如何从另一个 NS 扩展抽象 xsd 元素

问题描述 投票:0回答:1

我正在实施 SCAP,我需要将供应商资产类型添加到 ARF 报告中。 ARF 架构位于此处 https://scap.nist.gov/schema/asset-reporting-format/1.1/asset-reporting-format_1.1.0.xsd(与 arf 前缀一起使用) 资产标识 xsd 位于此处 https://scap.nist.gov/schema/asset-identification/1.1/asset-identification_1.1.0.xsd(与 ai 前缀一起使用)

所以我未能实现的是在 ARF 报告中添加一些供应商 ai:asset-type 实现,但仍验证 ARF 模式。我编写了一个供应商命名空间,该命名空间仅定义一个扩展 ai:asset-type 并具有替换组=“ai:asset”属性的元素,但在根据 ARF 模式验证使用此供应商元素的报告时,验证工具返回该 arf:asset只允许资产标识 NS 中定义的子项。不过,人工智能模式应该允许扩展。有什么想法吗?

编辑:

以下是我尝试添加自定义供应商元素 my-asset 的方法:

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
           xmlns:my-ns="http://mydomain/schema/scap/asset-identification/1.0"
           targetNamespace="http://mydomain/schema/scap/asset-identification/1.0" elementFormDefault="qualified"
           attributeFormDefault="unqualified" version="1.1.1" xmlns:cpe-name="http://cpe.mitre.org/naming/2.0">
    <xs:import namespace="http://scap.nist.gov/schema/asset-identification/1.1" schemaLocation="https://scap.nist.gov/schema/asset-identification/1.1/asset-identification_1.1.0.xsd"/>
    <xs:element name="my-asset" type="my-ns:my-asset-type" substitutionGroup="ai:asset" />
    <xs:complexType name="my-asset-type">
        <xs:complexContent>
            <xs:extension base="ai:asset-type">
                <xs:sequence>
                    <xs:element ref="ai:cpe" maxOccurs="unbounded" />
                </xs:sequence>
                <xs:attribute name="id" type="xs:string" />
                <xs:anyAttribute namespace="##other"/>
            </xs:extension>
        </xs:complexContent>
    </xs:complexType>
</xs:schema>

编辑2:

我尝试根据 ARF 模式验证的实例:

<?xml version="1.0" encoding="UTF-8"?>
<arf:asset-report-collection xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
  xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
  xmlns:core="http://scap.nist.gov/schema/reporting-core/1.1"
  xmlns:my-ns="http://mydomain/schema/scap/asset-identification/1.0"
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="
    http://mydomain/schema/scap/asset-identification/1.0
    http://mydomain/schema/scap/asset-identification/1.0/asset-identification_1.0.a.xsd
    http://scap.nist.gov/schema/asset-reporting-format/1.1
    https://scap.nist.gov/schema/asset-reporting-format/1.1/asset-reporting-format_1.1.0.xsd
  ">
  <core:relationships xmlns:arfvocab="http://scap.nist.gov/specifications/arf/vocabulary/relationships/1.0#"
      xmlns:aivocab="https://scap.nist.gov/specifications/ai/vocabulary/relationships/1.0/#"
      xmlns:myvocab="https://mydomain/riskmanager/relationships/#">
    <core:relationship type="myvocab:supports" subject="asset_id_generated_by_app_2">
      <core:ref>asset_id_generated_by_app_3</core:ref>
    </core:relationship>
    <core:relationship type="aivocab:installedOnDevice" subject="asset_2">
      <core:ref>asset_1</core:ref>
    </core:relationship>
  </core:relationships>
  <arf:assets>
    <arf:asset id="asset_id_generated_by_app_1">
      <my-ns:my-asset id="uniq_vendor_id_1">
        <ai:cpe>cpe:/a:linux:debian:7.0</ai:cpe>
        <ai:cpe>cpe:/a:apache:http_server:2.2</ai:cpe>
      </my-ns:my-asset>
    </arf:asset>
    <arf:asset id="asset_id_generated_by_app_2">
      <my-ns:my-asset id="uniq_vendor_id_2">
        <ai:cpe>cpe:/a:linux:debian:7.0</ai:cpe>
      </my-ns:my-asset>
    </arf:asset>
    <arf:asset id="asset_id_generated_by_app_3">
      <my-ns:my-asset id="uniq_vendor_id_3">
        <ai:cpe>cpe:/a:apache:http_server:2.2</ai:cpe>
      </my-ns:m-asset>
    </arf:asset>
    <arf:asset id="asset_1">
      <ai:computing-device>
        <ai:connections>
          <ai:connection>
            <ai:ip-address>
              <ai:ip-v4>192.168.2.10</ai:ip-v4>
            </ai:ip-address>
          </ai:connection>
        </ai:connections>
        <ai:fqdn>comp1234.tempuri.org</ai:fqdn>
      </ai:computing-device>
    </arf:asset>
    <arf:asset id="asset_2">
      <ai:software>
        <ai:cpe>cpe:/a:apache:http_server:2.2</ai:cpe>
      </ai:software>
    </arf:asset>
  </arf:assets>
  <arf:reports>
    <arf:report id="report_1">
      <arf:content>
        <report xmlns="http://mydomain/riskmanager/report" />
      </arf:content>
    </arf:report>
  </arf:reports>
</arf:asset-report-collection>
xml xsd
1个回答
0
投票

实例可能有问题。该架构看起来不错。以下内容针对我这边的 my-ns 模式进行了成功验证。也许这有帮助?

<?xml version="1.0" encoding="UTF-8"?>
<arf:asset-report-collection
    xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
    xmlns:my-ns="http://mydomain/schema/scap/asset-identification/1.0"
    xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://mydomain/schema/scap/asset-identification/1.0 test.xsd http://scap.nist.gov/schema/asset-reporting-format/1.1 asset-reporting-format_1.1.0.xsd.xml">
    <arf:assets>
        <arf:asset id="a">
            <my-ns:my-asset>
                <ai:cpe>cpe:/</ai:cpe>
            </my-ns:my-asset>
        </arf:asset>
    </arf:assets>
    <arf:reports>
        <arf:report id="foo">
            <arf:content><my-ns:foo/></arf:content>
        </arf:report>
    </arf:reports>
</arf:asset-report-collection>
© www.soinside.com 2019 - 2024. All rights reserved.