+ <xsd:field xpath="@name"/>
+ </xsd:unique>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- ================================= SQL TEST ================================== -->
+ <!-- =============================================================================== -->
+ <xsd:element name="sql_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The sql test is used to check information stored in a database. It is often the case that applications store configuration settings in a database as opposed to a file. This test has been designed to enable those settings to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wmi_object and the optional state element specifies the metadata to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>sql_test</oval:test>
+ <oval:object>sql_object</oval:object>
+ <oval:state>sql_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">sql_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.7</oval:version>
+ <oval:reason>Replaced by the sql57_test. This test allows for single fields to be selected from a database. A new test was created to allow more than one field to be selected in one statement. See the sql57_test.</oval:reason>
+ <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_sql_test_dep">
+ <sch:rule context="ind-def:sql_test">
+ <sch:report test="true()">DEPRECATED TEST: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sqltst">
+ <sch:rule context="ind-def:sql_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:sql_object/@id"><sch:value-of select="../@id"/> - the object child element of a sql_test must reference a sql_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:sql_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:sql_state/@id"><sch:value-of select="../@id"/> - the state child element of a sql_test must reference a sql_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType"/>
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sql_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The sql_object element is used by a sql test to define the specific database and query to be evaluated. Connection information is supplied allowing the tool to connect to the desired database and a query is supplied to call out the desired setting. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.7</oval:version>
+ <oval:reason>Replaced by the sql57_object. This object allows for single fields to be selected from a database. A new object was created to allow more than one field to be selected in one statement. See the sql57_object.</oval:reason>
+ <oval:comment>This object has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_sql_object_dep">
+ <sch:rule context="ind-def:sql_object">
+ <sch:report test="true()">DEPRECATED OBJECT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="engine" type="ind-def:EntityObjectEngineType">
+ <xsd:annotation>
+ <xsd:documentation>The engine entity defines the specific database engine to use. Any tool looking to collect information about this object will need to know the engine in order to use the appropriate drivers to establish a connection.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sqlobjdengine">
+ <sch:rule context="ind-def:sql_object/ind-def:engine">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the engine entity of an sql_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="version" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The version entity defines the specific version of the database engine to use. This is also important in determining the correct driver to use for establishing a connection.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sqlobjversion">
+ <sch:rule context="ind-def:sql_object/ind-def:version">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the version entity of an sql_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="connection_string" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The connection_string entity defines specific connection parameters to be used in connecting to the database. This will help a tool connect to the correct database.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sqlobjconnection_string">
+ <sch:rule context="ind-def:sql_object/ind-def:connection_string">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the connection_string entity of an sql_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="sql" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The sql entity defines a query used to identify the object(s) to test against. Any valid SQL query is usable with one exception, at most one field is allowed in the SELECT portion of the query. For example SELECT name FROM ... is valid, as is SELECT 'true' FROM ..., but SELECT name, number FROM ... is not valid. This is because the result element in the data section is only designed to work against a single field.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sqlobjsql">
+ <sch:rule context="ind-def:sql_object/ind-def:sql">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the sql entity of an sql_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sql_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The sql_state element contains two entities that are used to check the name of the specified field and the value associated with it.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.7</oval:version>
+ <oval:reason>Replaced by the sql57_state. This state allows for single fields to be selected from a database. A new state was created to allow more than one field to be selected in one statement. See the sql57_state.</oval:reason>
+ <oval:comment>This state has been deprecated and may be removed in a future version of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_sql_state_dep">
+ <sch:rule context="ind-def:sql_state">
+ <sch:report test="true()">DEPRECATED STATE: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="engine" type="ind-def:EntityStateEngineType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The engine entity defines a specific database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="version" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The version entity defines a specific version of a given database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="connection_string" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The connection_string entity defines a set of parameters that help identify the connection to the database.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="sql" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>the sql entity defines a query used to identify the object(s) to test against.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="result" type="oval-def:EntityStateAnySimpleType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The result entity specifies how to test objects in the result set of the specified SQL statement. Only one comparable field is allowed. So if the SQL statement look like 'SELECT name FROM ...', then a result entity with a value of 'Fred' would test the set of 'name' values returned by the SQL statement against the value 'Fred'.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- ================================= SQL TEST (57) ============================= -->
+ <!-- =============================================================================== -->
+ <xsd:element name="sql57_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The sql test is used to check information stored in a database. It is often the case that applications store configuration settings in a database as opposed to a file. This test has been designed to enable those settings to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wmi_object and the optional state element specifies the metadata to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>sql57_test</oval:test>
+ <oval:object>sql57_object</oval:object>
+ <oval:state>sql57_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">sql57_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sql57_test">
+ <sch:rule context="ind-def:sql57_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:sql57_object/@id"><sch:value-of select="../@id"/> - the object child element of a sql57_test must reference a sql57_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:sql57_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:sql57_state/@id"><sch:value-of select="../@id"/> - the state child element of a sql57_test must reference a sql57_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType"/>
