diff --git a/.classpath b/.classpath
new file mode 100644
index 0000000..91290ba
--- /dev/null
+++ b/.classpath
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/.project b/.project
new file mode 100644
index 0000000..0eb71f2
--- /dev/null
+++ b/.project
@@ -0,0 +1,29 @@
+
+
+ content
+
+
+
+
+
+ org.eclipse.jdt.core.javabuilder
+
+
+
+
+ org.maven.ide.eclipse.maven2Builder
+
+
+
+
+ org.eclipse.iam.jdt.core.mavenIncrementalBuilder
+
+
+
+
+
+ org.maven.ide.eclipse.maven2Nature
+ org.eclipse.iam.jdt.core.mavenNature
+ org.eclipse.jdt.core.javanature
+
+
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 0000000..ca9520f
--- /dev/null
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+#Mon Jan 10 09:33:39 EST 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.source=1.6
diff --git a/.settings/org.maven.ide.eclipse.prefs b/.settings/org.maven.ide.eclipse.prefs
new file mode 100644
index 0000000..67118f0
--- /dev/null
+++ b/.settings/org.maven.ide.eclipse.prefs
@@ -0,0 +1,9 @@
+#Mon Jan 10 09:29:57 EST 2011
+activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=process-test-resources
+includeModules=false
+resolveWorkspaceProjects=true
+resourceFilterGoals=process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
diff --git a/content-annotations/.classpath b/content-annotations/.classpath
new file mode 100644
index 0000000..3d090fe
--- /dev/null
+++ b/content-annotations/.classpath
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/content-annotations/.project b/content-annotations/.project
new file mode 100644
index 0000000..ec8fe2c
--- /dev/null
+++ b/content-annotations/.project
@@ -0,0 +1,29 @@
+
+
+ content-annotations
+
+
+
+
+
+ org.eclipse.jdt.core.javabuilder
+
+
+
+
+ org.eclipse.iam.jdt.core.mavenIncrementalBuilder
+
+
+
+
+ org.maven.ide.eclipse.maven2Builder
+
+
+
+
+
+ org.maven.ide.eclipse.maven2Nature
+ org.eclipse.iam.jdt.core.mavenNature
+ org.eclipse.jdt.core.javanature
+
+
diff --git a/content-annotations/.settings/org.eclipse.jdt.core.prefs b/content-annotations/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 0000000..5a69dd1
--- /dev/null
+++ b/content-annotations/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,6 @@
+#Mon Jan 10 09:42:46 EST 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.6
diff --git a/content-annotations/.settings/org.maven.ide.eclipse.prefs b/content-annotations/.settings/org.maven.ide.eclipse.prefs
new file mode 100644
index 0000000..e172c52
--- /dev/null
+++ b/content-annotations/.settings/org.maven.ide.eclipse.prefs
@@ -0,0 +1,8 @@
+#Mon Feb 07 22:59:07 EST 2011
+activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=process-test-resources
+resolveWorkspaceProjects=true
+resourceFilterGoals=process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
diff --git a/content-annotations/pom.xml b/content-annotations/pom.xml
new file mode 100644
index 0000000..b4307c1
--- /dev/null
+++ b/content-annotations/pom.xml
@@ -0,0 +1,29 @@
+
+ 4.0.0
+
+
+ scap-content
+ content
+ 1.0-SNAPSHOT
+
+
+ content-annotations
+ jar
+ content-annotations
+ http://maven.apache.org
+
+
+ UTF-8
+
+
+
+
+ junit
+ junit
+ jar
+ test
+ false
+
+
+
diff --git a/content-annotations/src/main/java/org/scapdev/content/annotation/DocumentModelType.java b/content-annotations/src/main/java/org/scapdev/content/annotation/DocumentModelType.java
new file mode 100644
index 0000000..5348463
--- /dev/null
+++ b/content-annotations/src/main/java/org/scapdev/content/annotation/DocumentModelType.java
@@ -0,0 +1,32 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.annotation;
+
+
+public enum DocumentModelType {
+ /** An anonymous document that can be generated */
+ GENERATED,
+ /** An identifiable document */
+ ENTITY;
+}
diff --git a/content-annotations/src/main/java/org/scapdev/content/annotation/Entity.java b/content-annotations/src/main/java/org/scapdev/content/annotation/Entity.java
new file mode 100644
index 0000000..2412429
--- /dev/null
+++ b/content-annotations/src/main/java/org/scapdev/content/annotation/Entity.java
@@ -0,0 +1,37 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.annotation;
+
+import static java.lang.annotation.ElementType.TYPE;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({TYPE})
+public @interface Entity {
+ String id();
+ String keyId();
+}
diff --git a/content-annotations/src/main/java/org/scapdev/content/annotation/EntityContainer.java b/content-annotations/src/main/java/org/scapdev/content/annotation/EntityContainer.java
new file mode 100644
index 0000000..0159e07
--- /dev/null
+++ b/content-annotations/src/main/java/org/scapdev/content/annotation/EntityContainer.java
@@ -0,0 +1,36 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.FIELD})
+public @interface EntityContainer {
+ String id();
+ String[] entityIds();
+}
diff --git a/content-annotations/src/main/java/org/scapdev/content/annotation/Field.java b/content-annotations/src/main/java/org/scapdev/content/annotation/Field.java
new file mode 100644
index 0000000..6fbb613
--- /dev/null
+++ b/content-annotations/src/main/java/org/scapdev/content/annotation/Field.java
@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.FIELD})
+public @interface Field {
+ String id();
+}
diff --git a/content-annotations/src/main/java/org/scapdev/content/annotation/FieldRef.java b/content-annotations/src/main/java/org/scapdev/content/annotation/FieldRef.java
new file mode 100644
index 0000000..416ab74
--- /dev/null
+++ b/content-annotations/src/main/java/org/scapdev/content/annotation/FieldRef.java
@@ -0,0 +1,36 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.annotation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.FIELD})
+public @interface FieldRef {
+ String id();
+ String idRef();
+}
diff --git a/content-annotations/src/main/java/org/scapdev/content/annotation/Key.java b/content-annotations/src/main/java/org/scapdev/content/annotation/Key.java
new file mode 100644
index 0000000..cbedc6a
--- /dev/null
+++ b/content-annotations/src/main/java/org/scapdev/content/annotation/Key.java
@@ -0,0 +1,37 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.annotation;
+
+import static java.lang.annotation.ElementType.TYPE;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({TYPE})
+public @interface Key {
+ String id();
+ String[] keyIds() default {};
+}
diff --git a/content-annotations/src/main/java/org/scapdev/content/annotation/KeyRef.java b/content-annotations/src/main/java/org/scapdev/content/annotation/KeyRef.java
new file mode 100644
index 0000000..0f1aa9c
--- /dev/null
+++ b/content-annotations/src/main/java/org/scapdev/content/annotation/KeyRef.java
@@ -0,0 +1,38 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.annotation;
+
+import static java.lang.annotation.ElementType.TYPE;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({TYPE})
+public @interface KeyRef {
+ String id();
+ String keyId();
+ String[] fieldIds();
+}
diff --git a/content-annotations/src/main/java/org/scapdev/content/annotation/SchemaDocument.java b/content-annotations/src/main/java/org/scapdev/content/annotation/SchemaDocument.java
new file mode 100644
index 0000000..ac6c22b
--- /dev/null
+++ b/content-annotations/src/main/java/org/scapdev/content/annotation/SchemaDocument.java
@@ -0,0 +1,38 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.annotation;
+
+import static java.lang.annotation.ElementType.TYPE;
+
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({TYPE})
+public @interface SchemaDocument {
+ String id();
+ DocumentModelType type();
+}
diff --git a/content-meta-model/.classpath b/content-meta-model/.classpath
new file mode 100644
index 0000000..c4e8fb0
--- /dev/null
+++ b/content-meta-model/.classpath
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/.project b/content-meta-model/.project
new file mode 100644
index 0000000..3fa9160
--- /dev/null
+++ b/content-meta-model/.project
@@ -0,0 +1,30 @@
+
+
+ content-meta-model
+
+
+
+
+
+ org.eclipse.jdt.core.javabuilder
+
+
+
+
+ com.oxygenxml.editor.xmlbuilder
+
+
+
+
+ org.maven.ide.eclipse.maven2Builder
+
+
+
+
+
+ org.maven.ide.eclipse.maven2Nature
+ com.oxygenxml.editor.xmlnature
+ org.eclipse.iam.jdt.core.mavenNature
+ org.eclipse.jdt.core.javanature
+
+
diff --git a/content-meta-model/.settings/org.eclipse.jdt.core.prefs b/content-meta-model/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 0000000..d43ba37
--- /dev/null
+++ b/content-meta-model/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,6 @@
+#Mon Jan 10 09:43:09 EST 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.6
diff --git a/content-meta-model/.settings/org.maven.ide.eclipse.prefs b/content-meta-model/.settings/org.maven.ide.eclipse.prefs
new file mode 100644
index 0000000..31377b1
--- /dev/null
+++ b/content-meta-model/.settings/org.maven.ide.eclipse.prefs
@@ -0,0 +1,8 @@
+#Mon Jan 10 10:41:00 EST 2011
+activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=generate-sources process-test-resources
+resolveWorkspaceProjects=true
+resourceFilterGoals=generate-sources process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
diff --git a/content-meta-model/pom.xml b/content-meta-model/pom.xml
new file mode 100644
index 0000000..ec07276
--- /dev/null
+++ b/content-meta-model/pom.xml
@@ -0,0 +1,267 @@
+
+
+ 4.0.0
+
+
+ scap-content
+ content
+ 1.0-SNAPSHOT
+
+
+ content-meta-model
+ jar
+ content-meta-model
+ http://maven.apache.org
+
+
+
+ scap-content
+ content-annotations
+ 1.0-SNAPSHOT
+
+
+
+ junit
+ junit
+ test
+
+
+
+ javax.xml.bind
+ jaxb-api
+
+
+ com.sun.xml.bind
+ jaxb-impl
+
+
+
+
+
+
+ target/generated-sources/xjc
+
+ **/jaxb.index
+
+
+
+ target/generated-sources/apt
+
+ **/jaxb-manifest
+
+
+
+ src/main/xml
+ META-INF/metamodels
+
+ *-metamodel.xml
+ manifest
+
+
+
+
+
+ org.codehaus.mojo
+ xml-maven-plugin
+
+
+ initialize
+
+ transform
+
+
+
+
+
+
+ src/main/xml
+
+ *-metamodel.xml
+
+ src/main/xml/jaxb-binding.xsl
+ ${project.build.directory}/generated-resources/binding
+
+
+ .xjb
+
+
+
+
+
+
+
+ net.sf.saxon
+ saxon
+ 8.7
+
+
+
+
+ maven-resources-plugin
+ 2.4.3
+
+
+ copy-resources
+ initialize
+
+ copy-resources
+
+
+ ${basedir}/target/generated-resources/binding
+
+
+ src/main/xsd
+ false
+
+ *.xjb
+
+
+
+
+
+
+
+
+ org.jvnet.jaxb2.maven2
+ maven-jaxb2-plugin
+
+
+
+ generate
+
+
+
+
+ true
+
+ -Xannotate
+ -Xjaxbindex
+
+ src/main/xsd
+
+ */*.xsd
+ *.xsd
+
+ ${project.build.directory}/generated-resources/binding
+
+ *.xjb
+
+ false
+
+
+ org.jvnet.jaxb2_commons
+ jaxb2-basics-annotate
+ 0.6.0
+
+
+ org.jvnet.jaxb2_commons
+ jaxb2-basics
+ 0.6.0
+
+
+
+
+
+ scap-content
+ content-annotations
+ 1.0-SNAPSHOT
+
+
+ commons-logging
+ commons-logging
+ 1.1.1
+ jar
+ false
+
+
+
+
+
+ org.codehaus.mojo
+ apt-maven-plugin
+
+ net.sf.jelly.apt.freemarker.FreemarkerProcessorFactory
+ true
+
+
+
+
+ process
+
+
+
+ template=${basedir}/src/main/freemarker/jaxb-manifest.fmt
+
+
+
+ ${project.build.directory}/generated-sources/xjc
+
+
+
+
+
+
+
+ net.sf.apt-jelly
+ apt-jelly
+ 2.3
+
+
+ org.freemarker
+ freemarker
+ 2.3.12
+
+
+ com.sun
+ tools
+ 1.6.0_06
+ system
+ ${java.home}/../lib/tools.jar
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+
+ true
+
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-javadoc-plugin
+
+ true
+
+
+
+
+
diff --git a/content-meta-model/src/main/freemarker/jaxb-index.fmt b/content-meta-model/src/main/freemarker/jaxb-index.fmt
new file mode 100644
index 0000000..b18ce98
--- /dev/null
+++ b/content-meta-model/src/main/freemarker/jaxb-index.fmt
@@ -0,0 +1,15 @@
+<@forAllPackages var="package">
+ <#assign printpackage=false>
+ <#list package.classes as class>
+ <@ifHasAnnotation declaration=class annotation="javax.xml.bind.annotation.XmlRootElement">
+ <#assign printpackage=true>
+
+
+ <#if printpackage>
+ <@file package="${package.qualifiedName}" name="jaxb.index">
+ <@forAllTypes var="type" annotation="javax.xml.bind.annotation.XmlRootElement">
+ ${type.simpleName}
+
+
+
+
\ No newline at end of file
diff --git a/content-meta-model/src/main/freemarker/jaxb-manifest.fmt b/content-meta-model/src/main/freemarker/jaxb-manifest.fmt
new file mode 100644
index 0000000..f5543fa
--- /dev/null
+++ b/content-meta-model/src/main/freemarker/jaxb-manifest.fmt
@@ -0,0 +1,7 @@
+<@file name="META-INF/jaxb-manifest">
+ <@forAllPackages var="package">
+ <@ifHasAnnotation declaration=package annotation="javax.xml.bind.annotation.XmlSchema">
+${package.qualifiedName}
+
+
+
\ No newline at end of file
diff --git a/content-meta-model/src/main/xml/jaxb-binding.xsl b/content-meta-model/src/main/xml/jaxb-binding.xsl
new file mode 100644
index 0000000..eea31d4
--- /dev/null
+++ b/content-meta-model/src/main/xml/jaxb-binding.xsl
@@ -0,0 +1,181 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+ == Documents ==
+
+
+
+ == Document Containers ==
+
+
+
+ == Entities ==
+
+ == Relationships ==
+
+
+
+
+
+ document
+
+
+
+
+
+
+
+
+ unset
+ generated-document-model {@document-id}
+
+
+
+
+
+
+
+ document
+
+
+
+
+
+
+ unset
+ entity-container
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ,
+
+
+
+
+
+
+
+
+ entity
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ,
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ local-relationship
+
+
+
+
+
+
+
+
+
+
+
+
+ ,
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xml/manifest b/content-meta-model/src/main/xml/manifest
new file mode 100644
index 0000000..56aa507
--- /dev/null
+++ b/content-meta-model/src/main/xml/manifest
@@ -0,0 +1 @@
+oval-5.8-metamodel.xml
diff --git a/content-meta-model/src/main/xml/oval-5.8-metamodel.xml b/content-meta-model/src/main/xml/oval-5.8-metamodel.xml
new file mode 100644
index 0000000..8c1dc83
--- /dev/null
+++ b/content-meta-model/src/main/xml/oval-5.8-metamodel.xml
@@ -0,0 +1,211 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/MetaModel.xsd b/content-meta-model/src/main/xsd/MetaModel.xsd
new file mode 100644
index 0000000..7ace64e
--- /dev/null
+++ b/content-meta-model/src/main/xsd/MetaModel.xsd
@@ -0,0 +1,464 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/catalog.xml b/content-meta-model/src/main/xsd/catalog.xml
new file mode 100644
index 0000000..47b4018
--- /dev/null
+++ b/content-meta-model/src/main/xsd/catalog.xml
@@ -0,0 +1,33 @@
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/metamodel.xjb b/content-meta-model/src/main/xsd/metamodel.xjb
new file mode 100644
index 0000000..6f303ee
--- /dev/null
+++ b/content-meta-model/src/main/xsd/metamodel.xjb
@@ -0,0 +1,39 @@
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/content-meta-model/src/main/xsd/oval-5.8.xjb b/content-meta-model/src/main/xsd/oval-5.8.xjb
new file mode 100644
index 0000000..773ff7f
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8.xjb
@@ -0,0 +1,170 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/content-meta-model/src/main/xsd/oval-5.8/aix-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/aix-definitions-schema.xsd
new file mode 100644
index 0000000..494eb96
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/aix-definitions-schema.xsd
@@ -0,0 +1,566 @@
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the AIX specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ This schema was originally developed by Yuzheng Zhou and Todd Dolinsky at Hewlett-Packard. The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ AIX Definition
+ 5.8
+ 9/15/2010 1:55:31 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The intirm fix test is used to check information associated with different interim or emergency fixes installed on the system. The information being tested is based off the emgr -l -u VUID command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an interim_fix_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ interim_fix_test
+ interim_fix_object
+ interim_fix_state
+ interim_fix_item
+
+
+
+
+
+ - the object child element of a must reference a interim_fix_object
+
+
+ - the state child element of a must reference a interim_fix_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The interim_fix_object element is used by a interim_fix_test to define the specific fix to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An interim_fix_object consists of a single vuid entity that identifies the fix to be used.
+
+
+
+
+
+
+
+
+
+
+ Virtually Unique ID. A combination of time and cpuid, this ID can be used to differentiate fixes that are otherwise identical.
+
+
+
+
+
+
+
+
+
+
+
+
+ The interim_fix_state element defines the different information associated with a specific interim fix installed on the system. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ Virtually Unique ID. A combination of time and cpuid, this ID can be used to differentiate fixes that are otherwise identical.
+
+
+
+
+ Each efix that is installed on a given system has a unique efix label.
+
+
+
+
+ Describes the efix package.
+
+
+
+
+ The the emergency fix state.
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileset_test is used to check information associated with different filesets installed on the system. The information used by this test is modeled after the /usr/bin/lslpp -l command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ fileset_test
+ fileset_object
+ fileset_state
+ fileset_item
+
+
+
+
+
+ - the object child element of a fileset_test must reference a fileset_object
+
+
+ - the state child element of a fileset_test must reference a fileset_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileset_object element is used by a fileset_test to define the fileset to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A fileset_object consists of a single flstinst entity that identifies the fileset to be used.
+
+
+
+
+
+
+
+
+
+
+ The flstinst entity represents the fileset name we want to check. For example, if we want to check the status of the fileset 'bos.rte', we can use fileset test and the flstinst entity will be 'bos.rte' or 'bot.*' or etc.
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileset_state element defines the different information associated with filesets installed on the system. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ Represents the name of a fileset.
+
+
+
+
+ Maintenance level (also known as version in Solaris or Linux) of a fileset. For example, "5.3.0.10" is the level for 'bos.txt.tfs' fileset in one AIX machine.
+
+
+
+
+ This gives the state of a fileset. The state can be 'APPLIED', 'APPLYING','BROKEN', 'COMMITTED', 'EFIX LOCKED', 'OBSOLETE', 'COMMITTING','REJECTING'. See the manpage of the 'lslpp' command more information.
+
+
+
+
+ Short description of a fileset.
+
+
+
+
+
+
+
+
+
+
+
+
+ The fix test is used to check information associated with different fixes installed on the system. The information being tested is based off the /usr/sbin/instfix -iavk command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an fix_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ fix_test
+ fix_object
+ fix_state
+ fix_item
+
+
+
+
+
+ - the object child element of a fix_test must reference a fix_object
+
+
+ - the state child element of a fix_test must reference a fix_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The fix_object element is used by a fix test to define the specific fix to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A fix object consists of a single apar_number entity that identifies the fix to be used.
+
+
+
+
+
+
+
+
+
+
+ APAR is the short for 'Authorized Program Analysis Report'. APAR identifies and describes a software product defect. An APAR number can obtain a PTF (Program Temporary Fix) for the defect, if a PTF is available. An example of an apar_number is 'IY78751', it includes two alphabetic characters and a 5-digit integer.
+
+
+
+
+
+
+
+
+
+
+
+
+ The fix_state element defines the different information associated with a specific fix installed on the system. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ APAR is the short for 'Authorized Program Analysis Report'. APAR identifies and describes a software product defect. An APAR number can obtain a PTF (Program Temporary Fix) for the defect, if a PTF is available. An example of an apar_number is 'IY78751', it includes two alphabetic characters and a 5-digit integer.
+
+
+
+
+ The abstract of an APAR. For instance, 'LL syas rXct are available even when not susea' is the abstract of APAR 'IY78751'.
+
+
+
+
+ The symptom text related to an APAR. For example, the symptom text for 'IY75211' is 'Daylight savings change for year 2007 and beyond'.
+
+
+
+
+ The installation status of files associated with the APAR. This cannot be got from the output of the instfix command directly. The last line of the output is 'All filesets for XXXXXXX were found', or 'Not all filesets for XXXXXXX were found' or 'No filesets which have fixes for XXXXXXX are currently installed.'. These can be translated to the correct value as defined by the EntityStateFixInstallationStatusType.
+
+
+
+
+
+
+
+
+
+
+
+
+ The no test is used to check information related to the /usr/sbin/no command and the parameters it manages. The no command sets or displays current or next boot values for network tuning parameters. The information being tested is based off the /usr/sbin/no -o command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a no_object and the optional state element specifies the value to check for. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+
+ - the object child element of a must reference a no_object
+
+
+ - the state child element of a must reference a no_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The no_object element is used by a no_test to define the specific parameter to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A no_object consists of a single tunable entity that identifies the parameter to be looked at.
+
+
+
+
+
+
+
+
+
+
+ The tunable entity holds the name of the tunable parameter to be queried by the /usr/sbin/no command. Examples include ip_forwarding and tcp_keepalive_interval.
+
+
+
+
+
+
+
+
+
+
+
+
+ The no_state element defines the different information associated with a specific call to /usr/sbin/no. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The tunable entity is used to check the name of the tunable parameter that was used by the /usr/sbin/no command. Examples include ip_forwarding and tcp_keepalive_interval.
+
+
+
+
+ The value entity defines the value to check against the tunable parameter being examined.
+
+
+
+
+
+
+
+
+
+
+
+
+ The oslevel test reveals information about the release and maintenance level of AIX operating system. This information can be retrieved by the /usr/bin/oslevel -r command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an oslevel_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+
+ - the object child element of a oslevel_test must reference a oslevel_object
+
+
+ - the state child element of a oslevel_test must reference a oslevel_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The oslevel_object element is used by an oslevel test to define those objects to be evaluated based on a specified state. There is actually only one object relating to oslevel and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check oslevel will reference the same oslevel_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The oslevel_state element defines the information about maintenance level (system version). Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the maintenance level (system version) of current AIX operating system.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateFilesetStateType complex type defines the different values that are valid for the state entity of a fileset state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the state entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The specified fileset is installed on the system. The APPLIED state means that the fileset can be rejected with the installp command and the previous level of the fileset restored. This state is only valid for Version 4 fileset updates and 3.2 migrated filesets.
+
+
+
+
+ An attempt was made to apply the specified fileset, but it did not complete successfully, and cleanup was not performed.
+
+
+
+
+ The specified fileset or fileset update is broken and should be reinstalled before being used.
+
+
+
+
+ The specified fileset is installed on the system. The COMMITTED state means that a commitment has been made to this level of the software. A committed fileset update cannot be rejected, but a committed fileset base level and its updates (regardless of state) can be removed or deinstalled by the installp command.
+
+
+
+
+ An attempt was made to commit the specified fileset, but it did not complete successfully, and cleanup was not performed.
+
+
+
+
+ The specified fileset was installed sucessfully and locked by the interim fix (interim fix) manager.
+
+
+
+
+ The specified fileset was installed with an earlier version of the operating system but has been replaced by a repackaged (renamed) newer version. Some of the files that belonged to this fileset have been replaced by versions from the repackaged fileset.
+
+
+
+
+ An attempt was made to reject the specified fileset, but it did not complete successfully, and cleanup was not performed.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateFixInstallationStatusType complex type defines the different values that are valid for the installation_status entity of a fix_state state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the installation_status entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ All filesets for XXXXXXX were found
+
+
+
+
+ Not all filesets for XXXXXXX were found
+
+
+
+
+ No filesets which have fixes for XXXXXXX are currently installed.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateInterimFixStateType complex type defines the different values that are valid for the state entity of a interim_fix_state state. Please refer to the AIX documentation of Emergency Fix States. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the state entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The efix was installed with a standard installation, and successfully completed the last installation operation.
+
+
+
+
+ The efix was installed with a mount installation operation, and successfully completed the last installation or mount operation.
+
+
+
+
+ The efix was installed with a mount installation operation and one or more efix files were unmounted in a previous emgr command operation.
+
+
+
+
+ An unrecoverable error occurred during an installation or removal operation. The status of the efix is unreliable.
+
+
+
+
+ The efix is in the process of installing.
+
+
+
+
+ The efix was installed successfully and requires a reboot to fully integrate into the target system.
+
+
+
+
+ The efix is in the process of being removed.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/apache-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/apache-definitions-schema.xsd
new file mode 100644
index 0000000..a0825b9
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/apache-definitions-schema.xsd
@@ -0,0 +1,131 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the Apache specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Apache Definition
+ 5.8
+ 9/15/2010 1:55:32 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The httpd test is used to check the version of an installed httpd binary. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an httpd_test and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ httpd_test
+ httpd_object
+ httpd_state
+ httpd_item
+
+
+
+
+ 5.8
+ The httpd_test does not specify how to detect instances of httpd and cannot be reasonably specified to allow for products to detect all instances of httpd across platforms, packaging systems, and typical user compiled and configured installations. Without a proper definition of how to identify instances of httpd products will not reliably produce consistent assessment results because they will naturally utilize different approaches to locating instances of httpd which will lead to differences in the set of collected instances of https.
+ This test has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of a httpd_test must reference a httpd_object
+
+
+ - the state child element of a httpd_test must reference a httpd_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The httpd_object element is used by a httpd test to define the different httpd binary installed on a system. There is actually only one object relating to this and it is the collection of all httpd binaries. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same httpd_object which is basically an empty object element. A tool that implements the httpd_test and collects the httpd_object must know how to find all the httpd binaries on the system and verify that they are in fact httpd binaries.
+
+
+ 5.8
+ The httpd_object does not specify how to detect instances of httpd and cannot be reasonably specified to allow for products to detect all instances of httpd across platforms, packaging systems, and typical user compiled and configured installations. Without a proper definition of how to identify instances of httpd products will not reliably produce consistent assessment results because they will naturally utilize different approaches to locating instances of httpd which will lead to differences in the set of collected instances of https.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+ The httpd_state element defines information associated with a specific httpd binary.
+
+
+ 5.8
+ The httpd_state does not specify how to detect instances of httpd and cannot be reasonably specified to allow for products to detect all instances of httpd across platforms, packaging systems, and typical user compiled and configured installations. Without a proper definition of how to identify instances of httpd products will not reliably produce consistent assessment results because they will naturally utilize different approaches to locating instances of httpd which will lead to differences in the set of collected instances of https.
+ This state has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a httpd binary on the system.
+
+
+
+
+ The binary_name element specifies the name of the file. If the xsi:nil attribute is set to true, then the object being specified is the higher level path. In this case, the binary_name element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, says to collect every file under a given path.
+
+
+
+
+ The version entity is used to check the version of the httpd binary. The datatype for the version entity is 'version' which means the value should be a delimited set of numbers. It is obtained by running 'httpd -v'.
+
+
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/catos-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/catos-definitions-schema.xsd
new file mode 100644
index 0000000..e936fbe
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/catos-definitions-schema.xsd
@@ -0,0 +1,432 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the Cisco CatOS specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here
+ This schema was originally developed by Yuzheng Zhou and Eric Grey at Hewlett-Packard. The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ CatOS Definition
+ 5.8
+ 9/15/2010 1:55:33 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The line_test is used to check the properties of specific output lines from a SHOW command, such as show running-config. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a line_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ line_test
+ line_object
+ line_state
+ line_item
+
+
+
+
+
+ - the object child element of a line_test must reference a line_object
+
+
+ - the state child element of a line_test must reference a line_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The line_object element is used by a line_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A line_object consists of a show_subcommand entity that is the name of a SHOW sub-command to be tested.
+
+
+
+
+
+
+
+
+
+
+ The name of a SHOW sub-command.
+
+
+
+
+
+
+
+
+
+
+
+
+ The line_state element defines the different information that can be used to evaluate the result of a specific SHOW sub-command. This includes the name of ths sub-command and the corresponding config line. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The name of the SHOW sub-command.
+
+
+
+
+ The value returned from by the specified SHOW sub-command.
+
+
+
+
+
+
+
+
+
+
+
+
+ The module test reveals module information in Cisco Catalyst switches. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a module_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ The module_test is based off the SHOW MODULE command. Having a separate module_test, as opposed to a general command_test, enables running an evaluation based on OVAL without having interactive command access to the device.
+
+
+ module_test
+ module_object
+ module_state
+ module_item
+
+
+
+
+
+ - the object child element of a module_test must reference a module_object
+
+
+ - the state child element of a module_test must reference a module_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The module_object element is used by a module test to specify the module to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions schema.
+ A module object consists of a single module_number entity that identifies the module to be used.
+
+
+
+
+
+
+
+
+
+
+ A number that identifies the a specific module.
+
+
+
+
+
+
+
+
+
+
+
+
+ The module_state element defines the module information held within a Cisco Catalyst switch. The module_number, type, and model element specifies the number, type and model of the module respectively. The software_major_release, software_individual_release and software_version_id elements specify the software version information of the module. For instance, if the software version is 8.5(4c)GLX, then software_major_release is 8.5GLX, software_individual_release is 4 and software_version_id is c. Similarly, the hardware_major_release, hardware_individual_release, firmware_major_release and firmware_individual_release elements reveal the hardware and firmware version information of the module.
+
+
+
+
+
+
+
+ A number that identifies the a specific module.
+
+
+
+
+ The type of module.
+
+
+
+
+ The model of a module.
+
+
+
+
+ The major relase of the software of a module to check for.
+
+
+
+
+ The individual release of the software of the module to check for.
+
+
+
+
+ The vesion id of the software of a module to check for.
+
+
+
+
+ The hardware major release of a module to check for.
+
+
+
+
+ The hardware individual release of a module to check for.
+
+
+
+
+ The major release of the firmware of a module to check for.
+
+
+
+
+ The individual release of the firmware of a module to check for.
+
+
+
+
+
+
+
+
+
+
+
+
+ The version55_test is used to check the version of the Cisco CatOS operating system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ The required information of version55_test can be got via a SHOW VERSION command. The separated version55_test enables an evaluation based on OVAL without having interactive command access to the device.
+
+
+ version55_test
+ version55_object
+ version55_state
+ version_item
+
+
+
+
+
+ - the object child element of a version55_test must reference a version55_object
+
+
+ - the state child element of a version55_test must reference a version55_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version55_object element is used by a version55_test to define the different version information associated with a Cisco CatOS system. There is actually only one object relating to version and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version5_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The version55_state element defines the version information held within a Cisco CatOS software release. The switch_series element specifies the Catalyst switch series. The image_name element specifies the name of the CatOS image. The catos_release element specifies the software version information of the module.
+
+
+
+
+
+
+
+ The switch_series entity defines a target Catalyst switch series to check for. Each version of CatOS traditionally has target a specific Catalyst series of switches.
+
+
+
+
+ The image_name entity defines a name of a CatOS image to check for.
+
+
+
+
+ The catos_release entity defines a release version of CatOS to check for.
+
+
+
+
+
+
+
+
+
+
+
+
+ The version test is used to check the version of the Cisco CatOS operating system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ The required information of version_test can be got via a SHOW VERSION command. The separated version_test enables an evaluation based on OVAL without having interactive command access to the device.
+
+
+ version_test
+ version_object
+ version_state
+ version_item
+
+
+
+
+ 5.5
+ Replaced by the version55_test. Due to the fact it's not clear on how to separate the CatOS version, it was decided that the catos_major_release, catos_individual_release, and catos_version_id entities would be combined into a new single entity catos_release. A new test was created to reflect these changes. See the version55_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of a version_test must reference a version_object
+
+
+ - the state child element of a version_test must reference a version_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version_object element is used by a version test to define the different version information associated with a Cisco CatOS system. There is actually only one object relating to version and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version_object which is basically an empty object element.
+
+
+ 5.5
+ Replaced by the version55_object. Due to the fact it's not clear on how to separate the CatOS version, it was decided that the catos_major_release, catos_individual_release, and catos_version_id entities would be combined into a new single entity catos_release. A new object was created to reflect these changes. See the version55_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version_state element defines the version information held within a Cisco CatOS software release. The swtich_series element specifies the Catalyst switch series. The image_name element specifies the name of the CatOS image. The catos_major_release, catos_individual_release and catos_version_id elements specify the software version information of the module. For instance, if the CatOS version is 8.5(4c)GLX, then catos_major_release is 8.5GLX, catos_individual_release is 4 and catos_version_id is c.
+
+
+ 5.5
+ Replaced by the version55_state. Due to the fact it's not clear on how to separate the CatOS version, it was decided that the catos_major_release, catos_individual_release, and catos_version_id entities would be combined into a new single entity catos_release. A new state was created to reflect these changes. See the version55_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ A Catalyst switch series to check for.
+
+
+
+
+ The name of a CatOS image to check for.
+
+
+
+
+ The major release of CatOS to check for.
+
+
+
+
+ The individual release of CatOS to check for.
+
+
+
+
+ The version id of Cat OS to check for.
+
+
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/debian-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/debian-definitions-schema.xsd
new file mode 100644
index 0000000..97f1a2a
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/debian-definitions-schema.xsd
@@ -0,0 +1,22 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the Debian specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Debian Definition
+ 5.8
+ 9/15/2010 1:55:33 PM
+ Copyright (c) 2002-2008, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+ schematron validation of the Debian portion of an OVAL Definitions file
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/esx-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/esx-definitions-schema.xsd
new file mode 100644
index 0000000..00cced5
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/esx-definitions-schema.xsd
@@ -0,0 +1,531 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the VMware ESX server specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ This schema was originally developed by Yuzheng Zhou and Todd Dolinsky at Hewlett-Packard. The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ VMware ESX server Definition
+ 5.8
+ 9/15/2010 1:55:33 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The patch56_test reveals the installation status of a specific patch or patches in VMware ESX Server. This information can be retrieved by the "esxupdate query" command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a patch56_object and the optional state element referencing a patch56_state specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ Note that different from previous versions, ESX Server 3.0.3 and ESX Server 3.5 use the following patch naming convention: {ProductName}{VersionNumber}-{BundleID}-{Classification}{SupportLevel}. Please refer to http://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_esxupdate.pdf for more detailed information.
+
+
+ patch56_test
+ patch56_object
+ patch56_state
+ patch_item
+
+
+
+
+
+ - the object child element of a patch56_test must reference a patch56_object
+
+
+ - the state child element of a patch56_test must reference a patch56_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The patch56_object element is used by a patch56_test to define those objects to be evaluated against a specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A patch56_object consists of a single patch_name entity that identifies the patch to be checked.
+
+
+
+
+
+
+
+
+
+
+
+ The patch name entity indetifies a specific patch or set of patches to be checked on the system. For example: ESX-200603 or ESX350-200904401-BG. The value of this entity should correspond to the values returned under the "name" column of the "esxupdate query" command.
+
+
+
+
+
+
+
+
+
+
+
+
+ The patch56_state element defines the different information that can be used to evaluate the specified VMware ESX Serer patch. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The patch_name entity indetifies the name of a patch to test for. For example: ESX-200603 or ESX350-200904401-BG. The value of this entity should correspond to the values returned under the "name" column of the "esxupdate query" command.
+
+
+
+
+ The knowledge_base_id entity specifies a given knowledge base article identifier number. This entity is valid for ESX versions 3.0.2 and earlier. It is comprised of the numerical string at the end of the patch name. For example, the patch ESX-200603 would have a knowledge base identifier of 200603.
+
+
+
+
+ The bundle_id entity specifies a unique ID for the patch. This entity is valid for ESX version 3.0.3 and version 3.5 and is comprised of the year and month the bundle was released and a 3-digit unique ID. It is in the format YYYYMM###. For example, the first patch released in January 2008 might have a BundleID of 200801001.
+
+
+
+
+ The classification entity specifies the type of patch. It can be one of: B - bug, U - update, S - security, or R - roll-up. This entity is valid for ESX version 3.0.3 and later.
+
+
+
+
+ The support_level entity specifies a support level to test for. If can be one of: G - GA patch, H - hot patch, D - debugging patch, or C - custom patch. This entity is valid for ESX version 3.0.3 and later.
+
+
+
+
+ The status entity specifies an installation status of a patch to test for. A value of 'true' is used to signify that a given patch is intalled.
+
+
+
+
+
+
+
+
+
+ The Patch56Behaviors complex type defines a number of behaviors that allow a more detailed definition of the patch56_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ 'supersedence' specifies that the object should also match any superseding patches to the one being specified. In other words, if set to True the resulting object set would be the original patch specified plus any superseding patches. The default value is 'false' meaning the object should only match the specified patch.
+
+
+
+
+
+
+
+
+
+
+
+ The patch test reveals the installation status of a specific patch in the VMware ESX server. This information can be retrieved by the "esxupdate query | grep ESX-xxxxxxx" command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a patch_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ patch_test
+ patch_object
+ patch_state
+ patch_item
+
+
+
+
+ 5.6
+ Replaced by the patch56_test. The deprecated patch_test has a bug where the patch name entity is defined as a string in the object yet is defined as an int in the state. Additional state entities have also been added to the new patch56_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of a patch_test must reference a patch_object
+
+
+ - the state child element of a patch_test must reference a patch_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The patch_object element is used by a patch test to define those objects to be evaluated based on a specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A patch_object consists of a single patch_number entity that identifies the patch to be checked.
+
+
+ 5.6
+ Replaced by the patch56_object. The deprecated patch_test has a bug where the patch name entity is defined as a string in the object yet is defined as an int in the state. Additional state entities have also been added to the new patch56_test.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The patch_number entity identifies the patch to be checked. Many of the security bulletins for VMWARE ESX Server contain non-numerical characters in the patch number, therefore this entity has a datatype of string.
+
+
+
+
+
+
+
+
+
+
+
+ The patch_state element defines the information about a specific patch. The patch_number element identifies this patch, and the status element reveals the installation status of this patch in the VMware ESX server. For instance, after the "esxupdate query | grep ESX-2559638" command is run, the result is either a string similar to "ESX-2559638 15:27:17 04/05/07 Update info rpm for ESX 3.0.1." or empty.
+
+
+ 5.6
+ Replaced by the patch56_state. The deprecated patch_test has a bug where the patch name entity is defined as a string in the object yet is defined as an int in the state. Additional state entities have also been added to the new patch56_test.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ This is the patch number of a specific patch which will be checked in current VMware ESX server. Many of the security bulletins for VMWARE ESX Server contain non-numerical characters in the patch nubmer, therefore this entity has a datatype of string.
+
+
+
+
+ This is the installation status of a specific patch in current VMware ESX server.
+
+
+
+
+
+
+
+
+
+ The PatchBehaviors complex type defines a number of behaviors that allow a more detailed definition of the patch_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+ 5.6
+ Replaced by Patch56Behaviors. The deprecated patch_test has a bug where the patch name entity is defined as a string in the object yet is defined as an int in the state. Additional state entities have also been added to the new patch56_test.
+ These behaviors have been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+
+ 'supersedence' specifies that the object should also match any superseding patches to the one being specified. In other words, if set to True the resulting object set would be the original patch specified plus any superseding patches. The default value is 'false' meaning the object should only match the specified patch.
+
+
+
+
+
+
+
+
+
+
+
+ The version test reveals information about the release and build version of the VMware ESX server. This information can be retrieved by the "vmware -v" command or by checking the /proc/vmware/version file. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ version_test
+ version_object
+ version_state
+ version_item
+
+
+
+
+
+ - the object child element of a version_test must reference a version_object
+
+
+ - the state child element of a version_test must reference a version_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version_object element is used by a version test to define those objects to be evaluated based on a specified state. There is actually only one object relating to version and this is the ESX server as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The version_state element defines the information about the release and build version. The release and build elements specify the release and build information of the VMware ESX server respectively. For instance, if the output of "vmware -v" command is "VMware ESX Server 3.0.1 build-39823", then release is equal to "3.0.1" and build is equal to "39823".
+
+
+
+
+
+
+
+ This is the release version of current VMware ESX server.
+
+
+
+
+ This is the build version of current VMware ESX server.
+
+
+
+
+
+
+
+
+
+
+
+
+ The visdkmanagedobject_test is used to check information about Managed Objects in the VMware Infrastructure. This test extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a visdkmanagedobject _object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ This test has been introduced to enable standardized automated assessments of configuration settings in cloud computing components. All aspects of the VMware cloud can be considered in this test due to the VMware Infrastructure. Whether it is a Virutal Machine, a Host System, or even a Data Center, properties are defined in ways that can be enumerated in a common methodology. The VI SDK Programming Guide located at http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/sdk40programmingguide.pdf serves as a great resource. Chapter 3 discusses the Managed Entities enumerated in the behaviors.
+ There are several Managed Entities in the VMware Infrastructure which have been enumerated in ViSdkManagedEntityBehaviors to enable interpreters to execute efficient interrogations. This test is designed for an interpreter to access Managed Entity properties (settings) via the VI SDK webservice. An example use case is to interrogate all virtual machines to ensure that a particular security setting is enabled. Some properties serve to configure the Virtual Machine, while others can be used to identify. For example, sets and filters can be used to create a set of all Virtual Machines where bridged networking is employed, and then perform an OVAL state evaluation against each of those Virtual Machines. This concept applies to all properties across all Managed Entities. Use the ViSdkManagedEntityBehaviors to avoid enumerating all Managed Objects when only one type should be considered.
+
+
+ visdkmanagedobject_test
+ visdkmanagedobject_object
+ visdkmanagedobject_state
+ visdkmanagedobject_item
+
+
+
+
+
+ - the object child element of a visdkmanagedobject_test must reference a visdkmanagedobject_object
+
+
+ - the state child element of a visdkmanagedobject_test must reference a visdkmanagedobject_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The visdkmanagedobject_object element is used by the visdkmanagedobject_test to define those objects to be evaluated based on a specified state.
+
+
+
+
+
+
+
+
+
+
+
+ The property entity holds a string that represents the object path path and name of a particular setting for the Managed Entity. In the VMware Infrastructure SDK, property names are case-sensitive and thus case must be correct relative to the properties in the SDK. For example, a Virtual Machine might have ethernet0.connectionType of 'bridged'.
+
+
+
+
+
+
+
+
+
+
+
+
+ The visdkmanagedobject_state elements enumerates the different properties a Managed Entity might have. Managed Entities have the same object structure. However, fields within that object structure will be blank (null) if they do not apply to that Managed Entity.
+
+
+
+
+
+
+
+ The property entity holds a string that represents the object path and name of a particular setting for the Managed Entity. In the VMware Infrastructure SDK, property names are case-sensitive and thus case must be correct relative to the properties in the SDK. For example, a Virtual Machine might have ethernet0.connectionType of 'bridged'.
+
+
+
+
+ The value entity holds a string that represents a value that's associated with the specified setting for the Managed Entity. Some properties will return an array of values. In such cases consider each value individually and then make final evaluation based on the entity_check attribute.
+
+
+
+
+
+
+
+
+
+ The ViSdkManagedEntityBehaviors complex type defines a number of behaviors that allow a more detailed definition of the visdkmanagedobject_object being specified. Note that using these behaviors is *highly* encouraged because enumerating all Managed Objects in an inventory hierarchy could cause performance problems. Interpreters should enumerate only the entities specified by the behavior prior to set/filter logic and evaluation.
+
+
+
+ The ViSdkManagedEntityBehaviors complex type defines a number of behaviors that allow a more detailed definition of the visdkmanagedobject_object being specified. Note that using these behaviors is *highly* encouraged because enumerating all Managed Objects in an inventory hierarchy could cause performance problems. Interpreters should enumerate only the entities specified by the behavior prior to set/filter logic and evaluation.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateClassificationType complex type restricts a string value to a specific set of values that describe the classification of a given ESX Server patch. The empty string is also allowed to support an empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ Bug patches fix minor flaws that affect product functionality or behavior. Bug patches are optional. Before they are applied, one should determine whether they are necessary for your environment.
+
+
+
+
+ Roll‐up patches contain any number of bundles for ESX Server 3.0.3 or ESX Server 3.5 hosts. They can contain bug patches, update patches, and security patches. They do not contain upgrade bundles for minor releases or update bundles for maintenance releases.
+
+
+
+
+ Security patches fix one or more potential security vulnerabilities in the product. They should be implemented immediately to prevent the vulnerabilities from being exploited.
+
+
+
+
+ Update patches can contain new driver updates and small non‐intrusive enhancements. Before they are applied, one should determine whether they are necessary for your environment.
+
+
+
+
+ The empty string is also allowed to support an empty element associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateSupportLevelType complex type restricts a string value to a specific set of values that describe the support level of a given ESX Server patch. The empty string is also allowed to support an empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ Custom patches are special fixes provided to a customer. They are usually specific to customer's environment, and are most likely not required by customers not reporting the issue. Custom patches have been tested in the customer's environment.
+
+
+
+
+ Debugging patches are released to all customers and are used by VMware to troubleshoot complex product issues. They can contain debug messages and code, and drivers. Debugging patches usually require VMware assistance to install.
+
+
+
+
+ GA patches are released to all customers and have been thoroughly tested. They contain fixes for ESX Server 3 software issues.
+
+
+
+
+ Hot patches are released to specific customers for solving critical problems specific to their environment. They contain fixes for security issues or problems that can potentially cause data loss or severe service disruptions. Hot patches should be implemented immediately.
+
+
+
+
+ The empty string is also allowed to support an empty element associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/freebsd-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/freebsd-definitions-schema.xsd
new file mode 100644
index 0000000..c23c62b
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/freebsd-definitions-schema.xsd
@@ -0,0 +1,124 @@
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the FreeBSD specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ FreeBSD Definition
+ 5.8
+ 9/15/2010 1:55:33 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The port info test is used to check the properties of a component of a FreeBSD system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an portinfo_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ portinfo_test
+ portinfo_object
+ portinfo_state
+ portinfo_item
+
+
+
+
+
+ - the object child element of a portinfo_test must reference an portinfo_object
+
+
+ - the state child element of a portinfo_test must reference an portinfo_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The portinfo_object element is used by a port info test to define the specific FreeBSD package to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A port info object consists of a single pkginst element that identifies a specific package.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The portinfo_state element defines the different information that can be used to evaluate the specified package. This includes the name, category, version, vendor, and description. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of a package.
+
+
+
+
+
+
+
+
+
+ The version of a package.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/hpux-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/hpux-definitions-schema.xsd
new file mode 100644
index 0000000..a1b23c4
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/hpux-definitions-schema.xsd
@@ -0,0 +1,794 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the HP-UX specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ HP-UX Definition
+ 5.8
+ 9/15/2010 1:55:33 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ From /usr/bin/getconf. See getconf manpage for specific fields
+
+
+ getconf_test
+ getconf_object
+ getconf_state
+ getconf_item
+
+
+
+
+
+ - the object child element of an getconf_test must reference an getconf_object
+
+
+ - the state child element of an getconf_test must reference an getconf_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the parameter name to check.
+
+
+
+
+ This is the pathname to check. Note that pathname is optional in the getconf call. An empty pathname in OVAL should be interpreted as if it was not supplied to the getconf call.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the parameter name to check
+
+
+
+
+ This is the pathname to check. Note that pathname is optional in the getconf call. An empty pathname in OVAL should be interpreted as if it was not supplied to the getconf call.
+
+
+
+
+ The output produced by the getconf command.
+
+
+
+
+
+
+
+
+
+
+
+
+ From /usr/bin/ndd. See ndd manpage for specific fields
+
+
+ ndd_test
+ ndd_object
+ ndd_state
+ ndd_item
+
+
+
+
+
+ - the object child element of an ndd_test must reference an ndd_object
+
+
+ - the state child element of an ndd_test must reference an ndd_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of the device to examine.
+
+
+
+
+ The name of the parameter, For example, ip_forwarding.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of the device to examine.
+
+
+
+
+ The name of the parameter, For example, ip_forwarding.
+
+
+
+
+ The value of the named parameter.
+
+
+
+
+
+
+
+
+
+
+
+
+ From /usr/sbin/swlist -l patch PHxx_yyyyy. See swlist manpage for specific fields
+
+
+ patch53_test
+ patch53_object
+ patch53_state
+ patch_item
+
+
+
+
+
+ - the object child element of an patch53_test must reference an patch53_object
+
+
+ - the state child element of an patch53_test must reference an patch53_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ HP-UX patch names begin with 'PH'
+
+
+
+
+ The third and fourth characters in HP-UX patch names indicate the area of software being patched. CO - General HP-UX commands KL - Kernel patches NE - Network specific patches SS - All other subsystems (X11, starbase, etc.)
+
+
+
+
+ The sixth through tenth characters in HP-UX patch names represent a unique numeric identifier for the patch
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ HP-UX patch names begin with 'PH'
+
+
+
+
+ The third and fourth characters in HP-UX patch names indicate the area of software being patched. CO - General HP-UX commands KL - Kernel patches NE - Network specific patches SS - All other subsystems (X11, starbase, etc.)
+
+
+
+
+ The sixth through tenth characters in HP-UX patch names represent a unique numeric identifier for the patch
+
+
+
+
+
+
+
+
+
+ The Patch53Behaviors complex type defines a number of behaviors that allow a more detailed definition of the patch53_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ 'supersedence' specifies that the object should also match any superseding patches to the one being specified. In other words, if set to True the resulting object set would be the original patch specified plus any superseding patches. The default value is 'false' meaning the object should only match the specified patch.
+
+
+
+
+
+
+
+
+
+
+
+ From /usr/sbin/swlist -l patch PHxx_yyyyy. See swlist manpage for specific fields
+
+
+ patch_test
+ patch_object
+ patch_state
+ patch_item
+
+
+
+
+ 5.3
+ Replaced by the patch53_test. The patch_name entity was removed from the patch_object element, and replaced with the swtype, area_patched, and patch_base entities, because the patch_name element can be constructed from the swtype, area_patched, and patch_base entities. Likewise, the patch_name entity was removed from the patch_state element for the same reason. Also, a behaviors entity was added to the patch_object to allow the object to match both the original patch and any superseding patches. A new test was created to reflect these changes. See the patch53_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of an patch_test must reference an patch_object
+
+
+ - the state child element of an patch_test must reference an patch_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 5.3
+ Replaced by the patch53_object. The patch_name entity was removed from the patch_object element, and replaced with the swtype, area_patched, and patch_base entities, because the patch_name element can be constructed from the swtype, area_patched, and patch_base entities. Also, a behaviors entity was added to the patch_object to allow the object to match both the original patch and any superseding patches. A new object was created to reflect these changes. See the patch53_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the patch name to check.
+
+
+
+
+
+
+
+
+
+
+
+
+ 5.3
+ Replaced by the patch53_state. The patch_name entity was removed from the patch_state element, and replaced with the swtype, area_patched, and patch_base entities, because the patch_name element can be constructed from the swtype, area_patched, and patch_base entities. A new state was created to reflect these changes. See the patch53_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ This is the patch name to check
+
+
+
+
+ HP-UX patch names begin with 'PH'
+
+
+
+
+ The third and fourth characters in HP-UX patch names indicate the area of software being patched. CO - General HP-UX commands KL - Kernel patches NE - Network specific patches SS - All other subsystems (X11, starbase, etc.)
+
+
+
+
+ The sixth through tenth characters in HP-UX patch names represent a unique numeric identifier for the patch
+
+
+
+
+
+
+
+
+
+
+
+
+ Output of /usr/sbin/swlist command. Note: A quick way to check for the installation of a specific fileset is to use the command 'swlist -a version -l fileset filesetname'. See manpage for swlist for explanation of additional command options.
+
+
+ swlist_test
+ swlist_object
+ swlist_state
+ swlist_item
+
+
+
+
+
+ - the object child element of an swlist_test must reference an swlist_object
+
+
+ - the state child element of an swlist_test must reference an swlist_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the name of the bundle or fileset to check.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the name of the bundle or fileset to check.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This test allows for analysis of account settings in trusted HP-UX installations
+
+
+ trusted_test
+ trusted_object
+ trusted_state
+ trusted_item
+
+
+
+
+
+ - the object child element of an trusted_test must reference an trusted_object
+
+
+ - the state child element of an trusted_test must reference an trusted_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the name of the user being checked.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the name of the user being checked
+
+
+
+
+ The user's ID
+
+
+
+
+ This is the encrypted version of the user's password
+
+
+
+
+ The Account owner for pseudo-users
+
+
+
+
+ Boot authorization
+
+
+
+
+ getprpwaid uses the audit ID rather than the UID
+
+
+
+
+
+
+
+
+
+ Minimum time between password changes
+
+
+
+
+ Maximum password length in characters
+
+
+
+
+ Password expiration time in seconds
+
+
+
+
+ Trusted lifetime, after which the account is locked
+
+
+
+
+ Time of last successful password change
+
+
+
+
+ Time of last unsuccessful password change
+
+
+
+
+ Absolute account lifetime in seconds
+
+
+
+
+ Maximum time allowed between logins before the account is locked
+
+
+
+
+ The time in seconds before expiration when a warning will appear
+
+
+
+
+ Who can change this user's password
+
+
+
+
+ Allows user to use system-generated passwords
+
+
+
+
+ Whether a triviality check is performed on user-generated passwords
+
+
+
+
+ Determines if null passwords are allowed for this account
+
+
+
+
+ Allows password generator to use random printable ASCII characters
+
+
+
+
+ Allows password generator to use random letters
+
+
+
+
+ Specifies the times when the user may login to this account
+
+
+
+
+ The user ID of the user who last changed the password on the user's account, if it was not the account owner
+
+
+
+
+ The time of the last successful login using this account
+
+
+
+
+ The time of the last unsuccessful login using this account
+
+
+
+
+ The terminal or remote host associated with the last successful login to the account
+
+
+
+
+ The terminal or remote hosts associated with the last unsuccessful login to the account
+
+
+
+
+ The number of unsuccessful login attempts since that last successful login
+
+
+
+
+ The maximum number of unsuccessful login attempts before the account is locked
+
+
+
+
+ Indicates whether the administrative lock on the account is set
+
+
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/independent-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/independent-definitions-schema.xsd
new file mode 100644
index 0000000..06f14cf
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/independent-definitions-schema.xsd
@@ -0,0 +1,2336 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the tests found in Open Vulnerability and Assessment Language (OVAL) that are independent of a specific piece of software. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Independent Definition
+ 5.8
+ 9/15/2010 1:55:33 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The family_test element is used to check the family a certain system belongs to. This test basically allows the high level system types (window, unix, ios, etc.) to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a family_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ family_test
+ family_object
+ family_state
+ family_item
+
+
+
+
+
+ - the object child element of a family_test must reference a family_object
+
+
+ - the state child element of a family_test must reference a family_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The family_object element is used by a family test to define those objects to evaluate based on a specified state. There is actually only one object relating to family and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check the family will reference the same family_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The family_state element contains a single entity that is used to check the family associated with the system. The family is a high-level classification of system types.
