Nested Criteria Blocks within definitions

Hi,

I'm having some trouble with nesting criteria in a definition. When I try it, I get a pretty ambiguous error on the last closing tag of the file (namely the </oval_definitions> tag. Oddly enough, if I comment out the nested portion, it works fine. Don't mind the comments al being the same, that's icing on the cake after if works ;-)

Is there a problem with nesting criteria, or am I just doing it wrong??

I've triple checked the spelling and closing tags on everything.

BRW, Not completely sure if this should go into the Discussion or Developer mail-list. I apologize if it it's in the wrong place...

         <criteria operator="OR">
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2025" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20251" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20252" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20253" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20254" comment="ensure uexec permission is off in man files" />
            </criteria>
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2026" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20261" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20262" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20263" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20264" comment="ensure uexec permission is off in man files" />
</criteria>
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:20275" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20271" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20272" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20273" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20274" comment="ensure uexec permission is off in man files" />
</criteria>
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2028" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20281" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20282" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20283" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20284" comment="ensure uexec permission is off in man files" />
</criteria>
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2029" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20291" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20292" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20293" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20294" comment="ensure uexec permission is off in man files" />
</criteria>
         </criteria>

Edward Sealing, CISSP, CEH Linux Services & Solutions Practice

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

Attached is the entire definition file for the def that's giving me trouble. I've tested this, and it gives the same
"The key for identity constraint of element oval_definition is missing"
error.

I'm using ovaldi 5-5.25 on RHEL 5.3.

~Ed

-----Original Message-----
From: Baker, Jon [mailto:[hidden email]]
Sent: Wed 9/2/2009 11:08 AM
To: [hidden email]
Subject: Re: [OVAL-DEVELOPER-LIST] Nested Criteria Blocks within definitions
 
Can you send your complete xml file that has the error? I would be happy to review and see if I can suggest a fix.

FYI - The oval-discussion-list should really be considered called the OVAL Repository Forum. That list is for discussing the content in the OVAL Repository.

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]

From: Ed Sealing [mailto:[hidden email]]
Sent: Wednesday, September 02, 2009 11:01 AM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: [OVAL-DEVELOPER-LIST] Nested Criteria Blocks within definitions

Hi,

I'm having some trouble with nesting criteria in a definition. When I try it, I get a pretty ambiguous error on the last closing tag of the file (namely the </oval_definitions> tag. Oddly enough, if I comment out the nested portion, it works fine. Don't mind the comments al being the same, that's icing on the cake after if works ;-)

Is there a problem with nesting criteria, or am I just doing it wrong??

I've triple checked the spelling and closing tags on everything.

BRW, Not completely sure if this should go into the Discussion or Developer mail-list. I apologize if it it's in the wrong place...

         <criteria operator="OR">
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2025" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20251" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20252" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20253" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20254" comment="ensure uexec permission is off in man files" />
            </criteria>
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2026" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20261" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20262" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20263" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20264" comment="ensure uexec permission is off in man files" />
</criteria>
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:20275" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20271" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20272" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20273" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20274" comment="ensure uexec permission is off in man files" />
</criteria>
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2028" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20281" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20282" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20283" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20284" comment="ensure uexec permission is off in man files" />
</criteria>
         <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2029" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20291" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20292" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20293" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20294" comment="ensure uexec permission is off in man files" />
</criteria>
         </criteria>
Edward Sealing, CISSP, CEH
Linux Services & Solutions Practice



To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].



