Hi, 
Guest
Pic
Sign In

oval_developer@lists.cisecurity.org

A list for people interested in developing the OVAL language.

View all threads

Column null values w/ ind-def:sql_test

DS
David Solin
Mon, Mar 20, 2017 7:04 PM

I’m writing to see if we can come up with a clarification in what seems to be an ambiguity in the OVAL specification regarding SQL tests.

Imagine that you are querying a database table, and some column that you want to check permits <NULL> values.  If your query returns null values, how should that be expressed?  Clearly we want to reflect the fact that there are results, but there’s no way to express a null value in an EntityItemFieldType.

The problem with just creating an item with, for instance, a status of “does not exist” is that — well — it does exist.  If you were to use a count function you’d end up getting a number that wouldn't match what the database itself would say.  But, maybe that’s not important?

Generally, this can be worked-around in the SQL query using statements like “coalesce”.  Perhaps that should be documented as a best-practice?

How do others deal with this?

Best regards,
—David Solin

David A. Solin
Co-Founder, Research & Technology
solin@jovalcm.com mailto:solin@jovalcm.com
http://jovalcm.com/
  https://www.facebook.com/jovalcm https://www.linkedin.com/company/joval-continuous-monitoring

...

I’m writing to see if we can come up with a clarification in what seems to be an ambiguity in the OVAL specification regarding SQL tests. Imagine that you are querying a database table, and some column that you want to check permits <NULL> values. If your query returns null values, how should that be expressed? Clearly we want to reflect the fact that there are results, but there’s no way to express a null value in an EntityItemFieldType. The problem with just creating an item with, for instance, a status of “does not exist” is that — well — it does exist. If you were to use a count function you’d end up getting a number that wouldn't match what the database itself would say. But, maybe that’s not important? Generally, this can be worked-around in the SQL query using statements like “coalesce”. Perhaps that should be documented as a best-practice? How do others deal with this? Best regards, —David Solin David A. Solin Co-Founder, Research & Technology solin@jovalcm.com <mailto:solin@jovalcm.com> <http://jovalcm.com/>   <https://www.facebook.com/jovalcm> <https://www.linkedin.com/company/joval-continuous-monitoring> ...
Empathy v1.0   2024 ©Harmonylists.com