Hi i need to create an xsd for a xml where there are many elements of name columns, and rows.
Kindly suggest the XSD, i have made cols as unbounded how should i make the element rows.
<cols>
<id>a</id>
<type>string</type>
</cols>
<cols>
<id>b</id>
<type>string</type>
</cols>
<cols>
<id>c</id>
<type>number</type>
</cols>
<rows>
<c>
<v>a</v>
</c>
<c>
<v>b</v>
</c>
<c>
<v>3</v>
</c>
</rows>
<rows>
<c>
<v>c</v>
The xml sample you posted as it is will not be valid against any schema. In-fact xml should never have multiple root nodes (as your example does). You need to wrap these in a single root node.
In answer to your question xsd does not support attribute values conditional on a count of the number of nodes in a node-set like you assume. The best you can do is use unbounded for your maxOccurs.
The schema you want will look similar to this:
<xs:schema xmlns="http://mynamespace" targetNamespace="http://mynamespace" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="Root">
<xs:complexType>
<xs:sequence>
<xs:element maxOccurs="unbounded" name="cols">
<xs:complexType>
<xs:sequence>
<xs:element name="id" type="xs:string" />
<xs:element name="type" type="xs:string" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element maxOccurs="unbounded" name="rows">
<xs:complexType>
<xs:sequence>
<xs:element name="c">
<xs:complexType>
<xs:sequence>
<xs:element name="v" type="xs:string" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
Hope this helps you
Related
We have comments from security team:
For: _vti_bin/copy.asmx
Implications
Processing XML documents can be computationally expensive. Attackers may take advantage of schemas that allow unbounded elements by supplying an application with a very large number elements causing the application to exhaust system resources.
The following is an example of a schema that allows unbounded bar elements.
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" >
<xs:element name="foo" >
<xs:complexType>
<xs:sequence>
<xs:element name="bar" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
Recommendations
Limit maxOccurs to a reasonable number.
The following is an example of a schema that allows 50 bar elements.
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" >
<xs:element name="foo" >
<xs:complexType>
<xs:sequence>
<xs:element name="bar" maxOccurs="50" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
For: _vti_bin/lists.asmx
Implications
The element means arbitrary tags can be included in a valid document. Permitting arbitrary content makes it easier for attackers to perform attacks like XML injection.
Example 1: Imagine you are using the following schema for validation.
<?xml version="1.0"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="cart" >
<xs:complexType>
<xs:sequence>
<xs:element name="itemID" maxOccurs="1" />
<xs:element name="price" maxOccurs="1" />
<xs:element name="description" maxOccurs="1"/>
<xs:any minOccurs="0"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="description" type="xs:string"/>
<xs:element name="name" type="xs:string"/>
<xs:element name="price" type="xs:decimal"/>
<xs:element name="code" type="xs:string"/>
</xs:schema>
Since this schema uses the element, the following XML documentation will be considered valid.
<?xml version=\"1.0\" ?>
<cart>
<itemID>123</itemID>
<price>50.00</price>
<price>1.0</price>
</cart>
This is especially dangerous when using SAX parsers since later nodes will overwrite previous nodes.
Recommendations
Explicitly define permissible elements instead of using the element.
Example 2: In order to fix Example 1, replace the element with a concretely defined element such as .
<?xml version="1.0"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="cart" >
<xs:complexType>
<xs:sequence>
<xs:element name="itemID" maxOccurs="1" />
<xs:element name="price" maxOccurs="1" />
<xs:element name="description" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="description" type="xs:string"/>
<xs:element name="name" type="xs:string"/>
<xs:element name="price" type="xs:decimal"/>
<xs:element name="code" type="xs:string"/>
</xs:schema>
Could we update those 2 files as suggestions from security team?
I want to avoid xsi:type in an element and add the child elements at runtime based on some condition
I have option element defined as follows of type xs:anyType
<xs:complexType name="prod">
<xs:sequence>
<xs:element type="xs:anyType" name="option" minOccurs="0" maxOccurs="1"</xs:element>
</xs:sequence>
</xs:complexType>
used in element mapping as follows
<xs:element name="mappings">
<xs:complexType>
<xs:sequence>
<xs:element type="prod" name="productionSystem" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
I have need to add following option type as one of the following
<xs:complexType name="Text">
<xs:sequence>
<xs:element type="xs:short" name="id" />
<xs:element type="xs:string" name="name" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="Value">
<xs:sequence>
<xs:element type="xs:short" name="id" />
<xs:element type="xs:string" name="name" />
<xs:element name="psValue" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element type="xs:string" name="value" />
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
so basically one element option can be either of type Text or Value.
