- Open Vulnerability and Assessment Language -
Element Dictionary

This document outlines the items of the OVAL System Characteristics XML schema that are independent of any specific family or platform. Each iten is an extention of a basic System Characteristics item defined in the core System Characteristics XML schema.

The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.



< family_item >

This element stores high level system OS type, otherwise known as the family.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
family ind-sc:EntityItemFamilyType 0 1
This element describes the high level system OS type, otherwise known as the family.



< filehash_item >

Deprecated As Of Version: 5.8
Reason: Replaced by the filehash58_item which allows the hash algorithm to be specified when collecting data. See the filehash58_item.
Comment: This item has been deprecated and may be removed in a future version of the language.

This element stores the different hash values associated with a specific file.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
filepath oval-sc:EntityItemStringType 0 1
The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
path oval-sc:EntityItemStringType 0 1
The path element specifies the directory component of the absolute path to a file on the machine.
filename oval-sc:EntityItemStringType 0 1
The name of the file.
md5 oval-sc:EntityItemStringType 0 1
The md5 hash of the file
sha1 oval-sc:EntityItemStringType 0 1
The sha1 hash of the file



< filehash58_item >

This element stores a hash value associated with a specific file.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
filepath oval-sc:EntityItemStringType 0 1
The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
path oval-sc:EntityItemStringType 0 1
The path element specifies the directory component of the absolute path to a file on the machine.
filename oval-sc:EntityItemStringType 0 1
The name of the file.
hash_type ind-sc:EntityItemHashTypeType 0 1
Identifier for the hash algorithm used to calculate the hash.
hash oval-sc:EntityItemStringType 0 1
The result of applying the hash algorithm to the file.



< environmentvariable_item >

Deprecated As Of Version: 5.8
Reason: Replaced by the environmentvariable58_item. This item allows the hash algorithm to be specified. See the filehash58_item.
Comment: This object has been deprecated and may be removed in a future version of the language.

This item stores information about environment variables and their values.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
name oval-sc:EntityItemStringType 0 1
This element describes the name of an environment variable.
value oval-sc:EntityItemAnySimpleType 0 1
The actual value of the specified environment variable.



< environmentvariable58_item >

This item stores information about an environment variable, the process ID of the process from which it was retrieved, and its corresponding value.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
pid oval-sc:EntityItemIntType 0 1
The process ID of the process from which the environment variable was retrieved.
name oval-sc:EntityItemStringType 0 1
This element describes the name of an environment variable.
value oval-sc:EntityItemAnySimpleType 0 1
The actual value of the specified environment variable.



< ldap_item >

Deprecated As Of Version: 5.7
Reason: Replaced by the ldap57_item. This item allows for single fields to be selected from a ldap. A new item was created to allow more than one field to be selected in one statement. See the ldap57_item.
Comment: This object has been deprecated and may be removed in a future version of the language.

This element holds information about specific entries in the LDAP directory. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
suffix oval-sc:EntityItemStringType 0 1
Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.
relative_dn oval-sc:EntityItemStringType 0 1
The relative_dn field is used to uniquely identify an item inside the specified suffix. It contains all of the parts of the item's distinguished name except those outlined by the suffix. If the xsi:nil attribute is set to true, then the item being represented is the higher level suffix. Using xsi:nil here will result in a status of 'does not exist' for object_class, ldaptype, and value since these entities are not associated with a suffix by itself. Note that when xsi:nil is used for the relative dn element, the attribute element should also be nilled.
attribute oval-sc:EntityItemStringType 0 1
Specifies a named value contained by the object. If the xsi:nil attribute is set to true, then the item being represented is the higher level relative distinguished name. Using xsi:nil here will result in a status of 'does not exist' for object_class, ldaptype, and value since these entities are not associated with a relative distinguished name by itself.
object_class oval-sc:EntityItemStringType 0 1
The name of the class of which the object is an instance.
ldaptype ind-sc:EntityItemLdaptypeType 0 1
Specifies the type of information that the specified attribute represents.
value oval-sc:EntityItemAnySimpleType 0 unbounded
The actual value of the specified LDAP attribute. Note that while an LDAP attribute can contain structured data where it is necessary to collect multiple related fields that can be described by the 'record' datatype, it is not always the case. It also is possible that an LDAP attribute can contain only a single value or an array of values. In these cases, there is not a name to uniquely identify the corresponding field(s) which is a requirement for fields in the 'record' datatype. As a result, the name of the LDAP attribute will be used to uniquely identify the field(s) and satisfy this requirement. If the LDAP attribute contains a single value, the 'record' will have a single field identified by the name of the LDAP attribute. If the LDAP attribute contains an array of values, the 'record' will have multiple fields all identified by the name of the LDAP attribute.



