stix_schema_spy 1.0 → 1.1

data/config/1.1.1/stix/external/cvrf_1.1/common.xsd

@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema
+ xmlns:cvrf-common="http://www.icasi.org/CVRF/schema/common/1.1"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ id="CVRFCommonDictionary"
+ targetNamespace="http://www.icasi.org/CVRF/schema/common/1.1"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified"
+ version="1.1">
+  <!-- =============================================================================== -->
+  <!-- =============================   SCHEMA IMPORTS  =============================== -->
+  <!-- =============================================================================== -->
+  <xs:import namespace="http://purl.org/dc/elements/1.1/" schemaLocation="dc.xsd"/>
+  <xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
+  <!-- =============================================================================== -->
+  <!-- ============================ SCHEMA INFORMATION =============================== -->
+  <!-- =============================================================================== -->
+  <xs:annotation>
+    <xs:documentation xml:lang="en">This is the XML schema for the Common Vulerability Reporting Framework's common data types.</xs:documentation>
+    <xs:appinfo>
+      <dc:creator>Brian Schafer &lt;bschafer@microsoft.com&gt;</dc:creator>
+      <dc:contributor>Joe Clarke &lt;jclarke@cisco.com&gt;</dc:contributor>
+      <dc:contributor>Joe Hemmerlein &lt;Joe.Hemmerlein@microsoft.com&gt;</dc:contributor>
+      <dc:date>2012-05-07</dc:date>
+      <dc:subject>CVRF Common Data Types</dc:subject>
+      <version>1.1</version>
+    </xs:appinfo>
+  </xs:annotation>
+  <!-- =============================================================================== -->
+  <!-- =================================== DATA TYPES ================================ -->
+  <!-- =============================================================================== -->
+  <xs:simpleType name="nonEmptyNormalizedString">
+    <xs:annotation>
+      <xs:documentation xml:lang="en">A normalized string type that cannot be empty.</xs:documentation>
+    </xs:annotation>
+    <xs:restriction base="xs:normalizedString">
+      <xs:minLength value="1" />
+    </xs:restriction>
+  </xs:simpleType>
+  <xs:simpleType name="nonEmptyString">
+    <xs:annotation>
+      <xs:documentation xml:lang="en">A string type that cannot be empty.</xs:documentation>
+    </xs:annotation>
+    <xs:restriction base="xs:string">
+      <xs:minLength value="1" />
+    </xs:restriction>
+  </xs:simpleType>
+  <xs:complexType name="localizedString">
+    <xs:annotation>
+      <xs:documentation xml:lang="en">String type with an optional language attribute.  The default language is English.</xs:documentation>
+    </xs:annotation>
+    <xs:simpleContent>
+      <xs:extension base="cvrf-common:nonEmptyString">
+        <xs:attribute ref="xml:lang" default="en">
+          <xs:annotation>
+            <xs:documentation xml:lang="en">Locale code used for the string value.  The default is &quot;en&quot;.</xs:documentation>
+          </xs:annotation>
+        </xs:attribute>
+      </xs:extension>
+    </xs:simpleContent>
+  </xs:complexType>
+  <xs:complexType name="localizedNormalizedString">
+    <xs:annotation>
+      <xs:documentation xml:lang="en">Normalized string type with an optional language attribute.  The default language is English.  This string cannot be empty.</xs:documentation>
+    </xs:annotation>
+    <xs:simpleContent>
+      <xs:extension base="cvrf-common:nonEmptyNormalizedString">
+        <xs:attribute ref="xml:lang" default="en">
+          <xs:annotation>
+            <xs:documentation xml:lang="en">Locale code used for the string value.  The default is &quot;en&quot;.</xs:documentation>
+          </xs:annotation>
+        </xs:attribute>
+      </xs:extension>
+    </xs:simpleContent>
+  </xs:complexType>
+  <xs:simpleType name="revisionNumber">
+    <xs:annotation>
+      <xs:documentation xml:lang="en">Dotted string representing the document revision</xs:documentation>
+    </xs:annotation>
+    <xs:restriction base="xs:token">
+      <xs:pattern value="(0|[1-9][0-9]*)(\.(0|[1-9][0-9]*)){0,3}" />
+    </xs:restriction>
+  </xs:simpleType>
+  <xs:simpleType name="ReferenceTypeEnum">
+    <xs:annotation>
+      <xs:documentation xml:lang="en">Types enumerating the type of reference document</xs:documentation>
+    </xs:annotation>
+    <xs:restriction base="xs:token">
+      <xs:enumeration value="External">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">This document is an external reference to the current vulnerability.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Self">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">This document is a reference to this same vulnerability.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+    </xs:restriction>
