Making Security Measurable › OVAL › OVAL Developer's Forum

help to parsing local_biarable in scap-rhel5-oval.xml

3 messages Options
Embed this post
Permalink
Xiang Yu

help to parsing local_biarable in scap-rhel5-oval.xml

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)
help to parsing local_biarable in scap-rhel5-oval.xml

Hi everybody:

I am writing a tool to parse oval definition file  scap-rhel5-oval.xml, however there are a lot local variables with item_field="subexpression" and refer to objects without element as "subexpression". The following is an example, who can tell me how this exactly works out? Or is this just an error in government documents ? It looks like " subexpression" should be "pattern".

I also wonder is there anyone using this definition file scap-rhel5-oval.xml ? And what tool are you using to scan?

Thanks a lot

-- Xiang


<local_variable comment="Group_id for group name slocate" version="1" id="oval:gov.irs.rhel5:var:1" datatype="string" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">

  <object_component object_ref="oval:gov.irs.rhel5:obj:51" item_field="subexpression" />

</local_variable>

<textfilecontent54_object version="1" id="oval:gov.irs.rhel5:obj:51" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">

  <path>/etc</path>

        <filename>passwd</filename>

        <pattern operation="pattern match">^slocate:.*:.*:([0-9]*):</pattern>

        <instance operation="greater than or equal" datatype="int">1</instance>

</textfilecontent54_object>













To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Danny Haynes

Re: help to parsing local_biarable in scap-rhel5-oval.xml

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)
help to parsing local_biarable in scap-rhel5-oval.xml

Hi Xiang,

 

The example OVAL content that you have provided below is valid. The reason for this is because the object_component references the subexpression item_field of the textfilecontent_items that are referenced by the textfilecontent54_object and not the actual elements of the textfilecontent54_object. The objects in an OVAL definition specify operations and values for each of its elements that are in turn used to guide the collection of items. For example, if an OVAL interpreter was to collect the textfilecontent54_object specified below it would collect all of the items that have a path equal to “/etc”, a filename equal to “passwd”, and any instance of a string, in the specified text file, that matches the regular expression “^slocate:.*:.*:([0-9]*):”. Each collected textfilecontent_item will also have a line (this is not used in the textfilecontent54_test), text, and zero or more subexpression elements associated with it. Please see the independent-system-characteristics-schema at http://oval.mitre.org/language/download/schema/version5.6/ovalsc/complete/independent-system-characteristics-schema.xsd for more information on the textfilecontent_item.

 

Unfortunately, you will not be able to access the textfilecontent_items, which contain the subexpression element, by parsing an OVAL definition as they are collected, and placed in the system-characteristics file, after an OVAL definition has been parsed and fed through an OVAL interpreter. I have also attached a sample OVAL definition, system-characteristics, and results file so that you can see the relationship between objects and items.

 

As far as who is using the scap-rhel5-oval.xml definition, I am not sure. However, other members of the OVAL Community may know.  Also, there are many tools that you can choose from. There are OVAL-Compatible vendor tools which can be found at http://oval.mitre.org/compatible/compatible.html, and there is a reference implementation OVAL interpreter, which is open source, that can be found at http://sourceforge.net/projects/ovaldi/.  Please let me know if you have any other questions.

Thanks,

Danny

 

 

From: Xiang Yu [mailto:[hidden email]]
Sent: Wednesday, November 04, 2009 1:28 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: [OVAL-DEVELOPER-LIST] help to parsing local_biarable in scap-rhel5-oval.xml

 

Hi everybody:

I am writing a tool to parse oval definition file  scap-rhel5-oval.xml, however there are a lot local variables with item_field="subexpression" and refer to objects without element as "subexpression". The following is an example, who can tell me how this exactly works out? Or is this just an error in government documents ? It looks like " subexpression" should be "pattern".

I also wonder is there anyone using this definition file scap-rhel5-oval.xml ? And what tool are you using to scan?