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sql57_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The sql57_object element is used by a sql test to define the specific database and query to be evaluated. Connection information is supplied allowing the tool to connect to the desired database and a query is supplied to call out the desired setting. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sql57_object_verify_filter_state">
+ <sch:rule context="ind-def:sql57_object//oval-def:filter">
+ <sch:let name="parent_object" value="ancestor::ind-def:sql57_object"/>
+ <sch:let name="parent_object_id" value="$parent_object/@id"/>
+ <sch:let name="state_ref" value="."/>
+ <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/>
+ <sch:let name="state_name" value="local-name($reffed_state)"/>
+ <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/>
+ <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#independent') and ($state_name='sql57_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="engine" type="ind-def:EntityObjectEngineType">
+ <xsd:annotation>
+ <xsd:documentation>The engine entity defines the specific database engine to use. Any tool looking to collect information about this object will need to know the engine in order to use the appropriate drivers to establish a connection.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sql57_object_dengine">
+ <sch:rule context="ind-def:sql57_object/ind-def:engine">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the engine entity of an sql57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="version" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The version entity defines the specific version of the database engine to use. This is also important in determining the correct driver to use for establishing a connection.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sql57_object_version">
+ <sch:rule context="ind-def:sql57_object/ind-def:version">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the version entity of an sql57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="connection_string" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The connection_string entity defines specific connection parameters to be used in connecting to the database. This will help a tool connect to the correct database.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sql57_object_connection_string">
+ <sch:rule context="ind-def:sql57_object/ind-def:connection_string">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the connection_string entity of an sql57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="sql" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The sql entity defines a query used to identify the object(s) to test against. Any valid SQL query is usable with one exception, all fields must be named in the SELECT portion of the query. For example, SELECT name, number FROM ... is valid. However, SELECT * FROM ... is not valid. This is because the record element in the state and item require a unique field name value to ensure that any query results can be evaluated consistently.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sql57_object_sql">
+ <sch:rule context="ind-def:sql57_object/ind-def:sql">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the sql entity of an sql57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="sql57_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The sql57_state element contains two entities that are used to check the name of the specified field and the value associated with it.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="engine" type="ind-def:EntityStateEngineType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The engine entity defines a specific database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="version" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The version entity defines a specific version of a given database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="connection_string" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The connection_string entity defines a set of parameters that help identify the connection to the database.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="sql" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>the sql entity defines a query used to identify the object(s) to test against.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="result" type="oval-def:EntityStateRecordType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The result entity specifies how to test objects in the result set of the specified SQL statement.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_sql57steresult">
+ <sch:rule context="ind-def:sql57_state/ind-def:result">
+ <sch:assert test="@datatype='record'"><sch:value-of select="../@id"/> - datatype attribute for the result entity of a sql57_state must be 'record'</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:unique name="UniqueSqlResultFieldName">
+ <xsd:selector xpath="./oval-def:field"/>
+ <xsd:field xpath="@name"/>
+ </xsd:unique>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- ========================== TEXT FILE CONTENT TEST (54) ======================= -->
+ <!-- =============================================================================== -->
+ <xsd:element name="textfilecontent54_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The textfilecontent54_test element is used to check the contents of a text file (aka a configuration file) by looking at individual blocks of text. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a textfilecontent54_object and the optional state element specifies the metadata to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>textfilecontent54_test</oval:test>
+ <oval:object>textfilecontent54_object</oval:object>
+ <oval:state>textfilecontent54_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">textfilecontent_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_txt54tst">
+ <sch:rule context="ind-def:textfilecontent54_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:textfilecontent54_object/@id"><sch:value-of select="../@id"/> - the object child element of a textfilecontent54_test must reference a textfilecontent54_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:textfilecontent54_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:textfilecontent54_state/@id"><sch:value-of select="../@id"/> - the state child element of a textfilecontent54_test must reference a textfilecontent54_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="textfilecontent54_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The textfilecontent54_object element is used by a textfilecontent_test to define the specific block(s) of text of a file(s) to be evaluated. The textfilecontent54_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:documentation>The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.</xsd:documentation>
+ <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_textfilecontent54_object_verify_filter_state">
+ <sch:rule context="ind-def:textfilecontent54_object//oval-def:filter">
+ <sch:let name="parent_object" value="ancestor::ind-def:textfilecontent54_object"/>
+ <sch:let name="parent_object_id" value="$parent_object/@id"/>
+ <sch:let name="state_ref" value="."/>
+ <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/>
+ <sch:let name="state_name" value="local-name($reffed_state)"/>
+ <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/>
+ <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#independent') and ($state_name='textfilecontent54_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="behaviors" type="ind-def:Textfilecontent54Behaviors" minOccurs="0" maxOccurs="1"/>
+ <xsd:choice>
+ <xsd:element name="filepath" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_txt54objfilepath">
+ <sch:rule context="ind-def:textfilecontent54_object/ind-def:filepath">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@max_depth or @recurse_direction])"><sch:value-of select="../@id"/> - the max_depth and recurse_direction behaviors are not allowed with a filepath entity</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ <sch:pattern id="ind-def_txt54objfilepath2">
+ <sch:rule context="ind-def:textfilecontent54_object/ind-def:filepath[not(@operation='equals' or not(@operation))]">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a filepath entity.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:sequence>