+
+
+
+
+
+
+
+ This element describes the high-level system OS type to test against. Please refer to the definition of the EntityFamilyType for more information about the possible values..
+
+
+
+
+
+
+
+
+
+
+
+
+ The file hash test is used to check the hashes associated with a specified file. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a filehash_object and the optional state element specifies the different hashes to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ filehash_test
+ filehash_object
+ filehash_state
+ filehash_item
+
+
+
+
+ 5.8
+ Replaced by the filehash58_test.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of a filehash_test must reference a filesha1_object
+
+
+ - the state child element of a filehash_test must reference a filesha1_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The filehash_object element is used by a file hash test to define the specific file(s) to be evaluated. The filehash_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A filehash_object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileBehaviors complex type for more information about specific behaviors.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+ 5.8
+ Replaced by the filehash58_object.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth and recurse_direction behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of the file.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The filehash_state element contains entities that are used to check the file path, name, and the different hashes associated with a specific file.
+
+
+ 5.8
+ Replaced by the filehash58_state.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of the file.
+
+
+
+
+ The md5 element is the md5 hash of the file.
+
+
+
+
+ The sha1 element is the sha1 hash of the file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The file hash test is used to check a specific hash type associated with a specified file. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a filehash58_object and the optional state element specifies an expected hash value. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ filehash58_test
+ filehash58_object
+ filehash58_state
+ filehash58_item
+
+
+
+
+
+ - the object child element of a filehash58_test must reference a filehash58_object
+
+
+ - the state child element of a filehash58_test must reference a filehash58_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The filehash58_object element is used by a file hash test to define the specific file(s) to be evaluated. The filehash58_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A filehash58_object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileBehaviors complex type for more information about specific behaviors.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth and recurse_direction behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path entity specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename entity specifies the name of the file.
+
+
+
+
+
+
+ The hash_type entity specifies the hash algorithm to use when collecting the hash for each of the specifed files.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filehash58_state element contains entities that are used to check the file path, name, hash_type, and hash associated with a specific file.
+
+
+
+
+
+
+
+ The filepath entity specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path entity specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename entity specifies the name of the file.
+
+
+
+
+ The hash_type entity specifies the hash algorithm to use when collecting the hash for each of the specifed files.
+
+
+
+
+ The hash entity specifies the result of applying the hash algorithm to the file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The environmentvariable_test element is used to check an environment variable found on the system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a environmentvariable_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ environmentvariable_test
+ environmentvariable_object
+ environmentvariable_state
+ environmentvariable_item
+
+
+
+
+ 5.8
+ Replaced by the environmentvariable58_test.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of an environmentvariable_test must reference a environmentvariable_object
+
+
+ - the state child element of an environmentvariable_test must reference a environmentvariable_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The environmentvariable_object element is used by an environment variable test to define the specific environment variable(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+ 5.8
+ Replaced by the environmentvariable58_object.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+ This element describes the name of an environment variable.
+
+
+
+
+
+
+
+
+
+
+ The environmentvariable_state element contains two entities that are used to check the name of the specified environment variable and the value associated with it.
+
+
+ 5.8
+ Replaced by the environmentvariable58_state.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ This element describes the name of an environment variable.
+
+
+
+
+ The actual value of the specified environment variable.
+
+
+
+
+
+
+
+
+
+
+
+
+ The environmentvariable_test element is used to check an environment variable for the specified process, which is identified by its process ID, on the system . It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a environmentvariable_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ environmentvariable58_test
+ environmentvariable58_object
+ environmentvariable58_state
+ environmentvariable58_item
+
+
+
+
+
+ - the object child element of an environmentvariable58_test must reference a environmentvariable58_object
+
+
+ - the state child element of an environmentvariable58_test must reference a environmentvariable58_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The environmentvariable58_object element is used by an environmentvariable_test to define the specific environment variable(s) and process IDs to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The process ID of the process from which the environment variable should be retrieved. If the xsi:nil attribute is set to true, the process ID shall be the tool's running process.
+
+
+
+
+ This element describes the name of an environment variable.
+
+
+
+
+
+
+
+
+
+
+
+
+ The environmentvariable_state element contains three entities that are used to check the name of the specified environment variable, the process ID of the process from which the environment variable was retrieved, and the value associated with the environment variable.
+
+
+
+
+
+
+
+ The process ID of the process from which the environment variable was retrieved.
+
+
+
+
+ This element describes the name of an environment variable.
+
+
+
+
+ The actual value of the specified environment variable.
+
+
+
+
+
+
+
+
+
+
+
+
+ The LDAP test is used to check information about specific entries in an LDAP directory. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an ldap_object and the optional state element, ldap_state, specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ ldap_test
+ ldap_object
+ ldap_state
+ ldap_item
+
+
+
+
+ 5.7
+ Replaced by the ldap57_test. This test allows for single fields to be selected from a ldap. A new test was created to allow more than one field to be selected in one statement. See the ldap57_test.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of an ldap_test must reference an ldap_object
+
+
+ - the state child element of an ldap_test must reference an ldap_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The ldap_object element is used by an LDAP test to define the objects to be evaluated based on a specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+ 5.7
+ Replaced by the ldap57_object. This object allows for single fields to be selected from ldap. A new object was created to allow more than one field to be selected in one statement. See the ldap57_object.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.
+
+
+
+
+ The relative_dn field is used to uniquely identify an object inside the specified suffix. It contains all of the parts of the object's distinguished name except those outlined by the suffix. If the xsi:nil attribute is set to true, then the object being specified is the higher level suffix. In this case, the relative_dn element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every relative distinguished name under a given suffix.
+
+
+
+
+ Specifies a named value contained by the object. If the xsi:nil attribute is set to true, the attribute element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every attribute under a given relative distinguished name.
+
+
+
+
+
+
+
+
+
+
+
+ The ldap_state element defines the different information that can be used to evaluate the specified entries in an LDAP directory. An ldap_test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.7
+ Replaced by the ldap57_state. This state allows for single fields to be selected from ldap. A new state was created to allow more than one field to be selected in one statement. See the ldap57_state.
+ This state has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.
+
+
+
+
+ The relative_dn field is used to uniquely identify an object inside the specified suffix. It contains all of the parts of the object's distinguished name except those outlined by the suffix. If the xsi:nil attribute is set to true, then the object being specified is the higher level suffix. In this case, the relative_dn element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every relative distinguished name under a given suffix. Note that when xsi:nil is used for the relative_dn element, the attribute element should also have the xsi:nil attribute set to true.
+
+
+
+
+ Specifies a named value contained by the object.
+
+
+
+
+ The name of the class of which the object is an instance.
+
+
+
+
+ Specifies the type of information that the specified attribute represents.
+
+
+
+
+ The actual value of the specified LDAP attribute.
+
+
+
+
+
+
+
+
+
+ The LdapBehaviors complex type defines a number of behaviors that allow a more detailed definition of the ldap_object being specified.
+
+
+
+ 'scope' defines the depth from the base distinguished name to which the search should occur. The base distinguished name is the starting point of the search and is composed of the specified suffix and relative distinguished name. A value of 'BASE' indicates to search only the entry at the base distinguished name, a value of 'ONE' indicates to search all entries one level under the base distinguished name - but NOT including the base distinguished name, and a value of 'SUBTREE' indicates to search all entries at all levels under, and including, the specified base distinguished name. The default value is 'BASE'.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The LDAP test is used to check information about specific entries in an LDAP directory. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an ldap57_object and the optional state element, ldap57_state, specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ ldap57_test
+ ldap57_object
+ ldap57_state
+ ldap57_item
+
+
+
+
+
+ - the object child element of an ldap57_test must reference an ldap57_object
+
+
+ - the state child element of an ldap57_test must reference an ldap57_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The ldap57_object element is used by an LDAP test to define the objects to be evaluated based on a specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+ Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.
+
+
+
+
+ The relative_dn field is used to uniquely identify an object inside the specified suffix. It contains all of the parts of the object's distinguished name except those outlined by the suffix. If the xsi:nil attribute is set to true, then the object being specified is the higher level suffix. In this case, the relative_dn element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every relative distinguished name under a given suffix.
+
+
+
+
+ Specifies a named value contained by the object. If the xsi:nil attribute is set to true, the attribute element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every attribute under a given relative distinguished name.
+
+
+
+
+
+
+
+
+
+
+
+
+ The ldap57_state element defines the different information that can be used to evaluate the specified entries in an LDAP directory. An ldap57_test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.
+
+
+
+
+ The relative_dn field is used to uniquely identify an object inside the specified suffix. It contains all of the parts of the object's distinguished name except those outlined by the suffix. If the xsi:nil attribute is set to true, then the object being specified is the higher level suffix. In this case, the relative_dn element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every relative distinguished name under a given suffix. Note that when xsi:nil is used for the relative_dn element, the attribute element should also have the xsi:nil attribute set to true.
+
+
+
+
+ Specifies a named value contained by the object.
+
+
+
+
+ The name of the class of which the object is an instance.
+
+
+
+
+ Specifies the type of information that the specified attribute represents.
+
+
+
+
+ The actual value of the specified LDAP attribute. Note that while an LDAP attribute can contain structured data where it is necessary to collect multiple related fields that can be described by the 'record' datatype, it is not always the case. It also is possible that an LDAP attribute can contain only a single value or an array of values. In these cases, there is not a name to uniquely identify the corresponding field which is a requirement for fields in the 'record' datatype. As a result, the name of the LDAP attribute will be used to uniquely identify the field and satisfy this requirement.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sql test is used to check information stored in a database. It is often the case that applications store configuration settings in a database as opposed to a file. This test has been designed to enable those settings to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wmi_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ sql_test
+ sql_object
+ sql_state
+ sql_item
+
+
+
+
+ 5.7
+ Replaced by the sql57_test. This test allows for single fields to be selected from a database. A new test was created to allow more than one field to be selected in one statement. See the sql57_test.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of a sql_test must reference a sql_object
+
+
+ - the state child element of a sql_test must reference a sql_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sql_object element is used by a sql test to define the specific database and query to be evaluated. Connection information is supplied allowing the tool to connect to the desired database and a query is supplied to call out the desired setting. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+ 5.7
+ Replaced by the sql57_object. This object allows for single fields to be selected from a database. A new object was created to allow more than one field to be selected in one statement. See the sql57_object.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The engine entity defines the specific database engine to use. Any tool looking to collect information about this object will need to know the engine in order to use the appropriate drivers to establish a connection.
+
+
+
+ - operation attribute for the engine entity of an sql_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ The version entity defines the specific version of the database engine to use. This is also important in determining the correct driver to use for establishing a connection.
+
+
+
+ - operation attribute for the version entity of an sql_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ The connection_string entity defines specific connection parameters to be used in connecting to the database. This will help a tool connect to the correct database.
+
+
+
+ - operation attribute for the connection_string entity of an sql_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ The sql entity defines a query used to identify the object(s) to test against. Any valid SQL query is usable with one exception, at most one field is allowed in the SELECT portion of the query. For example SELECT name FROM ... is valid, as is SELECT 'true' FROM ..., but SELECT name, number FROM ... is not valid. This is because the result element in the data section is only designed to work against a single field.
+
+
+
+ - operation attribute for the sql entity of an sql_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sql_state element contains two entities that are used to check the name of the specified field and the value associated with it.
+
+
+ 5.7
+ Replaced by the sql57_state. This state allows for single fields to be selected from a database. A new state was created to allow more than one field to be selected in one statement. See the sql57_state.
+ This state has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ The engine entity defines a specific database engine.
+
+
+
+
+ The version entity defines a specific version of a given database engine.
+
+
+
+
+ The connection_string entity defines a set of parameters that help identify the connection to the database.
+
+
+
+
+ the sql entity defines a query used to identify the object(s) to test against.
+
+
+
+
+ The result entity specifies how to test objects in the result set of the specified SQL statement. Only one comparable field is allowed. So if the SQL statement look like 'SELECT name FROM ...', then a result entity with a value of 'Fred' would test the set of 'name' values returned by the SQL statement against the value 'Fred'.
+
+
+
+
+
+
+
+
+
+
+
+
+ The sql test is used to check information stored in a database. It is often the case that applications store configuration settings in a database as opposed to a file. This test has been designed to enable those settings to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wmi_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ sql57_test
+ sql57_object
+ sql57_state
+ sql57_item
+
+
+
+
+
+ - the object child element of a sql57_test must reference a sql57_object
+
+
+ - the state child element of a sql57_test must reference a sql57_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sql57_object element is used by a sql test to define the specific database and query to be evaluated. Connection information is supplied allowing the tool to connect to the desired database and a query is supplied to call out the desired setting. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The engine entity defines the specific database engine to use. Any tool looking to collect information about this object will need to know the engine in order to use the appropriate drivers to establish a connection.
+
+
+
+ - operation attribute for the engine entity of an sql57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ The version entity defines the specific version of the database engine to use. This is also important in determining the correct driver to use for establishing a connection.
+
+
+
+ - operation attribute for the version entity of an sql57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ The connection_string entity defines specific connection parameters to be used in connecting to the database. This will help a tool connect to the correct database.
+
+
+
+ - operation attribute for the connection_string entity of an sql57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ The sql entity defines a query used to identify the object(s) to test against. Any valid SQL query is usable with one exception, all fields must be named in the SELECT portion of the query. For example, SELECT name, number FROM ... is valid. However, SELECT * FROM ... is not valid. This is because the record element in the state and item require a unique field name value to ensure that any query results can be evaluated consistantly.
+
+
+
+ - operation attribute for the sql entity of an sql57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sql57_state element contains two entities that are used to check the name of the specified field and the value associated with it.
+
+
+
+
+
+
+
+ The engine entity defines a specific database engine.
+
+
+
+
+ The version entity defines a specific version of a given database engine.
+
+
+
+
+ The connection_string entity defines a set of parameters that help identify the connection to the database.
+
+
+
+
+ the sql entity defines a query used to identify the object(s) to test against.
+
+
+
+
+ The result entity specifies how to test objects in the result set of the specified SQL statement.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The textfilecontent54_test element is used to check the contents of a text file (aka a configuration file) by looking at individual blocks of text. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a textfilecontent54_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ textfilecontent54_test
+ textfilecontent54_object
+ textfilecontent54_state
+ textfilecontent_item
+
+
+
+
+
+ - the object child element of a textfilecontent54_test must reference a textfilecontent54_object
+
+
+ - the state child element of a textfilecontent54_test must reference a textfilecontent54_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The textfilecontent54_object element is used by a textfilecontent_test to define the specific block(s) of text of a file(s) to be evaluated. The textfilecontent54_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth and recurse_direction behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename entity specifies the name of a file.
+
+
+
+
+
+
+ The pattern entity defines a chunk of text in a file and is represented using a regular expression. A subexpression (using parentheses) can call out a piece of the text block to test. For example, the pattern abc(.*)xyz would look for a block of text in the file that starts with abc and ends with xyz, with the subexpression being all the characters that exist in between. The value of the subexpression can then be tested using the subexpression entity of a textfilecontent54_state. Note that if the pattern, starting at the same point in the file, matches more than one block of text, then it matches the longest. For example, given a file with abcdefxyzxyzabc, then the pattern abc(.*)xyz would match the block abcdefxyzxyz. Subexpressions also match the longest possible substrings, subject to the constraint that the whole match be as long as possible, with subexpressions starting earlier in the pattern taking priority over ones starting later.
+ Note that when using regular expressions, OVAL supports a common subset of the regular expression character classes, operations, expressions and other lexical tokens defined within Perl 5's regular expression specification. For more information on the supported regular expression syntax in OVAL see: http://oval.mitre.org/language/about/re_support_5.6.html.
+
+
+
+ - operation attribute for the pattern entity of a textfilecontent54_object should be 'pattern match'
+
+
+
+
+
+
+
+ The instance entity calls out a specific match of the pattern. The first match is given an instance value of 1, the second match is given an instance value of 2, and so on. Note that the main purpose of this entity is to provide uniqueness for different textfilecontent_items that results from multiple matches of a given pattern against the same file. Most likely this entity will be defined as greater than or equal to 1 which would result in the object representing the set of all matches of the pattern.
+
+
+
+
+
+
+
+
+
+
+
+
+ The textfilecontent54_state element contains entities that are used to check the file path and name, as well as the text block in question and the value of the subexpressions.
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename entity represents the name of a file.
+
+
+
+
+ The pattern entity represents a regular expression that is used to define a block of text.
+
+
+
+
+ The instance entity calls out a specific match of the pattern.
+
+
+
+
+ The text entity represents the block of text that matched the specified pattern.
+
+
+
+
+ The subexpression entity represents a value to test against the subexpression in the specified pattern. If multiple subexpressions are specified in the pattern, this value is tested against all of them. For example, if the pattern abc(.*)mno(.*)xyp was supplied, and the state specifies a subexpression value of enabled, then the test would check that both (or at least one, none, etc. depending on the entity_check attribute) of the subexpressions have a value of enabled.
+
+
+
+
+
+
+
+
+
+ The Textfilecontent54Behaviors complex type defines a number of behaviors that allow a more detailed definition of the textfilecontent54_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+ The Textfilecontent54Behaviors extend the ind-def:FileBehaviors and therefore include the behaviors defined by that type.
+
+
+
+
+
+ 'ignore_case' indicates whether case should be considered when matching system values against the regular expression provided by the pattern entity. This behavior is intended to align with the Perl regular expression 'i' modifier: if true, case will be ignored. If false, case will not be ignored. The default is false.
+
+
+
+
+ 'multiline' enables multiple line semantics in the regular expression provided by the pattern entity. This behavior is intended to align with the Perl regular expression 'm' modifier: if true, the '^' and '$' metacharacters will match both at the beginning/end of a string, and immediately after/before newline characters. If false, they will match only at the beginning/end of a string. The default is true.
+
+
+
+
+ 'singleline' enables single line semantics in the regular expression provided by the pattern entity. This behavior is intended to align with the Perl regular expression 's' modifier: if true, the '.' metacharacter will match newlines. If false, it will not. The default is false.
+
+
+
+
+
+
+
+
+
+
+ The textfilecontent_test element is used to check the contents of a text file (aka a configuration file) by looking at individual lines. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a textfilecontent_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ textfilecontent_test
+ textfilecontent_object
+ textfilecontent_state
+ textfilecontent_item
+
+
+
+
+ 5.4
+ Replaced by the textfilecontent54_test. Support for multi-line pattern matching and multi-instance matching was added. Therefore, a new test was created to reflect these changes. See the textfilecontent54_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of a textfilecontent_test must reference a textfilecontent_object
+
+
+ - the state child element of a textfilecontent_test must reference a textfilecontent_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The textfilecontent_object element is used by a text file content test to define the specific line(s) of a file(s) to be evaluated. The textfilecontent_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+ 5.4
+ Replaced by the textfilecontent54_object. Support for multi-line pattern matching and multi-instance matching was added. Therefore, a new object was created to reflect these changes. See the textfilecontent54_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of the file.
+
+
+
+
+ The line element represents a line in the file and is represented using a regular expression. A single subexpression can be called out using parentheses. The value of this subexpression can then be checked using a textfilecontent_state.
+ Note that when using regular expressions, OVAL supports a common subset of the regular expression character classes, operations, expressions and other lexical tokens defined within Perl 5's regular expression specification. For more information on the supported regular expression syntax in OVAL see: http://oval.mitre.org/language/about/re_support_5.6.html.
+
+
+
+ - operation attribute for the line entity of a textfilecontent_object should be 'pattern match'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The textfilecontent_state element contains entities that are used to check the file path and name, as well as the line in question and the value of the specific subexpression.
+
+
+ 5.4
+ Replaced by the textfilecontent54_state. Support for multi-line pattern matching and multi-instance matching was added. Therefore, a new state was created to reflect these changes. See the textfilecontent54_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The name of the file.
+
+
+
+
+ The line element represents a line in the file that was collected.
+
+
+
+
+ Each subexpression in the regular expression of the line element is then tested against the value specified in the subexpression element.
+
+
+
+
+
+
+
+
+
+
+
+
+ An unknown test acts as a placeholder for tests whose implementation is unknown. Any information that is known about the test should be held in the notes child element that is available through the extension of the abstract test element. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. Note that for an unknown test, the required check attribute that is part of the extended TestType should be ignored during evaluation and hence can be set to any valid value.
+
+
+
+
+
+
+
+
+
+
+
+
+ The variable test allows the value of a variable to be compared to a defined value. As an example one might use this test to validate that a variable being passed in from an external source falls within a specified range. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a variable_object and the optional state element specifies the value to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ variable_test
+ variable_object
+ variable_state
+ variable_item
+
+
+
+
+
+ - the object child element of a variable_test must reference a variable_object
+
+
+ - the state child element of a variable_test must reference a variable_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The id of the variable you want.
+
+
+
+ - var_ref attribute for the var_ref entity of a variable_object is prohibited.
+
+
+
+
+
+ - referenced variable not found. The var_ref entity must hold a variable id that exists in the document.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The variable_state element contains two entities that are used to check the var_ref of the specified varible and the value associated with it.
+
+
+
+
+
+
+
+ The id of the variable.
+
+
+
+ - var_ref attribute for the var_ref entity of a variable_state is prohibited.
+
+
+
+
+
+ - referenced variable not found. The var_ref entity must hold a variable id that exists in the document.
+
+
+
+
+
+
+
+ The value of the variable.
+
+
+
+
+
+
+
+
+
+
+
+
+ The xmlfilecontent_test element is used to explore the contents of an xml file. This test allows specific pieces of an xml document specified using xpath to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a xmlfilecontent_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ xmlfilecontent_test
+ xmlfilecontent_object
+ xmlfilecontent_state
+ xmlfilecontent_item
+
+
+
+
+
+ - the object child element of a xmlfilecontent_test must reference a xmlfilecontent_object
+
+
+ - the state child element of a xmlfilecontent_test must reference a xmlfilecontent_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The xmlfilecontent_object element is used by a xml file content test to define the specific piece of an xml file(s) to be evaluated. The xmlfilecontent_object will only collect regular files on UNIX systems and FILE_TYPE_DISK files on Windows systems. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth and recurse_direction behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of the file.
+
+
+
+
+
+
+ Specifies an Xpath expression describing the text node(s) or attribute(s) to look at. Any valid Xpath 1.0 statement is usable with one exception, at most one field may be identified in the Xpath. This is because the value_of element in the data section is only designed to work against a single field. The only valid operator for xpath is equals since there is an infinite number of possible xpaths and determinining all those that do not equal a give xpath would be impossible.
+
+
+
+ - operation attribute for the xpath entity of a xmlfilecontent_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The xmlfilecontent_state element contains entities that are used to check the file path and name, as well as the xpath used and the value of the this xpath.
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of the file.
+
+
+
+
+ Specifies an Xpath expression describing the text node(s) or attribute(s) to look at.
+
+
+
+
+ The value_of element checks the value(s) of the text node(s) or attribute(s) found.
+
+
+
+
+
+
+
+
+
+
+
+
+ The FileBehaviors complex type defines a number of behaviors that allow a more detailed definition of a set of files or file related items to collect. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+ 'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. For a 'max_depth' of -1 or any value of 1 or more the starting directory must be considered in the recursive search.
+ Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recursion off.
+
+
+
+
+
+
+
+
+
+
+ 'recurse' defines how to recurse into the path entity, in other words what to follow during recursion. Options include symlinks, directories, or both. Note that a max-depth has to be specified for recursion to take place and for this attribute to mean anything. Also note that this behavior does not apply to Windows systems since they do not support symbolic links. On Windows systems the 'recurse' behavior is always equivalent to directories.
+
+
+
+
+
+
+
+
+
+
+
+ 'recurse_direction' defines the direction to recurse, either 'up' to parent directories, or 'down' into child directories. The default value is 'none' for no recursion.
+
+
+
+
+
+
+
+
+
+
+
+ 'recurse_file_system' defines the file system limitation of any recursion, either 'local' limiting data collection to local file systems (as opposed to file systems mounted from an external system), or 'defined' to keep any recursion within the file system that the file_object (path+filename) has specified. The default value is 'all' meaning to use all available file systems for data collection.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectEngineType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a valid database engine. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ The access value describes the Microsoft Access database engine.
+
+
+
+
+ The db2 value describes the IBM DB2 database engine.
+
+
+
+
+ The cache value describes the InterSystems Cache database engine.
+
+
+
+
+ The firebird value describes the Firebird database engine.
+
+
+
+
+ The firstsql value describes the FirstSQL database engine.
+
+
+
+
+ The foxpro value describes the Microsoft FoxPro database engine.
+
+
+
+
+ The informix value describes the IBM Informix database engine.
+
+
+
+
+ The ingres value describes the Ingres database engine.
+
+
+
+
+ The interbase value describes the Embarcadero Technologies InterBase database engine.
+
+
+
+
+ The lightbase value describes the Light Infocon LightBase database engine.
+
+
+
+
+ The maxdb value describes the SAP MaxDB database engine.
+
+
+
+
+ The monetdb value describes the MonetDB SQL database engine.
+
+
+
+
+ The mimer value describes the Mimer SQL database engine.
+
+
+
+
+ The oracle value describes the Oracle database engine.
+
+
+
+
+ The paradox value describes the Paradox database engine.
+
+
+
+
+ The pervasive value describes the Pervasive PSQL database engine.
+
+
+
+
+ The postgre value describes the PostgreSQL database engine.
+
+
+
+
+ The sqlbase value describes the Unify SQLBase database engine.
+
+
+
+
+ The sqlite value describes the SQLite database engine.
+
+
+
+
+ The sqlserver value describes the Microsoft SQL database engine.
+
+
+
+
+ The sybase value describes the Sybase database engine.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateEngineType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a valid database engine. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ The access value describes the Microsoft Access database engine.
+
+
+
+
+ The db2 value describes the IBM DB2 database engine.
+
+
+
+
+ The cache value describes the InterSystems Cache database engine.
+
+
+
+
+ The firebird value describes the Firebird database engine.
+
+
+
+
+ The firstsql value describes the FirstSQL database engine.
+
+
+
+
+ The foxpro value describes the Microsoft FoxPro database engine.
+
+
+
+
+ The informix value describes the IBM Informix database engine.
+
+
+
+
+ The ingres value describes the Ingres database engine.
+
+
+
+
+ The interbase value describes the Embarcadero Technologies InterBase database engine.
+
+
+
+
+ The lightbase value describes the Light Infocon LightBase database engine.
+
+
+
+
+ The maxdb value describes the SAP MaxDB database engine.
+
+
+
+
+ The monetdb value describes the MonetDB SQL database engine.
+
+
+
+
+ The mimer value describes the Mimer SQL database engine.
+
+
+
+
+ The oracle value describes the Oracle database engine.
+
+
+
+
+ The paradox value describes the Paradox database engine.
+
+
+
+
+ The pervasive value describes the Pervasive PSQL database engine.
+
+
+
+
+ The postgre value describes the PostgreSQL database engine.
+
+
+
+
+ The sqlbase value describes the Unify SQLBase database engine.
+
+
+
+
+ The sqlite value describes the SQLite database engine.
+
+
+
+
+ The sqlserver value describes the Microsoft SQL database engine.
+
+
+
+
+ The sybase value describes the Sybase database engine.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateFamilyType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a high-level family of system operating system. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ The catos value describes the Cisco CatOS operating system.
+
+
+
+
+ The ios value describes the Cisco IOS operating system.
+
+
+
+
+ The macos value describes the Mac operating system.
+
+
+
+
+ The pixos value describes the Cisco PIX operating system.
+
+
+
+
+ The undefined value is to be used when the desired family is not available.
+
+
+
+
+ The unix value describes the UNIX operating system.
+
+
+
+
+ The vmware_infrastructure value describes VMWare Infrastructure.
+
+
+
+
+ The windows value describes the Microsoft Windows operating system.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityObjectHashTypeType complex type restricts a string value to a specific set of values that specify the different hash algorithms that are supported. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ The MD5 hash algorithm.
+
+
+
+
+ The SHA-1 hash algorithm.
+
+
+
+
+ The SHA-224 hash algorithm.
+
+
+
+
+ The SHA-256 hash algorithm.
+
+
+
+
+ The SHA-384 hash algorithm.
+
+
+
+
+ The SHA-512 hash algorithm.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateHashTypeType complex type restricts a string value to a specific set of values that specify the different hash algorithms that are supported. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ The MD5 hash algorithm.
+
+
+
+
+ The SHA-1 hash algorithm.
+
+
+
+
+ The SHA-224 hash algorithm.
+
+
+
+
+ The SHA-256 hash algorithm.
+
+
+
+
+ The SHA-384 hash algorithm.
+
+
+
+
+ The SHA-512 hash algorithm.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityObjectVariableRefType complex type defines a string object entity that has a valid OVAL variable id as the value. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+
+
+
+
+ The EntityStateVariableRefType complex type defines a string state entity that has a valid OVAL variable id as the value. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+
+
+
+
+ The EntityStateLdaptypeType complex type restricts a string value to a specific set of values that specify the different types of information that an ldap attribute can represent. The empty string is also allowed to support empty elements associated with variable references.
+
+
+
+
+
+ The data type is the attribute type description.
+
+
+
+
+ The string is of Distinguished Name (path) of a directory service object.
+
+
+
+
+ The bit string type.
+
+
+
+
+ The string is displayable on screen or in print.
+
+
+
+
+ The string is of a numeral to be interpreted as text.
+
+
+
+
+ The data is of a Boolean value.
+
+
+
+
+ The data is of an integer value.
+
+
+
+
+ The data is of the universal time as expressed in Universal Time Coordinate (UTC).
+
+
+
+
+ The data is of generalized time.
+
+
+
+
+ The directory string.
+
+
+
+
+ The object class description type.
+
+
+
+
+ The data is binary.
+
+
+
+
+ The data is of a time stamp in seconds.
+
+
+ 5.7
+ This value was accidently carried over from the win-def:EntityStateAdstypeType as it was used as a template for the ind-def:EntityStateLdaptypeType.
+ This value has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED ELEMENT VALUE IN: ldap_state ELEMENT VALUE:
+
+
+
+
+
+
+
+
+ The data is of an e-mail message.
+
+
+ 5.7
+ This value was accidently carried over from the win-def:EntityStateAdstypeType as it was used as a template for the ind-def:EntityStateLdaptypeType.
+ This value has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED ELEMENT VALUE IN: ldap_state ELEMENT VALUE:
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/ios-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/ios-definitions-schema.xsd
new file mode 100644
index 0000000..c38e0d4
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/ios-definitions-schema.xsd
@@ -0,0 +1,680 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the IOS specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ IOS Definition
+ 5.8
+ 9/15/2010 1:55:33 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The global test is used to check for the existence of a particular line in the ios config file under the global context. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a global_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ global_test
+ global_object
+ global_state
+ global_item
+
+
+
+
+
+ - the object child element of a global_test must reference a global_object
+
+
+ - the state child element of a global_test must reference a global_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The global_object element is used by a global test to define the object to be evaluated. For the most part this object checks for existence and is used without a state comparision. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The global_command entity identifies a specific line in the ios config file under the global context.
+
+
+
+
+
+
+
+
+
+
+
+
+ The global_state element defines the different information that can be found in the ios config file under the global context. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The global_command entity identifies a specific line in the ios config file under the global context.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ interface_test
+ interface_object
+ interface_state
+ interface_item
+
+
+
+
+
+ - the object child element of an interface_test must reference an interface_object
+
+
+ - the state child element of an interface_test must reference an interface_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The line test is used to check the properties of specific output lines from a SHOW command, such as show running-config. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a line_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ line_test
+ line_object
+ line_state
+ line_item
+
+
+
+
+
+ - the object child element of a line_test must reference a line_object
+
+
+ - the state child element of a line_test must reference a line_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The line_object element is used by a line test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A line object consists of a show_subcommand entity that is the name of a SHOW sub-command to be tested.
+
+
+
+
+
+
+
+
+
+
+ The name of a SHOW sub-command.
+
+
+
+
+
+
+
+
+
+
+
+
+ The line_state element defines the different information that can be used to evaluate the result of a specific SHOW sub-command. This includes the name of ths sub-command and the corresponding config line. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The name of the SHOW sub-command.
+
+
+
+
+ The value returned from by the specified SHOW sub-command.
+
+
+
+
+
+
+
+
+
+
+
+
+ Tests if lines under the global context associated with snmp that have a specifiec access list or cmmunity name.
+
+
+ snmp_test
+ snmp_object
+ snmp_state
+ snmp_item
+
+
+
+
+
+ - the object child element of a snmp_test must reference a snmp_object
+
+
+ - the state child element of a snmp_test must reference a snmp_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The snmp_object element is used by a snmp test to define those objects to evaluated based on a specified state. There is actually only one object relating to snmp and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check snmp will reference the same snmp_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The tclsh test is used to check tclsh information of the IOS operating system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a tclsh_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ tclsh_test
+ tclsh_object
+ tclsh_state
+ tclsh_item
+
+
+
+
+
+ - the object child element of a tclsh_test must reference a tclsh_object
+
+
+ - the state child element of a tclsh_test must reference a tclsh_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The tclsh_object element is used by a tclsh test to define those objects to evaluated based on a specified state. There is actually only one object relating to tchlsh and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check tclsh will reference the same tclsh_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The tclsh_state element defines information about TCLSH. This includes the available entity which describes whether TCLSH is available on the system. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This boolean entity describes whether TCLSH is available on the system. A value of true means that TCLSH is available.
+
+
+
+
+
+
+
+
+
+
+
+
+ The version55_test is used to check the version of the IOS operating system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ version55_test
+ version55_object
+ version55_state
+ version_item
+
+
+
+
+
+ - the object child element of a version55_test must reference a version_object
+
+
+ - the state child element of a version55_test must reference a version_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version55_object element is used by a version55_test to define the different version information associated with an IOS system. There is actually only one object relating to version and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version55_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The version55_state element defines the version information held within a Cisco IOS Train. A Cisco IOS train is a vehicle for delivering releases that evolve from a common code base.
+
+
+
+
+
+
+
+ The major_version entity is used to check the major version piece of the version string. The value is an integer and in the example 12.4(9)T0a the major version is '12'.
+
+
+
+
+ The minor_version entity is used to check the minor version piece of the version string. The value is an integer and in the example 12.4(9)T0a the minor version is '4'.
+
+
+
+
+ The release entity is used to check the release piece of the version string. The value is an integer and in the example 12.4(9)T0a the release is '9'.
+
+
+
+
+ The train_identifier entity is used to check the type of train represented in the version string. The value is a string and in the example 12.4(9)T0a the train identifier is 'T'. The following explaination from Wikipedia should help explain the different train identifiers. Cisco IOS releases are split into several "trains", each containing a different set of features. Trains more or less map onto distinct markets or groups of customers that Cisco is targeting. The 'mainline' train is designed to be the most stable release the company can offer, and its feature set never expands during its lifetime. Updates are released only to address bugs in the product. The previous technology train becomes the source for the current mainline train--for example, the 12.1T train becomes the basis for the 12.2 mainline. Therefore, to determine the features available in a particular mainline release, look at the previous T train release. The 'T' (Technology) train, gets new features and bug fixes throughout its life, and is therefore less stable than the mainline. (In releases prior to Cisco IOS Release 12.0, the P train served as the Technology train.) The 'S' (Service Provider) train, runs only on the company's core router products and is heavily customized for Service Provider customers. The 'E' (Enterprise) train, is customized for implementation in enterprise environments. The 'B' (broadband) train, support internet based broadband features. The 'XA', 'Xb' ... (special functionality) train, needs to be documented. There are other trains from time to time, designed for specific needs -- for example, the 12.0AA train contained new code required for Cisco's AS5800 product.
+
+
+
+
+ The rebuild entity is used to check the rebuild piece of the version string. The value is an integer and in the example 12.4(9)T0a the rebuild is '0'. Often a rebuild is compiled to fix a single specific problem or vulnerability for a given IOS version. For example, 12.1(8)E14 is a Rebuild, the 14 denoting the 14th rebuild of 12.1(8)E. Rebuilds are produced to either quickly repair a defect, or to satisfy customers who do not want to upgrade to a later major revision because they may be running critical infrastructure on their devices, and hence prefer to minimise change and risk.
+
+
+
+
+ The subrebuild entity is used to check the subrebuild piece of the version string. The value is a string and in the example 12.4(9)T0a the subrebuild is 'a'.
+
+
+
+
+ The mainline_rebuild entity is used to check the mainline rebuild piece of the version string. The mainline rebuild is just a regular rebuild release against the mainline operating system release (e.g. the branch of development that would typically be called "the trunk" that isn't associated with a train). Since there is no train identifier to stick the rebuild release after, they stick a alphabetic character inside the parens holding the maintenance release number. For example, 12.4(5b) is the second rebuild of the 12.4(5) maintenance release.
+
+
+
+
+ The version_string entity is used to check the raw string output of a 'show version' command.
+
+
+
+
+
+
+
+
+
+
+
+
+ The version test is used to check the version of the IOS operating system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ version_test
+ version_object
+ version_state
+ version_item
+
+
+
+
+ 5.5
+ Replaced by the version55_test. Additional IOS version components were added to the version_state in order to support a wider range of IOS version strings. Also, the major_release and train_number entities were removed from the version_state element. A new test was created to reflect these changes. See the version55_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of a version_test must reference a version_object
+
+
+ - the state child element of a version_test must reference a version_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version_object element is used by a version test to define the different version information associated with an IOS system. There is actually only one object relating to version and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version_object which is basically an empty object element.
+
+
+ 5.5
+ Replaced by the version55_object. Additional IOS version components were added to the version_state in order to support a wider range of IOS version strings. Also, the major_release and train_number entities were removed from the version_state element. A new object was created to reflect these changes. See the version55_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version_state element defines the version information held within a Cisco IOS Train. A Cisco IOS train is a vehicle for delivering releases that evolve from a common code base.
+
+
+ 5.5
+ Replaced by the version55_state. Additional IOS version components were added to the version_state in order to support a wider range of IOS version strings. Also, the major_release and train_number entities were removed from this version_state element. A new state was created to reflect these changes. See the version55_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ The major_release is a combination of train and rebuild information and is used by Cisco advisories to identify major releases.
+
+
+
+
+ The train number is the dotted version that starts a version string. For example the version string 12.2(3)T has a train number of 12.2.
+
+
+
+
+ The train identifier is the type of Train. For example the version string 12.2(3)T has a train identifier of T. Please see the EntityStateVersionTrainIdentifierType for more information about the different train identifiers.
+
+
+
+
+ The version is the raw string output of a 'show version' command.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateTrainIdentifierType complex type restricts a string value to a specific set of values. These values describe the possible types of trains in a Cisco IOS release. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+ 5.5
+ Additional IOS version components were added to the version_state in order to support a wider range of IOS version strings. Also, the train_number entity, which uses this enumeration, was removed from the version_state element. As a result, this enumeration is no longer needed.
+ This enumeration has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+
+
+
+ The mainline Train consolidates releases and fixes defects. Inherits features from the parent T train, and does not add additional features.
+
+
+
+
+ Introduces new features and fixes defects.
+
+
+
+
+ Consolidates 12.1E, 12.2 mainline, and 12.0S, which supports high-end backbone routing, and fixes defects.
+
+
+
+
+ Targets enterprise core and SP edge, supports advanced QoS, voice, security, and firewall, and fixes defects.
+
+
+
+
+ Supports broadband features and fixes defects.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/linux-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/linux-definitions-schema.xsd
new file mode 100644
index 0000000..24daeaf
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/linux-definitions-schema.xsd
@@ -0,0 +1,1798 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the Linux specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Linux Definition
+ 5.8
+ 9/15/2010 1:55:33 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The dpkginfo test is used to check information for a given DPKG package. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a dpkginfo_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ dpkginfo_test
+ dpkginfo_object
+ dpkginfo_state
+ dpkginfo_item
+
+
+
+
+
+ - the object child element of an dpkginfo_test must reference an dpkginfo_object
+
+
+ - the state child element of an dpkginfo_test must reference an dpkginfo_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The dpkginfo_object element is used by a dpkginfo test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A dpkginfo object consists of a single name entity that identifies the package being checked.
+
+
+
+
+
+
+
+
+
+
+ This is the package name to check.
+
+
+
+
+
+
+
+
+
+
+
+
+ The dpkginfo_state element defines the different information that can be used to evaluate the specified DPKG package. This includes the architecture, epoch number, release, and version numbers. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the DPKG package name to check.
+
+
+
+
+ This is the architecture for which the package was built, like : i386, ppc, sparc, noarch.
+
+
+
+
+ This is the epoch number of the DPKG. For a null epoch (or '(none)' as returned by dpkg) the string '(none)' should be used.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the release number of the build, changed by the vendor/builder.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the version number of the build.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This represents the epoch, version, and release fields as a single version string. It has the form "EPOCH:VERSION-RELEASE".
+
+
+
+
+
+
+
+
+
+
+
+
+ The iflisteners_test is used to check what applications such as packet sniffers that are bound to an interface on the system. This is limited to applications that are listening on AF_PACKET sockets. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an iflisteners_object and the optional iflisteners_state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ iflisteners_test
+ iflisteners_object
+ iflisteners_state
+ iflisteners_item
+
+
+
+
+
+ - the object child element of an iflisteners_test must reference an iflisteners_object
+
+
+ - the state child element of an iflisteners_test must reference an iflisteners_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The iflisteners_object element is used by an iflisteners_test to define the specific interface to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The interface_name entity specifies the name of the interface (eth0, eth1, fw0, etc.) to check.
+
+
+
+
+
+
+
+
+
+
+
+
+ The iflisteners_state element defines the different information that can be used to evaluate the specified applications that are listening on interfaces on the system. This includes the interface name, protocol, hardware address, program name, pid, and user id. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the name of the interface (eth0, eth1, fw0, etc.).
+
+
+
+
+ This is the physical layer protocol used by the AF_PACKET socket.
+
+
+
+
+ This is the hardware address associated with the interface.
+
+
+
+
+ This is the name of the communicating program.
+
+
+
+
+ The pid is the process ID of a specific process.
+
+
+
+
+ The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. It represents the owner, and thus privilege level, of the specified program.
+
+
+
+
+
+
+
+
+
+
+
+
+ The inet listening servers test is used to check what applications are listening on the network. This is limited to applications that are listening for connections that use the TCP or UDP protocols and have addresses represented as IPv4 or IPv6 addresses (AF_INET or AF_INET6). It is generally using the parsed output of running the command netstat -tuwlnpe with root privilege. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetlisteningservers_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ inetlisteningservers_test
+ inetlisteningservers_object
+ inetlisteningservers_state
+ inetlisteningserver_item
+
+
+
+
+
+ - the object child element of an inetlisteningservers_test must reference an inetlisteningservers_object
+
+
+ - the state child element of an inetlisteningservers_test must reference an inetlisteningservers_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The inetlisteningservers_object element is used by an inet listening servers test to define the specific protocol-address-port to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An inet listening servers object consists of three entities. The first identifies a specific IP address. The second entity represents a certain port number. While the third identifies the protocol.
+
+
+
+
+
+
+
+
+
+
+ The protocol entity defines a certain transport-layer protocol, in lowercase: tcp or udp.
+
+
+
+
+ This is the IP address of the network interface on which an application listens. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the TCP or UDP port on which an application would listen. Note that this is not a list -- if a program listens on multiple ports, or on a combination of TCP and UDP, each will be represented by its own object.
+
+
+
+
+
+
+
+
+
+
+
+
+ The inetlisteningservers_state element defines the different information that can be used to evaluate the specified inet listening server. This includes the local address, foreign address, port information, and process id. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The protocol entity defines the specific transport-layer protocol, in lowercase: tcp or udp, associated with the inet listening server.
+
+
+
+
+ This is the IP address of the network interface on which the program listens. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the TCP or UDP port number associated with the inet listening server.
+
+
+
+
+ This is the IP address and network port number associated with the inet listening server, equivalent to local_address:local_port. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the name of the communicating program.
+
+
+
+
+ This is the IP address with which the program is communicating, or with which it will communicate, in the case of a listening server. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the TCP or UDP port to which the program communicates. In the case of a listening program accepting new connections, this is usually a *.
+
+
+
+
+ This is the IP address and network port to which the program is communicating or will accept communications from, equivalent to foreign_address:foreign_port. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ The pid is the process ID of a specific process.
+
+
+
+
+ The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. It represents the owner, and thus privilege level, of the specified program.
+
+
+
+
+
+
+
+
+
+
+
+
+ The partition_test is used to check the information associated with partitions on the local system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a partition_object and the optional state element references a partition_state that specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ partition_test
+ partition_object
+ partition_state
+ partition_item
+
+
+
+
+
+ - the object child element of a partition_test must reference a partition_object
+
+
+ - the state child element of a partition_test must reference a partition_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The partition_object is used by a partition_test to define which partitions on the local system should be collected. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The mount_point element specifies the mount points of the partitions that should be collected from the local system.
+
+
+
+
+
+
+
+
+
+
+
+
+ The partition_state element defines the different information associated with a partition. This includes the name, filesystem type, mount options, total space, space used, and space left. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The mount_point element contains a string that represents the mount point of a partition on the local system.
+
+
+
+
+ The device element contains a string that represents the name of the device.
+
+
+
+
+ The uuid element contains a string that represents the universally unique identifier associated with a partition.
+
+
+
+
+ The fs_type element contains a string that represents the type of filesystem on a partition.
+
+
+
+
+ The mount_options element contains a string that represents the mount options associated with a partition.
+
+
+
+
+ The total_space element contains an integer that represents the total number of blocks on a partition.
+
+
+
+
+ The space_used element contains an integer that represents the number of blocks used on a partition.
+
+
+
+
+ The space_left element contains an integer that represents the number of blocks left on a partition.
+
+
+
+
+
+
+
+
+
+
+
+
+ The rpm info test is used to check the RPM header information for a given RPM package. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a rpminfo_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ rpminfo_test
+ rpminfo_object
+ rpminfo_state
+ rpminfo_item
+
+
+
+
+
+ - the object child element of an rpminfo_test must reference an rpminfo_object
+
+
+ - the state child element of an rpminfo_test must reference an rpminfo_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The rpminfo_object element is used by a rpm info test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A rpm info object consists of a single name entity that identifies the package being checked.
+
+
+
+
+
+
+
+
+
+
+ This is the package name to check.
+
+
+
+
+
+
+
+
+
+
+
+
+ The rpminfo_state element defines the different information that can be used to evaluate the specified rpm. This includes the architecture, epoch number, and version numbers. Most of this information can be obtained through the rpm function. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the package name to check.
+
+
+
+
+ This is the architecture for which the RPM was built, like : i386, ppc, sparc, noarch. In the case of an apache rpm named httpd-2.0.40-21.11.4.i686.rpm, this value would be i686.
+
+
+
+
+ This is the epoch number of the RPM, this is used as a kludge for version-release comparisons where the vendor has done some kind of re-numbering or version forking. For a null epoch (or '(none)' as returned by rpm) the string '(none)' should be used.. This number is not revealed by a normal query of the RPM's information -- you must use a formatted rpm query command to gather this data from the command line, like so. For an already-installed RPM: rpm -q --qf '%{EPOCH}\n' installed_rpm For an RPM file that has not been installed: rpm -qp --qf '%{EPOCH}\n' rpm_file
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the release number of the build, changed by the vendor/builder.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This is the version number of the build. In the case of an apache rpm named httpd-2.0.40-21.11.4.i686.rpm, this value would be 21.11.4.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This represents the epoch, version, and release fields as a single version string. It has the form "EPOCH:VERSION-RELEASE". Note that a null epoch (or '(none)' as returned by rpm) is equivalent to '0' and would hence have the form 0:VERSION-RELEASE. Comparisons involving this datatype should follow the algorithm of librpm's rpmvercmp() function.
+
+
+
+
+ This field contains the 64-bit PGP key ID that the RPM issuer (generally the original operating system vendor) uses to sign the key. Note that the value should NOT contain a hyphen to seperat the higher 32-bits from the lower 32-bits. It should simply be a 16 character hex string. PGP is used to verify the authenticity and integrity of the RPM being considered. Software packages and patches are signed cryptographically to allow administrators to allay concerns that the distribution mechanism has been compromised, whether that mechanism is web site, FTP server, or even a mirror controlled by a hostile party. OVAL uses this field most of all to confirm that the package installed on the system is that shipped by the vendor, since comparing package version numbers against patch announcements is only programmatically valid if the installed package is known to contain the patched code.
+
+
+
+
+
+
+
+
+
+
+
+
+ The rpmverify_test is used to verify the integrity of installed RPMs. This test aligns with the rpm -V command for verifying RPMs. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a rpmverify_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ rpmverify_test
+ rpmverify_object
+ rpmverify_state
+ rpmverify_item
+
+
+
+
+
+ - the object child element of an rpmverify_test must reference an rpmverify_object
+
+
+ - the state child element of an rpmverify_test must reference an rpmverify_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The rpmverify_object element is used by a rpmverity_test to define a set of files within a set of RPMs to verify. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+ This is the package name to check.
+
+
+
+
+ The filepath element specifies the absolute path for a file in the specified package. A directory cannot be specified as a filepath.
+
+
+
+
+
+
+
+
+
+
+
+
+ The rpmverify_state element defines the different information that can be used to evaluate the specified rpm. This includes the architecture, epoch number, and version numbers. Most of this information can be obtained through the rpm function. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the package name to check.
+
+
+
+
+ The filepath element specifies the absolute path for a file in the specified package. A directory cannot be specified as a filepath.
+
+
+
+
+ The size_differs entity aligns with the first character ('S' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The mode_differs entity aligns with the second character ('M' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The md5_differs entity aligns with the third character ('5' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The device_differs entity aligns with the fourth character ('D' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The link_mismatch entity aligns with the fifth character ('L' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The ownership_differs entity aligns with the sixth character ('U' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The group_differs entity aligns with the seventh character ('U' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The mtime_differs entity aligns with the eighth character ('T' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The size_differs entity aligns with the ninth character ('P' flag) in the character string in the output generated by running rpm –V on a specific file.
+
+
+
+
+ The configuration_file entity represents the configuration file attribute marker that may be present on a file.
+
+
+
+
+ The documentation_file entity represents the documenation file attribute marker that may be present on a file.
+
+
+
+
+ The ghost_file entity represents the ghost file attribute marker that may be present on a file.
+
+
+
+
+ The license_file entity represents the license file attribute marker that may be present on a file.
+
+
+
+
+ The readme_file entity represents the readme file attribute marker that may be present on a file.
+
+
+
+
+
+
+
+
+
+ The RpmVerifyBehaviors complex type defines a set of behaviors that for controlling how installed rpms are verified. These behaviors align with the verify-options of the rpm command with the addition of two behaviors that will indicate that a file with a given attribute marker should not be collected.
+
+
+
+ 'nodeps' when true this behavior means, don't verify dependencies of packages.
+
+
+
+
+ 'nodigest' when true this behavior means, don't verify package or header digests when reading.
+
+
+
+
+ 'nofiles' when true this behavior means, don't verify any attributes of package files.
+
+
+
+
+ 'noscripts' when true this behavior means, don't execute the %verifyscript scriptlet (if any).
+
+
+
+
+ 'nosignature' when true this behavior means, don't verify package or header signatures when reading.
+
+
+
+
+ 'nolinkto' when true this behavior means, don't verify symbolic links attribute.
+
+
+
+
+ 'nomd5' when true this behavior means, don't verify the file md5 attribute.
+
+
+
+
+ 'nosize' when true this behavior means, don't verify the file size attribute.
+
+
+
+
+ 'nouser' when true this behavior means, don't verify the file owner attribute.
+
+
+
+
+ 'nogroup' when true this behavior means, don't verify the file group owner attribute.
+
+
+
+
+ 'nomtime' when true this behavior means, don't verify the file mtime attribute.
+
+
+
+
+ 'nomode' when true this behavior means, don't verify the file mode attribute.
+
+
+
+
+ 'nordev' when true this behavior means, don't verify the file rdev attribute.
+
+
+
+
+ 'noconfigfiles' when true this behavior means, skip files that are marked with the %config attribute marker.
+
+
+
+
+ 'noghostfiles' when true this behavior means, skip files that are maked with %ghost attribute marker.
+
+
+
+
+
+
+
+
+ The selinuxboolean_test is used to check the current and pending status of a SELinux boolean. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a selinuxboolean_object and the optional state element references a selinuxboolean_state that specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ selinuxboolean_test
+ selinuxboolean_object
+ selinuxboolean_state
+ selinuxboolean_item
+
+
+
+
+
+ - the object child element of an selinuxboolean_test must reference an selinuxboolean_object
+
+
+ - the state child element of an selinuxboolean_test must reference an selinuxboolean_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The selinuxboolean_object element is used by an selinuxboolean_test to define the items to evaluate based on a specified state.
+
+
+
+
+
+
+
+
+
+
+ The name of the SELinux boolean.
+
+
+
+
+
+
+
+
+
+
+
+
+ The selinuxboolean_state element defines the different information that can be used to evaluate the specified SELinux boolean. This includes SELinux boolean's current and pending status. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The name of the SELinux boolean.
+
+
+
+
+ The current_status entity represents the current state of the specified SELinux boolean.
+
+
+
+
+ The pending_status entity represents the pending state of the specified SELinux boolean.
+
+
+
+
+
+
+
+
+
+
+
+
+ The selinuxsecuritycontext_test is used to check the security context of a file or process on the local system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a selinuxsecuritycontext_object and the optional state element references a selinuxsecuritycontext_state that specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ selinuxsecuritycontext_test
+ selinuxsecuritycontext_object
+ selinuxsecuritycontext_state
+ selinuxsecuritycontext_item
+
+
+
+
+
+ - the object child element of an selinuxsecuritycontext_test must reference an selinuxsecuritycontext_object
+
+
+ - the state child element of an selinuxsecuritycontext_test must reference an selinuxsecuritycontext_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The selinuxsecuritycontext_object element is used by an selinuxsecuritycontext_test to define the security contexts of files and processes to collect from the local system. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes or permissions associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.
+
+
+
+
+
+ The pid entity is the process ID of the process. If the xsi:nil attribute is set to true, the process ID shall be the tool's running process.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The selinuxsecuritycontext_state element defines the different information that can be used to evaluate the specified SELinux security context. This includes SELinux security context's user, type role, low sensitivity, low category, high sensitivity, high category, raw low sensitivity, raw low category, raw high sensitivity, and raw high category. This state follows the SELinux security context structure: user:role:type:low_sensitivity[:low_category]- high_sensitivity [:high_category]. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The name of the file. If the xsi:nil attribute is set to true, then the item being represented is the higher directory represented by the path entity.
+
+
+
+
+ This is the process ID of the process.
+
+
+
+
+ The user element specifies the SELinux user that either created the file or started the process.
+
+
+
+
+ The role element specifies the types that a process may transition to (domain transitions). Note that this entity is not relevant for files and will always have a value of object_r.
+
+
+
+
+ The type element specifies the domain in which the file is accessible or the domain in which a process executes.
+
+
+
+
+ The low_sensitivity element specifies the current sensitivity of a file or process.
