From df5a8ce5c27058e2878c473b1fee5f7a4e22989d Mon Sep 17 00:00:00 2001 From: Aleksy Barcz Date: Mon, 25 Jun 2018 16:27:38 +0200 Subject: [PATCH] Policy checker: initial version Policy checker is based on Schematron, which allows writing declarative checks for xml files (see rules.xml file for details) and yields xml output (which is converted to plain text for readability, but it can be converted to any format). The checker is a shell script, it depends only on xsltproc (libxslt-tools package in Tizen), so it's very lightweight. We can run the checker on any single dbus configuration file, e.g.: ./check ./test-policy.conf (a test policy containing violations of all the implemented rules). So, during a package installation we can run the checker on it's dbus configuration file. Change-Id: I523b7a730fc93a0d4f99bc8ba750be7b6f0e051c --- policychecker/README | 4 + policychecker/check | 88 + policychecker/extract_privilege.xsl | 10 + policychecker/get_privileges | 14 + policychecker/report.xsl | 14 + policychecker/rules.xsl | 144 + policychecker/same.xsl | 105 + policychecker/test-policy.conf | 117 + policychecker/xslt/iso_abstract_expand.xsl | 313 +++ policychecker/xslt/iso_dsdl_include.xsl | 1519 +++++++++++ policychecker/xslt/iso_schematron_message.xsl | 64 + .../xslt/iso_schematron_message_xslt2.xsl | 64 + .../iso_schematron_skeleton_for_saxon.xsl | 2306 +++++++++++++++++ .../iso_schematron_skeleton_for_xslt1.xsl | 1851 +++++++++++++ policychecker/xslt/iso_svrl_for_xslt1.xsl | 614 +++++ policychecker/xslt/iso_svrl_for_xslt2.xsl | 692 +++++ policychecker/xslt/readme.txt | 101 + policychecker/xslt/sch-messages-cs.xhtml | 56 + policychecker/xslt/sch-messages-de.xhtml | 55 + policychecker/xslt/sch-messages-en.xhtml | 57 + policychecker/xslt/sch-messages-fr.xhtml | 54 + policychecker/xslt/sch-messages-ja.xhtml | 53 + policychecker/xslt/sch-messages-nl.xhtml | 58 + .../xslt/schematron-skeleton-api.htm | 723 ++++++ 24 files changed, 9076 insertions(+) create mode 100644 policychecker/README create mode 100755 policychecker/check create mode 100644 policychecker/extract_privilege.xsl create mode 100755 policychecker/get_privileges create mode 100644 policychecker/report.xsl create mode 100644 policychecker/rules.xsl create mode 100644 policychecker/same.xsl create mode 100644 policychecker/test-policy.conf create mode 100644 policychecker/xslt/iso_abstract_expand.xsl create mode 100644 policychecker/xslt/iso_dsdl_include.xsl create mode 100644 policychecker/xslt/iso_schematron_message.xsl create mode 100644 policychecker/xslt/iso_schematron_message_xslt2.xsl create mode 100644 policychecker/xslt/iso_schematron_skeleton_for_saxon.xsl create mode 100644 policychecker/xslt/iso_schematron_skeleton_for_xslt1.xsl create mode 100644 policychecker/xslt/iso_svrl_for_xslt1.xsl create mode 100644 policychecker/xslt/iso_svrl_for_xslt2.xsl create mode 100644 policychecker/xslt/readme.txt create mode 100644 policychecker/xslt/sch-messages-cs.xhtml create mode 100644 policychecker/xslt/sch-messages-de.xhtml create mode 100644 policychecker/xslt/sch-messages-en.xhtml create mode 100644 policychecker/xslt/sch-messages-fr.xhtml create mode 100755 policychecker/xslt/sch-messages-ja.xhtml create mode 100644 policychecker/xslt/sch-messages-nl.xhtml create mode 100644 policychecker/xslt/schematron-skeleton-api.htm diff --git a/policychecker/README b/policychecker/README new file mode 100644 index 0000000..72ad67c --- /dev/null +++ b/policychecker/README @@ -0,0 +1,4 @@ + +./check ./test-policy.conf + +for i in /etc/dbus-1/system.d/*.conf; do ./check "$i" | wc -l ; done diff --git a/policychecker/check b/policychecker/check new file mode 100755 index 0000000..ce3f4ad --- /dev/null +++ b/policychecker/check @@ -0,0 +1,88 @@ +#!/bin/bash + +xslt_processor="xsltproc --nonet --novalid --maxdepth 20000" +tmpdir="./tmp/" + +function exit_with_code() { + rm -rf $tmpdir + exit $1 +} + + +if [ "$#" -ne 1 ]; then + echo "Usage: $0 config-file" + exit 1 +fi + +config_file=$1 +schema_file="./rules.xsl" + +if [ ! -f $config_file ]; then + echo "config file does not exist" + exit 1 +fi + +if [ -d "$tmpdir" ]; then + rm -rf "$tmpdir" +fi + +rm -rf error*.log +mkdir $tmpdir + + +# TEST 1/3: check cynara privileges existence (there are too many to perform this check using xsltproc) +system_privileges_file="$tmpdir/privileges_system" +conf_privileges_file="$tmpdir/privileges_conf" +grep "http://tizen.org/privilege" /var/cynara/db/* | sed "s/;[^;]*;$//g" | sed "s/.*http/http/g" | uniq > $system_privileges_file +$xslt_processor ./extract_privilege.xsl $config_file | uniq > $conf_privileges_file +grep -Fxv -f $system_privileges_file $conf_privileges_file | while read line ; do echo "FAILED(cynara) no privilege in cynara db: $line" ; done + +# TEST 2/3: check allow/deny duplicates (impossible to do directly with xpath 1.0, I don't know how to embed it into schematron config) +$xslt_processor ./same.xsl $config_file + + +# TEST 3/3: apply schematron rules + +# build a test (@user = x or @user = y or ...) at runtime +users_test=$(cat /etc/passwd | sed "s/:.*//g" | sort | paste -sd "," | sed "s/,/' or @user = '/g" | sed "s/^/@user = '/" | sed "s/$/'/") +groups_test=$(cat /etc/group | sed "s/:.*//g" | sort | paste -sd "," | sed "s/,/' or @group = '/g" | sed "s/^/@group = '/" | sed "s/$/'/") + +tmpname="$tmpdir$(basename $schema_file)" + +cat $schema_file | sed "s/USERS_TEST/$users_test/g" | sed "s/GROUPS_TEST/$groups_test/g" > $tmpname.0 2> error.0.log +if [ $? != 0 ]; then + echo "XSL Phase 0 failed, error log saved to error.0.log" + exit_with_code 1 +fi + +$xslt_processor xslt/iso_dsdl_include.xsl $tmpname.0 > $tmpname.1 2> error.1.log +if [ $? != 0 ]; then + echo "XSL Phase 1 failed, error log saved to error.1.log" + exit_with_code 1 +fi + +$xslt_processor xslt/iso_abstract_expand.xsl $tmpname.1 > $tmpname.2 2> error.2.log +if [ ! $? == 0 ]; then + echo "XSL Phase 2 failed, error log saved to error.2.log" + exit 1 +fi + +$xslt_processor xslt/iso_svrl_for_xslt1.xsl $tmpname.2 > $tmpname.3 2> error.3.log +if [ $? != 0 ]; then + echo "XSL Phase 3 failed, error log saved to error.3.log" + exit_with_code 1 +fi + +$xslt_processor $tmpname.3 $config_file > $tmpname.4 2> error.4.log +if [ $? != 0 ]; then + echo "Schematron test failed, error log saved to error.4.log" + exit_with_code 1 +fi + +$xslt_processor report.xsl $tmpname.4 2> error.5.log +if [ $? != 0 ]; then + echo "Formatting test results failed, error log saved to error.5.log" + exit_with_code 1 +fi + +exit_with_code 0 diff --git a/policychecker/extract_privilege.xsl b/policychecker/extract_privilege.xsl new file mode 100644 index 0000000..1438462 --- /dev/null +++ b/policychecker/extract_privilege.xsl @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/policychecker/get_privileges b/policychecker/get_privileges new file mode 100755 index 0000000..753b460 --- /dev/null +++ b/policychecker/get_privileges @@ -0,0 +1,14 @@ +#!/bin/bash + +cmd="xsltproc --nonet --novalid " + +privileges="" + +for i in `ls ./*.conf`; do + new="$($cmd extract_privilege.xsl $i)" + privileges="$privileges \ + $new" +done + +echo "$privileges" | uniq -u +exit 0 diff --git a/policychecker/report.xsl b/policychecker/report.xsl new file mode 100644 index 0000000..4f7c3da --- /dev/null +++ b/policychecker/report.xsl @@ -0,0 +1,14 @@ + + + + + + +FAILED(assert) at : + + + +FAILED(report) at : + + + diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl new file mode 100644 index 0000000..f159b6f --- /dev/null +++ b/policychecker/rules.xsl @@ -0,0 +1,144 @@ + + + + + + + + + Rules using "*" are not allowed. + + + + + + + For each allow send_destination you must add a deny send_destination in default context. + For each allow send_destination you must add a deny own in default context. + + + + For each allow own you must add a deny own in default context. + + + + For each allow own_prefix you must add a deny own_prefix in default context. + + + + + + + Unconstrained allows are not allowed in context default and context mandatory. + + + + + + + You must provide a policy context-default section. + + + You must define a 'deny own="yourname"' rule in context-default policy to avoid depending on a global 'deny own="*"'. + You must define a 'deny send_destination="yourname"' rule in context-default policy to avoid depending on a global deny. + + + + + + + + + + + + + + Empty policy is not allowed. + + + + + + + + + + + You mustn't define rules in at_console contexts (it's deprecated on dbus-daemon systems and not supported on kdbus systems). + + + + + + User does not exist. + + + + + + Group does not exist. + + + + + + + You mustn't use SMACK-context policies, use privileges exclusively. + + + + + + You mustn't allow/deny user/group anywhere except policy context=default|mandatory. + + + + + + You mustn't use eavesdrop rules as they are a potential security risk. + + + + + + + Globs like sth* are not allowed. + + + + + + You mustn't use send_interface without send_destination + + + You mustn't use receive_interface without receive_sender + + + + + + You mustn't use send_ and receive_ attributes in one rule. + + + + + + + + + + eavesdrop rules not implemented on kdbus systems. + send_error rules not implemented on kdbus systems. + send_error rules not implemented on kdbus systems. + send_requested_reply rules not implemented on kdbus systems. + receive_requested_reply rules not implemented on kdbus systems. + send_broadcast rules not implemented on kdbus systems. + + + + diff --git a/policychecker/same.xsl b/policychecker/same.xsl new file mode 100644 index 0000000..c90a4d9 --- /dev/null +++ b/policychecker/same.xsl @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + FAILED(assert) at /busconfig/policy[]/[] : Duplicate rule. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/policychecker/test-policy.conf b/policychecker/test-policy.conf new file mode 100644 index 0000000..9fd42fd --- /dev/null +++ b/policychecker/test-policy.conf @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/policychecker/xslt/iso_abstract_expand.xsl b/policychecker/xslt/iso_abstract_expand.xsl new file mode 100644 index 0000000..5018395 --- /dev/null +++ b/policychecker/xslt/iso_abstract_expand.xsl @@ -0,0 +1,313 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Suppressed abstract pattern was here + + + + + + + Start pattern based on abstract + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/policychecker/xslt/iso_dsdl_include.xsl b/policychecker/xslt/iso_dsdl_include.xsl new file mode 100644 index 0000000..f345b2d --- /dev/null +++ b/policychecker/xslt/iso_dsdl_include.xsl @@ -0,0 +1,1519 @@ + + + + + + + + + + + + true + true + true + true + true + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Error: Impossible URL in RELAX NG extRef + include + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Error: Impossible URL in Schematron include + + + + + + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + + + + + Unable to locate id attribute: + + + + + + + + + + + Schema error: Use include to + include fragments, not a whole + schema + + + + + + + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + + Unable to locate id attribute: + + + + + + + + + + Schema error: Use include to include + fragments, not a whole schema + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Error: Impossible URL in Schematron include + + + + + + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Error: Impossible URL in Schematron include + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + Schema error: Use include to include + fragments, not a whole schema + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + Schema error: Use include to include + fragments, not a whole schema + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Error: Impossible URL in DTLL include + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Error: Impossible URL in CRDL include + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Fatal error: Xinclude href contains fragment + identifier # + + + + + + + Fatal error: Sorry, this software only + supports simple ids in XInclude xpointers + + + + + + + Fatal Error: Impossible URL in XInclude + include + + + + + + + + + + + + + + + + + + + + + + + + + + + Unable to open referenced included file and fallback + file: + + + + + + + Unable to open referenced included file: + + + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Error: Impossible URL in XLink embedding + link + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + Unable to open referenced included file: + + + + + + + Unable to locate id attribute: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + XPath error. No XPath. + XPath error. Missing location step. Suggestion: remove '/' before '['. + + + XPath syntax error. Unclosed parenthesis. Suggestion: add ')'. + + XPath syntax error. Extra close parenthesis. Suggestion: remove ')'. + + + XPath syntax error. Unclosed left square bracket. Suggestion: add ']'. + + XPath syntax error. Extra right square bracket. Suggestion: remove ']'. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/policychecker/xslt/iso_schematron_message.xsl b/policychecker/xslt/iso_schematron_message.xsl new file mode 100644 index 0000000..33ed509 --- /dev/null +++ b/policychecker/xslt/iso_schematron_message.xsl @@ -0,0 +1,64 @@ + + + + + + + + + + + + + + + + + + + + + + + + ( + / + ) + + + \ No newline at end of file diff --git a/policychecker/xslt/iso_schematron_message_xslt2.xsl b/policychecker/xslt/iso_schematron_message_xslt2.xsl new file mode 100644 index 0000000..b3ade50 --- /dev/null +++ b/policychecker/xslt/iso_schematron_message_xslt2.xsl @@ -0,0 +1,64 @@ + + + + + + + + + + + + + + + + + + + + + + + + ( + / + ) + + + \ No newline at end of file diff --git a/policychecker/xslt/iso_schematron_skeleton_for_saxon.xsl b/policychecker/xslt/iso_schematron_skeleton_for_saxon.xsl new file mode 100644 index 0000000..d18f216 --- /dev/null +++ b/policychecker/xslt/iso_schematron_skeleton_for_saxon.xsl @@ -0,0 +1,2306 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #ALL + + + +false + +true + + + + + true + false + + + + + + + true + false + + + + + + + + + @*| + + * + node() + *|comment()|processing-instruction() + + + + + + + + + + +false + + +default + + +1 + +false + + + + + + 1 + + + + + + + + + + + + + + + + + 2 + + + + + + 1.0 + + + + + + + + + This XSLT was automatically generated from a Schematron schema. + + + + + 1.0 + + + + + + + + + + + + 2.0 + + + + + + + + + + 3a + + 3b + + + + + Implementers: please note that overriding process-prolog or process-root is + the preferred method for meta-stylesheets to use where possible. + + + + + + + + + + + + PHASES + + PROLOG + + XSD TYPES FOR XSLT2 + + KEYS AND FUNCTIONS + + DEFAULT RULES + + SCHEMA SETUP + + SCHEMATRON PATTERNS + + + + + + + + + + + + + + + + + + + + + + + + 4a + + 4b + + + + + + + MODE: SCHEMATRON-SELECT-FULL-PATH + This mode can be used to generate an ugly though full XPath for locators + + + + + + + + + + + + + + + + + + + + + + + + + MODE: SCHEMATRON-FULL-PATH + This mode can be used to generate an ugly though full XPath for locators + + + + + + / + + + + *: + + [namespace-uri()=' + + '] + + + + [ + + ] + + + + + + / + + + + + + [] + + + + *[local-name()=' + + '] + + + [] + + + + + + + + + + + + + + + / + + @ + + @*[local-name()=' + + ' and namespace-uri()=' + + '] + + + + + + + / + + @ + + @*[local-name()=' + + ' and namespace-uri()=' + + '] + + + + + + + + + + MODE: SCHEMATRON-FULL-PATH-2 + + This mode can be used to generate prefixed XPath for humans + + + + + + / + + + [ + + ] + + + + + /@ + + + + + MODE: SCHEMATRON-FULL-PATH-3 + + + This mode can be used to generate prefixed XPath for humans + (Top-level element has index) + + + + + + / + + + [ + + ] + + + + + /@ + + + + + MODE: GENERATE-ID-FROM-PATH + + + + + + + + + + + + + + + + + + + + + + . + + + + + + + + MODE: GENERATE-ID-2 + + + U + + + U + + + + + U. + + n + + + + + U. + + _ + + _ + + + + + Strip characters + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 5 + + + + 6a + + 6b + + + + + + + + 7 + + + ASSERT + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 8 + + + + REPORT + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 9 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 10 + + + + 11a + + 11b + + + + + + + + + + + + + + + + + + + + + + 12 + + + 13 + + + + + + + + + + + + + + + + 14 + + + + + + + + + + + + 15 + + + + + + 16 + + + + + + + + 17 + + + + + + + + + 18 + + + + + + + + + + + + + + 19 + + + + + + + + 20a + + 20b + + + + 21 + + + + + + + + + + + + 20a + + 20b + + + + 21 + + + + + + + + + + + + + + + 19 + + + + + + + 21 + + + + + + + + + + + 21 + + + + + + + + + + + + + + + + 22 + + + + + + + + + 23 + + + + + + 24 + + + 25 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 26 + + + 27 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + //( + + ( + + ) + | + + ) + [not(self::text())] + + + + + + + + + //( + + ( + + ) + | + + ) + [not(self::text())] + + + + + + + + + + + + + + + + + + + + + + + 28 + + + + + + + + PATTERN + + + + + + + + + + + + + + + + + + + + 29 + + + + + + + + + + No property found with that ID + + + + + + + + + + + + + + + + + + + + + + + + + + 30 + + + + + RULE + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 31 + + + 32 + + + + + + 33 + + + + + + + + + + + + + + + + + + + + + + + + + + + 34 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 35a + + 35b + + + + + + + + + + + + + + + + + + + + + + + + + 36a + + 36b + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 36a + + 36b + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 37a + + 37b + + + + + + + + + + + + + + + + + + + 38a + + 38b + + + + + + + + + + + + 39a + + 39b + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TERMINATING + + + TERMINATING + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TERMINATING + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + schema-title + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Schema error: Schematron elements in old and new namespaces found + Schema error: in the queryBinding attribute, use 'xslt' + Fail: This implementation of ISO Schematron does not work with schemas using the query language + + Phase Error: no phase has been defined with name + + Markup Error: no pattern attribute in <active> + Reference Error: the pattern " + " has been activated but is not declared + Markup Error: no test attribute in <assert + Markup Error: no test attribute in <report> + Markup Error: no id attribute in <diagnostic> + Markup Error: no rule attribute in <extends> + Reference Error: the abstract rule " + " has been referenced but is not declared + Markup Error: no name attribute in <key> + Markup Error: no path or use attribute in <key> + Markup Error: no path or use attribute in <key> + Schema error: The key element is not in the ISO Schematron namespace. Use the XSLT namespace. + Markup Error: no name attribute in <function> + Schema error: The function element is not in the ISO Schematron namespace. Use the XSLT namespace. + Schema error: Empty href= attribute for include directive. + Error: Impossible URL in Schematron include + Unable to open referenced included file: + + Schema error: Use include to include fragments, not a whole schema + Schema error: XSD schemas may only be imported if you are using the 'xslt2' query language binding + Schema error: The import-schema element is not available in the ISO Schematron namespace. Use the XSLT namespace. + Warning: Variables should not be used with the "xpath" query language binding. + Warning: Variables should not be used with the "xpath2" query language binding. + Markup Error: no uri attribute in <ns> + Markup Error: no prefix attribute in <ns> + Schema implementation error: This schema has abstract patterns, yet they are supposed to be preprocessed out already + Markup Error: no id attribute in <phase> + Markup Error: no context attribute in <rule> + Markup Error: no id attribute on abstract <rule> + Markup Error: (2) context attribute on abstract <rule> + Markup Error: context attribute on abstract <rule> + Markup Error: no select attribute in <value-of> + Warning: + must not contain any child elements + Reference error: A diagnostic " + " has been referenced but is not declared + Using the XSLT namespace with a prefix other than "xsl" in Schematron rules is not supported in this processor: + + Error: unrecognized element in ISO Schematron namespace: check spelling and capitalization + + Warning: unrecognized element + + + + + + diff --git a/policychecker/xslt/iso_schematron_skeleton_for_xslt1.xsl b/policychecker/xslt/iso_schematron_skeleton_for_xslt1.xsl new file mode 100644 index 0000000..9a764df --- /dev/null +++ b/policychecker/xslt/iso_schematron_skeleton_for_xslt1.xsl @@ -0,0 +1,1851 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + #ALL + + + +false + +true + + + + + true + false + + + + + + + true + false + + + + + + + + + @*| + + * + node() + *|comment()|processing-instruction() + + + + + + + + + +false + + + + + +default + +false + + + +1 + + + + + Schema error: Schematron elements in old and new namespaces found + + + + + + + + + + + + + + + + + Schema error: in the queryBinding attribute, use 'xslt' + + + + + 1.0 + + + + + + + + + This XSLT was automatically generated from a Schematron schema. + + + + + 1.0 + + + + + + + + + + Fail: This implementation of ISO Schematron does not work with + schemas using the "" query language. + + + + + Implementers: please note that overriding process-prolog or process-root is + the preferred method for meta-stylesheets to use where possible. + + + + + + + + + + PHASES + + PROLOG + + KEYS + + DEFAULT RULES + + SCHEMA METADATA + + SCHEMATRON PATTERNS + + + + + + + + + + + + + + + + + + + + + + + Phase Error: no phase with name has been defined. + + + + + + + MODE: SCHEMATRON-SELECT-FULL-PATH + This mode can be used to generate an ugly though full XPath for locators + + + + + + + + + + + + + + + + + + + + + + + + + MODE: SCHEMATRON-FULL-PATH + This mode can be used to generate an ugly though full XPath for locators + + + + + + / + + + + + + [] + + + + *[local-name()=' + ' and namespace-uri()=' + + '] + + + [] + + + + + + + + + + / + + @ + + @*[local-name()=' + + ' and namespace-uri()=' + + '] + + + + + + + + + MODE: SCHEMATRON-FULL-PATH-2 + + This mode can be used to generate prefixed XPath for humans + + + + + + / + + + [ + + ] + + + + + /@ + + + + + MODE: GENERATE-ID-FROM-PATH + + + + + + + + + + + + + + + + + + + + + + . + + + + + + + MODE: SCHEMATRON-FULL-PATH-3 + + + This mode can be used to generate prefixed XPath for humans + (Top-level element has index) + + + + + + / + + + [ + + ] + + + + + /@ + + + + + MODE: GENERATE-ID-2 + + + U + + + U + + + + + U. + + n + + + + + U. + + _ + + _ + + + + + Strip characters + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Markup Error: no pattern attribute in <active> + + + + Reference Error: the pattern "" has been activated but is not declared + + + + + + + + Markup Error: no test attribute in <assert + + + ASSERT + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Markup Error: no test attribute in <report> + + + + REPORT + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Markup Error: no id attribute in <diagnostic> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Markup Error: no rule attribute in <extends> + + + Reference Error: the abstract rule "" has been referenced but is not declared + + + + + + + + + + + + + + Markup Error: no name attribute in <key> + + + Markup Error: no path or use attribute in <key> + + + + + + + + + + + + + + + + Markup Error: no path or use attribute in <key> + + + + + + + + + + + + Schema error: The key element is not in the ISO Schematron namespace. Use the XSLT namespace. + + + + + + + + Schema error: Empty href= attribute for include directive. + + + + + + + + + + + + + + Error: Impossible URL in Schematron include + + + + + + + Schema error: Use include to include fragments, not a whole schema + + + + + + + + + + Schema error: Use include to include fragments, not a whole schema + + + + + + + + + + + + + + + Error: Impossible URL in Schematron include + + + + + + + Schema error: Use include to include fragments, not a whole schema + + + + + + + + + + + Schema error: Use include to include fragments, not a whole schema + + + + + + + + + + Warning: Variables should not be used with the "xpath" query language binding. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Markup Error: no uri attribute in <ns> + + + Markup Error: no prefix attribute in <ns> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + //( + + ( + + ) + | + + ) + [not(self::text())] + + + + + + + + + + + + + Schema implementation error: This schema has abstract patterns, yet they are supposed to be preprocessed out already + + + + + + + + + + PATTERN + + + + + + + + + + + + + + + + + + + + Markup Error: no id attribute in <phase> + + + + + + + + Markup Error: no context attribute in <rule> + + + RULE + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Markup Error: no id attribute on abstract <rule> + + + Markup Error: (2) context attribute on abstract <rule> + + + + + + Markup Error: context attribute on abstract <rule> + + + + + + + + + + + + + + + + + + + + + + + + + + + Markup Error: no select attribute in <value-of> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Warning: + + must not contain any child elements + + + + + + + + + + + + + + + + + + + + + + + + + Reference error: A diagnostic "" has been referenced but is not declared + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Using the XSLT namespace with a prefix other than "xsl" in + Schematron rules is not supported + in this processor: + + + + + + + + + + + + + + + + + + + + Error: unrecognized element in ISO Schematron namespace: check spelling + and capitalization + + + + + + + + + + + + + Warning: unrecognized element + + + + + + + + + + + + + + + Warning: unrecognized element + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TERMINATING + + + TERMINATING + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TERMINATING + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + title + + + + + + + schema-title + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/policychecker/xslt/iso_svrl_for_xslt1.xsl b/policychecker/xslt/iso_svrl_for_xslt1.xsl new file mode 100644 index 0000000..069ea02 --- /dev/null +++ b/policychecker/xslt/iso_svrl_for_xslt1.xsl @@ -0,0 +1,614 @@ + + + + + + + + + + + + + + + + + +true + + + + + + + + + + + #ALL + + +false +true +true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + xslt1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +   +   +   + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TERMINATING + + + TERMINATING + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TERMINATING + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/policychecker/xslt/iso_svrl_for_xslt2.xsl b/policychecker/xslt/iso_svrl_for_xslt2.xsl new file mode 100644 index 0000000..373270d --- /dev/null +++ b/policychecker/xslt/iso_svrl_for_xslt2.xsl @@ -0,0 +1,692 @@ + + + + + + + + + + + + + + + +true +true + + + + + + + + + + + #ALL + + +false +true +true + + + + +false + + +default + + + + +1 + + + + + + + + + + + + + + + + + + + + + + + + xslt1 + + + + + + + + + + + + + + + + + +   +   +   + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TERMINATING + + + TERMINATING + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TERMINATING + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/policychecker/xslt/readme.txt b/policychecker/xslt/readme.txt new file mode 100644 index 0000000..5f85c65 --- /dev/null +++ b/policychecker/xslt/readme.txt @@ -0,0 +1,101 @@ +