To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

<oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd"
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:u="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:l="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:i="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5">
   <generator>
      <oval:product_name>Writer Tool</oval:product_name>
      <oval:product_version>2.3</oval:product_version>
      <oval:schema_version>5.5</oval:schema_version>
      <oval:timestamp>2007-10-12T18:13:45</oval:timestamp>
   </generator>
   <definitions>
      <definition id="oval:tresys:def:2017" version="1" class="compliance">
         <metadata>
            <title>GEN001280</title>
            <!-- <affected> </affected> -->
            <!-- <reference> </reference> -->
            <description>Ensure that man pages have permissions of 644 or more restrictive</description>
         </metadata>
         <!-- <notes> <note> </note> </notes> -->
         <criteria operator="OR">
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2025" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20251" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20252" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20253" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20254" comment="ensure uexec permission is off in man files" />
                </criteria>
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2026" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20261" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20262" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20263" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20264" comment="ensure uexec permission is off in man files" />
                </criteria>
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:20275" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20271" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20272" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20273" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20274" comment="ensure uexec permission is off in man files" />
                </criteria>
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2028" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20281" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20282" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20283" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20284" comment="ensure uexec permission is off in man files" />
                </criteria>
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2029" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20291" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20292" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20293" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20294" comment="ensure uexec permission is off in man files" />
                </criteria>
         </criteria>
      </definition>
     </definitions>
      <tests>
            <u:file_test id="oval:tresys:tst:2025" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20251" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20252" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20253" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20254" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:2026" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20261" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20262" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20263" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20264" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:2027" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20271" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20272" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20273" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20274" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:2028" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20281" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20282" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20283" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20284" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:2029" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20291" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20292" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20293" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20294" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
   </tests>
   <objects>
      <u:file_object id="oval:tresys:obj:2025" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[a-fA-F].*</u:filename>
      </u:file_object>
      <u:file_object id="oval:tresys:obj:2026" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[g-lG-L].*</u:filename>
      </u:file_object>
      <u:file_object id="oval:tresys:obj:2027" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[m-rM-R].*</u:filename>
      </u:file_object>
      <u:file_object id="oval:tresys:obj:2028" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[s-zS-Z].*</u:filename>
      </u:file_object>
      <u:file_object id="oval:tresys:obj:2029" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[^a-zA-Z].*</u:filename>
      </u:file_object>
   </objects>
   <states>
   <u:file_state id="oval:tresys:ste:2025" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:uexec datatype="boolean" operation="equals">1</u:uexec>
      </u:file_state>
      <u:file_state id="oval:tresys:ste:20251" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:gwrite datatype="boolean" operation="equals">1</u:gwrite>
      </u:file_state>
      <u:file_state id="oval:tresys:ste:20252" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:gexec datatype="boolean" operation="equals">1</u:gexec>
      </u:file_state>
      <u:file_state id="oval:tresys:ste:20253" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:owrite datatype="boolean" operation="equals">1</u:owrite>
      </u:file_state>
      <u:file_state id="oval:tresys:ste:20254" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:oexec datatype="boolean" operation="equals">1</u:oexec>
      </u:file_state>
   </states>
   <!--
     <variables>
     </variables>
  -->
</oval_definitions>
<!-- vim: set foldmethod=marker -->

You have a reference to a missing test (oval:tresys:tst:20275). I commented out line 34 and the document is now valid.

