<xsd:element name="registry_state" substitutionGroup="oval-def:state">
<xsd:annotation>
<xsd:documentation>The registry_state element defines the different metadata associate with a Windows registry key. This includes the hive, key, name, type, and value. Please refer to the individual elements in the schema for more details about what each represents.</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="oval-def:StateType">
<xsd:sequence>
<xsd:element name="hive" type="win-def:EntityStateRegistryHiveType" minOccurs="0">
<xsd:annotation>
<xsd:documentation>The hive that the registry key belongs to. This is restricted to a specific set of values: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, and HKEY_USERS.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regstehive" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
<sch:rule context="win-def:registry_state/win-def:hive">
<sch:assert test="not(@datatype) or @datatype='string'">
<sch:value-of select="../@id" /> - datatype attribute for the hive entity of a registry_state should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="key" type="oval-def:EntityStateStringType" minOccurs="0">
<xsd:annotation>
<xsd:documentation>This element describes a registry key to be tested. Note that the hive portion of the string should not be inclueded, as this data should be found under the hive element.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regstekey" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
<sch:rule context="win-def:registry_state/win-def:key">
<sch:assert test="not(@datatype) or @datatype='string'">
<sch:value-of select="../@id" /> - datatype attribute for the key entity of a registry_state should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="name" type="oval-def:EntityStateStringType" minOccurs="0">
<xsd:annotation>
<xsd:documentation>This element describes the name of a value of a registry key. If the nillable attribute is set to true, then the name element should not be used in analysis.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regstename" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
<sch:rule context="win-def:registry_state/win-def:name">
<sch:assert test="not(@datatype) or @datatype='string'">
<sch:value-of select="../@id" /> - datatype attribute for the name entity of a registry_state should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="type" type="win-def:EntityStateRegistryTypeType" minOccurs="0">
<xsd:annotation>
<xsd:documentation>The type entity allows a test to be written against the registy type associated with the specified registry key(s). Please refer to the documentation on the EntityStateRegistryTypeType for more information about the different valid individual types.</xsd:documentation>
<xsd:appinfo>
<valid_datatypes>string</valid_datatypes>
<valid_operators>equals, not equal</valid_operators>
<sch:pattern id="regstetype" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
<sch:rule context="win-def:registry_state/win-def:type">
<sch:assert test="not(@datatype) or @datatype='string'">
<sch:value-of select="../@id" /> - datatype attribute for the type entity of a registry_state should be 'string'</sch:assert>
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="value" type="oval-def:EntityStateAnyType" minOccurs="0">
<xsd:annotation>
<xsd:documentation>The value entity allows a test to be written against the value held within the specified registry key(s). If the value being tested is of type REG_BINARY, then the datatype attribute should be set to 'binary' and the data represented by the value entity should follow the xsd:hexBinary form. (each binary octet is encoded as two hex digits) If the value being tested is of type REG_DWORD or REG_QWORD, then the datatype attribute should be set to 'int' and the value entity should represent the data as an integer. If the value being tested is of type REG_EXPAND_SZ, then the datatype attribute should be set to 'string' and the pre-expanded string should be represented by the value entity. If the value being tested is of type REG_MULTI_SZ, then only a single string (one of the multiple strings) should be tested using the value entity with the datatype attribute set to 'string'. In order to test multiple values, multiple OVAL registry tests should be used. If the specified registry key is of type REG_SZ, then the datatype should be 'string' and the value entity should be a copy of the string.</xsd:documentation>
<xsd:documentation>Note that if the intention is to test a version number held in the registry (as a reg_sz) then instead of setting the datatype to 'string', the datatype can be set to 'version'. This allows tools performing the evaluation to know how to perform less than and greater than operations correctly.</xsd:documentation>
<xsd:appinfo>
<sch:pattern id="regstevalue" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
<sch:rule context="win-def:registry_state/win-def:value">
<sch:assert test="(@datatype='int' and (floor(.) = number(.))) or not(@datatype='int') or not(node())">
<sch:value-of select="../@id" /> - The datatype has been set to 'int' but the value is not an integer.</sch:assert>
<!-- we can use the xpath 2.0 function matches() to define assertions for other datatypes -->
</sch:rule>
</sch:pattern>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
|
XSD Schema Diagram:
