search

CybOXProject / schemas

CybOX Schemas and Schema Development
42 stars 17 forks source link

Review minOccurs for required elements #174

Closed bworrell closed 10 years ago

bworrell commented 10 years ago

Several elements in the CybOX schema have minOccurs="1".

bworrell commented 10 years ago

Here are all the elements that either have no minOccurs attribute (defaulting to "1") or have explicitly set minOccurs="1".

Many of these are root level elements or required by design. This list does not intend to imply that all these elements have an incorrect minOccurs attribute value and is only meant to serve as a report of all required elements.

The format of the list is:

[schema name]
    [element name] : [line number]
cybox_common.xsd
    Contributor : 192
    Tool : 236
    Reference : 334
    Configuration_Settings : 392
    Configuration_Setting : 424
    Item_Name : 436
    Item_Value : 441
    Dependency : 463
    Dependency_Description : 480
    Usage_Context_Assumption : 492
    Internal_Strings : 504
    Key : 516
    Content : 521
    Build_Utility_Name : 595
    Build_Utility_Platform_Specification : 600
    Compiler : 612
    Compiler_Name : 641
    Configuration_Settings : 663
    Error : 729
    Error_Type : 741
    Error_Instance : 763
    Property : 793
    String : 1589
    Import : 1650
    Function : 1662
    Code_Snippet : 1674
    Byte_Run : 1687
    Hash : 1737
    Segment : 1821
    Reference : 1901
    Environment_Variable : 2143
    Name : 2155

cybox_core.xsd
    Observables : 14
    None : 33
    Observable : 56
    Event : 148
    Event : 192
    Action : 236
    None : 250
    Action_Alias : 409
    Action_Argument : 421
    Associated_Object : 453
    Property : 489
    Relationship : 516
    Action_Reference : 535
    Object : 553
    Related_Object : 631
    New_Object : 730
    Data : 746
    Data : 762
    Data : 778
    Data : 794
    Properties : 831
    Property : 845
    Values : 859
    Value : 873
    Control_Code : 887
    Property : 897
    Event : 974
    Action : 986
    Object : 998
    Property : 1010
    Obfuscation_Technique : 1045
    Description : 1057
    Keyword : 1093

cpe2.3.xsd
    None : 31

Account_Object.xsd
    Account : 14

Address_Object.xsd
    Address : 14

API_Object.xsd
    API : 14

Artifact_Object.xsd
    Artifact : 14

Code_Object.xsd
    Code_Object : 14
    Targeted_Platform : 410

Custom_Object.xsd
    Custom : 16

Device_Object.xsd
    Device : 14

Disk_Object.xsd
    Disk : 15
    Partition : 61

Disk_Partition_Object.xsd
    Disk_Partition : 14
    Partition_ID : 41

DNS_Cache_Object.xsd
    DNS_Cache : 15
    DNS_Cache_Entry : 27
    DNS_Entry : 41

DNS_Query_Object.xsd
    DNS_Query : 16
    QName : 72
    Resource_Record : 94

DNS_Record_Object.xsd
    DNS_Record : 16

Email_Message_Object.xsd
    Email_Message : 15
    File : 66
    Recipient : 185
    Link : 197
    Received : 251

File_Object.xsd
    File : 14
    Packer : 174
    Depth : 245
    Entry_Point_Signature : 298
    Sym_Link : 357

GUI_Dialogbox_Object.xsd
    GUI_Dialogbox : 15

GUI_Object.xsd
    GUI_Object : 14

GUI_Window_Object.xsd
    GUI_Window : 15

HTTP_Session_Object.xsd
    HTTP_Session : 17
    HTTP_Request_Response : 29
    Message_Body : 549
    Domain_Name : 583