I want to avoid xsi:type in the xml. hence defined as xs:anyType. However at runt time Jaxb Marshalling fails with error
"any of its super class is known to this context". How to ensure Text and Value are in Jaxb Context.
Can someone pls guide on same.
Thanks,
Anjana
If you look at the following xsd fragment you can conclude that the corresponding xml will first contain cars followed by busses eg:
car,car,bus,bus
HOWEVER I want the xml to be able to contain
car,bus,car,bus
What change do I need to make in the xsd below in order to achieve this?
<xs:element name="body">
<xs:complexType>
<xs:sequence>
<xs:element name="session" type="tns:session" />
<xs:element minOccurs="0" maxOccurs="unbounded" name="car" type="tns:car" />
<xs:element minOccurs="0" maxOccurs="unbounded" name="bus" type="tns:bus" />
</xs:sequence>
</xs:complexType>
</xs:element>
It's a bit cumbersome, but you might achieve what you're looking for like this:
create a <xs:choice> element with your car and bus elements inside; this defines that one of the contained elements can be used
make sure to have the attribtues minOccurs=1 and maxOccurs=unbounded on that <xs:choice> - this gives you any number of either car or bus elements - any number, any combination
So your XML schema would look something like this (I added some stuff just to be able to generate a sample XML and verify it works - tweak as needed):
<?xml version="1.0" encoding="utf-8"?>
<xs:schema elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="body">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element minOccurs="0" maxOccurs="unbounded" name="car" type="CarType" />
<xs:element minOccurs="0" maxOccurs="unbounded" name="bus" type="BusType" />
</xs:choice>
</xs:complexType>
</xs:element>
<xs:complexType name="CarType">
<xs:sequence>
<xs:element name="Maker" type="xs:string" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="BusType">
<xs:sequence>
<xs:element name="Maker" type="xs:string" />
<xs:element name="Capacity" type="xs:int" />
</xs:sequence>
</xs:complexType>
</xs:schema>
use <xs:any> insted of <xs:sequence>
How can i define that the content of the emailaddress-element has to be unquie compared to all other emailaddresses entered inside the users-tag?
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="users">
<xs:sequence>
<xs:element name="user">
<xs:element name="name" type="xs:string" />
<xs:element name="emailaddress" type="xs:string" />
</xs:element>
</xs:sequence>
</xs:element>
I think this is what you are after:
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="users">
<xs:complexType>
<xs:sequence maxOccurs="unbounded">
<xs:element name="user">
<xs:complexType>
<xs:sequence>
<xs:element name="name" type="xs:string"/>
<xs:element name="emailaddress" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
<!-- Make sure each user has a unique email address -->
<xs:unique name="email-address-is-unique">
<xs:selector xpath="user"/>
<xs:field xpath="emailaddress"/>
</xs:unique>
</xs:element>
</xs:schema>
I also took the liberty of adding omitted elements from your original schema for completeness.
So the xpath attribute of the selector element defines the elements that are being used by the uniqueness constraint, then the field element(s) have xpaths which determine what needs to be unique across the selected elements.
You use the <xs:unique> tag as described here
What's wrong with this xml schema? It doesn't parse correctly, and I can't realize a hierarchy between cluster(element)->host(element)->Load(element).
<?xml version="1.0"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="cluster">
<xs:complexType>
<xs:sequence>
<xs:element ref="host"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="host">
<xs:complexType>
<xs:element ref="Load"/>
<xs:attribute name="name" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
<xs:element name="Load">
<xs:complexType>
<xs:attribute name="usedPhisicalMemory" type="xs:integer"/>
</xs:complexType>
</xs:element>
</xs:schema>
Thank you, Emilio
To allow something like this (I corrected the typo in "usedPhysicalMemory"):
<cluster>
<host name="foo">
<Load usedPhysicalMemory="500" />
</host>
<host name="bar">
<Load usedPhysicalMemory="500" />
</host>
</cluster>
This schema would do it:
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="cluster">
<xs:complexType>
<xs:sequence>
<xs:element ref="host" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="host">
<xs:complexType>
<xs:sequence>
<xs:element ref="Load" />
</xs:sequence>
<xs:attribute name="name" type="xs:string" use="required" />
</xs:complexType>
</xs:element>
<xs:element name="Load">
<xs:complexType>
<xs:attribute name="usedPhysicalMemory" type="xs:integer" />
</xs:complexType>
</xs:element>
</xs:schema>
From the MSDN on <xs:complexType> (because the spec makes my brain hurt):
If group, sequence, choice, or all is specified, the elements must
appear in the following order:
group | sequence | choice | all
attribute | attributeGroup
anyAttribute
Maybe someone else can point out the relevant section in the spec.
In the host element, the load element cannot be a child of complexType, you must have a sequence, etc. in between.