我正在实施 SCAP,我需要将供应商资产类型添加到 ARF 报告中。 ARF 架构位于此处 https://scap.nist.gov/schema/asset-reporting-format/1.1/asset-reporting-format_1.1.0.xsd(与 arf 前缀一起使用) 资产标识 xsd 位于此处 https://scap.nist.gov/schema/asset-identification/1.1/asset-identification_1.1.0.xsd(与 ai 前缀一起使用)
所以我未能实现的是在 ARF 报告中添加一些供应商 ai:asset-type 实现,但仍验证 ARF 模式。我编写了一个供应商命名空间,该命名空间仅定义一个扩展 ai:asset-type 并具有替换组=“ai:asset”属性的元素,但在根据 ARF 模式验证使用此供应商元素的报告时,验证工具返回该 arf:asset只允许资产标识 NS 中定义的子项。不过,人工智能模式应该允许扩展。有什么想法吗?
编辑:
以下是我尝试添加自定义供应商元素 my-asset 的方法:
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
xmlns:my-ns="http://mydomain/schema/scap/asset-identification/1.0"
targetNamespace="http://mydomain/schema/scap/asset-identification/1.0" elementFormDefault="qualified"
attributeFormDefault="unqualified" version="1.1.1" xmlns:cpe-name="http://cpe.mitre.org/naming/2.0">
<xs:import namespace="http://scap.nist.gov/schema/asset-identification/1.1" schemaLocation="https://scap.nist.gov/schema/asset-identification/1.1/asset-identification_1.1.0.xsd"/>
<xs:element name="my-asset" type="my-ns:my-asset-type" substitutionGroup="ai:asset" />
<xs:complexType name="my-asset-type">
<xs:complexContent>
<xs:extension base="ai:asset-type">
<xs:sequence>
<xs:element ref="ai:cpe" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="id" type="xs:string" />
<xs:anyAttribute namespace="##other"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
</xs:schema>
编辑2:
我尝试根据 ARF 模式验证的实例:
<?xml version="1.0" encoding="UTF-8"?>
<arf:asset-report-collection xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
xmlns:core="http://scap.nist.gov/schema/reporting-core/1.1"
xmlns:my-ns="http://mydomain/schema/scap/asset-identification/1.0"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://mydomain/schema/scap/asset-identification/1.0
http://mydomain/schema/scap/asset-identification/1.0/asset-identification_1.0.a.xsd
http://scap.nist.gov/schema/asset-reporting-format/1.1
https://scap.nist.gov/schema/asset-reporting-format/1.1/asset-reporting-format_1.1.0.xsd
">
<core:relationships xmlns:arfvocab="http://scap.nist.gov/specifications/arf/vocabulary/relationships/1.0#"
xmlns:aivocab="https://scap.nist.gov/specifications/ai/vocabulary/relationships/1.0/#"
xmlns:myvocab="https://mydomain/riskmanager/relationships/#">
<core:relationship type="myvocab:supports" subject="asset_id_generated_by_app_2">
<core:ref>asset_id_generated_by_app_3</core:ref>
</core:relationship>
<core:relationship type="aivocab:installedOnDevice" subject="asset_2">
<core:ref>asset_1</core:ref>
</core:relationship>
</core:relationships>
<arf:assets>
<arf:asset id="asset_id_generated_by_app_1">
<my-ns:my-asset id="uniq_vendor_id_1">
<ai:cpe>cpe:/a:linux:debian:7.0</ai:cpe>
<ai:cpe>cpe:/a:apache:http_server:2.2</ai:cpe>
</my-ns:my-asset>
</arf:asset>
<arf:asset id="asset_id_generated_by_app_2">
<my-ns:my-asset id="uniq_vendor_id_2">
<ai:cpe>cpe:/a:linux:debian:7.0</ai:cpe>
</my-ns:my-asset>
</arf:asset>
<arf:asset id="asset_id_generated_by_app_3">
<my-ns:my-asset id="uniq_vendor_id_3">
<ai:cpe>cpe:/a:apache:http_server:2.2</ai:cpe>
</my-ns:m-asset>
</arf:asset>
<arf:asset id="asset_1">
<ai:computing-device>
<ai:connections>
<ai:connection>
<ai:ip-address>
<ai:ip-v4>192.168.2.10</ai:ip-v4>
</ai:ip-address>
</ai:connection>
</ai:connections>
<ai:fqdn>comp1234.tempuri.org</ai:fqdn>
</ai:computing-device>
</arf:asset>
<arf:asset id="asset_2">
<ai:software>
<ai:cpe>cpe:/a:apache:http_server:2.2</ai:cpe>
</ai:software>
</arf:asset>
</arf:assets>
<arf:reports>
<arf:report id="report_1">
<arf:content>
<report xmlns="http://mydomain/riskmanager/report" />
</arf:content>
</arf:report>
</arf:reports>
</arf:asset-report-collection>
实例可能有问题。该架构看起来不错。以下内容针对我这边的 my-ns 模式进行了成功验证。也许这有帮助?
<?xml version="1.0" encoding="UTF-8"?>
<arf:asset-report-collection
xmlns:arf="http://scap.nist.gov/schema/asset-reporting-format/1.1"
xmlns:my-ns="http://mydomain/schema/scap/asset-identification/1.0"
xmlns:ai="http://scap.nist.gov/schema/asset-identification/1.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://mydomain/schema/scap/asset-identification/1.0 test.xsd http://scap.nist.gov/schema/asset-reporting-format/1.1 asset-reporting-format_1.1.0.xsd.xml">
<arf:assets>
<arf:asset id="a">
<my-ns:my-asset>
<ai:cpe>cpe:/</ai:cpe>
</my-ns:my-asset>
</arf:asset>
</arf:assets>
<arf:reports>
<arf:report id="foo">
<arf:content><my-ns:foo/></arf:content>
</arf:report>
</arf:reports>
</arf:asset-report-collection>