+  </xs:simpleType>
+  <xs:simpleType name="PublisherEnumType">
+    <xs:annotation>
+      <xs:documentation xml:lang="en">Types enumerating the various publishers of a document.</xs:documentation>
+    </xs:annotation>
+    <xs:restriction base="xs:token">
+      <xs:enumeration value="Vendor">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">Developers or maintainers of information system products or services.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Discoverer">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">Individuals or organizations that find vulnerabilities or security weaknesses.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Coordinator">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">Individuals or organizations that manage a single vendor's response or multiple vendors' responses to a vulnerability, a security flaw, or an incident.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="User">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">Everyone using a vendor's product.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Other">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">Catchall for everyone else. Currently this includes forwarders, re-publishers, language translators and miscellaneous contributors.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+    </xs:restriction>
+  </xs:simpleType>
+  <xs:simpleType name="NoteTypeEnumType">
+    <xs:annotation>
+      <xs:documentation xml:lang="en">Allowed type values for CVRF notes.</xs:documentation>
+    </xs:annotation>
+    <xs:restriction base="xs:token">
+      <xs:enumeration value="General">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">A general, high-level note (Title may have more information).</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Details">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">A low-level detailed discussion (Title may have more information).</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Description">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">A description of something (Title may have more information).</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Summary">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">A summary of something (Title may have more information).</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="FAQ">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">A list of frequently asked questions.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Legal Disclaimer">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">Any possible legal discussion, including constraints, surrounding the document.</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+      <xs:enumeration value="Other">
+        <xs:annotation>
+          <xs:documentation xml:lang="en">Something that doesn’t fit (Title should have more information).</xs:documentation>
+        </xs:annotation>
+      </xs:enumeration>
+    </xs:restriction>
+  </xs:simpleType>
+</xs:schema>

data/config/1.1.1/stix/external/cvrf_1.1/cpe-language_2.2a.xsd

@@ -0,0 +1,182 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+      xmlns:cpe="http://cpe.mitre.org/language/2.0"
+      xmlns:xml="http://www.w3.org/XML/1998/namespace"
+      xmlns:sch="http://purl.oclc.org/dsdl/schematron"
+      targetNamespace="http://cpe.mitre.org/language/2.0" elementFormDefault="qualified"
+      attributeFormDefault="unqualified" version="2.2a">
+      <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
+      <xsd:annotation>
+            <xsd:documentation xml:lang="en">This XML Schema defines the CPE Language. An individual
+                  CPE Name addresses a single part of an actual system. To identify more complex
+                  platform types, there needs to be a way to combine different CPE Names using
+                  logical operators. For example, there may be a need to identify a platform with a
+                  particular operating system AND a certain application. The CPE Language exists to
+                  satisfy this need, enabling the CPE Name for the operating system to be combined
+                  with the CPE Name for the application. For more information, consult the CPE
+                  Specification document.</xsd:documentation>
+            <xsd:appinfo>
+                  <schema>CPE Language</schema>
+                  <author>Neal Ziring, Andrew Buttner, David Waltermire</author>
+                  <version>2.2</version>
+                  <date>10/27/2008 10:00:00 AM</date>
+            </xsd:appinfo>
+      </xsd:annotation>
+
+      <!-- =============================================================================== -->
