Version 5.6 (Archived)

This page provides information on the proposed changes to the OVAL Language. All information about the new version is included in this centralized location. The major highlights of the release are listed below:

  • The pattern match operation may now be used on elements that are restricted to an enumeration.
  • Tests may now reference multiple states for more sophisticated state comparisons.
  • Introduced a choice structure inside of objects to allow files to be defined by either a path and filename or simply a complete file path.
  • Changed the required regular expression syntax from POSIX to Perl 5’s regular expression specification.
  • Added numerous Schematron rules to further restrict and enhance the quality of valid OVAL documents.
  • Significant documentation improvements were made throughout the OVAL Language schemas. This includes adding detailed deprecation information to the schemas to align with the OVAL Language Deprecation Policy.
  • Deprecated the resolve_group behavior on all tests in the Windows component schema except for the sid_sid_test and the sid_test. This change will help to avoid overly resource-intensive searches for Windows trustees.
  • New Tests and Component Schemas Added in Version 5.6
    • Added the win-def:serviceeffectiverights_test to support checking the rights of services on Windows.
    • Added the ind-def:ldap_test to support checking settings via LDAP queries to a directory server.
    • Added the aix-def:interim_fix_test to support checking interim or emergency fixes on IBM AIX.
    • Added the SharePoint component schema.
    • Added a new patch test to the VMware ESX component schema.

For a complete listing of the release contents see the New in Version 5.6 section. A complete listing of the tests available in this release can be found here. More information about the OVAL Language review process can be found here.

Back to top

Downloads

Includes downloads for the Version 5.6 Definition Schema, System Characteristics Schema, Results Schema, and Element Dictionaries.

KEY
Complete Schema - has all documentation embedded and the Schematron mark-up.
Minimal Schema - includes the raw xml schema only.
Schematron - a schema that can provide additional validation of OVAL V5 documents.
Documentation pdf - includes element dictionaries, etc., which users can elect to view in a browser or save.
All files zip - all files zipped together to allow for one simple download.
xsd/sch - a user can either right click to download the file or left click to open the file in their default viewer.

OVAL Definition Schema Downloads

File Name Complete Schema Minimal Schema Documentation Schematron Deprecation Listing
All Files zip zip zip zip | sch -
Core xsd xsd html - -
Common xsd xsd html - html
Independent xsd xsd html - html
Apache xsd xsd html - html
Apple Macintosh xsd xsd html - -
Cisco CatOS xsd xsd html - html
Cisco IOS xsd xsd html - html
Cisco PixOS xsd xsd html - -
FreeBSD xsd xsd html - -
HP-UX xsd xsd html - html
IBM AIX xsd xsd html - -
Linux xsd xsd html - -
Microsoft Windows xsd xsd html - html
SharePoint xsd xsd html - -
Sun Solaris xsd xsd html - html
UNIX xsd xsd html - html
Vmware ESX xsd xsd html - html
 
 

OVAL System Characteristics Schema Downloads

File Name Complete Schema Minimal Schema Documentation Schematron Deprecation Listing
All Files zip zip zip zip | sch -
Core xsd xsd html - -
Common xsd xsd html - html
Independent xsd xsd html - html
Apache xsd xsd html - html
Apple Macintosh xsd xsd html - -
Cisco CatOS xsd xsd html - html
Cisco IOS xsd xsd html - html
Cisco PixOS xsd xsd html - -
FreeBSD xsd xsd html - -
HP-UX xsd xsd html - -
IBM AIX xsd xsd html - -
Linux xsd xsd html - -
Microsoft Windows xsd xsd html - html
SharePoint xsd xsd html - -
Sun Solaris xsd xsd html - -
UNIX xsd xsd html - -
Vmware ESX xsd xsd html - html
 

OVAL Results Schema Downloads

File Name Complete Schema Minimal Schema Documentation Schematron Deprecation Listing
All Files zip zip zip zip | sch -
Core xsd xsd html - -
Common xsd xsd html - html
 

OVAL Variables Schema Downloads

File Name Complete Schema Minimal Schema Documentation Schematron Deprecation Listing
All Files zip zip zip zip | sch -
Core xsd xsd html - -
Common xsd xsd html - html
 

Example XML Stylesheets

File Name Description
results_to_html.xsl The results_to_html stylesheet converts an OVAL Results document into a more readable html format.
minimal_schema.xsl The minimal_schema stylesheet removes all annotation elements from the OVAL Schema leaving only the minimal schema.
element_dictionary.xsl The element_dictionary stylesheet creates documentation files from the OVAL Schema.
reference_mapping.xsl The reference_mapping stylesheet creates a map between each OVAL Definition in a document and a specified reference source.
Back to top

New in Version 5.6

Version 5.6 of the Official OVAL Schema is a direct result of feedback from the OVAL Community. This will be a minor version change and may require some new development by tools that support earlier versions of the Language. The changes pending to the different schemas are outlined below. "Open" status means the item is under consideration or being worked upon, "Closed" status means that the item has been incorporated and work on it is completed, and "Suspended" status means that the item will not be included in this version but may be included in a future version.