ISO SCHEMATRON 2010

+ +XSLT implementation by Rick Jelliffe with assistance from members of Schematron-love-in maillist. + +2010-04-21 + +Two distributions are available. One is for XSLT1 engines. +The other is for XSLT2 engines, such as SAXON 9. + + +This version of Schematron splits the process into a pipeline of several different XSLT stages. + +1) First, preprocess your Schematron schema with iso_dsdl_include.xsl. +This is a macro processor to assemble the schema from various parts. +If your schema is not in separate parts, you can skip this stage. +This stage also generates error messages for some common XPath syntax problems. + +2) Second, preprocess the output from stage 1 with iso_abstract_expand.xsl. +This is a macro processor to convert abstract patterns to real patterns. +If your schema does not use abstract patterns, you can skip this +stage. + +3) Third, compile the Schematron schema into an XSLT script. +This will typically use iso_svrl_for_xslt1.xsl or iso_svrl_for_xslt2.xsl +(which in turn invoke iso_schematron_skeleton_for_xslt1.xsl or iso_schematron_skeleton_for_saxon.xsl) +However, other "meta-stylesheets" are also in common use; the principle of operation is the same. +If your schema uses Schematron phases, supply these as command line/invocation parameters +to this process. + +4) Fourth, run the script generated by stage 3 against the document being validated. +If you are using the SVRL script, then the output of validation will be an XML document. +If your schema uses Schematron parameters, supply these as command line/invocation parameters +to this process. + + +The XSLT2 distribution also features several next generation features, +such as validating multiple documents. See the source code for details. + +Schematron assertions can be written in any language, of course; the file +sch-messages-en.xhtml contains the diagnostics messages from the XSLT2 skeleton +in English, and this can be used as template to localize the skeleton's +error messages. Note that typically programming errors in Schematron are XPath +errors, which requires localized messages from the XSLT engine. + +ANT +--- +To give an example of how to process a document, here is a sample ANT task. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +EXTRACTION SCHEMATRON FROM XSD OR RELAX NG + +The following files allow extracting of embedded schematron patterns +in XML Schemas or RELAX NG schemas. For details, see the at + article http://www.topologi.com/resources/schtrn_xsd_paper.html + +The following files are provided: + ExtractSchFromRNG.xsl Generate a Schematron schema from patterns + embedded in a RELAX NG schema. The schema uses XSLT1. + ExtractSchFromXSD.xsl Generate a Schematron schema from patterns + embedded in a W3C XML Schemas schema. The schema uses XSLT1. + + ExtractSchFromRNG-2.xsl Generate a Schematron schema from patterns + embedded in a RELAX NG schema. The schema uses XSLT2. + ExtractSchFromXSD-2.xsl Generate a Schematron schema from patterns + embedded in a W3C XML Schemas schema. The schema uses XSLT2. diff --git a/policychecker/xslt/sch-messages-cs.xhtml b/policychecker/xslt/sch-messages-cs.xhtml new file mode 100644 index 0000000..93e181c --- /dev/null +++ b/policychecker/xslt/sch-messages-cs.xhtml @@ -0,0 +1,56 @@ + + + Chyba ve schématu: nalezeny elementy Schematronu ve starém i novém jmenném prostoru + Chyba ve schématu: v atributu queryBinding použijte 'xslt' + Porucha: Tato implementace ISO Schematronu nefunguje se schématy, která používají dotazovací jazyk + + Fázová chyba: fáze jménem + není definována. + Chybný markup: v elementu <active> chybí atribut pattern + Chybný odkaz: vzor " + " byl aktivován, ne však deklarován + Chybný markup: v elementu <assert> chybí atribut test + Chybný markup: v elementu <report> chybí atribut test + Chybný markup: v elementu <diagnostic> chybí atribut id + Chybný markup: v elementu <extends> chybí atribut rule + Chybný odkaz: abstraktní pravidlo " + " není definováno, ačkoli se na ně odkazuje + Chybný markup: v elementu <key> chybí atribut name + Chybný markup: v elementu <key> chybí atribut path nebo use + Chybný markup: v elementu <key> chybí atribut path nebo use + Chyba ve schématu: element <key> není ve jmenném prostoru ISO Schematronu. Použijte jmenný prostor XSLT. + Chybný markup: v elementu <function> chybí atribut name + Chyba ve schématu: element <function> není ve jmenném prostoru ISO Schematronu. Použijte jmenný prostor XSLT. + Chyba ve schématu: direktiva <include> má prázdný atribut href + Chyba: Nesprávné URL v direktivě <include> + Chyba: Nelze otevřít vkládaný soubor + + Chyba ve schématu: <include> používejte ke vkládání fragmentů, ne celého schématu + Chyba ve schématu: Schémata XSD lze importovat pouze pokud používáte dotazovací jazyk "xslt2" + Chyba ve schématu: element <import-schema> není ve jmenném prostoru ISO Schematronu. Použijte jmenný prostor XSLT. + Varování: S dotazovacím jazykem "xpath" by se neměly používat proměnné + Varování: S dotazovacím jazykem "xpath2" by se neměly používat proměnné + Chybný markup: v elementu <ns> chybí atribut uri + Chybný markup: v elementu <ns> chybí atribut prefix + Chyba v implementaci schématu: toto schéma obsahuje abstraktní vzory, které však již měly být předchozím zpracováním odstraněny + Chybný markup: v elementu <phase> chybí atribut id + Chybný markup: v elementu <rule> chybí atribut context + Chybný markup: v abstraktním pravidlu chybí atribut id + Chybný markup: (2) Abstraktní pravidlo nesmí mít atribut context + Chybný markup: Abstraktní pravidlo nesmí mít atribut context + Chybný markup: v elementu <value-of> chybí atribut select + Varování: + nesmí obsahovat žádné podelementy + Chybný odkaz: Diagnostika " + " nebyla deklarována, ačkoli se na ni odkazuje + Chyba: procesor + nepodporuje použití jmenného prostoru XSLT s jiným prefixem než "xsl" + Chyba: neznámý element + ve jmenném prostoru ISO Schematronu: zkontrolujte, je-li správně zapsán + Varování: neznámý element + + + diff --git a/policychecker/xslt/sch-messages-de.xhtml b/policychecker/xslt/sch-messages-de.xhtml new file mode 100644 index 0000000..00e33e6 --- /dev/null +++ b/policychecker/xslt/sch-messages-de.xhtml @@ -0,0 +1,55 @@ + + + Fehler im Schema: Schematron Elemente sowohl im alten als auch neuen Namensraum gefunden + Fehler im Schema: Nutzen Sie 'xslt' als Wert für das 'queryBinding'-Attribut + Fehler: Diese Implementierung von ISO Schematron unterstützt keine Schemas, welche die Query Language + nutzen + Phasenfehler: Es gibt keine Phase mit Namen + + Fehler in der Annotation: Kein Attribut 'pattern' in <active> + Referenzierungsfehler: Der Ausdruck " + " wurde aktiviert, ist aber nicht deklariert + Fehler in der Annotation: Kein Attribut 'test' in <assert + Fehler in der Annotation: Kein Attribut 'test' in <report> + Fehler in der Annotation: Kein Attribut 'id' in <diagnostic> + Fehler in der Annotation: Kein Attribut 'rule' in <extends> + Referenzierungsfehler: Die abstrakte Regel " + " wurde referenziert, ist aber nicht deklariert + Fehler in der Annotation: Kein Attribut 'name' in <key> + Fehler in der Annotation: Kein Attribut 'path' oder 'use' in <key> + Fehler in der Annotation: Kein Attribut 'path' oder 'use' in <key> + Fehler im Schema: Das Element <key> ist im ISO Schematron-Namensraum nicht vorhanden. Benutzen Sie den XSLT-Namensraum. + Fehler in der Annotation: Kein Attribut 'name' in <function> + Fehler im Schema: Das Element <function> ist im ISO Schematron-Namensraum nicht vorhanden. Benutzen Sie den XSLT-Namensraum. + Fehler im Schema: Leeres Attribut 'href' für <include> Anweisung. + Fehler: Ungültige URL in <include> + Kann die referenzierte Datei nicht öffnen: + + Fehler im Schema: <include> darf nur zur Einbettung von Schemafragmenten genutzt werden, nicht für ganze Schemata + Fehler im Schema: XSD Schemata dürfen nur importiert werden, wenn das 'xslt2' Query Language Binding genutzt wird + Fehler im Schema: Das Element <import-schema> ist im ISO Schematron-Namensraum nicht vorhanden. Benutzen Sie den XSLT-Namensraum. + Warnung: Variablen sollten nicht zusammen mit dem 'xpath' Query Language Binding genutzt werden. + Warnung: Variablen sollten nicht zusammen mit dem 'xpath2' Query Language Binding genutzt werden. + Fehler in der Annotation: Fehlendes Attribut 'uri' in <ns> + Fehler in der Annotation: Fehlendes Attribut 'prefix' in <ns> + Fehler bei der Schemaimplementierung: Dieses Schema enthält abstrakte Mustervergleiche, die bereits vorverarbeitet sein sollten. + Fehler in der Annotation: Fehlendes Attribut 'id' in <phase> + Fehler in der Annotation: Fehlendes Attribut 'context' in <rule> + Fehler in der Annotation: Fehlendes Attribut 'id' an abstrakter <rule> + Fehler in der Annotation: (2) Kontext-Attribut an abstrakter <rule> + Fehler in der Annotation: Attribut 'context' an abstrakter <rule> + Fehler in der Annotation: Fehlendes Attribut 'select' in <value-of> + Warnung: + darf keine Kindelemente beinhalten + Referenzierungsfehler: Ein <diagnostic>-Element " + " wurde referenziert, ist aber nicht deklariert + Der Gebrauch des XSLT-Namensraums mit einem anderen Präfix als 'xsl' in Schematron-Regeln wird von diesem Prozessor nicht unterstützt: + + Fehler: Unbekanntes Element im ISO Schematron-Namensraum: Überprüfen Sie die Schreibweise (inkl. Groß- und Kleinschreibung) + + Warnung: Unbekanntes Element + + diff --git a/policychecker/xslt/sch-messages-en.xhtml b/policychecker/xslt/sch-messages-en.xhtml new file mode 100644 index 0000000..6f777ed --- /dev/null +++ b/policychecker/xslt/sch-messages-en.xhtml @@ -0,0 +1,57 @@ + + + + Schema error: Schematron elements in old and new namespaces found + Schema error: in the queryBinding attribute, use 'xslt' + Fail: This implementation of ISO Schematron does not work with schemas using the query language + + Phase Error: no phase has been defined with name + + Markup Error: no pattern attribute in <active> + Reference Error: the pattern " + " has been activated but is not declared + Markup Error: no test attribute in <assert> + Markup Error: no test attribute in <report> + Markup Error: no id attribute in <diagnostic> + Markup Error: no rule attribute in <extends> + Reference Error: the abstract rule " + " has been referenced but is not declared + Markup Error: no name attribute in <key> + Markup Error: no path or use attribute in <key> + Markup Error: no path or use attribute in <key> + Schema error: The <key> element is not in the ISO Schematron namespace. Use the XSLT namespace. + Markup Error: no name attribute in <function> + Schema error: The <function> element is not in the ISO Schematron namespace. Use the XSLT namespace. + Schema error: Empty href attribute for <include> directive. + Error: Impossible URL in Schematron <include> + Error: Unable to open referenced included file: + + Schema error: Use <include> to include fragments, not a whole schema + Schema error: XSD schemas may only be imported if you are using the 'xslt2' query language binding + Schema error: The <import-schema> element is not available in the ISO Schematron namespace. Use the XSLT namespace. + Warning: Variables should not be used with the "xpath" query language binding. + Warning: Variables should not be used with the "xpath2" query language binding. + Markup Error: no uri attribute in <ns> + Markup Error: no prefix attribute in <ns> + Schema implementation error: This schema has abstract patterns, yet they are supposed to be preprocessed out already + Markup Error: no id attribute in <phase> + Markup Error: no context attribute in <rule> + Markup Error: no id attribute on abstract <rule> + Markup Error: (2) context attribute on abstract <rule> + Markup Error: context attribute on abstract <rule> + Markup Error: no select attribute in <value-of> + Warning: + must not contain any child elements + Reference error: A diagnostic " + " has been referenced but is not declared + Warning: Using the XSLT namespace with a prefix other than "xsl" in Schematron rules is not supported in this processor: + + Error: unrecognized element in ISO Schematron namespace: check spelling and capitalization + + Warning: unrecognized element + + \ No newline at end of file diff --git a/policychecker/xslt/sch-messages-fr.xhtml b/policychecker/xslt/sch-messages-fr.xhtml new file mode 100644 index 0000000..a797db7 --- /dev/null +++ b/policychecker/xslt/sch-messages-fr.xhtml @@ -0,0 +1,54 @@ + + + Erreur de schema: éléments Schematron à la fois dans l'ancien et le nouveau namespace + Erreur de schema: utilisez 'xslt' dans l'attribut queryBinding + Échec: Cette implémentation de Schematron ISO ne fonctionne pas avec des schemas utilisant le langage de query + + Erreur de phase: aucune phase n'a été définie avec le nom + + Erreur de balisage: pas d'attribut pattern dans <active> + Erreur de référence: le pattern " + " a été activé mais n'a pas été décalaré + Erreur de balisage: pas d'attribut test dans <assert> + Erreur de balisage: pas d'attribut test dans <report> + Erreur de balisage: pas d'attribut id dans <diagnostic> + Erreur de balisage: pas d'attribut rule dans <extends> + Erreur de référence: la règle abstraite " + " a été référencée mais pas déclarée + Erreur de balisage: pas d'attribut name dans <key> + Erreur de balisage: pas d'attribut path ou use dans <key> + Erreur de schema: L'élément key n'est pas dans le namespace Schematron ISO. Utilisez le namespace XSLT. + Erreur de balisage: pas d'attribut name dans <function> + Erreur de schema: L'élément function n'est pas dans le namespace Schematron ISO. Utilisez le namespace XSLT. + Erreur de schema: Attribut href vide sur a directive