+
+
+
+
+ The low_category element specifies the set of categories associated with the low sensitivity.
+
+
+
+
+ The high_sensitivity element specifies the maximum range for a file or the clearance for a process.
+
+
+
+
+ The high_category element specifies the set of categories associated with the high sensitivity.
+
+
+
+
+ The rawlow_sensitivity element specifies the current sensitivity of a file or process but in its raw context.
+
+
+
+
+ The rawlow_category element specifies the set of categories associated with the low sensitivity but in its raw context.
+
+
+
+
+ The rawhigh_sensitivity element specifies the maximum range for a file or the clearance for a process but in its raw context.
+
+
+
+
+ The rawhigh_category element specifies the set of categories associated with the high sensitivity but in its raw context.
+
+
+
+
+
+
+
+
+
+
+
+
+ The slackware package info test is used to check information associated with a given Slackware package. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a slackwarepkginfo_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ slackwarepkginfo_test
+ slackwarepkginfo_object
+ slackwarepkginfo_state
+ slackwarepkginfo_item
+
+
+
+
+
+ - the object child element of an slackwarepkginfo_test must reference an slackwarepkginfo_object
+
+
+ - the state child element of an slackwarepkginfo_test must reference an slackwarepkginfo_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The slackwarepkginfo_object element is used by a slackware package info test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A slackware package info object consists of a single name entity that identifies the package being checked.
+
+
+
+
+
+
+
+
+
+
+ This is the package name to check.
+
+
+
+
+
+
+
+
+
+
+
+
+ The slackwarepkginfo_state element defines the different information that can be used to evaluate the specified package. This includes the version, architecture, and revision. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the package name to check.
+
+
+
+
+ This is the version number of the package.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateFileSystemTypeType complex type restricts a string value to the set of values that are used to describe file systems on a Linux system. This list is based off of the values defined in linux/magic.h. Please consult linux/magic.h for additional information on each allowed value. The empty string is also allowed to support the empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateRpmVerifyResultType complex type restricts a string value to the set of possible outcomes of checking an attribute of a file included in an RPM against the actual value of that attribute in the RPM database. The empty string is also allowed to support the empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ 'pass' indicates that the test passed and is equivalent to the '.' value reported by the rpm -V command.
+
+
+
+
+ 'fail' indicates that the test failed and is equivalent to a bold charcter in the test result string reported by the rpm -V command.
+
+
+
+
+ 'not performed' indicates that the test could not be performed and is equivalent to the '?' value reported by the rpm -V command.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateProtocolType complex type restricts a string value to the set of physical layer protocols used by AF_PACKET sockets. The empty string is also allowed to support the empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ Ethernet loopback packet.
+
+
+
+
+ Xerox PUP packet.
+
+
+
+
+ Xerox PUP Address Transport packet.
+
+
+
+
+ Internet protocol packet.
+
+
+
+
+ CCITT X.25 packet.
+
+
+
+
+ Address resolution packet.
+
+
+
+
+ G8BPQ AX.25 ethernet packet.
+
+
+
+
+ Xerox IEEE802.3 PUP packet.
+
+
+
+
+ Xerox IEEE802.3 PUP address transport packet.
+
+
+
+
+ DEC assigned protocol.
+
+
+
+
+ DEC DNA Dump/Load.
+
+
+
+
+ DEC DNA Remote Console.
+
+
+
+
+ DEC DNA Routing.
+
+
+
+
+ DEC LAT.
+
+
+
+
+ DEC Diagnostics.
+
+
+
+
+ DEC Customer use.
+
+
+
+
+ DEC Systems Comms Arch.
+
+
+
+
+ Reverse address resolution packet.
+
+
+
+
+ Appletalk DDP.
+
+
+
+
+ Appletalk AARP.
+
+
+
+
+ 802.1Q VLAN Extended Header.
+
+
+
+
+ IPX over DIX.
+
+
+
+
+ IPv6 over bluebook.
+
+
+
+
+ Slow Protocol. See 802.3ad 43B.
+
+
+
+
+ Web-cache coordination protocol.
+
+
+
+
+ PPPoE discovery messages.
+
+
+
+
+ PPPoE session messages.
+
+
+
+
+ MPLS Unicast traffic.
+
+
+
+
+ MPLS Multicast traffic.
+
+
+
+
+ MultiProtocol Over ATM.
+
+
+
+
+ Frame-based ATM Transport over Ethernet.
+
+
+
+
+ ATA over Ethernet.
+
+
+
+
+ TIPC.
+
+
+
+
+ Dummy type for 802.3 frames.
+
+
+
+
+ Dummy protocol id for AX.25.
+
+
+
+
+ Every packet.
+
+
+
+
+ 802.2 frames.
+
+
+
+
+ Internal only.
+
+
+
+
+ DEC DDCMP: Internal only
+
+
+
+
+ Dummy type for WAN PPP frames.
+
+
+
+
+ Dummy type for PPP MP frames.
+
+
+
+
+ Dummy type for Atalk over PPP.
+
+
+
+
+ Localtalk pseudo type.
+
+
+
+
+ 802.2 frames.
+
+
+
+
+ Mobitex.
+
+
+
+
+ Card specific control frames.
+
+
+
+
+ Linux-IrDA.
+
+
+
+
+ Acorn Econet.
+
+
+
+
+ HDLC frames.
+
+
+
+
+ 1A for ArcNet.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/macos-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/macos-definitions-schema.xsd
new file mode 100644
index 0000000..02ae081
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/macos-definitions-schema.xsd
@@ -0,0 +1,818 @@
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the MacOS specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The MacOS Definition Schema was initially developed by The Center for Internet Security. Many thanks to their contributions to OVAL and the security community.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ MacOS Definition
+ 5.8
+ 9/15/2010 1:55:34 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ User account information (username, uid, gid, etc.) See netinfo(5) for field information, niutil(1) for retrieving it. We may need/want to add in data elements for things like authentication_authority, generateduid, mcx_settings (restricted account settings).
+
+
+ accountinfo_test
+ accountinfo_object
+ accountinfo_state
+ accountinfo_item
+
+
+
+
+
+ - the object child element of an accountinfo_test must reference an accountinfo_object
+
+
+ - the state child element of an accountinfo_test must reference an accountinfo_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The accountinfo_object element is used by an accountinfo_test to define the object(s) to be evaluated. This object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An accountinfo_object consists of a single username that identifies the account from which to gather information.
+
+
+
+
+
+
+
+
+
+
+ Specifies the user of the account to gather information from.
+
+
+
+
+
+
+
+
+
+
+
+
+ The accountinfo_state element defines the different information that can be used to evaluate the specified accounts. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ Specifies the user of the account to gather information from.
+
+
+
+
+ Obfuscated (*****) or encrypted password for this user.
+
+
+
+
+ The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. This element represents the owner of the file.
+
+
+
+
+ Group ID of this account.
+
+
+
+
+ User's real name, aka gecos field of /etc/passwd.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The diskutil_test is used to verify disks on a Mac OS system. The information used by this test is modeled after the diskutil command. For more information, see diskutil(8). It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a diskutil_object and the optional diskutil_state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ diskutil_test
+ diskutil_object
+ diskutil_state
+ diskutil_item
+
+
+
+
+
+
+ - the object child element of a diskutil_test must reference a diskutil_object
+
+
+
+ - the state child element of a diskutil_test must reference a diskutil_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The diskutil_object element is used by a diskutil_test to define the disks to be verified on a Mac OS system. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The device entity is a string that represents the disk on a Mac OS system to verify. Please see diskutil(8) for instructions on how to specify the device.
+
+
+
+
+ The filepath element specifies the absolute path for a file in the specified package. A directory cannot be specified as a filepath.
+
+
+
+
+
+
+
+
+
+
+
+
+ The package_state element defines the different verification information associated with a disk on a Mac OS system. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The device entity is a string that represents the disk on a Mac OS system to verify. Please see diskutil(8) for instructions on how to specify the device.
+
+
+
+
+ The filepath element specifies the absolute path for a file on the specified device. A directory cannot be specified as a filepath.
+
+
+
+
+ Has the actual user read permission changed from the expected user read permission?
+
+
+
+
+ Has the actual user write permission changed from the expected user write permission?
+
+
+
+
+ Has the actual user exec permission changed from the expected user exec permission?
+
+
+
+
+ Has the actual group read permission changed from the expected group read permission?
+
+
+
+
+ Has the actual group write permission changed from the expected group write permission?
+
+
+
+
+ Has the actual group exec permission changed from the expected group exec permission?
+
+
+
+
+ Has the actual others read permission changed from the expected others read permission?
+
+
+
+
+ Has the actual others read permission changed from the expected others read permission?
+
+
+
+
+ Has the actual others read permission changed from the expected others read permission?
+
+
+
+
+
+
+
+
+
+
+
+
+ This test's purpose is generally used to check if an application is listening on the network, either for a new connection or as part of an ongoing connection. This is limited to applications that are listening for connections that use the TCP or UDP protocols and have addresses represented as IPv4 or IPv6 addresses (AF_INET or AF_INET6). It is generally speaking the parsed output of running the command netstat -tuwlnpe with root privilege.
+
+
+ inetlisteningservers_test
+ inetlisteningservers_object
+ inetlisteningservers_state
+ inetlisteningserver_item
+
+
+
+
+
+ - the object child element of an inetlisteningservers_test must reference an inetlisteningservers_object
+
+
+ - the state child element of an inetlisteningservers_test must reference an inetlisteningservers_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The inetlisteningservers_object element is used by an inetlisteningserver test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The inetlisteningservers_state element defines the different information that can be used to evaluate the specified inet listening server. This includes the local address, foreign address, port information, and process id. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the name of the communicating program.
+
+
+
+
+ This is the IP address of the network interface on which the program listens. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the IP address and network port on which the program listens, equivalent to local_address:local_port. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the TCP or UDP port on which the program listens. Note that this is not a list -- if a program listens on multiple ports, or on a combination of TCP and UDP, each will have its own entry in the table data stored by this test.
+
+
+
+
+ This is the IP address with which the program is communicating, or with which it will communicate, in the case of a listening server. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the IP address and network port to which the program is communicating or will accept communications from, equivalent to foreign_address:foreign_port. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the TCP or UDP port to which the program communicates. In the case of a listening program accepting new connections, this is usually a *.
+
+
+
+
+ This is the process ID of the process. The process in question is that of the program communicating on the network.
+
+
+
+
+ This is the transport-layer protocol, in lowercase: tcp or udp.
+
+
+
+
+ The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. It represents the owner, and thus privilege level, of the specified program.
+
+
+
+
+
+
+
+
+
+
+
+
+ This test pulls data from the 'nvram -p' output.
+
+
+ nvram_test
+ nvram_object
+ nvram_state
+ nvram_item
+
+
+
+
+
+ - the object child element of an nvram_test must reference an nvram_object
+
+
+ - the state child element of an nvram_test must reference an nvram_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The nvram_object element is used by a nvram test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This test pulls data from the 'nvram -p' output.
+
+
+
+
+
+
+
+ This specifies the nvram variable to check.
+
+
+
+
+ This is the value of the associated nvram variable.
+
+
+
+
+
+
+
+
+
+
+
+
+ The plist_test is used to check the value(s) associated with property list preference keys. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a plist_object and the optional plist_state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+
+ - the object child element of a plist_test must reference a plist_object
+
+
+ - the state child element of a plist_test must reference a plist_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The plist_object element is used by a plist_test to define the preference keys to collect and where to look for them. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The preference key to check. If the xsi:nil attribute is set to 'true', the plist does not have any keys associated with it (i.e. it is not a CFDictionary) and the default value of the plist will be collected.
+
+
+
+
+
+ The unique application identifier that specifies the application to use when looking up the preference key (e.g. com.apple.Safari).
+
+
+
+
+ The absolute path to a plist file (e.g. ~/Library/Preferences/com.apple.Safari.plist). A directory cannot be specified as a filepath.
+
+
+
+
+ - operation attribute for the filepath entity of a plist_object should be 'equals'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The plist_state element defines the different information that can be used to evaluate the specified property list preference key. This includes the preference key, application identifier, filepath, type, as well as the preference key's value. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The preference key to check.
+
+
+
+
+ The unique application identifier that specifies the application to use when looking up the preference key (e.g. com.apple.Safari).
+
+
+
+
+ The absolute path to a plist file (e.g. ~/Library/Preferences/com.apple.Safari.plist).
+
+
+
+
+ The instance of the preference key found in the plist. The first instance of a matching preference key is given the instance value of 1, the second instance of a matching preference key is given the instance value of 2, and so on. Note that the main purpose of this entity is to provide uniqueness for the different plist_items that result from multiple instances of a given preference key in the same plist file.
+
+
+
+
+ The type of the preference key.
+
+
+
+
+ The value of the preference key.
+
+
+
+
+
+
+
+
+
+
+
+
+ This test retrieves password policy data from the 'pwpolicy -getpolicy -u target_user [-a username] [-p userpass] [-n directory_node]' output where username, userpass, and directory_node are optional. Please see the 'pwpolicy' man page for additional information.
+
+
+ pwpolicy_test
+ pwpolicy_object
+ pwpolicy_state
+ pwpolicy_item
+
+
+
+
+
+ - the object child element of an pwpolicy_test must reference an pwpolicy_object
+
+
+ - the state child element of an pwpolicy_test must reference an pwpolicy_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The pwpolicy_object element is used by a pwpolicy_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The target_user element specifies the user whose password policy information should be collected. If an operation other than equals is specified, the users on the system should be enumerated and the 'pwpolicy' command should be issued for each user that matches the target_user element.
+
+
+
+
+ The username element specifies the username of the authenticator. If the xsi:nil attribute is set to true, authentication to the directory node will not be performed (i.e. the '-a' and '-p' command line options will not be specified when issuing the 'pwpolicy' command) and the xsi:nil attribute of the userpass element should also be set to true.
+
+
+
+ - userpass entity must be nil when username entity is nil
+
+
+
+
+
+
+
+ The userpass element specifies the password of the authenticator as specified by the username element. If the xsi:nil attribute is set to true, authentication to the directory node will not be performed (i.e. the '-a' and '-p' command line options will not be specified when issuing the 'pwpolicy' command) and the xsi:nil attribute of the username element should also be set to true..
+
+
+
+ - operation attribute for the userpass entity of a pwpolicy_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+ - username entity must be nil when userpass entity is nil
+
+
+
+
+
+
+
+ The directory_node element specifies the directory node that you would like to retrieve the password policy information from. If the xsi:nil attribute is set to true, the default directory node is used (i.e. the '-n' command line option will not be specified when issuing the 'pwpolicy' command).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The target_user element specifies the user whose password policy information should be collected.
+
+
+
+
+ The username element specifies the username of the authenticator.
+
+
+
+
+ The userpass element specifies the password of the authenticator as specified by the username element.
+
+
+
+
+ The directory_node element specifies the directory node that you would like to retrieve the password policy information from.
+
+
+
+
+ Maximum number of characters allowed in a password.
+
+
+
+
+ Maximum number of failed logins before the account is locked.
+
+
+
+
+ Minimum number of characters allowed in a password.
+
+
+
+
+ Defines if the password is allowed to be the same as the username or not.
+
+
+
+
+ Defines if the password must contain an alphabetical character or not.
+
+
+
+
+ Defines if the password must contain an numeric character or not.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStatePermissionCompareType complex type restricts a string value to more, less, or same which specifies if an actual permission is different than the expected permission (more or less restrictive) or if the permission is the same. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The actual permission is more restrictive than the expected permission.
+
+
+
+
+ The actual permission is less restrictive than the expected permission.
+
+
+
+
+ The actual permission is the same as the expected permission.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStatePlistTypeType complex type restricts a string value to the seven values CFString, CFNumber, CFBoolean, CFDate, CFData, CFArray, and CFDictionary that specify the datatype of the value associated with a property list preference key. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The CFString type is used to describe a preference key that has a string value. The OVAL string datatype should be used to represent CFString values.
+
+
+
+
+ The CFNumber type is used to describe a preference key that has a integer or float value. The OVAL int and float datatypes should be used, as appropriate, to represent CFNumber values.
+
+
+
+
+ The CFBoolean type is used to describe a preference key that has a boolean value. The OVAL boolean datatype should be used to represent CFBoolean values.
+
+
+
+
+ The CFDate type is used to describe a preference key that has a date value. The OVAL string datatype should be used to represent CFDate values.
+
+
+
+
+ The CFData type is used to describe a preference that has a base64-encoded binary value. The OVAL string datatype should be used to represent CFData values.
+
+
+
+
+ The CFArray type is used to describe a preference key that has a collection of values. This is represented as multiple value entities.
+
+
+
+
+ The CFDictionary type is used to describe a preference key that has a collection of key-value pairs. Note that the collection of CFDictionary values is not supported. If an attempt is made to collect a CFDictionary value, an error should be reported.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/oval-common-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/oval-common-schema.xsd
new file mode 100644
index 0000000..0876b48
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/oval-common-schema.xsd
@@ -0,0 +1,764 @@
+
+
+
+ The following is a description of the common types that are shared across the different schemas within Open Vulnerability and Assessment Language (OVAL). Each type is described in detail and should provide the information necessary to understand what each represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between these type is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Core Common
+ 5.8
+ 9/15/2010 1:55:34 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+ The deprecated_info element is used in documenting deprecation information for items in the OVAL Language. It is declared globally as it can be found in any of the OVAL schemas and is used as part of the appinfo documentation and therefore it is not an element that can be declared locally and based off a global type..
+
+
+
+
+ The element_mapping element is used in documenting which tests, objects, states, and system characteristic items are associated with each other. It provides a way to explicitly and programatically associate the test, object, state, and item definitions.
+
+
+
+
+
+
+
+ The ElementMapType is used to document the association between OVAL test, object, state, and item entities.
+
+
+
+
+ The local name of an OVAL test.
+
+
+
+
+ The local name of an OVAL object.
+
+
+
+
+ The local name of an OVAL state.
+
+
+
+
+ The local name of an OVAL item.
+
+
+
+
+
+
+ Defines a reference to an OVAL entity using the schema namespace and element name.
+
+
+
+
+
+ The target_namespace attributes indicates what XML namespace the element belongs to. If not present, the namespace is that of the document in which the ElementMapItemType instance element appears.
+
+
+
+
+
+
+
+ The DeprecatedInfoType complex type defines a structure that will be used to flag schema-defined constructs as deprecated. It holds information related to the version of OVAL when the construct was deprecated along with a reason and comment.
+
+
+
+
+ The required version child element details the version of OVAL in which the construct became deprecated.
+
+
+
+
+ The required reason child element is used to provide an explanation as to why an item was deprecated and to direct a reader to possible alternative structures within OVAL.
+
+
+
+
+ The optional comment child element is used to supply additional information regarding the element's deprecated status.
+
+
+
+
+
+
+ The GeneratorType complex type defines an element that is used to hold information about when a particular OVAL document was compiled, what version of the schema was used, what tool compiled the document, and what version of that tools was used.
+ Additional generator information is also allowed although it is not part of the official OVAL Schema. Individual organizations can place generator information that they feel are important and these will be skipped during the validation. All OVAL really cares about is that the stated generator information is there.
+
+
+
+
+ The optional product_name specifies the name of the application used to generate the file.
+
+
+
+
+ The optional product_version specifies the version of the application used to generate the file.
+
+
+
+
+ The required schema_version specifies the version of the OVAL Schema that the document has been written in and that should be used for validation.
+
+
+
+
+ The required timestamp specifies when the particular OVAL document was compiled. The format for the timestamp is yyyy-mm-ddThh:mm:ss. Note that the timestamp element does not specify when a definition (or set of definitions) was created or modified but rather when the actual XML document that contains the definition was created. For example, the document might have pulled a bunch of existing OVAL Definitions together, each of the definitions having been created at some point in the past. The timestamp in this case would be when the combined document was created.
+
+
+
+
+
+
+
+ The MessageType complex type defines the structure for which messages are relayed from the data collection engine. Each message is a text string that has an associated level attribute identifying the type of message being sent. These messages could be error messages, warning messages, debug messages, etc. How the messages are used by tools and whether or not they are displayed to the user is up to the specific implementation. Please refer to the description of the MessageLevelEnumeration for more information about each type of message.
+
+
+
+
+
+
+
+
+
+
+
+
+ The CheckEnumeration simple type defines acceptable check values, which are used to determine the final result of something based on the results of individual components. When used to define the relationship between objects and states, each check value defines how many of the matching objects (items except those with a status of does not exist) must satisfy the given state for the test to return true. When used to define the relationship between instances of a given entity, the different check values defines how many instances must be true for the entity to return true. When used to define the relationship between entities and multiple variable values, each check value defines how many variable values must be true for the entity to return true.
+
+ Below are some tables that outline how each check attribute effects evaluation. The far left column identifies the check attribute in question. The middle column specifies the different combinations of individual results that the check attribute may bind together. (T=true, F=false, E=error, U=unknown, NE=not evaluated, NA=not applicable) For example, a 1+ under T means that one or more individual results are true, while a 0 under U means that zero individual results are unknown. The last column specifies what the final result would be according to each combination of individual results. Note that if the individual test is negated, then a true result is false and a false result is true, all other results stay as is.
+
+ || num of individual results ||
+ check attr is || || final result is
+ || T | F | E | U | NE | NA ||
+---------------||-----------------------------||------------------
+ || 1+ | 0 | 0 | 0 | 0 | 0+ || True
+ || 0+ | 1+ | 0+ | 0+ | 0+ | 0+ || False
+ ALL || 0+ | 0 | 1+ | 0+ | 0+ | 0+ || Error
+ || 0+ | 0 | 0 | 1+ | 0+ | 0+ || Unknown
+ || 0+ | 0 | 0 | 0 | 1+ | 0+ || Not Evaluated
+ || 0 | 0 | 0 | 0 | 0 | 1+ || Not Applicable
+---------------||-----------------------------||------------------
+
+
+ || num of individual results ||
+ check attr is || || final result is
+ || T | F | E | U | NE | NA ||
+---------------||-----------------------------||------------------
+ || 1+ | 0+ | 0+ | 0+ | 0+ | 0+ || True
+ || 0 | 1+ | 0 | 0 | 0 | 0+ || False
+ AT LEAST ONE || 0 | 0+ | 1+ | 0+ | 0+ | 0+ || Error
+ || 0 | 0+ | 0 | 1+ | 0+ | 0+ || Unknown
+ || 0 | 0+ | 0 | 0 | 1+ | 0+ || Not Evaluated
+ || 0 | 0 | 0 | 0 | 0 | 1+ || Not Applicable
+---------------||-----------------------------||------------------
+
+
+ || num of individual results ||
+ check attr is || || final result is
+ || T | F | E | U | NE | NA ||
+---------------||-----------------------------||------------------
+ || 1 | 0+ | 0 | 0 | 0 | 0+ || True
+ || 2+ | 0+ | 0+ | 0+ | 0+ | 0+ || ** False **
+ || 0 | 1+ | 0 | 0 | 0 | 0+ || ** False **
+ ONLY ONE ||0,1 | 0+ | 1+ | 0+ | 0+ | 0+ || Error
+ ||0,1 | 0+ | 0 | 1+ | 0+ | 0+ || Unknown
+ ||0,1 | 0+ | 0 | 0 | 1+ | 0+ || Not Evaluated
+ || 0 | 0 | 0 | 0 | 0 | 1+ || Not Applicable
+---------------||-----------------------------||------------------
+
+
+ || num of individual results ||
+ check attr is || || final result is
+ || T | F | E | U | NE | NA ||
+---------------||-----------------------------||------------------
+ || 0 | 1+ | 0 | 0 | 0 | 0+ || True
+ || 1+ | 0+ | 0+ | 0+ | 0+ | 0+ || False
+ NONE SATISFY || 0 | 0+ | 1+ | 0+ | 0+ | 0+ || Error
+ || 0 | 0+ | 0 | 1+ | 0+ | 0+ || Unknown
+ || 0 | 0+ | 0 | 0 | 1+ | 0+ || Not Evaluated
+ || 0 | 0 | 0 | 0 | 0 | 1+ || Not Applicable
+---------------||-----------------------------||------------------
+
+
+
+
+
+
+ A value of 'all' means that a final result of true is given if all the individual results under consideration are true.
+
+
+
+
+ A value of 'at least one' means that a final result of true is given if at least one of the individual results under consideration is true.
+
+
+
+
+ A value of 'none exists' means that a test evaluates to true if no matching object exists that satisfy the data requirements.
+
+
+ 5.3
+ Replaced by the 'none satisfy' value. In version 5.3 of the OVAL Language, the checking of existence and state were separated into two distinct checks CheckEnumeration (state) and ExistenceEnumeration (existence). Since CheckEnumeration is now used to specify how many objects should satisfy a given state for a test to return true, and no longer used for specifying how many objects must exist for a test to return true, a value of 'none exist' is no longer needed. See the 'none satisfy' value.
+ This value has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED ATTRIBUTE VALUE IN: ATTRIBUTE VALUE:
+
+
+
+
+
+
+
+
+ A value of 'none satisfy' means that a final result of true is given if none the individual results under consideration are true.
+
+
+
+
+ A value of 'only one' means that a final result of true is given if one and only one of the individual results under consideration are true.
+
+
+
+
+
+
+ The ClassEnumeration simple type defines the different classes of definitions. Each class defines a certain intent regarding how an OVAL Definition is written and what that definition is describing. The specified class gives a hint about the definition so a user can know what the definition writer is trying to say. Note that the class does not make a statement about whether a true result is good or bad as this depends on the use of an OVAL Definition. These classes are also used to group definitions by the type of system state they are describing. For example, this allows users to find all the vulnerability (or patch, or inventory, etc) definitions.
+
+
+
+
+ A compliance definition describes the state of a machine as it complies with a specific policy. A definition of this class will evaluate to true when the system is found to be compliant with the stated policy. Another way of thinking about this is that a compliance definition is stating "the system is compliant if ...".
+
+
+
+
+ An inventory definition describes whether a specific piece of software is installed on the system. A definition of this class will evaluate to true when the specified software is found on the system. Another way of thinking about this is that an inventory definition is stating "the software is installed if ...".
+
+
+
+
+ The 'miscellaneous' class is used to identify definitions that do not fall into any of the other defined classes.
+
+
+
+
+ A patch definition details the machine state of whether a patch executable should be installed. A definition of this class will evaluate to true when the specified patch is missing from the system. Another way of thinking about this is that a patch definition is stating "the patch should be installed if ...". Note that word SHOULD is intended to mean more than just CAN the patch executable be installed. In other words, if a more recent patch is already installed then the specified patch might not need to be installed.
+
+
+
+
+ A vulnerability definition describes the conditions under which a machine is vulnerable. A definition of this class will evaluate to true when the system is found to be vulnerable with the stated issue. Another way of thinking about this is that a vulnerability definition is stating "the system is vulnerable if ...".
+
+
+
+
+
+
+ The SimpleDatatypeEnumeration simple type defines the legal datatypes that are used to describe the values of individual entities that can be represented in a XML string field. The value may have structure and a pattern, but it is represented as string content.
+
+
+
+
+ The binary datatype is used to represent hex-encoded data that is in raw (non-printable) form. This datatype conforms to the W3C Recommendation for binary data meaning that each binary octet is encoded as a character tuple, consisting of two hexadecimal digits {[0-9a-fA-F]} representing the octet code. Expected operations within OVAL for binary values are 'equals' and 'not equal'.
+
+
+
+
+ The boolean datatype represents standard boolean data, either true or false. This datatype conforms to the W3C Recommendation for boolean data meaning that the following literals are legal values: {true, false, 1, 0}. Expected operations within OVAL for boolean values are 'equals' and 'not equal'.
+
+
+
+
+ The evr_string datatype represents the epoch, version, and release fields as a single version string. It has the form "EPOCH:VERSION-RELEASE". Comparisons involving this datatype should follow the algorithm of librpm's rpmvercmp() function. Expected operations within OVAL for evr_string values are 'equals', 'not equal', 'greater than', 'greater than or equal', 'less than', and 'less than or equal'.
+
+
+
+
+ The fileset_revision datatype represents the version string related to filesets in HP-UX. An example would be 'A.03.61.00'. As far as implementing operations, right now there is a IP licensing issue being discussed on our ability to publicize the method to do this; however, the HP-UX team is willing to discuss how to implement this with anyone who would like to do it while we are waiting for the IP licensing issue to be resolved. Expected operations within OVAL for fileset_version values are 'equals', 'not equal', 'greater than', 'greater than or equal', 'less than', and 'less than or equal'.
+
+
+
+
+ The float datatype describes standard float data. This datatype conforms to the W3C Recommendation for float data meaning it is patterned after the IEEE single-precision 32-bit floating point type. The format consists of a decimal followed, optionally, by the character 'E' or 'e', followed by an integer exponent. The special values positive and negative infinity and not-a-number have are represented by INF, -INF and NaN, respectively. Expected operations within OVAL for float values are 'equals', 'not equal', 'greater than', 'greater than or equal', 'less than', and 'less than or equal'.
+
+
+
+
+ The ios_version datatype describes Cisco IOS Train strings. These are in essence version strings for IOS. Please refer to Cisco's IOS Reference Guide for information on how to compare different Trains as they follow a very specific pattern. Expected operations within OVAL for ios_version values are 'equals', 'not equal', 'greater than', 'greater than or equal', 'less than', and 'less than or equal'.
+
+
+
+
+ The int datatype describes standard integer data. This datatype conforms to the W3C Recommendation for integer data which follows the standard mathematical concept of the integer numbers. (no decimal point and infinite range) Expected operations within OVAL for int values are 'equals', 'not equal', 'greater than', 'greater than or equal', 'less than', 'less than or equal', 'bitwise and', and 'bitwise or'.
+
+
+
+
+ The ipv4_address datatype represents IPv4 addresses and IPv4 address prefixes (using CIDR notation). Legal values are represented in dotted-quad notation ('a.b.c.d' where 'a', 'b', 'c', and 'd' are integers from 0-255), optionally followed by a slash ('/') and either a prefix-length (an integer from 0-32) or a netmask represented in dotted-quad notation ('a.b.c.d' where 'a', 'b', 'c', and 'd' are integers from 0-255). Examples of legal values are '192.0.2.0', '192.0.2.0/32', and '192.0.2.0/255.255.255.255'. Additionally, leading zeros are permitted such that '192.0.2.0' is equal to '192.000.002.000'. Expected operations within OVAL for ipv4_address values are 'equals', 'not equal', 'greater than', 'greater than or equal', 'less than', 'less than or equal', 'subset of', and 'superset of'.
+ The 'subset of' operation is used to compare sets of IP addresses. When using this operation, an IP address prefix defines the set of IP addresses as specified by CIDR notation and a IP address defines the set of one IP address. The result will be 'true', if the actual set of IP addresses on the system is a subset of the set defined by the stated entity. This means that every IP address in the set of IP addresses on the system must be present in the set of IP addresses defined in the stated entity. Otherwise, the result will be 'false'.
+ The 'superset of' operation is used to compare sets of IP addresses. When using this operation, an IP address prefix defines the set of IP addresses as specified by CIDR notation and a IP address defines the set of one IP address. The result will be 'true', if the actual set of IP addresses on the system is a subset of the set defined by the stated entity. This means that every IP address in the set of IP addresses defined in the stated entity is present in the set of IP addresses on the system. Otherwise, the result will be 'false'.
+
+
+
+
+ The ipv6_address datatype represents IPv6 addresses and IPv6 address prefixes (using CIDR notation). This datatype conforms to the IETF specification RFC 4291 for textual representations of IPv6 addresses and IPv6 address prefixes (See Section 2.2 and 2.3). Expected operations within OVAL for ipv6_address values are 'equals', 'not equal', 'greater than', 'greater than or equal', 'less than', 'less than or equal', 'subset of', and 'superset of'.
+ The 'subset of' operation is used to compare sets of IP addresses. When using this operation, an IP address prefix defines the set of IP addresses as specified by CIDR notation and a IP address defines the set of one IP address. The result will be 'true', if the actual set of IP addresses on the system is a subset of the set defined by the stated entity. This means that every IP address in the set of IP addresses on the system must be present in the set of IP addresses defined in the stated entity. Otherwise, the result will be 'false'.
+ The 'superset of' operation is used to compare sets of IP addresses. When using this operation, an IP address prefix defines the set of IP addresses as specified by CIDR notation and a IP address defines the set of one IP address. The result will be 'true', if the actual set of IP addresses on the system is a subset of the set defined by the stated entity. This means that every IP address in the set of IP addresses defined in the stated entity is present in the set of IP addresses on the system. Otherwise, the result will be 'false'.
+
+
+
+
+ The string datatype describes standard string data. This datatype conforms to the W3C Recommendation for string data. Expected operations within OVAL for string values are 'equals', 'not equal', 'case insensitive equals', 'case insensitive not equal', 'pattern match'.
+
+
+
+
+ The version datatype represents a value that is a hierarchical list of non-negative integers separated by a single character delimiter. Note that any non-number character can be used as a delimiter and that different characters can be used within the same version string. So '#.#-#' is the same as '#.#.#' or '#c#c#'. Expected operations within OVAL for version values are 'equals', 'not equal', 'greater than', 'greater than or equal', 'less than', and 'less than or equal'.
+ For example '#.#.#' or '#-#-#-#' where the numbers to the left are more significant than the numbers to the right. When performing an 'equals' operation on a version datatype, you should first check the left most number for equality. If that fails, then the values are not equal. If it succeeds, then check the second left most number for equality. Continue checking the numbers from left to right until the last number has been checked. If, after testing all the previous numbers, the last number is equal then the two versions are equal. When performing other operations, such as 'less than', 'less than or equal', 'greater than, or 'greater than or equal', similar logic as above is used. Start with the left most number and move from left to right. For each number, check if it is less than the number you are testing against. If it is, then the version in question is less than the version you are testing against. If the number is equal, then move to check the next number to the right. For example, to test if 5.7.23 is less than or equal to 5.8.0 you first compare 5 to 5. They are equal so you move on to compare 7 to 8. 7 is less than 8 so the entire test succeeds and 5.7.23 is 'less than or equal' to 5.8.0. The difference between the 'less than' and 'less than or equal' operations is how the last number is handled. If the last number is reached, the check should use the given operation (either 'less than' and 'less than or equal') to test the number. For example, to test if 4.23.6 is greater than 4.23.6 you first compare 4 to 4. They are equal so you move on to compare 23 to 23. They are equal so you move on to compare 6 to 6. This is the last number in the version and since 6 is not greater than 6, the entire test fails and 4.23.6 is not greater than 4.23.6.
+ Version strings with a different number of components shall be padded with zeros to make them the same size. For example, if the version strings '1.2.3' and '6.7.8.9' are being compared, then the short one should be padded to become '1.2.3.0'.
+
+
+
+
+
+
+ The ComplexDatatypeEnumeration simple type defines the complex legal datatypes that are supported in OVAL. These datatype describe the values of individual entities where the entity has some complex structure beyond simple string like content.
+
+
+
+
+ The record datatype describes an entity with structured set of named fields and values as its content. The only allowed operation within OVAL for record values is 'equals'. Note that the record datatype is not currently allowed when using variables.
+
+
+
+
+
+
+ The DatatypeEnumeration simple type defines the legal datatypes that are used to describe the values of individual entities. A value should be interpreted according to the specified type. This is most important during comparisons. For example, is '21' less than '123'? will evaluate to true if the datatypes are 'int', but will evaluate to 'false' if the datatypes are 'string'. Another example is applying the 'equal' operation to '1.0.0.0' and '1.0'. With datatype 'string' they are not equal, with datatype 'version' they are.
+
+
+
+
+
+ The ExistenceEnumeration simple type defines acceptable existence values, which are used to determine a result based on the existence of individual components. The main use for this is for a test regarding the existence of objects on the system.
+
+ Below are some tables that outline how each ExistenceEnumeration value effects evaluation of a given test. Note that this is related to the existence of an object(s) and not the object(s) compliance with a state. The left column identifies the ExistenceEnumeration value in question. The middle column specifies the different combinations of individual item status values that have been found in the system characteristics file related to the given object. (EX=exists, DE=does not exist, ER=error, NC=not collected) For example, a 1+ under EX means that one or more individual item status attributes are set to exists, while a 0 under NC means that zero individual item status attributes are set to not collected. The last column specifies what the result of the existence piece would be according to each combination of individual item status values.
+
+ || item status value count ||
+ attr value || || existence piece is
+ || EX | DE | ER | NC ||
+---------------||---------------------------||------------------
+ || 1+ | 0 | 0 | 0 || True
+ || 0 | 0 | 0 | 0 || False
+ || 0+ | 1+ | 0+ | 0+ || False
+ all_exist || 0+ | 0 | 1+ | 0+ || Error
+ || 0+ | 0 | 0 | 1+ || Unknown
+ || -- | -- | -- | -- || Not Evaluated
+ || -- | -- | -- | -- || Not Applicable
+---------------||---------------------------||------------------
+
+
+ || item status value count ||
+ attr value || || existence piece is
+ || EX | DE | ER | NC ||
+---------------||---------------------------||------------------
+ || 0+ | 0+ | 0 | 0+ || True
+ || 1+ | 0+ | 1+ | 0+ || True
+ || -- | -- | -- | -- || False
+ any_exist || 0 | 0+ | 1+ | 0+ || Error
+ || -- | -- | -- | -- || Unknown
+ || -- | -- | -- | -- || Not Evaluated
+ || -- | -- | -- | -- || Not Applicable
+---------------||---------------------------||------------------
+
+
+ || item status value count ||
+ attr value || || existence piece is
+ || EX | DE | ER | NC ||
+---------------||---------------------------||------------------
+ || 1+ | 0+ | 0+ | 0+ || True
+ || 0 | 1+ | 0 | 0 || False
+at_least_one_exists || 0 | 0+ | 1+ | 0+ || Error
+ || 0 | 0+ | 0 | 1+ || Unknown
+ || -- | -- | -- | -- || Not Evaluated
+ || -- | -- | -- | -- || Not Applicable
+---------------||---------------------------||------------------
+
+
+ || item status value count ||
+ attr value || || existence piece is
+ || EX | DE | ER | NC ||
+---------------||---------------------------||------------------
+ || 0 | 0+ | 0 | 0 || True
+ || 1+ | 0+ | 0+ | 0+ || False
+ none_exist || 0 | 0+ | 1+ | 0+ || Error
+ || 0 | 0+ | 0 | 1+ || Unknown
+ || -- | -- | -- | -- || Not Evaluated
+ || -- | -- | -- | -- || Not Applicable
+---------------||---------------------------||------------------
+
+
+ || item status value count ||
+ attr value || || existence piece is
+ || EX | DE | ER | NC ||
+---------------||---------------------------||------------------
+ || 1 | 0+ | 0 | 0 || True
+ || 2+ | 0+ | 0+ | 0+ || False
+ || 0 | 0+ | 0 | 0 || False
+ only_one_exists || 0,1 | 0+ | 1+ | 0+ || Error
+ || 0,1 | 0+ | 0 | 1+ || Unknown
+ || -- | -- | -- | -- || Not Evaluated
+ || -- | -- | -- | -- || Not Applicable
+---------------||---------------------------||------------------
+
+
+
+
+
+
+ A value of 'all_exist' means that every object defined by the description exists on the system.
+
+
+
+
+ A value of 'any_exist' means that zero or more objects defined by the description exist on the system.
+
+
+
+
+ A value of 'at_least_one_exists' means that at least one object defined by the description exists on the system.
+
+
+
+
+ A value of 'none_exist' means that none of the objects defined by the description exist on the system.
+
+
+
+
+ A value of 'only_one_exists' means that only one object defined by the description exists on the system.
+
+
+
+
+
+
+ The FamilyEnumeration simple type is a listing of families that OVAL supports at this time. Since new family values can only be added with new version of the schema, the value of 'undefined' is to be used when the desired family is not available. Note that use of the undefined family value does not target all families, rather it means that some family other than one of the defined values is targeted.
+
+
+
+
+ The catos value describes the Cisco CatOS operating system.
+
+
+
+
+ The ios value describes the Cisco IOS operating system.
+
+
+
+
+ The macos value describes the Mac operating system.
+
+
+
+
+ The pixos value describes the Cisco PIX operating system.
+
+
+
+
+ The undefined value is to be used when the desired family is not available.
+
+
+
+
+ The unix value describes the UNIX operating system.
+
+
+
+
+ The vmware_infrastructure value describes VMWare Infrastructure.
+
+
+
+
+ The windows value describes the Microsoft Windows operating system.
+
+
+
+
+
+
+ The MessageLevelEnumeration simple type defines the different levels associated with a message. There is no specific criteria about which messages get assigned which level. This is completely arbitrary and up to the content producer to decide what is an error message and what is a debug message.
+
+
+
+
+ Debug messages should only be displayed by a tool when run in some sort of verbose mode.
+
+
+
+
+ Error messages should be recorded when there was an error that did not allow the collection of specific data.
+
+
+
+
+ A fatal message should be recorded when an error causes the failure of more than just a single piece of data.
+
+
+
+
+ Info messages are used to pass useful information about the data collection to a user.
+
+
+
+
+ A warning message reports something that might not correct but information was still collected.
+
+
+
+
+
+
+ The OperationEnumeration simple type defines acceptable operations. Each operation defines how to compare entities against their actual values.
+
+
+
+
+ The 'equals' operation returns true if the actual value on the system is equal to the stated entity. When the specified datatype is a string, this results in a case-sensitive comparison.
+
+
+
+
+ The 'not equal' operation returns true if the actual value on the system is not equal to the stated entity. When the specified datatype is a string, this results in a case-sensitive comparison.
+
+
+
+
+ The 'case insensitive equals' operation is meant for string data and returns true if the actual value on the system is equal (using a case insensitive comparison) to the stated entity.
+
+
+
+
+ The 'case insensitive not equal' operation is meant for string data and returns true if the actual value on the system is not equal (using a case insensitive comparison) to the stated entity.
+
+
+
+
+ The 'greater than' operation returns true if the actual value on the system is greater than the stated entity.
+
+
+
+
+ The 'less than' operation returns true if the actual value on the system is less than the stated entity.
+
+
+
+
+ The 'greater than or equal' operation returns true if the actual value on the system is greater than or equal to the stated entity.
+
+
+
+
+ The 'less than or equal' operation returns true if the actual value on the system is less than or equal to the stated entity.
+
+
+
+
+ The 'bitwise and' operation is used to determine if a specific bit is set. It returns true if performing a BITWISE AND with the binary representation of the stated entity against the binary representation of the actual value on the system results in a binary value that is equal to the binary representation of the stated entity. For example, assuming a datatype of 'int', if the actual integer value of the setting on your machine is 6 (same as 0110 in binary), then performing a 'bitwise and' with the stated integer 4 (0100) returns 4 (0100). Since the result is the same as the state mask, then the test returns true. If the actual value on your machine is 1 (0001), then the 'bitwise and' with the stated integer 4 (0100) returns 0 (0000). Since the result is not the same as the stated mask, then the test fails.
+
+
+
+
+ The 'bitwise or' operation is used to determine if a specific bit is not set. It returns true if performing a BITWISE OR with the binary representation of the stated entity against the binary representation of the actual value on the system results in a binary value that is equal to the binary representation of the stated entity. For example, assuming a datatype of 'int', if the actual integer value of the setting on your machine is 6 (same as 0110 in binary), then performing a 'bitwise or' with the stated integer 14 (1110) returns 14 (1110). Since the result is the same as the state mask, then the test returns true. If the actual value on your machine is 1 (0001), then the 'bitwise or' with the stated integer 14 (1110) returns 15 (1111). Since the result is not the same as the stated mask, then the test fails.
+
+
+
+
+ The 'pattern match' operation allows an item to be tested against a regular expression. When used by an entity in an OVAL Object, the regular expression represents the unique set of matching items on the system. OVAL supports a common subset of the regular expression character classes, operations, expressions and other lexical tokens defined within Perl 5's regular expression specification. For more information on the supported regular expression syntax in OVAL see: http://oval.mitre.org/language/about/re_support_5.6.html
+
+
+
+
+ The 'subset of' operation returns true if the actual set on the system is a subset of the set defined by the stated entity.
+
+
+
+
+ The 'superset of' operation returns true if the actual set on the system is a superset of the set defined by the stated entity.
+
+
+
+
+
+
+ The OperatorEnumeration simple type defines acceptable operators. Each operator defines how to evaluate multiple arguments.
+
+ Below are some tables that outline how each operator effects evaluation. The far left column identifies the operator in question. The middle column specifies the different combinations of individual results that the operator may bind together. (T=true, F=false, E=error, U=unknown, NE=not evaluated, NA=not applicable) For example, a 1+ under T means that one or more individual results are true, while a 0 under U means that zero individual results are unknown. The last column specifies what the final result would be according to each combination of individual results. Note that if the individual test is negated, then a true result is false and a false result is true, all other results stay as is.
+
+ || num of individual results ||
+ operator is || || final result is
+ || T | F | E | U | NE | NA ||
+---------------||-----------------------------||------------------
+ || 1+ | 0 | 0 | 0 | 0 | 0+ || True
+ || 0+ | 1+ | 0+ | 0+ | 0+ | 0+ || False
+ AND || 0+ | 0 | 1+ | 0+ | 0+ | 0+ || Error
+ || 0+ | 0 | 0 | 1+ | 0+ | 0+ || Unknown
+ || 0+ | 0 | 0 | 0 | 1+ | 0+ || Not Evaluated
+ || 0 | 0 | 0 | 0 | 0 | 1+ || Not Applicable
+---------------||-----------------------------||------------------
+
+
+ || num of individual results ||
+ operator is || || final result is
+ || T | F | E | U | NE | NA ||
+---------------||-----------------------------||------------------
+ || 1 | 0+ | 0 | 0 | 0 | 0+ || True
+ || 2+ | 0+ | 0+ | 0+ | 0+ | 0+ || ** False **
+ || 0 | 1+ | 0 | 0 | 0 | 0+ || ** False **
+ ONE ||0,1 | 0+ | 1+ | 0+ | 0+ | 0+ || Error
+ ||0,1 | 0+ | 0 | 1+ | 0+ | 0+ || Unknown
+ ||0,1 | 0+ | 0 | 0 | 1+ | 0+ || Not Evaluated
+ || 0 | 0 | 0 | 0 | 0 | 1+ || Not Applicable
+---------------||-----------------------------||------------------
+
+
+ || num of individual results ||
+ operator is || || final result is
+ || T | F | E | U | NE | NA ||
+---------------||-----------------------------||------------------
+ || 1+ | 0+ | 0+ | 0+ | 0+ | 0+ || True
+ || 0 | 1+ | 0 | 0 | 0 | 0+ || False
+ OR || 0 | 0+ | 1+ | 0+ | 0+ | 0+ || Error
+ || 0 | 0+ | 0 | 1+ | 0+ | 0+ || Unknown
+ || 0 | 0+ | 0 | 0 | 1+ | 0+ || Not Evaluated
+ || 0 | 0 | 0 | 0 | 0 | 1+ || Not Applicable
+---------------||-----------------------------||------------------
+
+
+ || num of individual results ||
+ operator is || || final result is
+ || T | F | E | U | NE | NA ||
+---------------||-----------------------------||------------------
+ ||odd | 0+ | 0 | 0 | 0 | 0+ || True
+ ||even| 0+ | 0 | 0 | 0 | 0+ || False
+ XOR || 0+ | 0+ | 1+ | 0+ | 0+ | 0+ || Error
+ || 0+ | 0+ | 0 | 1+ | 0+ | 0+ || Unknown
+ || 0+ | 0+ | 0 | 0 | 1+ | 0+ || Not Evaluated
+ || 0 | 0 | 0 | 0 | 0 | 1+ || Not Applicable
+---------------||-----------------------------||------------------
+
+
+
+
+
+
+ The AND operator produces a true result if every argument is true. If one or more arguments are false, the result of the AND is false. If one or more of the arguments are unknown, and if none of the arguments are false, then the AND operator produces a result of unknown.
+
+
+
+
+ The ONE operator produces a true result if one and only one argument is true. If there are more than argument is true (or if there are no true arguments), the result of the ONE is false. If one or more of the arguments are unknown, then the ONE operator produces a result of unknown.
+
+
+
+
+ The OR operator produces a true result if one or more arguments is true. If every argument is false, the result of the OR is false. If one or more of the arguments are unknown and if none of arguments are true, then the OR operator produces a result of unknown.
+
+
+
+
+ XOR is defined to be true if an odd number of its arguments are true, and false otherwise. If any of the arguments are unknown, then the XOR operator produces a result of unknown.
+
+
+
+
+
+
+
+
+
+ Define the format for acceptable OVAL Definition ids. An urn format is used with the id starting with the word oval followed by a unique string, followed by the three letter code 'def', and ending with an integer.
+
+
+
+
+
+
+
+ Define the format for acceptable OVAL Object ids. An urn format is used with the id starting with the word oval followed by a unique string, followed by the three letter code 'obj', and ending with an integer.
+
+
+
+
+
+
+
+ Define the format for acceptable OVAL State ids. An urn format is used with the id starting with the word oval followed by a unique string, followed by the three letter code 'ste', and ending with an integer.
+
+
+
+
+
+
+
+ Define the format for acceptable OVAL Test ids. An urn format is used with the id starting with the word oval followed by a unique string, followed by the three letter code 'tst', and ending with an integer.
+
+
+
+
+
+
+
+ Define the format for acceptable OVAL Variable ids. An urn format is used with the id starting with the word oval followed by a unique string, followed by the three letter code 'var', and ending with an integer.
+
+
+
+
+
+
+
+ Define the format for acceptable OVAL Item ids. The format is an integer. An item id is used to identify the different items found in an OVAL System Characteristics file.
+
+
+
+
+
+
+
+
+ The EmptyStringType simple type is a restriction of the built-in string simpleType. The only allowed string is the empty string with a length of zero. This type is used by certain elements to allow empty content when non-string data is accepted. See the EntityIntType in the OVAL Definition Schema for an example of its use.
+
+
+
+
+
+
+
+ The NonEmptyStringType simple type is a restriction of the built-in string simpleType. Empty strings are not allowed. This type is used by comment attributes where an empty value is not allowed.
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/oval-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/oval-definitions-schema.xsd
new file mode 100644
index 0000000..8788196
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/oval-definitions-schema.xsd
@@ -0,0 +1,1497 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the core schema for encoding Open Vulnerability and Assessment Language (OVAL) Definitions. Some of the objects defined here are extended and enhanced by individual component schemas, which are described in separate documents. Each of the elements, types, and attributes that make up the Core Definition Schema are described in detail and should provide the information necessary to understand what each represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between these objects is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Core Definition
+ 5.8
+ 9/15/2010 1:55:34 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+ The oval_definitions element is the root of an OVAL Definition Document. Its purpose is to bind together the major sections of a document - generator, definitions, tests, objects, states, and variables - which are the children of the root element.
+
+
+
+ A valid OVAL Definition document must contain at least one definitions, tests, objects, states, or variables element. The optional definitions, tests, objects, states, and variables sections define the specific characteristics that should be evaluated on a system to determine the truth values of the OVAL Definition Document. To be valid though, at least one definitions, tests, objects, states, or variables element must be present.
+
+
+
+
+
+
+
+
+ The required generator section provides information about when the definition file was compiled and under what version.
+
+
+
+
+ The optional definitions section contains 1 or more definitions.
+
+
+
+
+ The optional tests section contains 1 or more tests.
+
+
+
+
+ The optional objects section contains 1 or more objects.
+
+
+
+
+ The optional states section contains 1 or more states.
+
+
+
+
+ The optional variables section contains 1 or more variables.
+
+
+
+
+ The optional Signature element allows an XML Signature as defined by the W3C to be attached to the document. This allows authentication and data integrity to be provided to the user. Enveloped signatures are supported. More information about the official W3C Recommendation regarding XML digital signatures can be found at http://www.w3.org/TR/xmldsig-core/.
+
+
+
+
+
+
+ Enforce uniqueness amongst the ids differentiating the individual definition elements.
+
+
+
+
+
+
+ Enforce uniqueness amongst the ids differentiating the individual test elements.
+
+
+
+
+
+
+ Enforce uniqueness amongst the ids differentiating the individual object elements.
+
+
+
+
+
+
+ Enforce uniqueness amongst the ids differentiating the individual state elements.
+
+
+
+
+
+
+ Enforce uniqueness amongst the ids differentiating the individual variable elements.
+
+
+
+
+
+
+ Requires each definition reference to refer to a valid definition id.
+
+
+
+
+
+
+ Requires each test reference to refer to a valid test id.
+
+
+
+
+
+
+ Requires each object reference to refer to a valid object id.
+
+
+
+
+
+
+ Requires each state reference to refer to a valid state id.
+
+
+
+
+
+
+ Requires each variable reference to refer to a valid variable id.
+
+
+
+
+
+
+ Require each object reference in a set element to refer to a valid object id.
+
+
+
+
+
+
+ Require each filter in a set element to refer to a valid state id.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The DefinitionsType complex type is a container for one or more definition elements. Each definition element describes a single OVAL Definition. Please refer to the description of the DefinitionType for more information about an individual definition.
+
+
+
+
+
+
+
+ The DefinitionType defines a single OVAL Definition. A definition is the key structure in OVAL. It is analogous to the logical sentence or proposition: if a computer's state matches the configuration parameters laid out in the criteria, then that computer exhibits the state described. The DefinitionType contains a section for various metadata related elements that describe the definition. This includes a description, version, affected system types, and reference information. The notes section of a definition should be used to hold information that might be helpful to someone examining the technical aspects of the definition. For example, why certain tests have been included in the criteria, or maybe a link to where further information can be found. The DefinitionType also (unless the definition is deprecated) contains a criteria child element that joins individual tests together with a logical operator to specify the specific computer state being described.
+ The required id attribute is the OVAL-ID of the Definition. The form of an OVAL-ID must follow the specific format described by the oval:DefinitionIDPattern. The required version attribute holds the current version of the definition. Versions are integers, starting at 1 and incrementing every time a definition is modified. The required class attribute indicates the specific class to which the definition belongs. The class gives a hint to a user so they can know what the definition writer is trying to say. See the definition of oval-def:ClassEnumeration for more information about the different valid classes. The optional deprecated attribute signifies that an id is no longer to be used or referenced but the information has been kept around for historic purposes.
+
+
+
+ A valid OVAL Definition document must contain a criteria unless the definition is a deprecated definition.
+
+
+
+
+
+
+
+
+
+ Each affected element must have a unique family attribute value.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The MetadataType complex type contains all the metadata available to an OVAL Definition. This metadata is for informational purposes only and is not part of the criteria used to evaluate machine state. The required title child element holds a short string that is used to quickly identify the definition to a human user. The affected metadata item contains information about the system(s) for which the definition has been written. Remember that this is just metadata and not part of the criteria. Please refer to the AffectedType description for more information. The required description element contains a textual description of the configuration state being addressed by the OVAL Definition. In the case of a definition from the vulnerability class, the reference is usually the Common Vulnerability and Exposures (CVE) Identifier, and this description field corresponds with the CVE description.
+ Additional metadata is also allowed although it is not part of the official OVAL Schema. Individual organizations can place metadata items that they feel are important and these will be skipped during the validation. All OVAL really cares about is that the stated metadata items are there.