Library_Object.xsd
    Library : 14

Link_Object.xsd
    Link : 15

Linux_Package_Object.xsd
    Linux_Package : 14
    Name : 51

Memory_Object.xsd
    Memory_Region : 14

Mutex_Object.xsd
    Mutex : 14

Network_Connection_Object.xsd
    Network_Connection : 17

Network_Flow_Object.xsd
    Network_Flow_Object : 17
    Flow_Record : 951

Network_Packet_Object.xsd
    Network_Packet : 16
    Error_Msg : 1884
    Info_Msg : 1889
    Traceroute : 1894
    Destination_Unreachable : 1930
    Source_Quench : 1935
    Redirect_Message : 1940
    Time_Exceeded : 1945
    Echo_Reply : 1981
    Echo_Request : 1986
    Timestamp_Request : 1991
    Timestamp_Reply : 1996
    Address_Mask_Request : 2001
    Address_Mask_Reply : 2006
    Outbound_Packet_Forward_Success : 2042
    Outbound_Packet_no_Route : 2047
    Error_Msg : 2091
    Info_Msg : 2096
    Echo_Reply : 2207
    Network_Redirect : 2342
    Host_Redirect : 2347
    ToS_Network_Redirect : 2352
    ToS_Host_Redirect : 2357
    Echo_Request : 2376
    TTL_Exceeded_In_Transit : 2394
    Frag_Reassembly_Time_Exceeded : 2399
    Timestamp : 2412
    Timestamp_Reply : 2431
    Address_Mask_Request : 2460
    Address_Mask_Reply : 2479
    IPv6_Addr : 2642
    IP_Addr_Prefix : 2647
    Octet : 2858

Network_Route_Entry_Object.xsd
    Network_Route_Entry : 15

Network_Route_Object.xsd
    Network_Route_Object : 15

Network_Socket_Object.xsd
    Network_Socket : 15

Network_Subnet_Object.xsd
    Network_Subnet : 16
    Route : 57

PDF_File_Object.xsd
    PDF_File : 21
    Cross_Reference_Table : 67
    Subsection : 101
    Trailer : 135
    ID_String : 199
    Indirect_Object : 211
    Cross_Reference_Entry : 368
    Byte_Offset : 381
    Object_Number : 386
    Object_Reference : 409
    Raw_Contents : 414

Pipe_Object.xsd
    Pipe : 14

Port_Object.xsd
    Port : 14

Process_Object.xsd
    Process : 16
    Network_Connection : 122
    Child_PID : 166
    Argument : 178
    Port : 190

Product_Object.xsd
    Product : 14
    Product : 36
    Vendor : 46

Semaphore_Object.xsd
    Semaphore : 14

Socket_Address_Object.xsd
    Socket_Address : 16

System_Object.xsd
    System : 15
    Network_Interface : 143
    IP_Gateway_Address : 155
    IP_Info : 214
    IP_Address : 226
    DHCP_Server_Address : 243

Unix_File_Object.xsd
    Unix_File : 15

Unix_Network_Route_Entry_Object.xsd
    Unix_Network_Route_Entry : 15

Unix_Pipe_Object.xsd
    Unix_Pipe : 15

Unix_Process_Object.xsd
    Unix_Process : 15
    File_Descriptor : 77

Unix_User_Account_Object.xsd
    Unix_User_Account : 15
    Group_ID : 53
    Permissions_Mask : 69

Unix_Volume_Object.xsd
    Unix_Volume : 15

URI_Object.xsd
    URI : 14

User_Account_Object.xsd
    User_Account : 15
    Privilege : 86
    Group : 103

User_Session_Object.xsd
    User_Session : 14

Volume_Object.xsd
    Volume : 14
    File_System_Flag : 95

Whois_Object.xsd
    Whois_Entry : 16

Win_Computer_Account_Object.xsd
    Windows_Computer_Account : 16
    Delegation : 79
    Bitmask : 96
    Service : 101

Win_Critical_Section_Object.xsd
    Windows_Critical_Section : 14

Win_Driver_Object.xsd
    Windows_Driver : 14
    Device_Object_Struct : 262

Win_Event_Log_Object.xsd
    Windows_Event_Log : 14
    Unformatted_Message : 130

