Annotation of embedaddon/libxml2/test/schemas/nvdcve_0.xsd, revision 1.1
1.1 ! misho 1: <?xml version="1.0"?>
! 2: <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
! 3: targetNamespace="http://nvd.nist.gov/feeds/cve/1.2"
! 4: xmlns:cve="http://nvd.nist.gov/feeds/cve/1.2"
! 5: elementFormDefault="qualified" attributeFormDefault="unqualified"
! 6: version="1.2">
! 7: <xs:annotation>
! 8: <xs:documentation>This schema defines the structure of the National
! 9: Vulnerability Database XML feed files version: 1.2. The elements and
! 10: attribute in this document are described by xs:annotation tags. This
! 11: file is kept at http://nvd.nist.gov/schema/nvdcve.xsd. The NVD XML
! 12: feeds are available at http://nvd.nist.gov/download.cfm.
! 13:
! 14: Release Notes:
! 15:
! 16: Version 1.2:
! 17: * CVSS version 2 scores and vectors have been added. Please see
! 18: http://nvd.nist.gov/cvss.cfm?vectorinfo and
! 19: http://www.first.org/cvss/cvss-guide.html for more information on
! 20: how to interpret this data. </xs:documentation>
! 21: </xs:annotation>
! 22: <xs:element name="nvd">
! 23: <xs:annotation>
! 24: <xs:documentation>The root element of the NVD CVE feed. Multiple "entry" child elements describe specific NVD CVE entries.</xs:documentation>
! 25: </xs:annotation>
! 26: <xs:complexType>
! 27: <xs:sequence>
! 28: <xs:element ref="cve:entry" minOccurs="0" maxOccurs="unbounded"/>
! 29: </xs:sequence>
! 30: <xs:attribute name="nvd_xml_version" type="xs:NMTOKEN" use="required">
! 31: <xs:annotation>
! 32: <xs:documentation>The schema version number supported by the feed.</xs:documentation>
! 33: </xs:annotation>
! 34: </xs:attribute>
! 35: <xs:attribute name="pub_date" type="cve:dateType" use="required">
! 36: <xs:annotation>
! 37: <xs:documentation>The date the feed was generated.</xs:documentation>
! 38: </xs:annotation>
! 39: </xs:attribute>
! 40: </xs:complexType>
! 41: </xs:element>
! 42:
! 43: <xs:element name="entry" type="cve:entryType">
! 44: <xs:annotation>
! 45: <xs:documentation>A CVE entry.</xs:documentation>
! 46: </xs:annotation>
! 47: </xs:element>
! 48:
! 49: <!-- ******************************************************************* -->
! 50: <!-- * Complex Types * -->
! 51: <!-- ******************************************************************* -->
! 52: <xs:complexType name="entryType">
! 53: <xs:annotation>
! 54: <xs:documentation> Documents one CVE entry. The child elements should always
! 55: appear in the sequence defined below. These elements are compatible with
! 56: entry elements from the CVE XML feeds.</xs:documentation>
! 57: </xs:annotation>
! 58: <xs:sequence>
! 59: <xs:element name="desc">
! 60: <xs:annotation>
! 61: <xs:documentation>Description wrapper tag, parent to any
! 62: documented descriptions of this CVE entry. While the "desc"
! 63: tag will always be present, there may be no "descript" child
! 64: tags. Only one "descript" tag will exist for each
! 65: description source (i.e. CVE, NVD, ...). </xs:documentation>
! 66: </xs:annotation>
! 67: <xs:complexType>
! 68: <xs:sequence>
! 69: <xs:element name="descript" type="cve:descriptType" minOccurs="0" maxOccurs="2">
! 70: <xs:annotation>
! 71: <xs:documentation>A description of a CVE entry
! 72: from the source indicated by the "source"
! 73: attribute.</xs:documentation>
! 74: </xs:annotation>
! 75: </xs:element>
! 76: </xs:sequence>
! 77: </xs:complexType>
! 78: </xs:element>
! 79: <xs:element name="impacts" minOccurs="0">
! 80: <xs:annotation>
! 81: <xs:documentation> Impact wrapper tag (may or may not be
! 82: present). Only one "impact" tag will exist for each impact
! 83: explanation source. </xs:documentation>
! 84: </xs:annotation>
! 85: <xs:complexType>
! 86: <xs:sequence>
! 87: <xs:element name="impact" type="cve:impactType">
! 88: <xs:annotation>
! 89: <xs:documentation> Contains a specific impact
! 90: explanation of this CVE entry from source
! 91: indicated by the "source" attribute.
