396 lines
13 KiB
XML
396 lines
13 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning" vc:minVersion="1.0" vc:maxVersion="1.1">
|
|
<xs:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd" />
|
|
<xs:import namespace="http://www.w3.org/2001/XInclude" schemaLocation="http://www.w3.org/2001/XInclude/XInclude.xsd"/>
|
|
<xs:include schemaLocation="common.xsd"/>
|
|
|
|
<xs:element name="pentest_report">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="meta"/>
|
|
<xs:element ref="generate_index"/>
|
|
<xs:choice maxOccurs="unbounded">
|
|
<xs:element ref="section"/>
|
|
</xs:choice>
|
|
<xs:element maxOccurs="unbounded" ref="appendix"/>
|
|
</xs:sequence>
|
|
<xs:attribute name="findingCode" use="required" type="xs:NCName"/>
|
|
<xs:attribute name="findingNumberingBase" use="optional" default="Report">
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:string">
|
|
<xs:enumeration value="Report"/>
|
|
<xs:enumeration value="Section"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:attribute>
|
|
<xs:attribute ref="xml:lang"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="meta">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="title"/>
|
|
<xs:element ref="targets"/>
|
|
<xs:element ref="activityinfo" minOccurs="0"/>
|
|
<xs:element ref="permission_parties"/>
|
|
<xs:element ref="collaborators"/>
|
|
<xs:element ref="classification"/>
|
|
<xs:element ref="version_history"/>
|
|
<xs:element ref="company"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="activityinfo">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="duration" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element ref="persondays" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element ref="planning" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element ref="report_due" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element ref="nature" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element ref="type" minOccurs="1" maxOccurs="1"/>
|
|
<xs:element minOccurs="0" maxOccurs="1" ref="target_application"/>
|
|
<xs:element minOccurs="0" maxOccurs="1" ref="target_application_producer"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="collaborators">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="reviewers"/>
|
|
<xs:element ref="approver"/>
|
|
<xs:element ref="pentesters"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="reviewers">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="reviewer"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="reviewer" type="xs:string"/>
|
|
|
|
<xs:element name="approver">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="name"/>
|
|
<xs:element ref="bio"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="pentesters">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element maxOccurs="unbounded" ref="pentester"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="pentester">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="name"/>
|
|
<xs:element ref="bio"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="bio" type="xs:string"/>
|
|
<xs:element name="classification" type="xs:NCName"/>
|
|
|
|
<xs:element name="appendix">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="title"/>
|
|
<xs:choice maxOccurs="unbounded">
|
|
<xs:element ref="generate_testteam"/>
|
|
<xs:element name="p" type="block"/>
|
|
<xs:element ref="pre"/>
|
|
<xs:element ref="table"/>
|
|
<xs:element ref="ol"/>
|
|
<xs:element ref="ul"/>
|
|
<xs:element ref="img"/>
|
|
<xs:element ref="div"/>
|
|
<xs:element ref="section"/>
|
|
</xs:choice>
|
|
</xs:sequence>
|
|
<xs:attribute name="id" use="required" type="xs:ID"/>
|
|
<xs:attribute ref="visibility" use="optional"/>
|
|
<xs:attribute ref="xml:lang"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:complexType name="block" mixed="true">
|
|
<xs:choice maxOccurs="unbounded">
|
|
<xs:group ref="inline-all"/>
|
|
<xs:group ref="placeholders"/>
|
|
</xs:choice>
|
|
<xs:attribute ref="xml:base"/>