+
+
+
+
+
+
+ Each affected platform element must have a unique value.
+
+
+
+
+
+
+ Each affected product element must have a unique value.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each OVAL Definition is written to evaluate a certain type of system(s). The family, platform(s), and product(s) of this target are described by the AffectedType whose main purpose is to provide hints for tools using OVAL Definitions. For instance, to help a reporting tool only use Windows definitions, or to preselect only Red Hat definitions to be evaluated. Note, the inclusion of a particular platform or product does not mean the definition is physically checking for the existence of the platform or product. For the actual test to be performed, the correct test must still be included in the definition's criteria section.
+ The AffectedType complex type details the specific system, application, subsystem, library, etc. for which a definition has been written. If a definition is not tied to a specific product, then this element should not be included. The absence of the platform or product element can be thought of as definition applying to all platforms or products. The inclusion of a particular platform or product does not mean the definition is physically checking for the existence of the platform or product. For the actual test to be performed, the correct test must still be included in the definition's criteria section. To increase the utility of this element, care should be taken when assigning and using strings for product names. The schema places no restrictions on the values that can be assigned, potentially leading to many different representations of the same value. For example, 'Internet Explorer' and 'IE' might be used to refer to the same product. The current convention is to fully spell out all terms, and avoid the use of abbreviations at all costs.
+ Please note that the AffectedType will change in future versions of OVAL in order to support the Common Platform Enumeration (CPE).
+
+
+
+
+
+
+
+
+
+ The ReferenceType complex type links the OVAL Definition to a definitive external reference. For example, CVE Identifiers are used for referencing vulnerabilities. The intended purpose for this reference is to link the definition to a variety of other sources that address the same issue being specified by the OVAL Definition.
+ The required source attribute specifies where the reference is coming from. In other words, it identifies the reference repository being used. The required ref_id attribute is the external id of the reference. The optional ref_url attribute is the URL to the reference.
+
+
+
+
+
+
+
+ The NotesType complex type is a container for one or more note child elements. Each note contains some information about the definition or tests that it references. A note may record an unresolved question about the definition or test or present the reason as to why a particular approach was taken.
+
+
+
+
+
+
+
+ The CriteriaType complex type describes a container for a set of sub criteria, criteria, criterion, or extend_definition elements allowing complex logical trees to be constructed. Each referenced test is represented by a criterion element. Please refer to the description of the CriterionType for more information about and individual criterion element. The optional extend_definition element allows existing definitions to be included in the criteria. Refer to the description of the ExtendDefinitionType for more information.
+ The required operator attribute provides the logical operator that binds the different statements inside a criteria together. The optional negate attribute signifies that the result of the criteria as a whole should be negated during analysis. For example, consider a criteria that evaluates to TRUE if certain software is installed. By negating this test, it now evaluates to TRUE if the software is NOT installed. The optional comment attribute provides a short description of the criteria.
+
+
+
+
+
+
+
+
+
+
+
+
+ The CriterionType complex type identifies a specific test to be included in the definition's criteria.
+ The required test_ref attribute is the actual id of the test being referenced. The optional negate attribute signifies that the result of an individual test should be negated during analysis. For example, consider a test that evaluates to TRUE if a specific patch is installed. By negating this test, it now evaluates to TRUE if the patch is NOT installed. The optional comment attribute provides a short description of the specified test and should mirror the comment attribute of the actual test.
+
+
+
+
+
+
+
+ The ExtendDefinitionType complex type allows existing definitions to be extended by another definition. This works by evaluating the extended definition and then using the result within the logical context of the extending definition.
+ The required definition_ref attribute is the actual id of the definition being extended. The optional negate attribute signifies that the result of an extended definition should be negated during analysis. For example, consider a definition that evaluates TRUE if certainsoftware is installed. By negating the definition, it now evaluates to TRUE if the software is NOT installed. The optional comment attribute provides a short description of the specified definition and should mirror the title metadata of the extended definition.
+
+
+
+
+
+
+
+
+
+
+ The TestsType complex type is a container for one or more test child elements. Each test element describes a single OVAL Test. Please refer to the description of the TestType for more information about an individual test.
+
+
+
+
+
+
+
+ The test element is an abstract element that is meant to be extended (via substitution groups) by the individual tests found in the component schemas. An OVAL Test is used to compare an object(s) against a defined state. An actual test element is not valid. The use of this abstract class simplifies the OVAL schema by allowing individual tests to inherit the optional notes child element, and the id and comment attributes from the base TestType. Please refer to the description of the TestType complex type for more information.
+
+
+
+
+ The base type of every test includes an optional notes element and several attributes. The notes section of a test should be used to hold information that might be helpful to someone examining the technical aspects of the test. For example, why certain values have been used by the test, or maybe a link to where further information can be found. Please refer to the description of the NotesType complex type for more information about the notes element. The required comment attribute provides a short description of the test. The optional deprecated attribute signifies that an id is no longer to be used or referenced but the information has been kept around for historic purposes.
+ The required id attribute uniquely identifies each test, and must conform to the format specified by the TestIdPattern simple type. The required version attribute holds the current version of the test. Versions are integers, starting at 1 and incrementing every time a test is modified.
+ The optional check_existence attribute specifies how many items in the set defined by the OVAL Object must exist for the test to evaluate to true. The default value for this attribute is 'at_least_one_exists' indicating that by default the test may evaluate to true if at least one item defined by the OVAL Object exists on the system. For example, if a value of 'all_exist' is given, every item defined by the OVAL Object must exist on the system for the test to evaluate to true. If the OVAL Object uses a variable reference, then every value of that variable must exist. Note that a pattern match defines a unique set of matching items found on a system. So when check_existence = 'all_exist' and a regex matches anything on a system the test will evaluate to true (since all matching objects on the system were found on the system). When check_existence = 'all_exist' and a regex does not match anything on a system the test will evaluate to false.
+ The required check attribute specifies how many items in the set defined by the OVAL Object (ignoring items with a status of Does Not Exist) must satisfy the state requirements. For example, should the test check that all matching files have a specified version or that at least one file has the specified version? The valid check values are explained in the description of the CheckEnumeration simple type. Note that if the test does not contain any references to OVAL States, then the check attribute has no meaning and can be ignored during evaluation.
+ An OVAL Test evaluates to true if both the check_existence and check attributes are satisfied during evaluation. The evaluation result for a test is determined by first evaluating the check_existence attribute. If the result of evaluating the check_existence attribute is true then the check attribute is evaluated. An interpreter may choose to always evaluate both the check_existence and the check attributes, but once the check_existence attribute evaluation has resulted in false the overall test result after evaluating the check attribute will not be affected.
+ The optional state_operator attribute provides the logical operator that combines the evaluation results from each referenced state on a per item basis. Each matching item is compared to each referenced state. The result of comparing each state to a single item is combined based on the specified state_operator value to determine one result for each item. Finally, the results for each item are combined based on the specified check value. Note that if the test does not contain any references to OVAL States, then the state_operator attribute has no meaning and can be ignored during evaluation. Referencing multiple states in one test allows ranges of possible values to be expressed. For example, one state can check that a value greater than 8 is found and another state can check that a value of less than 16 is found. In this example the referenced states are combined with a state_operator = 'AND' indicating that the conditions of all referenced states must be satisfied and that the value must be between 8 AND 16. The valid state_operation values are explained in the description of the OperatorEnumeration simple type.
+
+
+
+ - No state should be referenced when check_existence has a value of 'none_exist'.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The ObjectRefType complex type defines an object reference to be used by OVAL Tests that are defined in the component schemas. The required object_ref attribute specifies the id of the OVAL Object being referenced.
+
+
+
+
+
+ The StateRefType complex type defines a state reference to be used by OVAL Tests that are defined in the component schemas. The required state_ref attribute specifies the id of the OVAL State being referenced.
+
+
+
+
+
+
+
+
+ The ObjectsType complex type is a container for one or more object child elements. Each object element provides details that define a unique set of matching items to be used by an OVAL Test. Please refer to the description of the object element for more information about an individual object.
+
+
+
+
+
+
+
+ The object element is an abstract element that is meant to be extended (via substitution groups) by the objects found in the component schemas. An actual object element is not valid. The use of this abstract class simplifies the OVAL schema by allowing individual objects to inherit any common elements and attributes from the base ObjectType. The optional notes child element, and the id and comment attributes from the base testType. A description of the notes element can be found under the definitions section. Please refer to the description of the ObjectType complex type for more information.
+ An OVAL Object describes a unique set of items to look for on a system. A simple object will usually result in a single file, process, etc being identified. But through the use pattern matches, sets, and variables, multiple matching objects can be identified. Therefore an OVAL Object can identify a unique set of many individual items on a system. This unique set of items defined by the OVAL Object can then be used by an OVAL Test and compared against an OVAL State.
+
+
+
+
+ The base type of every object includes an optional notes element. The notes element of an object should be used to hold information that might be helpful to someone examining the technical aspects of the object. For example, why certain values have been used, or maybe a link to where further information can be found. Please refer to the description of the NotesType complex type for more information about the notes element.
+ The required id attribute uniquely identifies each object, and must conform to the format specified by the ObjectIdPattern simple type. The required version attribute holds the current version of the object element. Versions are integers, starting at 1 and incrementing every time an object is modified. The optional comment attribute provides a short description of the object. The optional deprecated attribute signifies that an id is no longer to be used or referenced but the information has been kept around for historic purposes.
+
+
+
+
+
+
+
+
+
+
+
+
+ The set element enables complex objects to be described. It is a recursive element in that each set element can contain additional set elements as children. Each set element defines characteristics that produce a matching unique set of items. This set of items is defined by one or two references to OVAL Objects that provide the criteria needed to collect a set of system items. These items can have one or more filters applied to allow a subset of those items to be specifically included or excluded from the overall set of items.
+ The set element's object_reference refers to an existing OVAL Object. The set element's filter element provides a reference to an existing OVAL State and includes an optional action attribute. The filter's action attribute allows the author to specify whether matching items should be included or excluded from the overall set. The default filter action is to exclude all matching items. In other words, the filter can be thought of filtering items out by default.
+ Each filter is applied to the items identified by each OVAL Object before the set_operator is applied. For example, if an object_reference points to an OVAL Object that identifies every file in a certain directory, a filter might be set up to limit the object set to only those files with a size less than 10 KB. If multiple filters are provided, then each filter is applied to the set of items identified by the OVAL Object. Care must be taken to ensure that conflicting filters are not applied. It is possible to exclude all items with a size of 10 KB and then include only items with a size of 10 KB. This example would result in the empty set.
+ The required set_operator attribute defines how different child sets are combined to form the overall unique set of objects. For example, does one take the union of different sets or the intersection? For a description of the valid values please refer to the SetOperatorEnumeration simple type.
+
+
+
+ - Each object referenced by the set must be of the same type as parent object
+
+
+ - Each object referenced by the set must be of the same type as parent object
+
+
+ - Each object referenced by the set must be of the same type as parent object
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The filter element provides a reference to an existing OVAL State and includes an optional action attribute. The action attribute is used to specify whether items that match the referenced OVAL State will be included in the resulting set or excluded from the resulting set.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The StatesType complex type is a container for one or more state child elements. Each state provides details about specific characteristics that can be used during an evaluation of an object. Please refer to the description of the state element for more information about an individual state.
+
+
+
+
+
+
+
+ The state element is an abstract element that is meant to be extended (via substitution groups) by the states found in the component schemas. An actual state element is not valid. The use of this abstract class simplifies the OVAL schema by allowing individual states to inherit the optional notes child element, and the id and operator attributes from the base StateType. Please refer to the description of the StateType complex type for more information.
+ An OVAL State is a collection of one or more characteristics pertaining to a specific object type. The OVAL State is used by an OVAL Test to determine if a unique set of items identified on a system meet certain characteristics.
+
+
+
+
+ The base type of every state includes an optional notes element and two attributes. The notes section of a state should be used to hold information that might be helpful to someone examining the technical aspects of the state. For example, why certain values have been used by the state, or maybe a link to where further information can be found. Please refer to the description of the NotesType complex type for more information about the notes element.
+ The required id attribute uniquely identifies each state, and must conform to the format specified by the StateIdPattern simple type. The required version attribute holds the current version of the state. Versions are integers, starting at 1 and incrementing every time a state is modified. The required operator attribute provides the logical operator that binds the different characteristics inside a state together. The optional comment attribute provides a short description of the state. The optional deprecated attribute signifies that an id is no longer to be used or referenced but the information has been kept around for historic purposes.
+ When evaluating a particular state against an object, one should evaluate each individual entity separately. The individual results are then combined by the operator to produce an overall result. This process holds true even when there are multiple instances of the same entity. Evaluate each instance separately, taking the entity check attribute into account, and then combine everything using the operator.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The VariablesType complex type is a container for one or more variable child elements. Each variable element is a way to define one or more values to be obtained at the time a definition is evaluated.
+
+
+
+
+
+
+
+ The variable element is an abstract element that is meant to be extended (via substitution groups) by the different types of variables. An actual variable element is not valid. The different variable types describe different sources for obtaining a value(s) for the variable. There are currently three types of variables; local, external, and constant. Please refer to the description of each one for more specific information. The value(s) of a variable is treated as if it were inserted where referenced. One of the main benefits of variables is that they allow tests to evaluate user-defined policy. For example, an OVAL Test might check to see if a password is at least a certain number of characters long, but this number depends upon the individual policy of the user. To solve this, the test for password length can be written to refer to a variable element that defines the length.
+ If a variable defines an array of values, any entity that references the variable will evaluate to true depending on the value of the var_check attribute. For example, if an entity 'size' with an operation of 'less than' references a variable that returns five different integers, and the var_check attribute has a value of 'all', then the 'size' entity returns true only if the actual size is less than each of the five integers defined by the variable. If a variable does not return any value, then an error should be reported during OVAL analysis.
+
+
+
+
+ The VariableType complex type defines attributes associated with each OVAL Variable. The required id attribute uniquely identifies each variable, and must conform to the format specified by the VariableIDPattern simple type. The required version attribute holds the current version of the variable. Versions are integers, starting at 1 and incrementing every time a variable is modified. The required comment attribute provides a short description of the variable. The optional deprecated attribute signifies that an id is no longer to be used or referenced but the information has been kept around for historic purposes.
+ The required datatype attribute specifies the type of value being defined. The set of values identified by a variable must comply with the specified datatype, otherwise an error should be reported. Please see the DatatypeEnumeration for details about each valid datatype. For example, if the datatype of the variable is specified as boolean then the value(s) returned by the component / function should be "true", "false", "1", or "0".
+ Note that the 'record' datatype is not permitted on variables.
+
+
+
+
+
+
+
+
+ Note that the 'record' datatype is not permitted on variables.
+
+
+
+
+
+
+
+ The external_variable element extends the VariableType and defines a variable with some external source. The actual value(s) for the variable is not provided within the OVAL file, but rather it is retrieved during the evaluation of the OVAL Definition from an external source. An unbounded set of possible-value and possible_restriction child elements can be specified that together specify the list of all possible values that an external source is allowed to supply for the external variable. In other words, the value assigned by an external source must match one of the possible_value or possible_restriction elements specified. Each possible_value element contains a single value that could be assigned to the given external_variable while each possible_restriction element outlines a range of possible values. Note that it is not necessary to declare a variable's possible values, but the option is available if desired. If no possible child elements are specified, then the valid values are only bound to the specified datatype of the external variable. Please refer to the description of the PossibleValueType and PossibleRestrictionType complex types for more information.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The PossibleValueType complex type is used to outline a single expected value of an external variable. The required hint attribute gives a short description of what the value means or represents.
+
+
+
+
+
+
+
+
+
+
+ The PossibleRestrictionType complex type outlines a range of possible expected value of an external variable. Each possible_restriction element contains an unbounded list of child restriction elements that each specify a range that an actual value may fall in. For example, a restriction element may specify that a value must be less than 10. When multiple restriction elements are present, a valid possible value would have to meet every restriction. One can think of the possible_value and possible_restriction elements as an OR'd list of possible values, and the restriction elements as an AND'd list of value descriptions. Please refer to the description of the RestrictionType complex type for more information. The required hint attribute gives a short description of what the value means or represents.
+
+
+
+
+
+
+
+
+
+ The RestrictionType complex type outlines a restriction that is placed on expected values for an external variable. For example, a possible value may be restricted to a integer less than 10. Please refer to the operationEnumeration simple type for a description of the valid operations. The required hint attribute gives a short description of what the value means or represents.
+
+
+
+
+
+
+
+
+
+ The constant_variable element extends the VariableType and defines a variable with a constant value(s). Each constant_variable defines either a single value or an array of values to be used throughout the evaluation of the OVAL Definition File in which it has been defined. Constant variables cannot be over-ridden by an external source. The actual value of a constant variable is defined by the required value child element. An array of values can be specified by including multiple instances of the value element. Please refer to the description of the ValueType complex type for more information.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The ValueType complex type holds the actual value of the variable when dealing with a constant variable. This value should be used by all tests that reference this variable. The value cannot be over-ridden by an external source.
+
+
+
+
+
+
+
+ The local_variable element extends the VariableType and defines a variable with some local source. The actual value(s) for the variable is not provided in the OVAL Definition document but rather it is retrieved during the evaluation of the OVAL Definition. Each local variable is defined by either a single component or a complex function, meaning that a value can be as simple as a literal string or as complex as multiple registry keys concatenated together. Note that if an individual component is used and it returns multiple values, then there will be multiple values associated with the local_variable. For example, if an object_component is used and it references a file object that identifies a set of 5 files, then the local variable would represent these 5 values. Please refer to the description of the ComponentGroup for more information.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Any value that is pulled directly off the local system is defined by the basic component element. For example, the name of a user or the value of a registry key. Please refer to the definition of the ObjectComponentType for more information. A value can also be obtained from another variable. The variable element identifies a variable id to pull a value(s) from. Please refer to the definition of the VariableComponentType for more information. Literal values can also be specified.
+
+
+
+
+
+
+
+
+
+
+ The LiteralComponentType complex type defines a literal value to be used as a component. The optional datatype attribute defines the type of data expected. The default datatype is 'string'.
+
+
+
+ - The 'record' datatype is prohibited on variables.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The ObjectComponentType complex type defines a specific value or set of values on the local system to obtain.
+ The required object_ref attribute provides a reference to an existing OVAL Object declaration. The referenced OVAL Object specifies a set of OVAL Items to collect. Note that an OVAL Object might identify 0, 1, or many OVAL Items on a system. If no items are found on the system then an error should be reported when determining the value of an ObjectComponentType. If 1 or more OVAL Items are found then each OVAL Item will be considered and the ObjectComponentType may have one or more values.
+ The required item_field attribute specifies the name of the entity whose value will be retrieved from each OVAL Item collected by the referenced OVAL Object. For example, if the object_ref references a win-def:file_object, the item_field may specify the 'version' entity as the field to use as the value of the ObjectComponentType. Note that an OVAL Item may have 0, 1, or many entities whose name matches the specified item_field value. If an entity is not found with a name that matches the value of the item_field an error should be reported when determining the value of an ObjectComponentType. If 1 or more matching entities are found in a single OVAL Item the value of the ObjectComponentType is the list of the values from each of the matching entities.
+ The optional record_field attribute specifies the name of a field in a record entity in an OVAL Item. The record_field attribute allows the value of a specific field to be retrieved from an entity with a datatype of 'record'. If a field with a matching name attribute value is not found in the referenced OVAL Item entity an error should be reported when determining the value of the ObjectComponentType.
+
+
+
+
+
+
+
+ The VariableComponentType complex type defines a specific value obtained by looking at the value of another OVAL Variable. The required var_ref attribute provides a reference to the variable. One must make sure that the variable reference does not point to the parent variable that uses this component to avoid a race condition.
+
+
+
+
+
+ Complex functions have been defined that help determine how to manipulate specific values. These functions can be nested together to form complex statements. Each function is designed to work on a specific type of data. If the data being worked on is not of the correct type, a cast should be attempted before reporting an error. For example, if a concat function includes a registry component that returns an integer, then the integer should be cast as a string in order to work with the concat function. Note that if the operation being applied to the variable by the calling entity is "pattern match", then all the functions are performed before the regular expression is evaluated. In short, the variable would produce a value as normal and then any pattern match operation would be performed. It is also important to note that when using these functions with sub-components that return multiple values that the operation will be performed on the Cartesian product of the components and the result is an array of values. For example, assume a local_variable specifies the arithmetic function with an arithmetic_operation of "add" and has two sub-components under this function: the first component returns multiple values "1" and "2", and the second component returns multiple values "3" and "4" and "5". The local_variable element would be evaluated to have six values: 1+3, 1+4, 1+5, 2+3, 2+4, and 2+5. Please refer to the description of a specific function for more details about it.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The arithmetic function takes two or more integer or float components and performs a basic mathematicalfunction on them. The result of this function is a single integer or float unless one of the components returns multiple values. In this case the specified arithmetic function would be performed multiple times and the end result would be an array of values for the local variable. For example assume a local_variable specifies the arithmetic function with an arithmetic_operation of "add" and has two sub-components under this function: the first component returns multiple values "1" and "2", and the second component returns multiple values "3" and "4" and "5". The local_variable element would be evaluated to have six values: 1+3, 1+4, 1+5, 2+3, 2+4, and 2+5.
+ Note that if both an integer and float components are used then the result is a float.
+
+
+
+ A literal_component used by an arithmetic function must have a datatype of float or int.
+
+
+
+ The variable referenced by the arithmetic function must have a datatype of float or int.
+
+
+
+
+
+
+
+
+
+
+
+ The begin function takes a single string component and defines a character (or string) that the component string should start with. The character attribute defines the specific character (or string). The character (or string) is only added to the component string if the component string does not already start with the specified character (or string).
+
+
+
+ A literal_component used by the begin function must have a datatype of string.
+
+
+
+ The variable referenced by the begin function must have a datatype of string.
+
+
+
+
+
+
+
+
+
+
+
+ The concat function takes two or more components and concatenates them together to form a single string. The first component makes up the beginning of the resulting string and any following components are added to the end it. If one of the components returns multiple values then the concat function would be performed multiple times and the end result would be an array of values for the local variable. For example assume a local variable has two sub-components: a basic component element returns the values "abc" and "def", and a literal component element that has a value of "xyz". The local_variable element would be evaluated to have two values, "abcxyz" and "defxyz". If one of the components does not exist, then the result of the concat operation should be does not exist.
+
+ Below is a chart that specifies how to classify the flag status of a variable using the concat function during evaluation when multiple components are supplied. Both the object and variable component are indirectly associated with collected objects in a system characteristics file. These objects could have been completely collected from the system, or there might have been some type of error that led to the object not being collected, or maybe only a part of the object set was collected. This flag status is important as OVAL Objects or OVAL States that are working with a variable (through the var_ref attribute on an entity) can use this information to report more accurate results. For example, an OVAL Test with a check attribute of 'at least one' that specifies an object with a variable reference, might be able to produce a valid result based on an incomplete object set as long as one of the objects in the set is true.
+
+ || num of components with flag ||
+ || || resulting flag is
+ || E | C | I | DNE | NC | NA ||
+------||-----------------------------------||------------------
+ || 1+ | 0+ | 0+ | 0+ | 0+ | 0+ || Error
+ || 0 | 1+ | 0 | 0 | 0 | 0 || Complete
+ || 0 | 0+ | 1+ | 0 | 0 | 0 || Incomplete
+ || 0 | 0+ | 0+ | 1+ | 0 | 0 || Does Not Exist
+ || 0 | 0+ | 0+ | 0+ | 1+ | 0 || Not Collected
+ || 0 | 0+ | 0+ | 0+ | 0+ | 1+ || Not Applicable
+------||-----------------------------------||------------------
+
+
+
+ A literal_component used by the concat function must have a datatype of string.
+
+
+
+ The variable referenced by the concat function must have a datatype of string.
+
+
+
+
+
+
+
+
+
+
+ The end function takes a single string component and defines a character (or string) that the component string should end with. The character attribute defines the specific character (or string). The character (or string) is only added to the component string if the component string does not already end with the specified character (or string). If the desired end character is a string, then the entire end string must exist at the end if the component string. If the entire end string is not present then the entire end string is appended to the component string.
+
+
+
+ A literal_component used by the end function must have a datatype of string.
+
+
+
+ The variable referenced by the end function must have a datatype of string.
+
+
+
+
+
+
+
+
+
+
+
+ The escape_regex function takes a single string component and escapes all of the regular expression characters. For example, the string '(\.test_string*)?' will evaluate to '\(\\\.test_string\*\)\?'. The purpose for this is that many times, a component used in pattern match needs to be treated as a literal string and not a regular expression. For example, assume a basic component element that identifies a file path that is held in the Windows registry. This path is a string that might contain regular expression characters. These characters are likely not intended to be treated as regular expression characters and need to be escaped. This function allows a definition writer to mark convert the values of components to regular expression format.
+ Note that when using regular expressions, OVAL supports a common subset of the regular expression character classes, operations, expressions and other lexical tokens defined within Perl 5's regular expression specification. For more information on the supported regular expression syntax in OVAL see: http://oval.mitre.org/language/about/re_support_5.6.html.
+
+
+
+ A literal_component used by the escape_regex function must have a datatype of string.
+
+
+
+ The variable referenced by the escape_regex function must have a datatype of string.
+
+
+
+
+
+
+
+
+
+
+ The split function takes a single string component and turns it into multiple values based on a delimiter string. For example, assume that a basic component element returns the value "a-b-c-d" to the split function with the delimiter set to "-". The local_variable element would be evaluated to have four values "a", "b", "c", and "d". If the basic component returns a value that begins, or ends, with a delimiter, the local_variable element would contain empty string values at the beginning, or end, of the set of values returned for that string component. For example, if the delimiter is "-", and the basic component element returns the value "-a-a-", the local_variable element would be evaluated to have four values "", "a", "a", and "". Likewise, if the basic component element returns a value that contains adjacent delimiters such as "---", the local_variable element would be evaluated to have four values "", "", "", and "". Lastly, if the basic component element used by the split function returns multiple values, then the split function is performed multiple times, and all of the results, from each of the split functions, are returned.
+
+
+
+ A literal_component used by the split function must have a datatype of string.
+
+
+
+ The variable referenced by the split function must have a datatype of string.
+
+
+
+
+
+
+
+
+
+
+
+ The substring function takes a single string component and produces a single value that contains a portion of the original string. The substring_start attribute defines the starting position in the original string. To include the first character of the string, the start position would be 1. A value less than 1 also means that the start position would be 1. If the substring_start attribute has value greater than the length of the original string an error should be reported. The substring_length attribute defines how many characters after, and including, the starting character to include. A substring_length value greater than the actual length of the string, or a negative value, means to include all of the characters after the starting character. For example, assume a basic component element that returns the value "abcdefg" with a substring_start value of 3 and a substring_length value of 2. The local_variable element would evaluate to have a single value of "cd". If the string component used by the substring function returns multiple values, then the substring operation is performed multiple times and results in multiple values for the component.
+
+
+
+ A literal_component used by the substring function must have a datatype of string.
+
+
+
+ The variable referenced by the substring function must have a datatype of string.
+
+
+
+
+
+
+
+
+
+
+
+
+ The time_difference function calculates the difference in seconds between date-time values. If one component is specified, the values of that component are subtracted from the current time (UTC). If two components are specified, the value of the second component is subtracted from the value of the first component. If the component(s) contain multiple values, the operation is performed multiple times on the Cartesian product of the component(s) and the result is an array of time difference values. For example, assume a local_variable specifies the time_difference function and has two sub-components under this function: the first component returns multiple values "04/02/2009" and "04/03/2009", and the second component returns multiple values "02/02/2005" and "02/03/2005" and "02/04/2005". The local_variable element would be evaluated to have six values: (ToSeconds("04/02/2009") - ToSeconds("02/02/2005")), (ToSeconds("04/02/2009") - ToSeconds("02/03/2005")), (ToSeconds("04/02/2009") - ToSeconds("02/04/2005")), (ToSeconds("04/03/2009") - ToSeconds("02/02/2005")), (ToSeconds("04/03/2009") - ToSeconds("02/03/2005")), and (ToSeconds("04/03/2009") - ToSeconds("02/04/2005"))..
+ The date-time format of each component is determined by the two format attributes. The format1 attribute applies to the first component, and the format2 attribute applies to the second component. Valid values for the attributes are 'win_filetime', 'seconds_since_epoch', 'day_month_year', 'year_month_day', and 'month_day_year'. Please see the DateTimeFormatEnumeration for more information about each of these values. If an input value is not understood, the result is an error. If only one input is specified, specify the format with the format2 attribute, as the first input is considered to be the implied 'current time' input.
+ Note that the datatype associated with the components should be 'string' or 'int' depending on which date time format is specified. The result of this function though is always an integer.
+
+
+
+ A literal_component used by the time_difference function must have a datatype of string or int.
+
+
+
+ The variable referenced by the time_difference function must have a datatype of string or int.
+
+
+
+
+
+
+
+
+
+
+
+
+ The regex_capture function captures a single substring from a string component. The 'pattern' attribute provides a regular expression that must contain a single subexpression (using parentheses). The first match of the subexpression is considered the captured substring. For example, the pattern ^abc(.*)xyz$ would capture a substring from each of the string component's values if the value starts with abc and ends with xyz. In this case the subexpression would be all the characters that exist in between the abc and the xyz. If more than one subexpression is supplied only the first match is considered. If more than one match is identified by a single subexpression only the first match is considered. If no matches are found or a subexpression is not supplied the function will evaluate to an empty string. Note that subexpressions match the longest possible substrings.
+ Note that when using regular expressions, OVAL supports a common subset of the regular expression character classes, operations, expressions and other lexical tokens defined within Perl 5's regular expression specification. For more information on the supported regular expression syntax in OVAL see: http://oval.mitre.org/language/about/re_support_5.6.html.
+
+
+
+ A literal_component used by the regex_capture function must have a datatype of string.
+
+
+
+ The variable referenced by the regex_capture function must have a datatype of string.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The ArithmeticEnumeration simple type defines basic arithmetic operations. Currently add and multiply are defined.
+
+
+
+
+
+
+
+
+
+ The DateTimeFormatEnumeration simple type defines the different date-time formats that are understood by OVAL. Note that in some cases there are a few different possibilities within a given format. Each of these possibilities is unique though and can be distinguished from each other. The different formats are used to clarify the higher level structure of the date-time string being used.
+
+
+
+
+ The year_month_day value specifies date-time strings that follow the formats: 'yyyymmdd', 'yyyymmddThhmmss', 'yyyy/mm/dd hh:mm:ss', 'yyyy/mm/dd', 'yyyy-mm-dd hh:mm:ss', or 'yyyy-mm-dd'
+
+
+
+
+ The month_day_year value specifies date-time strings that follow the formats: 'mm/dd/yyyy hh:mm:ss', 'mm/dd/yyyy', 'mm-dd-yyyy hh:mm:ss', 'mm-dd-yyyy', 'NameOfMonth, dd yyyy hh:mm:ss' or 'NameOfMonth, dd yyyy', 'AbreviatedNameOfMonth, dd yyyy hh:mm:ss', or 'AbreviatedNameOfMonth, dd yyyy'
+
+
+
+
+ The day_month_year value specifies date-time strings that follow the formats: 'dd/mm/yyyy hh:mm:ss', 'dd/mm/yyyy', 'dd-mm-yyyy hh:mm:ss', or 'dd-mm-yyyy'
+
+
+
+
+ The win_filetime value specifies date-time strings that follow the windows file time format.
+
+
+
+
+ The seconds_since_epoch value specifies date-time values that represent the time in seconds since the UNIX epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970.
+
+
+
+
+
+
+ The FilterActionEnumeration simple type defines the different options for filtering sets of items.
+
+
+
+
+ The exclude value specifies that all items that match the filter shall be excluded from set that the filter is applied to.
+
+
+
+
+ The include value specifies that only items that match the filter shall be included in the set that the filter is applied to.
+
+
+
+
+
+
+ The SetOperatorEnumeration simple type defines acceptable set operations. Set operations are used to take multiple different sets of objects within OVAL and merge them into a single unique set. The different operators that guide this merge are defined below. For each operator, if only a single object has been supplied, then the resulting set is simply that complete object.
+
+ Below are some tables that outline how different flags are combined with a given set_operator to return a new flag. These tables are needed when computing the flag for collected objects that represent object sets in an OVAL Definition. The top row identifies the flag associated with the first set or object reference. The left column identifies the flag associated with the second set or object reference. The matrix inside the table represent the resulting flag when the given set_operator is applied. (E=error, C=complete, I=incomplete, DNE=does not exist, NC=not collected, NA=not applicable)
+
+ || ||
+ set_operator is || obj 1 flag ||
+ union || ||
+ || E | C | I | DNE | NC | NA ||
+-----------------||-----------------------------------||
+ E || E | E | E | E | E | E ||
+ obj C || E | C | I | C | I | C ||
+ 2 I || E | I | I | I | I | I ||
+ flag DNE || E | C | I | DNE | I | DNE ||
+ NC || E | I | I | I | NC | NC ||
+ NA || E | C | I | DNE | NC | NA ||
+-----------------||-----------------------------------||
+
+
+ || ||
+ set_operator is || obj 1 flag ||
+ intersection || ||
+ || E | C | I | DNE | NC | NA ||
+-----------------||-----------------------------------||
+ E || E | E | E | DNE | E | E ||
+ obj C || E | C | I | DNE | NC | C ||
+ 2 I || E | I | I | DNE | NC | I ||
+ flag DNE || DNE | DNE | DNE | DNE | DNE | DNE ||
+ NC || E | NC | NC | DNE | NC | NC ||
+ NA || E | C | I | DNE | NC | NA ||
+-----------------||-----------------------------------||
+
+
+ || ||
+ set_operator is || obj 1 flag ||
+ complement || ||
+ || E | C | I | DNE | NC | NA ||
+-----------------||-----------------------------------||
+ E || E | E | E | DNE | E | E ||
+ obj C || E | C | I | DNE | NC | E ||
+ 2 I || E | E | E | DNE | NC | E ||
+ flag DNE || E | C | I | DNE | NC | E ||
+ NC || E | NC | NC | DNE | NC | E ||
+ NA || E | E | E | E | E | E ||
+-----------------||-----------------------------------||
+
+
+
+
+
+
+ The complement operator is defined in OVAL as a relative complement. The resulting unique set contains everything that belongs to the first declared set that is not part of the second declared set. If A and B are sets (with A being the first declared set), then the relative complement is the set of elements in A, but not in B.
+
+
+
+
+ The intersection of two sets in OVAL results in a unique set that contains everything that belongs to both sets in the collection, but nothing else. If A and B are sets, then the intersection of A and B contains all the elements of A that also belong to B, but no other elements.
+
+
+
+
+ The union of two sets in OVAL results in a unique set that contains everything that belongs to either of the original sets. If A and B are sets, then the union of A and B contains all the elements of A and all elements of B, with the duplicates removed.
+
+
+
+
+
+
+
+
+
+ The EntityBaseType complex type is an abstract type that defines the default attributes associated with every entity. Entities can be found in both OVAL Objects and OVAL States and represent the individual properties associated with items found on a system. An example of a single entity would be the path of a file. Another example would be the version of the file.
+ The optional datatype attribute specifies how the given operation should be applied to the data. Since we are dealing with XML everything is technically a string, but often the entity value is meant to represent some other datatype and this affects the way an operation is performed. An example is with the statement 'is 123 less than 98'. If the data is treated as integers the answer is no, but if the data is treated as strings, then the answer is yes. Specifying a datatype defines how the less than operation should be performed. Another way of thinking of things is that the datatype attribute specifies how the data should be cast before performing the operation (note that the default datatype is 'string'). In the previous example, if the datatype is set to int, then '123' and '98' should be cast as integers. Another example is applying the 'equals' operation to '1.0.0.0' and '1.0'. With datatype 'string' they are not equal, with datatype 'version' they are. Note that there are certain cases where a cast from one datatype to another is not possible. If a cast cannot be made, (trying to cast 'abc' to an integer) then an error should be reported. For example, if the datatype is set to 'integer' and the value of the entity is the empty string. There is no way to cast the empty string (or NULL) to an integer, and in cases like this an error should be reported.
+ The optional operation attribute determines how the individual entities should be evaluated (the default operation is 'equals'). Both the datatype and operation attributes are optional in order to keep the XML clean and readable. The default values are used most of the time and putting datatype="string" and operation="equals" for each element would muddy up the XML.
+ The optional mask attribute can be used in situations where information is needed for evaluation, but this information should not be disclosed in the results file (maybe due to sensitivity concerns). If the mask attribute is set to 'true', then the value of this field, along with the operation used, should not appear in the results file. Note that this value would appear in the copy of the system characteristics contained in the results file. In this case, the results file should make use of the corresponding mask attribute in the system characteristics schema and should be set to true and the value should be omitted. In addition to the value being omitted from the copy of the system characteristics file, the copy of the definition file should also omit the value and operation used for testing.
+ The optional var_ref attribute refers the value of the entity to a variable element. When supplied, the value(s) associated with the OVAL Variable should be used as the value(s) of the entity. If there is an error computing the value of the variable, then that error should be passed up to the entity referencing it. If the variable being referenced does not have a value (for example, if the variable pertains to the size of a file, but the file does not exist) then one of two results are possible. If the entity is part of an object declaration, then the object is considered to not exist. If the entity is part of a state declaration, then the state comparison should result in an error.
+
+
+
+
+ - a var_ref has been supplied for the entity so no value should be provided
+ - inconsistent datatype between the variable and an associated var_ref
+
+
+ - The use of '' for the operation attribute of the entity is not valid given the lack of a declared datatype (hence a default datatype of string).
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of binary.
+
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of boolean.
+
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of evr_string.
+
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of fileset_revision.
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of float.
+
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of ios_version.
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of int.
+
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of ipv4_address.
+
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of ipv6_address.
+
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of string.
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of version.
+
+
+ - The use of '' for the operation attribute of the entity is not valid given a datatype of record.
+
+
+
+
+ - The use of var_ref is prohibited when the datatype is 'record'.
+
+
+
+
+ - The datatype for the entity is 'int' but the value is not an integer.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectBaseType complex type is an abstract type that extends the EntityBaseType and is used by the entities within an OVAL Object.
+ If the entity uses a var_ref and the associated variable defines more than one value, the optional var_check attribute defines how the data collection should proceed. For example, if an object entity 'filename' with an operation of 'not equal' references a variable that returns five different values, and the var_check attribute has a value of 'all', then an actual file on the system matches only if the actual filename does not equal any of the variable values. If a variable does not return a value, then the object should be considered to not exist.
+
+
+
+ - a var_ref has been supplied for the entity so a var_check should also be provided
+
+
+ - a var_check has been supplied for the entity so a var_ref should also be provided
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectIPAddressType type is extended by the entities of an individual OVAL Object. This type provides uniformity to each object entity by including the attributes found in the EntityObjectBaseType. This specific type describes any IPv4/IPv6 address or address prefix.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectIPAddressStringType type is extended by the entities of an individual OVAL Object. This type provides uniformity to each object entity by including the attributes found in the EntityObjectBaseType. This specific type describes any IPv4/IPv6 address, address prefix, or its string representation.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectAnySimpleType type is extended by the entities of an individual OVAL Object. This type provides uniformity to each object entity by including the attributes found in the EntityObjectBaseType. This specific type describes any simple data.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityBinaryType type is extended by the entities of an individual OVAL Object. This type provides uniformity to each object entity by including the attributes found in the EntityObjectBaseType. This specific type describes simple binary data. The empty string is also allowed when using a variable reference with an element.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityBoolType type is extended by the entities of an individual OVAL Object. This type provides uniformity to each object entity by including the attributes found in the EntityObjectBaseType. This specific type describes simple boolean data. The empty string is also allowed when using a variable reference with an element.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectFloatType type is extended by the entities of an individual OVAL Object. This type provides uniformity to each object entity by including the attributes found in the EntityObjectBaseType. This specific type describes simple float data. The empty string is also allowed when using a variable reference with an element.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityIntType type is extended by the entities of an individual OVAL Object. This type provides uniformity to each object entity by including the attributes found in the EntityObjectBaseType. This specific type describes simple integer data. The empty string is also allowed when using a variable reference with an element.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStringType type is extended by the entities of an individual OVAL Object. This type provides uniformity to each object entity by including the attributes found in the EntityObjectBaseType. This specific type describes simple string data.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateBaseType complex type is an abstract type that extends the EntityBaseType and is used by the entities within an OVAL State.
+ The optional entity_check attribute specifies how to handle multiple item entities with the same name in the OVAL Systems Characteristics file. For example, suppose we are dealing with a Group Test and an entity in the state is related to the user. It is very likely that when the information about the group is collected off of the system (and represented in the OVAL System Characteristics file) that there will be multiple users associated with the group (i.e. multiple 'user' item entities associated with the same 'user' state entity). If the OVAL State defines the value of the user entity to equal 'Fred', then the entity_check attribute determines if all values for 'user' item entities must be equal to 'Fred', or at least one value must be equal to 'Fred', etc. Note that with the exception of the 'none_satisfy' check value, the entity_check attribute can only affect the result of the test if the corresponding OVAL Item allows more than one occurrence of the entity (e.g. 'maxOccurs' is some value greater than one).
+ If the state entity uses a var_ref attribute, and the associated variable defines more than one value, the optional var_check attribute defines how the evaluation should proceed. For example, if a state entity 'size' with an operation of 'less than' references a variable that has five different integer values, and the var_check attribute has a value of 'all', then the 'size' state entity evaluates to true only if the corresponding 'size' item entity is less than each of the five integers defined by the variable. If a variable does not have any value, then an error should be reported during OVAL analysis. If both the state entity and a corresponding item entity have multiple values, the var_check is applied to each value of the item entity individually, and all must evaluate to true for the state entity to evaluate to true. There is no value of var_check which enables an element-wise comparison, and so there is no way to determine whether two multi-valued entities are truly 'equal' in that sense.
+ The entity_check and var_check attributes are considered together when evaluating a single state entity. When a variable identifies more than one value and multiple item entities with the same name exist, for a single state entity, a many-to-many comparison must be conducted. In this situation, there are many values for the state entity that must be compared to many item entities. Each item entity is compared to the state entity. For each item entity, an interim result is calculated by using the var_check attribute to combine the result of comparing each variable value with a single system value. Then these interim results are combined for each system value using the entity_check attribute.
+
+
+
+ - a var_ref has been supplied for the entity so a var_check should also be provided
+
+
+ - a var_check has been supplied for the entity so a var_ref should also be provided
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateIPAddressType type is extended by the entities of an individual OVAL State. This type provides uniformity to each object entity by including the attributes found in the EntityStateBaseType. This specific type describes any IPv4/IPv6 address or address prefix.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateIPAddressStringType type is extended by the entities of an individual OVAL State. This type provides uniformity to each object entity by including the attributes found in the EntityStateBaseType. This specific type describes any IPv4/IPv6 address, address prefix, or its string representation.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateAnySimpleType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type describes any simple data.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateBinaryType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type describes simple binary data. The empty string is also allowed when using a variable reference with an element.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateBoolType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type describes simple boolean data. The empty string is also allowed when using a variable reference with an element.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateFloatType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type describes simple float data. The empty string is also allowed when using a variable reference with an element.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateIntType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type describes simple integer data. The empty string is also allowed when using a variable reference with an element.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateEVRStringType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This type represents the epoch, version, and release fields as a single version string. It has the form "EPOCH:VERSION-RELEASE". Note that a null epoch (or '(none)' as returned by rpm) is equivalent to '0' and would hence have the form 0:VERSION-RELEASE. Comparisons involving this datatype should follow the algorithm of librpm's rpmvercmp() function.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateVersionType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type describes simple version data.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateFileSetRevisionType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type represents the version string related to filesets in HP-UX.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateIOSVersionType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type represents the version string related to CISCO IOS.
+
+
+
+
+
+
+
+
+
+
+
+
+ 'string' is included to allow for regular expressions on IOS version strings.
+
+
+
+
+
+
+
+
+
+
+ The EntityStateStringType type is extended by the entities of an individual OVAL State. This type provides uniformity to each state entity by including the attributes found in the EntityStateBaseType. This specific type describes simple string data.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateRecordType defines an entity that consists of a number of uniquely named fields. This structure is used for representing a record from a database query and other similar structures where multiple related fields must be collected at once. Note that for all entities of this type, the only allowed datatype is 'record' and the only allowed operation is 'equals'. During analysis of a system characteristics item the each field is analyzed and then the overall result for elements of this type is computed by logically anding the results for each field and then applying the entity_check attribute.
+ Note the datatype attribute must be set to 'record'.
+ Note the operation attribute must be set to 'equals'.
+ Note the var_ref attribute is not permitted.
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateFieldType defines an element with simple content that represents a named field in a record that may contain any number of named fields. The EntityStateFieldType is much like all other entities with one significant difference, the EntityStateFieldType has a name attribute
+ The required name attribute specifies a unique name for the field. Field names are lowercase and must be unique within a given parent record element. When analyzing system characteristics an error should be reported for the result of a field that is present in the OVAL State, but not found in the system characteristics Item.
+ The optional datatype attribute specifies how the given operation should be applied to the data. Since we are dealing with XML everything is technically a string, but often the field value is meant to represent some other datatype and this affects the way an operation is performed. For example, with the question, "is 123 less than 98?" If the data is treated as integers the answer is no, but if the data is treated as strings, then the answer is yes. Specifying a datatype defines how the less than operation should be performed in the example above. Another way of thinking of things is that the datatype attribute specifies how the data should be cast before performing the operation (note that the default datatype is 'string'). In the previous example, if the datatype is set to int, then '123' and '98' should be cast as integers. Another example is applying the 'equals' operation to '1.0.0.0' and '1.0'. With datatype 'string' they are not equal, with datatype 'version' they are. Note that there are certain cases where a cast from one datatype to another is not possible. If a cast cannot be made, (trying to cast 'abc' to an integer) then an error should be reported. For example, if the datatype is set to 'integer' and the value of the field is empty. There is no way to cast the empty string (or NULL) to an integer, and in cases like this an error should be reported.
+ The optional operation determines how the individual entities should be evaluated (the default operator is 'equals').
+ The optional mask attribute can be used in situations where information is needed for evaluation, but this information should not be disclosed in the results file (maybe due to sensitivity concerns). If the mask attribute is set to 'true', then the value of this field, along with the operation used, should not appear in the results file. Note that this value would appear in the copy of the system characteristics contained in the results file. In this case the results file should make use of the corresponding mask attribute in the system characteristics schema should be set to true and the value should be omitted. In addition to the value being omitted from the copy of the system characteristics file, the copy of the definition file should also omit the value and operation used for testing. Note that when the mask attribute is set to 'true' on a field's parent element the field must be masked regardless of the field's mask attribute value.
+ The optional entity_check attribute specifies how to handle multiple record fields with the same name in the OVAL Systems Characteristics file. For example, while collecting group information where one field is the represents the users that are members of the group. It is very likely that there will be multiple fields with a name of 'user' associated with the group. If the OVAL State defines the value of the field with name equal 'user' to equal 'Fred', then the entity_check attribute determines if all values for field entities must be equal to 'Fred', or at least one value must be equal to 'Fred', etc.
+ The optional var_ref attribute refers the value of the field to a variable element. When supplied, the value(s) associated with the OVAL Variable should be used as the value(s) of the field. If there is an error computing the value of the variable, then that error should be passed up to the field referencing it. If the variable being referenced does not have a value (for example, if the variable pertains to the size of a file, but the file does not exist) then the state comparison should result in an error for the field.
+ The optional var_check attribute defines how the evaluation should proceed when a var_ref is used. For example, if a field with an operation of 'less than' references a variable that has five different integer values, and the var_check attribute has a value of 'all', then field evaluates to true only if the corresponding field in the collected system characteristics item is less than each of the five integers defined by the variable.
+
+
+
+
+
+ A string restricted to disallow upper case characters.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/pixos-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/pixos-definitions-schema.xsd
new file mode 100644
index 0000000..c1b3b52
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/pixos-definitions-schema.xsd
@@ -0,0 +1,181 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the PIX specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ This schema was originally developed by Yuzheng Zhou and Eric Grey at Hewlett-Packard. The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ PixOS Definition
+ 5.8
+ 9/15/2010 1:55:34 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The line_test is used to check the properties of specific output lines from a SHOW command, such as SHOW RUNNING-CONFIG. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a line_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ line_test
+ line_object
+ line_state
+ line_item
+
+
+
+
+
+ - the object child element of a line_test must reference a line_object
+
+
+ - the state child element of a line_test must reference a line_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The line_object element is used by a line_test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A line object consists of a show_subcommand entity that is the name of a SHOW sub-command to be tested.
+
+
+
+
+
+
+
+
+
+
+ The name of a SHOW sub-command.
+
+
+
+
+
+
+
+
+
+
+
+
+ The line_state element defines the different information that can be used to evaluate the result of a specific SHOW sub-command. This includes the name of ths sub-command and the corresponding config line. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The name of the SHOW sub-command.
+
+
+
+
+ The value returned from by the specified SHOW sub-command.
+
+
+
+
+
+
+
+
+
+
+
+
+ The version test is used to check the version of the PIX operating system. It is based off of the SHOW VERSION command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ version_test
+ version_object
+ version_state
+ version_item
+
+
+
+
+
+ - the object child element of a version_test must reference a version_object
+
+
+ - the state child element of a version_test must reference a version_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The version_object element is used by a version test to define the different version information associated with a PIX system. There is actually only one object relating to version and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The version_state element defines the version information held within a Cisco PIX software release. The pix_release element specifies the whole PIX version information. The pix_major_release, pix_minor_release and pix_build elements specify seperated parts of PIX software version information. For instance, if the PIX version is 7.1(2.3)49, then pix_release is 7.1(2.3)49, pix_major_release is 7.1, pix_minor_release is 2.3 and pix_build is 49. See the SHOW VERSION command within PIX for more information.
+
+
+
+
+
+
+
+ The pix_release element specifies the whole PIX version information.
+
+
+
+
+ The pix_major_release is the dotted version that starts a version string. For example the pix_release 7.1(2.3)49 has a pix_major_release of 7.1.
+
+
+
+
+ The pix_minor_release is the dotted version that starts a version string. For example the pix_release 7.1(2.3)49 has a pix_minor_release of 2.3.
+
+
+
+
+ The pix_build is an integer. For example the pix_release 7.1(2.3)49 has a pix_build of 49.
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/redhat-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/redhat-definitions-schema.xsd
new file mode 100644
index 0000000..dc4593e
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/redhat-definitions-schema.xsd
@@ -0,0 +1,21 @@
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the Red Hat specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Red Hat Definition
+ 5.8
+ 9/15/2010 1:55:34 PM
+ Copyright (c) 2002-2008, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+ schematron validation of the Red Hat portion of an OVAL Definitions file
+
+
+
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/sharepoint-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/sharepoint-definitions-schema.xsd
new file mode 100644
index 0000000..28b7690
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/sharepoint-definitions-schema.xsd
@@ -0,0 +1,1971 @@
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the SharePoint specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The SharePoint Component Schema is based on the SharePoint Object Model (Windows SharePoint Services 3.0)
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ SharePoint Definition
+ 5.8
+ 9/15/2010 1:55:34 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The spwebapplication test is used to check the properties or permission settings of a SharePoint web application. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ spwebapplication_test
+ spwebapplication_object
+ spwebapplication_state
+ spwebapplication_item
+
+
+
+
+
+ - the object child element of a spwebapplication_test must reference an spwebapplication_object
+
+
+ - the state child element of a spwebapplication_test must reference an spwebapplication_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spwebapplication_object element is used by a spwebapplication test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spwebapplication object consists of a webapplicationurl used to define a specific web application. See the defintion of the SPWebApplication class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The webapplicationurl element defines the SPWebApplication to evaluate specific security settings or permissions.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spwebapplication_state element defines security settings and permissions that can be checked for a specified SPWebApplications.
+
+
+
+
+
+
+
+ The webapplicationurl element identifies a Web application.
+
+
+
+
+ If the allowparttopartcommunication is enabled it allows users to create connections between Web parts.
+
+
+
+
+ If the allowaccesstowebpartcatalog is enabled it allows users access to the online Web part gallery.
+
+
+
+
+ The blockedfileextention element identifies one or more file extensions that should be blocked from the deployment.
+
+
+
+
+ The defaultquotatemplate element identifies the default quota template set for the web application.
+
+
+
+
+ If the externalworkflowparticipantsenabled is enabled then users are allowed to participate in workflows.
+
+
+
+
+ If the recyclebinenabled is enabled it will be easy to restore deleted files.
+
+
+
+
+ If the automaticallydeleteunusedsitecollections is disabled, sites will not be automatically deleted.
+
+
+
+
+ If the selfservicesitecreationenabled is enabled users will be allowed to create and manager their own top-level Web sites .
+
+
+
+
+ The secondstagerecyclebinquota is the quota for the second stage recyle bin
+
+
+
+
+ The recyclebinretentionperiod is the retention period for the recyle bin
+
+
+
+
+ The outboundmailserverinstance element identifies the name of the SMPT server.
+
+
+
+
+ The outboundmailsenderaddress element identifies the address that the mail is being send from.
+
+
+
+
+ The outboundmailreplytoaddress element identifies the address that the mail should be replied to.
+
+
+
+
+ If the secvalexpires is enabled then the form will expire after the security validation time (timeout) .
+
+
+
+
+ The timeout is the amount of time before security validation expires.
+
+
+
+
+ If this is true, the web application to which this test refers is the Central Administration web application.
+
+
+
+
+ The applicationpoolname element identifies the web applications application pool name.
+
+
+
+
+ The applicationpoolusername element identifies the web applications application pool username.
+
+
+
+
+ If the openitems is enabled the permission to view the source of documents with server-side file handlers is available to use for this web application..
+
+
+
+
+ If the addlistitems is enabled the permission to add items to lists, add documents to document libraries, and add Web discussion comments is available to use for this Web application.
+
+
+
+
+ If approveitems is enabled the permission to approve a minor version of a list item or document is available to use for this the Web application.
+
+
+
+
+ If the deletelistitems is enabled the permission to delete items from a list, documents from a document library, and Web discussion comments in documents is available to use for this Web application.
+
+
+
+
+ If the deleteversions is enabled the permission to delete past versions of a list item or document is available to use for this Web application.
+
+
+
+
+ If the editlistitems is enabled the permission to edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries is available to use for this Web application.
+
+
+
+
+ If the managelists is enabled the permission to create and delete lists, add or remove columns in a list, and add or remove public views of a list is available to use for this the Web application.
+
+
+
+
+ If the viewversions is enabled the permission to view past versions of a list item or document is available to use for this Web application.
+
+
+
+
+ If the viewlistitems is enabled the permission to view items in lists, documents in document libraries, and view Web discussion commentsis available is available to use for this Web application.
+
+
+
+
+ If the cancelcheckout is enabled the permission to discard or check in a document which is checked out to another user is available to use for this the Web application.
+
+
+
+
+ If the createalerts is enabled the permission to Create e-mail alerts is available to use for this Web application.
