OVAL Language Sandbox

The OVAL Language Sandbox, hosted on GitHub.com, provides a collaborative environment for the community to propose and develop experimental capabilities for the OVAL Language. The OVAL Language Sandbox will allow the community to fully investigate and implement new capabilities before including them in an official release ensuring that only mature and implementable constructs are added to the OVAL Language. It will also allow the effort to evolve and keep up with new and emerging technologies.

Benefits of using the OVAL Language Sandbox:

• Improve the quality of OVAL Language releases.
• Provide a common space for the community to develop and share new OVAL constructs.
• Allow for experimentation independent of OVAL Language releases.
• Provide a venue for sharing emerging capabilities without needing to wait for an official OVAL Language release.

Sandbox Development Process

The Sandbox Development Process describes the steps to develop new experimental capabilities in the OVAL Language Sandbox.

Initiating Sandbox Development

1. Introduce the new experimental capability to the community. This can be done by sending a message to the oval-developer-list with the following information.
   1. Create a title that describes the capability (e.g., macos-def:pkgutil_test).
   2. Provide a description of the new capability:
      • What is the new capability?
      • Why is the new capability needed?
      • What is the targeted OVAL Language release?
      • Issue tracker item number if one has been created.

      It is also encouraged that you add a new issue tracker item for the experimental capability with the same information as above.

2. Make a request to the OVAL Moderator to add or make changes to the experimental schemas. New schema files should conform to the Sandbox conventions and their constructs should follow the accepted design and naming conventions. If any other documents (notes, content, etc.) are provided, they will be stored in a directory in the /resources directory that follows the same naming convention of the schemas (e.g., x-macos-pkgutil). Requests can be made in one of the following ways.
   1. Fork the OVAL Language Sandbox, make any desired changes, and send a pull request.
   2. Send a message to the oval-developer-list. This message should include a brief description of the new capability that will be developed and any changes or additions that should be made to the schemas. Actual schema files that contain the new capabilities are strongly encouraged.
3. The changes will be reviewed by the OVAL Moderator and incorporated into the OVAL Language Sandbox for further review, development, and discussion by the community. The OVAL Moderator will alert the community, over the oval-developer-list, when the OVAL Language Sandbox has been updated.

Developing Experimental Capabilities in the OVAL Language Sandbox

1. If additional changes are needed, they should be requested by either sending a pull request with any changes to the OVAL Language Sandbox or by sending a follow up message to oval-developer-list.
   1. The tracker item for the capability should be updated to note any changes to the capability.
2. As new information is discovered while implementing an experimental capability, it should be captured and stored in the corresponding directory in the /resources directory. It should also be posted to the oval-developer-list for community awareness and discussion. The issue tracker item should also be updated to mention that this information was added.
3. If sample content is created to utilize a new experimental capability, it should be captured and stored in the appropriate directory in the /resources directory. It should also be posted to the oval-developer-list for review and discussion. The issue tracker item should also be updated to mention that this information was added.
4. The experimental capability should be implemented.
   1. Branches can be created in the OVAL Interpreter project to allow the community to develop experimental capabilities.
   2. Sample code may be submitted to the community (e.g., code that collects the information needed for an experimental OVAL Item). Any sample code submitted to the community should be stored in the appropriate directory in the /resources directory.
5. If a tool can process the sample content, the OVAL Results should be posted to the oval-developer-list to demonstrate that the capability was successfully implemented. The OVAL Results should be stored in the appropriate directory in the /resources directory.

Ending Sandbox Development

The development of an experimental capability in the OVAL Language Sandbox may end because the capability has been matured and is ready for migration into an official release of the OVAL Language. In this case, the instructions in the Sandbox Migration Process section should be followed. The development of a capability may also end because its implementation is deemed infeasible or the capability is no longer needed. In this case, the issue tracker item can be closed out.

Sandbox Migration Process

The Sandbox Migration Process describes the steps required to transition an experimental capability into an official release of the OVAL Language.

Prepare the Proposal

1. Schema changes must follow accepted naming and design conventions.
2. New capabilities must satisfy the requirements specified in Requesting Changes for the OVAL Language.
3. New capabilities must be successfully implemented and tested with sample content.
4. Schema changes must align with the targeted release (e.g., changes that break backward compatibility must not target a minor release).

Initiate the Migration

1. Make a request to the OVAL Moderator to move the capability from the OVAL Language Sandbox to an official OVAL Language release. This may be done by adding a comment to the corresponding issue tracker item or by sending a message to the oval-developer-list.

   The request should include a proposal for the new capability, which includes the following:

   • Justification for the move from the sandbox to an official OVAL Language release.
   • Targeted OVAL Language release for including the capability.
   • Location of the changes in the sandbox (e.g., which schemas).
   • Additional documentation and references that may be used to verify the proposal.
   • OVAL Results from running sample OVAL content.

Approval of the Migration

1. The OVAL Moderator will review and verify the proposal for the information described in the Prepare the Proposal section.
2. Upon successful review, through consensus and consultation with the community, it will be determined if the capability is ready to be incorporated in an official release of the OVAL Language.
3. If approved, the changes will be included in the targeted official OVAL Language release. Otherwise, the changes will remain in the OVAL Language Sandbox.

Play in the Sandbox

The OVAL Language Sandbox, which is hosted on GitHub.com, includes the following:

• Issue Tracking — enter and track bugs, bug fixes, and new feature requests
• File Distribution — for all OVAL Language Sandbox downloads
• Git Repository — anonymous, read-only access
• Wiki — the primary source for information about the OVAL Language Sandbox
• oval-developer-list — for all OVAL Language Sandbox-related help requests

Go to the OVAL Language Sandbox on GitHub.

Page Last Updated: April 03, 2012