< ldap57_item >

This element holds information about specific entries in the LDAP directory. It extends the standard ItemType as defined in the oval-system-characteristics schema and one should refer to the ItemType description for more information.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
suffix oval-sc:EntityItemStringType 0 1
Each object in an LDAP directory exists under a certain suffix (also known as a naming context). A suffix is defined as a single object in the Directory Information Tree (DIT) with every object in the tree subordinate to it.
relative_dn oval-sc:EntityItemStringType 0 1
The relative_dn field is used to uniquely identify an item inside the specified suffix. It contains all of the parts of the item's distinguished name except those outlined by the suffix. If the xsi:nil attribute is set to true, then the item being represented is the higher level suffix. Using xsi:nil here will result in a status of 'does not exist' for object_class, ldaptype, and value since these entities are not associated with a suffix by itself. Note that when xsi:nil is used for the relative dn element, the attribute element should also be nilled.
attribute oval-sc:EntityItemStringType 0 1
Specifies a named value contained by the object. If the xsi:nil attribute is set to true, then the item being represented is the higher level relative distinguished name. Using xsi:nil here will result in a status of 'does not exist' for object_class, ldaptype, and value since these entities are not associated with a relative distinguished name by itself.
object_class oval-sc:EntityItemStringType 0 1
The name of the class of which the object is an instance.
ldaptype ind-sc:EntityItemLdaptypeType 0 1
Specifies the type of information that the specified attribute represents.
value oval-sc:EntityItemRecordType 0 unbounded
The actual value of the specified LDAP attribute.



< sql_item >

Deprecated As Of Version: 5.7
Reason: Replaced by the sql57_item. This item allows for single fields to be selected from a database. A new item was created to allow more than one field to be selected in one statement. See the sql57_item.
Comment: This object has been deprecated and may be removed in a future version of the language.

The sql_item outlines information collected from a database via an SQL query.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
engine ind-sc:EntityItemEngineType 0 1
The engine entity identifies the specific database engine used to connect to the database.
version oval-sc:EntityItemStringType 0 1
The version entity identifies the version of the database engine used to connect to the database.
connection_string oval-sc:EntityItemStringType 0 1
The connection_string entity defines connection parameters used to connect to the specific database.
sql oval-sc:EntityItemStringType 0 1
The sql entity holds the specific query used to identify the object(s) in the database.
result oval-sc:EntityItemAnySimpleType 0 unbounded
The result entity specifies the result(s) of the given SQL query against the database.



< sql57_item >

The sql57_item outlines information collected from a database via an SQL query.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
engine ind-sc:EntityItemEngineType 0 1
The engine entity identifies the specific database engine used to connect to the database.
version oval-sc:EntityItemStringType 0 1
The version entity identifies the version of the database engine used to connect to the database.
connection_string oval-sc:EntityItemStringType 0 1
The connection_string entity defines connection parameters used to connect to the specific database.
sql oval-sc:EntityItemStringType 0 1
The sql entity holds the specific query used to identify the object(s) in the database.
result oval-sc:EntityItemRecordType 0 unbounded
The result entity holds the results of the specified SQL statement.