Items addressed in this version include:

ID Title Status Date Opened Resolution
19800 clarify what var_check means when comparing multi-valued values Closed 2009-05-20 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2009-07-02 20:28:50
Details:
This is with regards to the var_check attribute of the EntityStateBaseType type in the oval definitions schema.  The example given in the documentation describes a single-valued "size" which is compared against a multi-valued variable.  The documentation should also describe behavior for multi-value to multi-value comparisons.
Follow-ups:
n/a
4507 is there a way to allow the pattern match operation on enumerations Closed 2005-01-20 Fixed
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-06-24 17:08:56
Details:
With version 4 of the schema, you can not perform a pattern match operation in a field bound by an enumeration.  This is because the pattern that is entered is not part of the enumeration and will cause validation to fail.
Follow-ups:
Date Added: 2005-01-28 20:00:37
Logged In: YES user_id=29178 This is also a problem for component and version datatypes, as well as non-string datatypes like int.

Date Added: 2008-10-21 16:23:48
Maybe we could use schematron validation to enforce the enumeration instead of XSD schema. This would allow us to make a judgement call base on the operation attribute. If it is patter match, then allow any string. If it is string, then enforce the enumeration.

Date Added: 2009-05-11 15:35:19
Consider leveraging variables to support this. NIST published FDCC content that used a var_ref on an entity bound by an enumeration. They specified a pattern match as the operator. The referenced variable held a regex that identifies several values. Another option would be to use the var_ref and refer to a variable that held a list of values. This would allow an author to specify the full set of values without a regex. The author would need to consider the var_check attr.

Date Added: 2009-06-10 18:10:01
As a result of the discussion at the Security Automation Conference, it has been decided that we will keep the pattern match work-around with enumerations in the OVAL Language and simply update the documentation to explicitly state this work-around as a feature. The driving force behind keeping this work-around is that removing it would invalidate a lot of existing content. It has also been recommended that any regular expression specified as a result of this work-around should be anchored to ensure that the pattern must match the entire string.

Date Added: 2009-06-10 23:07:46
let's put the documentation update at a fairly high level in the schema. Perhaps we can document this once on the base entity types? Something like "note that when an entity is restricted to an enumerated value any usage of pattern matches and variables must be careful to ensure the the regular expression and variable values align with the enumerated values."

10881 allow tests to reference multiple states Closed 2007-02-19 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2009-06-30 22:50:59
Details:
There is a need to be able to test a specific object against multiple states.  For example, assume that the object specifies a number of registry keys and we want to test that there exists at least one key with a given name/value AND within that key, some other name/value is set.

The problem with the current schema is that if you are using a pattern match in the declaration of the object, then you can't check that two different name values are both set under the same individual key.

Another example would be looking at directories.  We want to test that there exists a directory that has two specific files.  Currently we can check that one of the files exists in a directory and that the other file exists in a directory, but not that both files exist in the same directory.

What we need to allow each test to contain multiple states.  We will also need a new state_check attribute to guide how the different states are evaluated.
Follow-ups:
Date Added: 2009-05-11 15:49:19
see this message from the developer list also asking for this capability. From: Ken Lassesen [mailto:ken.lassesen@LUMENSION.COM] Sent: Monday, August 11, 2008 10:41 AM To: oval-developer-list OVAL Developer List/Closed Public Discussion Subject: [OVAL-DEVELOPER-LIST] Random thought for 5.5 or 6.0 The existing pattern is <test <object <state </test I was wondering if it makes sense to support <test <object <state <state <state <state </test I'm in the midst of creating contents dealing with ports (as most of you could guest), for example, a definition that checks if a secure protocol is being used. This is an enumeration of specific disjoint ports, so it's end up being one test per port (i.e. port_state) and at the highest level, a massive OR. I'm fine with that, but the above pattern would cut the volume of XML significantly.

11072 deprecate the SYNCHRONIZE standard access right from the registry tests Closed 2007-03-10 Fixed
Priority: High | Category: n/a | Date Closed: 2009-07-01 14:44:37
Details:
http://msdn2.microsoft.com/en-us/library/ms724878.aspx

 

Quote “Registry keys do not support the SYNCHRONIZE standard access right.”

 

It looks like this right should be removed from a future version of the test.



I believe ‘synchronize’ rights refers to an ability to work offline, and to synchronize files and folders once reconnected to the network.  Does this setting apply to registry keys?
Follow-ups:
Date Added: 2009-05-04 13:53:21
For version 5.6 let's make sure we deprecate the SYNCHRONIZE value.