! 92: </xs:documentation>
! 93: </xs:annotation>
! 94: </xs:element>
! 95: </xs:sequence>
! 96: </xs:complexType>
! 97: </xs:element>
! 98: <xs:element name="sols" type="cve:solsType" minOccurs="0">
! 99: <xs:annotation>
! 100: <xs:documentation> Solution wrapper tag (may or may not be
! 101: present). Only one "sol" tag will exist for each solution
! 102: explanation source. </xs:documentation>
! 103: </xs:annotation>
! 104: </xs:element>
! 105: <xs:element name="loss_types" type="cve:lossTypeType" minOccurs="0">
! 106: <xs:annotation>
! 107: <xs:documentation> Loss type tag (may or may not be present).
! 108: Contains one loss type child for each loss type of this CVE
! 109: entry. Potential loss types are: "avail" => availability
! 110: "conf" => confidentiality "int" => integrity "sec_prot" =>
! 111: security protection </xs:documentation>
! 112: </xs:annotation>
! 113: </xs:element>
! 114: <xs:element name="vuln_types" type="cve:vulnType" minOccurs="0">
! 115: <xs:annotation>
! 116: <xs:documentation> Vulnerability type tag (may or may not be
! 117: present). Contains one vulnerability type child for each
! 118: vulnerability type of this CVE entry. Potential
! 119: vulnerability types are: "access" => Access validation error
! 120: "input" => Input validation error "design" => Design error
! 121: "exception" => Exceptional condition error "env" =>
! 122: Environmental error "config" => Configuration error "race"
! 123: => Race condition error "other" => other </xs:documentation>
! 124: </xs:annotation>
! 125: </xs:element>
! 126: <xs:element name="range" type="cve:rangeType" minOccurs="0">
! 127: <xs:annotation>
! 128: <xs:documentation> Vulnerability range tag (may or may not be
! 129: present). Contains one vulnerability range child for each
! 130: vulnerability range of this CVE entry. Potential
! 131: vulnerability ranges are: "local" => Locally exploitable
! 132: "local_network" => Local network exploitable "network" =>
! 133: Network exploitable "user_init" => User accesses attacker
! 134: </xs:documentation>
! 135: </xs:annotation>
! 136: </xs:element>
! 137: <xs:element name="refs">
! 138: <xs:annotation>
! 139: <xs:documentation> Reference wrapper tag (always present).
