Search code examples
javaxmlxpathjaxbveracode

XSD "property already defined"

I'm trying to use jaxb to compile some Veracode provided .xsd files

the "detailedreport.xsd" is throwing this error:

[ERROR] Property "Vulnerabilities" is already defined. Use <jaxb:property> to resolve this conflict.
  line 930 of file:detailedreport.xsd

[ERROR] The following location is relevant to the above error
  line 936 of detailedreport.xsd

when I look at the XSD file, I see that Vulnerabilities is both an attr and a type:

    <xs:complexType name="Component">
        <xs:annotation>
            <xs:documentation>
                The element describe the details of vulnerable component.
                * file_paths: File paths of the component.
   ----->       * vulnerabilities : Vulnerabilities of the component.
                * violated_policy_rules: Violated policy rules of the component.
                * component_id: The id of the component.
                * file_name: File name of the component.
   ----->       * vulnerabilities: Number of vulnerabilities available in the component.
                * max_cvss_score: Max cvss_score of the component.
                * library: Library name of the component.
                * version: Version of the component.
                * vendor: Vendor name of the component.
                * description: Description about component.
                * blacklisted: Component's blacklisted status.
                * new: Component added newly.
                * added_date: Component's added_date.
                * component_affects_policy_compliance: COmponent's policy violation status.
                * licenses: Contains license details of the component.
            </xs:documentation>
        </xs:annotation>
        <xs:sequence>
            <xs:element name="file_paths" minOccurs="0" maxOccurs="1" type="tns:FilePathList"/>
            <xs:element name="licenses" minOccurs="0" maxOccurs="1" type="tns:LicenseList"/>
----->      <xs:element name="vulnerabilities" minOccurs="0" maxOccurs="1" type="tns:VulnerabilityList" />
            <xs:element name="violated_policy_rules" minOccurs="0" maxOccurs="1" type="tns:ViolatedRuleList" />
        </xs:sequence>
        <xs:attribute name="component_id" type="xs:string" use="required"/>
        <xs:attribute name="file_name" type="xs:string" use="required"/>
        <xs:attribute name="sha1" type="xs:string" use="required"/>
----->  <xs:attribute name="vulnerabilities" type="xs:integer" use="required"/>
        <xs:attribute name="max_cvss_score" type="xs:string" use="required"/>
        <xs:attribute name="library" type="xs:string" use="required"/>
        <xs:attribute name="version" type="xs:string" use="required"/>
        <xs:attribute name="vendor" type="xs:string" use="required"/>
        <xs:attribute name="description" type="xs:string" use="required"/>
        <xs:attribute name="blacklisted" type="xs:string"/>
        <xs:attribute name="new" type="xs:string"/>
        <xs:attribute name="added_date" type="xs:string"/>
        <xs:attribute name="component_affects_policy_compliance" type="xs:string"/>
    </xs:complexType>

here's the xsd they publish: https://analysiscenter.veracode.com/resource/detailedreport.xsd

from what I can figure out, I need to create a detailedreport.xjb file and (as the output states) setup a <jaxb:property> to convert the vulnerabilities integer attribute into something like vulnerabilityCount.

I created detailedreport.xjb:

<?xml version="1.0" encoding="UTF-8"?>
<jaxb:bindings xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:jaxb="http://java.sun.com/xml/ns/jaxb">
    <!-- Used to avoid the duplicate element/attribute name conflict -->
    <jaxb:bindings node="//xsd:attribute[@name='vulnerabilities']">
        <jaxb:property name="vulnerabilityCount"/>
    </jaxb:bindings>
</jaxb:bindings>

but my xpath is wrong:

[ERROR] XPath evaluation of "//xsd:attribute[@name='vulnerabilities']" results in empty target node
  line 10 of file: detailedreport.xjb
  1. am I even on the right path
  2. any xpath help is appreciated
Solution

  • One more bindins element referencing schema location should be provided:

    <jxb:bindings
    xmlns:xs="http://www.w3.org/2001/XMLSchema"
    xmlns:jxb="http://java.sun.com/xml/ns/jaxb"
    version="2.1"
    xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"
    jxb:extensionBindingPrefixes="xjc"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemalocation="http://java.sun.com/xml/ns/jaxb 
    http://java.sun.com/xml/ns/jaxb"
>

    <jxb:bindings schemaLocation="PATH_TO_THE_SCHEMA" node="/xs:schema">
        <jxb:bindings node="//xs:attribute[@name='vulnerabilities']">
            <jxb:property name="vulnerabilityCount"/>
        </jxb:bindings>
    </jxb:bindings>

</jxb:bindings>

    Path can be relative to xjb file, e.g.: schemaLocation="../detailedreport.xsd"