diff options
Diffstat (limited to 'test/schemas/nvdcve_0.xsd')
| -rw-r--r-- | test/schemas/nvdcve_0.xsd | 498 |
1 files changed, 0 insertions, 498 deletions
diff --git a/test/schemas/nvdcve_0.xsd b/test/schemas/nvdcve_0.xsd deleted file mode 100644 index f24b574..0000000 --- a/test/schemas/nvdcve_0.xsd +++ /dev/null @@ -1,498 +0,0 @@ -<?xml version="1.0"?>
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
- targetNamespace="http://nvd.nist.gov/feeds/cve/1.2"
- xmlns:cve="http://nvd.nist.gov/feeds/cve/1.2" - elementFormDefault="qualified" attributeFormDefault="unqualified" - version="1.2">
- <xs:annotation>
- <xs:documentation>This schema defines the structure of the National
- Vulnerability Database XML feed files version: 1.2. The elements and
- attribute in this document are described by xs:annotation tags. This
- file is kept at http://nvd.nist.gov/schema/nvdcve.xsd. The NVD XML
- feeds are available at http://nvd.nist.gov/download.cfm.
-
- Release Notes:
-
- Version 1.2:
- * CVSS version 2 scores and vectors have been added. Please see
- http://nvd.nist.gov/cvss.cfm?vectorinfo and
- http://www.first.org/cvss/cvss-guide.html for more information on
- how to interpret this data. </xs:documentation>
- </xs:annotation>
- <xs:element name="nvd">
- <xs:annotation>
- <xs:documentation>The root element of the NVD CVE feed. Multiple "entry" child elements describe specific NVD CVE entries.</xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:sequence>
- <xs:element ref="cve:entry" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="nvd_xml_version" type="xs:NMTOKEN" use="required">
- <xs:annotation>
- <xs:documentation>The schema version number supported by the feed.</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="pub_date" type="cve:dateType" use="required">
- <xs:annotation>
- <xs:documentation>The date the feed was generated.</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- </xs:complexType>
- </xs:element>
- - <xs:element name="entry" type="cve:entryType">
- <xs:annotation>
- <xs:documentation>A CVE entry.</xs:documentation>
- </xs:annotation>
- </xs:element>
-
- <!-- ******************************************************************* -->
- <!-- * Complex Types * -->
- <!-- ******************************************************************* -->
- <xs:complexType name="entryType">
- <xs:annotation>
- <xs:documentation> Documents one CVE entry. The child elements should always
- appear in the sequence defined below. These elements are compatible with
- entry elements from the CVE XML feeds.</xs:documentation>
- </xs:annotation>
- <xs:sequence>
- <xs:element name="desc">
- <xs:annotation>
- <xs:documentation>Description wrapper tag, parent to any
- documented descriptions of this CVE entry. While the "desc"
- tag will always be present, there may be no "descript" child
- tags. Only one "descript" tag will exist for each
- description source (i.e. CVE, NVD, ...). </xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:sequence>
- <xs:element name="descript" type="cve:descriptType" minOccurs="0" maxOccurs="2">
- <xs:annotation>
- <xs:documentation>A description of a CVE entry
- from the source indicated by the "source"
- attribute.</xs:documentation>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="impacts" minOccurs="0">
- <xs:annotation>
- <xs:documentation> Impact wrapper tag (may or may not be
- present). Only one "impact" tag will exist for each impact
- explanation source. </xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:sequence>
- <xs:element name="impact" type="cve:impactType">
- <xs:annotation>
- <xs:documentation> Contains a specific impact
- explanation of this CVE entry from source
- indicated by the "source" attribute.
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="sols" type="cve:solsType" minOccurs="0">
- <xs:annotation>
- <xs:documentation> Solution wrapper tag (may or may not be
- present). Only one "sol" tag will exist for each solution
- explanation source. </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="loss_types" type="cve:lossTypeType" minOccurs="0">
- <xs:annotation>
- <xs:documentation> Loss type tag (may or may not be present).
- Contains one loss type child for each loss type of this CVE
- entry. Potential loss types are: "avail" => availability
- "conf" => confidentiality "int" => integrity "sec_prot" =>
- security protection </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="vuln_types" type="cve:vulnType" minOccurs="0">
- <xs:annotation>
- <xs:documentation> Vulnerability type tag (may or may not be
- present). Contains one vulnerability type child for each
- vulnerability type of this CVE entry. Potential
- vulnerability types are: "access" => Access validation error
- "input" => Input validation error "design" => Design error
- "exception" => Exceptional condition error "env" =>
- Environmental error "config" => Configuration error "race"
- => Race condition error "other" => other </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="range" type="cve:rangeType" minOccurs="0">
- <xs:annotation>
- <xs:documentation> Vulnerability range tag (may or may not be
- present). Contains one vulnerability range child for each
- vulnerability range of this CVE entry. Potential
- vulnerability ranges are: "local" => Locally exploitable
- "local_network" => Local network exploitable "network" =>
- Network exploitable "user_init" => User accesses attacker
- </xs:documentation>
- </xs:annotation>
- </xs:element>
- <xs:element name="refs">
- <xs:annotation>
- <xs:documentation> Reference wrapper tag (always present).
- External references to this CVE entry are contained within
- this tag. </xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:sequence>
- <xs:element name="ref" type="cve:refType" minOccurs="0" maxOccurs="unbounded">
- <xs:annotation>
- <xs:documentation> Individual reference to this CVE
- entry. Text is the name of this vulnerability at
- this particular reference. Attributes: "source"
- (required) => Name of reference source "url"
- (required) => hyperlink to reference "sig" =>
- indicates this reference includes a tool
- signature "adv" => indicates this reference is a
- Security Advisory "patch" => indicates this
- reference includes a patch for this
- vulnerability </xs:documentation>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:element name="vuln_soft" type="cve:vulnSoftType" minOccurs="0">
- <xs:annotation>
- <xs:documentation> Vulnerable software wrapper tag (may or may
- not be present). Software affected by this CVE entry are
- listed within this tag. </xs:documentation>
- </xs:annotation>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="type" use="required">
- <xs:annotation>
- <xs:documentation>CVE or CAN</xs:documentation>
- </xs:annotation>
- <xs:simpleType>
- <xs:restriction base="xs:NMTOKEN">
- <xs:enumeration value="CAN"/>
- <xs:enumeration value="CVE"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="name" use="required">
- <xs:annotation>
- <xs:documentation>the full CVE name</xs:documentation>
- </xs:annotation>
- <xs:simpleType>
- <xs:restriction base="xs:ID">
- <xs:pattern value="(CAN|CVE)\-\d\d\d\d\-\d\d\d\d"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="seq" use="required">
- <xs:annotation>
- <xs:documentation>the sequence number from CVE name</xs:documentation>
- </xs:annotation>
- <xs:simpleType>
- <xs:restriction base="xs:NMTOKEN">
- <xs:pattern value="\d\d\d\d\-\d\d\d\d"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="nvd_name" type="xs:string">
- <xs:annotation>
- <xs:documentation>the NVD name (if it exists)</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="discovered" type="cve:dateType">
- <xs:annotation>
- <xs:documentation>the date this entry was discovered</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="published" type="cve:dateType" use="required">
- <xs:annotation>
- <xs:documentation>the date this entry was published</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="modified" type="cve:dateType">
- <xs:annotation>
- <xs:documentation>the date this entry was last modified</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="severity">
- <xs:annotation>
- <xs:documentation>the entry's severity as determined by the NVD analysts: High, Medium, or Low</xs:documentation>
- </xs:annotation>
- <xs:simpleType>
- <xs:restriction base="xs:NMTOKEN">
- <xs:enumeration value="High"/>
- <xs:enumeration value="Medium"/>
- <xs:enumeration value="Low"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="reject" type="cve:trueOnlyAttribute">
- <xs:annotation>
- <xs:documentation>indicates that this CVE entry has been rejected by CVE or NVD</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="CVSS_version" type="xs:string">
- <xs:annotation>
