diff --git a/oval-schemas/independent-definitions-schema.xsd b/oval-schemas/independent-definitions-schema.xsd
index 0e455b0..67bed97 100644
--- a/oval-schemas/independent-definitions-schema.xsd
+++ b/oval-schemas/independent-definitions-schema.xsd
@@ -1158,6 +1158,18 @@
sql57_item
+
+
+ 5.12
+ Replaced by the sql512_test. The sql512_test removes the connection string and replaces it with 'instance' and 'database' elements. This allows the application to perform any necessary steps to connect, and providing a simple method for content authors to determine which database(s) to query.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED TEST: ID:
+
+
+
@@ -1309,6 +1321,208 @@
+
+
+
+
+
+
+ The sql512 test is used to check information stored in a database. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information.
+ This test should only be performed by the OVAL interpreter if the content is 'trusted', such as being digitally signed by a trusted content author.
+ The OVAL interpeter will provide all authentication capabilities to the SQL DMBS target.
+ The OVAL interpeter will query the target system and find all applicable DBMS instances and databases (refer to sql512 object elements for more information on instances and databases) .
+ Using Microsoft SQL Server as an example, below is sample of what the OVAL intepreter will gather from a target.
+ Target Host: Host1
+ SQL Server Instances:
+ SQLEXPRESS (version 13.0.6450.1 )
+ Databases:
+ master
+ model
+ msdb
+ tempdb
+ userdb1
+ userdb2
+ SQLSERVER (version 16.0.4135.4)
+ Databases:
+ master
+ model
+ msdb
+ tempdb
+ testdb1
+ testdb2
+
+Content can then be created that targets one or more versions, and within those versions, queries could be run against one or more instances and one ore more databases.
+
+
+ sql512_test
+ sql512_object
+ sql512_state
+ sql512_item
+
+
+
+
+
+ - the object child element of a sql512_test must reference a sql512_object
+
+
+ - the state child element of a sql512_test must reference a sql512_state
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sql512_object element is used by a sql512 test to define the specific database and query to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
+
+
+
+
+
+
+
+
+
+ State referenced in filter for '' is of the wrong type.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The engine entity defines the specific database engine to use. Any tool looking to collect information about this object will need to know the engine in order to use the appropriate drivers to establish a connection.
+
+
+
+ - operation attribute for the engine entity of an sql512_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+ The version entity defines the specific version of the database engine to use.
+ The version shall be reported in the format provided by the dbms application, which may differ slightly across dbms products, but should generally be in the foramt of X.Y.Z
+ Below are some examples, but make sure to refer to DBMS system documentation for complete/current methods to determine versions
+ For Microsoft SQL Server, the version can be obtained with 'SELECT SERVERPROPERTY('productversion')'
+ For Oracle DBMS, the version can be obtained with 'SELECT * FROM V$VERSION;'
+ For MySQL and MariaDB, the version can be obtained with 'SELECT version();'
+ Usage of regular expressions is recommended in order to match on a primary version or multiple versions of the dbms.
+
+
+
+
+ The instance entity defines the specific instance name to be used when connecting to the correct database, where instance refers to the running instance of the DMBS software itself. This could be a separate installation of binaries (such as with MS SQL Server), or just a set of running processes used to manage the DBMS.
+ The OVAL interpreter will automatically determine the list of available instances on the target.
+ When a pattern or string is entered, the OVAL interpeter will consider any matching instance as in scope for analysis.
+
+
+
+
+ The database entity defines the specific database name to be used when connecting to the specified instance, where a database is defined as a collection of tables within a DBMS instance.
+ When a pattern or string is entered, the OVAL interpeter will perform the query against any matching databases.
+ If the xsi:nil attribute is set to true, then the OVAL interpreter will perform the query once per instance. This is primarily useful for queries that gather instance configuration settings, such as SQL Servers SERVERPROPERTY data.
+See https://learn.microsoft.com/en-us/sql/t-sql/functions/serverproperty-transact-sql?view=sql-server-ver16
+Example:
+
+SELECT
+SERVERPROPERTY('IsClustered') AS [is_clustered]
+
+
+
+
+
+ The sql entity defines a query used to identify the object(s) to test against. Any valid SQL query is usable with one exception, all fields must be named in the SELECT portion of the query. For example, SELECT name, number FROM ... is valid. However, SELECT * FROM ... is not valid. This is because the record element in the state and item require a unique field name value to ensure that any query results can be evaluated consistently. If the xsi:nil attribute is set to true, then no query is executed and only the existance of the specified instance and database will be considered.
+
+
+
+ - operation attribute for the sql entity of an sql512_object should be 'equals', note that this overrules the general operation attribute validation (i.e. follow this one)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The sql512_state element contains two entities that are used to check the name of the specified field and the value associated with it.
+
+
+
+
+
+
+
+ The engine entity defines a specific database engine.
+
+
+
+
+ The version entity defines a specific version of a given database engine.
+
+
+
+
+ The instance entity defines the specific instance name to be used when connecting to the correct database.
+
+
+
+
+ The database entity defines the specific database name to be used when connecting to the specified instance.
+
+
+
+
+ the sql entity defines a query used to identify the object(s) to test against.
+
+
+
+
+ The result entity specifies how to test objects in the result set of the specified SQL statement.
+
+
+
+ - datatype attribute for the result entity of a sql512_state must be 'record'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/oval-schemas/independent-system-characteristics-schema.xsd b/oval-schemas/independent-system-characteristics-schema.xsd
index 0d279a9..298878a 100644
--- a/oval-schemas/independent-system-characteristics-schema.xsd
+++ b/oval-schemas/independent-system-characteristics-schema.xsd
@@ -384,7 +384,20 @@
The sql57_item outlines information collected from a database via an SQL query.
+
+
+ 5.12
+ Replaced by the sql512_item.
+ This object has been deprecated and may be removed in a future version of the language.
+
+
+
+ DEPRECATED ITEM: ID:
+
+
+
+
@@ -426,6 +439,59 @@
+
+
+
+
+
+ The sql512_item outlines information collected from a database via an SQL query.
+
+
+
+
+
+
+
+ The engine entity identifies the specific database engine used to connect to the database.
+
+
+
+
+ The version entity identifies the version of the database engine used to connect to the database.
+
+
+
+
+ The instance entity defines the specific instance name to be used when connecting to the correct database.
+
+
+
+
+ The database entity defines the specific database name to be used when connecting to the specified instance.
+
+
+
+
+ The sql entity holds the specific query used to identify the object(s) in the database.
+
+
+
+
+ The result entity holds the results of the specified SQL statement.
+
+
+
+ - datatype attribute for the result entity of a sql512_item must be 'record'
+
+
+
+
+
+
+
+
+
+