Win_Event_Object.xsd
    Windows_Event : 15

Win_Executable_File_Object.xsd
    Windows_Executable_File : 15
    Resource : 20
    VersionInfoResource : 25
    Exported_Function : 145
    Section : 157
    Imported_Function : 223
    None : 355
    Import : 399

Win_File_Object.xsd
    Windows_File : 15
    Size_In_Bytes : 78
    Stream : 92
    Attribute : 106

Win_Handle_Object.xsd
    Windows_Handle : 14
    Handle : 65

Win_Kernel_Hook_Object.xsd
    Windows_Kernel_Hook : 14

Win_Kernel_Object.xsd
    Windows_Kernel : 14
    SSDT_Entry : 45
    IDT_Entry : 89

Win_Mailslot_Object.xsd
    Windows_Mailslot : 15

Win_Memory_Page_Region_Object.xsd
    Windows_Memory_Page_Region : 15

Win_Mutex_Object.xsd
    Windows_Mutex : 16

Win_Network_Route_Entry_Object.xsd
    Windows_Network_Route_Entry : 16

Win_Network_Share_Object.xsd
    Windows_Network_Share : 14
    Netname : 41

Win_Pipe_Object.xsd
    Windows_Pipe : 17

Win_Prefetch_Object.xsd
    Windows_Prefetch_Entry : 16
    Accessed_Filename : 77
    Accessed_Directory : 89
    VolumeItem : 101
    DeviceItem : 106

Win_Process_Object.xsd
    Windows_Process : 17
    Memory_Section : 83

Win_Registry_Key_Object.xsd
    Windows_Registry_Key : 15
    Value : 271
    Subkey : 283

Win_Semaphore_Object.xsd
    Win_Semaphore : 16

Win_Service_Object.xsd
    Windows_Service : 15
    Description : 116

Win_System_Object.xsd
    Windows_System : 16
    Global_Flag : 92

Win_System_Restore_Object.xsd
    Windows_System_Restore_Entry : 14
    Hive : 127

Win_Task_Object.xsd
    Windows_Task : 15
    Trigger : 136
    Action : 195

Win_Thread_Object.xsd
    Windows_Thread : 15

Win_User_Account_Object.xsd
    Windows_User_Account : 15
    Name : 48
    User_Right : 64

Win_Volume_Object.xsd
    Windows_Volume : 15
    Attribute : 51

Win_Waitable_Timer_Object.xsd
    Windows_Waitable_Timer : 15

X509_Certificate_Object.xsd
    X509_Certificate : 15
ikiril01 commented 10 years ago

As far as Objects, I'd say the following should probably be changed to minOccurs=0 since they're not the root schema elements, the only members of a list (sometimes non-list) type, or strictly required by design (AFAIK):

Disk_Partition_Object.xsd
    Partition_ID : 41

DNS_Cache_Object.xsd
    DNS_Entry : 41

DNS_Query_Object.xsd
    QName : 72

File_Object.xsd
    Depth : 245

HTTP_Session_Object.xsd
    Message_Body : 549
    Domain_Name : 583

Linux_Package_Object.xsd
    Name : 51

Product_Object.xsd
    Product : 36
    Vendor : 46

System_Object.xsd
    IP_Address : 226

Win_Computer_Account_Object.xsd
    Delegation : 79
    Bitmask : 96
    Service : 101

Win_File_Object.xsd
    Size_In_Bytes : 78

Win_Network_Share_Object.xsd
    Netname : 41

Win_Prefetch_Object.xsd
    VolumeItem : 101
    DeviceItem : 106

Also, we have a separate open issue for the Product Object - #147. However, I think it probably makes sense to close that one and consolidate all "minOccurs=1" issues here.

bworrell commented 10 years ago

Thanks for investigating this, @ikiril01! I agree that we should just close out #147 as this covers it.

ikiril01 commented 10 years ago

The Objects should be taken care of, but CybOX Common and Core still need to be reviewed for this issue to be fully closed.