+ <xsd:element name="path" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_txt54objpath">
+ <sch:rule context="ind-def:textfilecontent54_object/ind-def:path[not(@operation='equals' or not(@operation))]">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@max_depth])"><sch:value-of select="../@id"/> - the max_depth behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_direction])"><sch:value-of select="../@id"/> - the recurse_direction behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse])"><sch:value-of select="../@id"/> - the recurse behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filename entity specifies the name of a file.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_txt54objfilename">
+ <sch:rule context="ind-def:textfilecontent54_object/ind-def:filename">
+ <sch:assert test="(@var_ref and .='') or not(.='') or (.='' and @operation = 'pattern match')"><sch:value-of select="../@id"/> - filename entity cannot be empty unless the xsi:nil attribute is set to true or a var_ref is used</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:choice>
+ <xsd:element name="pattern" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The pattern entity defines a chunk of text in a file and is represented using a regular expression. A subexpression (using parentheses) can call out a piece of the text block to test. For example, the pattern abc(.*)xyz would look for a block of text in the file that starts with abc and ends with xyz, with the subexpression being all the characters that exist in between. The value of the subexpression can then be tested using the subexpression entity of a textfilecontent54_state. Note that if the pattern, starting at the same point in the file, matches more than one block of text, then it matches the longest. For example, given a file with abcdefxyzxyzabc, then the pattern abc(.*)xyz would match the block abcdefxyzxyz. Subexpressions also match the longest possible substrings, subject to the constraint that the whole match be as long as possible, with subexpressions starting earlier in the pattern taking priority over ones starting later.</xsd:documentation>
+ <xsd:documentation>Note that when using regular expressions, OVAL supports a common subset of the regular expression character classes, operations, expressions and other lexical tokens defined within Perl 5's regular expression specification. For more information on the supported regular expression syntax in OVAL see: http://oval.mitre.org/language/about/re_support_5.6.html.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_txt54objpattern">
+ <sch:rule context="ind-def:textfilecontent54_object/ind-def:pattern">
+ <sch:assert test="@operation='pattern match'"><sch:value-of select="../@id" /> - operation attribute for the pattern entity of a textfilecontent54_object should be 'pattern match'</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="instance" type="oval-def:EntityObjectIntType">
+ <xsd:annotation>
+ <xsd:documentation>The instance entity calls out a specific match of the pattern. It can have both positive and negative values. If the value is positive, the index of the specific match of the pattern is counted from the beginning of the set of matches of that pattern. The first match is given an instance value of 1, the second match is given an instance value of 2, and so on. If the value is negative, the index of the specific match of the pattern is counted from the end of the set of matches of that pattern. The last match is given an instance of -1, the penultimate match is given an instance value of -2, and so on. Note that the main purpose of this entity is to provide uniqueness for different textfilecontent_items that results from multiple matches of a given pattern against the same file. Most likely this entity will be defined as greater than or equal to 1 which would result in the object representing the set of all matches of the pattern.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="textfilecontent54_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The textfilecontent54_state element contains entities that are used to check the file path and name, as well as the text block in question and the value of the subexpressions.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="filepath" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The filename entity represents the name of a file.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="pattern" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The pattern entity represents a regular expression that is used to define a block of text.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="instance" type="oval-def:EntityStateIntType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The instance entity calls out a specific match of the pattern. The first match is given an instance value of 1, the second match is given an instance value of 2, and so on. The last match is given an instance of -1, the penultimate match is given an instance value of -2, and so on.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="text" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The text entity represents the block of text that matched the specified pattern.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="subexpression" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The subexpression entity represents a value to test against the subexpression in the specified pattern. If multiple subexpressions are specified in the pattern, this value is tested against all of them. For example, if the pattern abc(.*)mno(.*)xyp was supplied, and the state specifies a subexpression value of enabled, then the test would check that both (or at least one, none, etc. depending on the entity_check attribute) of the subexpressions have a value of enabled. </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="windows_view" type="ind-def:EntityStateWindowsViewType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The windows view value to which this was targeted. This is used to indicate which view (32-bit or 64-bit), the associated State applies to. This entity only applies to 64-bit Microsoft Windows operating systems.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="Textfilecontent54Behaviors">
+ <xsd:annotation>
+ <xsd:documentation>The Textfilecontent54Behaviors complex type defines a number of behaviors that allow a more detailed definition of the textfilecontent54_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.</xsd:documentation>
+ <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation>
+ <xsd:documentation>The Textfilecontent54Behaviors extend the ind-def:FileBehaviors and therefore include the behaviors defined by that type.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexContent>
+ <xsd:extension base="ind-def:FileBehaviors">
+ <xsd:attribute name="ignore_case" type="xsd:boolean" use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>'ignore_case' indicates whether case should be considered when matching system values against the regular expression provided by the pattern entity. This behavior is intended to align with the Perl regular expression 'i' modifier: if true, case will be ignored. If false, case will not be ignored. The default is false.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="multiline" type="xsd:boolean" use="optional" default="true">
+ <xsd:annotation>
+ <xsd:documentation>'multiline' enables multiple line semantics in the regular expression provided by the pattern entity. This behavior is intended to align with the Perl regular expression 'm' modifier: if true, the '^' and '$' metacharacters will match both at the beginning/end of a string, and immediately after/before newline characters. If false, they will match only at the beginning/end of a string. The default is true.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="singleline" type="xsd:boolean" use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>'singleline' enables single line semantics in the regular expression provided by the pattern entity. This behavior is intended to align with the Perl regular expression 's' modifier: if true, the '.' metacharacter will match newlines. If false, it will not. The default is false.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <!-- =============================================================================== -->