+
+
+
+
+ If the viewformpages is enabled the permission to view forms, views, and application pages, and enumerate lists is available to use for this Web application.
+
+
+
+
+ If the viewpages is enabled the permission to view pages in a Web site is available to use for this Web application.
+
+
+
+
+ If addandcustomizepages is enabled the permission to add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services–compatible editor is available to use for this Web application.
+
+
+
+
+ If the applystylesheets is enabled the permission to Apply a style sheet (.css file) to the Web site is available to use for this Web application.
+
+
+
+
+ If the applythemeanborder is enabled the permission to apply a theme or borders to the entire Web site is available to use for this Web application.
+
+
+
+
+ If the browsedirectories is enabled the permission to enumerate files and folders in a Web site using Microsoft Office SharePoint Designer and WebDAV interfaces is available to use for this Web application.
+
+
+
+
+ If the browseuserinfo is enabled the permission to view information about users of the Web site is available to use for this Web application.
+
+
+
+
+ If the creategroups is enabled the permission to create a group of users that can be used anywhere within the site collection is available to use for this Web application.
+
+
+
+
+ If the createsscsite is enabled the permission to create a Web site using Self-Service Site Creation is available to use for this Web application.
+
+
+
+
+ If the editmyuserinfo is enabled the permission to allows a user to change his or her user information, such as adding a picture is available to use for this Web application.
+
+
+
+
+ If enumeratepermissions is enabled the permission to enumerate permissions on the Web site, list, folder, document, or list itemis is available to use for this Web application.
+
+
+
+
+ If the managealerts is enabled the permission to manage alerts for all users of the Web site is available to use for this Web application.
+
+
+
+
+ If the managepermissions is enabled the permission to create and change permission levels on the Web site and assign permissions to users and groups is available to use for this Web application.
+
+
+
+
+ If the managesubwebs is enabled the permission to create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites is available to use for this Web application.
+
+
+
+
+ If the manageweb is enabled the permission to perform all administration tasks for the Web site as well as manage content is available to use for this Web application.
+
+
+
+
+ If open is enabled the permission to allow users to open a Web site, list, or folder to access items inside that containeris available to use for this Web application.
+
+
+
+
+ If the useclientintegration is enabled the permission to use features that launch client applications; otherwise, users must work on documents locally and upload changesis is available to use for this Web application.
+
+
+
+
+ If the useremoteapis is enabled the permission to use SOAP, WebDAV, or Microsoft Office SharePoint Designer interfaces to access the Web siteis available to use for this Web application.
+
+
+
+
+ If the viewusagedata is enabled the permission to view reports on Web site usage in documents is available to use for this Web application.
+
+
+
+
+ If the managepersonalviews is enabled the permission to Create, change, and delete personal views of lists is available to use for this Web application.
+
+
+
+
+ If the adddelprivatewebparts is enabled the permission to add or remove personal Web Parts on a Web Part Page is available to use for this Web application.
+
+
+
+
+ If the updatepersonalwebparts is enabled the permission to update Web Parts to display personalized informationis available to use for this Web application.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spgroup test is used to check the group properties for site collections. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ spgroup_test
+ spgroup_object
+ spgroup_state
+ spgroup_item
+
+
+
+
+
+ - the object child element of a spgroup_test must reference a spgroup_object
+
+
+ - the state child element of a spgroup_test must reference a spgroup_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spgroup_object element is used by a spgroup test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spgroup object consists of a sitecollectionurl used to define a specific site collection. See the defintion of the SPGroup class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The sitecollectionurl element defines the Site Colection to evaluate specific group settings.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spgroup_state element defines settings for groups in a site collections.
+
+
+
+
+
+
+
+ The sitecollectionurl element identifies a Site Collection.
+
+
+
+
+ The name element identifies a Group name.
+
+
+
+
+ If the autoacceptrequesttojoinleave is enabled it allows users to automatically join groups.
+
+
+
+
+ If the allowmemberseditmembership is enabled than all group memebers will be allowed to edit the membership of a group..
+
+
+
+
+ If the onlyallowmembersviewmembership is enabled it allows users to automatically join groups.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spweb test is used to check the properties for site collections. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ spweb_test
+ spweb_object
+ spweb_state
+ spweb_item
+
+
+
+
+
+ - the object child element of a spweb_test must reference an spweb_object
+
+
+ - the state child element of a spweb_test must reference an spweb_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spweb_object element is used by a spweb test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spweb object consists of a webcollection url and sitecollection url used to define a specific web apoplication and a specific site collection. See the defintion of the SPWeb class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The webcollurl element defines the web application to evaluate specific web settings.
+
+
+
+
+ The sitecollectionurl element defines the site collection to evaluate specific web settings.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spweb_state element defines settings for a site collection.
+
+
+
+
+
+
+
+ The webcollurl element identifies a Site Collection.
+
+
+
+
+ The name element identifies a site collection url.
+
+
+
+
+ The secondarysitecolladmin element identifies a secondary site collection admin.
+
+
+
+
+ A boolean that represents if the secondarysitecolladmin is enabled.
+
+
+
+
+ If the allowanonymousaccess is enabled users will be allowed to create and manager their own top-level Web sites .
+
+
+
+
+
+
+
+
+
+
+
+
+ The splist test is used to check the properties of lists associated with a SharePoint site or site collection. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an splist_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ splist_test
+ splist_object
+ splist_state
+ splist_item
+
+
+
+
+
+ - the object child element of a splist_test must reference an splist_object
+
+
+ - the state child element of a splist_test must reference an splist_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The splist_object element is used by a splist test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An splist object consists of a spsiteurl used to define a specific site in a site collection that various security related configuration items need to be checked. See the defintion of the SPList class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The spsiteurl element defines the Sharepoint website being specified ...
+
+
+
+
+
+
+
+
+
+
+
+
+ The splist_state element defines the different information that can be used to evaluate the specified Sharepoint sites....
+
+
+
+
+
+
+
+ The spsiteurl element identifies an Sharepoint site to test for.
+
+
+
+
+ If the irmenabled option is enabled, documents are protected whenever they leave the control of the Sharepoint system.
+
+
+
+
+ If the enableversioning option is enabled, backup copies of documents are kept and managed by the Sharepoint system.
+
+
+
+
+ If the nocrawl option is enabled, the site is excluded from crawls that Sharepoint does when it indexes sites.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spantivirussettings test is used to check the settings for antivirus software associated with a SharePoint deployment.
+
+
+ spantivirussettings_test
+ spantivirussettings_object
+ spantivirussettings_state
+ spantivirussettings_item
+
+
+
+
+
+ - the object child element of a spantivirussettings_test must reference an spantivirussettings_object
+
+
+ - the state child element of a spantivirussettings_test must reference an spantivirussettings_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spantivirussettings_object element is used by a spantivirussettings test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spantivirussettings object consists of a spwebservicename used to define a specific webservice in a farm that various security related configuration items need to be checked and an spfarmname which denotes the farm of which the spwebservice is a part. See the defintion of the SPAntiVirusSettings class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The spwebservicename element denotes the web service for which antivirus settings will be checked.
+
+
+
+
+ The spfarmname element denotes the farm on which a web service to be queried resides.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spantivirus_state element defines the different information that can be used to evaluate the specified Sharepoint sites....
+
+
+
+
+
+
+
+ The spwebservicename denotes the name of a SharePoint web service to be tested or * (the default) to test all web services.
+
+
+
+
+ The spfarmname denotes the name of the farm on which the Sharepoint webservice resides or the local farm (default).
+
+
+
+
+ Specifies whether infected documents can be downloaded on the SharePoint system.
+
+
+
+
+ Specifies whether the virus scanner should attempt to cure files that are infected.
+
+
+
+
+ Specifies whetehr files are scanned for viruses when they are downloaded.
+
+
+
+
+ The number of threads that the antivirus scanner can use to scan documents for viruses.
+
+
+
+
+ Specifies whether to skip scanning for viruses during a search crawl.
+
+
+
+
+ Denotes the amount of time before the virus scanner times out.
+
+
+
+
+ Specifies whether files are scanned when they are uploaded.
+
+
+
+
+ Denotes the current increment of the number of times the vendor has been updated.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spsiteadministration test is used to check the properties of a site. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ spsiteadministration_test
+ spsiteadministration_object
+ spsiteadministration_state
+ spsiteadministration_item
+
+
+
+
+
+ - the object child element of a spsiteadministration_test must reference an spsiteadministration_object
+
+
+ - the state child element of a spsiteadministration_test must reference an spsiteadministration_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spsiteadministration_object element is used by a spsiteadministration test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spsiteadministration object consists of a webapplicationurl used to define a specific web application. See the defintion of the SPSiteAdministration class in the SharePoint object model documentation. See the defintion of the SPSiteAdministration class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The sitecollectionurl element defines the site to evaluate.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spspsiteadministration_state element defines security settings and permissions that can be checked for a specified SPSite.
+
+
+
+
+
+
+
+ The sitecollectionurl element identifies a site.
+
+
+
+
+ The storagemaxlevel is the maximum storage allowed for the site.
+
+
+
+
+ When the storagewarninglevel is reached a site collection receive advance notice before available storage is expended.s.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spsite test is used to check the properties of a site. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ spsite_test
+ spsite_object
+ spsite_state
+ spsite_item
+
+
+
+
+
+ - the object child element of a spsite_test must reference an spsite_object
+
+
+ - the state child element of a spsite_test must reference an spsite_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spsite_object element is used by a spsiteadministration test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spsite object consists of a sitecollectionurl used to define a specific web application. See the defintion of the SPSite class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The sitecollectionurl element defines the site to evaluate.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spsite_state element defines security settings and permissions that can be checked for a specified SPSite.
+
+
+
+
+
+
+
+ The sitecollectionurl element identifies a site.
+
+
+
+
+ The quota name is the name of quota template for a site collection.
+
+
+
+
+ The URL is the full URL to the root Web site of the site collection, including host name, port number, and path.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spcrawlrule test is used to check the configuration or rules associated with the SharePoint system's built-in indexer and the sites or documents that will be indexed.
+
+
+ spcrawlrule_test
+ spcrawlrule_object
+ spcrawlrule_state
+ spcrawlrule_item
+
+
+
+
+
+ - the object child element of a spcrawlrule_test must reference an spcrawlrule_object
+
+
+ - the state child element of a spcrawlrule_test must reference an spcrawlrule_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spcrawlrule_object element is used by a spcrawlrule test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spcrawlrule object consists of a spsiteurl used to define a specific resource (eg. website or document) on a server that can be indexed by the SharePoint indexer. See the defintion of the CrawlRule class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The spsiteurl element denotes the resource on the SharePoint server (eg. a site or document) for which indexing settings will be checked.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spcrawlrule state element defines the various properties of the SharePoint indexer that can be checked.
+
+
+
+
+
+
+
+ The spsiteurl denotes the URL of a website or resource whose indexing properties should be tested.
+
+
+
+
+ Specifies whether the crawler should crawl content from a hierarchical content source, such as HTTP content.
+
+
+
+
+ Specifies whether a particular crawl rule is enabled.
+
+
+
+
+ Specifies whether the indexer should crawl websites that contain the question mark (?) character.
+
+
+
+
+ The path to which a particular crawl rule applies.
+
+
+
+
+ The priority setting for a particular crawl rule.
+
+
+
+
+ Specifies whether the crawler should exclude the content of items that this rule applies to from the content index.
+
+
+
+
+ A string containing the account name for the crawl rule.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spjobdefinition test is used to check the status of the various properties associated with scheduled jobs in the SharePoint system.
+
+
+ spjobdefinition_test
+ spjobdefinition_object
+ spjobdefinition_state
+ spjobdefinition_item
+
+
+
+
+
+ - the object child element of a spjobdefinition_test must reference an spjobdefinition_object
+
+
+ - the state child element of a spjobdefinition_test must reference an spjobdefinition_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spjobdefinition_object element is used by a spjobdefinition test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spjobdefinition object consists of a webappuri used to define a specific web application for which job checks should be done. See the defintion of the SPJobDefinition class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The URI that represents the web application for which jobs should be checked.
+
+
+
+
+
+
+
+
+
+
+
+
+ The various properties of a Sharepoint job that can be checked.
+
+
+
+
+
+
+
+ The URI that represents the web application for which jobs should be checked.
+
+
+
+
+ The name of the job as displayed in the SharePoint Central Administration site.
+
+
+
+
+ Determines whether or not the job definition is enabled.
+
+
+
+
+ Determines whether the job definition should be retried if it ends abnormally.
+
+
+
+
+ The title of a job as displayed in the SharePoint Central Administration site.
+
+
+
+
+
+
+
+
+
+
+
+
+ The bestbet test is used to get all the best bets associated with a site.
+
+
+ bestbet_test
+ bestbet_object
+ bestbet_state
+ bestbet_item
+
+
+
+
+
+ - the object child element of a bestbet_test must reference an bestbet_object
+
+
+ - the state child element of a bestbet_test must reference an bestbet_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The bestbet_object element is used by a bestbet test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An bestbet object consists of a sitecollectionurl used to define a specific site and a bestbeturl used to define a specific best bet. See the defintion of the BestBet class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The URL that represents the site collection.
+
+
+
+
+ The URL that represents the best bet.
+
+
+
+
+
+
+
+
+
+
+
+
+ The various properties of a Best Bet that can be checked.
+
+
+
+
+
+
+
+ The URL that represents the site collection.
+
+
+
+
+ The name of the job as displayed in the SharePoint Central Administration site.
+
+
+
+
+ The title of a best bet.
+
+
+
+
+ Thedescription of a best bet..
+
+
+
+
+
+
+
+
+
+
+
+
+ The policycoll test is used to get all the Information Policies associated with a site.
+
+
+ infopolicycoll_test
+ infopolicycoll_object
+ infopolicycoll_state
+ infopolicycoll_item
+
+
+
+
+
+ - the object child element of a policycoll_test must reference an policycoll_object
+
+
+ - the state child element of a policycoll_test must reference an policycoll_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The infopolicycoll_object element is used by a policycoll test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A infopolicycoll object consists of a sitecollectionurl used to define a specific site and an id used to define a specific information policy. See the defintion of the Policy class and policycollection class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The URL that represents the site collection.
+
+
+
+
+ The id that represents the Information Policy.
+
+
+
+
+
+
+
+
+
+
+
+
+ The various properties of the Information Policy that can be checked.
+
+
+
+
+
+
+
+ The URL that represents the site collection.
+
+
+
+
+ The id of the Information Policy.
+
+
+
+
+ The name of the Information Policy.
+
+
+
+
+ The description of an Information Policy..
+
+
+
+
+ The long description of an Information Policy..
+
+
+
+
+
+
+
+
+
+
+
+
+ The spdiagnosticsservice test is used to check the diagnostic properties associated with a Sharepoint system.
+
+
+ spdiagnosticsservice_test
+ spdiagnosticsservice_object
+ spdiagnosticsservice_state
+ spdiagnosticsservice_item
+
+
+
+
+
+ - the object child element of an spdiagnosticsservice_test must reference an spdiagnosticsservice_object
+
+
+ - the state child element of an spdiagnosticsservice_test must reference an spdiagnosticsservice_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spdiagnosticsservice_object element is used by an spdiagnosticsservice test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spdiagnosticsservice object consists of a farmname used to define a specific Sharepoint farm for which diagnostics properties should be checked. See the defintion of the SPDiagnosticsService class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The farm whose diagnostic capabilities should be checked. Use .* for all farms or SPFarm.Local for the local farm.
+
+
+
+
+
+
+
+
+
+
+
+
+ The various properties of a diagnostics service that can be checked.
+
+
+
+
+
+
+
+ The farm whose diagnostic capabilities should be checked.
+
+
+
+
+ The name of the diagnostic service as shown in the Sharepoint Central Administration site.
+
+
+
+
+ The number of minutes to capture events to a single log file. This value lies in the range 0 to 1440. The default value is 30.
+
+
+
+
+ The path to the file system directory where log files are created and stored.
+
+
+
+
+ The value that indicates the number of log files to create. This lies in the range 0 to 1024 with a default of 96.
+
+
+
+
+ The required property specifies whether an instance of the spdiagnosticsservice must be running on the farm.
+
+
+
+
+ The friendly name for the service as displayed in the Central Administration and in logs. This should be "Windows Sharepoint Diagnostics Service" by default.
+
+
+
+
+
+
+
+
+
+
+
+
+ The spdiagnosticslevel_test is used to check the status of the logging features associated with a Sharepoint deployment.
+
+
+ spdiagnosticslevel_test
+ spdiagnosticslevel_object
+ spdiagnosticslevel_state
+ spdiagnosticslevel_item
+
+
+
+
+
+ - the object child element of an spdiagnosticslevel_test must reference an spdiagnosticslevel_object
+
+
+ - the state child element of an spdiagnosticslevel_test must reference an spdiagnosticslevel_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The spdiagnosticslevel_object element is used by an spdiagnosticslevel test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An spdiagnosticslevel object consists of a farmname used to define a specific Sharepoint farm for which policy properties should be checked. See the defintion of the SPWebApplication class in the SharePoint object model documentation. See the defintion of the IDiagnosticsLevel Interface in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The farm whose diagnostics levels should be checked. Use .* for all farms or SPFarm.Local for the local farm.
+
+
+
+
+
+
+
+
+
+
+
+
+ The various properties of a Diagnostics level that can be checked.
+
+
+
+
+
+
+
+ The name of the farm for which diagnostics level properties should be checked.
+
+
+
+
+ The event severity setting for a particular diagnostic level category.
+
+
+
+
+ Specifies whether the trace log category is hidden in the Windows Sharepoint Services Central Administration interface.
+
+
+
+
+ A string that represents the ID of the trace log category. This is its English language name.
+
+
+
+
+ The name of the trace log category. This represents the localized name for the category.
+
+
+
+
+ The trace severity setting for a particular diagnostic level category.
+
+
+
+
+
+
+
+
+
+
+
+
+ The sppolicyfeature test enables one to check the attributes associated with policies and policy features on the Sharepoint deployment.
+
+
+ sppolicyfeature_test
+ sppolicyfeature_object
+ sppolicyfeature_state
+ sppolicyfeature_item
+
+
+
+
+
+ - the object child element of an sppolicyfeature_test must reference an sppolicyfeature_object
+
+
+ - the state child element of an sppolicyfeature_test must reference an sppolicyfeature_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sppolicyfeature_object element is used by an sppolicyfeature test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An sppolicyfeature object consists of a farmname used to define a specific Sharepoint farm for which policy feature properties should be checked. See the defintion of the PolicyFeature class in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The farm whose policy features should be checked. Use .* for all farms or SPFarm.Local for the local farm.
+
+
+
+
+
+
+
+
+
+
+
+
+ The various properties of a policy feature that can be checked.
+
+
+
+
+
+
+
+ The farm whose policy features should be checked. Use .* for all farms or SPFarm.Local for the local farm.
+
+
+
+
+ The URL to a web control used to edit policy instance-level settings.
+
+
+
+
+ The default values for any policy instance-level settings for a policy feature.
+
+
+
+
+ The short description of the policy feature and of the service it provides.
+
+
+
+
+ The URL to a web control used to edit server farm-level settings for this policy feature.
+
+
+
+
+ The default settings for any server farm-level settings for this policy feature.
+
+
+
+
+ The policy feature group to which a policy feature belongs.
+
+
+
+
+ The name to display in the Microsoft Office Sharepoint Server 2007 interface for an information policy feature.
+
+
+
+
+ The name of the creator of the policy feature as it is displayed in the Microsoft Office Sharepoint Server 2007 user interface.
+
+
+
+
+ Specifies whether the policy feature is hidden or visible.
+
+
+
+
+
+
+
+
+
+
+
+
+ The sppolicy test enables one to check the attributes of the policies associated with a particular URL Zone in a Sharepoint system.
+
+
+ sppolicy_test
+ sppolicy_object
+ sppolicy_state
+ sppolicy_item
+
+
+
+
+
+ - the object child element of an sppolicy_test must reference an sppolicy_object
+
+
+ - the state child element of an sppolicy_test must reference an sppolicy_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sppolicy_object element is used by an sppolicy test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An sppolicy object consists of a webappuri and a URL Zone used to define a specific Sharepoint web application and zone for which policy properties should be checked. See the defintion of the SPPolicy class and the sppolicyroletype in the SharePoint object model documentation.
+
+
+
+
+
+
+
+
+
+
+ The URI that represents the web application for which policies should be checked.
+
+
+
+
+ The zone for which policies should be checked.
+
+
+
+
+
+
+
+
+
+
+
+ The various properties of a policy that can be checked.
+
+
+
+
+
+
+
+ The URI that represents the web application for which policies should be checked.
+
+
+
+
+ The zone for which policies should be checked.
+
+
+
+
+ The user or group display name for a policy. This defaults to the user name if the display name cannot be resolved through Active Directory.
+
+
+
+
+ Specifies whether the user identified by a particular policy is visible only as a System account within the Windows Sharepoint Services user interface.
+
+
+
+
+ The user name of the user or group that is associated with policy.
+
+
+
+
+ The policy role type to apply globally in a Sharepoint web application to a user or group.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityObjectUrlZoneType restricts a string value to a set of values that describe the different IIS Url Zones. The empty string is also allowed to support empty element associated with error conditions.
+
+
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+
+ The EntityStateEventSeverityType restricts a string value to a set of values that describe the different states that can be configured for a diagnostics level event severity level property of the diagnostics service.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+
+ The EntityStateTraceSeverityType restricts a string value to a set of values that describe the different states that can be configured for a diagnostics level trace severity level property of the diagnostics service.
+
+
+
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+
+ The EntityStatePolicyRoleType restricts a string value to a set of values that describe the different Policy settings for Access Control that are available for users.
+
+
+
+
+
+ Deny all rights.
+
+
+
+
+ Deny write permissions.
+
+
+
+
+ Grant full control.
+
+
+
+
+ Grant full read permissions.
+
+
+
+
+ No role type assigned.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+
+ The EntityStatePolicyRoleType restricts a string value to a set of values that describe the different policy feature states that can be configured for a policy feature.
+
+
+
+
+
+ Specifies that the policy feature is hidden from the Sharepoint Central Administration user interface.
+
+
+
+
+ Specifies that the policy feature is visible from the Sharepoint Central Administration user interface.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+
+ The EntityStateUrlZoneType restricts a string value to a set of values that describe the different IIS Url Zones.
+
+
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/solaris-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/solaris-definitions-schema.xsd
new file mode 100644
index 0000000..f7bafa7
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/solaris-definitions-schema.xsd
@@ -0,0 +1,895 @@
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the Solaris specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Solaris Definition
+ 5.8
+ 9/15/2010 1:55:34 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The isainfo test reveals information about the instruction set architectures. This information can be retrieved by the isainfo command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an isainfo_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ The isainfo_test was originally developed by Robert L. Hollis at ThreatGuard, Inc. Many thanks for their support of the OVAL project.
+
+
+ isainfo_test
+ isainfo_object
+ isainfo_state
+ isainfo_item
+
+
+
+
+
+
+ - the object child element of an isainfo_test must reference an isainfo_object
+
+
+
+ - the state child element of an isainfo_test must reference an isainfo_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The isainfo_object element is used by an isainfo test to define those objects to evaluated based on a specified state. There is actually only one object relating to isainfo and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check isainfo will reference the same isainfo_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The isainfo_state element defines the information about the instruction set architectures. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the number of bits in the address space of the native instruction set (isainfo -b).
+
+
+
+
+ This is the name of the instruction set used by kernel components (isainfo -k).
+
+
+
+
+ This is the name of the instruction set used by portable applications (isainfo -n).
+
+
+
+
+
+
+
+
+
+
+
+
+ From /usr/bin/ndd. See ndd manpage for specific fields
+
+
+ ndd_test
+ ndd_object
+ ndd_state
+ ndd_item
+
+
+
+
+
+ - the object child element of an ndd_test must reference an ndd_object
+
+
+ - the state child element of an ndd_test must reference an ndd_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of the device to examine. If multiple instances of this device exist on the system, an item for each instance will be collected.
+
+
+
+
+ The name of the parameter, For example, ip_forwarding.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of the device to examine.
+
+
+
+
+ The instance of the device to examine. Certain devices may have multiple instances on a system. If multiple instances exist, an item for each instance will be collected and will have this entity populated with its respective instance value. If only a single instance exists, this entity will not be collected.
+
+
+
+
+ The name of the parameter, For example, ip_forwarding.
+
+
+
+
+ The value of the named parameter.
+
+
+
+
+
+
+
+
+
+
+
+
+ The package test is used to check information associated with different packages installed on the system. The information used by this test is modeled after the /usr/bin/pkginfo command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ package_test
+ package_object
+ package_state
+ package_item
+
+
+
+
+
+
+ - the object child element of a package_test must reference a package_object
+
+
+
+ - the state child element of a package_test must reference a package_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The package_object element is used by a package test to define the packages to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A package object consists of a single pkginst entity that identifies the package to be used.
+
+
+
+
+
+
+
+
+
+
+ The pkginst entity is a string that represents a package designation by its instance. An instance can be the package abbreviation or a specific instance (for example, inst.1 or inst.2).
+
+
+
+
+
+
+
+
+
+
+
+
+ The package_state element defines the different information associated with packages installed on the system. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The pkginst entity is a string that represents a package designation by its instance. An instance can be the package abbreviation or a specific instance (for example, inst.1 or inst.2).
+
+
+
+
+ The name entity is a text string that specifies a full package name.
+
+
+
+
+ The category entity is a string in the form of a comma-separated list of categories under which a package may be displayed. Note that a package must at least belong to the system or application category. Categories are case-insensitive and may contain only alphanumerics. Each category is limited in length to 16 characters.
+
+
+
+
+ The version entity is a text string that specifies the current version associated with the software package. The maximum length is 256 ASCII characters and the first character cannot be a left parenthesis. Current Solaris software practice is to assign this parameter monotonically increasing Dewey decimal values of the form: major_revision.minor_revision[.micro_revision] where all the revision fields are integers. The versioning fields can be extended to an arbitrary string of numbers in Dewey-decimal format, if necessary.
+
+
+
+
+ The vendor entity is a string used to identify the vendor that holds the software copyright (maximum length of 256 ASCII characters).
+
+
+
+
+ The description entity is a string that represents a more in-depth description of a package.
+
+
+
+
+
+
+
+
+
+
+
+
+ The packagecheck_test is used to verify the integrity of an installed Solaris package. The information used by this test is modeled after the pkgchk command. For more information, see pkgchk(1M). It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a packagecheck_object and the optional packagecheck_state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ packagecheck_test
+ packagecheck_object
+ packagecheck_state
+ packagecheck_item
+
+
+
+
+
+
+ - the object child element of a packagecheck_test must reference a packagecheck_object
+
+
+
+ - the state child element of a packagecheck_test must reference a packagecheck_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The packagecheck_object element is used by a packagecheck_test to define the packages to be verified. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+ The pkginst entity is a string that represents a package designation by its instance. An instance can be the package abbreviation or a specific instance (for example, inst.1 or inst.2).
+
+
+
+
+ The filepath element specifies the absolute path for a file in the specified package. A directory cannot be specified as a filepath.
+
+
+
+
+
+
+
+
+
+
+
+
+ The package_state element defines the different verification information associated with packages installed on the system. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The pkginst entity is a string that represents a package designation by its instance. An instance can be the package abbreviation or a specific instance (for example, inst.1 or inst.2).
+
+
+
+
+ The filepath element specifies the absolute path for a file in the specified package. A directory cannot be specified as a filepath.
+
+
+
+
+ Has the file's checksum changed? A value of true indicates that the file's checksum has changed. A value of false indicates that the file's checksum has not changed.
+
+
+
+
+ Has the file's size changed? A value of true indicates that the file's size has changed. A value of false indicates that the file's size has not changed.
+
+
+
+
+ Has the file's modified time changed? A value of true indicates that the file's modified time has changed. A value of false indicates that the file's modified time has not changed.
+
+
+
+
+ Has the actual user read permission changed from the expected user read permission?
+
+
+
+
+ Has the actual user write permission changed from the expected user write permission?
+
+
+
+
+ Has the actual user exec permission changed from the expected user exec permission?
+
+
+
+
+ Has the actual group read permission changed from the expected group read permission?
+
+
+
+
+ Has the actual group write permission changed from the expected group write permission?
+
+
+
+
+ Has the actual group exec permission changed from the expected group exec permission?
+
+
+
+
+ Has the actual others read permission changed from the expected others read permission?
+
+
+
+
+ Has the actual others read permission changed from the expected others read permission?
+
+
+
+
+ Has the actual others read permission changed from the expected others read permission?
+
+
+
+
+
+
+
+
+
+ The PackageCheckBehaviors complex type defines a set of behaviors that for controlling how installed packages are checked. These behaviors align with the options of the pkgchk command (specifically '-a', '-c', and '-n').
+
+
+
+ 'fileattributes_only' when true this behavior means only check the file attributes and do not check file contents. When false, both file attributes and contents will be checked. This aligns with the pkgchk option '-a'.
+
+
+
+
+ 'filecontents_only' when true this behavior means only check the file contents and do not check file attributes. When false, both file attributes and contents will be checked. This aligns with the pkgchk option '-c'.
+
+
+
+
+ 'no_volatileeditable' when true this behavior means do not check volatile or editable files' contents. When false, volatile and editable files' contents will be checked. This aligns with the pkgchk option '-n'.
+
+
+
+
+
+
+
+
+ The patch test is used to check information associated with different patches installed on the system. The information being tested is based off the /usr/bin/showrev -p command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ patch54_test
+ patch54_object
+ patch_state
+ patch_item
+
+
+
+
+
+
+ - the object child element of a patch54_test must reference a patch54_object
+
+
+
+ - the state child element of a patch54_test must reference a patch_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The patch test is used to check information associated with different patches installed on the system. The information being tested is based off the /usr/bin/showrev -p command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ patch_test
+ patch_object
+ patch_state
+ patch_item
+
+
+
+
+ 5.4
+ Replaced by the patch54_test. The new test includes additional functionality that allows the object element to match both the original patch and any superseding patches. As a result of this new functionality, the patch_object was also expanded to include behaviors and version entities. See the patch54_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+
+ - the object child element of a patch_test must reference a patch_object
+
+
+
+ - the state child element of a patch_test must reference a patch_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The patch54_object element is used by a patch test to define the specific patch to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A patch object consists of a base entity that identifies the patch to be used, and a version entity that represent the patch revision number.
+
+
+
+
+
+
+
+
+
+
+
+ Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number.
+
+
+
+
+ Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number.
+
+
+
+
+
+
+
+
+
+
+
+
+ The patch_object element is used by a patch test to define the specific patch to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A patch object consists of a single base entity that identifies the patch to be used.
+
+
+ 5.4
+ Replaced by the patch54_object. Due to the additional functionality that allows the object element to match both the original patch and any superseding patches, a new object was created that includes behaviors and version entities. See the patch54_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Patches are identified by unique alphanumeric strings, with the patch base code first, a hyphen, and a number that represents the patch revision number.
+
+
+
+
+
+
+
+
+
+
+ The patch_state element defines the different information associated with a specific patch installed on the system. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The base entity reresents a patch base code found before the hyphen.
+
+
+
+
+ The version entity represents a patch version number found after the hyphen
+
+
+
+
+
+
+
+
+
+ The PatchBehaviors complex type defines a number of behaviors that allow a more detailed definition of the patch_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ 'supersedence' specifies that the object should also match any superseding patches to the one being specified. In other words, if set to True the resulting object set would be the original patch specified plus any superseding patches. The default value is 'false' meaning the object should only match the specified patch.
+
+
+
+
+
+
+
+
+
+
+
+ The smf_test is used to check service management facility controlled services including traditional unix rc level start/kill scrips and inetd daemon services. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a smf_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ smf_test
+ smf_object
+ smf_state
+ smf_item
+
+
+
+
+
+
+ - the object child element of a smf_test must reference a smf_object
+
+
+
+ - the state child element of a smf_test must reference a smf_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The smf_object element is used by a smf_test to define the specific service instance to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A smf_object consists of a service_name entity that identifies the service and a fmri entity that represents the fault management resource identifier.
+
+
+
+
+
+
+
+
+
+
+ The FMRI (Fault Managed Resource Identifier) entity is used to identify system objects for which advanced fault and resource management capabilities are provided. Services managed by SMF are assigned FMRI URIs prefixed with the scheme name "svc". FMRIs used by SMF can be expressed in three ways: first as an absolute path including a location path such as "localhost" (eg svc://localhost/system/system-log:default), second as a path relative to the local machine (eg svc:/system/system-log:default), and third as simply the service identifier with the string prefixes implied (eg system/system-log:default). For OVAL, the absolute path version (first choice) should be used.
+
+
+
+
+
+
+
+
+
+
+
+
+ The smf_state element defines the different information associated with a specific smf controlled service. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The FMRI (Fault Managed Resource Identifier) entity describes a possible identifier associated with a service. Services managed by SMF are assigned FMRI URIs prefixed with the scheme name "svc". FMRIs used by SMF can be expressed in three ways: first as an absolute path including a location path such as "localhost" (eg svc://localhost/system/system-log:default), second as a path relative to the local machine (eg svc:/system/system-log:default), and third as simply the service identifier with the string prefixes implied (eg system/system-log:default). For OVAL, the absolute path version (first choice) should be used.
+
+
+
+
+ The service_name entity is usually an abbreviated form of the FMRI. In the example svc://localhost/system/system-log:default, the name would be system-log.
+
+
+
+
+ The service_state entity describes a possible state that the service may be in. Each service instance is always in a well-defined state based on its dependencies, the results of the execution of its methods, and its potential receipt of events from the contracts filesystem. The service_state values are UNINITIALIZED, OFFLINE, ONLINE, DEGRADED, MAINTENANCE, DISABLED, and LEGACY-RUN.
+
+
+
+
+ The protocol entity describes a possible protocol supported by the service. Possible values are tcp, tcp6, tcp6only, udp, udp6, and udp6only
+
+
+
+
+ The entity server_executable is a string representing the listening daemon on the server side. An example being 'svcprop ftp' which might show 'inetd/start/exec astring /usr/sbin/in.ftpd\ -a'
+
+
+
+
+ The server_arguments entity describes possible parameters that are passed to the service.
+
+
+
+
+ The exec_as_user entity is a string pulled from svcprop in the following format: inetd_start/user astring root
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStatePermissionCompareType complex type restricts a string value to more, less, or same which specifies if an actual permission is different than the expected permission (more or less restrictive) or if the permission is the same. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The actual permission is more restrictive than the expected permission.
+
+
+
+
+ The actual permission is less restrictive than the expected permission.
+
+
+
+
+ The actual permission is the same as the expected permission.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateSmfProtocolType complex type defines the different values that are valid for the protocol entity of a smf_state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the type entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Request that service listen only for and pass on true IPv6 requests (not IPv4 mapped ones).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Request that service listen only for and pass on true IPv6 requests (not IPv4 mapped ones).
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateSmfServiceStateType complex type defines the different values that are valid for the service_state entity of a smf_state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the type entity.
+
+
+
+
+
+ The instance is enabled and running or available to run. The instance, however, is functioning at a limited capacity in comparison to normal operation.
+
+
+
+
+ The instance is disabled.
+
+
+
+
+ The instance is enabled, but not able to run. Administrative action is required to restore the instance to offline and subsequent states.
+
+
+
+
+ This state represents a legacy instance that is not managed by the service management facility. Instances in this state have been started at some point, but might or might not be running.
+
+
+
+
+ The instance is enabled, but not yet running or available to run.
+
+
+
+
+ The instance is enabled and running or is available to run.
+
+
+
+
+ This is the initial state for all service instances.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/unix-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/unix-definitions-schema.xsd
new file mode 100644
index 0000000..eb4b62c
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/unix-definitions-schema.xsd
@@ -0,0 +1,2664 @@
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose generic UNIX tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ UNIX Definition
+ 5.8
+ 9/15/2010 1:55:35 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+
+
+
+
+ The dnscache_test is used to check the time to live and IP addresses associated with a domain name. The time to live and IP addresses for a particular domain name are retrieved from the DNS cache on the local system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a dnscache_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ dnscache_test
+ dnscache_object
+ dnscache_state
+ dnscache_item
+
+
+
+
+
+ - the object child element of a dnscache_test must reference a dnscache_object
+
+
+ - the state child element of a dnscache_test must reference a dnscache_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The dnscache_object is used by the dnscache_test to specify the domain name(s) that should be collected from the DNS cache on the local system. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The domain_name element specifies the domain name(s) that should be collected from the DNS cache on the local system.
+
+
+
+
+
+
+
+
+
+
+
+
+ The dnscache_state contains three entities that are used to check the domain name, time to live, and IP addresses associated with the DNS cache entry.
+
+
+
+
+
+
+
+ The domain_name element contains a string that represents a domain name that was collected from the DNS cache on the local system.
+
+
+
+
+ The ttl element contains an integer that represents the time to live in seconds of the DNS cache entry.
+
+
+
+
+ The ip_address element contains a string that represents an IP address associated with the specified domain name that was collected from the DNS cache on the local system. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+
+
+
+
+
+
+
+
+ The file test is used to check metadata associated with UNIX files, of the sort returned by either an ls command, stat command or stat() system call. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a file_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ file_test
+ file_object
+ file_state
+ file_item
+
+
+
+
+
+ - the object child element of a file_test must reference a file_object
+
+
+ - the state child element of a file_test must reference a file_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file_object element is used by a file test to define the specific file(s) to be evaluated. The file_object will collect all UNIX file types (directory, regular file, character device, block device, fifo, symbolic link, and socket). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A file object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileBehaviors complex type for more information about specific behaviors.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth, recurse, recurse_direction and recurse_file_system behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes or permissions associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file_state element defines the different metadata associate with a UNIX file. This includes the path, filename, type, group id, user id, size, etc. In addition, the permission associated with the file are also included. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The name of the file.
+
+
+
+
+ This is the file's type: regular file (regular), directory, named pipe (fifo), symbolic link, socket or block special.
+
+
+
+
+ The group_id entity represents the group owner of a file, by group number. To test for a file with no group assigned to it, this entity would be used with an empty value.
+
+
+
+
+ The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. This element represents the owner of the file. To test for a file with no user assigned to it, this entity would be used with an empty value.
+
+
+
+
+ This is the time that the file was last accessed, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970.
+
+
+
+
+ This is the time of the last change to the file's inode, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970. An inode is a Unix data structure that stores all of the information about a particular file.
+
+
+
+
+ This is the time of the last change to the file's contents, in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970.
+
+
+
+
+ This is the size of the file in bytes.
+
+
+
+
+ Does the program run with the uid (thus privileges) of the file's owner, rather than the calling user?
+
+
+
+
+ Does the program run with the gid (thus privileges) of the file's group owner, rather than the calling user's group?
+
+
+
+
+ Can users delete each other's files in this directory, when said directory is writable by those users?
+
+
+
+
+ Can the owner (user owner) of the file read this file or, if a directory, read the directory contents?
+
+
+
+
+ Can the owner (user owner) of the file write to this file or, if a directory, write to the directory?
+
+
+
+
+ Can the owner (user owner) of the file execute it or, if a directory, change into the directory?
+
+
+
+
+ Can the group owner of the file read this file or, if a directory, read the directory contents?
+
+
+
+
+ Can the group owner of the file write to this file or, if a directory, write to the directory?
+
+
+
+
+ Can the group owner of the file execute it or, if a directory, change into the directory?
+
+
+
+
+ Can all other users read this file or, if a directory, read the directory contents?
+
+
+
+
+ Can the other users write to this file or, if a directory, write to the directory?
+
+
+
+
+ Can the other users execute this file or, if a directory, change into the directory?
+
+
+
+
+ Does the file or directory have ACL permissions applied to it? If the file or directory doesn't have an ACL, or it matches the standard UNIX permissions, the value will be 'false'. Otherwise, if a file or directory has an ACL, the value will be 'true'.
+
+
+
+
+
+
+
+
+
+ The FileBehaviors complex type defines a number of behaviors that allow a more detailed definition of the file_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+ 'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. For a 'max_depth' of -1 or any value of 1 or more the starting directory must be considered in the recursive search.
+ Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recursion off.
+
+
+
+
+
+
+
+
+
+
+ 'recurse' defines how to recurse into the path entity, in other words what to follow during recursion. Options include symlinks, directories, or both. Note that a max-depth has to be specified for recursion to take place and for this attribute to mean anything.
+
+
+ 5.4
+ The values 'files', 'files and directories', and 'none' are being removed because it is not possible to recurse files and the value 'none' was intended to mean no recursion, however, this is already covered by the recurse_direction attribute.
+ These values have been deprecated and will be removed in version 6.0 of the language.
+
+
+
+ DEPRECATED ATTRIBUTE VALUE IN: ATTRIBUTE VALUE:
+ DEPRECATED ATTRIBUTE VALUE IN: ATTRIBUTE VALUE:
+ DEPRECATED ATTRIBUTE VALUE IN: ATTRIBUTE VALUE:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 'recurse_direction' defines the direction to recurse, either 'up' to parent directories, or 'down' into child directories. The default value is 'none' for no recursion.
+
+
+
+
+
+
+
+
+
+
+
+ 'recurse_file_system' defines the file system limitation of any recursion, either 'local' limiting data collection to local file systems (as opposed to file systems mounted from an external system), or 'defined' to keep any recursion within the file system that the file_object (path+filename) has specified. The default value is 'all' meaning to use all available file systems for data collection.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file extended attribute test is used to check extended attribute values associated with UNIX files, of the sort returned by the getfattr command or getxattr() system call. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a fileextendedattribute_object and the optional state element specifies the extended attributes to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ NOTE: Solaris has a very different implementation of "extended attributes" in which the attributes are really an orthogonal directory hierarchy of files. See the Solaris documentation for more details. The file extended attribute test only handles simple name/value pairs as implemented by most other UNIX derived operating systems.
+
+
+ fileextendedattribute_test
+ fileextendedattribute_object
+ fileextendedattribute_state
+ fileextendedattribute_item
+
+
+
+
+
+ - the object child element of a fileextendedattribute_test must reference a fileextendedattribute_object
+
+
+ - the state child element of a fileextendedattribute_test must reference a fileextendedattribute_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileextendedattribute_object element is used by a file extended attribute test to define the specific file(s) and attribute(s) to be evaluated. The fileextendedattribute_object will collect all UNIX file types (directory, regular file, character device, block device, fifo, symbolic link, and socket). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A file extended attribute object defines the path, filename and attribute name. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileExtendedAttributeBehaviors complex type for more information about specific behaviors.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth, recurse, recurse_direction and recurse_file_system behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.
+
+
+
+
+
+
+ The attribute_name element specifies the name of an extended attribute to evaluate.
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileextendedattribute_state element defines an extended attribute associated with a UNIX file. This includes the path, filename, attribute name, and attribute value.
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory can be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The name of the file.
+
+
+
+
+ This is the extended attribute's name, identifier or key.
+
+
+
+
+ The value entity represents the extended attribute's value or contents. To test for an attribute with no value assigned to it, this entity would be used with an empty value.
+
+
+
+
+
+
+
+
+
+
+
+
+ The gconf_test is used to check the attributes and value(s) associated with GConf preference keys. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a gconf_object and the optional gconf_state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ gconf_test
+ gconf_object
+ gconf_state
+ gconf_item
+
+
+
+
+
+ - the object child element of a gconf_test must reference an gconf_object
+
+
+ - the state child element of a gconf_test must reference an gconf_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The gconf_object element is used by a gconf_test to define the preference keys to collect and the sources from which to collect the preference keys. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ This is the preference key to check.
+
+
+
+
+ The source element specifies the source from which to collect the preference key. The source is represented by the absolute path to a GConf XML file as XML is the current backend for GConf. Note that other backends may become available in the future. If the xsi:nil attribute is set to 'true', the preference key is looked up using the GConf daemon. Otherwise, the preference key is looked up using the values specified in this entity.
+
+
+
+
+ - operation attribute for the source entity of a gconf_object should be 'equals'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The gconf_state element defines the different information that can be used to evaluate the specified GConf preference key. This includes the preference key, source, type, whether it's writable, the user who last modified it, the time it was last modified, whether it's the default value, as well as the preference key's value. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The preference key to check.
+
+
+
+
+ The source used to look up the preference key.
+
+
+
+
+ The type of the preference key.
+
+
+
+
+ Is the preference key writable? If true, the preference key is writable. If false, the preference key is not writable.
+
+
+
+
+ The user who last modified the preference key.
+
+
+
+
+ The time the preference key was last modified in seconds since the Unix epoch. The Unix epoch is the time 00:00:00 UTC on January 1, 1970.
+
+
+
+
+ Is the preference key value the default value. If true, the preference key value is the default value. If false, the preference key value is not the default value.
+
+
+
+
+ The value of the preference key.
+
+
+
+
+
+
+
+
+
+
+
+
+ The inetd test is used to check information associated with different Internet services. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ inetd_test
+ inetd_object
+ inetd_state
+ inetd_item
+
+
+
+
+
+ - the object child element of an inetd_test must reference an inetd_object
+
+
+ - the state child element of an inetd_test must reference an inetd_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The inetd_object element is used by an inetd test to define the specific protocol-service to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An inetd object consists of a protocol entity and a service_name entity that identifies the specific service to be tested.
+
+
+
+
+
+
+
+
+
+
+ A recognized protocol listed in the file /etc/inet/protocols.
+
+
+
+
+ The name of a valid service listed in the services file. For RPC services, the value of the service-name field consists of the RPC service name or program number, followed by a '/' (slash) and either a version number or a range of version numbers (for example, rstatd/2-4).
+
+
+
+
+
+
+
+
+
+
+
+
+ The inetd_state element defines the different information associated with a specific Internet service. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ A recognized protocol listed in the file /etc/inet/protocols.
+
+
+
+
+ The name of a valid service listed in the services file. For RPC services, the value of the service-name field consists of the RPC service name or program number, followed by a '/' (slash) and either a version number or a range of version numbers (for example, rstatd/2-4).
+
+
+
+
+ Either the pathname of a server program to be invoked by inetd to perform the requested service, or the value internal if inetd itself provides the service.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This field has values wait or nowait. This entry specifies whether the server that is invoked by inetd will take over the listening socket associated with the service, and whether once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests.
+
+
+
+
+
+
+
+
+
+
+
+
+ The interface test enumerates various attributes about the interfaces on a system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an interface_object and the optional state element specifies the interface information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ interface_test
+ interface_object
+ interface_state
+ interface_item
+
+
+
+
+
+ - the object child element of an interface_test must reference an interface_object
+
+
+ - the state child element of an interface_test must reference an interface_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The interface_object element is used by an interface test to define the specific interfaces(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An interface object consists of a single name entity that identifies which interface is being specified.
+
+
+
+
+
+
+
+
+
+
+ The name element is the interface (eth0, eth1, fw0, etc.) name to check.
+
+
+
+
+
+
+
+
+
+
+
+
+ The interface_state element enumerates the different properties associate with a Unix interface. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The name element is the interface (eth0, eth1, fw0, etc.) name to check.
+
+
+
+
+ The type element specifies the type of interface.
+
+
+
+
+ The hardware_addr element is the hardware or MAC address of the physical network card. MAC addresses should be formatted according to the IEEE 802-2001 standard which states that a MAC address is a sequence of six octet values, separated by hyphens, where each octet is represented by two hexadecimal digits. Uppercase letters should also be used to represent the hexadecimal digits A through F.
+
+
+
+
+ This is the IP address of the interface. Note that the IP address can be IPv4 or IPv6. If the IP address is an IPv6 address, this entity will be expressed as an IPv6 address prefix using CIDR notation and the netmask entity will not be collected.
+
+
+
+
+ This is the broadcast IP address for this interface's network. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the bitmask used to calculate the interface's IP network. The network number is calculated by bitwise-ANDing this with the IP address. The host number on that network is calculated by bitwise-XORing this with the IP address. Note that if the inet_addr entity contains an IPv6 address prefix, this entity will not be collected.
+
+
+
+
+ The flag entity represents the interface flag line, which generally contains flags like "UP" to denote an active interface, "PROMISC" to note that the interface is listening for Ethernet frames not specifically addressed to it, and others. This element can be included multiple times in a system characteristic item in order to record a multitude of flags. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like this that refer to items that can occur an unbounded number of times.
+
+
+
+
+
+
+
+
+
+
+
+
+ /etc/passwd. See passwd(4).
+ The password test is used to check metadata associated with the UNIX password file, of the sort returned by the passwd command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a password_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ password_test
+ password_object
+ password_state
+ password_item
+
+
+
+
+
+ - the object child element of a password_test must reference a password_object
+
+
+ - the state child element of a password_test must reference a password_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The password_object element is used by a password test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A password object consists of a single username entity that identifies the user whos passwords are to be evaluated.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The password_state element defines the different information associated with the system passwords. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The numeric user id, or uid, is the third column of each user's entry in /etc/passwd. This element represents the owner of the file.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The process test is used to check information found in the UNIX processes. It is equivalent to parsing the output of the ps command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a process_object and the optional state element specifies the process information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ process_test
+ process_object
+ process_state
+ process_item
+
+
+
+
+ 5.8
+ The process_test has been deprecated and replaced by the process58_test. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_test for additional information.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of a process_test must reference a process_object
+
+
+ - the state child element of a process_test must reference a process_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The process_object element is used by a process test to define the specific process(es) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A process object defines the command line used to start the process(es).
+
+
+ 5.8
+ The process_object has been deprecated and replaced by the process58_object. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_object for additional information.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+ The command element specifies the command/program name to check.
+
+
+
+
+
+
+
+
+
+
+ The process_state element defines the different metadata associated with a UNIX process. This includes the command line, pid, ppid, priority, and user id. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.8
+ The process_state has been deprecated and replaced by the process58_state. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_state for additional information.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ The command element specifies the command/program name to check.
+
+
+
+
+ This is the cumulative CPU time, formatted in [DD-]HH:MM:SS where DD is the number of days when execution time is 24 hours or more.
+
+
+
+
+ This is the process ID of the process.
+
+
+
+
+ This is the process ID of the process's parent process.
+
+
+
+
+ This is the scheduling priority with which the process runs. This can be adjusted with the nice command or nice() system call.
+
+
+
+
+ This is the real user id which represents the user who has created the process.
+
+
+
+
+ A platform specific characteristic maintained by the scheduler: RT (real-time), TS (timeshare), FF (fifo), SYS (system), etc.
+
+
+
+
+ This is the time of day the process started formatted in HH:MM:SS if the same day the process started or formatted as MMM_DD (Ex.: Feb_5) if process started the previous day or further in the past.
+
+
+
+
+ This is the TTY on which the process was started, if applicable.
+
+
+
+
+ This is the effective user id which represents the actual privileges of the process.
+
+
+
+
+
+
+
+
+
+
+
+
+ The process58_test is used to check information found in the UNIX processes. It is equivalent to parsing the output of the ps command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a process58_object and the optional state element references a process58_state that specifies the process information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ process58_test
+ process58_object
+ process58_state
+ process58_item
+
+
+
+
+
+ - the object child element of a process58_test must reference a process58_object
+
+
+ - the state child element of a process58_test must reference a process58_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The process58_object element is used by a process58_test to define the specific process(es) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A process58_object defines the command line used to start the process(es) and pid.
+
+
+
+
+
+
+
+
+
+
+ The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.
+
+
+
+
+ The pid entity is the process ID of the process.
+
+
+
+
+
+
+
+
+
+
+
+
+ The process58_state element defines the different metadata associated with a UNIX process. This includes the command line, pid, ppid, priority, and user id. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the string used to start the process. This includes any parameters that are part of the command line.
+
+
+
+
+ This is the cumulative CPU time, formatted in [DD-]HH:MM:SS where DD is the number of days when execution time is 24 hours or more.
+
+
+
+
+ This is the process ID of the process.
+
+
+
+
+ This is the process ID of the process's parent process.
+
+
+
+
+ This is the scheduling priority with which the process runs. This can be adjusted with the nice command or nice() system call.
+
+
+
+
+ This is the real user id which represents the user who has created the process.
+
+
+
+
+ A platform specific characteristic maintained by the scheduler: RT (real-time), TS (timeshare), FF (fifo), SYS (system), etc.
+
+
+
+
+ This is the time of day the process started formatted in HH:MM:SS if the same day the process started or formatted as MMM_DD (Ex.: Feb_5) if process started the previous day or further in the past.
+
+
+
+
+ This is the TTY on which the process was started, if applicable.
+
+
+
+
+ This is the effective user id which represents the actual privileges of the process.
+
+
+
+
+ A boolean that when true would indicates that ExecShield is enabled for the process.
+
+
+
+
+ The loginuid shows which account a user gained access to the system with. The /proc/XXXX/loginuid shows this value.
+
+
+
+
+ An effective capability associated with the process. See linux/include/linux/capability.h for more information.
+
+
+
+
+ An selinux domain label associated with the process.
+
+
+
+
+ The session ID of the process.
+
+
+
+
+
+
+
+
+
+
+
+
+ The routingtable_test is used to check information about the IPv4 and IPv6 routing table entries found in a system's primary routing table. It is important to note that only numerical addresses will be collected and that their symbolic representations will not be resolved. This equivalent to using the '-n' option with route(8) or netstat(8). It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a routingtable_object and the optional routingtable_state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ routingtable_test
+ routingtable_object
+ routingtable_state
+ routingtable_item
+
+
+
+
+
+ - the object child element of a routingtable_test must reference an routingtable_object
+
+
+ - the state child element of a routingtable_test must reference an routingtable_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The routingtable_object element is used by a routingtable_test to define the destination IP address(es), found in a system's primary routing table, to collect. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ This is the destination IP address of the routing table entry to check.
+
+
+
+
+
+
+
+
+
+
+
+
+ The routingtable_state element defines the different information that can be used to check an entry found in a system's primary routing table. This includes the destination IP address, gateway, netmask, flags, and the name of the interface associated with it. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The destination IP address prefix of the routing table entry. This is the destination IP address and netmask/prefix-length expressed using CIDR notation.
+
+
+
+
+ The gateway of the specified routing table entry.
+
+
+
+
+ The flags associated with the specified routing table entry.
+
+
+
+
+ The name of the interface associated with the routing table entry.
+
+
+
+
+
+
+
+
+
+
+
+
+ The runlevel test is used to check information about which runlevel specified service are scheduled to exist at. For more information see the output generated by a chkconfig --list. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a runlevel_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ runlevel_test
+ runlevel_object
+ runlevel_state
+ runlevel_item
+
+
+
+
+
+ - the object child element of a runlevel_test must reference a runlevel_object
+
+
+ - the state child element of a runlevel_test must reference a runlevel_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The runlevel_object element is used by a runlevel_test to define the specific service(s)/runlevel combination to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The service_name entity refers the name associated with a service. This name is usually the filename of the script file located in /etc/init.d directory.
+
+
+
+
+ The runlevel entity refers to which runlevel a system is at. A runlevel is defined as a software configuration of the system that allows only a selected group of processes to exist.
+
+
+
+
+
+
+
+
+
+
+
+
+ The runlevel_state element holds information about whether a specific service is schedule to start or kill at a given runlevel. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The service_name entity refers the name associated with a service. This name is usually the filename of the script file located in /etc/init.d directory.