Date Added: 2009-05-11 15:39:41
if the description is correct let's deprecate the entity in version 5.6 draft 2

Date Added: 2009-05-12 20:43:40
Danny, can you track down deprecating this item in the next draft of version 5.6

12789 introduce a choice structure inside of objects Closed 2007-08-14 Fixed
Priority: High | Category: n/a | Date Closed: 2009-06-30 20:46:53
Details:
Introduce a choice structure in the object that would allow for the choice of entities to use when describing the object.  This has come up in regards to the trustee_name and trustee_sid.
Follow-ups:
Date Added: 2007-12-27 01:36:11
the <user_test> also needs to have this fix applied to it.

Date Added: 2008-11-11 19:15:32
summary of issue with a proposed fix has been sent to the oval dev list.

Date Added: 2009-06-30 20:46:53
added to files for now. considering registry keys next

17371 add in missing sid_sid_item to the win-sc schema Closed 2008-10-01 n/a
Priority: High | Category: System Characteristics Schemas | Date Closed: 2009-05-12 21:46:52
Details:
The windows SC schema is missing the <sid_sid_item>.
Follow-ups:
n/a
17372 add in missing text entity to the textfilecontent54_state Closed 2008-10-01 n/a
Priority: High | Category: Definition Schemas | Date Closed: 2009-05-12 21:47:13
Details:
The <text> entity is missing in the textfilecontent54_state.  The entity is found in the SC item.  This entity is needed so tools can test against the text that was matched.  For example, if your pattern matches 3 blocks of text within a file, you may need to distinguish which text block to look at.
Follow-ups:
n/a
17604 clarify arithmetic function documentation related to components with multiple values Closed 2008-10-22 n/a
Priority: Low | Category: Definition Schemas | Date Closed: 2009-05-14 18:33:38
Details:
Hi,

Can I get a little clarification on this statement from the spec (regarding the Arithmetic function)?

“The arithmetic function takes two or more integer or float components and performs a basic mathmetical function on them.  The result of this function in a single integer or float.”

If any of the components are multi-valued, the result will be multiple integers or floats, correct? 

Thanks,
Ken Simone
Follow-ups:
n/a
17868 clarify documentation surrounding the entity_check attribute Closed 2008-11-11 n/a
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-05-14 18:33:01
Details:
The current documentation about the entity_check attribute is confusing.  We need to enhance it to make the purpose of the attribute more clear.
Follow-ups:
Date Added: 2008-11-11 17:14:57
The optional entity_check attribute specifies how to handle entities with multiple instances in the system characteristics file. For example, suppose we are dealing with a Group Test and an entity in the state is related to the users. It is very likely that when information about the group is collected off the system (and represented in the OVAL System Characteristics file) that there will be multiple values associated with the user entity. If the OVAL State defines the value of the user entity to 'equal to Fred', then the entity_check attribute determines if all values must be equal to Fred, or at least one value must be equal to Fred, etc. Note that with the exception of the none_satisfy check value, the entity_check attribute can only affect the result of the test if the entity in the corresponding OVAL Item allows more than one occurrence.

17883 change patch_number entity in the ESX patch_test from an int to a string Closed 2008-11-14 n/a
Priority: Medium | Category: n/a | Date Closed: 2009-05-14 18:32:59
Details:
Many of the security bulletins for VMWARE ESX Server contain non-numerical characters in the patche numbers for vulnerabilities.  We would like to update the schema to reflect this.  The patch_object and patch_state datatypes should be changed from 'int' to 'string'.  (Micheal Wood - HP)
Follow-ups:
Date Added: 2009-03-18 17:13:55
change has been made

18419 clarify that the check attribute only works against matching items Closed 2008-12-24 n/a
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-05-14 18:33:00
Details:
from McAfee:

I think what've you said here make sense, but I still see a problem.

Imagine this scenario:
check='all' 
check_existence='any'

collected items:
A - DNE
B - Matches state

This will still evaluate to false because when evaluating state,
collected item A will evaluate to false and collected item B will
evaluate to true.  False and true evaluates to false for a check of all.

To fix this and, I believe it, all other cases, DNE items should be
ignored in all evaluations against state.
Follow-ups:
Date Added: 2008-12-24 17:27:51
Modified the description of the check attribute in the TestType definition ... "The required check attribute determines how many items that match the object definition (ignoring items with a status of Does Not Exist) must satisfy the state requirements" Also added a bit of clarification to each value in the CheckEnumeration.

18439 clarify the meaning of the datatype attribute related to variables Closed 2008-12-31 Fixed
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-07-02 20:43:03
Details:
I'm looking at using a <local_variable> in an OVAL Test that I am developing.  I have some questions on how the datatype attribute should be used / enforced.  The current schema is a bit vague in the situation I am looking at ...

