From f6cd5b3f1a236dd2e5e05f6df552b1b1f793659b Mon Sep 17 00:00:00 2001 From: sharathshivalingappa Date: Fri, 29 May 2026 14:07:42 +0530 Subject: [PATCH 1/5] 283-Proposal-Add-version_item-Element-to-PAN-OS-OVAL-Schema --- oval-schemas/panos-definitions-schema.xsd | 99 ++++++++++++++++++- .../panos-system-characteristics-schema.xsd | 53 +++++++++- 2 files changed, 146 insertions(+), 6 deletions(-) diff --git a/oval-schemas/panos-definitions-schema.xsd b/oval-schemas/panos-definitions-schema.xsd index 4d5604e..28de303 100644 --- a/oval-schemas/panos-definitions-schema.xsd +++ b/oval-schemas/panos-definitions-schema.xsd @@ -5,7 +5,7 @@ xmlns:panos-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#panos" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#panos" - elementFormDefault="qualified" version="5.12.2"> + elementFormDefault="qualified" version="5.12.3"> @@ -24,8 +24,8 @@ Palo Alto (PAN-OS) Definitions - 5.12.2 - 11/25/2025 09:00:00 AM + 5.12.3 + 05/29/2026 09:00:00 AM For the portion subject to the copyright in the United States: Copyright (c) 2016 United States Government. All rights reserved. Copyright (c) 2016, Center for Internet Security. All rights reserved. The contents of @@ -168,4 +168,97 @@ + + + + + + + The version_test is used to check the version from a PAN-OS XML API request. + This is a request to the API at "https://[PAN-OS-DEVICE]/api/?type=op&cmd=<show><system><info></info></system></show>". + The response to this request is an XML payload rooted with a "response" element and including device-specific information. + It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a version_object and the optional state element specifies the data to check. + + + version_test + version_object + version_state + version_item + + + + + + - the object child element of a version_test must reference a version_object + + + - the state child element of a version_test must reference a version_state + + + + + + + + + + + + + + + + + + The version_object element is used by a version_test to define the different version information associated with an PANOS system. There is actually only one object relating to version and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check version will reference the same version_object which is basically an empty object element. + + + + + + + + + + The version_state element defines the version information held within a PANOS Release. + + + + + + + + The major_version entity is used to check the major version piece of the version string. The value is an integer and in the example 10.1.14-h9 the major version is '10'. + + + + + The minor_version entity is used to check the minor version piece of the version string. The value is an integer and in the example 10.1.14-h9 the minor version is '1'. + + + + + The release entity is used to check the release piece of the version string. The value is an integer and in the example 10.1.14-h9 the release is '14'. + + + + + The Hotfix entity is used to check the hotfix piece of the version string. The value is an integer and in the example 10.1.14-h9 the hotfix is '9'. + + + + + The version_string entity is used to check the sw-version raw string output of a PAN-OS XML API request. The value is an string and the example 10.1.14-h9 + + + + + The model_name entity is used to check the model string output of a PAN-OS XML API request. + + + + + + + diff --git a/oval-schemas/panos-system-characteristics-schema.xsd b/oval-schemas/panos-system-characteristics-schema.xsd index b5e0149..08860ca 100644 --- a/oval-schemas/panos-system-characteristics-schema.xsd +++ b/oval-schemas/panos-system-characteristics-schema.xsd @@ -4,7 +4,7 @@ xmlns:panos-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#panos" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#panos" - elementFormDefault="qualified" version="5.12.2"> + elementFormDefault="qualified" version="5.12.3"> @@ -19,8 +19,8 @@ Palo Alto (PAN-OS) Definitions - 5.12.2 - 11/25/2025 09:00:00 AM + 5.12.3 + 05/29/2026 09:00:00 AM For the portion subject to the copyright in the United States: Copyright (c) 2016 United States Government. All rights reserved. Copyright (c) 2016, Center for Internet Security. All rights reserved. The contents of @@ -63,4 +63,51 @@ + + + + + + + This item stores results from checking the contents of an XML configuration. + + + + + + + + The major_version entity is used to check the major version piece of the version string. The value is an integer and in the example 10.1.14-h9 the major version is '10'. + + + + + The minor_version entity is used to check the minor version piece of the version string. The value is an integer and in the example 10.1.14-h9 the minor version is '1'. + + + + + The release entity is used to check the release piece of the version string. The value is an integer and in the example 10.1.14-h9 the release is '14'. + + + + + The hotfix entity is used to check the hotfix piece of the version string. The value is an integer and in the example 10.1.14-h9 