+
+
+
+
+ The runlevel entity refers to which runlevel a system is at. A runlevel is defined as a software configuration of the system that allows only a selected group of processes to exist.
+
+
+
+
+ The start entity determines if the process is scheduled to be spawned at the specified runlevel.
+
+
+
+
+ The kill entity determines if the proces is supposed to be killed at the specified runlevel.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ sccs_test
+ sccs_object
+ sccs_state
+ sccs_item
+
+
+
+
+
+ - the object child element of a sccs_test must reference a sccs_object
+
+
+ - the state child element of a sccs_test must reference a sccs_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth, recurse, recurse_direction and recurse_file_system behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to an SCCS file.
+
+
+
+
+ The name of an SCCS file.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to an SCCS file.
+
+
+
+
+ This is the name of a SCCS file.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The shadow test is used to check information from the /etc/shadow file for a specific user. This file contains a user's password, but also their password aging and lockout information. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an shadow_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ shadow_test
+ shadow_object
+ shadow_state
+ shadow_item
+
+
+
+
+
+ - the object child element of a shadow_test must reference a shadow_object
+
+
+ - the state child element of a shadow_test must reference a shadow_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The shadow_object element is used by a shadow test to define the shadow file to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A shdow object consists of a single user entity that identifies the username associted with the shadow file.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The shadows_state element defines the different information associated with the system shadow file. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This is the name of the user being checked.
+
+
+
+
+ This is the encrypted version of the user's password.
+
+
+
+
+ This is the date of the last password change in days since 1/1/1970.
+
+
+
+
+ This specifies how often in days a user may change their password. It can also be thought of as the minimum age of a password.
+
+
+
+
+ This describes how long a user can keep a password before the system forces her to change it.
+
+
+
+
+ This describes how long before password expiration the system begins warning the user. The system will warn the user at each login.
+
+
+
+
+ The exp_inact entity describes how many days of account inactivity the system will wait after a password expires before locking the account. Unix systems are generally configured to only allow a given password to last for a fixed period of time. When this time, the chg_req parameter, is near running out, the system begins warning the user at each login. How soon before the expiration the user receives these warnings is specified in exp_warn. The only hiccup in this design is that a user may not login in time to ever receive a warning before account expiration. The exp_inact parameter gives the sysadmin flexibility so that a user who reaches the end of their expiration time gains exp_inact more days to login and change their password manually.
+
+
+
+
+ This specifies when will the account's password expire, in days since 1/1/1970.
+
+
+
+
+ This is a reserved field that the shadow file may use in the future.
+
+
+
+
+ The encrypt_method entity describes method that is used for hashing passwords.
+
+
+
+
+
+
+
+
+
+
+
+
+ The sysctl_test is used to check the values associated with the kernel parameters that are used by the local system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a sysctl_object and the optional state element references a sysctl_state that specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ sysctl_test
+ sysctl_object
+ sysctl_state
+ sysctl_item
+
+
+
+
+
+ - the object child element of a sysctl_test must reference a sysctl_object
+
+
+ - the state child element of a sysctl_test must reference a sysctl_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sysctl_object is used by a sysctl_test to define which kernel parameters on the local system should be collected. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The name element specifies the name(s) of the kernel parameter(s) that should be collected from the local system.
+
+
+
+
+
+
+
+
+
+
+
+
+ The sysctl_state contains two entities that are used to check the kernel parameter name and value(s).
+
+
+
+
+
+
+
+ The name element contains a string that represents the name of a kernel parameter that was collected from the local system.
+
+
+
+
+ The value element contains a string that represents the value(s) associated with the specified kernel parameter.
+
+
+
+
+
+
+
+
+
+
+
+
+ The uname test reveals information about the hardware the machine is running on. This information is the parsed equivalent of uname -a. For example: "Linux quark 2.6.5-7.108-default #1 Wed Aug 25 13:34:40 UTC 2004 i686 i686 i386 GNU/Linux" or "Darwin TestHost 7.7.0 Darwin Kernel Version 7.7.0: Sun Nov 7 16:06:51 PST 2004; root:xnu/xnu-517.9.5.obj~1/RELEASE_PPC Power Macintosh powerpc". It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a uname_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ uname_test
+ uname_object
+ uname_state
+ uname_item
+
+
+
+
+
+ - the object child element of a uname_test must reference a uname_object
+
+
+ - the state child element of a uname_test must reference a uname_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The uname_object element is used by an uname test to define those objects to evaluated based on a specified state. There is actually only one object relating to uname and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check uname will reference the same uname_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The uname_state element defines the information about the hardware the machine is running one. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This entity specifies a machine hardware name. This corresponds to the command uname -m.
+
+
+
+
+ This entity specifies a host name. This corresponds to the command uname -n.
+
+
+
+
+ This entity specifies an operating system name. This corresponds to the command uname -s.
+
+
+
+
+ This entity specifies a build version. This corresponds to the command uname -r.
+
+
+
+
+ This entity specifies an operating system version. This corresponds to the command uname -v.
+
+
+
+
+ This entity specifies a processor type. This corresponds to the command uname -p.
+
+
+
+
+
+
+
+
+
+
+
+
+ The xinetd test is used to check information associated with different Internet services. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an inetd_object and the optional state element specifies the information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ xinetd_test
+ xinetd_object
+ xinetd_state
+ xinetd_item
+
+
+
+
+
+ - the object child element of a xinetd_test must reference a xinetd_object
+
+
+ - the state child element of a xinetd_test must reference a xinetd_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The xinetd_object element is used by an xinetd test to define the specific protocol-service to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An xinetd object consists of a protocol entity and a service_name entity that identifies the specific service to be tested.
+
+
+
+
+
+
+
+
+
+
+ A recognized protocol.
+
+
+
+
+ The name of a valid service.
+
+
+
+
+
+
+
+
+
+
+
+
+ The xinetd_state element defines the different information associated with a specific Internet service. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ A recognized protocol.
+
+
+
+
+ The name of a valid service.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The EntityStateCapabilityType complex type restricts a string value to a specific set of values that describe POSIX capability types associated with a process service. This list is based off the values defined in linux/include/linux/capability.h. Documentation on each allowed value can be found in capability.h. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateEndpointType complex type restricts a string value to a specific set of values that describe endpoint types associated with an Internet service. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The stream value is used to describe a stream socket.
+
+
+
+
+ The dgram value is used to describe a datagram socket.
+
+
+
+
+ The raw value is used to describe a raw socket.
+
+
+
+
+ The seqpacket value is used to describe a sequenced packet socket.
+
+
+
+
+ The tli value is used to describe all TLI endpoints.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateGconfTypeType complex type restricts a string value to the seven values GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, GCONF_VALUE_SCHEMA, GCONF_VALUE_LIST, and GCONF_VALUE_PAIR that specify the datatype of the value associated with a GConf preference key. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The GCONF_VALUE_STRING type is used to describe a preference key that has a string value.
+
+
+
+
+ The GCONF_VALUE_INT type is used to describe a preference key that has a integer value.
+
+
+
+
+ The GCONF_VALUE_FLOAT type is used to describe a preference key that has a float value.
+
+
+
+
+ The GCONF_VALUE_BOOL type is used to describe a preference key that has a boolean value.
+
+
+
+
+ The GCONF_VALUE_SCHEMA type is used to describe a preference key that has a schema value. The actual value will be the default value as specified in the GConf schema.
+
+
+
+
+ The GCONF_VALUE_LIST type is used to describe a preference key that has a list of values. The actual values will be one of the primitive GConf datatypes GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, and GCONF_VALUE_SCHEMA. Note that all of the values associated with a GCONF_VALUE_LIST are required to have the same type.
+
+
+
+
+ The GCONF_VALUE_PAIR type is used to describe a preference key that has a pair of values. The actual values will consist of the primitive GConf datatypes GCONF_VALUE_STRING, GCONF_VALUE_INT, GCONF_VALUE_FLOAT, GCONF_VALUE_BOOL, and GCONF_VALUE_SCHEMA. Note that the values associated with a GCONF_VALUE_PAIR are not required to have the same type.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateRoutingTableFlagsType complex type restricts a string value to a specific set of values that describe the flags associated with a routing table entry. This list is based off the values defined in the man pages of various platforms. For Linux, please see route(8). For Solaris, please see netstat(1M). For HP-UX, please see netstat(1). For Mac OS, please see netstat(1). For FreeBSD, please see netstat(1). Documentation on each allowed value can be found in the previously listed man pages. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+ The following table is a mapping between the generic flag enumeration values and the actual flag values found on the various platforms. If the flag value is not specified, for a particular generic flag enumeration value, the flag value is not defined for that platform.
+
+Name Linux Solaris HPUX Mac OS FreeBSD
+UP U U U U U
+GATEWAY G G G G G
+HOST H H H H H
+REINSTATE R
+DYNAMIC D D D D
+MODIFIED M M M
+ADDRCONF A A
+CACHE C
+REJECT ! R R
+REDUNDANT M
+SETSRC S
+BROADCAST B b b
+LOCAL L
+PROTOCOL_1 1 1
+PROTOCOL_2 2 2
+PROTOCOL_3 3 3
+BLACK_HOLE B B
+CLONING C C
+PROTOCOL_CLONING c c
+INTERFACE_SCOPE I
+LINK_LAYER L L
+MULTICAST m
+STATIC S S
+WAS_CLONED W W
+XRESOLVE X X
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateXinetdTypeStatusType complex type restricts a string value to five values, either RPC, INTERNAL, UNLISTED, TCPMUX, or TCPMUXPLUS that specify the type of service registered in xinetd. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The INTERNAL type is used to describe services like echo, chargen, and others whose functionality is supplied by xinetd itself.
+
+
+
+
+ The RPC type is used to describe services that use remote procedure call ala NFS.
+
+
+
+
+ The UNLISTED type is used to describe services that aren't listed in /etc/protocols or /etc/rpc.
+
+
+
+
+ The TCPMUX type is used to describe services that conform to RFC 1078. This type indiciates that the service is responsible for handling the protocol handshake.
+
+
+
+
+ The TCPMUXPLUS type is used to describe services that conform to RFC 1078. This type indicates that xinetd is responsible for handling the protocol handshake.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateWaitStatusType complex type restricts a string value to two values, either wait or nowait, that specify whether the server that is invoked by inetd will take over the listening socket associated with the service, and whether once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests. The empty string is also allowed to support empty elements associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The value of 'wait' specifies that the server that is invoked by inetd will take over the listening socket associated with the service, and once launched, inetd will wait for that server to exit, if ever, before it resumes listening for new service requests.
+
+
+
+
+ The value of 'nowait' specifies that the server that is invoked by inetd will not wait for any existing server to finish before taking over the listening socket associated with the service.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateEncryptMethodType complex type restricts a string value to a set that corresponds to the allowed encrypt methods used for protected passwords in a shadow file. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The DES method corresponds to the (none) prefix.
+
+
+
+
+ The BSDi method corresponds to BSDi modified DES or the '_' prefix.
+
+
+
+
+ The MD5 method corresponds to MD5 for Linux/BSD or the $1$ prefix.
+
+
+
+
+ The Blowfish method corresponds to Blowfish (OpenBSD) or the $2$ or $2a$ prefixes.
+
+
+
+
+ The Sun MD5 method corresponds to the $md5$ prefix.
+
+
+
+
+ The SHA-256 method corresponds to the $5$ prefix.
+
+
+
+
+ The SHA-512 method corresponds to the $6$ prefix.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateInterfaceType complex type restricts a string value to a specific set of values. These values describe the different interface types which are defined in 'if_arp.h'. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The ARPHRD_ETHER type is used to describe ethernet interfaces.
+
+
+
+
+ The ARPHRD_FDDI type is used to describe fiber distributed data interfaces (FDDI).
+
+
+
+
+ The ARPHRD_LOOPBACK type is used to describe loopback interfaces.
+
+
+
+
+ The ARPHRD_VOID type is used to describe unknown interfaces.
+
+
+
+
+ The ARPHRD_PPP type is used to describe point-to-point protocol interfaces (PPP).
+
+
+
+
+ The ARPHRD_SLIP type is used to describe serial line internet protocol interfaces (SLIP).
+
+
+
+
+ The ARPHRD_PRONET type is used to describe PROnet token ring interfaces.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-meta-model/src/main/xsd/oval-5.8/windows-definitions-schema.xsd b/content-meta-model/src/main/xsd/oval-5.8/windows-definitions-schema.xsd
new file mode 100644
index 0000000..348b5fa
--- /dev/null
+++ b/content-meta-model/src/main/xsd/oval-5.8/windows-definitions-schema.xsd
@@ -0,0 +1,7321 @@
+
+
+
+
+
+ The following is a description of the elements, types, and attributes that compose the Windows specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
+ The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
+
+ Windows Definition
+ 5.8
+ 9/15/2010 1:55:35 PM
+ Copyright (c) 2002-2010, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included.
+
+
+
+
+
+
+ - the value "" found in platform element as part of the affected element is not a valid windows platform.
+
+
+
+
+
+
+
+
+
+ The accesstoken_test is used to check the properties of a Windows access token as well as individual privileges and rights associated with it. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an accesstoken_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ accesstoken_test
+ accesstoken_object
+ accesstoken_state
+ accesstoken_item
+
+
+
+
+
+ - the object child element of an accesstoken_test must reference an accesstoken_object
+
+
+ - the state child element of an accesstoken_test must reference an accesstoken_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The accesstoken_object element is used by an access token test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An accesstoken_object consists of a single security principle that identifies user, group, or computer account that is associated with the token.
+
+
+
+
+
+
+
+
+
+
+
+ The security_principle element defines the access token being specified. Security principles include users or groups with either local or domain accounts, and computer accounts created when a computer joins a domain. In Windows, security principles are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. User rights and permissions to access objects such as Active Directory objects, files, and registry settings are assigned to security principles. In a domain environment, security principles should be identified in the form: "domain\trustee name". For local security principles use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain. If an operation other than equals is used to identify matching trustees (i.e. not equal, or a pattern match) then the resulting matches shall be limited to only the trustees referenced in the Local Security Authority database. The scope is limited here to avoid unnecessarily resource intensive searches for trustees. Note that the larger scope of all known trustees may be obtained through the use of variables.
+
+
+
+
+
+
+
+
+
+
+
+
+ The accesstoken_state element defines the different information that can be used to evaluate the specified access tokens. This includes the multitude of user rights and permissions that can be granted. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The security_principle element identifies an access token to test for. Security principles include users or groups with either local or domain accounts, and computer accounts created when a computer joins a domain. In Windows, security principles are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. User rights and permissions to access objects such as Active Directory objects, files, and registry settings are assigned to security principles. In a domain environment, security principles should be identified in the form: "domain\trustee name". For local security principles use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+ If the seassignprimarytokenprivilege privilege is enabled, it allows a parent process to replace the access token that is associated with a child process.
+
+
+
+
+ If the seauditprivilege privilege is enabled, it allows a process to generate audit records in the security log. The security log can be used to trace unauthorized system access.
+
+
+
+
+ If the sebackupprivilege privilege is enabled, it allows the user to circumvent file and directory permissions to back up the system. The privilege is selected only when an application attempts access by using the NTFS backup application programming interface (API). Otherwise, normal file and directory permissions apply.
+
+
+
+
+ If the sechangenotifyprivilege privilege is enabled, it allows the user to pass through folders to which the user otherwise has no access while navigating an object path in the NTFS file system or in the registry. This privilege does not allow the user to list the contents of a folder; it allows the user only to traverse its directories.
+
+
+
+
+ If the secreateglobalprivilege privilege is enabled, it allows the user to create named file mapping objects in the global namespace during Terminal Services sessions.
+
+
+
+
+ If the secreatepagefileprivilege privilege is enabled, it allows the user to create and change the size of a pagefile.
+
+
+
+
+ If the secreatepermanentprivilege privilege is enabled, it allows a process to create a directory object in the object manager. It is useful to kernel-mode components that extend the object namespace. Components that are running in kernel mode have this privilege inherently.
+
+
+
+
+ If the secreatesymboliclinkprivilege privilege is enabled, it allows users to create symbolic links.
+
+
+
+
+ If the secreatetokenprivilege privilege is enabled, it allows a process to create an access token by calling NtCreateToken() or other token-creating APIs.
+
+
+
+
+ If the sedebugprivilege privilege is enabled, it allows the user to attach a debugger to any process. It provides access to sensitive and critical operating system components.
+
+
+
+
+ If the seenabledelegationprivilege privilege is enabled, it allows the user to change the Trusted for Delegation setting on a user or computer object in Active Directory. The user or computer that is granted this privilege must also have write access to the account control flags on the object.
+
+
+
+
+ If the seimpersonateprivilege privilege is enabled, it allows the user to impersonate a client after authentication.
+
+
+
+
+ If the seincreasebasepriorityprivilege privilege is enabled, it allows a user to increase the base priority class of a process.
+
+
+
+
+ If the seincreasequotaprivilege privilege is enabled, it allows a process that has access to a second process to increase the processor quota assigned to the second process.
+
+
+
+
+ If the seincreaseworkingsetprivilege privilege is enabled, it allows a user to increase a process working set.
+
+
+
+
+ If the seloaddriverprivilege privilege is enabled, it allows a user to install and remove drivers for Plug and Play devices.
+
+
+
+
+ If the selockmemoryprivilege privilege is enabled, it allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk.
+
+
+
+
+ If the semachineaccountprivilege privilege is enabled, it allows the user to add a computer to a specific domain.
+
+
+
+
+ If the semanagevolumeprivilege privilege is enabled, it allows a non-administrative or remote user to manage volumes or disks.
+
+
+
+
+ If the seprofilesingleprocessprivilege privilege is enabled, it allows a user to sample the performance of an application process.
+
+
+
+
+ If the serelabelprivilege privilege is enabled, it allows a user to modify an object label.
+
+
+
+
+ If the seremoteshutdownprivilege privilege is enabled, it allows a user to shut down a computer from a remote location on the network.
+
+
+
+
+ If the serestoreprivilege privilege is enabled, it allows a user to circumvent file and directory permissions when restoring backed-up files and directories and to set any valid security principle as the owner of an object.
+
+
+
+
+ If the sesecurityprivilege privilege is enabled, it allows a user to specify object access auditing options for individual resources such as files, Active Directory objects, and registry keys. A user who has this privilege can also view and clear the security log from Event Viewer.
+
+
+
+
+ If the seshutdownprivilege privilege is enabled, it allows a user to shut down the local computer.
+
+
+
+
+ If the sesyncagentprivilege privilege is enabled, it allows a process to read all objects and properties in the directory, regardless of the protection on the objects and properties. It is required in order to use Lightweight Directory Access Protocol (LDAP) directory synchronization (Dirsync) services.
+
+
+
+
+ If the sesystemenvironmentprivilege privilege is enabled, it allows modification of system environment variables either by a process through an API or by a user through System Properties.
+
+
+
+
+ If the sesystemprofileprivilege privilege is enabled, it allows a user to sample the performance of system processes.
+
+
+
+
+ If the sesystemtimeprivilege privilege is enabled, it allows the user to adjust the time on the computer's internal clock. It is not required to change the time zone or other display characteristics of the system time.
+
+
+
+
+ If the setakeownershipprivilege privilege is enabled, it allows a user to take ownership of any securable object in the system, including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes, and threads.
+
+
+
+
+ If the setcbprivilege privilege is enabled, it allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.
+
+
+
+
+ If the setimezoneprivilege privilege is enabled, it allows the user to change the time zone.
+
+
+
+
+ If the seundockprivilege privilege is enabled, it allows the user of a portable computer to undock the computer by clicking Eject PC on the Start menu.
+
+
+
+
+ If the seunsolicitedinputprivilege privilege is enabled, it allows the user to read unsolicited data from a terminal device.
+
+
+
+
+ If an account is assigned the sebatchlogonright right, it can log on using the batch logon type.
+
+
+
+
+ If an account is assigned the seinteractivelogonright right, it can log on using the interactive logon type.
+
+
+
+
+ If an account is assigned the senetworklogonright right, it can log on using the network logon type.
+
+
+
+
+ If an account is assigned the seremoteinteractivelogonright right, it can log on to the computer by using a Remote Desktop connection.
+
+
+
+
+ If an account is assigned the seservicelogonright right, it can log on using the service logon type.
+
+
+
+
+ If an account is assigned the sedenybatchLogonright right, it is explicitly denied the ability to log on using the batch logon type.
+
+
+
+
+ If an account is assigned the sedenyinteractivelogonright right, it is explicitly denied the ability to log on using the interactive logon type.
+
+
+
+
+ If an account is assigned the sedenynetworklogonright right, it is explicitly denied the ability to log on using the network logon type.
+
+
+
+
+ If an account is assigned the sedenyremoteInteractivelogonright right, it is explicitly denied the ability to log on through Terminal Services.
+
+
+
+
+ If an account is assigned the sedenyservicelogonright right, it is explicitly denied the ability to log on using the service logon type.
+
+
+
+
+ If an account is assigned this right, it can access the Credential Manager as a trusted caller.
+
+
+
+
+
+
+
+
+
+ The AccesstokenBehaviors complex type defines a number of behaviors that allow a more detailed definition of the accesstoken_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ If a group security principle is specified, this behavior specifies whether to include the group or not. For example, maybe you want to check the access tokens associated with every user within a group, but not the group itself. In this case, you would set the include_group behavior to 'false'. If the security_principle is not a group, then this behavior should be ignored.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved and any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: win-def:accesstoken_object
+
+
+
+
+
+
+
+
+
+
+
+ The active directory test is used to check information about specific entries in active directory. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an activedirectory_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ activedirectory_test
+ activedirectory_object
+ activedirectory_state
+ activedirectory_item
+
+
+
+
+ 5.7
+ Replaced by the activedirectory57_test. This test allows for single fields to be selected from active directory. A new test was created to allow more than one field to be selected in one statement. See the activedirectory57_test.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of an activedirectory_test must reference an activedirectory_object
+
+
+ - the state child element of an activedirectory_test must reference an activedirectory_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The activedirectory_object element is used by an active directory test to define those objects to evaluated based on a specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An active directory object consists of three pieces of information, a naming context, a relative distinguished name, and an attribute. Each piece helps identify a specific active directory entry.
+
+
+ 5.7
+ Replaced by the activedirectory57_object. This object allows for single fields to be selected from active directory. A new object was created to allow more than one field to be selected in one statement. See the activedirectory57_object.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.
+
+
+
+
+ The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the object's distinguished name except those outlined by the naming context. If the xsi:nil attribute is set to true, then the object being specified is the higher level naming context. In this case, the relative_dn element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every relative dn under a given naming context.
+
+
+
+
+ Specifies a named value contained by the object. If the xsi:nil attribute is set to true, the attribute element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every attribute under a given relative dn.
+
+
+
+
+
+
+
+
+
+
+
+ The activedirectory_state element defines the different information that can be used to evaluate the specified entries in active directory. An active directory test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.7
+ Replaced by the activedirectory57_state. This state allows for single fields to be selected from active directory. A new state was created to allow more than one field to be selected in one statement. See the activedirectory57_state.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.
+
+
+
+
+ The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the objects distinguished name except those outlined by the naming context.
+
+
+
+
+ Specifies a named value contained by the object.
+
+
+
+
+ The name of the class of which the object is an instance.
+
+
+
+
+ Specifies the type of information that the specified attribute represents.
+
+
+
+
+ The actual value of the specified active directory attribute.
+
+
+
+
+
+
+
+
+
+
+
+
+ The active directory test is used to check information about specific entries in active directory. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an activedirectory57_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ activedirectory57_test
+ activedirectory57_object
+ activedirectory57_state
+ activedirectory57_item
+
+
+
+
+
+ - the object child element of an activedirectory57_test must reference an activedirectory57_object
+
+
+ - the state child element of an activedirectory57_test must reference an activedirectory57_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The activedirectory57_object element is used by an active directory test to define those objects to evaluated based on a specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An active directory object consists of three pieces of information, a naming context, a relative distinguished name, and an attribute. Each piece helps identify a specific active directory entry.
+
+
+
+
+
+
+
+
+
+
+ Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.
+
+
+
+
+ The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the object's distinguished name except those outlined by the naming context. If the xsi:nil attribute is set to true, then the object being specified is the higher level naming context. In this case, the relative_dn element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every relative dn under a given naming context.
+
+
+
+
+ Specifies a named value contained by the object. If the xsi:nil attribute is set to true, the attribute element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every attribute under a given relative dn.
+
+
+
+
+
+
+
+
+
+
+
+
+ The activedirectory57_state element defines the different information that can be used to evaluate the specified entries in active directory. An active directory test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.
+
+
+
+
+ The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the objects distinguished name except those outlined by the naming context.
+
+
+
+
+ Specifies a named value contained by the object.
+
+
+
+
+ The name of the class of which the object is an instance.
+
+
+
+
+ The type of information that the specified attribute represents.
+
+
+
+
+ The actual value of the specified Active Directory attribute. Note that while an Active Directory attribute can contain structured data where it is necessary to collect multiple related fields that can be described by the 'record' datatype, it is not always the case. It also is possible that an Active Directory attribute can contain only a single value or an array of values. In these cases, there is not a name to uniquely identify the corresponding field which is a requirement for fields in the 'record' datatype. As a result, the name of the Active Directory attribute will be used to uniquely identify the field and satisfy this requirement.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The auditeventpolicy_test is used to check different types of events the system should audit. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a auditeventpolicy_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ auditeventpolicy_test
+ auditeventpolicy_object
+ auditeventpolicy_state
+ auditeventpolicy_item
+
+
+
+
+
+ - the object child element of an auditeventpolicy_test must reference an auditeventpolicy_object
+
+
+ - the state child element of an auditeventpolicy_test must reference an auditeventpolicy_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The auditeventpolicy_object element is used by an audit event policy test to define those objects to evaluate based on a specified state. There is actually only one object relating to audit event policy and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check audit event policy will reference the same auditeventpolicy_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The auditeventpolicy_state element specifies the different system activities that can be audited. An audit event policy test will reference a specific instance of this state that defines the exact settings that need to be evaluated. The defined values are found in window's POLICY_AUDIT_EVENT_TYPE enumeration and accessed through the LsaQueryInformationPolicy when the InformationClass parameters are set to PolicyAuditEventsInformation. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.
+
+
+
+
+ Audit attempts to create, delete, or change user or group accounts. Also, audit password changes.
+
+
+
+
+ Audit specific events, such as program activation, some forms of handle duplication, indirect access to an object, and process exit. Note that this activitiy is also known as process tracking.
+
+
+
+
+ Audit attempts to access the directory service.
+
+
+
+
+ Audit attempts to log on to or log off of the system. Also, audit attempts to make a network connection.
+
+
+
+
+ Audit attempts to access securable objects, such as files.
+
+
+
+
+ Audit attempts to change Policy object rules.
+
+
+
+
+ Audit attempts to use privileges.
+
+
+
+
+ Audit attempts to shut down or restart the computer. Also, audit events that affect system security or the security log.
+
+
+
+
+
+
+
+
+
+
+
+
+ The auditeventpolicysubcategories_test is used to check the audit event policy settings on a Windows system. These settings are used to specify which system and network events are monitored. For example, if the credential_validation element has a value of AUDIT_FAILURE, it means that the system is configured to log all unsuccessful attempts to validate a user account on a system. It is important to note that these audit event policy settings are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information on each setting. The test extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a auditeventpolicy_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ auditeventpolicysubcategories_test
+ auditeventpolicysubcategories_object
+ auditeventpolicysubcategories_state
+ auditeventpolicysubcategories_item
+
+
+
+
+
+ - the object child element of an auditeventpolicysubcategories_test must reference an auditeventpolicysubcategories_object
+
+
+ - the state child element of an auditeventpolicysubcategories_test must reference an auditeventpolicysubcategories_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The auditeventpolicysubcategories_object element is used by an audit event policy subcategories test to define those objects to evaluate based on a specified state. There is actually only one object relating to audit event policy subcategories and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check audit event policy subcategories will reference the same auditeventpolicysubcategories_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The auditeventpolicysubcategories_state element specifies the different system activities that can be audited. An audit event policy subcategories test will reference a specific instance of this state that defines the exact subcategories that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+
+ Audit the events produced during the validation of a user's logon credentials.
+
+
+
+
+ Audit the events produced by Kerberos authentication ticket-granting requests.
+
+
+
+
+ Audit the events produced by Kerberos service ticket requests.
+
+
+
+
+ Audit the events produced during the validation of Kerberos tickets provided for a user account logon request.
+
+
+
+
+ Audit the events produced by changes to user accounts that are not covered by other events in the Account Logon category.
+
+
+
+
+
+ Audit the events produced by changes to application groups.
+
+
+
+
+ Audit the events produced by changes to computer accounts.
+
+
+
+
+ Audit the events produced by changes to distribution groups.
+
+
+
+
+ Audit the events produced by other user account changes that are not covered by other events in the Account Management category.
+
+
+
+
+ Audit the events produced by changes to security groups.
+
+
+
+
+ Audit the events produced by changes to user accounts.
+
+
+
+
+
+ Audit the events produced when requests are made to the Data Protection application interface.
+
+
+
+
+ Audit the events produced when a process is created or starts.
+
+
+
+
+ Audit the events produced when a process ends.
+
+
+
+
+ Audit the events produced by inbound remote procedure call connections.
+
+
+
+
+
+ Audit the events produced when a Active Directory Domain Services object is accessed.
+
+
+
+
+ Audit the events produced when changes are made to Active Directory Domain Services objects.
+
+
+
+
+ Audit the events produced when two Active Directory Domain Services domain controllers are replicated.
+
+
+
+
+ Audit the events produced by detailed Active Directory Domain Services replication between domain controllers.
+
+
+
+
+
+ Audit the events produced by a failed attempt to log onto a locked out account.
+
+
+
+
+ Audit the events produced by Internet Key Exchange and Authenticated Internet protocol during Extended Mode negotiations.
+
+
+
+
+ Audit the events produced by Internet Key Exchange and Authenticated Internet protocol during Main Mode negotiations.
+
+
+
+
+ Audit the events produced by Internet Key Exchange and Authenticated Internet protocol during Quick Mode negotiations.
+
+
+
+
+ Audit the events produced by closing a logon session.
+
+
+
+
+ Audit the events produced by attempts to log onto a user account.
+
+
+
+
+ Audit the events produced by RADIUS and Network Access Protection user access requests.
+
+
+
+
+ Audit the events produced by other logon/logoff based events that are not covered in the Logon/Logoff category.
+
+
+
+
+ Audit the events produced by special logons.
+
+
+
+
+
+ Audit the events produced by applications that use the Windows Auditing API.
+
+
+
+
+ Audit the events produced by operations on Active Directory Certificate Services.
+
+
+
+
+ Audit the events produced by attempts to access files and folders on a shared folder.
+
+
+
+
+ Audit the events produced by attempts to access a shared folder.
+
+
+
+
+ Audit the events produced user attempts to access file system objects.
+
+
+
+
+ Audit the events produced by connections that are allowed or blocked by Windows Filtering Platform.
+
+
+
+
+ Audit the events produced by packets that are dropped by Windows Filtering Platform.
+
+
+
+
+ Audit the events produced when a handle is opened or closed.
+
+
+
+
+ Audit the events produced by attempts to access the system kernel.
+
+
+
+
+ Audit the events produced by the management of Task Scheduler jobs or COM+ objects.
+
+
+
+
+ Audit the events produced by attempts to access registry objects.
+
+
+
+
+ Audit the events produced by attempts to access Security Accounts Manager objects.
+
+
+
+
+
+ Audit the events produced by changes in security audit policy settings.
+
+
+
+
+ Audit the events produced by changes to the authentication policy.
+
+
+
+
+ Audit the events produced by changes to the authorization policy.
+
+
+
+
+ Audit the events produced by changes to the Windows Filtering Platform.
+
+
+
+
+ Audit the events produced by changes to policy rules used by the Windows Firewall.
+
+
+
+
+ Audit the events produced by other security policy changes that are not covered other events in the Policy Change category.
+
+
+
+
+
+ Audit the events produced by the use of non-sensitive privileges.
+
+
+
+
+ This is currently not used and has been reserved by Microsoft for use in the future.
+
+
+
+
+ Audit the events produced by the use of sensitive privileges.
+
+
+
+
+
+ Audit the events produced by the IPsec filter driver.
+
+
+
+
+ Audit the events produced by the startup and shutdown, security policy processing, and cryptography key file and migration operations of the Windows Firewall.
+
+
+
+
+ Audit the events produced by changes in the security state.
+
+
+
+
+ Audit the events produced by the security system extensions or services.
+
+
+
+
+ Audit the events that indicate that the integrity security subsystem has been violated.
+
+
+
+
+
+
+
+
+
+
+
+
+ The dnscache_test is used to check the time to live and IP addresses associated with a domain name. The time to live and IP addresses for a particular domain name are retrieved from the DNS cache on the local system. The entries in the DNS cache can be collected using Microsoft's DnsGetCacheDataTable() and DnsQuery() API calls. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a dnscache_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ dnscache_test
+ dnscache_object
+ dnscache_state
+ dnscache_item
+
+
+
+
+
+ - the object child element of a dnscache_test must reference a dnscache_object
+
+
+ - the state child element of a dnscache_test must reference a dnscache_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The dnscache_object is used by the dnscache_test to specify the domain name(s) that should be collected from the DNS cache on the local system. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The domain_name element specifies the domain name(s) that should be collected from the DNS cache on the local system.
+
+
+
+
+
+
+
+
+
+
+
+
+ The dnscache_state contains three entities that are used to check the domain name, time to live, and IP addresses associated with the DNS cache entry.
+
+
+
+
+
+
+
+ The domain_name element contains a string that represents a domain name that was collected from the DNS cache on the local system.
+
+
+
+
+ The ttl element contains an integer that represents the time to live in seconds of the DNS cache entry.
+
+
+
+
+ The ip_address element contains a string that represents an IP address associated with the specified domain name that was collected from the DNS cache on the local system. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+
+
+
+
+
+
+
+
+ The file test is used to check metadata associated with Windows files. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a file_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ file_test
+ file_object
+ file_state
+ file_item
+
+
+
+
+
+ - the object child element of a file_test must reference a file_object
+
+
+ - the state child element of a file_test must reference a file_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file_object element is used by a file test to define the specific file(s) to be evaluated. The file_object will collect directories and all Windows file types (FILE_TYPE_CHAR, FILE_TYPE_DISK, FILE_TYPE_PIPE, FILE_TYPE_REMOTE, and FILE_TYPE_UNKNOWN). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A file object defines the path and filename or complete filepath of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileBehaviors complex type for more information about specific behaviors.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth and recurse_direction behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes or permissions associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file_state element defines the different metadata associate with a Windows file. This includes the path, filename, owner, size, last modified time, version, etc. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of the file.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+ The owner element is a string that contains the name of the owner. The name should be specified in the DOMAIN\username format.
+
+
+
+
+ The size element is the size of the file in bytes.
+
+
+
+
+ Time of last access of file. Valid on NTFS but not on FAT formatted disk drives. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).
+
+
+
+
+ Time of creation of file. Valid on NTFS but not on FAT formatted disk drives. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).
+
+
+
+
+ Time of last modification of file. The string should represent the FILETIME structure which is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).
+
+
+
+
+ The checksum of the file as supplied by Microsoft's MapFileAndCheckSum function.
+
+
+
+
+ The version element is the delimited version string of the file.
+
+
+
+
+ The type element marks whether the file is a directory, named pipe, standard file, etc. These types are the return values for GetFileType, with the exception of FILE_ATTRIBUTE_DIRECTORY which is obtained by looking at GetFileAttributesEx. NOTE: Should this entity be split into two in future versions of the language as there are other values associated with GetFileAttributesEx that are not represented here?
+
+
+
+
+ The development_class element allows the distinction to be made between the GDR development environment and the QFE development environment. This field holds the text found in front of the mmmmmm-nnnn version, for example srv03_gdr.
+
+
+
+
+ This entity defines a company name to be found within the version-information structure.
+
+
+
+
+ This entity defines an internal name to be found within the version-information structure.
+
+
+
+
+ This entity defines a language to be found within the version-information structure.
+
+
+
+
+ This entity defines an original filename to be found within the version-information structure.
+
+
+
+
+ This entity defines a product name to be found within the version-information structure.
+
+
+
+
+ This entity defines a product version to be found within the version-information structure.
+
+
+
+
+
+
+
+
+
+ The FileBehaviors complex type defines a number of behaviors that allow a more detailed definition of the file_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+ 'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. For a 'max_depth' of -1 or any value of 1 or more the starting directory must be considered in the recursive search.
+ Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recursion off.
+
+
+
+
+
+
+
+
+
+
+ 'recurse_direction' defines the direction, either 'up' to parent directories, or 'down' into child directories to recursively search for files. When recursing up or down, one is limited by the max_depth behavior. Note that it is not an error if max_depth specifies a certain level of recursion and that level does not exist. Recursing should only go as deep as available. The default value is 'none' for no recursion.
+
+
+
+
+
+
+
+
+
+
+
+ 'recurse_file_system' defines the file system limitation of any recursion, either 'local' limiting data collection to local file systems (as opposed to file systems mounted from an external system), or 'defined' to keep any recursion within the file system that the file_object (path+filename) has specified. The default value is 'all' meaning to use all available file systems for data collection.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file audit permissions test is used to check the audit permissions associated with Windows files. Note that the trustee's audited permissions are the audit permissons that the SACL grants to the trustee or to any groups of which the trustee is a member. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a fileauditedpermissions_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ fileauditedpermissions53_test
+ fileauditedpermissions53_object
+ fileauditedpermissions53_state
+ fileauditedpermissions_item
+
+
+
+
+
+ - the object child element of a fileauditedpermissions53_test must reference a fileauditedpermissions53_object
+
+
+ - the state child element of a fileauditedpermissions53_test must reference a fileauditedpermissions53_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileauditedpermissions53_object element is used by a file audited permissions test to define the objects used to evalutate against the specified state. The fileauditedpermissions53_object will collect directories and all Windows file types (FILE_TYPE_CHAR, FILE_TYPE_DISK, FILE_TYPE_PIPE, FILE_TYPE_REMOTE, and FILE_TYPE_UNKNOWN). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.
+ A fileauditedpermissions53_object is defined as a combination of a Windows file and trustee SID. The file represents the file to be evaluated while the trustee SID represents the account (SID) to check audited permissions of. If multiple files or SIDs are matched by either reference, then each possible combination of file and SID is a matching file audited permissions object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileAuditPermissions53Behaviors complex type for more information about specific behaviors.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth and recurse_direction behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes or permissions associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+
+
+ The trustee_sid entity identifies a unique SID associated with a user, group, system, or program (such as a Windows service). If an operation other than equals is used to identify matching trustees (i.e. not equal, or a pattern match) then the resulting matches shall be limited to only the trustees referenced in the file's Security Descriptor. The scope is limited here to avoid unnecessarily resource intensive searches for trustees. Note that the larger scope of all known trustees may be obtained through the use of variables.
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileauditedpermissions53_state element defines the different audit permissions that can be associated with a given fileauditedpermissions53_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to test for.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+ The trustee_sid element is the unique SID that associated a user, group, system, or program (such as a Windows service).
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+ Grants the right to read data from the file.
+
+
+
+
+ Grants the right to write data to the file.
+
+
+
+
+ Grants the right to append data to the file.
+
+
+
+
+ Grants the right to read extended attributes.
+
+
+
+
+ Grants the right to write extended attributes.
+
+
+
+
+ Grants the right to execute a file.
+
+
+
+
+ Right to delete a directory and all the files it contains (its children), even if the files are read-only.
+
+
+
+
+ Grants the right to read file attributes.
+
+
+
+
+ Grants the right to change file attributes.
+
+
+
+
+
+
+
+
+
+ The FileAuditPermissions53Behaviors complex type defines a number of behaviors that allow a more detailed definition of the fileauditpermissions53_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+ The FileAuditPermissions53Behaviors extend the win-def:FileBehaviors and therefore include the behaviors defined by that type.
+
+
+
+
+
+ 'include_group' defines whether the group SID should be included in the object when the object is defined by a group SID. For example, the intent of an object defined by a group SID might be to retrieve all the user SIDs that are a member of the group, but not the group SID itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: fileauditedpermissions53_object
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file audited permissions test is used to check the audit permissions associated with Windows files. Note that the trustee's audited permissions are the audit permissons that the SACL grants to the trustee or to any groups of which the trustee is a member. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a fileauditedpermissions_object, and the optional state element references a fileauditedpermissions_state that specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ fileauditedpermissions_test
+ fileauditedpermissions_object
+ fileauditedpermissions_state
+ fileauditedpermissions_item
+
+
+
+
+ 5.3
+ Replaced by the fileauditedpermissions53_test. This test uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new test was created to use trustee SIDs, which are unique. See the fileauditedpermissions53_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of a fileauditedpermissions_test must reference a fileauditedpermissions_object
+
+
+ - the state child element of a fileauditedpermissions_test must reference a fileauditedpermissions_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileauditedpermissions_object element is used by a file audited permissions test to define the objects used to evalutate against the specified state. The fileauditedpermissions_object will collect directories and all Windows file types (FILE_TYPE_CHAR, FILE_TYPE_DISK, FILE_TYPE_PIPE, FILE_TYPE_REMOTE, and FILE_TYPE_UNKNOWN). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.
+ A fileauditedpermissions_object is defined as a combination of a Windows file and trustee name. The file represents the file to be evaluated while the trustee name represents the account (SID) to check audited permissions of. If multiple files or SIDs are matched by either reference, then each possible combination of file and SID is a matching file audited permissions object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileAuditPermissionsBehaviors complex type for more information about specific behaviors.
+
+
+ 5.3
+ Replaced by the fileauditedpermissions53_object. This object uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new object was created to use trustee SIDs, which are unique. See the fileauditedpermissions53_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes or permissions associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+ The trustee_name element is the unique name that associated a particular SID. A SID can be associated with a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+
+
+
+
+
+
+
+ The fileauditedpermissions_state element defines the different audit permissions that can be associated with a given fileauditedpermissions_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.3
+ Replaced by the fileauditedpermissions53_state. This state uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new state was created to use trustee SIDs, which are unique. See the fileauditedpermissions53_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to test for.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+ The trustee_name is the unique name associated with a particular security identifier (SID). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+ Grants the right to read data from the file.
+
+
+
+
+ Grants the right to write data to the file.
+
+
+
+
+ Grants the right to append data to the file.
+
+
+
+
+ Grants the right to read extended attributes.
+
+
+
+
+ Grants the right to write extended attributes.
+
+
+
+
+ Grants the right to execute a file.
+
+
+
+
+ Right to delete a directory and all the files it contains (its children), even if the files are read-only.
+
+
+
+
+ Grants the right to read file attributes.
+
+
+
+
+ Grants the right to change file attributes.
+
+
+
+
+
+
+
+
+
+ The FileAuditPermissionsBehaviors complex type defines a number of behaviors that allow a more detailed definition of the fileauditpermissions_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ The FileAuditPermissionsBehaviors extend the win-def:FileBehaviors and therefore include the behaviors defined by that type.
+
+
+ 5.3
+ Replaced by the FileAuditPermissionsBehaviors53. The FileAuditPermissionsBehaviors complex type is used by the fileauditedpermissions_test which uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new test was created to use trustee SIDs, which are unique. This new test utilizes the FileAuditPermissionsBehaviors53 complex type, and as a result, the FileAuditPermissionsBehaviors complex type is no longer needed.
+ This complex type has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+
+
+
+ 'include_group' defines whether the group trustee name should be included in the object when the object is defined by a group trustee name. For example, the intent of an object defined by a group trustee name might be to retrieve all the user SIDs that are a member of the group, but not the group trustee name itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: fileauditedpermissions_object
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file effective rights test is used to check the effective rights associated with Windows files. Note that the trustee's effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the trustee is a member. The fileeffectiverights53_test element extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a fileeffectiverights53_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ fileeffectiverights53_test
+ fileeffectiverights53_object
+ fileeffectiverights53_state
+ fileeffectiverights_item
+
+
+
+
+
+ - the object child element of a fileeffectiverights53_test must reference a fileeffectiverights53_object
+
+
+ - the state child element of a fileeffectiverights53_test must reference a fileeffectiverights53_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileeffectiverights53_object element is used by a file effective rights test to define the objects used to evalutate against the specified state. The fileeffectiverights53_object will collect directories and all Windows file types (FILE_TYPE_CHAR, FILE_TYPE_DISK, FILE_TYPE_PIPE, FILE_TYPE_REMOTE, and FILE_TYPE_UNKNOWN). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.
+ A fileeffectiverights53_object is defined as a combination of a Windows file and trustee SID. The file represents the file to be evaluated while the trustee SID represents the account (SID) to check effective rights of. If multiple files or SIDs are matched by either reference, then each possible combination of file and SID is a matching file effective rights object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileEffectiveRights53Behaviors complex type for more information about specific behaviors.
+ The set of files to be evaluated may be identified with either a complete filepath or a path and filename. Only one of these options may be selected.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+
+
+
+
+
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+ - the max_depth and recurse_direction behaviors are not allowed with a filepath entity
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes or permissions associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path..
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+
+
+ The trustee_sid entity identifies a unique SID associated with a user, group, system, or program (such as a Windows service). If an operation other than equals is used to identify matching trustees (i.e. not equal, or a pattern match) then the resulting matches shall be limited to only the trustees referenced in the file's Security Descriptor. The scope is limited here to avoid unnecessarily resource intensive searches for trustees. Note that the larger scope of all known trustees may be obtained through the use of variables.
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileeffectiverights53_state element defines the different rights that can be associated with a given fileeffectiverights53_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of the file.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+ The trustee_sid element is the unique SID that associated a user, group, system, or program (such as a Windows service).
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+ Grants the right to read data from the file, or if a directory, grants the right to list the contents of the directory.
+
+
+
+
+ Grants the right to write data to the file, or if a directory, grants the right to add a file to the directory.
+
+
+
+
+ Grants the right to append data to the file, or if a directory, grants the right to add a sub-directory to the directory.
+
+
+
+
+ Grants the right to read extended attributes.
+
+
+
+
+ Grants the right to write extended attributes.
+
+
+
+
+ Grants the right to execute a file, or if a directory, the right to traverse the directory.
+
+
+
+
+ Right to delete a directory and all the files it contains (its children), even if the files are read-only.
+
+
+
+
+ Grants the right to read file, or directory, attributes.
+
+
+
+
+ Grants the right to change file, or directory, attributes.
+
+
+
+
+
+
+
+
+
+ The FileEffectiveRights53Behaviors complex type defines a number of behaviors that allow a more detailed definition of the fileeffectiverights53_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ It is important to note that the 'max_depth' and 'recurse_direction' attributes of the 'behaviors' element do not apply to the 'filepath' element, only to the 'path' and 'filename' elements. This is because the 'filepath' element represents an absolute path to a particular file and it is not possible to recurse over a file.
+ The FileEffectiveRights53Behaviors extend the win-def:FileBehaviors and therefore include the behaviors defined by that type.
+
+
+
+
+
+ 'include_group' defines whether the group SID should be included in the object when the object is defined by a group SID. For example, the intent of an object defined by a group SID might be to retrieve all the user SIDs that are a member of the group, but not the group SID itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: fileeffectiverights53_object
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The file effective rights test is used to check the effective rights associated with Windows files. Note that the trustee's effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the trustee is a member. The fileeffectiverights_test element extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a fileeffectiverights_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ fileeffectiverights_test
+ fileeffectiverights_object
+ fileeffectiverights_state
+ fileeffectiverights_item
+
+
+
+
+ 5.3
+ Replaced by the fileeffectiverights53_test. This test uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new test was created to use trustee SIDs, which are unique. See the fileeffectiverights53_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of a fileeffectiverights_test must reference a fileeffectiverights_object
+
+
+ - the state child element of a fileeffectiverights_test must reference a fileeffectiverights_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The fileeffectiverights_object element is used by a file effective rights test to define the objects used to evalutate against the specified state. The fileeffectiverights_object will collect directories and all Windows file types (FILE_TYPE_CHAR, FILE_TYPE_DISK, FILE_TYPE_PIPE, FILE_TYPE_REMOTE, and FILE_TYPE_UNKNOWN). Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.
+ A fileeffectiverights_object is defined as a combination of a Windows file and trustee name. The file represents the file to be evaluated while the trustee name represents the account (SID) to check effective rights of. If multiple files or SIDs are matched by either reference, then each possible combination of file and SID is a matching file effective rights object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FileEffectiveRightsBehaviors complex type for more information about specific behaviors.
+
+
+ 5.3
+ Replaced by the fileeffectiverights_object. This object uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new object was created to use trustee SIDs, which are unique. See the fileeffectiverights53_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of a file to evaluate. If the xsi:nil attribute is set to true, then the object being specified is the higher level directory object (not all the files in the directory). In this case, the filename element should not be used during collection and would result in the unique set of items being the directories themselves. For example, one would set xsi:nil to true if the desire was to test the attributes or permissions associated with a directory. Setting xsi:nil equal to true is different than using a .* pattern match, which says to collect every file under a given path.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+ The trustee_name element is the unique name that associated a particular SID. A SID can be associated with a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+
+
+
+
+
+
+
+ The fileeffectiverights_state element defines the different rights that can be associated with a given fileeffectiverights_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.3
+ Replaced by the fileeffectiverights53_state. This state uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new state was created to use trustee SIDs, which are unique. See the fileeffectiverights53_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ The path element specifies the directory component of the absolute path to a file on the machine.
+
+
+
+
+ The filename element specifies the name of the file.
+
+
+
+ - filename entity cannot contain the characters / \ : * ? > |
+
+
+
+
+
+
+
+ The unique name associated with a particular security identifier (SID). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+ Grants the right to read data from the file, or if a directory, grants the right to list the contents of the directory.
+
+
+
+
+ Grants the right to write data to the file, or if a directory, grants the right to add a file to the directory.
+
+
+
+
+ Grants the right to append data to the file, or if a directory, grants the right to add a sub-directory to the directory.
+
+
+
+
+ Grants the right to read extended attributes.
+
+
+
+
+ Grants the right to write extended attributes.
+
+
+
+
+ Grants the right to execute a file, or if a directory, the right to traverse the directory.
+
+
+
+
+ Right to delete a directory and all the files it contains (its children), even if the files are read-only.
+
+
+
+
+ Grants the right to read file, or directory, attributes.
+
+
+
+
+ Grants the right to change file, or directory, attributes.
+
+
+
+
+
+
+
+
+
+ The FileEffectiveRightsBehaviors complex type defines a number of behaviors that allow a more detailed definition of the fileeffectiverights_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ The FileEffectiveRightsBehaviors extend the win-def:FileBehaviors and therefore include the behaviors defined by that type.
+
+
+ 5.3
+ Replaced by the FileEffectiveRightsBehaviors53. The FileEffectiveRightsBehaviors complex type is used by the fileeffectiverights_test which uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new test was created to use trustee SIDs, which are unique. This new test utilizes the FileEffectiveRightsBehaviors53 complex type, and as a result, the FileEffectiveRightsBehaviors complex type is no longer needed.
+ This complex type has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+
+
+
+ 'include_group' defines whether the group trustee name should be included in the object when the object is defined by a group trustee name. For example, the intent of an object defined by a group SID might be to retrieve all the user trustee names that are members of the group, but not the group trustee name itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: fileeffectiverights_object
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The group_test allows the different users and subgroups, that directly belong to specific groups (identified by name), to be tested. When the group_test collects the groups on the system, it should only include the local and built-in group accounts and not domain group accounts. However, it is important to note that domain group accounts can still be looked up. Also, note that the subgroups of the group will not be resolved to find indirect user and group members. If the subgroups need to be resolved, it should be done using the sid_object. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a group_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ group_test
+ group_object
+ group_state
+ group_item
+
+
+
+
+
+ - the object child element of a group_test must reference a group_object
+
+
+ - the state child element of a group_test must reference a group_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The group_object element is used by a group test to define the specific group(s) (identified by name) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The group element holds a string that represents the name of a particular group. In Windows, group names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, the group should be identified in the form: "domain\group name". In a local environment, the group should be identified in the form: "computer name\group name". If the group is a built-in group, the group should be identified in the form: "group name" without a domain component.
+
+
+
+
+
+
+
+
+
+
+
+
+ The group_state element enumerates the different users and subgroups directly associated with a Windows group. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The group element holds a string that represents the name of a particular group. In Windows, group names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, groups should be identified in the form: "domain\group name". For local groups use: "computer name\group name". For built-in accounts on the system, use the group name without a domain.
+
+
+
+
+ The user element holds a string that represents the name of a particular user. In Windows, user names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, users should be identified in the form: "domain\user name". For local users use: "computer name\user name". For built-in accounts on the system, use the user name without a domain.
+ The user element can be included multiple times in a system characteristic item in order to record that a group contains a number of different users. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like user that refer to items that can occur an unbounded number of times.
+
+
+
+
+ A string that represents the name of a particular subgroup in the specified group. In Windows, group names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, the subgroups should be identified in the form: "domain\group name". In a local environment, the subgroups should be identified in the form: "computer name\group name". If the subgroups are built-in groups, the subgroups should be identified in the form: "group name" without a domain component.
+ The subgroup element can be included multiple times in a system characteristic item in order to record that a group contains a number of different subgroups. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like the subgroup entity that refer to items that can occur an unbounded number of times.
+
+
+
+
+
+
+
+
+
+
+
+
+ The group_sid_test allows the different users and subgroups, that directly belong to specific groups (identified by SID), to be tested. When the group_sid_test collects the group SIDs on the system, it should only include the local and built-in group SIDs and not domain group SIDs. However, it is important to note that domain group SIDs can still be looked up. Also, note that the subgroups of the group will not be resolved to find indirect user and group members. If the subgroups need to be resolved, it should be done using the sid_sid_object. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a group_sid_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ group_sid_test
+ group_sid_object
+ group_sid_state
+ group_sid_item
+
+
+
+
+
+ - the object child element of a group_sid_test must reference a group_sid_object
+
+
+ - the state child element of a group_sid_test must reference a group_sid_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The group_sid_object element is used by a group_test to define the specific group(s) (identified by SID) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The group_sid entity holds a string that represents the SID of a particular group.
+
+
+
+
+
+
+
+
+
+
+
+
+ The group_state element enumerates the different users and subgroups directly associated with a Windows group. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The group_sid entity holds a string that represents the SID of a particular group.
+
+
+
+
+ The user_sid entity holds a string that represents the SID of a particular user. This entity can be included multiple times in a system characteristic item in order to record that a group contains a number of different users. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like user that refer to items that can occur an unbounded number of times.
+
+
+
+
+ The subgroup_sid entity holds a string that represents the SID of particular subgroup in the specified group. This entity can be included multiple times in a system characteristic item in order to record that a group contains a number of different subgroups. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like subgroup_sid that refer to items that can occur an unbounded number of times.
+
+
+
+
+
+
+
+
+
+
+
+
+ The interface test enumerate various attributes about the interfaces on a system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an interface_object and the optional state element specifies the interface information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ interface_test
+ interface_object
+ interface_state
+ interface_item
+
+
+
+
+
+ - the object child element of an interface_test must reference an interface_object
+
+
+ - the state child element of an interface_test must reference an interface_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The interface_object element is used by an interface test to define the specific interfaces(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An interface object consists of a single name entity that identifies which interface is being specified. For help understanding this object, see the MIB_IFROW and MIB_IPADDRROW structures.