include. + Erreur: URL impossible dans la directive include de Schematron + Impossible d'ouvrir le fichier référencé pour l'inclusion: + + Erreur de schema: Utilisez include pour inclure des fragments et non un schema entier + Erreur de schema: Les schema XSD peuvent être importés seulement si vous utilisez the langage de query 'xslt2' + Erreur de schema: L'élément import-schema n'est pas disponible dans le namespace Schematron ISO. Utilisez le namespace XSLT. + Avertissement: Des variables ne devraient pas être utiliées avec le langage de query "xpath". + Avertissement: Des variables ne devraient pas être utiliées avec le langage de query "xpath2". + Erreur de balisage: pas d'attribut uri dans <ns> + Erreur de balisage: pas d'attribut prefix dans <ns> + Erreur d'implémentation de schema: Ce schema des patterns abstraits, bien qu'ils sont supposés avoir été préprocessés précédemment + Erreur de balisage: pas d'attribut id dans <phase> + Erreur de balisage: pas d'attribut context dans <rule> + Erreur de balisage: pas d'attribut id dans <rule> + Erreur de balisage: (2) attribut context dans une <rule> abstraite + Erreur de balisage: attribut context dans une <rule> abstraite + Erreur de balisage: pas d'attribut select dans <value-of> + Avertissement: + ne peut contenir aucun élément enfant + Erreur de référence: Un diagnostique " + " a été référencé mais n'est pas déclaré + Utiliser the namespace XSLT avec un autre préfixe que "xsl" dans les rules Schematron n'est pas supporté par ce processor: + + Erreur: élément inconnu dans le namespace Schematron ISO: vérifiez l'orthographe et la casse + + Avertissement: élément inconnu + + diff --git a/policychecker/xslt/sch-messages-ja.xhtml b/policychecker/xslt/sch-messages-ja.xhtml new file mode 100755 index 0000000..bedf32b --- /dev/null +++ b/policychecker/xslt/sch-messages-ja.xhtml @@ -0,0 +1,53 @@ + + + スキーマエラー:古い名前空間と新しい名前空間にはSchematron 要素が見つかりました。 + スキーマエラー:検索結合属性では、 'xslt'を使用する。 + 失敗: ISO Schematron の 実行 は、スキーマが検索言語を使用してできない。 + + フェーズ エラー: フェーズは名前で定義されていない。 + + マークアップエラー: <active>にはパターンの属性がない + 参照エラー: パターン が " + " 活性化されているが宣言されていない。 + マークアップエラー: <assert> にはtestの属性がない + マークアップエラー: <report> にはtestの属性がない + マークアップエラー: <diagnostic> にはidの属性がない   + マークアップエラー:  <extends> にはruleの属性がない + 参照エラー: 抽象的な規則が " + " 参照されているが宣言されていない。 + マークアップエラー: <key>にはnameの属性がない + マークアップエラー: <key>にはpath か 又は useの 属性がない + マークアップエラー:  <key>には path か 又は useの 属性がない + スキーマエラー: <key> の要素はISO Schematronの 名前空間にはない. XSLTの名前空間を使用する。 + マークアップエラー: <function>にはnameの属性がない + スキーマエラー: <function> の要素はISO Schematronの 名前空間にはない. XSLTの名前空間を使用する。 + スキーマエラー: <include>のために空hrefの属性がある。 + エラー: Schematron <include>には不可能なURL がある + エラー: 参照したファイルが含まれて、開けない : + + スキーマエラー:全体のスキーマではなく、フラグメントを含む <include> を使用する。 + スキーマエラー: 'xslt2'の検索言語結合を使用している場合はXSDスキーマのみ読み込みできる。 + スキーマエラー:ISO Schematron の名前空間には <import-schema>の要素は無効です。 XSLTの 名前空間を使用する。 + 注意: 変数は、"xpath" 検索言語結合を使用すべきではない。 + 注意: 変数は、"xpath" 検索言語結合を使用すべきではない。 + マークアップエラー: <ns>にはuriの属性がない + マークアップエラー: <ns>にはprefixの属性がない + スキーマ実行 エラー: このスキーマは抽象的なパターンを持って、まだすでに前加工されることになっている。 + マークアップエラー: <phase>にはidの属性がない + マークアップエラー: <rule>にはcontextの要素がない + マークアップエラー: 抽象的な <rule>にはid属性がない。 + マークアップエラー: (2) 抽象的な <rule>にはcontext属性がない。 + マークアップエラー: 抽象的な <rule>にはcontext属性がない。 + マークアップエラー: <value-of>には selectの属性がない + 注意: + 子要素が含まれなくてはならない + 参照エラー: 診断は " + " 参照されているが宣言されていない。 + 注意: Schematron規則で"xsl"以外の接頭辞 XSLT 名前空間を使用することは、このプロセサーで サーポトしていない。 + + エラー: ISO Schematron 名前空間に不明な要素がある: 綴り字と大文字使用を確認する + + 注意: 不明な要素 + + diff --git a/policychecker/xslt/sch-messages-nl.xhtml b/policychecker/xslt/sch-messages-nl.xhtml new file mode 100644 index 0000000..5f05577 --- /dev/null +++ b/policychecker/xslt/sch-messages-nl.xhtml @@ -0,0 +1,58 @@ + + + Schema fout: er werden Schematron elementen uit de oude en nieuwe + namespace gevonden + Schema fout: gebruik 'xslt' in het queryBinding attribute + Faling: Deze implementatie van ISO Schematron werkt niet met + schemas die gebruik maken van de query language + + Fase fout: er is geen 'phase' gedefinieerd met naam + + Markup fout: er is geen 'pattern' attribuut in <active> + Referentie fout: het 'pattern' " + " is geactiveerd maar niet gedeclareerd + Markup fout: er is geen 'test' attribuut in <assert + Markup fout: er is geen 'test' attribuut in <report> + Markup fout: er is geen 'id' attribuut in <diagnostic> + Markup fout: er is geen 'rule' attribuut in <extends> + Referentie fout: de abstracte regel " + " werd gerefereerd maar niet gedeclareerd + Markup fout: er is geen 'name' attribuut in <key> + Markup fout: er is geen 'path' of 'use' attribuut in <key> + Markup fout: er is geen 'path' of 'use' attribuut in <key> + Schema fout: Het 'key' element zit niet in de ISO Schematron namespace. Gebruik de XSLT namespace. + Markup fout: er is geen 'name' attribuut in <function> + Schema fout: Het 'function' element zit niet in de ISO Schematron namespace. Gebruik de XSLT namespace. + Schema fout: Leeg 'href=' attribuut bij de include opdracht. + Fout: Onmogelijke URL gebruikt bij de Schematron include + Kan de gerefereerde 'include' file niet openen: + + Schema fout: Gebruik include om fragmenten op te nemen, niet een volledig schema + Schema fout: XSD schemas kunnen enkel geïmporteerd worden indien de 'xslt2' query language binding gebruikt is + Schema fout: Het 'import-schema' element is niet beschikbaar in the ISO Schematron namespace. Gebruik de XSLT namespace. + Waarschuwing: Variabelen niet gebruiken met de "xpath" query language binding. + Waarschuwing: Variabelen niet gebruiken met de "xpath2" query language binding. + Markup fout: er is geen 'uri' attribute in <ns> + Markup fout: er is geen 'prefix' attribute in <ns> + Schema implementatie fout: Dit schema heeft abstracte patronen, die al gepreprocessed zouden moeten zijn + Markup fout: er is geen 'id' attribuut in <phase> + Markup fout: er is geen 'context' attribuut in <rule> + Markup fout: er is geen 'id' attribuut op abstracte <rule> + Markup fout: (2) context attributen op abstracte <rule> + Markup fout: context attribuut op abstracte <rule> + Markup fout: er is geen 'select' attribute in <value-of> + Waarschuwing: + mag geen kind elementen bevatten + Referentie fout: Een diagnostic " + " werd gerefereerd maar is niet gedeclareerd. + Het gebruik van de XSLT namespace met een prefix verschillend + van "xsl" in Schematron regels wordt niet ondersteund in deze processor: + + Fout: een niet herkend element in de ISO Schematron namespace: check spelling en hoofdlettergebruik + + Waarschuwing: een niet herkend element + + diff --git a/policychecker/xslt/schematron-skeleton-api.htm b/policychecker/xslt/schematron-skeleton-api.htm new file mode 100644 index 0000000..af81377 --- /dev/null +++ b/policychecker/xslt/schematron-skeleton-api.htm @@ -0,0 +1,723 @@ + + + + + The ISO Schematron Skeleton API + + + + + +