< textfilecontent_item >

The textfilecontent_item looks at the contents of a text file (aka a configuration file) by looking at individual lines.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
filepath oval-sc:EntityItemStringType 0 1
The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
path oval-sc:EntityItemStringType 0 1
The path element specifies the directory component of the absolute path to a file on the machine.
filename oval-sc:EntityItemStringType 0 1
The filename entity specifies the name of the file (without the path) that is being represented.
pattern oval-sc:EntityItemStringType 0 1
The pattern entity represents a regular expression that is used to define a block of text. Subexpression notation (parenthesis) is used to call out a value(s) to test against. For example, the pattern abc(.*)xyz would look for a block of text in the file that starts with abc and ends with xyz, with the subexpression being all the characters that exist inbetween. Note that if the pattern can match more than one block of text starting at the same point, then it matches the longest. Subexpressions also match the longest possible substrings, subject to the constraint that the whole match be as long as possible, with subexpressions starting earlier in the pattern taking priority over ones starting later.
instance oval-sc:EntityItemIntType 0 1
The instance entity calls out which match of the pattern is being represented by this item. The first match is given an instance value of 1, the second match is given an instance value of 2, and so on. The main purpose of this entity is too provide uniqueness for different textfilecontent_items that results from multiple matches of a given pattern against the same file.
line oval-sc:EntityItemStringType 0 1
The line element represents a line in the file and is represented using a regular expression.
text oval-sc:EntityItemAnySimpleType 0 1
The text entity represents the block of text that matched the specified pattern.
subexpression oval-sc:EntityItemAnySimpleType 0 unbounded
The subexpression entity represents the value of a subexpression in the specified pattern. If multiple subexpressions are specified in the pattern, then multiple entities are presented. Note that the textfilecontent_state in the definition schema only allows a single subexpression entity. This means that the test will check that all (or at least one, none, etc.) the subexpressions pass the same check. This means that the order of multiple subexpression entities in the item does not matter.



< variable_item >

This item stores information about OVAL Variables and their values.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
var_ref ind-sc:EntityItemVariableRefType 0 1
The id of the variable.
value oval-sc:EntityItemAnySimpleType 0 unbounded
The value of the variable. If a variable represents and array of values, then multiple value elements should exist.



< xmlfilecontent_item >

This item stores results from checking the contents of an xml file.

Extends: oval-sc:ItemType

Child Elements Type MinOccurs MaxOccurs
filepath oval-sc:EntityItemStringType 0 1
The filepath element specifies the absolute path for a file on the machine. A directory cannot be specified as a filepath.
path oval-sc:EntityItemStringType 0 1
The path element specifies the directory component of the absolute path to a file on the machine.
filename oval-sc:EntityItemStringType 0 1
The filename element specifies the name of the file.
xpath oval-sc:EntityItemStringType 0 1
Specifies an Xpath expression describing the text node(s) or attribute(s) to look at.
value_of oval-sc:EntityItemAnySimpleType 0 unbounded
The value_of element checks the value(s) of the text node(s) or attribute(s) found. How this is used is entirely controlled by operator attributes.

== EntityItemEngineType ==

The EntityItemEngineType complex type defines a string entity value that is restricted to an enumeration. Each valid entry in the enumeration is a valid database engine.

Restricts: oval-sc:EntityItemStringType

Value Description

access 

The access value describes the Microsoft Access database engine.

db2 

The db2 value describes the IBM DB2 database engine.

cache 

The cache value describes the InterSystems Cache database engine.

firebird 

The firebird value describes the Firebird database engine.

firstsql 

The firstsql value describes the FirstSQL database engine.

foxpro 

The foxpro value describes the Microsoft FoxPro database engine.

informix 

The informix value describes the IBM Informix database engine.

ingres 

The ingres value describes the Ingres database engine.

interbase 

The interbase value describes the Embarcadero Technologies InterBase database engine.

lightbase 

The lightbase value describes the Light Infocon LightBase database engine.

maxdb 

The maxdb value describes the SAP MaxDB database engine.

monetdb 

The monetdb value describes the MonetDB SQL database engine.

mimer 

The mimer value describes the Mimer SQL database engine.

oracle 

The oracle value describes the Oracle database engine.

paradox 

The paradox value describes the Paradox database engine.

pervasive 

The pervasive value describes the Pervasive PSQL database engine.

postgre 

The postgre value describes the PostgreSQL database engine.

sqlbase 

The sqlbase value describes the Unify SQLBase database engine.

sqlite 

The sqlite value describes the SQLite database engine.

sqlserver 

The sqlserver value describes the Microsoft SQL database engine.

sybase 

The sybase value describes the Sybase database engine.