 <local_variable id="var:1" datatype="??????">
   <substring> ... returns 1
 </local_variable>

The local_variable being referenced looks at a string and performs a substring function to return the first character.  (assume that this character normally is either '0' or '1' so it satisfies W3C boolean datatype)

Can the variable datatype be set to "boolean"?  What happens if the character(s) returned by the substring function do not represent boolean data?

The current documentation for the datatype attribute of a variable reads ... "The required datatype attribute specifies the type of value being defined. The set of values identified by a variable must comply with the specified datatype."

I interpret this to mean that the <variable> does its thing to return a set of characters (could be a string, or a number, or a version, etc).  This set of characters should then be treated as the stated datatype.  If the set of characters returned does not satisfy the stated datatype, then an error should be returned by the variable.

I propose clarifying this documentation to read ...

"The required datatype attribute specifies the type of value being defined.  The set of values identified by a variable must comply with the specified datatype, otherwise and error should be reported.  Please see the DatatypeEnumeration for details about each valid datatype.  For example, if the datatype of the variable is specified as boolean then the value(s) returned by the component / function should be "true", "false", "1", or "0".

Thoughts?
Follow-ups:
Date Added: 2009-05-11 15:36:26
Can this be addressed in the second draft of version 5.6

18557 clarify certain file effective rights when dealing with a directory Closed 2009-01-12 Fixed
Priority: High | Category: n/a | Date Closed: 2009-07-01 14:45:13
Details:
For the file effective rights test, the specific rights section of the bit map are named different things for files and directories.  This should be explained in the comments of each effective right.

http://msdn.microsoft.com/en-us/magazine/cc982153.aspx

namely that:

read = list
write = add file
append = add sub directory
execute = traverse
Follow-ups:
n/a
19261 add schematron rules to verify that tests in UNIX schema only reference correct objects and states Closed 2009-03-18 n/a
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-05-14 18:32:59
Details:
The tests in the Unix schema are missing schematron checks that verify that the objects and states referenced by the test are of the correct type.
Follow-ups:
Date Added: 2009-03-18 17:08:04
new schematron checks have been added to the unix component schema

19616 remove an extra end bracket in auditeventpolicy_state Closed 2009-04-30 n/a
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-05-14 18:32:59
Details:
There is a rouge '>' in the <app_info> of the account_management entity of the auditeventpolicy_state.
Follow-ups:
Date Added: 2009-04-30 21:17:27
fixed

19751 schematron rules in UNIX password_state refer to package_state Closed 2009-05-14 n/a
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-05-14 15:52:33
Details:
The schematron rules in the password_state found in the UNIX component schema refer to the package_state by mistake.
Follow-ups:
Date Added: 2009-05-14 15:52:33
fixed

19753 add Schematron rule to verify that a var_ref is supplied whenever a var_check is present Closed 2009-05-14 n/a
Priority: Low | Category: Definition Schemas | Date Closed: 2009-05-14 18:04:12
Details:
In the EntityObjectBaseType and EntityStateBaseType types we should add a  Schematron rule to verify that a var_ref is supplied whenever a var_check is present.
Follow-ups:
Date Added: 2009-05-14 18:04:12
addition made

12024 file_objects need to support splitting complete file filepath into file name and path Closed 2007-06-07 Duplicate
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-06-22 17:10:06
Details:
in windows many registry keys hold the complete filepath for a file like:
c:/program files/progam/file.exe

there is a common need to be able to query the registry for the location of a file and then check its version. This currently can no be done because there is no way to separate the filename and path from the complete file path. 

Possible solutions are:
- to add additional functions to be used with variables to support this(strlen, findlastindexof, substringafter).

- modify the file_object declaration to support this.

- others....


There are a few examples of this in the oval repository
Follow-ups:
Date Added: 2008-11-11 19:20:04
the current thinking is to solve this with a choice structure inside the OVAL Object that allows both representations.

Date Added: 2009-06-22 17:10:06
Closing this as it is a duplicate of #12789

16584 consider allowing a test to reference multiple states Closed 2008-08-19 n/a
Priority: Low | Category: Definition Schemas | Date Closed: 2009-05-11 15:46:47
Details:
From: Ken Lassesen [mailto:ken.lassesen@LUMENSION.COM]
Sent: Monday, August 11, 2008 10:41 AM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: [OVAL-DEVELOPER-LIST] Random thought for 5.5 or 6.0


The existing pattern is
<test
   <object
   <state
</test

I was wondering if it makes sense to support

<test
   <object
   <state
   <state
   <state
   <state
</test

I'm in the midst of creating contents dealing with ports (as most of you could guest), for example, a definition that checks if a secure protocol is being used.  This is an enumeration of specific disjoint ports, so it's end up being one test per port (i.e. port_state) and at the highest level, a massive OR. I'm fine with that, but the above pattern would cut the volume of XML significantly.
Follow-ups:
Date Added: 2009-05-11 15:46:47
Closing this item since it is a dup of a prior item.(#10881)

17437 resolve_group behavior documentation needs to specify that the process is recursive Closed 2008-10-06 n/a
Priority: Medium | Category: n/a | Date Closed: 2009-05-14 18:33:00
Details:
The documentation needs to be updated to specify that the behavior should recursively resolve groups.
Follow-ups:
Date Added: 2008-11-11 17:58:20
The 'resolve_group' behavior defines whether an object set defined by a group sid should be resolved to return a set that contains all the user sids that are a member of that group. Note that all child groups should also be resolved any valid domain users that are members of the group should also be included. The intent of this behavior is to end up with a list of all individual users from that system that make up the group once everything has been resolved.