API for ISO Schematron Skeleton

+



+

+

Rick Jelliffe, 2010/04/14

+

This document provides documentation on the XSLT API available in +the implementation of Schematron called iso_schematron_skeleton.xsl. +(available in an XSLT1 and XSLT2 version). The API makes available as +much information from the schema, however there may be some edge +cases where it is not exhaustive. +

+

The skeleton is an XSLT script which provides all the basic +parsing and validating routines for compiling a Schematron schema +into XSLT. Schematron was designed to allow many different uses, and +the skeleton gives you a headstart in creating a customized +implementation. You just need to write XSLT templates to override the +default ones. (The program you write is sometimes called a +meta-stylesheet.) It is the meta-stylesheet that is called +as the XSLT script, not the skeleton. There are several +pre-processing stages which the Schematron schema should be processed +through first, to handle such things as include statements and +abstract patterns. +

+

Phases and error reporting for problems in the schema itself are +handled by the skeleton with no interaction with a “meta-stylesheet”. +Note that there is no guarantee that the context node is always the +element being handled: in most cases the only information available +is the information in the parameters. +

+

For an introductory tutorial on using this API, see Bob DuCharme's +Schematron 1.5: +Looking Under the Hood +

+

Superset of API for Schematron 1.5 and 1.6

+

(This is an updated version of the API for the Schematron 1.5 +implementation called skeleton1-5.xsl, which in turn comes +from the new architecture contributed by Oliver Becker for +Schematron 1.3.)

+

The current API contains only additions. Well-written +meta-stylesheets that use the new API will be be able to run on the +existing 1.5 and 1.6 skeletons. Similarly, it should be possible to +upgrade the skeleton from 1.5 or 1.6 to the iso-schematron-skeleton +only by correcting the import statement at the beginning of the +meta-stylsheet. Additions or re-groupings from the 1.5 schema are +shown in red. Deletions have overstrike.

+

Mooted addition: a parameter @action which for specifying +processing instructions on assertions and reports.

+
+

process-prolog

+

The process-prolog template gets called at the start of +the validation session. It has no parameters. The default +implementation is no action.

+
+

process-root

+

The process-root template processes the root element of +the schema (which is not the same thing as the root of the document / +and need not be the document element /*) .

+
+
node-list $contents +
+ string $schemaVersion +
+ The version of the schema, perhaps a datestamp. +
+ "xslt" | "xpath" | + "xslt2" | ... + $queryBinding +
+ The query language binding. +
+ string $title +
+ The title of this schema +
+ "iso" | "1.5" | + "1.6" | ... + $version +
+ The version of Schematron being used. +
+

+Rich properties:

+
+
XML SystemId + $icon +
+ The URI of an icon +
+ XML ID + $id +
+ The unique identifier with the schema for the + schema + element. +
+ SGML FPI + $fpi +
+ The Formal Public Identifier for this schema. +
+ IETF language + $lang +
+ The human language used in this schema, from + xml:lang +
+ URL + $see +
+ Link to documentation on WWW or file +
+ "preserve" | "default" + $space +
+ The value for xml:space +
+

+To print the documentation paragraphs, use <xsl:apply-templates +mode="do-schema-p" />

+

To output the results, use <xsl:copy-of select="$contents" +/>

+
+

process-assert

+

The process-assert template handles asserts whose test +has failed. +

+
+
XPath $test +
+ The test +
+ XML IDREFS $diagnostics +
+ A list of the idrefs diagnostic elements related to the current + assertion +
+ XML NMTOKEN + $flag +
+ The name of a flag that becomes true because + this assertion fails. The flag is true for the document if it is + flagged true on any assertion. For compatability, this parameter + should not be used with Schematron 1.5. +
+

+Rich properties:

+
+
XML SystemId + $icon +
+ The URI of an icon +
+ XML ID + $id +
+ The unique identifier with the schema for the + assert + element. +
+ SGML FPI + $fpi +
+ The Formal Public Identifier for this + assertion. +
+ IETF language + $lang +
+ The human language used in this assertion, + from xml:lang +
+ URL + $see +
+ Link to documentation on WWW or file +
+ "preserve" | "default" + $space +
+ The value for xml:space +
+

+Linking properties:

+
+
XML NMTOKEN + $role +
+ A name for the generic role of this assertion. + The schema creator would have their own vocabulary. +
+ XPath + $subject +
+ A path relative to the current context to some + interesting node considered the subject. +
+

+To print the text contents, use <xsl:apply-templates +mode="text" />

+
+

process-diagnostic

+

The process-diagnostic template handles diagnostic +messages for assert statements that have failed and report +statements that have succeeded. The diagnostics are evaluated in the +context of the rule.

