The following is a description of the elements, types, and attributes that compose the tests found in Open Vulnerability and Assessment Language (OVAL) that are independent of a specific piece of software. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
The OVAL Schema is maintained by The Mitre Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
Independent Definition
5.1
6 November 2006
schematron validation of the Independent portion of an OVAL Definitions file
The family_test element is used to check the family a certain system belongs to. This test basically allows the high level system types (window, unix, ios, etc.) to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a family_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a family_test must reference a family_object
- the state child element of a family_test must reference a family_state
The family_object element is used by a family test to define those objects to evaluate based on a specified state. There is actually only one object relating to family and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check the family will reference the same family_object which is basically an empty object element.
The family_state element contains a single entity that is used to check the family associated with the system. The family is a high-level classification of system types.
This element describes the high-level system OS type to test against. Please refer to the definition of the EntityFamilyType for more information about the possible values..
- datatype attribute for the family entity of a family_state should be 'string'
- operation attribute for the family entity of a family_state should be 'equals', 'not equal', or 'pattern match'
The file md5 test is used to check the md5 associated with a specified file. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a filemd5_object and the optional state element specifies the md5 to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a filemd5_test must reference a filemd5_object
- the state child element of a filemd5_test must reference a filemd5_state
The filemd5_object element is used by a file test to define the specific file(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
A file object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the Filemd5Behaviors complex type for more information about specific behaviors.
The path element specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a filemd5_object should be 'string'
- operation attribute for the path entity of a filemd5_object should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file. If the nillable attribute is set to true, then the object being specified is the higher level path. In this case, the filename element should not be collected or used in analysis. Setting nil equal to true is different than using a .* pattern match, says to collect every file under a given path.
- datatype attribute for the filename entity of a filemd5_object should be 'string'
- operation attribute for the filename entity of a filemd5_object should be 'equals', 'not equal', or 'pattern match'
The filemd5_state element contains entities that are used to check the file path, name, and the md5 associated with a specific file.
The path element specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a filemd5_state should be 'string'
- operation attribute for the path entity of a filemd5_state should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a filemd5_state should be 'string'
- operation attribute for the filename entity of a filemd5_state should be 'equals', 'not equal', or 'pattern match'
The md5 element is the md5 hash of the file.
- datatype attribute for the md5 entity of a filemd5_state should be 'string'
- operation attribute for the md5 entity of a filemd5_state should be 'equals', 'not equal', or 'pattern match'
The Filemd5Behaviors complex type defines a number of behaviors that allow a more detailed definition of the filemd5_object being specified.
'max_depth' defines how many directories to recurse when a recures direction is specified. The default value is '-1' meaning no limitation. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on.
'recurse_direction' defines the direction to recurse, either 'up' to parent directories, or 'down' into child directories. The default value is 'none' for no recursion.
The environmentvariable_test element is used to check an environment variable found on the system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a environmentvariable_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of an environmentvariable_test must reference a environmentvariable_object
- the state child element of an environmentvariable_test must reference a environmentvariable_state
The environmentvariable_object element is used by an environment variable test to define the specific environment variable(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
This element describes the name of an environment variable.
- datatype attribute for the name entity of an environmentvariable_object should be 'string'
- operation attribute for the name entity of an environmentvariable_object should be 'equals', 'not equal', or 'pattern match'
The environmentvariable_state element contains two entities that are used to check the name of the specified environment varible and the value associated with it.
This element describes the name of an environment variable.
- datatype attribute for the name entity of an environmentvariable_state should be 'string'
- operation attribute for the name entity of an environmentvariable_state should be 'equals', 'not equal', or 'pattern match'
The actual value of the specified environment variable.
- the supplied operation attribute for the value entity of an environmentvariable_state is not valid given a datatype of ''
The textfilecontent_test element is used to check the contents of a text file (aka a configuration file) by looking at individual lines. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a textfilecontent_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a textfilecontent_test must reference a textfilecontent_object
- the state child element of a textfilecontent_test must reference a textfilecontent_state
The textfilecontent_object element is used by a text file content test to define the specific line(s) of a file(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
Specifies the absolute path to a file on the machine, not including the filename.
- datatype attribute for the path entity of a textfilecontent_object should be 'string'
- operation attribute for the path entity of a textfilecontent_object should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a textfilecontent_object should be 'string'
- operation attribute for the filename entity of a textfilecontent_object should be 'equals', 'not equal', or 'pattern match'
The line element represents a line in the file and is represented using a regular expression.
- datatype attribute for the line entity of a textfilecontent_object should be 'string'
- operation attribute for the line entity of a textfilecontent_object should be 'pattern match'
The textfilecontent_state element contains entities that are used to check the file path and name, as well as the line in question and the value of the specific subexpression.
Specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a textfilecontent_state should be 'string'
- operation attribute for the path entity of a textfilecontent_state should be 'equals', 'not equal', or 'pattern match'
The name of the file.