+ <!-- ========================== TEXT FILE CONTENT TEST =========================== -->
+ <!-- =============================================================================== -->
+ <xsd:element name="textfilecontent_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The textfilecontent_test element is used to check the contents of a text file (aka a configuration file) by looking at individual lines. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a textfilecontent_object and the optional state element specifies the metadata to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>textfilecontent_test</oval:test>
+ <oval:object>textfilecontent_object</oval:object>
+ <oval:state>textfilecontent_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">textfilecontent_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.4</oval:version>
+ <oval:reason>Replaced by the textfilecontent54_test. Support for multi-line pattern matching and multi-instance matching was added. Therefore, a new test was created to reflect these changes. See the textfilecontent54_test.</oval:reason>
+ <oval:comment>This test has been deprecated and will be removed in version 6.0 of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_txttst_dep">
+ <sch:rule context="ind-def:textfilecontent_test">
+ <sch:report test="true()">DEPRECATED TEST: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_txttst">
+ <sch:rule context="ind-def:textfilecontent_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:textfilecontent_object/@id"><sch:value-of select="../@id"/> - the object child element of a textfilecontent_test must reference a textfilecontent_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:textfilecontent_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:textfilecontent_state/@id"><sch:value-of select="../@id"/> - the state child element of a textfilecontent_test must reference a textfilecontent_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="textfilecontent_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The textfilecontent_object element is used by a text file content test to define the specific line(s) of a file(s) to be evaluated. The textfilecontent_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.4</oval:version>
+ <oval:reason>Replaced by the textfilecontent54_object. Support for multi-line pattern matching and multi-instance matching was added. Therefore, a new object was created to reflect these changes. See the textfilecontent54_object.</oval:reason>
+ <oval:comment>This object has been deprecated and will be removed in version 6.0 of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_txtobj_dep">
+ <sch:rule context="ind-def:textfilecontent_object">
+ <sch:report test="true()">DEPRECATED OBJECT: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="behaviors" type="ind-def:FileBehaviors" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="path" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filename element specifies the name of the file.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_txtobjfilename">
+ <sch:rule context="ind-def:textfilecontent_object/ind-def:filename">
+ <sch:assert test="(@var_ref and .='') or not(.='') or (.='' and @operation = 'pattern match')"><sch:value-of select="../@id"/> - filename entity cannot be empty unless the xsi:nil attribute is set to true or a var_ref is used</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="line" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The line element represents a line in the file and is represented using a regular expression. A single subexpression can be called out using parentheses. The value of this subexpression can then be checked using a textfilecontent_state.</xsd:documentation>
+ <xsd:documentation>Note that when using regular expressions, OVAL supports a common subset of the regular expression character classes, operations, expressions and other lexical tokens defined within Perl 5's regular expression specification. For more information on the supported regular expression syntax in OVAL see: http://oval.mitre.org/language/about/re_support_5.6.html.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_txtobjline">
+ <sch:rule context="ind-def:textfilecontent_object/ind-def:line">
+ <sch:assert test="@operation='pattern match'"><sch:value-of select="../@id" /> - operation attribute for the line entity of a textfilecontent_object should be 'pattern match'</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="textfilecontent_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The textfilecontent_state element contains entities that are used to check the file path and name, as well as the line in question and the value of the specific subexpression.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.4</oval:version>
+ <oval:reason>Replaced by the textfilecontent54_state. Support for multi-line pattern matching and multi-instance matching was added. Therefore, a new state was created to reflect these changes. See the textfilecontent54_state.</oval:reason>
+ <oval:comment>This state has been deprecated and will be removed in version 6.0 of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_txtste_dep">
+ <sch:rule context="ind-def:textfilecontent_state">
+ <sch:report test="true()">DEPRECATED STATE: <sch:value-of select="name()"/> ID: <sch:value-of select="@id"/></sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The name of the file.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="line" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The line element represents a line in the file that was collected.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="subexpression" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>Each subexpression in the regular expression of the line element is then tested against the value specified in the subexpression element.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="windows_view" type="ind-def:EntityStateWindowsViewType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The windows view value to which this was targeted. This is used to indicate which view (32-bit or 64-bit), the associated State applies to. This entity only applies to 64-bit Microsoft Windows operating systems.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- =============================== UNKNOWN TEST ================================ -->
+ <!-- =============================================================================== -->
+ <xsd:element name="unknown_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>An unknown_test acts as a placeholder for tests whose implementation is unknown. This test always evaluates to a result of 'unknown'. Any information that is known about the test should be held in the notes child element that is available through the extension of the abstract test element. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. Note that for an unknown_test, the required check attribute that is part of the extended TestType should be ignored during evaluation and hence can be set to any valid value.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- =============================== VARIABLE TEST =============================== -->
+ <!-- =============================================================================== -->
+ <xsd:element name="variable_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The variable test allows the value of a variable to be compared to a defined value. As an example one might use this test to validate that a variable being passed in from an external source falls within a specified range. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a variable_object and the optional state element specifies the value to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>variable_test</oval:test>
+ <oval:object>variable_object</oval:object>
+ <oval:state>variable_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">variable_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_vattst">
+ <sch:rule context="ind-def:variable_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:variable_object/@id"><sch:value-of select="../@id"/> - the object child element of a variable_test must reference a variable_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:variable_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:variable_state/@id"><sch:value-of select="../@id"/> - the state child element of a variable_test must reference a variable_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="variable_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation/>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_variable_object_verify_filter_state">