! 140: External references to this CVE entry are contained within
! 141: this tag. </xs:documentation>
! 142: </xs:annotation>
! 143: <xs:complexType>
! 144: <xs:sequence>
! 145: <xs:element name="ref" type="cve:refType" minOccurs="0" maxOccurs="unbounded">
! 146: <xs:annotation>
! 147: <xs:documentation> Individual reference to this CVE
! 148: entry. Text is the name of this vulnerability at
! 149: this particular reference. Attributes: "source"
! 150: (required) => Name of reference source "url"
! 151: (required) => hyperlink to reference "sig" =>
! 152: indicates this reference includes a tool
! 153: signature "adv" => indicates this reference is a
! 154: Security Advisory "patch" => indicates this
! 155: reference includes a patch for this
! 156: vulnerability </xs:documentation>
! 157: </xs:annotation>
! 158: </xs:element>
! 159: </xs:sequence>
! 160: </xs:complexType>
! 161: </xs:element>
! 162: <xs:element name="vuln_soft" type="cve:vulnSoftType" minOccurs="0">
! 163: <xs:annotation>
! 164: <xs:documentation> Vulnerable software wrapper tag (may or may
! 165: not be present). Software affected by this CVE entry are
! 166: listed within this tag. </xs:documentation>
! 167: </xs:annotation>
! 168: </xs:element>
! 169: </xs:sequence>
! 170: <xs:attribute name="type" use="required">
! 171: <xs:annotation>
! 172: <xs:documentation>CVE or CAN</xs:documentation>
! 173: </xs:annotation>
! 174: <xs:simpleType>
! 175: <xs:restriction base="xs:NMTOKEN">
! 176: <xs:enumeration value="CAN"/>
! 177: <xs:enumeration value="CVE"/>
! 178: </xs:restriction>
! 179: </xs:simpleType>
! 180: </xs:attribute>
! 181: <xs:attribute name="name" use="required">
! 182: <xs:annotation>
! 183: <xs:documentation>the full CVE name</xs:documentation>
! 184: </xs:annotation>
! 185: <xs:simpleType>
! 186: <xs:restriction base="xs:ID">
! 187: <xs:pattern value="(CAN|CVE)\-\d\d\d\d\-\d\d\d\d"/>
! 188: </xs:restriction>
! 189: </xs:simpleType>
! 190: </xs:attribute>
! 191: <xs:attribute name="seq" use="required">
! 192: <xs:annotation>
! 193: <xs:documentation>the sequence number from CVE name</xs:documentation>
! 194: </xs:annotation>
! 195: <xs:simpleType>
! 196: <xs:restriction base="xs:NMTOKEN">
! 197: <xs:pattern value="\d\d\d\d\-\d\d\d\d"/>
! 198: </xs:restriction>
! 199: </xs:simpleType>
! 200: </xs:attribute>
! 201: <xs:attribute name="nvd_name" type="xs:string">
! 202: <xs:annotation>
! 203: <xs:documentation>the NVD name (if it exists)</xs:documentation>
! 204: </xs:annotation>
! 205: </xs:attribute>
! 206: <xs:attribute name="discovered" type="cve:dateType">
! 207: <xs:annotation>
! 208: <xs:documentation>the date this entry was discovered</xs:documentation>
! 209: </xs:annotation>
! 210: </xs:attribute>
! 211: <xs:attribute name="published" type="cve:dateType" use="required">
! 212: <xs:annotation>
! 213: <xs:documentation>the date this entry was published</xs:documentation>
! 214: </xs:annotation>
! 215: </xs:attribute>
! 216: <xs:attribute name="modified" type="cve:dateType">
! 217: <xs:annotation>
! 218: <xs:documentation>the date this entry was last modified</xs:documentation>
! 219: </xs:annotation>
! 220: </xs:attribute>
! 221: <xs:attribute name="severity">
! 222: <xs:annotation>
! 223: <xs:documentation>the entry's severity as determined by the NVD analysts: High, Medium, or Low</xs:documentation>
! 224: </xs:annotation>
! 225: <xs:simpleType>
! 226: <xs:restriction base="xs:NMTOKEN">
! 227: <xs:enumeration value="High"/>
! 228: <xs:enumeration value="Medium"/>
! 229: <xs:enumeration value="Low"/>
! 230: </xs:restriction>
! 231: </xs:simpleType>
! 232: </xs:attribute>