 

The empty string value is permitted here to allow for detailed error reporting.




== EntityItemFamilyType ==

The EntityItemFamilyType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a high-level family of system operating system.

Restricts: oval-sc:EntityItemStringType

Value Description

catos 

The catos value describes the Cisco CatOS operating system.

ios 

The ios value describes the Cisco IOS operating system.

macos 

The macos value describes the Mac operating system.

pixos 

The pixos value describes the Cisco PIX operating system.

undefined 

The undefined value is to be used when the desired family is not available.

unix 

The unix value describes the UNIX operating system.

vmware_infrastructure 

The vmware_infrastructure value describes VMWare Infrastructure.

windows 

The windows value describes the Microsoft Windows operating system.

 

The empty string value is permitted here to allow for detailed error reporting.


== EntityItemHashTypeType ==

The EntityItemHashTypeType complex type restricts a string value to a specific set of values that specify the different hash algorithms that are supported. The empty string is also allowed to support empty elements associated with variable references.

Restricts: oval-sc:EntityItemStringType

Value Description

MD5 

The MD5 hash algorithm.

SHA-1 

The SHA-1 hash algorithm.

SHA-224 

The SHA-224 hash algorithm.

SHA-256 

The SHA-256 hash algorithm.

SHA-384 

The SHA-384 hash algorithm.

SHA-512 

The SHA-512 hash algorithm.

 

The empty string value is permitted here to allow for detailed error reporting.


== EntityItemVariableRefType ==

The EntityItemVariableRefType complex type defines a string item entity that has a valid OVAL variable id as the value.

Restricts: oval-sc:EntityItemStringType

Pattern oval:[A-Za-z0-9_\-\.]+:var:[1-9][0-9]*

== EntityItemLdaptypeType ==

The EntityItemLdaptypeType complex type restricts a string value to a specific set of values that specify the different types of information that an ldap attribute can represent. The empty string value is permitted here to allow for detailed error reporting.

Restricts: oval-sc:EntityItemStringType

Value Description

LDAPTYPE_ATTRIBUTE_TYPE_DESCRIP_STRING 

The data type is the attribute type description.

LDAPTYPE_DN_STRING 

The string is of Distinguished Name (path) of a directory service object.

LDAPTYPE_BIT_STRING 

The bit string type.

LDAPTYPE_PRINTABLE_STRING 

The string is displayable on screen or in print.

LDAPTYPE_NUMERIC_STRING 

The string is of a numeral to be interpreted as text.

LDAPTYPE_BOOLEAN 

The data is of a Boolean value.

LDAPTYPE_INTEGER 

The data is of an integer value.

LDAPTYPE_UTC_TIME 

The data is of the universal time as expressed in Universal Time Coordinate (UTC).

LDAPTYPE_GENERALIZED_TIME 

The data is of generalized time.

LDAPTYPE_DIRECTORY_STRING 

The directory string.

LDAPTYPE_OBJECT_CLASS_DESCRIP_STRING 

The object class description type.

LDAPTYPE_BINARY 

The data is binary.

LDAPTYPE_TIMESTAMP 

The data is of a time stamp in seconds.

Deprecated As Of Version: 5.7
Reason: This value was accidently carried over from the win-sc:EntityItemAdstypeType as it was used as a template for the ind-sc:EntityItemLdaptypeType.
Comment: This value has been deprecated and will be removed in version 6.0 of the language.

LDAPTYPE_EMAIL 

The data is of an e-mail message.

Deprecated As Of Version: 5.7
Reason: This value was accidently carried over from the win-sc:EntityItemAdstypeType as it was used as a template for the ind-sc:EntityItemLdaptypeType.
Comment: This value has been deprecated and will be removed in version 6.0 of the language.

 

The empty string value is permitted here to allow for detailed error reporting.