- datatype attribute for the filename entity of a textfilecontent_state should be 'string'
- operation attribute for the filename entity of a textfilecontent_state should be 'equals', 'not equal', or 'pattern match'
The line element represents a line in the file that was collected.
- datatype attribute for the line entity of a textfilecontent_state should be 'string'
- operation attribute for the line entity of a textfilecontent_state should be 'equals', or 'not equal'
Each subexpression in the regular expression of the line element is then tested against the value specified in the subexpression element.
- the supplied operation attribute for the subexpression entity of a textfilecontent_state is not valid given a datatype of ''
The TextfilecontentBehaviors complex type defines a number of behaviors that allow a more detailed definition of the textfilecontentBehaviors_object being specified.
'max_depth' defines how many directories to recurse when a recures direction is specified. The default value is '-1' meaning no limitation. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on.
'recurse_direction' defines the direction to recurse, either 'up' to parent directories, or 'down' into child directories. The default value is 'none' for no recursion.
An unknown test acts as a placeholder for tests whose implementation is unknown. Any information that is known about the test should be held in the notes child element that is available through the extension of the abstract test element. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. Note that for an unknown test, the required check attribute that is part of the extended TestType should be ignored during evaluation and hence can be set to any valid value.
The variable test allows the value of a variable to be compared to a defined value. As an example one might use this test to validate that a variable being passed in from an external source falls within a specified range. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a variable_object and the optional state element specifies the value to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a variable_test must reference a variable_object
- the state child element of a variable_test must reference a variable_state
The id of the variable you want.
- datatype attribute for the var_ref entity of a variable_object should be 'string'
- operation attribute for the var_ref entity of a variable_object should be 'equals', 'not equal', or 'pattern match'
The variable_state element contains two entities that are used to check the var_ref of the specified varible and the value associated with it.
The id of the variable.
- datatype attribute for the var_ref entity of a variable_state should be 'string'
- operation attribute for the var_ref entity of a variable_state should be 'equals', 'not equal', or 'pattern match'
The value of the variable.
- the supplied operation attribute for the value entity of a variable_state is not valid given a datatype of ''
The xmlfilecontent_test element is used to explore the contents of an xml file. This test basically allows specific pieces of an xml document specified using xpath to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a family_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a xmlfilecontent_test must reference a xmlfilecontent_object
- the state child element of a xmlfilecontent_test must reference a xmlfilecontent_state
The xmlfilecontent_object element is used by a xml file content test to define the specific piece of an xml file(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
Specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a xmlfilecontent_object should be 'string'
- operation attribute for the path entity of a xmlfilecontent_object should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a xmlfilecontent_object should be 'string'
- operation attribute for the filename entity of a xmlfilecontent_object should be 'equals', 'not equal', or 'pattern match'
Specifies an Xpath expression describing the nodes to look at. The only valid operator for xpath is equals since there is an infinite number of possible xpaths and determinining all those that do not equal a give xpath would be impossible.
- datatype attribute for the xpath entity of a xmlfilecontent_object should be 'string'
- operation attribute for the xpath entity of a xmlfilecontent_object should be 'equals'
The xmlfilecontent_state element contains entities that are used to check the file path and name, as well as the xpath used and the value of the this xpath.
Specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a xmlfilecontent_state should be 'string'
- operation attribute for the path entity of a xmlfilecontent_state should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a xmlfilecontent_state should be 'string'
- operation attribute for the filename entity of a xmlfilecontent_state should be 'equals', 'not equal', or 'pattern match'
Specifies an Xpath expression describing the nodes to look at.
- datatype attribute for the xpath entity of a xmlfilecontent_state should be 'string'
- operation attribute for the xpath entity of a xmlfilecontent_state should be 'equals', or 'not equal'
The value element checks the value of the nodes found.
- datatype attribute for the value_of entity of a xmlfilecontent_state should be 'string'
- operation attribute for the value_of entity of a xmlfilecontent_state should be 'equals', 'not equal', or 'pattern match'
The XmlfilecontentBehaviors complex type defines a number of behaviors that allow a more detailed definition of the xmlfilecontentBehaviors_object being specified.
'max_depth' defines how many directories to recurse when a recures direction is specified. The default value is '-1' meaning no limitation. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on.
'recurse_direction' defines the direction to recurse, either 'up' to parent directories, or 'down' into child directories. The default value is 'none' for no recursion.
The EntityStateFamilyType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a high-level family of system operating system. The empty string is also allowed to support empty emlement associated with variable references.
The EntityObjectVariableRefType complex type defines a string object entity that has a valid OVAL variable id as the value. The empty string is also allowed to support empty emlement associated with variable references.
The EntityStateVariableRefType complex type defines a string state entity that has a valid OVAL variable id as the value. The empty string is also allowed to support empty emlement associated with variable references.