Thanks a lot

-- Xiang

 

<local_variable comment="Group_id for group name slocate" version="1" id="oval:gov.irs.rhel5:var:1" datatype="string" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">

  <object_component object_ref="oval:gov.irs.rhel5:obj:51" item_field="subexpression" />

</local_variable>

<textfilecontent54_object version="1" id="oval:gov.irs.rhel5:obj:51" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">

  <path>/etc</path>

        <filename>passwd</filename>

        <pattern operation="pattern match">^slocate:.*:.*:([0-9]*):</pattern>

        <instance operation="greater than or equal" datatype="int">1</instance>

</textfilecontent54_object>












To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
<?xml version="1.0" encoding="UTF-8"?>
<oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">
    <generator>
        <oval:schema_version>5.6</oval:schema_version>
        <oval:timestamp>2009-01-12T10:41:00-05:00</oval:timestamp>
    </generator>
    <definitions>
        <definition id="oval:test:def:1" version="1" class="miscellaneous">
            <metadata>
                <title>Evaluate to true if the text file 'C:\sample.txt' contains text that matches the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'.</title>
                <description>This definition is intended to evalutate to true if the text file 'C:\sample.txt' contains at least one instance of a string that matches the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'.</description>
            </metadata>
            <criteria operator="AND">
                <criterion comment="Check if the text file 'C:\sample.txt' contains a string that matches the pattern ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'." test_ref="oval:test:tst:1"/>
            </criteria>
        </definition>
    </definitions>
    <tests>
        <textfilecontent54_test id="oval:test:tst:1" comment="Check if the text file 'C:\sample.txt' contains a string that matches the pattern ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'." version="1" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
            <object object_ref="oval:test:obj:1"/>
            <state state_ref="oval:test:ste:1"/>
        </textfilecontent54_test>
    </tests>
    <objects>
        <textfilecontent54_object id="oval:test:obj:1" version="1" comment="Collect any textfilecontent_items that have a path equal to 'C:\', filename equal to 'sample.txt', and any instance of a string that matches the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
            <path>C:\</path>
            <filename>sample.txt</filename>
            <pattern operation="pattern match">:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
            <instance datatype="int" operation="greater than or equal">1</instance>
        </textfilecontent54_object>
    </objects>
    <states>
        <textfilecontent54_state id="oval:test:ste:1" version="1" comment="This state matches any textfilecontent_item that has a filepath equal to 'C:\sample.txt', a path equal to 'C:\', a filename equal to 'sample.txt', a pattern equal to the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):', an instance value greater than or equal to '1', a text value that matches the regular expression '.*', and a subexpression value that matches the regular expression '.*'" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
            <filepath>C:\sample.txt</filepath>
            <path>C:\</path>
            <filename>sample.txt</filename>
            <pattern>:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
            <instance datatype="int" operation="greater than or equal">1</instance>
            <text operation="pattern match">.*</text>
            <subexpression operation="pattern match" entity_check="all">.*</subexpression>
        </textfilecontent54_state>
    </states>
</oval_definitions>
:abcd:23432:abcd:
:123:xyz:123:
:12345:qwerty:09876:
:wxyz:1234567890:wxyz:
:abcd:5678:wxyz:
:646464:UEMoPkzW:12324:
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<oval_system_characteristics xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xmlns:ind-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5 oval-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent independent-system-characteristics-schema.xsd">

  <generator>
    <oval:product_name>OVAL Definition Interpreter</oval:product_name>
    <oval:product_version>5.6 Build: 3</oval:product_version>
    <oval:schema_version>5.6</oval:schema_version>
    <oval:timestamp>2009-11-10T09:20:49</oval:timestamp>
    <vendor>The MITRE Corporation</vendor>
  </generator>

  <system_info>
    <os_name>Microsoft Windows XP Professional Service Pack 3</os_name>
    <os_version>5.1.2600</os_version>
    <architecture>INTEL32</architecture>
    <primary_host_name>some_computer_host_name</primary_host_name>
    <interfaces>
      <interface>
        <interface_name>Dell Wireless 1505 Draft 802.11n WLAN Mini-Card - Teefer2 Miniport</interface_name>
        <ip_address>some_ip_address</ip_address>
        <mac_address>some_mac_address</mac_address>
      </interface>
      <interface>
        <interface_name>Broadcom NetXtreme 57xx Gigabit Controller - Teefer2 Miniport</interface_name>
        <ip_address>some_ip_address</ip_address>
        <mac_address>some_mac_address</mac_address>
      </interface>
    </interfaces>
  </system_info>