19181 add new deprecation policy data to all schema files Closed 2009-03-11 n/a
Priority: High | Category: n/a | Date Closed: 2009-05-12 21:47:05
Details:
As of version 5.6 we have a deprecation policy that includes a well defined structure for tracking deprecation status of items in the OVAL Language. For version 5.6 we need to insert this new deprecation information. 
Follow-ups:
n/a
19648 review and add submitted Sharepoint component schema Closed 2009-05-05 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2009-07-02 22:53:45
Details:
The original component schema submission was made on Tue 4/14/2009 9:21 AM. The submission email is in the oval-developer-list archive. 


Follow-ups:
n/a
19649 review new patch test submitted for VMware ESX schema Closed 2009-05-05 n/a
Priority: High | Category: Definition Schemas | Date Closed: 2009-05-14 20:16:27
Details:
The schema change was submitted on Fri 5/1/2009 2:51 PM to the oval-developer-list.
Follow-ups:
Date Added: 2009-05-14 15:44:55
Added a new patch56_test that changed the patch_number (int) entity to patch_name (string). Also added a few new state entities as per the submission. Test is in first draft of 5.6 and is awaiting response from community.

19661 clarify documentation for the c_time and m_time elements of the unix-sc:file_item Closed 2009-05-06 n/a
Priority: Medium High | Category: n/a | Date Closed: 2009-05-14 20:11:43
Details:
In unix-system-characteristics
File_item 
a_time 
c_time *
m_time *

* If this is seconds since last Epoch --documentation is not clear.  An
example or guidance based on stat man page would be nice


This was reported on: Fri 5/1/2009 7:30 AM 
by:  Vladimir Giszpenc 
DSCI Contractor Supporting
US Army CERDEC S&TCD IAD Tactical Network Protection Branch
(732) 532-8959
Follow-ups:
Date Added: 2009-05-06 14:52:13
Please also review the documentation for the a_time element and look at the documentation in the unix-definition-schema for the same constructs

19737 add Schematron rule to prohibit @var_ref on the ind-def:variable_object/ind-def:var_ref element Closed 2009-05-13 Fixed
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-06-18 21:59:12
Details:
See the oval-developer-list thread with the subject of "Prohibit @var_ref on the variable_object/var_ref element?" for more information. 
Follow-ups:
n/a
19739 add keyref to ind-def:variable_object/ind-def:var_ref to ensure that the referenced variable is present Closed 2009-05-13 n/a
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-05-22 16:21:35
Details:
There is currently no constraint in the xsd that forces a referenced variable to exist in the definitions document. For example:

<variable_object id="oval:org.mitre.oval:obj:6625" version="1" ...>
  <var_ref>oval:org.mitre.oval:var:944</var_ref>
</variable_object>

can exist in a document where var:994 does not also exist. This should not be permitted and is enforced with keyrefs. Here is the keyref copied form the oval-definitions-schema for the @var_ref 

<xsd:keyref name="variableKeyRef" refer="oval-def:variableKey">
  <xsd:annotation>
    <xsd:documentation>Requires each variable reference to refer to a valid variable id.</xsd:documentation>
  </xsd:annotation>
  <xsd:selector xpath=".//*"/>
  <xsd:field xpath="@var_ref"/>
</xsd:keyref>


In this case the solution should be to add a similar key ref to the ind-def:variable_object declaration to ensure that the var_ref element's value exists.
Follow-ups:
n/a
19879 correct evaluation chart for oval-sc:FlagEnumeration - wrong chart was copied into the documentation Closed 2009-05-27 Fixed
Priority: High | Category: System Characteristics Schemas | Date Closed: 2009-07-15 17:15:52
Details:
The documentation and the evaluation chart do not align with each other.
Follow-ups:
n/a
19916 change required regex library for the pattern match operation from POSIX to PCRE Closed 2009-05-29 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2009-07-15 21:48:31
Details:
This topic was discussed and agreed to at 2008 OVAL Developer Days. See the minutes from the event for detailed discussion.
Follow-ups:
n/a
19970 clarify that the supported version of xpath is 1.0 on the ind-def:xmlfilecontent_object Closed 2009-06-02 Fixed
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-06-18 17:47:14
Details:
the documentation does not state which version of xpath is support. We need to add a sentence stating that xpath 1.0 is supported
Follow-ups:
n/a
20096 correct the Schematron rules on the win-def:wuaupdatesearcher_test Closed 2009-06-11 Fixed
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-06-11 15:51:19
Details:
This issue was reported in email to the oval developer list