- <xs:documentation>the CVSS Version Indicator</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="CVSS_score" type="cve:zeroToTen">
- <xs:annotation>
- <xs:documentation>Same as the CVSS_base_score to provide backwards compatability with the previous CVE XML feed format. This field is deprecated an may be removed at a future date.</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="CVSS_base_score" type="cve:zeroToTen">
- <xs:annotation>
- <xs:documentation>CVSS version 2 Base Score</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="CVSS_impact_subscore" type="cve:zeroToTen">
- <xs:annotation>
- <xs:documentation>CVSS version 2 Impact Score</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="CVSS_exploit_subscore" type="cve:zeroToTen">
- <xs:annotation>
- <xs:documentation>CVSS version 2 Exploit Score</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- <xs:attribute name="CVSS_vector" type="cve:CVSSVector">
- <xs:annotation>
- <xs:documentation>the CVSS version 2 Vector string</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- </xs:complexType>
-
- <xs:complexType name="descriptType">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="source" type="cve:descriptSourceType" use="required">
- <xs:annotation>
- <xs:documentation>The source of the CVE description.</xs:documentation>
- </xs:annotation>
- </xs:attribute>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:complexType name="impactType">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="source" type="cve:impactSourceType" use="required">
- </xs:attribute>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:complexType name="vulnType">
- <xs:sequence>
- <xs:element name="access" minOccurs="0"/>
- <xs:element name="input" minOccurs="0">
- <xs:annotation>
- <xs:documentation> Input validation error tag with
- one attribute for each input validation error
- type. Potential input validation error types
- are: "bound" => Boundary condition error
- "buffer" => Buffer overflow </xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:attribute name="bound" type="cve:trueOnlyAttribute"/>
- <xs:attribute name="buffer" type="cve:trueOnlyAttribute"
- />
- </xs:complexType>
- </xs:element>
- <xs:element name="design" minOccurs="0"/>
- <xs:element name="exception" minOccurs="0"/>
- <xs:element name="env" minOccurs="0"/>
- <xs:element name="config" minOccurs="0"/>
- <xs:element name="race" minOccurs="0"/>
- <xs:element name="other" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="solsType">
- <xs:sequence>
- <xs:element name="sol">
- <xs:annotation>
- <xs:documentation> Contains a specific solution
- explanation of this CVE entry from source
- indicated by the "source" attribute.
- </xs:documentation>
- </xs:annotation>
- <xs:complexType mixed="true">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="source" type="cve:solsSourceType" use="required">
- </xs:attribute>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="lossTypeType">
- <xs:sequence>
- <xs:element name="avail" minOccurs="0"/>
- <xs:element name="conf" minOccurs="0"/>
- <xs:element name="int" minOccurs="0"/>
- <xs:element name="sec_prot" minOccurs="0">
- <xs:annotation>
- <xs:documentation> Security Protection tag with one
- attribute for each security protection type.
- Potential security protection types are: "admin"
- => gain administrative access "user" => gain
- user access "other" => other </xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:attribute name="admin" type="cve:trueOnlyAttribute"/>
- <xs:attribute name="user" type="cve:trueOnlyAttribute"/>
- <xs:attribute name="other" type="cve:trueOnlyAttribute"
- />
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="rangeType">
- <xs:sequence>
- <xs:element name="local" minOccurs="0"/>
- <xs:element name="local_network" minOccurs="0"/>
- <xs:element name="network" minOccurs="0"/>
- <xs:element name="user_init" minOccurs="0"/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:complexType name="refType">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="source" type="xs:string" use="required"/>
- <xs:attribute name="url" type="cve:urlType" use="required"/>
- <xs:attribute name="sig" type="cve:trueOnlyAttribute"/>
- <xs:attribute name="adv" type="cve:trueOnlyAttribute"/>
- <xs:attribute name="patch" type="cve:trueOnlyAttribute"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:complexType name="vulnSoftType">
- <xs:sequence>
- <xs:element name="prod" maxOccurs="unbounded">
- <xs:annotation>
- <xs:documentation> Product wrapper tag. Versions of
- this product that are affected by this
- vulnerability are listed within this tag.