+      <!-- =============================================================================== -->
+      <!-- =============================================================================== -->
+      <xsd:element name="platform-specification" type="cpe:platformSpecificationType">
+            <xsd:annotation>
+                  <xsd:documentation xml:lang="en">This element is the root element of a CPE
+                        Language XML documents and therefore acts as a container for child platform
+                        definitions.</xsd:documentation>
+            </xsd:annotation>
+            <xsd:key name="platformKey">
+                  <xsd:selector xpath="cpe:platform"/>
+                  <xsd:field xpath="@id"/>
+            </xsd:key>
+      </xsd:element>
+
+      <xsd:element name="platform" type="cpe:PlatformType"/>
+      <xsd:element name="platform-configuration" type="cpe:PlatformBaseType"/>
+
+      <xsd:element name="logical-test" type="cpe:LogicalTestType"/>
+
+      <xsd:element name="fact-ref" type="cpe:FactRefType"/>
+      
+
+      <!-- =============================================================================== -->
+      <!-- =========================== PLATFORM SPECIFICATION ============================ -->
+      <!-- =============================================================================== -->
+      <xsd:complexType name="platformSpecificationType">
+            <xsd:sequence>
+                  <xsd:element ref="cpe:platform" minOccurs="1"
+                        maxOccurs="unbounded"/>
+            </xsd:sequence>
+      </xsd:complexType>
+      
+      <!-- =============================================================================== -->
+      <!-- ==================================  PLATFORM  ================================= -->
+      <!-- =============================================================================== -->
+      <xsd:complexType name="PlatformBaseType">
+            <xsd:annotation>
+                  <xsd:documentation xml:lang="en">The platform element represents the description
+                        or qualifications of a particular IT platform type. The platform is defined
+                        by the logical-test child element.</xsd:documentation>
+            </xsd:annotation>
+            <xsd:sequence>
+                  <xsd:element name="title" type="cpe:TextType" minOccurs="0" maxOccurs="unbounded">
+                        <xsd:annotation>
+                              <xsd:documentation xml:lang="en">The optional title element may appear as a child
+                                    to a platform element. It provides a human-readable title for it. To support
+                                    uses intended for multiple languages, this element supports the ‘xml:lang’
+                                    attribute. At most one title element can appear for each language.</xsd:documentation>
+                        </xsd:annotation>
+                  </xsd:element>
+                  <xsd:element name="remark" type="cpe:TextType" minOccurs="0" maxOccurs="unbounded">
+                        <xsd:annotation>
+                              <xsd:documentation xml:lang="en">The optional remark element may appear as a child
+                                    of a platform element. It provides some additional description. Zero or more
+                                    remark elements may appear. To support uses intended for multiple languages,
+                                    this element supports the ‘xml:lang’ attribute. There can be multiple
+                                    remarks for a single language.</xsd:documentation>
+                        </xsd:annotation>
+                  </xsd:element>
+                  <xsd:element ref="cpe:logical-test" minOccurs="1" maxOccurs="1"/>
+            </xsd:sequence>
+      </xsd:complexType>
+      <xsd:complexType name="PlatformType">
+            <xsd:complexContent>
+                  <xsd:extension base="cpe:PlatformBaseType">
+                        <xsd:attribute name="id" type="xsd:anyURI" use="required">
+                              <xsd:annotation>
+                                    <xsd:documentation xml:lang="en">The id attribute holds a locally unique
+                                          name for the platform. There is no defined format for this id, it just has
+                                          to be unique to the containing language document.</xsd:documentation>
+                              </xsd:annotation>
+                        </xsd:attribute>
+                  </xsd:extension>
+            </xsd:complexContent>
+      </xsd:complexType>
+      <xsd:complexType name="LogicalTestType">