>-----Original Message-----
>From: Timothy Harrison [mailto:tim.harrison@NIST.GOV]
>Sent: Tuesday, June 09, 2009 3:15 PM
>To: oval-developer-list OVAL Developer List/Closed Public Discussion
>Subject: [OVAL-DEVELOPER-LIST] oval definitions schematron errors
>relating to win-def:wuaupdatesearcher_test
>
>The OVAL 5.5, and 5.6, oval-definitions-schematron use the wrong
>element name when asserting that the child elements of
>win-def:wuaupdatesearcher_test reference the correct type of
>object/state.  Instead of using "win-def:wuaupdatesearcher_object" and
>"win-def:wuaupdatesearcher_state" the assertions use
>"win-def:wuasearch_object" and "win-def:wuasearch_state",
>respectively.  These errors can be found on lines 6063 and 6067 in the
>OVAL 5.5 schematron and lines 6548 6552 in the OVAL 5.6 schematron.
>It is important to note that the text displayed for these rules uses
>the correct element names.
>
Follow-ups:
n/a
20169 clarify how substring capturing should work in the oval-def:RegexCaptureFunctionType Closed 2009-06-18 Fixed
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-06-22 15:20:38
Details:
the documentation is quite vague right now. here is the email thread related
: to this issue.

I helped craft this function, and my intent was "b". That's how we have it implemented in our parser. We should definitely expand the documentation on this.

Thanks,
Ken

-----Original Message-----
From: Michael Chisholm [mailto:chisholm@MITRE.ORG] 
Sent: Monday, June 15, 2009 11:59 AM
To: OVAL-DEVELOPER-LIST@LISTS.MITRE.ORG
Subject: [OVAL-DEVELOPER-LIST] The regex_capture function

I am implementing the regex_capture function [1].  It is not clear how (or whether) to support regex captures.  The name of the function suggests captures should be supported, but the description in the 5.5 language spec makes no mention of this.  This email is a request for opinions/clarification on how the function should be implemented.  Here are some ideas:

a) Ignore captures and only use the overall match
b) Ignore the overall match and only use the first capture
c) Ignore the overall match but use all captures
d) Include the overall match and all captures

The first two would result in a single value for each component value input.  The last two could result in multiple values for each component value input, which then begs the question of how these values should be combined together into a single component value result.  E.g. the simple thing to do is concatenate all the values into a big list.

Follow-ups:
n/a
20202 clarify documentation on all trustee_name / trustee_sid in the windows defintions schema Closed 2009-06-22 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2009-06-30 13:54:48
Details:
In reviewing the documentation for the win-def:sid_sid_object i noticed this statement 

"The potential object set should be limited to just the trustees on the DACL/SACL of the object in question." 

This was inadvertently copied from the fileeffectiverights_test. It looks like all of this type of documentation needs to be reviewed for consistency and correctness.
Follow-ups:
n/a
20278 deprecate the resolve_group behavior on all tests except for the sid_sid_test and the sid_test Closed 2009-06-30 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2009-06-30 13:54:57
Details:
The following tests have a resolve_group behavior that can be deprecated:

- accesstoken_test
- fileauditedpermissions53_test
- fileauditedpermissions_test
- fileeffectiverights53_test
- fileeffectiverights_test
- printereffectiverights_test
- regkeyauditedpermissions53_test
- regkeyauditedpermissions_test
- regkeyeffectiverights53_test
- regkeyeffectiverights_test


See the developer list for more information:

http://n2.nabble.com/5.5-schema%2C-trustee_sid%2C-pattern-match-tp1132411p3176691.html

Follow-ups:
n/a
20280 review and add submitted ind-def:ldap_test Closed 2009-06-30 Fixed
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-07-02 17:25:00
Details:
see developer list:

http://n2.nabble.com/Proposed-ldap-test-tp3170199p3170199.html
Follow-ups:
n/a
20291 review and add win-def:serviceeffectiverights_test to support checking the rights of services on windows Closed 2009-06-30 Fixed
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-07-02 17:24:59
Details:
see developer list:

http://n2.nabble.com/%22service-effective-rights%22-probe-tp3184423p3184423.html
Follow-ups:
n/a
20330 clarify that the max_depth and recurse_direction file behaviors apply to the path entity Closed 2009-07-03 Fixed
Priority: High | Category: Definition Schemas | Date Closed: 2009-07-17 14:24:59
Details:
in draft 2 of version 5.6 we added a path + filename or filepath choice. need to clarify that the max_depth and recurse_direction file behaviors apply to the path enty and not to the filepath entity.
Follow-ups:
n/a
20372 clarify the include_group behavior in the windows definitions schema Closed 2009-07-08 Fixed
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-07-17 14:25:06
Details:
most declarations of the include_group behavior do not have any documentation. 
Follow-ups:
n/a
20373 clarify documentation for the ContentEnumeration in the oval-results-schema Closed 2009-07-08 Fixed
Priority: Medium High | Category: Result Schemas | Date Closed: 2009-07-08 17:33:32
Details:
This looks to be an error in the documentation.  Thank you very much for pointing this out.  We will work to correct this in the upcoming draft.