the hotfix is '9'. + + + + + The version_string entity is used to check the sw-version raw string output of a PAN-OS XML API request. The value is an string and the example 10.1.14-h9. This is entirely controlled by operator attributes. + + + + + The model_name entity is used to check the model string output of a PAN-OS XML API request. + + + + + + + From ae269f06a3baf9839888d83889cd42daf1f48e39 Mon Sep 17 00:00:00 2001 From: sharathshivalingappa Date: Mon, 1 Jun 2026 19:15:48 +0530 Subject: [PATCH 2/5] Required changes are done. Resolved. --- .../panos-system-characteristics-schema.xsd | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/oval-schemas/panos-system-characteristics-schema.xsd b/oval-schemas/panos-system-characteristics-schema.xsd index 08860ca..3231982 100644 --- a/oval-schemas/panos-system-characteristics-schema.xsd +++ b/oval-schemas/panos-system-characteristics-schema.xsd @@ -69,38 +69,38 @@ - This item stores results from checking the contents of an XML configuration. + The version_item holds information about the version of a PAN-OS system. It is retrieved from the PAN-OS XML API "show system info" response, which contains the sw-version and model fields. - + - + The major_version entity is used to check the major version piece of the version string. The value is an integer and in the example 10.1.14-h9 the major version is '10'. - + The minor_version entity is used to check the minor version piece of the version string. The value is an integer and in the example 10.1.14-h9 the minor version is '1'. - + The release entity is used to check the release piece of the version string. The value is an integer and in the example 10.1.14-h9 the release is '14'. - + The hotfix entity is used to check the hotfix piece of the version string. The value is an integer and in the example 10.1.14-h9 the hotfix is '9'. - + The version_string entity is used to check the sw-version raw string output of a PAN-OS XML API request. The value is an string and the example 10.1.14-h9. This is entirely controlled by operator attributes. - + The model_name entity is used to check the model string output of a PAN-OS XML API request. From e664da14d1c162aed51a9e2338933d0053651218 Mon Sep 17 00:00:00 2001 From: Adam Biggs <99428399+A-Biggs@users.noreply.github.com> Date: Tue, 2 Jun 2026 00:50:01 -0300 Subject: [PATCH 3/5] Update panos-system-characteristics-schema.xsd Updating namespace --- .../panos-system-characteristics-schema.xsd | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/oval-schemas/panos-system-characteristics-schema.xsd b/oval-schemas/panos-system-characteristics-schema.xsd index 3231982..dce216a 100644 --- a/oval-schemas/panos-system-characteristics-schema.xsd +++ b/oval-schemas/panos-system-characteristics-schema.xsd @@ -73,34 +73,34 @@ - + - + The major_version entity is used to check the major version piece of the version string. The value is an integer and in the example 10.1.14-h9 the major version is '10'. - + The minor_version entity is used to check the minor version piece of the version string. The value is an integer and in the example 10.1.14-h9 the minor version is '1'. - + The release entity is used to check the release piece of the version string. The value is an integer and in the example 10.1.14-h9 the release is '14'. - + The hotfix entity is used to check the hotfix piece of the version string. The value is an integer and in the example 10.1.14-h9 the hotfix is '9'. - + The version_string entity is used to check the sw-version raw string output of a PAN-OS XML API request. The value is an string and the example 10.1.14-h9. This is entirely controlled by operator attributes. - + The model_name entity is used to check the model string output of a PAN-OS XML API request. From ac5a6200035ceae2b871e76abb75fbc663b74710 Mon Sep 17 00:00:00 2001 From: Adam Biggs <99428399+A-Biggs@users.noreply.github.com> Date: Tue, 2 Jun 2026 01:25:33 -0300 Subject: [PATCH 4/5] Update panos-system-characteristics-schema.xsd Removing unused namespace declaration --- oval-schemas/panos-system-characteristics-schema.xsd | 1 - 1 file changed, 1 deletion(-) diff --git a/oval-schemas/panos-system-characteristics-schema.xsd b/oval-schemas/panos-system-characteristics-schema.xsd index dce216a..3c633c0 100644 --- a/oval-schemas/panos-system-characteristics-schema.xsd +++ b/oval-schemas/panos-system-characteristics-schema.xsd @@ -1,7 +1,6 @@ From f1515cc108b65c859d8a7c825de5ff160439571f Mon Sep 17 00:00:00 2001 From: Adam Biggs <99428399+A-Biggs@users.noreply.github.com> Date: Tue, 2 Jun 2026 01:26:15 -0300 Subject: [PATCH 5/5] Update panos-definitions-schema.xsd Removing unused namespace declaration --- oval-schemas/panos-definitions-schema.xsd | 1 - 1 file changed, 1 deletion(-) diff --git a/oval-schemas/panos-definitions-schema.xsd b/oval-schemas/panos-definitions-schema.xsd index 28de303..6313561 100644 --- a/oval-schemas/panos-definitions-schema.xsd +++ b/oval-schemas/panos-definitions-schema.xsd @@ -2,7 +2,6 @@