A list for people interested in developing the OVAL language.
View all threadsHello,
I would appreciate some advice on manipulating local_variable components.
What I am trying to achieve is:
as an input, take a variable containing some strings delimited with
commas
split the variable so that I get individual strings (commas go away)
perform some modification of each string individually
and now glue it back together so that the resulting variable is one
string
I have problem with the step 4. I managed to perform the rest but I
can't find a way how to produce a variable (string) from a variable
which has multiple values.
Is this even possible?
Here is a snippet so that you have an idea what it is about. Basically I
am trying to create a regular expression based on input variable.
<local_variable id="var_sshd_approved_ciphers_splitted"
datatype="string" version="1" comment="approved ciphers values splitted
on comma">
<split delimiter=",">
<variable_component var_ref="sshd_approved_ciphers" />
</split>
</local_variable>
<local_variable id="var_sshd_approved_ciphers_splitted_with_begining"
datatype="string" version="1" comment="bla">
<begin character="(">
<variable_component var_ref="var_sshd_approved_ciphers_splitted"/>
</begin>
</local_variable>
<local_variable
id="var_sshd_approved_ciphers_splitted_with_begining_and_end"
datatype="string" version="1" comment="bla">
<end character="(?=,\w+|$),?)?">
<variable_component
var_ref="var_sshd_approved_ciphers_splitted_with_begining"/>
</end>
</local_variable>
<local_variable id="var_sshd_approved_ciphers_splitted_and_joined"
datatype="string" version="1" comment="bla">
<concat>
<literal_component></literal_component>
<variable_component
var_ref="var_sshd_approved_ciphers_splitted_with_begining_and_end"/>
</concat>
</local_variable>
<local_variable id="var_sshd_use_approved_ciphers_final_regex"
datatype="string" version="1" comment="bla">
<concat>
<literal_component>^</literal_component>
<variable_component
var_ref="var_sshd_approved_ciphers_splitted_and_joined"/>
<literal_component>$</literal_component>
</concat>
</local_variable>
This is the result when I use this oval in Openscap:
I: oscap: Variable
'oval:ssg-var_sshd_use_approved_ciphers_final_regex:var:1' has values
"^(aes128-ctr(?=,\w+|$),?)?$", "^(aes192-ctr(?=,\w+|$),?)?$",
"^(aes256-ctr(?=,\w+|$),?)?$", "^(aes128-cbc(?=,\w+|$),?)?$",
"^(3des-cbc(?=,\w+|$),?)?$", "^(aes192-cbc(?=,\w+|$),?)?$",
"^(aes256-cbc(?=,\w+|$),?)?$",
"^(rijndael-cbc@lysator.liu.se(?=,\w+|$),?)?$".
[oscap(9756):unknown(7feb8c425880):oval_variable.c:513:_dump_variable_values]
Any ideas please?
Thank you very much.
--
Vojtech Polasek
Software engineer, security compliance
Red Hat https://www.redhat.com
Step 4 is not possible in OVAL. Everything multi-valued becomes a Cartesian product, and there is no way to re-combine multiple values into one again.
Is there an operation you can perform on the individual strings, such as: the cipher must match at least one of these patterns? It is possible to do that.
On Jan 17, 2021, at 12:38 PM, Vojtech Polasek vpolasek@redhat.com wrote:
Hello,
I would appreciate some advice on manipulating local_variable components.
What I am trying to achieve is:
as an input, take a variable containing some strings delimited with commas
split the variable so that I get individual strings (commas go away)
perform some modification of each string individually
and now glue it back together so that the resulting variable is one string
I have problem with the step 4. I managed to perform the rest but I can't find a way how to produce a variable (string) from a variable which has multiple values.
Is this even possible?
Here is a snippet so that you have an idea what it is about. Basically I am trying to create a regular expression based on input variable.
<local_variable id="var_sshd_approved_ciphers_splitted" datatype="string" version="1" comment="approved ciphers values splitted on comma">
<split delimiter=",">
<variable_component var_ref="sshd_approved_ciphers" />
</split>
</local_variable>
<local_variable id="var_sshd_approved_ciphers_splitted_with_begining" datatype="string" version="1" comment="bla">
<begin character="(">
<variable_component var_ref="var_sshd_approved_ciphers_splitted"/>
</begin>
</local_variable>
<local_variable id="var_sshd_approved_ciphers_splitted_with_begining_and_end" datatype="string" version="1" comment="bla">
<end character="(?=,\w+|$),?)?">
<variable_component var_ref="var_sshd_approved_ciphers_splitted_with_begining"/>
</end>
</local_variable>
<local_variable id="var_sshd_approved_ciphers_splitted_and_joined" datatype="string" version="1" comment="bla">
<concat>
<literal_component></literal_component>
<variable_component var_ref="var_sshd_approved_ciphers_splitted_with_begining_and_end"/>
</concat>
</local_variable>
<local_variable id="var_sshd_use_approved_ciphers_final_regex" datatype="string" version="1" comment="bla">
<concat>
<literal_component>^</literal_component>
<variable_component var_ref="var_sshd_approved_ciphers_splitted_and_joined"/>
<literal_component>$</literal_component>
</concat>
</local_variable>
This is the result when I use this oval in Openscap:
I: oscap: Variable 'oval:ssg-var_sshd_use_approved_ciphers_final_regex:var:1' has values "^(aes128-ctr(?=,\w+|$),?)?$", "^(aes192-ctr(?=,\w+|$),?)?$", "^(aes256-ctr(?=,\w+|$),?)?$", "^(aes128-cbc(?=,\w+|$),?)?$", "^(3des-cbc(?=,\w+|$),?)?$", "^(aes192-cbc(?=,\w+|$),?)?$", "^(aes256-cbc(?=,\w+|$),?)?$", "^(rijndael-cbc@lysator.liu.se(?=,\w+|$),?)?$" mailto:^(rijndael-cbc@lysator.liu.se(?=,\w+|$),?)?$. [oscap(9756):unknown(7feb8c425880):oval_variable.c:513:_dump_variable_values]
Any ideas please?
Thank you very much.
--
Vojtech Polasek
Software engineer, security compliance
Red Hat https://www.redhat.com/
vpolasek@redhat.com mailto:vpolasek@redhat.com
https://www.redhat.com/_______________________________________________
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org mailto:OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org