  <collected_objects>
    <object comment="Collect any textfilecontent_items that have a path equal to 'C:\', filename equal to 'sample.txt', and any instance of a string that matches the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'." flag="complete" id="oval:test:obj:1" version="1">
      <reference item_ref="1"/>
      <reference item_ref="2"/>
      <reference item_ref="3"/>
    </object>
  </collected_objects>

  <system_data>
    <textfilecontent_item id="1" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
      <filepath>C:\sample.txt</filepath>
      <path>C:\</path>
      <filename>sample.txt</filename>
      <pattern>:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
      <instance datatype="int">1</instance>
      <text>:abcd:23432:abcd:</text>
      <subexpression>abcd</subexpression>
      <subexpression>23432</subexpression>
      <subexpression>abcd</subexpression>
    </textfilecontent_item>
    <textfilecontent_item id="2" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
      <filepath>C:\sample.txt</filepath>
      <path>C:\</path>
      <filename>sample.txt</filename>
      <pattern>:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
      <instance datatype="int">2</instance>
      <text>:wxyz:1234567890:wxyz:</text>
      <subexpression>wxyz</subexpression>
      <subexpression>1234567890</subexpression>
      <subexpression>wxyz</subexpression>
    </textfilecontent_item>
    <textfilecontent_item id="3" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
      <filepath>C:\sample.txt</filepath>
      <path>C:\</path>
      <filename>sample.txt</filename>
      <pattern>:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
      <instance datatype="int">3</instance>
      <text>:abcd:5678:wxyz:</text>
      <subexpression>abcd</subexpression>
      <subexpression>5678</subexpression>
      <subexpression>wxyz</subexpression>
    </textfilecontent_item>
  </system_data>

</oval_system_characteristics>

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<oval_results xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-res="http://oval.mitre.org/XMLSchema/oval-results-5" xmlns:oval-sc="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5 oval-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-results-5 oval-results-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent independent-system-characteristics-schema.xsd">

  <generator>
    <oval:product_name>OVAL Definition Interpreter</oval:product_name>
    <oval:product_version>5.6 Build: 3</oval:product_version>
    <oval:schema_version>5.6</oval:schema_version>
    <oval:timestamp>2009-11-10T09:20:49</oval:timestamp>
    <vendor>The MITRE Corporation</vendor>
  </generator>

  <directives>
    <definition_true content="full" reported="true"/>
    <definition_false content="full" reported="true"/>
    <definition_unknown content="full" reported="true"/>
    <definition_error content="full" reported="true"/>
    <definition_not_evaluated content="full" reported="true"/>
    <definition_not_applicable content="full" reported="true"/>
  </directives>

