Version 5.6 (Official)
This page provides information on the proposed changes to the OVAL Language. All information about the
new version is included in this centralized location. The major highlights of the release are listed below:
- The pattern match operation may now be used on elements that are restricted to an enumeration.
- Tests may now reference multiple states for more sophisticated state comparisons.
- Introduced a choice structure inside of objects to allow files to be defined by either a path and filename or simply a complete file path.
- Changed the required regular expression syntax from POSIX to Perl 5’s regular expression specification.
- Added numerous Schematron rules to further restrict and enhance the quality of valid OVAL documents.
- Significant documentation improvements were made throughout the OVAL Language schemas. This includes adding detailed deprecation information to the schemas to align with the OVAL Language Deprecation Policy.
- Deprecated the resolve_group behavior on all tests in the Windows component schema except for the sid_sid_test and the sid_test. This change will help to avoid overly resource-intensive searches for Windows trustees.
- New Tests and Component Schemas Added in Version 5.6
- Added the win-def:serviceeffectiverights_test to support checking the rights of services on Windows.
- Added the ind-def:ldap_test to support checking settings via LDAP queries to a directory server.
- Added the aix-def:interim_fix_test to support checking interim or emergency fixes on IBM AIX.
- Added the SharePoint component schema.
- Added a new patch test to the VMware ESX component schema.
For a complete listing of the release contents see the New in Version 5.6 section. More information
about the OVAL Language review process can be found here.
Downloads
Includes downloads for the Version 5.6 Definition Schema, System Characteristics
Schema, Results Schema, and Element Dictionaries.
KEY
Complete Schema - has all documentation embedded and the Schematron mark-up.
Minimal Schema - includes the raw xml schema only.
Schematron - a schema that can provide additional validation of OVAL V5 documents.
Documentation pdf - includes element dictionaries, etc., which users can elect to view in a browser or save.
All files zip - all files zipped together to allow for one simple download.
xsd/sch - a user can either right click to download the file or left click to open the file in their default viewer.
|
New in Version 5.6
Version 5.6 of the Official OVAL Schema is a direct result of feedback from the OVAL Community. This will be a minor version change and may require some new development by tools that support earlier versions of the Language. The changes pending to the different schemas are outlined below. "Open" status means the item is under consideration or being worked upon, "Closed" status means that the item has been incorporated and work on it is completed, and "Suspended" status means that the item will not be included in this version but may be included in a future version.
Items addressed in this version include:
| Status | Item Description |
- closed -- is there a way to allow the pattern match operation on enumerations
- closed -- allow tests to reference multiple states
- closed -- deprecate the SYNCHRONIZE standard access right from the registry tests
- closed -- file_objects need to support splitting complete file filepath into file name and path
- closed -- introduce a choice structure inside of objects
- closed -- add in missing sid_sid_item to the win-sc schema
- closed -- add in missing text entity to the textfilecontent54_state
- closed -- resolve_group behavior documentation needs to specify that the process is recursive
- closed -- clarify arithmetic function documentation related to components with multiple values
- closed -- clarify documentation surrounding the entity_check attribute
- closed -- change patch_number entity in the ESX patch_test from an int to a string
- closed -- clarify that the check attribute only works against matching items
- closed -- clarify the meaning of the datatype attribute related to variables
- closed -- clarify certain file effective rights when dealing with a directory
- closed -- add new deprecation policy data to all schema files
- closed -- add schematron rules to verify that tests in UNIX schema only reference correct objects and states
- closed -- add new values to the win-def:EntityStateSharedResourceTypeType definition
- closed -- remove an extra end bracket in auditeventpolicy_state
- closed -- review and add submitted Sharepoint component schema
- closed -- review new patch test submitted for VMware ESX schema
- closed -- clarify documentation for the c_time and m_time elements of the unix-sc:file_item
- closed -- add Schematron rule to prohibit @var_ref on the ind-def:variable_object/ind-def:var_ref element
- closed -- add keyref to ind-def:variable_object/ind-def:var_ref to ensure that the referenced variable is present