+ <sch:rule context="ind-def:variable_object//oval-def:filter">
+ <sch:let name="parent_object" value="ancestor::ind-def:variable_object"/>
+ <sch:let name="parent_object_id" value="$parent_object/@id"/>
+ <sch:let name="state_ref" value="."/>
+ <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/>
+ <sch:let name="state_name" value="local-name($reffed_state)"/>
+ <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/>
+ <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#independent') and ($state_name='variable_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="var_ref" type="ind-def:EntityObjectVariableRefType">
+ <xsd:annotation>
+ <xsd:documentation>The id of the variable you want.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_varobjvar_ref">
+ <sch:rule context="ind-def:variable_object/ind-def:var_ref">
+ <sch:assert test="not(@var_ref)"><sch:value-of select="../@id"/> - var_ref attribute for the var_ref entity of a variable_object is prohibited.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ <sch:pattern id="ind-def_varobjvar_ref_exists">
+ <sch:rule context="ind-def:variable_object/ind-def:var_ref">
+ <sch:let name="varId" value="."/>
+ <sch:assert test="ancestor::oval-def:oval_definitions/oval-def:variables/*[@id = $varId]"><sch:value-of select="../@id"/> - referenced variable <sch:value-of select="."/> not found. The var_ref entity must hold a variable id that exists in the document.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="variable_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The variable_state element contains two entities that are used to check the var_ref of the specified varible and the value associated with it.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="var_ref" type="ind-def:EntityStateVariableRefType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The id of the variable.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_varstevar_ref">
+ <sch:rule context="ind-def:variable_state/ind-def:var_ref">
+ <sch:assert test="not(@var_ref)"><sch:value-of select="../@id"/> - var_ref attribute for the var_ref entity of a variable_state is prohibited.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ <sch:pattern id="ind-def_varstevar_ref_exists">
+ <sch:rule context="ind-def:variable_state/ind-def:var_ref">
+ <sch:let name="varId" value="."/>
+ <sch:assert test="ancestor::oval-def:oval_definitions/oval-def:variables/*[@id = $varId]"><sch:value-of select="../@id"/> - referenced variable <sch:value-of select="."/> not found. The var_ref entity must hold a variable id that exists in the document.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="value" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The value of the variable.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- =========================== XML FILE CONTENT TEST =========================== -->
+ <!-- =============================================================================== -->
+ <xsd:element name="xmlfilecontent_test" substitutionGroup="oval-def:test">
+ <xsd:annotation>
+ <xsd:documentation>The xmlfilecontent_test element is used to explore the contents of an xml file. This test allows specific pieces of an xml document specified using xpath to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a xmlfilecontent_object and the optional state element specifies the metadata to check.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:element_mapping>
+ <oval:test>xmlfilecontent_test</oval:test>
+ <oval:object>xmlfilecontent_object</oval:object>
+ <oval:state>xmlfilecontent_state</oval:state>
+ <oval:item target_namespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">xmlfilecontent_item</oval:item>
+ </oval:element_mapping>
+ </xsd:appinfo>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_xmltst">
+ <sch:rule context="ind-def:xmlfilecontent_test/ind-def:object">
+ <sch:assert test="@object_ref=ancestor::oval-def:oval_definitions/oval-def:objects/ind-def:xmlfilecontent_object/@id"><sch:value-of select="../@id"/> - the object child element of a xmlfilecontent_test must reference a xmlfilecontent_object</sch:assert>
+ </sch:rule>
+ <sch:rule context="ind-def:xmlfilecontent_test/ind-def:state">
+ <sch:assert test="@state_ref=ancestor::oval-def:oval_definitions/oval-def:states/ind-def:xmlfilecontent_state/@id"><sch:value-of select="../@id"/> - the state child element of a xmlfilecontent_test must reference a xmlfilecontent_state</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:TestType">
+ <xsd:sequence>
+ <xsd:element name="object" type="oval-def:ObjectRefType" />
+ <xsd:element name="state" type="oval-def:StateRefType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="xmlfilecontent_object" substitutionGroup="oval-def:object">
+ <xsd:annotation>
+ <xsd:documentation>The xmlfilecontent_object element is used by a xml file content test to define the specific piece of an xml file(s) to be evaluated. The xmlfilecontent_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
+ <xsd:documentation>The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.</xsd:documentation>
+ <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_xmlfilecontent_object_verify_filter_state">
+ <sch:rule context="ind-def:xmlfilecontent_object//oval-def:filter">
+ <sch:let name="parent_object" value="ancestor::ind-def:xmlfilecontent_object"/>
+ <sch:let name="parent_object_id" value="$parent_object/@id"/>
+ <sch:let name="state_ref" value="."/>
+ <sch:let name="reffed_state" value="ancestor::oval-def:oval_definitions/oval-def:states/*[@id=$state_ref]"/>
+ <sch:let name="state_name" value="local-name($reffed_state)"/>
+ <sch:let name="state_namespace" value="namespace-uri($reffed_state)"/>
+ <sch:assert test="(($state_namespace='http://oval.mitre.org/XMLSchema/oval-definitions-5#independent') and ($state_name='xmlfilecontent_state'))">State referenced in filter for <sch:value-of select="name($parent_object)"/> '<sch:value-of select="$parent_object_id"/>' is of the wrong type. </sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:ObjectType">
+ <xsd:sequence>
+ <xsd:choice>
+ <xsd:element ref="oval-def:set"/>
+ <xsd:sequence>
+ <xsd:element name="behaviors" type="ind-def:FileBehaviors" minOccurs="0" maxOccurs="1"/>
+ <xsd:choice>
+ <xsd:element name="filepath" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_xmlobjfilepath">
+ <sch:rule context="ind-def:xmlfilecontent_object/ind-def:filepath">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@max_depth or @recurse_direction])"><sch:value-of select="../@id"/> - the max_depth and recurse_direction behaviors are not allowed with a filepath entity</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ <sch:pattern id="ind-def_xmlobjfilepath2">
+ <sch:rule context="ind-def:xmlfilecontent_object/ind-def:filepath[not(@operation='equals' or not(@operation))]">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a filepath entity.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:sequence>
+ <xsd:element name="path" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_xmlobjpath">
+ <sch:rule context="ind-def:xmlfilecontent_object/ind-def:path[not(@operation='equals' or not(@operation))]">
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_file_system='defined'])"><sch:value-of select="../@id"/> - the recurse_file_system behavior MUST not be set to 'defined' when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@max_depth])"><sch:value-of select="../@id"/> - the max_depth behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse_direction])"><sch:value-of select="../@id"/> - the recurse_direction behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ <sch:assert test="not(preceding-sibling::ind-def:behaviors[@recurse])"><sch:value-of select="../@id"/> - the recurse behavior MUST not be used when a pattern match is used with a path entity.</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>The filename element specifies the name of the file.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_xmlobjfilename">
+ <sch:rule context="ind-def:xmlfilecontent_object/ind-def:filename">
+ <sch:assert test="(@var_ref and .='') or not(.='') or (.='' and @operation = 'pattern match')"><sch:value-of select="../@id"/> - filename entity cannot be empty unless the xsi:nil attribute is set to true or a var_ref is used</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:choice>