! 233: <xs:attribute name="reject" type="cve:trueOnlyAttribute">
! 234: <xs:annotation>
! 235: <xs:documentation>indicates that this CVE entry has been rejected by CVE or NVD</xs:documentation>
! 236: </xs:annotation>
! 237: </xs:attribute>
! 238: <xs:attribute name="CVSS_version" type="xs:string">
! 239: <xs:annotation>
! 240: <xs:documentation>the CVSS Version Indicator</xs:documentation>
! 241: </xs:annotation>
! 242: </xs:attribute>
! 243: <xs:attribute name="CVSS_score" type="cve:zeroToTen">
! 244: <xs:annotation>
! 245: <xs:documentation>Same as the CVSS_base_score to provide backwards compatability with the previous CVE XML feed format. This field is deprecated an may be removed at a future date.</xs:documentation>
! 246: </xs:annotation>
! 247: </xs:attribute>
! 248: <xs:attribute name="CVSS_base_score" type="cve:zeroToTen">
! 249: <xs:annotation>
! 250: <xs:documentation>CVSS version 2 Base Score</xs:documentation>
! 251: </xs:annotation>
! 252: </xs:attribute>
! 253: <xs:attribute name="CVSS_impact_subscore" type="cve:zeroToTen">
! 254: <xs:annotation>
! 255: <xs:documentation>CVSS version 2 Impact Score</xs:documentation>
! 256: </xs:annotation>
! 257: </xs:attribute>
! 258: <xs:attribute name="CVSS_exploit_subscore" type="cve:zeroToTen">
! 259: <xs:annotation>
! 260: <xs:documentation>CVSS version 2 Exploit Score</xs:documentation>
! 261: </xs:annotation>
! 262: </xs:attribute>
! 263: <xs:attribute name="CVSS_vector" type="cve:CVSSVector">
! 264: <xs:annotation>
! 265: <xs:documentation>the CVSS version 2 Vector string</xs:documentation>
! 266: </xs:annotation>
! 267: </xs:attribute>
! 268: </xs:complexType>
! 269:
! 270: <xs:complexType name="descriptType">
! 271: <xs:simpleContent>
! 272: <xs:extension base="xs:string">
! 273: <xs:attribute name="source" type="cve:descriptSourceType" use="required">
! 274: <xs:annotation>
! 275: <xs:documentation>The source of the CVE description.</xs:documentation>
! 276: </xs:annotation>
! 277: </xs:attribute>
! 278: </xs:extension>
! 279: </xs:simpleContent>
! 280: </xs:complexType>
! 281:
! 282: <xs:complexType name="impactType">
! 283: <xs:simpleContent>
! 284: <xs:extension base="xs:string">
! 285: <xs:attribute name="source" type="cve:impactSourceType" use="required">
! 286: </xs:attribute>
! 287: </xs:extension>
! 288: </xs:simpleContent>
! 289: </xs:complexType>
! 290:
! 291: <xs:complexType name="vulnType">
! 292: <xs:sequence>
! 293: <xs:element name="access" minOccurs="0"/>
! 294: <xs:element name="input" minOccurs="0">
! 295: <xs:annotation>
! 296: <xs:documentation> Input validation error tag with
! 297: one attribute for each input validation error
! 298: type. Potential input validation error types
! 299: are: "bound" => Boundary condition error
! 300: "buffer" => Buffer overflow </xs:documentation>
! 301: </xs:annotation>
! 302: <xs:complexType>
! 303: <xs:attribute name="bound" type="cve:trueOnlyAttribute"/>
! 304: <xs:attribute name="buffer" type="cve:trueOnlyAttribute"
! 305: />
! 306: </xs:complexType>
! 307: </xs:element>
! 308: <xs:element name="design" minOccurs="0"/>
! 309: <xs:element name="exception" minOccurs="0"/>
! 310: <xs:element name="env" minOccurs="0"/>
! 311: <xs:element name="config" minOccurs="0"/>
! 312: <xs:element name="race" minOccurs="0"/>
! 313: <xs:element name="other" minOccurs="0"/>
! 314: </xs:sequence>
! 315: </xs:complexType>
! 316:
! 317: <xs:complexType name="solsType">
! 318: <xs:sequence>
! 319: <xs:element name="sol">
! 320: <xs:annotation>
! 321: <xs:documentation> Contains a specific solution
! 322: explanation of this CVE entry from source
! 323: indicated by the "source" attribute.