- Attributes: "name" => Product name "vendor" =>
- Vendor of this product </xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:sequence>
- <xs:element name="vers" maxOccurs="unbounded">
- <xs:annotation>
- <xs:documentation> Represents a version
- of this product that is affected by
- this vulnerability. Attributes:
- "num" => This version number "prev"
- => Indicates that versions previous
- to this version number are also
- affected by this vulnerability
- "edition" => Indicates the edition
- associated with the version number
- </xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:attribute name="num"
- type="xs:string" use="required"/>
- <xs:attribute name="prev"
- type="cve:trueOnlyAttribute"/>
- <xs:attribute name="edition"
- type="xs:string"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- <xs:attribute name="name" type="xs:string"
- use="required"/>
- <xs:attribute name="vendor" type="xs:string"
- use="required"/>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
-
- <!-- ******************************************************************* -->
- <!-- * Simple Types * -->
- <!-- ******************************************************************* -->
- <xs:simpleType name="descriptSourceType">
- <xs:restriction base="xs:NMTOKEN">
- <xs:enumeration value="cve"/>
- <xs:enumeration value="nvd"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:simpleType name="impactSourceType">
- <xs:restriction base="xs:NMTOKEN">
- <xs:enumeration value="nvd"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:simpleType name="solsSourceType">
- <xs:restriction base="xs:NMTOKEN">
- <xs:enumeration value="nvd"/>
- </xs:restriction>
- </xs:simpleType>
-
- <xs:simpleType name="dateType">
- <xs:annotation>
- <xs:documentation> Defines date format for NVD. Dates follow the mask "yyyy-mm-dd"
- </xs:documentation>
- </xs:annotation>
- <xs:restriction base="xs:string">
- <xs:pattern
- value="(19|20)\d\d-((01|03|05|07|08|10|12)-(0[1-9]|[1-2]\d|3[01])|(04|06|09|11)-(0[1-9]|[1-2]\d|30)|02-(0[1-9]|1\d|2\d))"
- />
- </xs:restriction>
- </xs:simpleType>
- <xs:simpleType name="urlType">
- <xs:annotation>
- <xs:documentation> Restricts urls in NVD beyond the xs:anyURI restrictions.
- </xs:documentation>
- </xs:annotation>
- <xs:restriction base="xs:anyURI">
- <xs:whiteSpace value="collapse"/>
- <xs:pattern value="(news|(ht|f)tp(s)?)://.+"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:simpleType name="trueOnlyAttribute">
- <xs:annotation>
- <xs:documentation> simpleType used for attributes that are only present when they are
- true. Such attributes appear only in the form attribute_name="1".
- </xs:documentation>
- </xs:annotation>
- <xs:restriction base="xs:NMTOKEN">
- <xs:enumeration value="1"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:simpleType name="zeroToTen">
- <xs:annotation>
- <xs:documentation> simpleType used when scoring on a scale of 0-10, inclusive
- </xs:documentation>
- </xs:annotation>
- <xs:restriction base="xs:decimal">
- <xs:minInclusive value="0" fixed="true"/>
- <xs:maxInclusive value="10" fixed="true"/>
- </xs:restriction>
- </xs:simpleType>
- <xs:simpleType name="CVSSVector">
- <xs:annotation>
- <xs:documentation>simpleType to describe the CVSS Base Vector </xs:documentation>
- </xs:annotation>
- <xs:restriction base="xs:string">
- <xs:pattern
- value="\(AV:[LAN]/AC:[HML]/Au:[NSM]/C:[NPC]/I:[NPC]/A:[NPC]\)"/>
- </xs:restriction>
- </xs:simpleType>
-</xs:schema>
|