|
|
</xs:complexType>
|
|
|
|
<xs:element name="generate_testteam">
|
|
<xs:complexType/>
|
|
</xs:element>
|
|
|
|
<xs:element name="section">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="title"/>
|
|
<xs:choice minOccurs="0" maxOccurs="unbounded">
|
|
<xs:element ref="pre"/>
|
|
<xs:element name="p" type="block"/>
|
|
<xs:element ref="section"/>
|
|
<xs:element ref="table"/>
|
|
<xs:element ref="ul"/>
|
|
<xs:element ref="ol"/>
|
|
<xs:element ref="img"/>
|
|
<xs:element ref="div"/>
|
|
<xs:element ref="generate_targets"/>
|
|
<xs:element ref="generate_piechart"/>
|
|
<xs:element ref="generate_recommendations"/>
|
|
<xs:element minOccurs="0" maxOccurs="unbounded" ref="generate_findings"/>
|
|
<xs:element minOccurs="0" maxOccurs="unbounded" ref="finding"/>
|
|
<xs:element minOccurs="0" maxOccurs="unbounded" ref="non-finding"/>
|
|
</xs:choice>
|
|
</xs:sequence>
|
|
<xs:attribute name="id" use="required" type="xs:ID"/>
|
|
<xs:attribute ref="break" use="optional"/>
|
|
<xs:attribute ref="visibility" use="optional"/>
|
|
<xs:attribute ref="inexecsummary" use="optional"/>
|
|
<xs:attribute ref="xml:base"/>
|
|
<xs:attribute ref="xml:lang"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="generate_piechart">
|
|
<xs:complexType>
|
|
<xs:attribute ref="pieAttr" use="required"/>
|
|
<xs:attribute ref="pieElem" use="required"/>
|
|
<xs:attribute ref="pieHeight" use="required"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:attribute name="pieAttr" type="xs:string"/>
|
|
<xs:attribute name="pieElem" type="xs:string"/>
|
|
<xs:attribute name="pieHeight" type="xs:integer"/>
|
|
|
|
<xs:attribute name="inexecsummary">
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:string">
|
|
<xs:enumeration value="yes"/>
|
|
<xs:enumeration value="no"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:attribute>
|
|
|
|
<xs:attribute name="threatLevel" default="N/A">
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:string">
|
|
<xs:enumeration value="N/A"/>
|
|
<xs:enumeration value="Unknown"/>
|
|
<xs:enumeration value="Low"/>
|
|
<xs:enumeration value="Moderate"/>
|
|
<xs:enumeration value="Elevated"/>
|
|
<xs:enumeration value="High"/>
|
|
<xs:enumeration value="Extreme"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:attribute>
|
|
|
|
<xs:element name="non-finding">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="title"/>
|
|
<xs:choice minOccurs="0" maxOccurs="unbounded">
|
|
<xs:element ref="pre"/>
|
|
<xs:element name="p" type="block"/>
|
|
<xs:element ref="table"/>
|
|
<xs:element ref="ul"/>
|
|
<xs:element ref="ol"/>
|
|
<xs:element ref="img"/>
|
|
<xs:element ref="section"/>
|
|
</xs:choice>
|
|
</xs:sequence>
|
|
<xs:attribute name="id" use="required" type="xs:ID"/>
|
|
<xs:attribute ref="break" use="optional"/>
|
|
<xs:attribute ref="xml:base"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
|
|
<xs:element name="generate_recommendations">
|
|
<xs:complexType>
|
|
<xs:attribute name="Ref" use="optional" type="xs:IDREF"/>
|
|
<xs:attribute name="status" use="optional">
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:string">
|
|
<xs:enumeration value="new"/>
|
|
<xs:enumeration value="resolved"/>
|
|
<xs:enumeration value="unresolved"/>
|
|
<xs:enumeration value="not_retested"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="generate_findings">
|
|
<xs:complexType>
|
|
<xs:attribute name="Ref" use="optional" type="xs:IDREF"/>
|
|
<xs:attribute name="status" use="optional">
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:string">
|
|
<xs:enumeration value="new"/>
|
|
<xs:enumeration value="resolved"/>
|
|
<xs:enumeration value="unresolved"/>
|
|
<xs:enumeration value="not_retested"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:attribute>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="finding">
|
|
<xs:complexType>
|
|
<xs:sequence>
|
|
<xs:element ref="title"/>
|
|
<xs:choice minOccurs="0">
|
|
<xs:element name="p"/>
|
|
</xs:choice>
|
|
<xs:element ref="description"/>
|
|
<xs:choice minOccurs="0" maxOccurs="1">
|
|
<xs:element ref="description_summary"/>
|
|
</xs:choice>
|
|
<xs:element ref="technicaldescription"/>
|
|
<xs:element ref="impact"/>
|
|
<xs:element ref="recommendation"/>
|
|
<xs:choice minOccurs="0" maxOccurs="1">
|
|
<xs:element ref="recommendation_summary"/>
|
|
</xs:choice>
|
|
</xs:sequence>
|
|
<xs:attribute name="id" use="required" type="xs:ID"/>
|
|
<xs:attribute ref="threatLevel" use="optional" default="N/A"/>
|
|
<xs:attribute name="status" use="optional">
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:string">
|
|
<xs:enumeration value="new"/>
|
|
<xs:enumeration value="resolved"/>
|
|
<xs:enumeration value="unresolved"/>
|
|
<xs:enumeration value="not_retested"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:attribute>
|
|
<xs:attribute name="type" use="required"/>
|
|
<xs:attribute name="break" use="optional">
|
|
<xs:simpleType>
|
|
<xs:restriction base="xs:string">
|
|
<xs:enumeration value="before"/>
|
|
<xs:enumeration value="after"/>
|
|
</xs:restriction>
|
|
</xs:simpleType>
|
|
</xs:attribute>
|
|
<xs:attribute ref="xml:base"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="description">
|
|
<xs:complexType mixed="true">
|
|
<xs:choice maxOccurs="unbounded" minOccurs="0">
|
|
<xs:element name="p" type="block"/>
|
|
<xs:element name="ol"/>
|
|
<xs:element name="ul"/>
|
|
<xs:element name="img"/>
|
|
<xs:element name="table"/>
|
|
<xs:element ref="pre"/>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="description_summary">
|
|
<xs:complexType mixed="true">
|
|
<xs:sequence maxOccurs="unbounded" minOccurs="0">
|
|
<xs:element name="p" type="block"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="technicaldescription">
|
|
<xs:complexType mixed="true">
|
|
<xs:choice maxOccurs="unbounded" minOccurs="0">
|
|
<xs:element name="p" type="block"/>
|
|
<xs:element name="ol"/>
|
|
<xs:element name="ul"/>
|
|
<xs:element name="img"/>
|
|
<xs:element name="table"/>
|
|
<xs:element ref="pre"/>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<xs:element name="impact">
|
|
<xs:complexType mixed="true">
|
|
<xs:choice maxOccurs="unbounded" minOccurs="0">
|
|
<xs:element name="p" type="block"/>
|
|
<xs:element name="ol"/>
|
|
<xs:element name="ul"/>
|
|
<xs:element name="img"/>
|
|
<xs:element name="table"/>
|
|
<xs:element ref="pre"/>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="recommendation">
|
|
<xs:complexType mixed="true">
|
|
<xs:choice maxOccurs="unbounded" minOccurs="0">
|
|
<xs:element name="p" type="block"/>
|
|
<xs:element name="ol"/>
|
|
<xs:element name="ul"/>
|
|
<xs:element name="img"/>
|
|
<xs:element name="table"/>
|
|
<xs:element ref="pre"/>
|
|
</xs:choice>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
<xs:element name="recommendation_summary">
|
|
<xs:complexType mixed="true">
|
|
<xs:sequence maxOccurs="unbounded" minOccurs="0">
|
|
<xs:element name="p" type="block"/>
|
|
</xs:sequence>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
|
|
<!-- Placeholders -->
|
|
<xs:group name="placeholders">
|
|
<xs:choice>
|
|
<xs:element name="client_long"/>
|
|
<xs:element name="client_short"/>
|
|
<xs:element name="client_street"/>
|
|
<xs:element name="client_city"/>
|
|
<xs:element name="client_postal_code"/>
|
|
<xs:element name="client_country"/>
|
|
<xs:element name="company_long"/>
|
|
<xs:element name="company_short"/>
|
|
<xs:element name="company_svc_long"/>
|
|
<xs:element name="t_app"/>
|
|
<xs:element name="t_app_producer"/>
|
|
<xs:element name="p_duration"/>
|
|
<xs:element name="p_boxtype"/>
|
|
<xs:element name="p_testingduration"/>
|
|
<xs:element name="p_reportwritingduration"/>
|
|
<xs:element name="p_reportdue"/>
|
|
<xs:element name="finding_count">
|
|
<xs:complexType>
|
|
<xs:attribute ref="threatLevel" use="optional"/>
|
|
</xs:complexType>
|
|
</xs:element>
|
|
</xs:choice>
|
|
|
|
</xs:group>
|
|
|
|
</xs:schema>
|