! 324: </xs:documentation>
! 325: </xs:annotation>
! 326: <xs:complexType mixed="true">
! 327: <xs:simpleContent>
! 328: <xs:extension base="xs:string">
! 329: <xs:attribute name="source" type="cve:solsSourceType" use="required">
! 330: </xs:attribute>
! 331: </xs:extension>
! 332: </xs:simpleContent>
! 333: </xs:complexType>
! 334: </xs:element>
! 335: </xs:sequence>
! 336: </xs:complexType>
! 337:
! 338: <xs:complexType name="lossTypeType">
! 339: <xs:sequence>
! 340: <xs:element name="avail" minOccurs="0"/>
! 341: <xs:element name="conf" minOccurs="0"/>
! 342: <xs:element name="int" minOccurs="0"/>
! 343: <xs:element name="sec_prot" minOccurs="0">
! 344: <xs:annotation>
! 345: <xs:documentation> Security Protection tag with one
! 346: attribute for each security protection type.
! 347: Potential security protection types are: "admin"
! 348: => gain administrative access "user" => gain
! 349: user access "other" => other </xs:documentation>
! 350: </xs:annotation>
! 351: <xs:complexType>
! 352: <xs:attribute name="admin" type="cve:trueOnlyAttribute"/>
! 353: <xs:attribute name="user" type="cve:trueOnlyAttribute"/>
! 354: <xs:attribute name="other" type="cve:trueOnlyAttribute"
! 355: />
! 356: </xs:complexType>
! 357: </xs:element>
! 358: </xs:sequence>
! 359: </xs:complexType>
! 360:
! 361: <xs:complexType name="rangeType">
! 362: <xs:sequence>
! 363: <xs:element name="local" minOccurs="0"/>
! 364: <xs:element name="local_network" minOccurs="0"/>
! 365: <xs:element name="network" minOccurs="0"/>
! 366: <xs:element name="user_init" minOccurs="0"/>
! 367: </xs:sequence>
! 368: </xs:complexType>
! 369:
! 370: <xs:complexType name="refType">
! 371: <xs:simpleContent>
! 372: <xs:extension base="xs:string">
! 373: <xs:attribute name="source" type="xs:string" use="required"/>
! 374: <xs:attribute name="url" type="cve:urlType" use="required"/>
! 375: <xs:attribute name="sig" type="cve:trueOnlyAttribute"/>
! 376: <xs:attribute name="adv" type="cve:trueOnlyAttribute"/>
! 377: <xs:attribute name="patch" type="cve:trueOnlyAttribute"/>
! 378: </xs:extension>
! 379: </xs:simpleContent>
! 380: </xs:complexType>
! 381:
! 382: <xs:complexType name="vulnSoftType">
! 383: <xs:sequence>
! 384: <xs:element name="prod" maxOccurs="unbounded">
! 385: <xs:annotation>
! 386: <xs:documentation> Product wrapper tag. Versions of
! 387: this product that are affected by this
! 388: vulnerability are listed within this tag.
