[OVAL DEVELOPER] Proposal: x-win-def:junction_test

David Solin solin at jovalcm.com
Thu Mar 10 09:49:22 EST 2016


Along these lines, we should also deprecate the FILE_ATTRIBUTE_DIRECTORY entry in the Entity{State/Item]FileTypeType (the win-sc:file_item/type should instead have a “does not exist” flag for directories), and we should add a separate entity (minOccurs=0, maxOccurs=unlimited) to hold the file attributes, making this new entity an enumerated type that contains all the possible attribute values.

This may have a minimal impact on existing content.  Searching through the repository, I found no instances of FILE_ATTRIBUTE_DIRECTORY in any of the existing states.

I will create a hypothetical 5.11.1:1.2 version of the Windows schema to illustrate these changes…

David A. Solin
Co-Founder, Research & Technology
solin at jovalcm.com <mailto:solin at jovalcm.com>
 <http://jovalcm.com/>
  <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring>
> On Mar 9, 2016, at 2:44 PM, David Solin <solin at jovalcm.com> wrote:
> 
> Hi Everyone,
> 
> I’m working on a new test for Windows junctions (similar to Unix symlinks) that’s analogous to the unix-def:symlink_test.  Please see the attached schema and test content.
> 
> I’d also like to add a @recurse attribute to win-def:FileBehaviors, with the options “directories”, “junctions and directories”, “junctions” (default of “directories”).
> 
> Any questions, comments, or thoughts?
> 
> Thanks,
> —David Solin
> 
> David A. Solin
> Co-Founder, Research & Technology
> solin at jovalcm.com <mailto:solin at jovalcm.com>
>  <http://jovalcm.com/>
>   <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring><x-windows-system-characteristics-schema.xsd>
> <win-def_junction_test.xml>


...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cisecurity.org/pipermail/oval_developer_lists.cisecurity.org/attachments/20160310/a9daa917/attachment-0002.html>


More information about the OVAL_Developer mailing list