I need to confirm my understanding of when an item should be created and when not. Given a file_object with a path and file_name is nil. If the path in the file_object does not exist on the system, no item should be created. Some tools and content authors assert that an item should be created with a status of "does not exist." The confusion comes from the OVAL Language Specification. In section 5.2.4.4, for the "does not exist" status, in the same cell of the table says both: -- This value MUST be used when the OVAL Item is not found on the system being examined. -- and -- The use of this value is optional and is only used to report a partial match. If a partial match is not being reported, the OVAL Item MUST NOT be reported in the OVAL System Characteristics. -- The 'MUST' in the first sentence appears to conflict directly with the 'MUST NOT' in the third sentence. It appears to me that the first sentence is an echo of the same sentences for the previous two listed value enumerations ('error' and 'exists'). It is there to maintain the parallel structure of the treatment of the values. And, the second and third sentences take control if a file or path is not found on the system and no partial match happens. Thus, no item should be created. Am I reading this correctly or do I have it backwards? Thanks, ----------------------------------------- John R. Ulmer SPAWAR Systems Center Atlantic john.r.ulmer6.civ@mail.mil 843.218.5953 ...

Hi John, What it’s attempting to get across is that: 1) you should only use “does not exist” when reporting a partial match (i.e., in the context of reporting one) 2) reporting partial matches is optional Does that make sense? Basically: You’re allowed to create items that don’t exist. You’re under no obligation to create such items. Any such items must have no impact on evaluation. —David > On Nov 29, 2016, at 1:37 PM, Ulmer, John R CIV USN SPAWARSYSCEN LANT SC (US) <john.r.ulmer6.civ@mail.mil> wrote: > > I need to confirm my understanding of when an item should be created and when not. > > Given a file_object with a path and file_name is nil. > If the path in the file_object does not exist on the system, no item should be created. > > Some tools and content authors assert that an item should be created with a status of "does not exist." > > The confusion comes from the OVAL Language Specification. In section 5.2.4.4, for the "does not exist" status, in the same cell of the table says both: > > -- This value MUST be used when the OVAL Item is not found on the system being examined. -- > > and > > -- The use of this value is optional and is only used to report a partial match. If a partial match is not being reported, the OVAL Item MUST NOT be reported in the OVAL System Characteristics. -- > > The 'MUST' in the first sentence appears to conflict directly with the 'MUST NOT' in the third sentence. > > It appears to me that the first sentence is an echo of the same sentences for the previous two listed value enumerations ('error' and 'exists'). It is there to maintain the parallel structure of the treatment of the values. And, the second and third sentences take control if a file or path is not found on the system and no partial match happens. Thus, no item should be created. > > Am I reading this correctly or do I have it backwards? > > Thanks, > ----------------------------------------- > John R. Ulmer > SPAWAR Systems Center Atlantic > john.r.ulmer6.civ@mail.mil > 843.218.5953 > > > ... > > _______________________________________________ > OVAL_Developer mailing list > OVAL_Developer@lists.cisecurity.org > http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org ...