+ <xsd:element name="xpath" type="oval-def:EntityObjectStringType">
+ <xsd:annotation>
+ <xsd:documentation>Specifies an Xpath expression describing the text node(s) or attribute(s) to look at. Any valid Xpath 1.0 statement is usable with one exception, at most one field may be identified in the Xpath. This is because the value_of element in the data section is only designed to work against a single field. The only valid operator for xpath is equals since there is an infinite number of possible xpaths and determinining all those that do not equal a give xpath would be impossible.</xsd:documentation>
+ <xsd:appinfo>
+ <sch:pattern id="ind-def_xmlobjxpath">
+ <sch:rule context="ind-def:xmlfilecontent_object/ind-def:xpath">
+ <sch:assert test="not(@operation) or @operation='equals'"><sch:value-of select="../@id"/> - operation attribute for the xpath entity of a xmlfilecontent_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)</sch:assert>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element ref="oval-def:filter" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="xmlfilecontent_state" substitutionGroup="oval-def:state">
+ <xsd:annotation>
+ <xsd:documentation>The xmlfilecontent_state element contains entities that are used to check the file path and name, as well as the xpath used and the value of the this xpath.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="oval-def:StateType">
+ <xsd:sequence>
+ <xsd:element name="filepath" type="oval-def:EntityStateStringType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="path" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The path element specifies the directory component of the absolute path to a file on the machine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="filename" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The filename element specifies the name of the file.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="xpath" type="oval-def:EntityStateStringType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>Specifies an Xpath expression describing the text node(s) or attribute(s) to look at.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="value_of" type="oval-def:EntityStateAnySimpleType" minOccurs="0" maxOccurs="1">
+ <xsd:annotation>
+ <xsd:documentation>The value_of element checks the value(s) of the text node(s) or attribute(s) found.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="windows_view" type="ind-def:EntityStateWindowsViewType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>The windows view value to which this was targeted. This is used to indicate which view (32-bit or 64-bit), the associated State applies to. This entity only applies to 64-bit Microsoft Windows operating systems.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <!-- =============================================================================== -->
+ <!-- =============================================================================== -->
+ <!-- =============================================================================== -->
+ <xsd:complexType name="FileBehaviors">
+ <xsd:annotation>
+ <xsd:documentation>The FileBehaviors complex type defines a number of behaviors that allow a more detailed definition of a set of files or file related items to collect. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.</xsd:documentation>
+ <xsd:documentation>It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="max_depth" use="optional" default="-1">
+ <xsd:annotation>
+ <xsd:documentation>'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. For a 'max_depth' of -1 or any value of 1 or more the starting directory must be considered in the recursive search.</xsd:documentation>
+ <xsd:documentation>Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recursion off.</xsd:documentation>
+ <xsd:documentation>Note that this behavior only applies with the equality operation on the path entity.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:integer">
+ <xsd:fractionDigits value="0"/>
+ <xsd:minInclusive value="-1"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="recurse" use="optional" default="symlinks and directories">
+ <xsd:annotation>
+ <xsd:documentation>'recurse' defines how to recurse into the path entity, in other words what to follow during recursion. Options include symlinks, directories, or both. Note that a max-depth other than 0 has to be specified for recursion to take place and for this attribute to mean anything. Also note that this behavior does not apply to Windows systems since they do not support symbolic links. On Windows systems the 'recurse' behavior is always equivalent to directories.</xsd:documentation>
+ <xsd:documentation>Note that this behavior only applies with the equality operation on the path entity.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="directories"/>
+ <xsd:enumeration value="symlinks"/>
+ <xsd:enumeration value="symlinks and directories"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="recurse_direction" use="optional" default="none">
+ <xsd:annotation>
+ <xsd:documentation>'recurse_direction' defines the direction to recurse, either 'up' to parent directories, or 'down' into child directories. The default value is 'none' for no recursion.</xsd:documentation>
+ <xsd:documentation>Note that this behavior only applies with the equality operation on the path entity.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="none"/>
+ <xsd:enumeration value="up"/>
+ <xsd:enumeration value="down"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="recurse_file_system" use="optional" default="all">
+ <xsd:annotation>
+ <xsd:documentation>'recurse_file_system' defines the file system limitation of any searching and applies to all operations as specified on the path or filepath entity. The value of 'local' limits the search scope to local file systems (as opposed to file systems mounted from an external system). The value of 'defined' keeps any recursion within the file system that the file_object (path+filename or filepath) has specified. The value of 'defined' only applies when an equality operation is used for searching because the path or filepath entity must explicitly define a file system. The default value is 'all' meaning to search all available file systems for data collection.</xsd:documentation>
+ <xsd:documentation>Note that in most cases it is recommended that the value of 'local' be used to ensure that file system searching is limited to only the local file systems. Searching 'all' file systems may have performance implications.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="all"/>
+ <xsd:enumeration value="local"/>
+ <xsd:enumeration value="defined"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="windows_view" use="optional" default="64_bit">
+ <xsd:annotation>
+ <xsd:documentation>64-bit versions of Windows provide an alternate file system and registry views to 32-bit applications. This behavior allows the OVAL Object to specify which view should be examined. This behavior only applies to 64-bit Windows, and must not be applied on other platforms.</xsd:documentation>
+ <xsd:documentation>Note that the values have the following meaning: '64_bit' – Indicates that the 64-bit view on 64-bit Windows operating systems must be examined. On a 32-bit system, the Object must be evaluated without applying the behavior. '32_bit' – Indicates that the 32-bit view must be examined. On a 32-bit system, the Object must be evaluated without applying the behavior. It is recommended that the corresponding 'windows_view' entity be set on the OVAL Items that are collected when this behavior is used to distinguish between the OVAL Items that are collected in the 32-bit or 64-bit views.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="32_bit"/>
+ <xsd:enumeration value="64_bit"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="EntityObjectEngineType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityObjectEngineType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a valid database engine. The empty string is also allowed to support empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityStateStringType">
+ <xsd:enumeration value="access">
+ <xsd:annotation>
+ <xsd:documentation>The access value describes the Microsoft Access database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="db2">
+ <xsd:annotation>