What I think is going on here is that when we first added the <directives> to an OVAL Results document, the definition of what made of thin results and what made up full results was going to be held in a stylesheet.  But since then, this definition has been encoded in the Schematron statements located in the results schema itself.  We just did not update this documentation accordingly.

Thanks
Drew


>-----Original Message-----
>From: John Firebaugh [mailto:john_firebaugh@BIGFIX.COM]
>Sent: Tuesday, July 07, 2009 8:53 PM
>To: oval-developer-list OVAL Developer List/Closed Public Discussion
>Subject: [OVAL-DEVELOPER-LIST] Results schema content directive style
>sheet
>
>The documentation for the results schema ContentEnumeration type reads:
>
>> Defines the valid values for the directives controlling the expected
>content
>> of the results file. The specific content that is expected with each
>value is
>> defined by a style sheet that complements the OVAL Results Schema.
>Please
>> refer to these style sheets for more information.
>
>To what style sheets does this refer and where can I find them?
>
>Thanks,
>John
Follow-ups:
Date Added: 2009-07-08 17:33:04
Updated the documentation to: "The ContentEnumeration defines the valid values for the directives controlling the amount of expected depth found in the results file. Each directive specified at the top of an OVAL Results file defines how much information should be included in the document for each of the different result types. The amount of content that is expected with each value is defined by Schematron statements embedded throughout the OVAL Results Schema. Currently, the enumeration defines two values: thin and full. Please refer to the documentation of each individual value of this enumeration for more information about what each means."

20464 value_of element in the ind-sc:xmlfilecontent_item should be unbounded Closed 2009-07-14 Fixed
Priority: High | Category: System Characteristics Schemas | Date Closed: 2009-08-18 17:55:43
Details:
The value_of element is intended to be unbounded. This allows an xpath to return an array of values. 
Follow-ups:
n/a
20465 add type entity to the unix-def:interface_state and unix-sc:interface_item Closed 2009-07-14 Fixed
Priority: High | Category: n/a | Date Closed: 2009-07-17 14:25:03
Details:
need to allow collection and testing of the type of a unix interface
Follow-ups:
n/a
20927 add behavior to the win-def:wuaupdatesearcher_test to control inclusion/exclusion of superseded updates Closed 2009-08-24 Fixed
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-08-24 17:35:04
Details:
In version 5.5 there is no way to indicate whether or not superseded updates should be included in search results when searching for updates. This causes potentially more updates to be reported than are needed.
Follow-ups:
n/a
20928 add aix-def:interim_fix_test to allow testing of interim and emergency fixes Closed 2009-08-24 Fixed
Priority: Medium | Category: n/a | Date Closed: 2009-08-24 17:35:42
Details:
This test will allow checking for interim fixes. see:
http://n2.nabble.com/Potential-AIX-Limitations-with-OVAL-Schema-tp3475053ef20093.html
Follow-ups:
n/a
21032 Add behaviors to the textfilecontent54_test to control multiline and case sensitivity matching Closed 2009-09-01 Fixed
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-09-28 20:35:31
Details:
see discussion at: http://n2.nabble.com/Regular-Expressions-in-OVAL-5-6-tp3535792ef20093.html
Follow-ups:
n/a
19523 add new values to the win-def:EntityStateSharedResourceTypeType definition Closed 2009-04-21 n/a
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-05-14 22:35:29
Details:
Update the win-def:EntityStateSharedResourceTypeType definition such that it accounts for all possible values of the shared_type entity as specified in the Microsoft documentation.  For more information about this change, please consult the following link. 

