Some javascript/style in this post has been disabled (
why?)
On oval:gov.nist.fdcc.xp:tst:2333 the check
attribute is set to check="all" in
your case there was no registry key on the system you examined that satisfied
the conditions specified in oval:gov.nist.fdcc.xp:obj:3333. For
a test that uses check="all"
will only evaluate to true if there are one or more items that
satisfy the test’s object conditions.
Since the <registry_item/> that
was created is simply an item that records the fact that the requested registry
key does not exist, the <tested_item/> that
refers to it is marked with result="not evaluated". In
this case the result value is simply recording the fact that the item was not
considered from a state perspective since it did not exist.
Jon
============================================
Jonathan O. Baker
G022 - IA Industry Collaboration
The MITRE Corporation
Email: [hidden email]
From: moreno gontijo
[mailto:[hidden email]]
Sent: Wednesday, September 16, 2009 5:28 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] doubt about result "not
evaluated"
I
have a test that use obj:3333 and ste:4111 as show definitions.xml above.
The parameter "MaxSizeAAA" doesn´t exist. See follow registry_item
id="1" into results.xml.
Then tested_item item_id="1" there is a result="not
evaluated"/>. ok?
But see this line into results.xml.
"<test check="all" check_existence="only_one_exists"
result="false" test_id="oval:gov.nist.fdcc.xp:tst:2333"
version="1">"
why in that line show result=false instead of result="not evaluated"?
denifinitosn.xml
<tests>
<registry_test
id="oval:gov.nist.fdcc.xp:tst:
2333"
version="1"
comment="Size"
check_existence="only_one_exists"
check="all"
xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:gov.nist.fdcc.xp:obj:3333"/>
<state state_ref="oval:gov.nist.fdcc.xp:ste:4111"/>
</registry_test>
</tests>
<objects>
<registry_object
id="oval:gov.nist.fdcc.xp:obj:3333"
version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SYSTEM\CurrentControlSet\Services\Eventlog\Application</key>
<name>MaxSizeAAA</name>
</registry_object>
</objects>
<states>
<registry_state
id="oval:gov.nist.fdcc.xp:ste:4111"
version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<value>524288</value>
</registry_state>
</states>
================================
results.xml
<tests>
<test check="all"
check_existence="only_one_exists" result="false"
test_id="oval:gov.nist.fdcc.xp:tst:2333" version="1">
<tested_item
item_id="1" result="not evaluated"/>
</test>
<registry_item id="1" status="does not exist"
xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows">
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SYSTEM\CurrentControlSet\Services\Eventlog\Application</key>
<name
status="does not exist">MaxSizeAAA</name>
</registry_item>
Com
o Novo Internet Explorer 8 suas abas se organizam por cor. Baixe agora, é grátis!
To unsubscribe, send an email message to
[hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the
message. If you have difficulties, write to
[hidden email].
To unsubscribe, send an email message to
[hidden email] with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message. If you have difficulties, write to
[hidden email].