  <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
    <generator>
        <oval:schema_version xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">5.6</oval:schema_version>
        <oval:timestamp xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">2009-01-12T10:41:00-05:00</oval:timestamp>
    </generator>
    <definitions>
        <definition class="miscellaneous" id="oval:test:def:1" version="1">
            <metadata>
                <title>Evaluate to true if the text file 'C:\sample.txt' contains text that matches the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'.</title>
                <description>This definition is intended to evalutate to true if the text file 'C:\sample.txt' contains at least one instance of a string that matches the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'.</description>
            </metadata>
            <criteria operator="AND">
                <criterion comment="Check if the text file 'C:\sample.txt' contains a string that matches the pattern ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'." test_ref="oval:test:tst:1"/>
            </criteria>
        </definition>
    </definitions>
    <tests>
        <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="at least one" check_existence="at_least_one_exists" comment="Check if the text file 'C:\sample.txt' contains a string that matches the pattern ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'." id="oval:test:tst:1" version="1">
            <object object_ref="oval:test:obj:1"/>
            <state state_ref="oval:test:ste:1"/>
        </textfilecontent54_test>
    </tests>
    <objects>
        <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Collect any textfilecontent_items that have a path equal to 'C:\', filename equal to 'sample.txt', and any instance of a string that matches the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'." id="oval:test:obj:1" version="1">
            <path>C:\</path>
            <filename>sample.txt</filename>
            <pattern operation="pattern match">:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
            <instance datatype="int" operation="greater than or equal">1</instance>
        </textfilecontent54_object>
    </objects>
    <states>
        <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="This state matches any textfilecontent_item that has a path equal to 'C:\', filename equal to 'sample.txt', pattern equal to the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):', an instance value greater than or equal to '1', a text value that matches the regular expression '.*', and a subexpression value that matches the regular expression '.*'" id="oval:test:ste:1" version="1">
            <filepath>C:\sample.txt</filepath>
            <path>C:\</path>
            <filename>sample.txt</filename>
            <pattern>:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
            <instance datatype="int" operation="greater than or equal">1</instance>
            <text operation="pattern match">.*</text>
            <subexpression entity_check="all" operation="pattern match">.*</subexpression>
        </textfilecontent54_state>
    </states>
</oval_definitions>  <results>
    <system>
      <definitions>
        <definition definition_id="oval:test:def:1" result="true" version="1">
          <criteria operator="AND" result="true">
            <criterion result="true" test_ref="oval:test:tst:1" version="1"/>
          </criteria>
        </definition>
      </definitions>
      <tests>
        <test check="at least one" check_existence="at_least_one_exists" result="true" state_operator="AND" test_id="oval:test:tst:1" version="1">
          <tested_item item_id="3" result="true"/>
          <tested_item item_id="2" result="true"/>
          <tested_item item_id="1" result="true"/>
        </test>
      </tests>
      <oval_system_characteristics xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5">
        <generator>
          <oval:product_name>OVAL Definition Interpreter</oval:product_name>
          <oval:product_version>5.6 Build: 3</oval:product_version>
          <oval:schema_version>5.6</oval:schema_version>
          <oval:timestamp>2009-11-10T09:20:49</oval:timestamp>
          <vendor>The MITRE Corporation</vendor>
        </generator>
        <system_info>
          <os_name>Microsoft Windows XP Professional Service Pack 3</os_name>
          <os_version>5.1.2600</os_version>
          <architecture>INTEL32</architecture>
          <primary_host_name>some_computer_host_name</primary_host_name>
          <interfaces>
            <interface>
              <interface_name>Dell Wireless 1505 Draft 802.11n WLAN Mini-Card - Teefer2 Miniport</interface_name>
              <ip_address>some_ip_address</ip_address>
              <mac_address>some_mac_address</mac_address>
            </interface>
            <interface>
              <interface_name>Broadcom NetXtreme 57xx Gigabit Controller - Teefer2 Miniport</interface_name>
              <ip_address>some_ip_address</ip_address>
              <mac_address>some_mac_address</mac_address>
            </interface>
          </interfaces>
        </system_info>
        <collected_objects>
          <object comment="Collect any textfilecontent_items that have a path equal to 'C:\', filename equal to 'sample.txt', and any instance of a string that matches the regular expression ':([a-zA-Z]*):([0-9]*):([a-zA-Z]*):'." flag="complete" id="oval:test:obj:1" version="1">
            <reference item_ref="1"/>
            <reference item_ref="2"/>
            <reference item_ref="3"/>
          </object>
        </collected_objects>
        <system_data>
          <textfilecontent_item id="1" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
            <filepath>C:\sample.txt</filepath>
            <path>C:\</path>
            <filename>sample.txt</filename>
            <pattern>:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
            <instance datatype="int">1</instance>
            <text>:abcd:23432:abcd:</text>
            <subexpression>abcd</subexpression>
            <subexpression>23432</subexpression>
            <subexpression>abcd</subexpression>
          </textfilecontent_item>
          <textfilecontent_item id="2" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
            <filepath>C:\sample.txt</filepath>
            <path>C:\</path>
            <filename>sample.txt</filename>
            <pattern>:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
            <instance datatype="int">2</instance>
            <text>:wxyz:1234567890:wxyz:</text>
            <subexpression>wxyz</subexpression>
            <subexpression>1234567890</subexpression>
            <subexpression>wxyz</subexpression>
          </textfilecontent_item>
          <textfilecontent_item id="3" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent">
            <filepath>C:\sample.txt</filepath>
            <path>C:\</path>
            <filename>sample.txt</filename>
            <pattern>:([a-zA-Z]*):([0-9]*):([a-zA-Z]*):</pattern>
            <instance datatype="int">3</instance>
            <text>:abcd:5678:wxyz:</text>
            <subexpression>abcd</subexpression>
            <subexpression>5678</subexpression>
            <subexpression>wxyz</subexpression>
          </textfilecontent_item>
        </system_data>
      </oval_system_characteristics>
    </system>
  </results>