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

<oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd"
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:u="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:l="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:i="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5">
   <generator>
      <oval:product_name>Writer Tool</oval:product_name>
      <oval:product_version>2.3</oval:product_version>
      <oval:schema_version>5.5</oval:schema_version>
      <oval:timestamp>2007-10-12T18:13:45</oval:timestamp>
   </generator>
   <definitions>
      <definition id="oval:tresys:def:2017" version="1" class="compliance">
         <metadata>
            <title>GEN001280</title>
            <!-- <affected> </affected> -->
            <!-- <reference> </reference> -->
            <description>Ensure that man pages have permissions of 644 or more restrictive</description>
         </metadata>
         <!-- <notes> <note> </note> </notes> -->
         <criteria operator="OR">
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2025" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20251" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20252" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20253" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20254" comment="ensure uexec permission is off in man files" />
                </criteria>
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2026" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20261" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20262" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20263" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20264" comment="ensure uexec permission is off in man files" />
                </criteria>
          <criteria operator="AND">
            <!--<criterion test_ref="oval:tresys:tst:20275" comment="ensure uexec permission is off in man files" /> -->
            <criterion test_ref="oval:tresys:tst:20271" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20272" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20273" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20274" comment="ensure uexec permission is off in man files" />
                </criteria>
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2028" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20281" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20282" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20283" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20284" comment="ensure uexec permission is off in man files" />
                </criteria>
          <criteria operator="AND">
            <criterion test_ref="oval:tresys:tst:2029" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20291" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20292" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20293" comment="ensure uexec permission is off in man files" />
            <criterion test_ref="oval:tresys:tst:20294" comment="ensure uexec permission is off in man files" />
                </criteria>
         </criteria>
      </definition>
     </definitions>
      <tests>
            <u:file_test id="oval:tresys:tst:2025" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20251" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20252" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20253" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20254" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2025" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:2026" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20261" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20262" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20263" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20264" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2026" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:2027" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20271" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20272" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20273" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20274" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2027" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:2028" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20281" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20282" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20283" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20284" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2028" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:2029" version="1" check="none satisfy" comment="ensure uexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:2025"/>
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20291" version="1" check="none satisfy" comment="ensure gwrite permission is off in regluar man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:20251" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20292" version="1" check="none satisfy" comment="ensure gexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:20252" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20293" version="1" check="none satisfy" comment="ensure owrite permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:20253" />
      </u:file_test>
      <u:file_test id="oval:tresys:tst:20294" version="1" check="none satisfy" comment="ensure oexec permission is off in regular man files">
         <u:object object_ref="oval:tresys:obj:2029" />
  <u:state state_ref="oval:tresys:ste:20254" />
      </u:file_test>
   </tests>
   <objects>
      <u:file_object id="oval:tresys:obj:2025" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[a-fA-F].*</u:filename>
      </u:file_object>
      <u:file_object id="oval:tresys:obj:2026" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[g-lG-L].*</u:filename>
      </u:file_object>
      <u:file_object id="oval:tresys:obj:2027" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[m-rM-R].*</u:filename>
      </u:file_object>
      <u:file_object id="oval:tresys:obj:2028" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[s-zS-Z].*</u:filename>
      </u:file_object>
      <u:file_object id="oval:tresys:obj:2029" version="1" comment="man pages">
      <u:behaviors recurse_direction="down" />
         <u:path>/usr/share/man</u:path>
         <u:filename datatype="string" operation="pattern match">^[^a-zA-Z].*</u:filename>
      </u:file_object>
   </objects>
   <states>
   <u:file_state id="oval:tresys:ste:2025" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:uexec datatype="boolean" operation="equals">1</u:uexec>
      </u:file_state>
      <u:file_state id="oval:tresys:ste:20251" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:gwrite datatype="boolean" operation="equals">1</u:gwrite>
      </u:file_state>
      <u:file_state id="oval:tresys:ste:20252" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:gexec datatype="boolean" operation="equals">1</u:gexec>
      </u:file_state>
      <u:file_state id="oval:tresys:ste:20253" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:owrite datatype="boolean" operation="equals">1</u:owrite>
      </u:file_state>
      <u:file_state id="oval:tresys:ste:20254" version="1">
         <u:type datatype="string" operation="equals">regular</u:type>
         <u:oexec datatype="boolean" operation="equals">1</u:oexec>
      </u:file_state>
   </states>
   <!--
     <variables>
     </variables>
  -->
</oval_definitions>
<!-- vim: set foldmethod=marker -->

That's what I get for cutting, pasting, and editing by hand. It is a bit odd that an unknown test would throw and error on the root closing tag.

Thanks a ton for your help Jon.

Cheers!
~Ed


-----Original Message-----
From: Baker, Jon [mailto:[hidden email]]
Sent: Wed 9/2/2009 12:01 PM
To: [hidden email]
Subject: Re: [OVAL-DEVELOPER-LIST] Nested Criteria Blocks within definitions
 
You have a reference to a missing test (oval:tresys:tst:20275). I commented out line 34 and the document is now valid.

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].

The error is reported on the closing of the root element because the xml schema constraint that requires the referenced test to exist in the document is defined within the oval_definition element.

Thanks,

Jon

============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]


To unsubscribe, send an email message to [hidden email] with
SIGNOFF OVAL-DEVELOPER-LIST
in the BODY of the message.  If you have difficulties, write to [hidden email].