+
+
+
+
+
+
+
+
+
+
+ The name element specifies the name of an interface.
+
+
+
+
+
+
+
+
+
+
+
+
+ The interface_state element enumerates the different properties associate with a Windows interface. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The name element specifies the name of an interface.
+
+
+
+
+ The index element specifies index that identifies the interface.
+
+
+
+
+ The type element specifies the type of interface which is limited to certain set of values.
+
+
+
+
+ The hardware_addr entity is the hardware or MAC address of the physical network card. MAC addresses should be formatted according to the IEEE 802-2001 standard which states that a MAC address is a sequence of six octet values, separated by hyphens, where each octet is represented by two hexadecimal digits. Uppercase letters should also be used to represent the hexadecimal digits A through F.
+
+
+
+
+ The inet_addr element specifies the IP address. Note that the IP address can be IPv4 or IPv6. If the IP address is an IPv6 address, this entity will be expressed as an IPv6 address prefix using CIDR notation and the netmask entity will not be collected.
+
+
+
+
+ The broadcast_addr element specifies the broadcast address. A broadcast address is typically the IP address with the host portion set to either all zeros or all ones. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ The netmask element specifies the subnet mask for the IP address. Note that if the inet_addr entity contains an IPv6 address prefix, this entity will not be collected.
+
+
+
+
+ The addr_type element specifies the address type or state of a specific interface. Each interface can be associated with more than one value meaning the addr_type element can occur multiple times in a system characteristic item. Note that the entity_check attribute associated with EntityStateAddrTypeType guides the evaluation of unbounded entities like addr_type.
+
+
+
+
+
+
+
+
+
+
+
+
+ The lockout policy test enumerates various attributes associated with lockout information for users and global groups in the security database. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a lockoutpolicy_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ lockoutpolicy_test
+ lockoutpolicy_object
+ lockoutpolicy_state
+ lockoutpolicy_item
+
+
+
+
+
+ - the object child element of a lockoutpolicy_test must reference a lockoutpolicy_object
+
+
+ - the state child element of a lockoutpolicy_test must reference a lockoutpolicy_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The lockoutpolicy_object element is used by a lockout policy test to define those objects to evaluated based on a specified state. There is actually only one object relating to lockout policy and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check lockout policy will reference the same lockoutpolicy_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The lockoutpolicy_state element specifies the various attributes associated with lockout information for users and global groups in the security database. A lockout policy test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ Specifies, in seconds, the amount of time between the end of the valid logon time and the time when the user is forced to log off the network. A value of TIMEQ_FOREVER (-1) indicates that the user is never forced to log off. A value of zero indicates that the user will be forced to log off immediately when the valid logon time expires. See the USER_MODALS_INFO_0 structure returned by a call to NetUserModalsGet().
+
+
+
+
+ Specifies, in seconds, how long a locked account remains locked before it is automatically unlocked. See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().
+
+
+
+
+ Specifies the maximum time, in seconds, that can elapse between any two failed logon attempts before lockout occurs. See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().
+
+
+
+
+ Specifies the number of invalid password authentications that can occur before an account is marked "locked out." See the USER_MODALS_INFO_3 structure returned by a call to NetUserModalsGet().
+
+
+
+
+
+
+
+
+
+
+
+
+ The metabase test is used to check information found in the Windows metabase. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a metabase_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ metabase_test
+ metabase_object
+ metabase_state
+ metabase_item
+
+
+
+
+
+ - the object child element of a metabase_test must reference a metabase_object
+
+
+ - the state child element of a metabase_test must reference a metabase_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The metabase_object element is used by a metabase test to define the specific metabase item(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A metabase object defines the key and id of the item(s).
+
+
+
+
+
+
+
+
+
+
+ The key element specifies a metabase key.
+
+
+
+
+ The id element specifies a particular object under the metabase key. If the xsi:nil attribute is set to true, then the object being specified is the higher level key. In this case, the id element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match, says to collect every id under a given key. The most likely use for xsi:nil within a metabase object is when checking for the existence of a particular key, without regards to the different ids associated with it.
+
+
+
+
+
+
+
+
+
+
+
+
+ The metabase_state element defines the different metadata associate with a metabase item. This includes the name, user type, data type, and the actual data. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The key element specifies a metabase key.
+
+
+
+
+ The id element specifies a particular object under the metabase key.
+
+
+
+
+ The name element describes the name of the specified metabase object.
+
+
+
+
+ The user_type element is a DWORD that specifies the user type of the data. See the METADATA_RECORD structure.
+
+
+
+
+ The data_type element identifies the type of data in the metabase entry. See the METADATA_RECORD structure.
+
+
+
+
+ The actual data of the named item under the specified metabase key
+
+
+
+
+
+
+
+
+
+
+
+
+ The password policy test is used to check specific policy associated with passwords. It is important to note that these policies are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a passwordpolicy_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ NOTE: This information is stored in the SAM or Active Directory but is encrypted or hidden so the registry_test and activedirectory57_test are of no use. If this can be figured out, then the password_policy test is not needed.
+
+
+ passwordpolicy_test
+ passwordpolicy_object
+ passwordpolicy_state
+ passwordpolicy_item
+
+
+
+
+
+ - the object child element of a passwordpolicy_test must reference a passwordpolicy_object
+
+
+ - the state child element of a passwordpolicy_test must reference a passwordpolicy_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The passwordpolicy_object element is used by a password policy test to define those objects to evaluated based on a specified state. There is actually only one object relating to password policy and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check password policy will reference the same passwordpolicy_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The passwordpolicy_state element specifies the various policies associated with passwords. A password policy test will reference a specific instance of this state that defines the exact settings that need to be evaluated.
+
+
+
+
+
+
+
+ Specifies, in seconds, the maximum allowable password age. A value of TIMEQ_FOREVER (-1) indicates that the password never expires. The minimum valid value for this element is ONE_DAY (86400).
+
+
+
+
+ Specifies the minimum number of seconds that can elapse between the time a password changes and when it can be changed again. A value of zero indicates that no delay is required between password updates.
+
+
+
+
+ Specifies the minimum allowable password length. Valid values for this element are zero through PWLEN.
+
+
+
+
+ Specifies the length of password history maintained. A new password cannot match any of the previous usrmod0_password_hist_len passwords. Valid values for this element are zero through DEF_MAX_PWHIST.
+
+
+
+
+ A boolean value that signifies whether passwords must meet the complexity requirements put forth by the operating system.
+
+
+
+
+ Determines whether or not passwords are stored using reversible encryption.
+
+
+
+
+
+
+
+
+
+
+
+
+ The port test is used to check information about the available ports on a Windows system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a port_object and the optional state element specifies the port information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ port_test
+ port_object
+ port_state
+ port_item
+
+
+
+
+
+ - the object child element of a port_test must reference a port_object
+
+
+ - the state child element of a port_test must reference a port_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The port_object element is used by a port test to define the specific port(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A port object defines the local address, port number, and protocol of the port(s).
+
+
+
+
+
+
+
+
+
+
+ This element specifies the local IP address the listening port is bound to. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This element specifies the number assigned to the local listening port.
+
+
+
+
+ This element specifies the type of listening port. It is restricted to either TCP or UDP.
+
+
+
+
+
+
+
+
+
+
+
+
+ The port_state element defines the different metadata associate with a Windows port. This includes the local address, port number, protocol, and pid. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This element specifies the local IP address the listening port is bound to. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This element specifies the number assigned to the local listening port.
+
+
+
+
+ This element specifies the type of listening port. It is restricted to either TCP or UDP.
+
+
+
+
+ The id given to the process that is associated with the specified listening port.
+
+
+
+
+ This is the IP address with which the program is communicating, or with which it will communicate, in the case of a listening server. Note that the IP address can be IPv4 or IPv6.
+
+
+
+
+ This is the TCP or UDP port to which the program communicates.
+
+
+
+
+
+
+
+
+
+
+
+
+ The printer effective rights test is used to check the effective rights associated with Windows printers. The printereffectiverights_test element extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a printereffectiverights_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ printereffectiverights_test
+ printereffectiverights_object
+ printereffectiverights_state
+ printereffectiverights_item
+
+
+
+
+
+ - the object child element of a printereffectiverights_test must reference a printereffectiverights_object
+
+
+ - the state child element of a printereffectiverights_test must reference a printereffectiverights_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The printer_name element describes a printer that a user may have rights on.
+
+
+
+
+ The trustee_sid entity identifies a unique SID associated with a user, group, system, or program (such as a Windows service). If an operation other than equals is used to identify matching trustees (i.e. not equal, or a pattern match) then the resulting matches shall be limited to only the trustees referenced in the printer's Security Descriptor. The scope is limited here to ensure that it is possible to avoid unnecessarily resource intensive searches for trustees. Note that the larger scope of all known trustees may be obtained through the use of variables.
+
+
+
+
+
+
+
+
+
+
+
+
+ The printereffectiverights_state element defines the different rights that can be associated with a given printereffectiverights_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This element specifies the name of the printer.
+
+
+
+
+ The trustee_sid element is the unique SID that associated a user, group, system, or program (such as a Windows service).
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The PrinterEffectiveRightsBehaviors complex type defines a number of behaviors that allow a more detailed definition of the pritnereffectiverights_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ 'include_group' defines whether the group trustee name should be included in the object when the object is defined by a group trustee name. For example, the intent of an object defined by a group trustee name might be to retrieve all the user trustee names that are members of the group, but not the group trustee name itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: printereffectiverights_object
+
+
+
+
+
+
+
+
+
+
+
+ The process_test is used to check information found in the Windows processes. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a process_object and the optional state element references a process_state element that specifies the process information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ process_test
+ process_object
+ process_state
+ process_item
+
+
+
+
+ 5.8
+ The process_test has been deprecated and replaced by the process58_test. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_test for additional information.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of a process_test must reference a process_object
+
+
+ - the state child element of a process_test must reference a process_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The process_object element is used by a process test to define the specific process(es) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A process_object defines the command line used to start the process(es).
+
+
+ 5.8
+ The process_object has been deprecated and replaced by the process58_object. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_object for additional information.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+ The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.
+
+
+
+
+
+
+
+
+
+
+ The process_state element defines the different metadata associate with a Windows process. This includes the command line, pid, ppid, image path, and current directory. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.8
+ The process_state has been deprecated and replaced by the process58_state. The command line of a process cannot be used to uniquely identify a process. As a result, the pid entity was added to the process58_object. Please see the process58_state for additional information.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.
+
+
+
+
+ The id given to the process that is created for a specified command line.
+
+
+
+
+ The id given to the parent of the process that is created for the specified command line
+
+
+
+
+ The base priority of the process.
+
+
+
+
+ The image_path entity contains the name of the executable file in question.
+
+
+
+
+ The current_directory entity represents the current path to the executable.
+
+
+
+
+
+
+
+
+
+
+
+
+ The process58_test is used to check information found in the Windows processes. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a process58_object and the optional state element references a process58_state element that specifies the process information to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ process58_test
+ process58_object
+ process58_state
+ process_item
+
+
+
+
+
+ - the object child element of a process58_test must reference a process58_object
+
+
+ - the state child element of a process58_test must reference a process58_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The process58_object element is used by a process58_test to define the specific process(es) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A process58_object defines the command line used to start the process(es)and pid.
+
+
+
+
+
+
+
+
+
+
+ The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.
+
+
+
+
+ The id given to the process that is created for a specified command line.
+
+
+
+
+
+
+
+
+
+
+
+
+ The process58_state element defines the different metadata associate with a Windows process. This includes the command line, pid, ppid, image path, and current directory. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The command_line entity is the string used to start the process. This includes any parameters that are part of the command line.
+
+
+
+
+ The id given to the process that is created for a specified command line.
+
+
+
+
+ The id given to the parent of the process that is created for the specified command line
+
+
+
+
+ The base priority of the process.
+
+
+
+
+ The image_path entity contains the name of the executable file in question.
+
+
+
+
+ The current_directory entity represents the current path to the executable.
+
+
+
+
+
+
+
+
+
+
+
+
+ The registry test is used to check metadata associated with Windows registry key. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a registry_object and the optional state element specifies the registry data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ registry_test
+ registry_object
+ registry_state
+ registry_item
+
+
+
+
+
+ - the object child element of a registry_test must reference a registry_object
+
+
+ - the state child element of a registry_test must reference a registry_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The hive that the registry key belongs to. This is restricted to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS.
+
+
+
+
+ The key element describes a registry key to be collected. Note that the hive portion of the string should not be included, as this data should be found under the hive element. If the xsi:nil attribute is set to true, then the object being specified is the higher level hive. In this case, the key element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match. A .* pattern match says to collect every key under a given hive. Note that when xsi:nil is used for the key element, the name element should also be nilled.
+
+
+
+ - name entity must be nil when key is nil
+
+
+
+
+
+
+
+ The name element describes the name assigned to a value associated with a specific registry key. If an empty string is specified for the name element, the registry key's default value should be collected. If the xsi:nil attribute is set to true, then the object being specified is the higher level hive/key. In this case, the name element should not be collected or used in analysis. Setting xsi:nil equal to true on an element is different than using a .* pattern match. A .* pattern match says to collect every name under a given hive/key. The most likely use for xsi:nil within a registry object is when checking for the existence of a particular key, without regards to the different names associated with it.
+
+
+
+
+
+
+
+
+
+
+
+
+ The registry_state element defines the different metadata associate with a Windows registry key. This includes the hive, key, name, type, and value. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The hive that the registry key belongs to. This is restricted to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS.
+
+
+
+
+ This element describes a registry key to be tested. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.
+
+
+
+
+ This element describes the name of a value of a registry key. If the xsi:nil attribute is set to true, then the name element should not be used in analysis.
+
+
+
+
+ The type entity allows a test to be written against the registy type associated with the specified registry key(s). Please refer to the documentation on the EntityStateRegistryTypeType for more information about the different valid individual types.
+
+
+
+
+ The value entity allows a test to be written against the value held within the specified registry key(s). If the value being tested is of type REG_BINARY, then the datatype attribute should be set to 'binary' and the data represented by the value entity should follow the xsd:hexBinary form. (each binary octet is encoded as two hex digits) If the value being tested is of type REG_DWORD or REG_QWORD, then the datatype attribute should be set to 'int' and the value entity should represent the data as an integer. If the value being tested is of type REG_EXPAND_SZ, then the datatype attribute should be set to 'string' and the pre-expanded string should be represented by the value entity. If the value being tested is of type REG_MULTI_SZ, then only a single string (one of the multiple strings) should be tested using the value entity with the datatype attribute set to 'string'. In order to test multiple values, multiple OVAL registry tests should be used. If the specified registry key is of type REG_SZ, then the datatype should be 'string' and the value entity should be a copy of the string.
+ Note that if the intent is to test a version number held in the registry (as a reg_sz) then instead of setting the datatype to 'string', the datatype can be set to 'version'. This allows tools performing the evaluation to know how to perform less than and greater than operations correctly.
+
+
+
+
+
+
+
+
+
+ The RegistryBehaviors complex type defines a number of behaviors that allow a more detailed definition of the registry_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ 'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. For a 'max_depth' of -1 or any value of 1 or more the starting key must be considered in the recursive search.
+ Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recursion off.
+
+
+
+
+
+
+
+
+
+
+ 'recurse_direction' defines the direction, either 'up' to parent keys, or 'down' into child keys to recursively search for registry keys. When recursing up or down, one is limited by the max_depth behavior. Note that it is not an error if max_depth specifies a certain level of recursion and that level does not exist. Recursing should only go as deep as available. The default value is 'none' for no recursion.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The registry key audited permissions test is used to check the audit permissions associated with Windows registry keys. Note that the trustee's audited permissions are the audit permissons that the SACL grants to the trustee or to any groups of which the trustee is a member. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a regkeyauditedpermissions53_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ regkeyauditedpermissions53_test
+ regkeyauditedpermissions53_object
+ regkeyauditedpermissions53_state
+ regkeyauditedpermissions_item
+
+
+
+
+
+ - the object child element of a regkeyauditedpermissions53_test must reference a regkeyauditedpermissions53_object
+
+
+ - the state child element of a regkeyauditedpermissions53_test must reference a regkeyauditedpermissions53_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The regkeyauditedpermissions53_object element is used by a registry key audited permissions test to define the objects used to evalutate against the specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.
+ A regkeyauditedpermissions53_object is defined as a combination of a Windows registry key and trustee name. The hive and key elements represents the registry key to be evaluated while the trustee name represents the account (SID) to check audited permissions of. If multiple keys or SIDs are matched by either reference, then each possible combination of registry key and SID is a matching registry key audited permissions object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the RegkeyAuditPermissions53Behaviors complex type for more information about specific behaviors.
+
+
+
+
+
+
+
+
+
+
+
+ The hive that the registry key belongs to. This is restricted to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS.
+
+
+
+
+ The key element describes a registry key to be collected. Note that the hive portion of the string should not be included, as this data should be found under the hive element. If the xsi:nil attribute is set to true, then the object being specified is the higher level hive. In this case, the key element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match. A .* pattern match says to collect every key under a given hive.
+
+
+
+
+ The trustee_sid entity identifies a unique SID associated with a user, group, system, or program (such as a Windows service). If an operation other than equals is used to identify matching trustees (i.e. not equal, or a pattern match) then the resulting matches shall be limited to only the trustees referenced in the registry key's Security Descriptor. The scope is limited here to avoid unnecessarily resource intensive searches for trustees. Note that the larger scope of all known trustees may be obtained through the use of variables.
+
+
+
+
+
+
+
+
+
+
+
+
+ The regkeyauditedpermissions53_state element defines the different audit permissions that can be associated with a given regkeyauditedpermissions53_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This element specifies the hive of a registry key on the machine from which to retrieve the SACL.
+
+
+
+
+ This element specifies a registry key on the machine from which to retrieve the SACL. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.
+
+
+
+
+ The trustee_sid element is the unique SID that associated a user, group, system, or program (such as a Windows service).
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+ 5.6
+ This entity has been deprecated because registry keys do not support the SYNCHRONIZE standard access right.
+
+
+
+ DEPRECATED ELEMENT: ID:
+
+
+
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The RegkeyAuditPermissions53Behaviors complex type defines a number of behaviors that allow a more detailed definition of the registrykeyauditedpermissions53_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ The RegkeyAuditPermissions53Behaviors extend the win-def:RegistryBehaviors and therefore include the behaviors defined by that type.
+
+
+
+
+
+ 'include_group' defines whether the group SID should be included in the object when the object is defined by a group SID. For example, the intent of an object defined by a group SID might be to retrieve all the user SIDs that are a member of the group, but not the group SID itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: regkeyauditedpermissions53_object
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The registry key audited permissions test is used to check the audit permissions associated with Windows registry keys. Note that the trustee's audited permissions are the audit permissons that the SACL grants to the trustee or to any groups of which the trustee is a member. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a regkeyauditedpermissions_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ regkeyauditedpermissions_test
+ regkeyauditedpermissions_object
+ regkeyauditedpermissions_state
+ regkeyauditedpermissions_item
+
+
+
+
+ 5.3
+ Replaced by the regkeyauditedpermissions53_test. This test uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new test was created to use trustee SIDs, which are unique. See the regkeyauditedpermissions53_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of a regkeyauditedpermissions_test must reference a regkeyauditedpermissions_object
+
+
+ - the state child element of a regkeyauditedpermissions_test must reference a regkeyauditedpermissions_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The regkeyauditedpermissions_object element is used by a registry key audited permissions test to define the objects used to evalutate against the specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.
+ A regkeyauditedpermissions_object is defined as a combination of a Windows registry key and trustee name. The hive and key elements represents the registry key to be evaluated while the trustee name represents the account (SID) to check audited permissions of. If multiple keys or SIDs are matched by either reference, then each possible combination of file and SID is a matching file audited permissions object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the RegkeyAuditPermissionsBehaviors complex type for more information about specific behaviors.
+
+
+ 5.3
+ Replaced by the regkeyauditedpermissions53_object. This object uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new object was created to use trustee SIDs, which are unique. See the regkeyauditedpermissions53_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The hive that the registry key belongs to. This is restricted to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS.
+
+
+
+
+ The key element describes a registry key to be collected. Note that the hive portion of the string should not be included, as this data should be found under the hive element.
+
+
+
+
+ The trustee_name element is the unique name that associated a particular SID. A SID can be associated with a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+
+
+
+
+
+
+
+ The regkeyauditedpermissions_state element defines the different audit permissions that can be associated with a given regkeyauditedpermissions_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.3
+ Replaced by the regkeyauditedpermissions53_state. This state uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new state was created to use trustee SIDs, which are unique. See the regkeyauditedpermissions53_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ This element specifies the hive of a registry key on the machine from which to retrieve the SACL.
+
+
+
+
+ This element specifies a registry key on the machine from which to retrieve the SACL. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.
+
+
+
+
+ The unique name associated with a particular security identifier (SID). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The RegkeyAuditPermissionsBehaviors complex type defines a number of behaviors that allow a more detailed definition of the registrykeyauditedpermissions_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ The RegkeyAuditPermissionsBehaviors extend the win-def:RegistryBehaviors and therefore include the behaviors defined by that type.
+
+
+ 5.3
+ Replaced by the RegkeyAuditPermissionsBehaviors53. The RegkeyAuditPermissionsBehaviors complex type is used by the regkeyauditedpermissions_test which uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new test was created to use trustee SIDs, which are unique. This new test utilizes the RegkeyAuditPermissionsBehaviors53 complex type, and as a result, the RegkeyAuditPermissionsBehaviors complex type is no longer needed.
+ This complex type has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+
+
+
+ 'include_group' defines whether the group trustee name should be included in the object when the object is defined by a group trustee name. For example, the intent of an object defined by a group trustee name might be to retrieve all the user trustee names that are members of the group, but not the group trustee name itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: regkeyauditedpermissions_object
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The registry key effective rights test is used to check the effective rights associated with Windows files. Note that the trustee's effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the trustee is a member. The regkeyeffectiverights53_test element extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a regkeyeffectiverights53_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ regkeyeffectiverights53_test
+ regkeyeffectiverights53_object
+ regkeyeffectiverights53_state
+ regkeyeffectiverights_item
+
+
+
+
+
+ - the object child element of a regkeyeffectiverights53_test must reference a regkeyeffectiverights53_object
+
+
+ - the state child element of a regkeyeffectiverights53_test must reference a regkeyeffectiverights53_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The regkeyeffectiverights53_object element is used by a registry key effective rights test to define the objects used to evalutate against the specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.
+ A regkeyeffectiverights53_object is defined as a combination of a Windows registry and trustee SID. The key entity represents the registry key to be evaluated while the trustee SID represents the account (SID) to check effective rights of. If multiple files or SIDs are matched by either reference, then each possible combination of registry key and SID is a matching registry key effective rights object. In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the RegkeyEffectiveRights53Behaviors complex type for more information about specific behaviors.
+
+
+
+
+
+
+
+
+
+
+
+ The hive that the registry key belongs to. This is restricted to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS.
+
+
+
+
+ The key element describes a registry key to be collected. Note that the hive portion of the string should not be included, as this data should be found under the hive element. If the xsi:nil attribute is set to true, then the object being specified is the higher level hive. In this case, the key element should not be collected or used in analysis. Setting xsi:nil equal to true is different than using a .* pattern match. A .* pattern match says to collect every key under a given hive.
+
+
+
+
+ The trustee_sid entity identifies a unique SID associated with a user, group, system, or program (such as a Windows service). If an operation other than equals is used to identify matching trustees (i.e. not equal, or a pattern match) then the resulting matches shall be limited to only the trustees referenced in the registry key's Security Descriptor. The scope is limited here to avoid unnecessarily resource intensive searches for trustees. Note that the larger scope of all known trustees may be obtained through the use of variables.
+
+
+
+
+
+
+
+
+
+
+
+
+ The regkeyeffectiverights53_state element defines the different rights that can be associated with a given regkeyeffectiverights53_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This element specifies the hive of a registry key on the machine from which to retrieve the SACL.
+
+
+
+
+ This element specifies a registry key on the machine from which to retrieve the SACL. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.
+
+
+
+
+ The trustee_sid element is the unique SID that associated a user, group, system, or program (such as a Windows service).
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+ 5.6
+ This entity has been deprecated because registry keys do not support the SYNCHRONIZE standard access right.
+
+
+
+ DEPRECATED ELEMENT: ID:
+
+
+
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The RegkeyEffectiveRights53Behaviors complex type defines a number of behaviors that allow a more detailed definition of the registrykeyeffectiverights53_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ The RegkeyEffectiveRights53Behaviors extend the win-def:RegistryBehaviors and therefore include the behaviors defined by that type.
+
+
+
+
+
+ 'include_group' defines whether the group SID should be included in the object when the object is defined by a group SID. For example, the intent of an object defined by a group SID might be to retrieve all the user SIDs that are a member of the group, but not the group SID itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: regkeyeffectiverights53_object
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The registry key effective rights test is used to check the effective rights associated with Windows files. Note that the trustee's effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the trustee is a member. The regkeyeffectiverights_test element extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a regkeyeffectiverights_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ regkeyeffectiverights_test
+ regkeyeffectiverights_object
+ regkeyeffectiverights_state
+ regkeyeffectiverights_item
+
+
+
+
+ 5.3
+ Replaced by the regkeyeffectiverights53_test. This test uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new test was created to use trustee SIDs, which are unique. See the regkeyeffectiverights53_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of a regkeyeffectiverights_test must reference a regkeyeffectiverights_object
+
+
+ - the state child element of a regkeyeffectiverights_test must reference a regkeyeffectiverights_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 5.3
+ Replaced by the fileauditedpermissions53_object. This object uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new object was created to use trustee SIDs, which are unique. See the regkeyeffectiverights53_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The hive that the registry key belongs to. This is restricted to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS.
+
+
+
+
+ The key element describes a registry key to be collected. Note that the hive portion of the string should not be included, as this data should be found under the hive element.
+
+
+
+
+ The trustee_name element is the unique name that associated a particular SID. A SID can be associated with a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+
+
+
+
+
+
+
+ The regkeyeffectiverights_state element defines the different rights that can be associated with a given regkeyeffectiverights_object. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.3
+ Replaced by the regkeyeffectiverights53_state. This state uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new state was created to use trustee SIDs, which are unique. See the regkeyeffectiverights53_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ This element specifies the hive of a registry key on the machine from which to retrieve the SACL.
+
+
+
+
+ This element specifies a registry key on the machine from which to retrieve the SACL. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.
+
+
+
+
+ The unique name associated with a particular security identifier (SID). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+ The right to delete the object.
+
+
+
+
+ The right to read the information in the object's Security Descriptor, not including the information in the SACL.
+
+
+
+
+ The right to modify the DACL in the object's Security Descriptor.
+
+
+
+
+ The right to change the owner in the object's Security Descriptor.
+
+
+
+
+ The right to use the object for synchronization. This enables a thread to wait until the object is in the signaled state. Some object types do not support this access right.
+
+
+
+
+ Indicates access to a system access control list (SACL).
+
+
+
+
+ Read access.
+
+
+
+
+ Write access.
+
+
+
+
+ Execute access.
+
+
+
+
+ Read, write, and execute access.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The RegkeyEffectiveRightsBehaviors complex type defines a number of behaviors that allow a more detailed definition of the registrykeyeffectiverights_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+ The RegkeyEffectiveRightsBehaviors extend the win-def:RegistryBehaviors and therefore include the behaviors defined by that type.
+
+
+ 5.3
+ Replaced by the RegkeyEffectiveRightsBehaviors53. The RegkeyEffectiveRightsBehaviors complex type is used by the regkeyeffectiverights_test which uses a trustee_name element for identifying trustees. Trustee names are not unique, and a new test was created to use trustee SIDs, which are unique. This new test utilizes the RegkeyEffectiveRightsBehaviors53 complex type, and as a result, the RegkeyEffectiveRightsBehaviors complex type is no longer needed.
+ This complex type has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+
+
+
+ 'include_group' defines whether the group trustee name should be included in the object when the object is defined by a group trustee name. For example, the intent of an object defined by a group trustee name might be to retrieve all the user trustee names that are members of the group, but not the group trustee name itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+ 5.6
+ The 'resolve_group' behavior has been deprecated in favor of using variables to reference more efficient objects for expanding groups.
+ Consider using a sid_sid_object or similar to resolve the members of a group.
+
+
+
+ DEPRECATED BEHAVIOR IN: regkeyeffectiverights_object
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The service_test is used to check metadata associated with Windows services. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a service_object and the optional state elements specify the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ service_test
+ service_object
+ service_state
+ service_item
+
+
+
+
+
+ - the object child element of a service_test must reference a service_object
+
+
+ - the state child element of a service_test must reference a service_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The service_object element is used by a service_test to define the specific service(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+ The service_name element specifies the service name as stored in the Service Control Manager (SCM) database on the system.
+
+
+
+
+
+
+
+
+
+
+
+
+ The service_state element defines the different metadata associated with a Windows service. This includes the service name, display name, description, type, start type, current state, controls accepted, start name, path, pid, service flag, and dependencies. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The service_name element specifies the name of the service as specified in the Service Control Manager (SCM) database.
+
+
+
+
+ The display_name element specifies the name of the service as specified in tools such as Control Panel->Administrative Tools->Services.
+
+
+
+
+ The description element specifies the description of the service.
+
+
+
+
+ The service_type element specifies the type of the service.
+
+
+
+
+ The start_type element specifies when the service should be started.
+
+
+
+
+ The current_state element specifies the current state of the service.
+
+
+
+
+ The controls_accepted element specifies the control codes that a service will accept and process.
+
+
+
+
+ The start_name element specifies the account under which the process should run.
+
+
+
+
+ The path element specifies the path to the binary of the service.
+
+
+
+
+ The pid element specifies the process ID of the service.
+
+
+
+
+ The service_flag element specifies if the service is in a system process that must always run (1) or if the service is in a non-system process or is not running (0). If the service is not running, the pid will be 0. Otherwise, the pid will be non-zero.
+
+
+
+
+ The dependencies element specifies the dependencies of this service on other services.
+
+
+
+
+
+
+
+
+
+
+
+
+ The service effective rights test is used to check the effective rights associated with Windows services. Note that the trustee's effective access rights are the access rights that the DACL grants to the trustee or to any groups of which the trustee is a member. The serviceeffectiverights_test element extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a serviceeffectiverights_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ serviceeffectiverights_test
+ serviceeffectiverights_object
+ serviceeffectiverights_state
+ serviceeffectiverights_item
+
+
+
+
+
+ - the object child element of a serviceeffectiverights_test must reference a serviceeffectiverights_object
+
+
+ - the state child element of a serviceeffectiverights_test must reference a serviceeffectiverights_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The serviceeffectiverights_object element is used by the serviceeffectiverights_test to define the objects used to evalutate against the specified state. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic.
+ A serviceeffectiverights_object is defined as a combination of a Windows service_name and trustee_sid. The service_name entity represents the service to be evaluated while the trustee_sid entity represents the account (SID) to check the effective rights of. If multiple services or SIDs are matched by either reference, then each possible combination of service and SID is a matching service effective rights object.
+
+
+
+
+
+
+
+
+
+
+ The service_name element describes a service to be collected. Note that the service_name element should contain the actual name of the service and not its display name that is found in Control Panel->Administrative Tools->Services. For example, if you wanted to check the effective rights of the Automatic Updates service you would specify 'wuauserv' for the service_name element not 'Automatic Updates'.
+
+
+
+
+ The trustee_sid entity identifies a set of SIDs associated with a user, group, system, or program (such as a Windows service). If an operation other than equals is used to identify matching trustees (i.e. not equal, or a pattern match) then the resulting matches shall be limited to only the trustees referenced in the service's Security Descriptor. The scope is limited here to avoid unnecessarily resource intensive searches for trustees. Note that the larger scope of all known trustees may be obtained through the use of variables.
+
+
+
+
+
+
+
+
+
+
+
+
+ The serviceeffectiverights_state element defines the different rights that can be associated with a given serviceeffectiverights_object. Please refer to the individual elements in the schema for more details about what each represents.
+ See http://support.microsoft.com/kb/914392 for more information.
+
+
+
+
+
+
+
+ The service_name element specifies a service on the machine from which to retrieve the DACL. Note that the service_name element should contain the actual name of the service and not its display name that is found in Control Panel->Administrative Tools->Services. For example, if you wanted to check the effective rights of the Automatic Updates service you would specify 'wuauserv' for the service_name element not 'Automatic Updates'.
+
+
+
+
+ The trustee_sid element is the unique SID that is associated with a user, group, system, or program (such as a Windows service).
+
+
+
+
+ This permission is required to call the DeleteService function to delete the service.
+
+
+
+
+ This permission is required to call the QueryServiceObjectSecurity function to query the Security Descriptor of the service object.
+
+
+
+
+ This permission is required to call the SetServiceObjectSecurity function to modify the DACL member of the service object's Security Descriptor.
+
+
+
+
+ This permission is required to call the SetServiceObjectSecurity function to modify the Owner and Group members of the service object's Security Descriptor.
+
+
+
+
+ Read access (STANDARD_RIGHTS_READ, SERVICE_QUERY_CONFIG, SERVICE_QUERY_STATUS, SERVICE_INTERROGATE, SERVICE_ENUMERATE_DEPENDENTS).
+
+
+
+
+ Write access (STANDARD_RIGHTS_WRITE, SERVICE_CHANGE_CONFIG).
+
+
+
+
+ Execute access (STANDARD_RIGHTS_EXECUTE, SERVICE_START, SERVICE_STOP, SERVICE_PAUSE_CONTINUE, SERVICE_USER_DEFINED_CONTROL).
+
+
+
+
+ This permission is required to call the QueryServiceConfig and QueryServiceConfig2 functions to query the service configuration.
+
+
+
+
+ This permission is required to call the ChangeServiceConfig or ChangeServiceConfig2 function to change the service configuration.
+
+
+
+
+ This permission is required to call the QueryServiceStatusEx function to ask the service control manager about the status of the service.
+
+
+
+
+ This permission is required to call the EnumDependentServices function to enumerate all the services dependent on the service.
+
+
+
+
+ This permission is required to call the StartService function to start the service.
+
+
+
+
+ This permission is required to call the ControlService function to stop the service.
+
+
+
+
+ This permission is required to call the ControlService function to pause or continue the service.
+
+
+
+
+ This permission is required to call the ControlService function to ask the service to report its status immediately.
+
+
+
+
+ This permission is required to call the ControlService function to specify a user-defined control code.
+
+
+
+
+
+
+
+
+
+
+
+
+ The shared resource test is used to check properties associated with any shared resource on the system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a sid_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ sharedresource_test
+ sharedresource_object
+ sharedresource_state
+ sharedresource_item
+
+
+
+
+
+ - the object child element of a sharedresource_test must reference a sharedresource_object
+
+
+ - the state child element of a sharedresource_test must reference a sharedresource_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sharedresource_object element is used by a shared resource test to define the object, in this case a shared resource, to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ An shared resource object consists of a single netname entity that identifies a specific shared resource.
+
+
+
+
+
+
+
+
+
+
+ The netname element is the unique name that is associated with a specific shared resource.
+
+
+
+
+
+
+
+
+
+
+
+
+ The sharedresource_state element defines the different metadata associate with a Windows shared resource. This includes the share type, permissions, and max uses. This state mirror the SHARE_INFO_2 structure. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This element specifies the name associated with a particular shared resource.
+
+
+
+
+ The type of the shared resource.
+
+
+
+
+ The maximum number of concurrent connections that the shared resource can accommodate.
+
+
+
+
+ The number of current connections to the resource.
+
+
+
+
+ The local path for the shared resource.
+
+
+
+
+ Permission to read data from a resource and, by default, to execute the resource.
+
+
+
+
+ Permission to write data to the resource.
+
+
+
+
+ Permission to create an instance of the resource (such as a file); data can be written to the resource as the resource is created.
+
+
+
+
+ Permission to execute the resource.
+
+
+
+
+ Permission to delete the resource.
+
+
+
+
+ Permission to modify the resource's attributes (such as the date and time when a file was last modified).
+
+
+
+
+ Permission to modify the permissions (read, write, create, execute, and delete) assigned to a resource for a user or application.
+
+
+
+
+ Permission to read, write, create, execute, and delete resources, and to modify their attributes and permissions.
+
+
+
+
+
+
+
+
+
+
+
+
+ The SID test is used to check properties associated with the specified SID. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a sid_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ sid_test
+ sid_object
+ sid_state
+ sid_item
+
+
+
+
+
+ - the object child element of a sid_test must reference a sid_object
+
+
+ - the state child element of a sid_test must reference a sid_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sid_object element is used by a sid_test to define the object set, in this case a set of SIDs (identified by name), to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+ The trustee_name element is the unique name that associated a particular SID. A SID can be associated with a user, group, or program (such as a Windows service). In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+
+
+
+
+
+
+
+
+ The sid_state element defines the different metadata associate with a Windows trustee (identified by name). Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ This element specifies the trustee name associated with a particular SID. In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+ The security identifier (SID) of the specified trustee name.
+
+
+
+
+ The domain of the specified trustee name.
+
+
+
+
+
+
+
+
+
+ The SidBehaviors complex type defines a number of behaviors that allow a more detailed definition of the sid_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ 'include_group' defines whether the group SID should be included in the object when the object is defined by a group SID. For example, the intent of an object defined by a group SID might be to retrieve all the user SIDs that are a member of the group, but not the group SID itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+
+
+
+
+
+
+ The sid_sid_test is used to check properties associated with the specified SID. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a sid_sid_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ Note that this sid_sid test was added in version 5.4 as a temporary fix. There is a need within the community to identify things like users and groups by both the name and the SID. For version 6 of OVAL, work is underway for a better solution to the problem, but for now, a second test was added to satisfy the need.
+
+
+ sid_sid_test
+ sid_sid_object
+ sid_sid_state
+ sid_sid_item
+
+
+
+
+
+ - the object child element of a sid_sid_test must reference a sid_sid_object
+
+
+ - the state child element of a sid_sid_test must reference a sid_sid_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sid_sid_object element is used by a sid_sid_test to define the object set, in this case a set of SIDs, to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+ The trustee_sid entity identifies a unique SID associated with a user, group, system, or program (such as a Windows service).
+
+
+
+
+
+
+
+
+
+
+
+
+ The sid_state element defines the different metadata associate with a Windows trustee (identified by SID). Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The security identifier (SID) of the specified trustee name.
+
+
+
+
+ This element specifies the trustee name associated with a particular SID. In Windows, trustee names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, trustee names should be identified in the form: "domain\trustee name". For local trustee names use: "computer name\trustee name". For built-in accounts on the system, use the trustee name without a domain.
+
+
+
+
+ The domain of the specified trustee name.
+
+
+
+
+
+
+
+
+
+ The SidSidBehaviors complex type defines a number of behaviors that allow a more detailed definition of the sid_sid_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ 'include_group' defines whether the group SID should be included in the object when the object is defined by a group SID. For example, the intent of an object defined by a group SID might be to retrieve all the user SIDs that are a member of the group, but not the group SID itself.
+
+
+
+
+ The 'resolve_group' behavior defines whether an object set defined by a group SID should be resolved to return a set that contains all the user SIDs that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.
+
+
+
+
+
+
+
+
+ The user access control test is used to check setting related to User Access Control within Windows. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a uaac_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ uac_test
+ uac_object
+ uac_state
+ uac_item
+
+
+
+
+
+ - the object child element of a uac_test must reference a uac_object
+
+
+ - the state child element of a uac_test must reference a uac_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The uac_object element is used by a user access control test to define those objects to evaluate based on a specified state. There is actually only one object relating to user access control and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check user access control settings will reference the same uac_object which is basically an empty object element.
+
+
+
+
+
+
+
+
+
+ The uac_state element specifies the different settings that are available under User Access Control. A user access control test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ Admin Approval Mode for the Built-in Administrator account.
+
+
+
+
+ Behavior of the elevation prompt for administrators in Admin Approval Mode.
+
+
+
+
+ Behavior of the elevation prompt for standard users.
+
+
+
+
+ Detect application installations and prompt for elevation.
+
+
+
+
+ Only elevate executables that are signed and validated.
+
+
+
+
+ Only elevate UIAccess applications that are installed in secure locations.
+
+
+
+
+ Run all administrators in Admin Approval Mode.
+
+
+
+
+ Switch to the secure desktop when prompting for elevation.
+
+
+
+
+ Virtualize file and registry write failures to per-user locations.
+
+
+
+
+
+
+
+
+
+
+
+
+ The user_test is used to check information about Windows users. When the user_test collects the users on the system, it should only include the local and built-in user accounts and not domain user accounts. However, it is important to note that domain user accounts can still be looked up. Also, note that the collection of groups, for which a user is a member, is not recursive. The only groups that will be collected are those for which the user is a direct member. For example, if a user is a member of group A, and group A is a member of group B, the only group that will be collected is group A. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a user_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ user_test
+ user_object
+ user_state
+ user_item
+
+
+
+
+
+ - the object child element of a user_test must reference a user_object
+
+
+ - the state child element of a user_test must reference a user_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The user entity holds a string that represents the name of a particular user. In Windows, user names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, users should be identified in the form: "domain\user name". For local users use: "computer name\user name". For built-in accounts on the system, use the user name without a domain.
+
+
+
+
+
+
+
+
+
+
+
+
+ The user_state element enumerates the different groups (identified by name) that a Windows user might belong to. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The user entity holds a string that represents the name of a particular user. In Windows, user names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, users should be identified in the form: "domain\user name". For local users use: "computer name\user name". For built-in accounts on the system, use the user name without a domain.
+
+
+
+
+ This element holds a boolean value that specifies whether the particular user account is enabled or not.
+
+
+
+
+ A string that represents the name of a particular group. In Windows, group names are case-insensitive. As a result, it is recommended that the case-insensitive operations are used for this entity. In a domain environment, groups should be identified in the form: "domain\group name". For local groups use: "computer name\group name". For built-in accounts on the system, use the group name without a domain.
+ The group element can be included multiple times in a system characteristic item in order to record that a user can be a member of a number of different groups. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like group that refer to items that can occur an unbounded number of times.
+
+
+
+
+
+
+
+
+
+
+
+
+ The user_sid55_test is used to check information about Windows users. When the user_sid55_test collects the user SIDs on the system, it should only include the local and built-in user SIDs and not domain user SIDs. However, it is important to note that domain user SIDs can still be looked up. Also, note that the collection of groups, for which a user is a member, is not recursive. The only groups that will be collected are those for which the user is a direct member. For example, if a user is a member of group A, and group A is a member of group B, the only group that will be collected is group A. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a user_sid55_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ user_sid55_test
+ user_sid55_object
+ user_sid55_state
+ user_sid_item
+
+
+
+
+
+ - the object child element of a user_sid55_test must reference a user_sid55_object
+
+
+ - the state child element of a user_sid55_test must reference a user_sid55_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The user_sid55_object represents a set of users on a Windows system. This set (which might contain only one user) is identified by a SID.
+
+
+
+
+
+
+
+
+
+
+ The user_sid entity holds a string that represents the SID of a particular user.
+
+
+
+
+
+
+
+
+
+
+
+
+ The user_sid55_state element enumerates the different groups (identified by SID) that a Windows user might belong to. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The user_sid entity holds a string that represents the SID of a particular user.
+
+
+
+
+ This element holds a boolean value that specifies whether the particular user account is enabled or not.
+
+
+
+
+ A string the represents the SID of a particular group. The group_sid element can be included multiple times in a system characteristic item in order to record that a user can be a member of a number of different groups. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like group that refer to items that can occur an unbounded number of times.
+
+
+
+
+
+
+
+
+
+
+
+
+ The user_sid_test is used to check information about Windows users. When the user_sid_test collects the user SIDs on the system, it should only include the local and built-in user SIDs and not domain user SIDs. However, it is important to note that domain user SIDs can still be looked up. Also, note that the collection of groups, for which a user is a member, is not recursive. The only groups that will be collected are those for which the user is a direct member. For example, if a user is a member of group A, and group A is a member of group B, the only group that will be collected is group A. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a user_sid_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ user_sid_test
+ user_sid_object
+ user_sid_state
+ user_sid_item
+
+
+
+
+ 5.5
+ Replaced by the user_sid55_test. This test uses user and group elements that are incorrectly named. A new test was created to change the element names to their correct values which are user_sid and group_sid. See the user_sid55_test.
+ This test has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+
+ - the object child element of a user_sid_test must reference a user_sid_object
+
+
+ - the state child element of a user_sid_test must reference a user_sid_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The user_sid_object represents a set of users on a Windows system. This set (which might contain only one user) is identified by a SID.
+
+
+ 5.5
+ Replaced by the user_sid55_object. This object uses a user element that is incorrectly named. A new object was created to change the element name to its correct value which is user_sid. See the user_sid55_object.
+ This object has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The user_sid entity holds a string that represents the SID of a particular user.
+
+
+
+
+
+
+
+
+
+
+ The user_sid_state element enumerates the different groups (identified by SID) that a Windows user might belong to. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+ 5.5
+ Replaced by the user_sid55_state. This state uses user and group elements that are incorrectly named. A new state was created to change the element names to their correct values which are user_sid and group_sid. See the user_sid55_state.
+ This state has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+
+ The user_sid entity holds a string that represents the SID of a particular user.
+
+
+
+
+ This element holds a boolean value that specifies whether the particular user account is enabled or not.
+
+
+
+
+ A string the represents the SID of a particular group. The group_sid element can be included multiple times in a system characteristic item in order to record that a user can be a member of a number of different groups. Note that the entity_check attribute associated with EntityStateStringType guides the evaluation of entities like group that refer to items that can occur an unbounded number of times.
+
+
+
+
+
+
+
+
+
+
+
+
+ The volume_test is used to check information about different storage volumes found on a Windows system. This includes the various system flags returned by GetVolumeInformation(). It is important to note that these system flags are specific to certain versions of Windows. As a result, the documentation for that version of Windows should be consulted for more information. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a volume_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ volume_test
+ volume_object
+ volume_state
+ volume_item
+
+
+
+
+
+ - the object child element of a volume_test must reference a volume_object
+
+
+ - the state child element of a volume_test must reference a volume_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The volume_object element is used by a volume test to define the specific volume(s) to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+ A volume object defines the rootpath of the volume(s).
+
+
+
+
+
+
+
+
+
+
+ A string that contains the root directory of the volume to be described. A trailing backslash is required. For example, you would specify \\MyServer\MyShare as "\\MyServer\MyShare\", or the C drive as "C:\".
+
+
+
+
+
+
+
+
+
+
+
+
+ The volume_state element defines the different metadata associate with a storage volume in Windows. This includes the rootpath, the file system type, name, and serial number, as well as any associated flags. Please refer to the individual elements in the schema for more details about what each represents. The GetVolumeInformation function as defined by Microsoft is also a good place to look for information.
+
+
+
+
+
+
+
+ A string that contains the root directory of the volume to be described. A trailing backslash is required. For example, you would specify \\MyServer\MyShare as "\\MyServer\MyShare\", or the C drive as "C:\".
+
+
+
+
+ The type of filesystem. For example FAT or NTFS.
+
+
+
+
+ The name of the volume.
+
+
+
+
+ The drive type of the volume.
+
+
+
+
+ The volume_max_component_length element specifies the maximum length, in TCHARs, of a file name component that a specified file system supports. A file name component is the portion of a file name between backslashes. The value that is stored in the variable that *lpMaximumComponentLength points to is used to indicate that a specified file system supports long names. For example, for a FAT file system that supports long names, the function stores the value 255, rather than the previous 8.3 indicator. Long names can also be supported on systems that use the NTFS file system.
+
+
+
+
+ The volume serial number.
+
+
+
+
+ The file system supports case-sensitive file names.
+
+
+
+
+ The file system preserves the case of file names when it places a name on disk.
+
+
+
+
+ The file system supports Unicode in file names as they appear on disk.
+
+
+
+
+ The file system preserves and enforces ACLs. For example, NTFS preserves and enforces ACLs, and FAT does not.
+
+
+
+
+ The file system supports file-based compression.
+
+
+
+
+ The file system supports disk quotas.
+
+
+
+
+ The file system supports sparse files.
+
+
+
+
+ The file system supports reparse points.
+
+
+
+
+ The specified volume is a compressed volume; for example, a DoubleSpace volume.
+
+
+
+
+ The specified volume is a compressed volume; for example, a DoubleSpace volume.
+
+
+
+
+ The file system supports object identifiers.
+
+
+
+
+ The file system supports the Encrypted File System (EFS).
+
+
+
+
+ The file system supports named streams.
+
+
+
+
+ The specified volume is read-only.
+
+
+
+
+
+
+
+
+
+
+
+
+ The wmi test is used to check information accessed by WMI. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wmi_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ wmi_test
+ wmi_object
+ wmi_state
+ wmi_item
+
+
+
+
+ 5.7
+ Replaced by the wmi57_test. This test only allows for single fields to be selected from WMI. A new test was created to allow more than one field to be selected in one statement. See the wmi57_test.
+ This test has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
+
+
+
+ - the object child element of a wmi_test must reference a wmi_object
+
+
+ - the state child element of a wmi_test must reference a wmi_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 5.7
+ Replaced by the wmi57_object. This object allows for single fields to be selected from WMI. A new object was created to allow more than one field to be selected in one statement. See the wmi57_object.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED OBJECT: ID:
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Specifies which WMI namespace to look under. Each WMI provider normally registers its own WMI namespace and then all its classes within that namespace. For example, all Win32 WMI classes can be found in the namespace "root\cimv2", all IIS WMI classes can be found at "root\microsoftiisv2", and all LDAP WMI classes can be found at "root\directory\ldap".
+
+
+
+ - operation attribute for the namespace entity of a wmi_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ A WQL query used to identify the object(s) to test against. Any valid WQL query is usable with one exception, at most one field is allowed in the SELECT portion of the query. For example SELECT name FROM ... is valid, as is SELECT 'true' FROM ..., but SELECT name, number FROM ... is not valid. This is because the result element in the data section is only designed to work against a single field.
+
+
+
+ - operation attribute for the wql entity of a wmi_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 5.7
+ Replaced by the wmi57_state. This object allows for single fields to be selected from WMI. A new state was created to allow more than one field to be selected in one statement. See the wmi57_state.
+ This state has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED STATE: ID:
+
+
+
+
+
+
+
+
+
+
+ Specifies which WMI namespace to look under. Each WMI provider normally registers its own WMI namespace and then all its classes within that namespace. For example, all Win32 WMI classes can be found in the namespace "root\cimv2", all IIS WMI classes can be found at "root\microsoftiisv2", and all LDAP WMI classes can be found at "root\directory\ldap".
+
+
+
+
+ A WQL query used to identify the object(s) to test against. Any valid WQL query is usable with one exception, at most one field is allowed in the SELECT portion of the query. For example SELECT name FROM ... is valid, as is SELECT 'true' FROM ..., but SELECT name, number FROM ... is not valid. This is because the result element in the data section is only designed to work against a single field.
+
+
+
+
+ The result element specifies how to test objects in the result set of the specified WQL statement. Only one comparable field is allowed. So if the WQL statement look like 'SELECT name FROM ...', then a result element with a value of 'Fred' would test that value against the names returned by the WQL statement.
+
+
+
+
+
+
+
+
+
+
+
+
+ The wmi57 test is used to check information accessed by WMI. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wmi57_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+
+
+ wmi57_test
+ wmi57_object
+ wmi57_state
+ wmi57_item
+
+
+
+
+
+ - the object child element of a wmi57_test must reference a wmi57_object
+
+
+ - the state child element of a wmi57_test must reference a wmi57_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Specifies which WMI namespace to look under. Each WMI provider normally registers its own WMI namespace and then all its classes within that namespace. For example, all Win32 WMI classes can be found in the namespace "root\cimv2", all IIS WMI classes can be found at "root\microsoftiisv2", and all LDAP WMI classes can be found at "root\directory\ldap".
+
+
+
+ - operation attribute for the namespace entity of a wmi57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ A WQL query used to identify the object(s) to test against. Any valid WQL query is usable with one exception, all fields must be named in the SELECT portion of the query. For example SELECT name, age FROM ... is valid. However, SELECT * FROM ... is not valid. This is because the record element in the state and item require a unique field name value to ensure that any query results can be evaluated consistantly.
+
+
+
+ - operation attribute for the wql entity of a wmi57_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Specifies which WMI namespace to look under. Each WMI provider normally registers its own WMI namespace and then all its classes within that namespace. For example, all Win32 WMI classes can be found in the namespace "root\cimv2", all IIS WMI classes can be found at "root\microsoftiisv2", and all LDAP WMI classes can be found at "root\directory\ldap".
+
+
+
+
+ A WQL query used to identify the object(s) to test against. Any valid WQL query is usable with one exception, all fields must be named in the SELECT portion of the query. For example SELECT name, age FROM ... is valid. However, SELECT * FROM ... is not valid. This is because the record element in the state and item require a unique field name value to ensure that any query results can be evaluated consistantly.
+
+
+
+
+ The result element specifies how to test items in the result set of the specified WQL statement.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The wuaupdatesearcher_test is used to evaluate patch level in a Windows environment utilizing the WUA (Windows Update Agent) interface. It is based on the Search method of the IUpdateSearcher interface found in the WUA API. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wuaupdatesearcher_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
+ Note that WUA can work off of many different sources including WSUS, update.microsoft.com, and a local cab file. The content source is specific to a given system evaluating a wuaupdatesearcher_test and thus is not defined by this test. The tool being used for evaluation should determine what content source is best for the system being assessed and then evaluate this test based on that selection.
+
+
+ wuaupdatesearcher_test
+ wuaupdatesearcher_object
+ wuaupdatesearcher_state
+ wuaupdatesearcher_item
+
+
+
+
+
+
+ - the object child element of a wuaupdatesearcher_test must reference a wuaupdatesearcher_object
+
+
+
+
+ - the state child element of a wuaupdatesearcher_test must reference a wuaupdatesearcher_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The wuaupdatesearcher_object element is used by a wuaupdatesearcher_test to define the specific search criteria to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+
+
+ The search_criteria entity specifies a search criteria to use when generating a search result. The string used for the search criteria entity must match the custom search language for Search method of the IUpdateSearcher interface. The string consists of criteria that are evaluated to determine which updates to return. The Search method performs a synchronous search for updates by using the current configured search options. For more information about possible search criteria, please see the Search method of the IUpdateSearcher interface.
+
+
+
+
+ - operation attribute for the search_criteria entity of a wuaupdatesearcher_object should be 'equals'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The wuaupdatesearcher_state element defines entities that can be tested related to a uaupdatesearcher_object. This includes the search criteria and updated id. Please refer to the individual elements in the schema for more details about what each represents.
+
+
+
+
+
+
+
+ The search_criteria entity specifies a string to examine the search criteria that was used to generate the object set. Note that since this entity is part of the state, it is not used to determine the object set, but rather is used to test the search criteria that was actually used.
+
+
+
+
+ The update_id enity specifies a string that represents a revision-independent identifier of an update. This information is part of the IUpdateIdentity interface that is part of the result of the IUpdateSearcher interface's Search method.