</oval_results>
Xiang Yu

Re: help to parsing local_biarable in scap-rhel5-oval.xml

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)
help to parsing local_biarable in scap-rhel5-oval.xml

Hi Danny:

 

The example makes it very clear.  It helps a lot.

Thank you very much

 

-- Xiang

 

From: Haynes, Dan [mailto:[hidden email]]
Sent: Tuesday, November 10, 2009 9:41 AM
To: [hidden email]
Subject: Re: [OVAL-DEVELOPER-LIST] help to parsing local_biarable in scap-rhel5-oval.xml

 

Hi Xiang,

 

The example OVAL content that you have provided below is valid. The reason for this is because the object_component references the subexpression item_field of the textfilecontent_items that are referenced by the textfilecontent54_object and not the actual elements of the textfilecontent54_object. The objects in an OVAL definition specify operations and values for each of its elements that are in turn used to guide the collection of items. For example, if an OVAL interpreter was to collect the textfilecontent54_object specified below it would collect all of the items that have a path equal to “/etc”, a filename equal to “passwd”, and any instance of a string, in the specified text file, that matches the regular expression “^slocate:.*:.*:([0-9]*):”. Each collected textfilecontent_item will also have a line (this is not used in the textfilecontent54_test), text, and zero or more subexpression elements associated with it. Please see the independent-system-characteristics-schema at http://oval.mitre.org/language/download/schema/version5.6/ovalsc/complete/independent-system-characteristics-schema.xsd for more information on the textfilecontent_item.

 

Unfortunately, you will not be able to access the textfilecontent_items, which contain the subexpression element, by parsing an OVAL definition as they are collected, and placed in the system-characteristics file, after an OVAL definition has been parsed and fed through an OVAL interpreter. I have also attached a sample OVAL definition, system-characteristics, and results file so that you can see the relationship between objects and items.

 

As far as who is using the scap-rhel5-oval.xml definition, I am not sure. However, other members of the OVAL Community may know.  Also, there are many tools that you can choose from. There are OVAL-Compatible vendor tools which can be found at http://oval.mitre.org/compatible/compatible.html, and there is a reference implementation OVAL interpreter, which is open source, that can be found at http://sourceforge.net/projects/ovaldi/.  Please let me know if you have any other questions.

Thanks,

Danny

 

 

From: Xiang Yu [mailto:[hidden email]]
Sent: Wednesday, November 04, 2009 1:28 PM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: [OVAL-DEVELOPER-LIST] help to parsing local_biarable in scap-rhel5-oval.xml

 

Hi everybody:

I am writing a tool to parse oval definition file  scap-rhel5-oval.xml, however there are a lot local variables with item_field="subexpression" and refer to objects without element as "subexpression". The following is an example, who can tell me how this exactly works out? Or is this just an error in government documents ? It looks like " subexpression" should be "pattern".

I also wonder is there anyone using this definition file scap-rhel5-oval.xml ? And what tool are you using to scan?

Thanks a lot

-- Xiang

 

<local_variable comment="Group_id for group name slocate" version="1" id="oval:gov.irs.rhel5:var:1" datatype="string" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">

  <object_component object_ref="oval:gov.irs.rhel5:obj:51" item_field="subexpression" />

</local_variable>

<textfilecontent54_object version="1" id="oval:gov.irs.rhel5:obj:51" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">

  <path>/etc</path>

        <filename>passwd</filename>

        <pattern operation="pattern match">^slocate:.*:.*:([0-9]*):</pattern>

        <instance operation="greater than or equal" datatype="int">1</instance>

</textfilecontent54_object>











To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Free Embeddable Forum Powered by Nabble Help