- closed -- schematron rules in UNIX password_state refer to package_state
- closed -- add Schematron rule to verify that a var_ref is supplied whenever a var_check is present
- closed -- deprecate the STYPE_SPECIAL and STYPE_TEMPORARY values in the EntityStateSharedResourceTypeType enumeration
- closed -- clarify what var_check means when comparing multi-valued values
- closed -- correct evaluation chart for oval-sc:FlagEnumeration - wrong chart was copied into the documentation
- closed -- change required regex library for the pattern match operation from POSIX to PCRE
- closed -- clarify that the supported version of xpath is 1.0 on the ind-def:xmlfilecontent_object
- closed -- correct the Schematron rules on the win-def:wuaupdatesearcher_test
- closed -- clarify how substring capturing should work in the oval-def:RegexCaptureFunctionType
- closed -- clarify documentation on all trustee_name / trustee_sid in the windows defintions schema
- closed -- deprecate the resolve_group behavior on all tests except for the sid_sid_test and the sid_test
- closed -- review and add submitted ind-def:ldap_test
- closed -- review and add win-def:serviceeffectiverights_test to support checking the rights of services on windows
- closed -- clarify that the max_depth and recurse_direction file behaviors apply to the path entity
- closed -- clarify the include_group behavior in the windows definitions schema
- closed -- clarify documentation for the ContentEnumeration in the oval-results-schema
- closed -- value_of element in the ind-sc:xmlfilecontent_item should be unbounded
- closed -- add type entity to the unix-def:interface_state and unix-sc:interface_item
- closed -- Modify the win-def:activedirectory_test and ind-def:ldap_test to support data collection for objects that do not have a relative distinguished name component
- closed -- The Schematron rule enforcing the use of the pattern match operation on the ind-def:textfilecontent_object/ind-def:line entity should be restored
- closed -- add behavior to the win-def:wuaupdatesearcher_test to control inclusion/exclusion of superseded updates
- closed -- add aix-def:interim_fix_test to allow testing of interim and emergency fixes
- open -- - Add behaviors to the textfilecontent54_test to control multiline and case sensitivity matching
|
Timeline
| PLANNING |
DRAFT |
RELEASE CANDIDATE |
OFFICIAL |
| 21 January 2009 |
14 May 2009 |
31 July 2009 |
11 September 2009 |
Status Reports
Status updates are included below. You may also review the OVAL Developer’s Forum Archives for discussions about Version 5.6.
[2009-09-11]
Version 5.6 has been officially released. Many thanks to all in the community that helped with this minor release.
[2009-09-01]
Release candidate 3 of Version 5.6 was posted for community review and comment on 1 September 2009. Version 5.6 RC 3 addresses additional documentation issues
related to the supported regular expression syntax in OVAL. These changes have led to the addition of a new set of behaviors on the textfilecontent54_test as well.
[2009-08-24]
Release candidate 2 of Version 5.6 was posted for community review and comment on 24 August 2009. Version 5.6 RC 2 addresses additional documentation and Schematron issues, adds the aix-def:interim_fix-test, adds a new behavior to the win-def:wuaupdatesearcher_object that will allow a definition author to exclude superseded updates, and adds the state_operator into the oval-res:TestType definition.
[2009-08-24]
Release candidate 2 of Version 5.6 was posted for community review and comment on 24 August 2009. Version 5.6 RC 2 addresses additional documentation and schematron issues, adds the aix-def:interim_fix-test, adds a new bahavior to the win-def:wuaupdatesearcher_object that will allow a definition author to exclude superseded updates, and adds the state_operator into the oval-res:TestType definition.
[2009-07-31]
Release candidate 1 of Version 5.6 was posted for community review and comment on 31 July 2009. Version 5.6 RC 1 addresses additional documentation issues, updates the new SharePoint schema, and represents another step towards the official release of Version 5.6.
[2009-07-17]
A third draft of Version 5.6 was posted for community review and comment on 17 July 2009. Version 5.6 draft 3 addresses additional documentation issues, adds a new type entity to the unix-def:interface_state, and represents another step towards the release candidate for version 5.6.
[2009-07-02]
A second draft of Version 5.6 was posted for community review and comment on 2 July 2009. Version 5.6 draft 2 includes the majority of the planned changes for version 5.6.
[2009-05-14]
A first draft of Version 5.6 was posted for community review and comment on 14 May 2009.
[2009-05-07]
A draft of Version 5.6 will be posted for community review and comment on 14 May 2009.
[2009-01-21]
Version 5.6 is currently in the planning stage. If you have any suggestions for changes that should be included, please send them to the OVAL Developer’s Forum.
Page Last Updated: November 08, 2009
|
