A list for people interested in developing the OVAL language.
View all threadsI need to confirm my understanding of when an item should be created and when not.
Given a file_object with a path and file_name is nil.
If the path in the file_object does not exist on the system, no item should be created.
Some tools and content authors assert that an item should be created with a status of "does not exist."
The confusion comes from the OVAL Language Specification. In section 5.2.4.4, for the "does not exist" status, in the same cell of the table says both:
-- This value MUST be used when the OVAL Item is not found on the system being examined. --
and
-- The use of this value is optional and is only used to report a partial match. If a partial match is not being reported, the OVAL Item MUST NOT be reported in the OVAL System Characteristics. --
The 'MUST' in the first sentence appears to conflict directly with the 'MUST NOT' in the third sentence.
It appears to me that the first sentence is an echo of the same sentences for the previous two listed value enumerations ('error' and 'exists'). It is there to maintain the parallel structure of the treatment of the values. And, the second and third sentences take control if a file or path is not found on the system and no partial match happens. Thus, no item should be created.
Am I reading this correctly or do I have it backwards?
John R. Ulmer
SPAWAR Systems Center Atlantic
john.r.ulmer6.civ@mail.mil
843.218.5953
...
Hi John,
What it’s attempting to get across is that:
Does that make sense?
Basically: You’re allowed to create items that don’t exist. You’re under no obligation to create such items. Any such items must have no impact on evaluation.
—David
On Nov 29, 2016, at 1:37 PM, Ulmer, John R CIV USN SPAWARSYSCEN LANT SC (US) john.r.ulmer6.civ@mail.mil wrote:
I need to confirm my understanding of when an item should be created and when not.
Given a file_object with a path and file_name is nil.
If the path in the file_object does not exist on the system, no item should be created.
Some tools and content authors assert that an item should be created with a status of "does not exist."
The confusion comes from the OVAL Language Specification. In section 5.2.4.4, for the "does not exist" status, in the same cell of the table says both:
-- This value MUST be used when the OVAL Item is not found on the system being examined. --
and
-- The use of this value is optional and is only used to report a partial match. If a partial match is not being reported, the OVAL Item MUST NOT be reported in the OVAL System Characteristics. --
The 'MUST' in the first sentence appears to conflict directly with the 'MUST NOT' in the third sentence.
It appears to me that the first sentence is an echo of the same sentences for the previous two listed value enumerations ('error' and 'exists'). It is there to maintain the parallel structure of the treatment of the values. And, the second and third sentences take control if a file or path is not found on the system and no partial match happens. Thus, no item should be created.
Am I reading this correctly or do I have it backwards?
John R. Ulmer
SPAWAR Systems Center Atlantic
john.r.ulmer6.civ@mail.mil
843.218.5953
...
OVAL_Developer mailing list
OVAL_Developer@lists.cisecurity.org
http://lists.cisecurity.org/mailman/listinfo/oval_developer_lists.cisecurity.org
...