http://n2.nabble.com/Proposal-to-Amend-the-win-def%3AEntityStateSharedResourceTypeType-Definition-td2617124ef20093.html
Follow-ups:
n/a
19765 deprecate the STYPE_SPECIAL and STYPE_TEMPORARY values in the EntityStateSharedResourceTypeType enumeration Closed 2009-05-14 n/a
Priority: High | Category: Definition Schemas | Date Closed: 2009-05-14 22:35:05
Details:
The STYPE_SPECIAL (0x80000000) and STYPE_TEMPORARY (0x40000000) values are no longer valid as the Microsoft documentation specifies that these values are to be OR'd with either STYPE_DISKTREE, STYPE_PRINTQ, STYPE_IPC, or STYPE_DEVICE. Thus, the values STYPE_DISKTREE_SPECIAL 
(0x80000000 | 0x00000000 = 0x80000000) and STYPE_DISKTREE_TEMPORARY 
(0x40000000 | 0x00000000 = 0x40000000) should be used instead. Please consult Microsoft's documentation at http://msdn.microsoft.com/en-us/library/bb525408(VS.85).aspx for more information. 
Follow-ups:
n/a
20685 Modify the win-def:activedirectory_test and ind-def:ldap_test to support data collection for objects that do not have a relative distinguished name component Closed 2009-07-30 Fixed
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-07-30 15:48:28
Details:
For additional information, please see the proposal that has been posted to the OVAL Developer List at http://n2.nabble.com/Proposal-to-Modify-the-win-def%3Aactivedirectory_test-and-the-ind-def%3Aldap_test-tp3351022ef20093.html.
Follow-ups:
n/a
20885 The Schematron rule enforcing the use of the pattern match operation on the ind-def:textfilecontent_object/ind-def:line entity should be restored Closed 2009-08-20 n/a
Priority: Medium | Category: Definition Schemas | Date Closed: 2009-08-20 18:14:57
Details:
In Version 5.4 of the OVAL Language, the Schematron rule for the ind-def:textfilecontent_object/ind-def:line entity that enforced the pattern match operation was inadvertently dropped.  The Schematron rule should be restored and added into the OVAL Language v5.6 RC release.
Follow-ups:
Date Added: 2009-08-20 17:52:14
This should also be corrected for the ind-def:textfilecontent54_object/ind-def:pattern entity.

17255 add support for registry keys that contain both the path and the filename Closed 2008-09-25 n/a
Priority: Medium High | Category: Definition Schemas | Date Closed: 2009-05-11 15:42:08
Details:
If a person is constructing a file_object from a value found in the registry, they typically pull a path out of the registry and the concatenate a filename onto the path.

Sometimes the registry stores the fully qualified path to a file such as "C:\itunes\iTunes.exe".  We need to be able to construct a file object from this registry key--right now this is not possible.


Follow-ups:
Date Added: 2008-11-11 19:18:42
the current thinking is to solve this with a choice structure inside the OVAL Object that allows both representations.

Date Added: 2009-05-11 15:42:08
closed because it is a dup of a prior bug (#12024).

Back to top

Timeline

PLANNING DRAFT RELEASE CANDIDATE OFFICIAL
21 January 2009 14 May 2009 31 July 2009 11 September 2009
Back to top

Status Reports

Status updates are included below. You may also review the OVAL Developer’s Forum Archives for discussions about Version 5.6.

[2009-09-11]

Version 5.6 has been officially released. Many thanks to all in the community that helped with this minor release.

[2009-09-01]

Release candidate 3 of Version 5.6 was posted for community review and comment on 1 September 2009. Version 5.6 RC 3 addresses additional documentation issues related to the supported regular expression syntax in OVAL. These changes have led to the addition of a new set of behaviors on the textfilecontent54_test as well.

[2009-08-24]

Release candidate 2 of Version 5.6 was posted for community review and comment on 24 August 2009. Version 5.6 RC 2 addresses additional documentation and Schematron issues, adds the aix-def:interim_fix-test, adds a new behavior to the win-def:wuaupdatesearcher_object that will allow a definition author to exclude superseded updates, and adds the state_operator into the oval-res:TestType definition.

[2009-08-24]

Release candidate 2 of Version 5.6 was posted for community review and comment on 24 August 2009. Version 5.6 RC 2 addresses additional documentation and schematron issues, adds the aix-def:interim_fix-test, adds a new bahavior to the win-def:wuaupdatesearcher_object that will allow a definition author to exclude superseded updates, and adds the state_operator into the oval-res:TestType definition.

[2009-07-31]

Release candidate 1 of Version 5.6 was posted for community review and comment on 31 July 2009. Version 5.6 RC 1 addresses additional documentation issues, updates the new SharePoint schema, and represents another step towards the official release of Version 5.6.

[2009-07-17]

A third draft of Version 5.6 was posted for community review and comment on 17 July 2009. Version 5.6 draft 3 addresses additional documentation issues, adds a new type entity to the unix-def:interface_state, and represents another step towards the release candidate for version 5.6.

[2009-07-02]

A second draft of Version 5.6 was posted for community review and comment on 2 July 2009. Version 5.6 draft 2 includes the majority of the planned changes for version 5.6.

[2009-05-14]

A first draft of Version 5.6 was posted for community review and comment on 14 May 2009.

[2009-05-07]

A draft of Version 5.6 will be posted for community review and comment on 14 May 2009.

[2009-01-21]

Version 5.6 is currently in the planning stage. If you have any suggestions for changes that should be included, please send them to the OVAL Developer’s Forum.

Back to top

Page Last Updated: December 12, 2011