+ <xsd:documentation>The db2 value describes the IBM DB2 database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="cache">
+ <xsd:annotation>
+ <xsd:documentation>The cache value describes the InterSystems Cache database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="firebird">
+ <xsd:annotation>
+ <xsd:documentation>The firebird value describes the Firebird database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="firstsql">
+ <xsd:annotation>
+ <xsd:documentation>The firstsql value describes the FirstSQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="foxpro">
+ <xsd:annotation>
+ <xsd:documentation>The foxpro value describes the Microsoft FoxPro database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="informix">
+ <xsd:annotation>
+ <xsd:documentation>The informix value describes the IBM Informix database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="ingres">
+ <xsd:annotation>
+ <xsd:documentation>The ingres value describes the Ingres database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="interbase">
+ <xsd:annotation>
+ <xsd:documentation>The interbase value describes the Embarcadero Technologies InterBase database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="lightbase">
+ <xsd:annotation>
+ <xsd:documentation>The lightbase value describes the Light Infocon LightBase database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="maxdb">
+ <xsd:annotation>
+ <xsd:documentation>The maxdb value describes the SAP MaxDB database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="monetdb">
+ <xsd:annotation>
+ <xsd:documentation>The monetdb value describes the MonetDB SQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="mimer">
+ <xsd:annotation>
+ <xsd:documentation>The mimer value describes the Mimer SQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="mysql">
+ <xsd:annotation>
+ <xsd:documentation>The mysql value describes the MySQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="oracle">
+ <xsd:annotation>
+ <xsd:documentation>The oracle value describes the Oracle database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="paradox">
+ <xsd:annotation>
+ <xsd:documentation>The paradox value describes the Paradox database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="pervasive">
+ <xsd:annotation>
+ <xsd:documentation>The pervasive value describes the Pervasive PSQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="postgre">
+ <xsd:annotation>
+ <xsd:documentation>The postgre value describes the PostgreSQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="sqlbase">
+ <xsd:annotation>
+ <xsd:documentation>The sqlbase value describes the Unify SQLBase database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="sqlite">
+ <xsd:annotation>
+ <xsd:documentation>The sqlite value describes the SQLite database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="sqlserver">
+ <xsd:annotation>
+ <xsd:documentation>The sqlserver value describes the Microsoft SQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="sybase">
+ <xsd:annotation>
+ <xsd:documentation>The sybase value describes the Sybase database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="">
+ <xsd:annotation>
+ <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="EntityStateEngineType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityStateEngineType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a valid database engine. The empty string is also allowed to support empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityStateStringType">
+ <xsd:enumeration value="access">
+ <xsd:annotation>
+ <xsd:documentation>The access value describes the Microsoft Access database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="db2">
+ <xsd:annotation>
+ <xsd:documentation>The db2 value describes the IBM DB2 database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="cache">
+ <xsd:annotation>
+ <xsd:documentation>The cache value describes the InterSystems Cache database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="firebird">
+ <xsd:annotation>
+ <xsd:documentation>The firebird value describes the Firebird database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="firstsql">
+ <xsd:annotation>
+ <xsd:documentation>The firstsql value describes the FirstSQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="foxpro">
+ <xsd:annotation>
+ <xsd:documentation>The foxpro value describes the Microsoft FoxPro database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="informix">
+ <xsd:annotation>
+ <xsd:documentation>The informix value describes the IBM Informix database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="ingres">
+ <xsd:annotation>
+ <xsd:documentation>The ingres value describes the Ingres database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="interbase">
+ <xsd:annotation>
+ <xsd:documentation>The interbase value describes the Embarcadero Technologies InterBase database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="lightbase">
+ <xsd:annotation>
+ <xsd:documentation>The lightbase value describes the Light Infocon LightBase database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="maxdb">
+ <xsd:annotation>
+ <xsd:documentation>The maxdb value describes the SAP MaxDB database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="monetdb">
+ <xsd:annotation>
+ <xsd:documentation>The monetdb value describes the MonetDB SQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="mimer">
+ <xsd:annotation>
+ <xsd:documentation>The mimer value describes the Mimer SQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="oracle">
+ <xsd:annotation>
+ <xsd:documentation>The oracle value describes the Oracle database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="paradox">
+ <xsd:annotation>
+ <xsd:documentation>The paradox value describes the Paradox database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="pervasive">
+ <xsd:annotation>
+ <xsd:documentation>The pervasive value describes the Pervasive PSQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="postgre">
+ <xsd:annotation>
+ <xsd:documentation>The postgre value describes the PostgreSQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="sqlbase">
+ <xsd:annotation>
+ <xsd:documentation>The sqlbase value describes the Unify SQLBase database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="sqlite">
+ <xsd:annotation>
+ <xsd:documentation>The sqlite value describes the SQLite database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="sqlserver">
+ <xsd:annotation>
+ <xsd:documentation>The sqlserver value describes the Microsoft SQL database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="sybase">
+ <xsd:annotation>
+ <xsd:documentation>The sybase value describes the Sybase database engine.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="">
+ <xsd:annotation>
+ <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="EntityStateFamilyType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityStateFamilyType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a high-level family of system operating system. The empty string is also allowed to support empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityStateStringType">
+ <xsd:enumeration value="catos">
+ <xsd:annotation>
+ <xsd:documentation>The catos value describes the Cisco CatOS operating system.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="ios">
+ <xsd:annotation>
+ <xsd:documentation>The ios value describes the Cisco IOS operating system.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="macos">
+ <xsd:annotation>
+ <xsd:documentation>The macos value describes the Mac operating system.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="pixos">
+ <xsd:annotation>
+ <xsd:documentation>The pixos value describes the Cisco PIX operating system.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="undefined">
+ <xsd:annotation>
+ <xsd:documentation>The undefined value is to be used when the desired family is not available.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="unix">
+ <xsd:annotation>
+ <xsd:documentation>The unix value describes the UNIX operating system.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="vmware_infrastructure">
+ <xsd:annotation>
+ <xsd:documentation>The vmware_infrastructure value describes VMWare Infrastructure.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="windows">
+ <xsd:annotation>