+            <xsd:annotation>
+                  <xsd:documentation xml:lang="en">The logical-test element appears as a child of a
+                        platform element, and may also be nested to create more complex logical
+                        tests. The content consists of one or more elements: fact-ref, and
+                        logical-test children are permitted. The operator to be applied, and
+                        optional negation of the test, are given as attributes.</xsd:documentation>
+            </xsd:annotation>
+            <xsd:sequence>
+                  <xsd:element name="logical-test" type="cpe:LogicalTestType" minOccurs="0"
+                        maxOccurs="unbounded"/>
+                  <xsd:element ref="cpe:fact-ref" minOccurs="0"
+                        maxOccurs="unbounded">
+                        <xsd:annotation>
+                              <xsd:documentation xml:lang="en"></xsd:documentation>
+                        </xsd:annotation>
+                  </xsd:element>
+            </xsd:sequence>
+            <xsd:attribute name="operator" type="cpe:operatorEnumeration" use="required"/>
+            <xsd:attribute name="negate" type="xsd:boolean" use="required"/>
+      </xsd:complexType>
+      <xsd:complexType name="FactRefType">
+            <xsd:annotation>
+                  <xsd:documentation xml:lang="en">The fact-ref element appears as a
+                        child of a logical-test element. It is simply a reference to a CPE Name that
+                        always evaluates to a Boolean result.</xsd:documentation>
+            </xsd:annotation>
+            <xsd:attribute name="name" type="cpe:namePattern" use="required"/>
+      </xsd:complexType>
+
+      <!-- =============================================================================== -->
+      <!-- ===============================  ENUMERATIONS  ================================ -->
+      <!-- =============================================================================== -->
+      <xsd:simpleType name="operatorEnumeration">
+            <xsd:annotation>
+                  <xsd:documentation xml:lang="en">The OperatorEnumeration simple type defines
+                        acceptable operators. Each operator defines how to evaluate multiple
+                        arguments.</xsd:documentation>
+            </xsd:annotation>
+            <xsd:restriction base="xsd:string">
+                  <xsd:enumeration value="AND"/>
+                  <xsd:enumeration value="OR"/>
+            </xsd:restriction>
+      </xsd:simpleType>
+      <!-- =============================================================================== -->
+      <!-- ==============================  SUPPORTING TYPES  ============================== -->
+      <!-- =============================================================================== -->
+      <xsd:complexType name="TextType">
+            <xsd:annotation>
+                  <xsd:documentation xml:lang="en">This type allows the xml:lang attribute to
+                        associate a specific language with an element's string
+                  content.</xsd:documentation>
+            </xsd:annotation>
+            <xsd:simpleContent>
+                  <xsd:extension base="xsd:string">
+                        <xsd:attribute ref="xml:lang"/>
+                  </xsd:extension>
+            </xsd:simpleContent>
+      </xsd:complexType>
+      <!-- =============================================================================== -->
+      <!-- ================================  ID PATTERNS  ================================ -->
+      <!-- =============================================================================== -->
+      <xsd:simpleType name="namePattern">
+            <xsd:annotation>
+                  <xsd:documentation xml:lang="en">Define the format for acceptable CPE Names. A URN
+                        format is used with the id starting with the word cpe followed by :/ and
+                        then some number of individual components separated by
+                  colons.</xsd:documentation>
+            </xsd:annotation>
+            <xsd:restriction base="xsd:anyURI">
+                  <xsd:pattern value="[c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\._\-~%]*){0,6}"/>
+            </xsd:restriction>
+      </xsd:simpleType>
+    <!-- ================================================== -->
+    <!-- =====  Change History  -->
+    <!-- ================================================== -->
+    <!--
+        v2.2 - Initial working version
+        v2.3 - Various refactoring of types to use element refs.  This enables more fine-grained reuse of this schema and allows XSD substitution to be possible.
+    -->
+</xsd:schema>