schemas.v1.2.0.cybox.external.cpe_2.3.cpe-language_2.3.xsd Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of stix Show documentation
Show all versions of stix Show documentation
The Java bindings for STIX v.1.2.0.2
This XML Schema defines the CPE Applicability Language. An individual CPE Name
addresses a single part of an actual system. To identify more complex platform types, there needs to be a
way to combine different CPE Names using logical operators. For example, there may be a need to identify a
platform with a particular operating system AND a certain application. The CPE Applicability Language exists
to satisfy this need, enabling the CPE Name for the operating system to be combined with the CPE Name for
the application. For more information, consult the CPE Applicability Language Specification document.
CPE Applicability Language
Neal Ziring, Andrew Buttner, David Waltermire
2.3
2011-07-29
This element is the root element of a CPE Applicability Language XML
document and therefore acts as a container for child platform definitions.
All logical-test elements must contain one or more child logical-test, fact-ref, and/or
check-fact-ref elements.
The description or qualifications of a particular IT platform type. The
platform is defined by the logical-test child element.
A human-readable title for a platform. To support uses intended for
multiple languages, the title element supports the ‘xml:lang’ attribute. At most one title
element can appear for each language.
An additional description. To support uses intended for multiple
languages, the remark element supports the ‘xml:lang’ attribute. There can be multiple remarks
for a single language.
Definition of test using logical operators (AND, OR,
negate).
A locally unique name for the platform. There is no defined
format for this id; however, it must be unique within the containing CPE Applicability
Language document.
The logical-test element appears as a child of a platform element, and may
also be nested to create more complex logical tests. The content consists of one or more elements:
fact-ref, check-fact-ref, and logical-test children are permitted. The operator to be applied, and
optional negation of the test, are given as attributes.
Definition of complex logical test using AND, OR, and/or negate
operators. Evaluates to a TRUE, FALSE, or ERROR result.
A reference to a bound form of a WFN; the reference always
evaluates to a boolean result. The bound name contained within a fact-ref is meant to describe a
possible set of products and is not meant to identify a unique product
class.
A reference to a check that always evaluates to TRUE, FALSE, or
ERROR. Examples of types of checks are OVAL and OCIL checks.
The operator applied to the results of evaluating the fact-ref,
check-fact-ref, and logical-test elements. The permitted operators are "AND" and
"OR".
Whether the result of applying the operator should be negated. Possible
values are "TRUE" and "FALSE". This does not apply if the initial result is
ERROR.
A reference to a CPE Name that always evaluates to a Boolean
result.
A reference to a check that always evaluates to a TRUE, FALSE, or ERROR
result.
The CheckFactRefType complex type is used to define an element for holding
information about an individual check. It includes a checking system specification URI, string content
identifying the check content to invoke, and an external reference. The checking system specification
should be the URI that uniquely identifies a revision of a check system language, and the id-ref will be
an identifier of a test written in that language. The external reference should be used to point to the
content in which the check identifier is defined.
The OperatorEnumeration simple type defines acceptable operators. Each
operator defines how to evaluate multiple arguments.
This type allows the xml:lang attribute to associate a specific language
with an element's string content.