! 389: Attributes: "name" => Product name "vendor" =>
! 390: Vendor of this product </xs:documentation>
! 391: </xs:annotation>
! 392: <xs:complexType>
! 393: <xs:sequence>
! 394: <xs:element name="vers" maxOccurs="unbounded">
! 395: <xs:annotation>
! 396: <xs:documentation> Represents a version
! 397: of this product that is affected by
! 398: this vulnerability. Attributes:
! 399: "num" => This version number "prev"
! 400: => Indicates that versions previous
! 401: to this version number are also
! 402: affected by this vulnerability
! 403: "edition" => Indicates the edition
! 404: associated with the version number
! 405: </xs:documentation>
! 406: </xs:annotation>
! 407: <xs:complexType>
! 408: <xs:attribute name="num"
! 409: type="xs:string" use="required"/>
! 410: <xs:attribute name="prev"
! 411: type="cve:trueOnlyAttribute"/>
! 412: <xs:attribute name="edition"
! 413: type="xs:string"/>
! 414: </xs:complexType>
! 415: </xs:element>
! 416: </xs:sequence>
! 417: <xs:attribute name="name" type="xs:string"
! 418: use="required"/>
! 419: <xs:attribute name="vendor" type="xs:string"
! 420: use="required"/>
! 421: </xs:complexType>
! 422: </xs:element>
! 423: </xs:sequence>
! 424: </xs:complexType>
! 425:
! 426: <!-- ******************************************************************* -->
! 427: <!-- * Simple Types * -->
! 428: <!-- ******************************************************************* -->
! 429: <xs:simpleType name="descriptSourceType">
! 430: <xs:restriction base="xs:NMTOKEN">
! 431: <xs:enumeration value="cve"/>
! 432: <xs:enumeration value="nvd"/>
! 433: </xs:restriction>
! 434: </xs:simpleType>
! 435:
! 436: <xs:simpleType name="impactSourceType">
! 437: <xs:restriction base="xs:NMTOKEN">
! 438: <xs:enumeration value="nvd"/>
! 439: </xs:restriction>
! 440: </xs:simpleType>
! 441:
! 442: <xs:simpleType name="solsSourceType">
! 443: <xs:restriction base="xs:NMTOKEN">
! 444: <xs:enumeration value="nvd"/>
! 445: </xs:restriction>
! 446: </xs:simpleType>
! 447:
! 448: <xs:simpleType name="dateType">
! 449: <xs:annotation>
! 450: <xs:documentation> Defines date format for NVD. Dates follow the mask "yyyy-mm-dd"
! 451: </xs:documentation>
! 452: </xs:annotation>
! 453: <xs:restriction base="xs:string">
! 454: <xs:pattern
! 455: value="(19|20)\d\d-((01|03|05|07|08|10|12)-(0[1-9]|[1-2]\d|3[01])|(04|06|09|11)-(0[1-9]|[1-2]\d|30)|02-(0[1-9]|1\d|2\d))"
! 456: />
! 457: </xs:restriction>
! 458: </xs:simpleType>
! 459: <xs:simpleType name="urlType">
! 460: <xs:annotation>
! 461: <xs:documentation> Restricts urls in NVD beyond the xs:anyURI restrictions.
! 462: </xs:documentation>
! 463: </xs:annotation>
! 464: <xs:restriction base="xs:anyURI">
! 465: <xs:whiteSpace value="collapse"/>
! 466: <xs:pattern value="(news|(ht|f)tp(s)?)://.+"/>
! 467: </xs:restriction>
! 468: </xs:simpleType>
! 469: <xs:simpleType name="trueOnlyAttribute">
! 470: <xs:annotation>
! 471: <xs:documentation> simpleType used for attributes that are only present when they are
! 472: true. Such attributes appear only in the form attribute_name="1".
! 473: </xs:documentation>
! 474: </xs:annotation>
! 475: <xs:restriction base="xs:NMTOKEN">
! 476: <xs:enumeration value="1"/>
! 477: </xs:restriction>
! 478: </xs:simpleType>
! 479: <xs:simpleType name="zeroToTen">
! 480: <xs:annotation>
! 481: <xs:documentation> simpleType used when scoring on a scale of 0-10, inclusive
! 482: </xs:documentation>
! 483: </xs:annotation>
! 484: <xs:restriction base="xs:decimal">
! 485: <xs:minInclusive value="0" fixed="true"/>
! 486: <xs:maxInclusive value="10" fixed="true"/>
! 487: </xs:restriction>
! 488: </xs:simpleType>
! 489: <xs:simpleType name="CVSSVector">
! 490: <xs:annotation>
! 491: <xs:documentation>simpleType to describe the CVSS Base Vector </xs:documentation>
! 492: </xs:annotation>
! 493: <xs:restriction base="xs:string">
! 494: <xs:pattern
! 495: value="\(AV:[LAN]/AC:[HML]/Au:[NSM]/C:[NPC]/I:[NPC]/A:[NPC]\)"/>
! 496: </xs:restriction>
! 497: </xs:simpleType>
! 498: </xs:schema>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to nvdcve_0.xsd CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libxml2 / test / schemas