+

Rich properties:

+
+
XML SystemId + $icon +
+ The URI of an icon +
+ XML ID + $id +
+ The unique identifier with the schema for the + assert + element. +
+ SGML FPI + $fpi +
+ The Formal Public Identifier for this + assertion. +
+ IETF language + $lang +
+ The human language used in this assertion, + from xml:lang +
+ URL + $see +
+ Link to documentation on WWW or file +
+ "preserve" | "default" + $space +
+ The value for xml:space +
+
+

process-dir

+

The process-dir template handles bi-directionality +markup, which is only needed by certain human scripts such as Arabic.

+
+
"ltr" or "rtl" or "" + $value +
+ Left-to-right or right-to-left or unspecified +
+
+

process-emph

+

The process-emph template handles the markup of +emphasized text in paragraphs, assertions and diagnostics. It has no +parameters.

+
+

process-message

+

The process-message handles default outputing of text.

+
+
string $pattern +
+ Some text that may be some kind of pattern +
+ string $role +
+ Some text that may be some kind of role +
+
+

process-name

+

The process-name templates handle name strings that can +be used in assertions. asssert and report only +provide name subelements rather than the more general +value-of elements to encourage plain language and generic +descriptions rather than specific diagnostics, for which purpose the +diagnostics elements are used.

+
+
string $name +
+ The name of the current element, or of the node specified by a name + element +
+
+

process-ns

+

The process-ns template reports on ns +declarations, which are used to transmit on namespace information by +the skeleton.

+
+
Namespace NCName $prefix +
+ The prefix of a namespace +
+ XML SystemId $uri +
+ The (internationalized) URI Reference of a namespace +
+
+

process-p

+

The process-p template handles paragraphs.

+
+
XML NMTOKEN $class +
+ An attribute that can be used for stylesheet style +
+ XML ID $id +
+ The unique identifier with the schema for the p element. +
+ XML SystemId $icon +
+ The URI of an icon +
+ IETF Language $lang +
+ The human language used in this paragraph +
+

+To print the text contents, use <xsl:apply-templates +mode="text" /> +

+
+

process-pattern

+

The process-pattern reports on the start of evaluation of +a pattern element.

+
+
string $name +
+ The title of the current pattern +
+ XML NCNAMES $is-a +
+ Empty or not provided if the pattern is not derived from an abstract + pattern. Otherwise the name of the abstract pattern. A list may be + used if there was a sequence of abstract patterns. +
+

+Rich properties:

+
+
XML SystemId + $icon +
+ The URI of an icon +
+ XML ID + $id +
+ The unique identifier with the schema for the + pattern + element. +
+ SGML FPI + $fpi +
+ The Formal Public Identifier for this pattern. + +
+ IETF language + $lang +
+ The human language used in this pattern, from + xml:lang +
+ URL + $see +
+ A (internationalized) URI reference to some + supporting or defining documentation +
+ "preserve" | "default" + $space +
+ The value for xml:space +
+

+To print the documentation contents, use <xsl:apply-templates +mode="do-pattern-p"/>

+
+

process-report

+

The process-report template handles report whose +test has succeeded. +

+
+
XPath $test +
+ The test +
+ XML IDREFS $diagnostics +
+ A list of the diagnostic elements related to the current assertion +
+ XML NMTOKEN + $flag +
+ The name of a flag that becomes true because + this assertion fails. The flag is true for the document if it is + flagged true on any assertion. For compatability, this parameter + should not be used with Schematron 1.5. +
+

+Rich properties:

+
+
XML SystemId + $icon +
+ The URI of an icon +
+ XML ID + $id +
+ The unique identifier with the schema for the + report + element. +
+ SGML FPI + $fpi +
+ The Formal Public Identifier for this report. +
+ IETF language + $lang +
+ The human language used in this report, from + xml:lang +
+ URL + $see +
+ Link to documentation on WWW or file +
+ "preserve" | "default" + $space +
+ The value for xml:space +
+

+Linking properties:

+
+
XML NMTOKEN + $role +
+ A name for the generic role of this assertion. + The schema creator would have their own vocabulary. +
+ XPath + $subject +
+ A path relative to the current context to some + interesting node considered the subject. +
+

+To print the text contents, use <xsl:apply-templates +mode="text" />

+
+

process-rule

+

The process-rule reports that a rule element has +fired: its context attribute matched some nodes. .

+
+
XSLT expression $context +
+ The expression that gives the context of the current +
+

+Rich properties:

+
+
XML SystemId + $icon +
+ The URI of an icon +
+ XML ID + $id +
+ The unique identifier with the schema for this + rule + element. +
+ SGML FPI + $fpi +
+ The Formal Public Identifier for this rule. +
+ IETF language + $lang +
+ The human language used in this rule, from + xml:lang +
+ URL + $see +
+ Link to documentation on WWW or file +
+ "preserve" | "default" + $space +
+ The value for xml:space +
+

+Linking properties:

+
+
XML NMTOKEN + $role +
+ A name for the generic role of this assertion. + The schema creator would have their own vocabulary. +
+ XPath + $subject +
+ A path relative to the current context to some + interesting node considered the subject. +
+
+

process-span

+

The process-span handles span elements, which are generic +elements for styling, like HTML's .

+
+
XML NMTOKEN $class +
+ An attribute that can be used for stylesheet style +
+
+

process-title

+

The process-title handles title elements, which are +generic elements for styling, like HTML's .

+
+
XML NMTOKEN $class +
+ An attribute that can be used for stylesheet style +
+

+By default, titles are handled by invocing process-p with +the parameter class with a value "title".

+
+

process-value-of

+

The process-value-of template handles value-of +elements, which are used in diagnostic messages to allow very +specific hinting .

+
+
XPath $select +
+ The path of some node that will be evaluated and printed.
+
+

Global Parameters

+

There are several global parameters that may be available for use. +However, it is not a requirement to follow these, and implementations +may not supply them with any value. So a test of +string-length(variable) < +0 is appropriate in each case.

+



+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

Parameter

+ 		+

Value

+ 		+

Description

+
+

allow-foreign

+ 		+

"true" | "false" (default) +

+ 		+

Pass non-Schematron elements to the generated + stylesheet. Pass the Schematron elements span, emph and dir: to + the output SVRL. +

+
+

fileNameParameter

+ 		+

string

+ 		+

A parameter passed to the Validator and + potentially available as a variable in Schematron schemas as + $fileNameParameter

+
+

fileDirParameter

+ 		+

string

+ 		+

A parameter passed to the Validator and + potentially available as a variable in Schematron schemas as + $fileDirParameter

+
+

archiveNamePaameter

+ 		+

string

+ 		+

A parameter passed to the Validator and + potentially available as a variable in Schematron schemas as + $archiveNameParameter

+
+

archiveDirParameter

+ 		+

string

+ 		+

A parameter passed to the Validator and + potentially available as a variable in Schematron schemas as + $archivePathParameter

+
+

debug +

+ 		+

true” | “false” (default)

+ 		+

Verbose error messages (Note this may be + superceded by “verbose” at some stage in the future.)

+
+

generate-paths

+ 		+

true|false +

+ 		+

generate the SVRL @location attribute with XPaths

+
+

diagnose

+ 		+

yes | no +

+ 		+

Add the diagnostics to the assertion results

+
+

terminate

+ 		+

yes | no | true | false | assert +

+ 		+

Terminate on the first failed assertion or + successful report

+
+

message-newline +

+ 		+

"true" (default) | "false" +

+ 		+

Generate an extra newline at the end of messages

+
+

output-encoding

+ 		+

string

+ 		+

The encoding used for output, for example if the + output is XML

+
+
+
+
+ + \ No newline at end of file -- 2.34.1