Document toolboxDocument toolbox

Using the Raw XML Editor

Owned by Viktoryia Varapayeva (Deactivated)
Last updated: Aug 23, 2022
2 min read

The Raw XML editor enables the creation of more sophisticated Rule logic than is possible through other Editor types such as the Simple Rule Editor.
Effective use of the Raw XML editor requires some basic programming knowledge, particularly for the XML language. You write Raw XML rules in a procedural programming language dubbed ScriptXML. In Script XML, all Raw XML policy rules consist of an XML tree with a root <PolicyRuleLogic> element:

<PolicyRuleLogic editor='raw-xml'>
   <next_element.../>

Several examples are given in the sections Using List Searches and Using Configuration Block Checks.
The root PolicyRuleLogic element is considered a statement block, with all of its child elements representing statements. Each statement has a result value; the result value of the PolicyRuleLogic statement block is either the value of an executed Return statement, or the value of the last executed statement in the block.
The value returned by a root PolicyRuleLogic element must be either a <PolicyRulePass> or <PolicyRuleFail> element. These are the two possible values output by any policy rule.
Raw XML rules are primarily used for configuration file checks, and can contain numerous elements such as complex regular expressions, objects, variables and flow control directives. We describe all of these elements in this section.
An example listed below shows the basic <PolicyRuleLogic> element in a definition that will always match:

<PolicyRuleLogic editor='raw-xml'>
  <PolicyRulePass/>
</PolicyRuleLogic>

A second <PolicyRuleLogic> element example matches all devices named "foo:

<PolicyRuleLogic editor='raw-xml'>
  <If>
   <Expr op='=='>
      <Expr field='DeviceName'/>
     <Expr value='foo'/>
   </Expr>
   <Then>
     <PolicyRulePass/>
   </Then>
   <Else>
     <PolicyRuleFail/>
   </Else>
  </If>
</PolicyRuleLogic>

Note the use of subordinate elements <if>-<then>-<else> and <Expr op>.

Several elements are defined as expression types, including <ConfigBlockCheck>, <ListSearch>, <Expr>, <ConfigFileCheck> and <CPDCheck>.

If a global variable _message is set at the time of a PolicyRulePass or PolicyRuleFail that does not define a message, then that value will be used as the rule message.