+
+
+
+
+
+
+
+
+
+ The WuaUpdateSearcherBehaviors complex type defines behaviors that allow a more detailed definition of the wuaupdatesearcher_object being specified. Note that using these behaviors may result in some unique results. For example, a double negative type condition might be created where an object entity says include everything except a specific item, but a behavior is used that might then add that item back in.
+
+
+
+ 'include_superseded_updates' is a boolean flag that when set to true indicates that the search results should include updates that are superseded by other updates in the search results. When set to 'false' superseded updates should be excluded from the set of matching update items. The default value is 'true'.
+
+
+
+
+
+
+
+
+ The EntityStateAddrTypeType complex type restricts a string value to a specific set of values that describe address types associated with an interface. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The stated IP address is being deleted. The unsigned short value that this corresponds to is 0x0040
+
+
+
+
+ The stated IP address is on a disconnected interface. The unsigned short value that this corresponds to is 0x0008.
+
+
+
+
+ The stated IP address is a dynamic IP address. The unsigned short value that this corresponds to is 0x0004.
+
+
+
+
+ The stated IP address is a primary IP address. The unsigned short value that this corresponds to is 0x0001.
+
+
+
+
+ The stated IP address is a transient IP address. The unsigned short value that this corresponds to is 0x0080
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateAdstypeType complex type restricts a string value to a specific set of values that specify the different types of information that an active directory attribute can represents. For more information look at the ADSTYPEENUM enumeration defined by Microsoft. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The data type is invalid.
+
+
+
+
+ The string is of Distinguished Name (path) of a directory service object.
+
+
+
+
+ The string is of the case-sensitive type.
+
+
+
+
+ The string is of the case-insensitive type.
+
+
+
+
+ The string is displayable on the screen or in print.
+
+
+
+
+ The string is of a numeric value to be interpreted as text.
+
+
+
+
+ The data is of a Boolean value.
+
+
+
+
+ The data is of an integer value.
+
+
+
+
+ The string is of a byte array.
+
+
+
+
+ The data is of the universal time as expressed in Universal Time Coordinate (UTC).
+
+
+
+
+ The data is of a long integer value.
+
+
+
+
+ The string is of a provider-specific string.
+
+
+
+
+ Not used.
+
+
+
+
+ The data is of a list of case insensitive strings.
+
+
+
+
+ The data is of a list of octet strings.
+
+
+
+
+ The string is of a directory path.
+
+
+
+
+ The string is of the postal address type.
+
+
+
+
+ The data is of a time stamp in seconds.
+
+
+
+
+ The string is of a back link.
+
+
+
+
+ The string is of a typed name.
+
+
+
+
+ The data is of the Hold data structure.
+
+
+
+
+ The string is of a net address.
+
+
+
+
+ The data is of a replica pointer.
+
+
+
+
+ The string is of a fax number.
+
+
+
+
+ The data is of an e-mail message.
+
+
+
+
+ The data is of Windows NT/Windows 2000 Security Descriptor as represented by a byte array.
+
+
+
+
+ The data is of an undefined type.
+
+
+
+
+ The data is of ADS_DN_WITH_BINARY used for mapping a distinguished name to a non varying GUID.
+
+
+
+
+ The data is of ADS_DN_WITH_STRING used for mapping a distinguished name to a non-varying string value.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateAuditType complex type restricts a string value to a specific set of values: AUDIT_NONE, AUDIT_SUCCESS, AUDIT_FAILURE, and AUDIT_SUCCESS_FAILURE. These values describe which audit records should be generated. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The audit type AUDIT_FAILURE is used to perform audits on all unsuccessful occurrences of specified events when auditing is enabled.
+
+
+
+
+ The audit type AUDIT_NONE is used to cancel all auditing options for the specified events.
+
+
+
+
+ The audit type AUDIT_SUCCESS is used to perform audits on all successful occurrences of the specified events when auditing is enabled.
+
+
+
+
+ The audit type AUDIT_SUCCESS_FAILURE is used to perform audits on all successful and unsuccessful occurrences of the specified events when auditing is enabled.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateDriveTypeType complex type defines the different values that are valid for the drive_type entity of a win-def:volume_state. Note that the Windows API returns a UINT value and OVAL uses the constant name that is normally defined for these return values. This is done to increase readability and maintainability of OVAL Definitions. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the drive_type entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The DRIVE_UNKNOWN type means that drive type cannot be determined. The UINT value that this corresponds to is 0.
+
+
+
+
+ The DRIVE_NO_ROOT_DIR type means that the root path is not valid. The UINT value that this corresponds to is 1.
+
+
+
+
+ The DRIVE_REMOVABLE type means that the drive contains removable media. The UINT value that this corresponds to is 2.
+
+
+
+
+ The DRIVE_FIXED type means that the drive contains fixed media. The UINT value that this corresponds to is 3.
+
+
+
+
+ The DRIVE_REMOTE type means that the drive is a remote drive (i.e. network drive). The UINT value that this corresponds to is 4.
+
+
+
+
+ The DRIVE_CDROM type means that the drive is a CD-ROM drive. The UINT value that this corresponds to is 5.
+
+
+
+
+ The DRIVE_RAMDISK type means that the drive is a RAM disk. The UINT value that this corresponds to is 6.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateInterfaceTypeType complex type restricts a string value to a specific set of values. These values describe the different interface types. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The MIB_IF_TYPE_ETHERNET type is used to describe ethernet interfaces.
+
+
+
+
+ The MIB_IF_TYPE_FDDI type is used to describe fiber distributed data interfaces (FDDI).
+
+
+
+
+ The MIB_IF_TYPE_LOOPBACK type is used to describe loopback interfaces.
+
+
+
+
+ The MIB_IF_TYPE_OTHER type is used to describe unknown interfaces.
+
+
+
+
+ The MIB_IF_TYPE_PPP type is used to describe point-to-point protocol interfaces (PPP).
+
+
+
+
+ The MIB_IF_TYPE_SLIP type is used to describe serial line internet protocol interfaces (SLIP).
+
+
+
+
+ The MIB_IF_TYPE_TOKENRING type is used to describe token ring interfaces..
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateFileTypeType complex type restricts a string value to a specific set of values. These values describe the type of file being represented. For more information see the GetFileType and GetFileAttributesEx functions as defined by Microsoft. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The handle identifies a directory.
+
+
+
+
+ The specified file is a character file, typically an LPT device or a console.
+
+
+
+
+ The specified file is a disk file.
+
+
+
+
+ The specified file is a socket, a named pipe, or an anonymous pipe.
+
+
+
+
+ Unused.
+
+
+
+
+ Either the type of the specified file is unknown, or the function failed.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityObjectNamingContextType restricts a string value to a specific set of values: domain, configuration, and schema. These values describe the different default naming context found in active directory. A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The domain naming context contains Active Directory objects present in the specified domain (e.g. users, computers, groups, and other objects).
+
+
+
+
+ The configuration naming context contains configuration data that is required for the Active Directory to operate as a directory service.
+
+
+
+
+ The schema naming context contains all of the Active Directory object definitions.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateNamingContextType restricts a string value to a specific set of values: domain, configuration, and schema. These values describe the different default naming context found in active directory. A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The domain naming context contains Active Directory objects present in the specified domain (e.g. users, computers, groups, and other objects).
+
+
+
+
+ The configuration naming context contains configuration data that is required for the Active Directory to operate as a directory service.
+
+
+
+
+ The schema naming context contains all of the Active Directory object definitions.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityObjectProtocolType restricts a string value to a specific set of values: TCP and UDP. These values describe the different protocols available to a port. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The port uses the Transmission Control Protocol (TCP).
+
+
+
+
+ The port uses the User Datagram Protocol (UDP).
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateProtocolType restricts a string value to a specific set of values: TCP and UDP. These values describe the different protocols available to a port. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The port uses the Transmission Control Protocol (TCP).
+
+
+
+
+ The port uses the User Datagram Protocol (UDP).
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityObjectRegistryHiveType restricts a string value to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS. These values describe the possible hives in the registry. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ This registry subtree contains information that associates file types with programs and configuration data for automation (e.g. COM objects and Visual Basic Programs).
+
+
+
+
+ This registry subtree contains configuration data for the current hardware profile.
+
+
+
+
+ This registry subtree contains the user profile of the user that is currently logged into the system.
+
+
+
+
+ This registry subtree contains information about the local system.
+
+
+
+
+ This registry subtree contains user-specific data.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateRegistryHiveType restricts a string value to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS. These values describe the possible hives in the registry. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ This registry subtree contains information that associates file types with programs and configuration data for automation (e.g. COM objects and Visual Basic Programs).
+
+
+
+
+ This registry subtree contains configuration data for the current hardware profile.
+
+
+
+
+ This registry subtree contains the user profile of the user that is currently logged into the system.
+
+
+
+
+ This registry subtree contains information about the local system.
+
+
+
+
+ This registry subtree contains user-specific data.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateRegistryTypeType complex type defines the different values that are valid for the type entity of a registry state. These values describe the possible types of data stored in a registry key. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the type entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. Please note that the values identified are for the type entity and are not valid values for the datatype attribute. For information about how to encode registry data in OVAL for each of the different types, please visit the registry_state documentation.
+
+
+
+
+
+ The reg_binary type is used by registry keys that specify binary data in any form.
+
+
+
+
+ The reg_dword type is used by registry keys that specify a 32-bit number.
+
+
+
+
+ The reg_expand_sz type is used by registry keys to specify a null-terminated string that contains unexpanded references to environment variables (for example, "%PATH%").
+
+
+
+
+ The reg_multi_sz type is used by registry keys that specify an array of null-terminated strings, terminated by two null characters.
+
+
+
+
+ The reg_none type is used by registry keys that have no defined value type.
+
+
+
+
+ The reg_qword type is used by registry keys that specify a 64-bit number.
+
+
+
+
+ The reg_sz type is used by registry keys that specify a single null-terminated string.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateServiceAcceptedControlsType complex type defines the different values that are valid for the controls_accepted entity of a service. Note that the Windows API returns a DWORD value and OVAL uses the constant name that is normally defined for these return values. This is done to increase readability and maintainability of OVAL Definitions. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the controls_accepted entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The SERVICE_ACCEPT_NETBINDCHANGE type means that the service is a network component and can accept changes in its binding without being stopped or restarted. The DWORD value that this corresponds to is 0x00000010.
+
+
+
+
+ The SERVICE_ACCEPT_PARAMCHANGE type means that the service can re-read its startup parameters without being stopped or restarted. The DWORD value that this corresponds to is 0x00000008.
+
+
+
+
+ The SERVICE_ACCEPT_PAUSE_CONTINUE type means that the service can be paused or continued. The DWORD value that this corresponds to is 0x00000002.
+
+
+
+
+ The SERVICE_ACCEPT_PRESHUTDOWN type means that the service can receive pre-shutdown notifications. The DWORD value that this corresponds to is 0x00000100.
+
+
+
+
+ The SERVICE_ACCEPT_SHUTDOWN type means that the service can receive shutdown notifications. The DWORD value that this corresponds to is 0x00000004.
+
+
+
+
+ The SERVICE_ACCEPT_STOP type means that the service can be stopped. The DWORD value that this corresponds to is 0x00000001.
+
+
+
+
+ The SERVICE_ACCEPT_HARDWAREPROFILECHANGE type means that the service can receive notifications when the system's hardware profile changes. The DWORD value that this corresponds to is 0x00000020.
+
+
+
+
+ The SERVICE_ACCEPT_POWEREVENT type means that the service can receive notifications when the system's power status has changed. The DWORD value that this corresponds to is 0x00000040.
+
+
+
+
+ The SERVICE_ACCEPT_SESSIONCHANGE type means that the service can receive notifications when the system's session status has changed. The DWORD value that this corresponds to is 0x00000080.
+
+
+
+
+ The SERVICE_ACCEPT_TIMECHANGE type means that the service can receive notifications when the system time changes. The DWORD value that this corresponds to is 0x00000200.
+
+
+
+
+ The SERVICE_ACCEPT_TRIGGEREVENT type means that the service can receive notifications when an event that the service has registered for occurs on the system. The DWORD value that this corresponds to is 0x00000400.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateServiceCurrentStateType complex type defines the different values that are valid for the current_state entity of a service. Note that the Windows API returns a DWORD value and OVAL uses the constant name that is normally defined for these return values. This is done to increase readability and maintainability of OVAL Definitions. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the current_state entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The SERVICE_CONTINUE_PENDING type means that the service has been sent a command to continue, however, the command has not yet been executed. The DWORD value that this corresponds to is 0x00000005.
+
+
+
+
+ The SERVICE_PAUSE_PENDING type means that the service has been sent a command to pause, however, the command has not yet been executed. The DWORD value that this corresponds to is 0x00000006.
+
+
+
+
+ The SERVICE_PAUSED type means that the service is paused. The DWORD value that this corresponds to is 0x00000007.
+
+
+
+
+ The SERVICE_RUNNING type means that the service is running. The DWORD value that this corresponds to is 0x00000004.
+
+
+
+
+ The SERVICE_START_PENDING type means that the service has been sent a command to start, however, the command has not yet been executed. The DWORD value that this corresponds to is 0x00000002.
+
+
+
+
+ The SERVICE_STOP_PENDING type means that the service has been sent a command to stop, however, the command has not yet been executed. The DWORD value that this corresponds to is 0x00000003.
+
+
+
+
+ The SERVICE_STOPPED type means that the service is stopped. The DWORD value that this corresponds to is 0x00000001.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateServiceStartTypeType complex type defines the different values that are valid for the start_type entity of a service. Note that the Windows API returns a DWORD value and OVAL uses the constant name that is normally defined for these return values. This is done to increase readability and maintainability of OVAL Definitions. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the start_type entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The SERVICE_AUTO_START type means that the service is started automatically by the Service Control Manager (SCM) during startup. The DWORD value that this corresponds to is 0x00000002.
+
+
+
+
+ The SERVICE_BOOT_START type means that the driver service is started by the system loader. The DWORD value that this corresponds to is 0x00000000.
+
+
+
+
+ The SERVICE_DEMAND_START type means that the service is started by the Service Control Manager (SCM) when StartService() is called. The DWORD value that this corresponds to is 0x00000003.
+
+
+
+
+ The SERVICE_DISABLED type means that the service cannot be started. The DWORD value that this corresponds to is 0x00000004.
+
+
+
+
+ The SERVICE_SYSTEM_START type means that the service is a device driver started by IoInitSystem(). The DWORD value that this corresponds to is 0x00000001.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateServiceTypeType complex type defines the different values that are valid for the service_type entity of a service. Note that the Windows API returns a DWORD value and OVAL uses the constant name that is normally defined for these return values. This is done to increase readability and maintainability of OVAL Definitions. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the service_type entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+
+
+
+
+
+ The SERVICE_FILE_SYSTEM_DRIVER type means that the service is a file system driver. The DWORD value that this corresponds to is 0x00000002.
+
+
+
+
+ The SERVICE_KERNEL_DRIVER type means that the service is a driver. The DWORD value that this corresponds to is 0x00000001.
+
+
+
+
+ The SERVICE_WIN32_OWN_PROCESS type means that the service runs in its own process. The DWORD value that this corresponds to is 0x00000010.
+
+
+
+
+ The SERVICE_WIN32_SHARE_PROCESS type means that the service runs in a process with other services. The DWORD value that this corresponds to is 0x00000020.
+
+
+
+
+ The SERVICE_WIN32_SHARE_PROCESS type means that the service runs in a process with other services. The DWORD value that this corresponds to is 0x00000100.
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
+
+ The EntityStateSharedResourceTypeType complex type defines the different values that are valid for the type entity of a shared resource state. Note that the Windows API returns a DWORD value and OVAL uses the constant name that is normally defined for these return values. This is done to increase readability and maintainability of OVAL Definitions. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the type entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values.
+ It is also important to note that special shared resources are those reserved for remote administration, interprocess communication, and administrative shares.
+
+
+
+
+
+ The STYPE_DISKTREE type means that the shared resource is a disk drive. The DWORD value that this corresponds to is 0x00000000.
+
+
+
+
+ The STYPE_DISKTREE_SPECIAL type means that the shared resource is a special disk drive. The DWORD value that this corresponds to is 0x80000000.
+
+
+
+
+ The STYPE_DISKTREE_TEMPORARY type means that the shared resource is a temporary disk drive. The DWORD value that this corresponds to is 0x40000000.
+
+
+
+
+ The STYPE_DISKTREE_SPECIAL_TEMPORARY type means that the shared resource is a temporary, special disk drive. The DWORD value that this corresponds to is 0xC0000000.
+
+
+
+
+ The STYPE_PRINTQ type means that the shared resource is a print queue. The DWORD value that this corresponds to is 0x00000001.
+
+
+
+
+ The STYPE_PRINTQ_SPECIAL type means that the shared resource is a special print queue. The DWORD value that this corresponds to is 0x80000001.
+
+
+
+
+ The STYPE_PRINTQ_TEMPORARY type means that the shared resource is a temporary print queue. The DWORD value that this corresponds to is 0x40000001.
+
+
+
+
+ The STYPE_PRINTQ_SPECIAL_TEMPORARY type means that the shared resource is a temporary, special print queue. The DWORD value that this corresponds to is 0xC0000001.
+
+
+
+
+ The STYPE_DEVICE type means that the shared resource is a communication device. The DWORD value that this corresponds to is 0x00000002.
+
+
+
+
+ The STYPE_DEVICE_SPECIAL type means that the shared resource is a special communication device. The DWORD value that this corresponds to is 0x80000002.
+
+
+
+
+ The STYPE_DEVICE_TEMPORARY type means that the shared resource is a temporary communication device. The DWORD value that this corresponds to is 0x40000002.
+
+
+
+
+ The STYPE_DEVICE_SPECIAL_TEMPORARY type means that the shared resource is a temporary, special communication device. The DWORD value that this corresponds to is 0xC0000002.
+
+
+
+
+ The STYPE_IPC type means that the shared resource is a interprocess communication. The DWORD value that this corresponds to is 0x00000003.
+
+
+
+
+ The STYPE_IPC_SPECIAL type means that the shared resource is a special interprocess communication. The DWORD value that this corresponds to is 0x80000003.
+
+
+
+
+ The STYPE_IPC_TEMPORARY type means that the shared resource is a temporary interprocess communication. The DWORD value that this corresponds to is 0x40000003.
+
+
+
+
+ The STYPE_IPC_SPECIAL_TEMPORARY type means that the shared resource is a temporary, special interprocess communication. The DWORD value that this corresponds to is 0xC0000003.
+
+
+
+
+ The STYPE_SPECIAL type means that this is a special share reserved for interprocess communication (IPC$) or remote administration of the server (ADMIN$). Can also refer to administrative shares such as C$, D$, E$, and so forth. The DWORD value that this corresponds to is 0x40000000.
+
+
+ 5.6
+ In version 5.6 of the OVAL Language, the EntityStateSharedResourceTypeType was changed to include all of the different shared resource types as specified in Microsoft's documentation of the shi2_type member of the SHARE_INFO_2 structure. As a result, the STYPE_SPECIAL value by itself is no longer valid because it would actually be equal to the value STYPE_DISKTREE_SPECIAL (0x80000000) which is STYPE_DISKTREE (0x00000000) OR'd with STYPE_SPECIAL (0x80000000).
+ This value has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED ELEMENT VALUE IN: sharedresource_state ELEMENT VALUE:
+
+
+
+
+
+
+
+
+ The STYPE_TEMPORARY type means that the shared resource is a temporary share. The DWORD value that this corresponds to is 0x80000000.
+
+
+ 5.6
+ In version 5.6 of the OVAL Language, the EntityStateSharedResourceTypeType was changed to include all of the different shared resource types as specified in Microsoft's documentation of the shi2_type member of the SHARE_INFO_2 structure. As a result, the STYPE_TEMPORARY value by itself is no longer valid because it would actually be equal to the value STYPE_DISKTREE_TEMPORARY (0x40000000) which is STYPE_DISKTREE (0x00000000) OR'd with STYPE_TEMPORARY (0x40000000).
+ This value has been deprecated and will be removed in version 6.0 of the language.
+
+
+
+
+ DEPRECATED ELEMENT VALUE IN: sharedresource_state ELEMENT VALUE:
+
+
+
+
+
+
+
+
+ The empty string value is permitted here to allow for empty elements associated with variable references.
+
+
+
+
+
+
diff --git a/content-model/.classpath b/content-model/.classpath
new file mode 100644
index 0000000..4f7b1f7
--- /dev/null
+++ b/content-model/.classpath
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/content-model/.project b/content-model/.project
new file mode 100644
index 0000000..62e1de3
--- /dev/null
+++ b/content-model/.project
@@ -0,0 +1,23 @@
+
+
+ content-model
+
+
+
+
+
+ org.eclipse.jdt.core.javabuilder
+
+
+
+
+ org.maven.ide.eclipse.maven2Builder
+
+
+
+
+
+ org.eclipse.jdt.core.javanature
+ org.maven.ide.eclipse.maven2Nature
+
+
diff --git a/content-model/.settings/org.eclipse.jdt.core.prefs b/content-model/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 0000000..fa58026
--- /dev/null
+++ b/content-model/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,6 @@
+#Mon Jan 10 16:31:05 EST 2011
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.6
diff --git a/content-model/.settings/org.maven.ide.eclipse.prefs b/content-model/.settings/org.maven.ide.eclipse.prefs
new file mode 100644
index 0000000..c401c97
--- /dev/null
+++ b/content-model/.settings/org.maven.ide.eclipse.prefs
@@ -0,0 +1,8 @@
+#Mon Jan 10 16:24:26 EST 2011
+activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=process-test-resources
+resolveWorkspaceProjects=true
+resourceFilterGoals=process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
diff --git a/content-model/pom.xml b/content-model/pom.xml
new file mode 100644
index 0000000..a8fea5b
--- /dev/null
+++ b/content-model/pom.xml
@@ -0,0 +1,92 @@
+
+
+
+ content
+ scap-content
+ 1.0-SNAPSHOT
+
+ 4.0.0
+
+ scap-content
+ content-model
+ 1.0-SNAPSHOT
+ jar
+
+ content-model
+ http://maven.apache.org
+
+
+ UTF-8
+
+
+
+
+ junit
+ junit
+ 3.8.1
+ test
+
+
+ scap-content
+ content-meta-model
+ 1.0-SNAPSHOT
+ jar
+
+
+ scap-content
+ content-annotations
+ 1.0-SNAPSHOT
+ jar
+ compile
+
+
+ log4j
+ log4j
+ jar
+ false
+
+
+ scap-content
+ jaxb-reflection
+ 1.0-SNAPSHOT
+ jar
+ compile
+
+
+ commons-lang
+ commons-lang
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+
+
+
diff --git a/content-model/src/main/java/org/scapdev/content/model/AbstractDocument.java b/content-model/src/main/java/org/scapdev/content/model/AbstractDocument.java
new file mode 100644
index 0000000..6bca901
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/AbstractDocument.java
@@ -0,0 +1,33 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+import org.scapdev.content.model.jaxb.DocumentEntityType;
+
+public abstract class AbstractDocument extends AbstractSchemaComponent implements DocumentInfo {
+
+ protected AbstractDocument(DocumentEntityType entity, SchemaInfo schema) {
+ super(entity.getId(), schema, entity.getSchemaNode().getNode());
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/AbstractEntity.java b/content-model/src/main/java/org/scapdev/content/model/AbstractEntity.java
new file mode 100644
index 0000000..f4c1731
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/AbstractEntity.java
@@ -0,0 +1,48 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public abstract class AbstractEntity implements Entity {
+ private final EntityInfo entityInfo;
+ private final DATA object;
+
+ public AbstractEntity(EntityInfo entityInfo, DATA object) {
+ this.entityInfo = entityInfo;
+ this.object = object;
+ }
+
+ /**
+ * @return the entityInfo
+ */
+ public EntityInfo getEntityInfo() {
+ return entityInfo;
+ }
+
+ /**
+ * @return the object
+ */
+ public DATA getObject() {
+ return object;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/AbstractRelationship.java b/content-model/src/main/java/org/scapdev/content/model/AbstractRelationship.java
new file mode 100644
index 0000000..6ac7f62
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/AbstractRelationship.java
@@ -0,0 +1,44 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public abstract class AbstractRelationship> implements Relationship {
+ private final INFO relationshipInfo;
+ private final Entity owningEntity;
+
+ protected AbstractRelationship(INFO relationshipInfo, Entity owningEntity) {
+ this.relationshipInfo = relationshipInfo;
+ this.owningEntity = owningEntity;
+ }
+
+ @Override
+ public INFO getRelationshipInfo() {
+ return relationshipInfo;
+ }
+
+ @Override
+ public Entity getOwningEntity() {
+ return owningEntity;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/AbstractSchemaComponent.java b/content-model/src/main/java/org/scapdev/content/model/AbstractSchemaComponent.java
new file mode 100644
index 0000000..14e1abc
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/AbstractSchemaComponent.java
@@ -0,0 +1,52 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+
+public class AbstractSchemaComponent implements SchemaComponent {
+ private final String id;
+ private final SchemaInfo schemaInfo;
+ private final String schemaNode;
+
+ protected AbstractSchemaComponent(String id, SchemaInfo schemaInfo, String schemaNode) {
+ this.id = id;
+ this.schemaInfo = schemaInfo;
+ this.schemaNode = schemaNode;
+ }
+
+ @Override
+ public String getId() {
+ return id;
+ }
+
+ @Override
+ public SchemaInfo getSchemaInfo() {
+ return schemaInfo;
+ }
+
+ @Override
+ public String getSchemaNode() {
+ return schemaNode;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/Component.java b/content-model/src/main/java/org/scapdev/content/model/Component.java
new file mode 100644
index 0000000..b26911a
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/Component.java
@@ -0,0 +1,29 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface Component {
+ SchemaInfo getSchemaInfo();
+ String getId();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/DocumentInfo.java b/content-model/src/main/java/org/scapdev/content/model/DocumentInfo.java
new file mode 100644
index 0000000..5768117
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/DocumentInfo.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface DocumentInfo extends SchemaComponent {
+ SchemaInfo getSchemaInfo();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/Entity.java b/content-model/src/main/java/org/scapdev/content/model/Entity.java
new file mode 100644
index 0000000..c8dfaf0
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/Entity.java
@@ -0,0 +1,39 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+import java.util.List;
+
+public interface Entity {
+ /**
+ * @return the entityInfo
+ */
+ EntityInfo getEntityInfo();
+
+ /**
+ * @return the object
+ */
+ DATA getObject();
+ List> getRelationships();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/EntityInfo.java b/content-model/src/main/java/org/scapdev/content/model/EntityInfo.java
new file mode 100644
index 0000000..3c245db
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/EntityInfo.java
@@ -0,0 +1,27 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface EntityInfo extends SchemaComponent, Indexed {
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/FieldInfo.java b/content-model/src/main/java/org/scapdev/content/model/FieldInfo.java
new file mode 100644
index 0000000..8ff385b
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/FieldInfo.java
@@ -0,0 +1,30 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+
+
+public interface FieldInfo extends IndexFieldInfo {
+ KeyInfo getKeyInfo();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/FieldRefInfo.java b/content-model/src/main/java/org/scapdev/content/model/FieldRefInfo.java
new file mode 100644
index 0000000..ed58116
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/FieldRefInfo.java
@@ -0,0 +1,31 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+
+
+public interface FieldRefInfo extends IndexFieldInfo {
+ KeyRefInfo getKeyRefInfo();
+ FieldInfo getReferencedFieldInfo();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/GeneratedDocumentInfo.java b/content-model/src/main/java/org/scapdev/content/model/GeneratedDocumentInfo.java
new file mode 100644
index 0000000..929b053
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/GeneratedDocumentInfo.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface GeneratedDocumentInfo extends DocumentInfo {
+
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/IndexFieldInfo.java b/content-model/src/main/java/org/scapdev/content/model/IndexFieldInfo.java
new file mode 100644
index 0000000..e4f1e57
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/IndexFieldInfo.java
@@ -0,0 +1,41 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.List;
+
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultPropertyInfo;
+
+public interface IndexFieldInfo extends SchemaComponent {
+
+ /**
+ * @return the propertyPath
+ */
+ List getPropertyPath();
+
+ String getValue(Object instance) throws IllegalArgumentException,
+ IllegalAccessException, InvocationTargetException;
+
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/Indexed.java b/content-model/src/main/java/org/scapdev/content/model/Indexed.java
new file mode 100644
index 0000000..8d15217
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/Indexed.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface Indexed {
+ KeyInfo getKeyInfo();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/Key.java b/content-model/src/main/java/org/scapdev/content/model/Key.java
new file mode 100644
index 0000000..6b8db0f
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/Key.java
@@ -0,0 +1,115 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Set;
+
+public class Key implements Comparable {
+ private final String id;
+ private final LinkedHashMap idToValueMap;
+
+ public Key(String id, List typeIds, List values) {
+ this(id, typeIds.toArray(new String[typeIds.size()]), values.toArray(new String[typeIds.size()]));
+ }
+
+ public Key(String id, String[] typeIds, String[] values) {
+ this.id = id;
+ idToValueMap = new LinkedHashMap();
+ for (int i = 0;i idToValueMap) {
+ this.id = id;
+ this.idToValueMap = idToValueMap;
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public Set getIdentifierIds() {
+ return idToValueMap.keySet();
+ }
+
+ public Collection getValues() {
+ return idToValueMap.values();
+ }
+
+ public String toString() {
+ return new StringBuilder()
+ .append(id)
+ .append("=")
+ .append(idToValueMap.toString())
+ .toString();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (!(obj instanceof Key))
+ return false;
+ Key other = (Key) obj;
+ if (!id.equals(other.id)) {
+ return false;
+ } else if (!idToValueMap.equals(other.idToValueMap))
+ return false;
+ return true;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ int result = 1;
+ result = 37 * result + id.hashCode();
+ result = 37 * result + idToValueMap.hashCode();
+ return result;
+ }
+
+ @Override
+ public int compareTo(Key that) {
+ if ( this == that ) return 0;
+
+ int result = this.id.compareTo(that.id);
+ if (result == 0) {
+ for (String id : idToValueMap.keySet()) {
+ result = idToValueMap.get(id).compareTo(that.idToValueMap.get(id));
+ if (result != 0) break;
+ }
+ }
+ return result;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/KeyException.java b/content-model/src/main/java/org/scapdev/content/model/KeyException.java
new file mode 100644
index 0000000..89f43bf
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/KeyException.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+
+public class KeyException extends ModelException {
+
+ /** the serial version UID */
+ private static final long serialVersionUID = 1L;
+
+ public KeyException() {
+ }
+
+ public KeyException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public KeyException(String message) {
+ super(message);
+ }
+
+ public KeyException(Throwable cause) {
+ super(cause);
+ }
+
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/KeyInfo.java b/content-model/src/main/java/org/scapdev/content/model/KeyInfo.java
new file mode 100644
index 0000000..a9708c4
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/KeyInfo.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.Collection;
+
+public interface KeyInfo extends Component {
+ EntityInfo getEntity();
+ Collection getFieldInfos();
+ FieldInfo getFieldInfo(String id);
+ Key getKey(Object instance) throws IllegalArgumentException, IllegalAccessException, InvocationTargetException;
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/KeyRefInfo.java b/content-model/src/main/java/org/scapdev/content/model/KeyRefInfo.java
new file mode 100644
index 0000000..dea9521
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/KeyRefInfo.java
@@ -0,0 +1,32 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+import java.lang.reflect.InvocationTargetException;
+
+
+public interface KeyRefInfo extends Component {
+ KeyInfo getKeyInfo();
+ Key getKey(Object instance) throws IllegalArgumentException, IllegalAccessException, InvocationTargetException;
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/LocalRelationship.java b/content-model/src/main/java/org/scapdev/content/model/LocalRelationship.java
new file mode 100644
index 0000000..a89a42d
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/LocalRelationship.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface LocalRelationship extends Relationship> {
+ Key getKey();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/LocalRelationshipInfo.java b/content-model/src/main/java/org/scapdev/content/model/LocalRelationshipInfo.java
new file mode 100644
index 0000000..358a806
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/LocalRelationshipInfo.java
@@ -0,0 +1,30 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface LocalRelationshipInfo extends RelationshipInfo {
+ KeyRefInfo getKeyRefInfo();
+ KeyInfo getKeyInfo();
+ Key getKey(Object instance) throws ModelInstanceException;
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/MetadataModel.java b/content-model/src/main/java/org/scapdev/content/model/MetadataModel.java
new file mode 100644
index 0000000..6b09a72
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/MetadataModel.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface MetadataModel {
+
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/ModelException.java b/content-model/src/main/java/org/scapdev/content/model/ModelException.java
new file mode 100644
index 0000000..c789f2c
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/ModelException.java
@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public class ModelException extends RuntimeException {
+ /** the serial version UID */
+ private static final long serialVersionUID = 1L;
+
+ public ModelException() {
+ super();
+ }
+
+ public ModelException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public ModelException(String message) {
+ super(message);
+ }
+
+ public ModelException(Throwable cause) {
+ super(cause);
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/ModelInstanceException.java b/content-model/src/main/java/org/scapdev/content/model/ModelInstanceException.java
new file mode 100644
index 0000000..6addae7
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/ModelInstanceException.java
@@ -0,0 +1,44 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public class ModelInstanceException extends ModelException {
+ /** the serial version UID */
+ private static final long serialVersionUID = 1L;
+
+ public ModelInstanceException() {
+ }
+
+ public ModelInstanceException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public ModelInstanceException(String message) {
+ super(message);
+ }
+
+ public ModelInstanceException(Throwable cause) {
+ super(cause);
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/Relationship.java b/content-model/src/main/java/org/scapdev/content/model/Relationship.java
new file mode 100644
index 0000000..403a312
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/Relationship.java
@@ -0,0 +1,29 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface Relationship> {
+ Entity getOwningEntity();
+ INFO getRelationshipInfo();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/RelationshipInfo.java b/content-model/src/main/java/org/scapdev/content/model/RelationshipInfo.java
new file mode 100644
index 0000000..1fbeea7
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/RelationshipInfo.java
@@ -0,0 +1,29 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface RelationshipInfo extends SchemaComponent {
+ KeyRefInfo getKeyRefInfo();
+ Relationship newRelationship(Object instance, Entity owningEntity);
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/SchemaComponent.java b/content-model/src/main/java/org/scapdev/content/model/SchemaComponent.java
new file mode 100644
index 0000000..b97c9c1
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/SchemaComponent.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface SchemaComponent extends Component {
+ String getSchemaNode();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/SchemaInfo.java b/content-model/src/main/java/org/scapdev/content/model/SchemaInfo.java
new file mode 100644
index 0000000..5853f45
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/SchemaInfo.java
@@ -0,0 +1,31 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model;
+
+public interface SchemaInfo extends SchemaComponent {
+ String getId();
+ String getNamespace();
+ String getPrefix();
+ String getSchemaLocation();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractBindingInfo.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractBindingInfo.java
new file mode 100644
index 0000000..6418578
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractBindingInfo.java
@@ -0,0 +1,56 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.lang.annotation.Annotation;
+
+import org.scapdev.jaxb.reflection.model.DefaultTypeInfo;
+
+abstract class AbstractBindingInfo implements BindingInfo {
+ private final String id;
+ private final X annotation;
+ private final DefaultTypeInfo typeInfo;
+
+ AbstractBindingInfo(String id, X annotation, DefaultTypeInfo typeInfo) {
+ this.id = id;
+ this.annotation = annotation;
+ this.typeInfo = typeInfo;
+ }
+
+ @Override
+ public String getId() {
+ return id;
+ }
+
+ @Override
+ public X getAnnotation() {
+ return annotation;
+ }
+
+ @Override
+ public DefaultTypeInfo getTypeInfo() {
+ return typeInfo;
+ }
+
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractDocumentBase.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractDocumentBase.java
new file mode 100644
index 0000000..b7fca4a
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractDocumentBase.java
@@ -0,0 +1,39 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import org.scapdev.content.model.AbstractDocument;
+
+abstract class AbstractDocumentBase extends AbstractDocument {
+ private final BindingInfo binding;
+
+ AbstractDocumentBase(DocumentEntityType entity, SchemaInfoImpl schema, JAXBMetadataModel model, InitializingTypeInfoVisitor init) {
+ super(entity, schema);
+ binding = init.getDocumentBindingInfo(entity.getId());
+ }
+
+ BindingInfo getBinding() {
+ return binding;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractFieldInfo.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractFieldInfo.java
new file mode 100644
index 0000000..e1d9789
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractFieldInfo.java
@@ -0,0 +1,88 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.List;
+
+import org.apache.commons.lang.builder.ToStringBuilder;
+import org.apache.commons.lang.builder.ToStringStyle;
+import org.scapdev.content.model.Component;
+import org.scapdev.content.model.IndexFieldInfo;
+import org.scapdev.content.model.SchemaInfo;
+import org.scapdev.jaxb.reflection.instance.PropertyPathEvaluator;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultPropertyInfo;
+
+abstract class AbstractFieldInfo implements IndexFieldInfo {
+
+ private final PARENT parent;
+ private final String id;
+ private final String schemaNode;
+ private final List propertyPath;
+
+ AbstractFieldInfo(JAXB_TYPE field, PARENT parent, List propertyPath, JAXBMetadataModel loader) {
+ this.parent = parent;
+ id = field.getId();
+ schemaNode = field.getSchemaNode().getNode();
+ this.propertyPath = propertyPath;
+// binding = loader.getFieldBindingInfo(id);
+ }
+
+ @Override
+ public String getId() {
+ return id;
+ }
+
+ public PARENT getParent() {
+ return parent;
+ }
+
+ @Override
+ public String getSchemaNode() {
+ return schemaNode;
+ }
+
+ @Override
+ public SchemaInfo getSchemaInfo() {
+ return getParent().getSchemaInfo();
+ }
+
+ public List getPropertyPath() {
+ return propertyPath;
+ }
+
+ @Override
+ public String getValue(Object instance) throws IllegalArgumentException, IllegalAccessException, InvocationTargetException {
+ return PropertyPathEvaluator.evaluate(instance, getPropertyPath());
+ }
+
+
+ public String toString() {
+ return new ToStringBuilder(this, ToStringStyle.SHORT_PREFIX_STYLE)
+ .appendSuper(super.toString())
+ .append("id",id)
+ .append("propertyPath",propertyPath)
+ .toString();
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractIndexIdentifyingPropertyPathModelVisitor.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractIndexIdentifyingPropertyPathModelVisitor.java
new file mode 100644
index 0000000..caec27d
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractIndexIdentifyingPropertyPathModelVisitor.java
@@ -0,0 +1,100 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.lang.annotation.Annotation;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.scapdev.content.model.ModelException;
+import org.scapdev.jaxb.reflection.model.DefaultTypeInfo;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultModel;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultPropertyInfo;
+import org.scapdev.jaxb.reflection.model.visitor.PropertyPathModelVisitor;
+
+abstract class AbstractIndexIdentifyingPropertyPathModelVisitor extends
+ PropertyPathModelVisitor {
+ private final ANNOTATION indexedAnnotation;
+ private final Map> propertyMap;
+ private final Class fieldClass;
+
+ public AbstractIndexIdentifyingPropertyPathModelVisitor(ANNOTATION indexedAnnotation, DefaultTypeInfo typeInfo, DefaultModel model, Class annotationClass, Class fieldClass) {
+ super(typeInfo, model);
+ if (typeInfo.getAnnotation(annotationClass, false) == null) {
+ throw new ModelException("Type '"+typeInfo.getType().getName()+"' does not contain a "+indexedAnnotation.getClass());
+ }
+ propertyMap = new LinkedHashMap>();
+ this.indexedAnnotation = indexedAnnotation;
+ this.fieldClass = fieldClass;
+ }
+
+ protected ANNOTATION getIndexedAnnotation() {
+ return indexedAnnotation;
+ }
+
+ /**
+ * @return the propertyMap
+ */
+ public Map> getPropertyMap() {
+ return propertyMap;
+ }
+
+ protected abstract List getIndexedFields();
+ protected abstract String getIndexedAnnotationId();
+ protected abstract String getIndexedFieldId(FIELD field);
+
+ @Override
+ public void visit() {
+ super.visit();
+
+ Set fields = new HashSet(getIndexedFields());
+ Set locatedFields = propertyMap.keySet();
+ if (!locatedFields.equals(fields)) {
+ fields.removeAll(locatedFields);
+ if (!fields.isEmpty()) {
+ throw new ModelException("Unable to identify fields for "+indexedAnnotation.getClass().getName()+" '"+getIndexedAnnotationId()+"': "+fields.toString());
+ }
+ }
+ }
+
+ @Override
+ public boolean beforePropertyInfo(DefaultTypeInfo typeInfo,
+ DefaultPropertyInfo property) {
+ // TODO: support elements
+// if (property.isAttribute()) {
+ FIELD field = property.getAnnotation(fieldClass);
+ if (field != null) {
+ String id = getIndexedFieldId(field);
+ if (propertyMap.containsKey(id)) {
+ throw new ModelException("Duplicate field found for "+indexedAnnotation.getClass().getName()+" '"+getIndexedAnnotationId()+"': "+id);
+ }
+ propertyMap.put(id, getPropertyPath());
+ }
+// }
+ return false;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractIndexedBindingInfo.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractIndexedBindingInfo.java
new file mode 100644
index 0000000..8d63acd
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractIndexedBindingInfo.java
@@ -0,0 +1,46 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.lang.annotation.Annotation;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import org.scapdev.jaxb.reflection.model.DefaultTypeInfo;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultPropertyInfo;
+
+abstract class AbstractIndexedBindingInfo extends AbstractBindingInfo implements IndexedBindingInfo {
+ private final Map> propertyMap;
+
+ protected AbstractIndexedBindingInfo(String id, ANNOTATION annotation, Map> propertyMap, DefaultTypeInfo typeInfo) {
+ super(id, annotation, typeInfo);
+ this.propertyMap = Collections.unmodifiableMap(propertyMap);
+ }
+
+ /** {@inheritDoc} */
+ public Map> getPropertyMap() {
+ return propertyMap;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractRelationshipInfo.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractRelationshipInfo.java
new file mode 100644
index 0000000..cde7fd9
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/AbstractRelationshipInfo.java
@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import org.scapdev.content.model.AbstractSchemaComponent;
+import org.scapdev.content.model.RelationshipInfo;
+import org.scapdev.content.model.SchemaInfo;
+
+abstract class AbstractRelationshipInfo> extends AbstractSchemaComponent implements RelationshipInfo {
+
+ protected AbstractRelationshipInfo(RelationshipType type, SchemaInfo schemaInfo) {
+ super(type.getId(), schemaInfo, type.getSchemaNode().getNode());
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/BindingInfo.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/BindingInfo.java
new file mode 100644
index 0000000..71ef417
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/BindingInfo.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.lang.annotation.Annotation;
+
+import org.scapdev.jaxb.reflection.model.DefaultTypeInfo;
+
+interface BindingInfo {
+ String getId();
+ X getAnnotation();
+ DefaultTypeInfo getTypeInfo();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/DefaultBindingInfo.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/DefaultBindingInfo.java
new file mode 100644
index 0000000..133bbc1
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/DefaultBindingInfo.java
@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.lang.annotation.Annotation;
+
+import org.scapdev.jaxb.reflection.model.DefaultTypeInfo;
+
+class DefaultBindingInfo extends AbstractBindingInfo {
+
+ DefaultBindingInfo(String id, ANNOTATION annotation, DefaultTypeInfo typeInfo) {
+ super(id, annotation, typeInfo);
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/EntityInfoImpl.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/EntityInfoImpl.java
new file mode 100644
index 0000000..582a5a1
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/EntityInfoImpl.java
@@ -0,0 +1,49 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import org.scapdev.content.model.AbstractSchemaComponent;
+import org.scapdev.content.model.EntityInfo;
+import org.scapdev.content.model.KeyInfo;
+
+class EntityInfoImpl extends AbstractSchemaComponent implements EntityInfo {
+
+ private final KeyInfo key;
+ private final BindingInfo binding;
+
+ EntityInfoImpl(EntityType entity, SchemaInfoImpl schema, JAXBMetadataModel loader, InitializingTypeInfoVisitor init) {
+ super(entity.getId(), schema, entity.getSchemaNode().getNode());
+ binding = init.getEntityBindingInfo(getId());
+ key = new KeyInfoImpl(entity.getKey(), this, loader, init);
+ }
+
+ @Override
+ public KeyInfo getKeyInfo() {
+ return key;
+ }
+
+ BindingInfo getBinding() {
+ return binding;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/FieldInfoImpl.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/FieldInfoImpl.java
new file mode 100644
index 0000000..4fdee94
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/FieldInfoImpl.java
@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.util.List;
+
+import org.apache.commons.lang.builder.ToStringBuilder;
+import org.apache.commons.lang.builder.ToStringStyle;
+import org.scapdev.content.model.FieldInfo;
+import org.scapdev.content.model.KeyInfo;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultPropertyInfo;
+
+class FieldInfoImpl extends AbstractFieldInfo implements FieldInfo {
+
+ FieldInfoImpl(FieldType field, KeyInfo parent, List propertyPath, JAXBMetadataModel loader) {
+ super(field, parent, propertyPath, loader);
+ }
+
+ @Override
+ public KeyInfo getKeyInfo() {
+ return getParent();
+ }
+
+ public String toString() {
+ return new ToStringBuilder(this, ToStringStyle.SHORT_PREFIX_STYLE)
+ .appendSuper(super.toString())
+ .toString();
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/FieldRefInfoImpl.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/FieldRefInfoImpl.java
new file mode 100644
index 0000000..6df03a9
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/FieldRefInfoImpl.java
@@ -0,0 +1,53 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.util.List;
+
+import org.scapdev.content.model.FieldInfo;
+import org.scapdev.content.model.FieldRefInfo;
+import org.scapdev.content.model.KeyInfo;
+import org.scapdev.content.model.KeyRefInfo;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultPropertyInfo;
+
+class FieldRefInfoImpl extends AbstractFieldInfo implements FieldRefInfo {
+ private final FieldInfo referencedFieldInfo;
+
+ FieldRefInfoImpl(FieldRefType field, KeyRefInfo parent, List propertyPath, JAXBMetadataModel loader) {
+ super(field, parent, propertyPath, loader);
+ KeyInfo keyInfo = parent.getKeyInfo();
+ String fieldRef = field.idRef;
+ referencedFieldInfo = keyInfo.getFieldInfo(fieldRef);
+ }
+
+ @Override
+ public KeyRefInfo getKeyRefInfo() {
+ return getParent();
+ }
+
+ @Override
+ public FieldInfo getReferencedFieldInfo() {
+ return referencedFieldInfo;
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/GeneratedDocumentInfoImpl.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/GeneratedDocumentInfoImpl.java
new file mode 100644
index 0000000..c92b1ec
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/GeneratedDocumentInfoImpl.java
@@ -0,0 +1,32 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+
+class GeneratedDocumentInfoImpl extends AbstractDocumentBase {
+
+ GeneratedDocumentInfoImpl(DocumentEntityType entity, SchemaInfoImpl schema, JAXBMetadataModel model, InitializingTypeInfoVisitor init) {
+ super(entity, schema, model, init);
+ }
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/IndexedBindingInfo.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/IndexedBindingInfo.java
new file mode 100644
index 0000000..2905905
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/IndexedBindingInfo.java
@@ -0,0 +1,37 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.lang.annotation.Annotation;
+import java.util.List;
+import java.util.Map;
+
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultPropertyInfo;
+
+interface IndexedBindingInfo extends BindingInfo {
+ /**
+ * @return the propertyMap
+ */
+ Map> getPropertyMap();
+}
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/InitializingTypeInfoVisitor.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/InitializingTypeInfoVisitor.java
new file mode 100644
index 0000000..a7aee59
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/InitializingTypeInfoVisitor.java
@@ -0,0 +1,99 @@
+/**
+ *
+ */
+package org.scapdev.content.model.jaxb;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.scapdev.jaxb.reflection.model.DefaultTypeInfo;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultModel;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultPropertyInfo;
+import org.scapdev.jaxb.reflection.model.visitor.TypeInfoVisitor;
+
+class InitializingTypeInfoVisitor implements TypeInfoVisitor {
+ private final DefaultModel model;
+ private final Map> entities;
+ private final Map> documents;
+ private final Map keys;
+ private final Map keyRefs;
+
+ InitializingTypeInfoVisitor(DefaultModel model) {
+ this.model = model;
+ entities = new HashMap>();
+ documents = new HashMap>();
+ keys = new HashMap();
+ keyRefs = new HashMap();
+ }
+
+ protected BindingInfo getEntityBindingInfo(String id) {
+ return entities.get(id);
+ }
+
+ protected BindingInfo getDocumentBindingInfo(String id) {
+ return documents.get(id);
+ }
+
+ protected KeyBindingInfo getKeyBindingInfo(String id) {
+ return keys.get(id);
+ }
+
+ protected KeyRefBindingInfo getKeyRefBindingInfo(String id) {
+ return keyRefs.get(id);
+ }
+
+ protected BindingInfo getFieldBindingInfo(String id) {
+ return null;
+ }
+
+ /**
+ * Visit each TypeInfo and identify each annotation type if they exist.
+ */
+ @Override
+ public void visit(DefaultTypeInfo typeInfo) {
+ Class clazz = typeInfo.getType();
+ org.scapdev.content.annotation.Entity entity = clazz.getAnnotation(org.scapdev.content.annotation.Entity.class);
+ if (entity != null) {
+ String id = entity.id();
+
+ BindingInfo bindingInfo = new DefaultBindingInfo(id, entity, typeInfo);
+ assert(!entities.containsKey(id));
+ entities.put(id, bindingInfo);
+ }
+
+ org.scapdev.content.annotation.SchemaDocument document = clazz.getAnnotation(org.scapdev.content.annotation.SchemaDocument.class);
+ if (document != null) {
+ String id = document.id();
+ BindingInfo bindingInfo = new DefaultBindingInfo(id, document, typeInfo);
+ assert(!documents.containsKey(id));
+ documents.put(id, bindingInfo);
+ }
+
+ org.scapdev.content.annotation.Key key = clazz.getAnnotation(org.scapdev.content.annotation.Key.class);
+ if (key != null) {
+ String id = key.id();
+
+ KeyIdentifyingPropertyPathModelVisitor keyIdVisitor = new KeyIdentifyingPropertyPathModelVisitor(key, typeInfo, model);
+ keyIdVisitor.visit();
+ Map> propertyMap = keyIdVisitor.getPropertyMap();
+
+ KeyBindingInfo bindingInfo = new KeyBindingInfoImpl(id, key, propertyMap, typeInfo);
+ assert(!keys.containsKey(id));
+ keys.put(id, bindingInfo);
+ }
+
+ org.scapdev.content.annotation.KeyRef keyRef = clazz.getAnnotation(org.scapdev.content.annotation.KeyRef.class);
+ if (keyRef != null) {
+ String id = keyRef.id();
+
+ KeyRefIdentifyingPropertyPathModelVisitor keyRefIdVisitor = new KeyRefIdentifyingPropertyPathModelVisitor(keyRef, typeInfo, model);
+ keyRefIdVisitor.visit();
+ Map> propertyMap = keyRefIdVisitor.getPropertyMap();
+
+ KeyRefBindingInfo bindingInfo = new KeyRefBindingInfoImpl(id, keyRef, propertyMap, typeInfo);
+ assert(!keyRefs.containsKey(id));
+ keyRefs.put(id, bindingInfo);
+ }
+ }
+}
\ No newline at end of file
diff --git a/content-model/src/main/java/org/scapdev/content/model/jaxb/JAXBMetadataModel.java b/content-model/src/main/java/org/scapdev/content/model/jaxb/JAXBMetadataModel.java
new file mode 100644
index 0000000..3723334
--- /dev/null
+++ b/content-model/src/main/java/org/scapdev/content/model/jaxb/JAXBMetadataModel.java
@@ -0,0 +1,134 @@
+/*******************************************************************************
+ * The MIT License
+ *
+ * Copyright (c) 2011 David Waltermire
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ ******************************************************************************/
+package org.scapdev.content.model.jaxb;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.scapdev.content.model.DocumentInfo;
+import org.scapdev.content.model.EntityInfo;
+import org.scapdev.content.model.KeyRefInfo;
+import org.scapdev.content.model.MetadataModel;
+import org.scapdev.content.model.RelationshipInfo;
+import org.scapdev.content.model.SchemaInfo;
+import org.scapdev.jaxb.reflection.model.DefaultTypeInfo;
+import org.scapdev.jaxb.reflection.model.jaxb.DefaultModel;
+
+public class JAXBMetadataModel implements MetadataModel {
+ private final DefaultModel model;
+ private final Map schemaMap;
+ private final Map entityMap;
+ private final Map documentMap;
+ private final Map> relationshipMap;
+ private final Map keyIdToEntityMap;
+ private final Map> keyRefIdToRelationshipMap;
+ private final Map entityIdToEntityMap;
+
+ public JAXBMetadataModel() throws IOException, JAXBException {
+ // Initialize JAXB reflection model
+ model = new DefaultModel(this.getClass().getClassLoader());
+
+ // Identify objects of interest
+ InitializingTypeInfoVisitor init = new InitializingTypeInfoVisitor(model);
+ for (DefaultTypeInfo typeInfo : model.getTypeInfos()) {
+ init.visit(typeInfo);
+ }
+
+ schemaMap = new HashMap();
+ entityMap = new HashMap();
+ documentMap = new HashMap();
+ relationshipMap = new HashMap>();
+ keyIdToEntityMap = new HashMap();
+ entityIdToEntityMap = new HashMap();
+ keyRefIdToRelationshipMap = new HashMap>();
+
+ // Load metadata and associate with JAXB info
+ loadMetadata(init);
+ }
+
+ private void loadMetadata(InitializingTypeInfoVisitor init) throws IOException, JAXBException {
+ Unmarshaller unmarshaller = model.getJAXBContext().createUnmarshaller();
+
+ InputStream is = this.getClass().getResourceAsStream("/META-INF/metamodels/manifest");
+ BufferedReader r = new BufferedReader(new InputStreamReader(is));
+ String file;
+ while ((file = r.readLine()) != null) {
+ String resource = "/META-INF/metamodels/"+file;
+
+ MetaModel model = (MetaModel) unmarshaller.unmarshal(this.getClass().getResourceAsStream(resource));
+ processModel(model, init);
+ }
+ }
+
+ private void processModel(MetaModel metaModel, InitializingTypeInfoVisitor init) {
+ for (SchemaType schemaType : metaModel.getSchemas().getSchema()) {
+ SchemaInfo schema = new SchemaInfoImpl(schemaType, this, init);
+ schemaMap.put(schema.getId(), schema);
+ }
+ }
+
+ void registerEntity(EntityInfoImpl entity) {
+ entityMap.put(entity.getBinding().getTypeInfo(), entity);
+ keyIdToEntityMap.put(entity.getKeyInfo().getId(), entity);
+ entityIdToEntityMap.put(entity.getId(), entity);
+ }
+
+ void registerRelationship(DefaultTypeInfo typeInfo, RelationshipInfo