+ <xsd:documentation>The windows value describes the Microsoft Windows operating system.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="">
+ <xsd:annotation>
+ <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="EntityObjectHashTypeType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityObjectHashTypeType complex type restricts a string value to a specific set of values that specify the different hash algorithms that are supported. The empty string is also allowed to support empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityObjectStringType">
+ <xsd:enumeration value="MD5">
+ <xsd:annotation>
+ <xsd:documentation>The MD5 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-1">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-1 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-224">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-224 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-256">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-256 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-384">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-384 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-512">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-512 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="">
+ <xsd:annotation>
+ <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="EntityStateHashTypeType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityStateHashTypeType complex type restricts a string value to a specific set of values that specify the different hash algorithms that are supported. The empty string is also allowed to support empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityStateStringType">
+ <xsd:enumeration value="MD5">
+ <xsd:annotation>
+ <xsd:documentation>The MD5 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-1">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-1 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-224">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-224 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-256">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-256 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-384">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-384 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="SHA-512">
+ <xsd:annotation>
+ <xsd:documentation>The SHA-512 hash algorithm.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="">
+ <xsd:annotation>
+ <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="EntityObjectVariableRefType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityObjectVariableRefType complex type defines a string object entity that has a valid OVAL variable id as the value. The empty string is also allowed to support empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityObjectStringType">
+ <xsd:pattern value="(oval:[A-Za-z0-9_\-\.]+:var:[1-9][0-9]*){0,}"/>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="EntityStateVariableRefType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityStateVariableRefType complex type defines a string state entity that has a valid OVAL variable id as the value. The empty string is also allowed to support empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityStateStringType">
+ <xsd:pattern value="(oval:[A-Za-z0-9_\-\.]+:var:[1-9][0-9]*){0,}"/>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="EntityStateLdaptypeType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityStateLdaptypeType complex type restricts a string value to a specific set of values that specify the different types of information that an ldap attribute can represent. The empty string is also allowed to support empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityStateStringType">
+ <xsd:enumeration value="LDAPTYPE_ATTRIBUTE_TYPE_DESCRIP_STRING">
+ <xsd:annotation>
+ <xsd:documentation>The data type is the attribute type description.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_DN_STRING">
+ <xsd:annotation>
+ <xsd:documentation>The string is of Distinguished Name (path) of a directory service object.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_BIT_STRING">
+ <xsd:annotation>
+ <xsd:documentation>The bit string type.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_PRINTABLE_STRING">
+ <xsd:annotation>
+ <xsd:documentation>The string is displayable on screen or in print.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_NUMERIC_STRING">
+ <xsd:annotation>
+ <xsd:documentation>The string is of a numeral to be interpreted as text.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_BOOLEAN">
+ <xsd:annotation>
+ <xsd:documentation>The data is of a Boolean value.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_INTEGER">
+ <xsd:annotation>
+ <xsd:documentation>The data is of an integer value.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_UTC_TIME">
+ <xsd:annotation>
+ <xsd:documentation>The data is of the universal time as expressed in Universal Time Coordinate (UTC).</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_GENERALIZED_TIME">
+ <xsd:annotation>
+ <xsd:documentation>The data is of generalized time.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_DIRECTORY_STRING">
+ <xsd:annotation>
+ <xsd:documentation>The directory string.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_OBJECT_CLASS_DESCRIP_STRING">
+ <xsd:annotation>
+ <xsd:documentation>The object class description type.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_BINARY">
+ <xsd:annotation>
+ <xsd:documentation>The data is binary.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_TIMESTAMP">
+ <xsd:annotation>
+ <xsd:documentation>The data is of a time stamp in seconds.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.7</oval:version>
+ <oval:reason>This value was accidently carried over from the win-def:EntityStateAdstypeType as it was used as a template for the ind-def:EntityStateLdaptypeType.</oval:reason>
+ <oval:comment>This value has been deprecated and will be removed in version 6.0 of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_ldaptype_timestamp_value_dep">
+ <sch:rule context="oval-def:oval_definitions/oval-def:states/ind-def:ldap_state/ind-def:ldaptype|oval-def:oval_definitions/oval-def:states/ind-def:ldap57_state/ind-def:ldaptype">
+ <sch:report test=".='LDAPTYPE_TIMESTAMP'">
+ DEPRECATED ELEMENT VALUE IN: ldap_state ELEMENT VALUE: <sch:value-of select="."/>
+ </sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="LDAPTYPE_EMAIL">
+ <xsd:annotation>
+ <xsd:documentation>The data is of an e-mail message.</xsd:documentation>
+ <xsd:appinfo>
+ <oval:deprecated_info>
+ <oval:version>5.7</oval:version>
+ <oval:reason>This value was accidently carried over from the win-def:EntityStateAdstypeType as it was used as a template for the ind-def:EntityStateLdaptypeType.</oval:reason>
+ <oval:comment>This value has been deprecated and will be removed in version 6.0 of the language.</oval:comment>
+ </oval:deprecated_info>
+ <sch:pattern id="ind-def_ldaptype_email_value_dep">
+ <sch:rule context="oval-def:oval_definitions/oval-def:states/ind-def:ldap_state/ind-def:ldaptype|oval-def:oval_definitions/oval-def:states/ind-def:ldap57_state/ind-def:ldaptype">
+ <sch:report test=".='LDAPTYPE_EMAIL'">
+ DEPRECATED ELEMENT VALUE IN: ldap_state ELEMENT VALUE: <sch:value-of select="."/>
+ </sch:report>
+ </sch:rule>
+ </sch:pattern>
+ </xsd:appinfo>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="">
+ <xsd:annotation>
+ <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="EntityStateWindowsViewType">
+ <xsd:annotation>
+ <xsd:documentation>The EntityStateWindowsViewType restricts a string value to a specific set of values: 32-bit and 64-bit. These values describe the different values possible for the windows view behavior.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:restriction base="oval-def:EntityStateStringType">
+ <xsd:enumeration value="32_bit">
+ <xsd:annotation>
+ <xsd:documentation>Indicates the 32_bit windows view.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="64_bit">
+ <xsd:annotation>
+ <xsd:documentation>Indicates the 64_bit windows view.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ <xsd:enumeration value="">
+ <xsd:annotation>
+ <xsd:documentation>The empty string value is permitted here to allow for empty elements associated with variable references.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:enumeration>
+ </xsd:restriction>
+ </xsd:simpleContent>
+ </xsd:complexType>
+</xsd:schema>