The following is a description of the elements, types, and attributes that compose the tests found in Open Vulnerability and Assessment Language (OVAL) that are independent of a specific piece of software. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
The OVAL Schema is maintained by The Mitre Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
Independent Definition
5.3
6/22/2007 11:17:35 AM
schematron validation of the Independent portion of an OVAL Definitions file
The family_test element is used to check the family a certain system belongs to. This test basically allows the high level system types (window, unix, ios, etc.) to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a family_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a family_test must reference a family_object
- the state child element of a family_test must reference a family_state
The family_object element is used by a family test to define those objects to evaluate based on a specified state. There is actually only one object relating to family and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check the family will reference the same family_object which is basically an empty object element.
The family_state element contains a single entity that is used to check the family associated with the system. The family is a high-level classification of system types.
This element describes the high-level system OS type to test against. Please refer to the definition of the EntityFamilyType for more information about the possible values..
- datatype attribute for the family entity of a family_state should be 'string'
- operation attribute for the family entity of a family_state should be 'equals', 'not equal', or 'pattern match'
The file md5 test is used to check the md5 associated with a specified file. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a filemd5_object and the optional state element specifies the md5 to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
This test has been deprecated. You should use the filehash_test instead. This test will be dropped in the major release of OVAL.
- the object child element of a filemd5_test must reference a filemd5_object
- the state child element of a filemd5_test must reference a filemd5_state
The filemd5_object element is used by a file test to define the specific file(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
A file object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the Filemd5Behaviors complex type for more information about specific behaviors.
The path element specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a filemd5_object should be 'string'
- operation attribute for the path entity of a filemd5_object should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file. If the nillable attribute is set to true, then the object being specified is the higher level path. In this case, the filename element should not be collected or used in analysis. Setting nil equal to true is different than using a .* pattern match, says to collect every file under a given path.
- datatype attribute for the filename entity of a filemd5_object should be 'string'
- operation attribute for the filename entity of a filemd5_object should be 'equals', 'not equal', or 'pattern match'
The filemd5_state element contains entities that are used to check the file path, name, and the md5 associated with a specific file.
The path element specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a filemd5_state should be 'string'
- operation attribute for the path entity of a filemd5_state should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a filemd5_state should be 'string'
- operation attribute for the filename entity of a filemd5_state should be 'equals', 'not equal', or 'pattern match'
The md5 element is the md5 hash of the file.
- datatype attribute for the md5 entity of a filemd5_state should be 'string'
- operation attribute for the md5 entity of a filemd5_state should be 'equals', 'not equal', or 'pattern match'
The Filemd5Behaviors complex type defines a number of behaviors that allow a more detailed definition of the filemd5_object being specified.
'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recusion off.
'recurse_direction' defines the direction, either 'up' to parent directories, or 'down' into child directories to recursively search for files. When recursing up or down, one is limited by the max_depth behavior. Note that it is not an error if max_depth specifies a certain level of recursion and that level does not exist. Recursing should only go as deep as available. The default value is 'none' for no recursion.
The file hash test is used to check the hashes associated with a specified file. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a filehash_object and the optional state element specifies the different hashes to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a filehash_test must reference a filesha1_object
- the state child element of a filehash_test must reference a filesha1_state
The filehash_object element is used by a file hash test to define the specific file(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
A file object defines the path and filename of the file(s). In addition, a number of behaviors may be provided that help guide the collection of objects. Please refer to the FilehashBehaviors complex type for more information about specific behaviors.
The path element specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a filehash_object should be 'string'
- operation attribute for the path entity of a filehash_object should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file. If the nillable attribute is set to true, then the object being specified is the higher level path. In this case, the filename element should not be collected or used in analysis. Setting nil equal to true is different than using a .* pattern match, says to collect every file under a given path.
- datatype attribute for the filename entity of a filehash_object should be 'string'
- operation attribute for the filename entity of a filehash_object should be 'equals', 'not equal', or 'pattern match'
The filehash_state element contains entities that are used to check the file path, name, and the different hashes associated with a specific file.
The path element specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a filehash_state should be 'string'
- operation attribute for the path entity of a filehash_state should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a filehash_state should be 'string'
- operation attribute for the filename entity of a filehash_state should be 'equals', 'not equal', or 'pattern match'
The md5 element is the md5 hash of the file.
- datatype attribute for the md5 entity of a filehash_state should be 'string'
- operation attribute for the md5 entity of a filehash_state should be 'equals', 'not equal', or 'pattern match'
The sha1 element is the sha1 hash of the file.
- datatype attribute for the sha1 entity of a filehash_state should be 'string'
- operation attribute for the sha1 entity of a filehash_state should be 'equals', 'not equal', or 'pattern match'
The FilehashBehaviors complex type defines a number of behaviors that allow a more detailed definition of the filehash_object being specified.
'max_depth' defines how many directories to recurse when a recures direction is specified. The default value is '-1' meaning no limitation. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on.
'recurse_direction' defines the direction to recurse, either 'up' to parent directories, or 'down' into child directories. The default value is 'none' for no recursion.
The environmentvariable_test element is used to check an environment variable found on the system. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a environmentvariable_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of an environmentvariable_test must reference a environmentvariable_object
- the state child element of an environmentvariable_test must reference a environmentvariable_state
The environmentvariable_object element is used by an environment variable test to define the specific environment variable(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
This element describes the name of an environment variable.
- datatype attribute for the name entity of an environmentvariable_object should be 'string'
- operation attribute for the name entity of an environmentvariable_object should be 'equals', 'not equal', or 'pattern match'
The environmentvariable_state element contains two entities that are used to check the name of the specified environment varible and the value associated with it.
This element describes the name of an environment variable.
- datatype attribute for the name entity of an environmentvariable_state should be 'string'
- operation attribute for the name entity of an environmentvariable_state should be 'equals', 'not equal', or 'pattern match'
The actual value of the specified environment variable.
- the supplied operation attribute for the value entity of an environmentvariable_state is not valid given a datatype of ''
- The datatype has been set to 'int' but the value is not an integer.
The sql test is used to check information stored in a database. It is often teh case that applications store configuration settings in a database as opposed to a file. This test has been designed to enable those settings to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wmi_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a sql_test must reference a sql_object
- the state child element of a sql_test must reference a sql_state
The sql_object element is used by a sql test to define the specific database and query to be evaluated. Connection information is supplied allowing the tool to connect to the desired database and a query is supplied to call out the desired setting. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
The engine entity defines the specific database engine to use. Any tool looking to collect information about this object will need to know the engine in order to use the appropriate drivers to establish a connection.
- datatype attribute for the engine entity of an sql_object should be 'string'
- operation attribute for the engine entity of an sql_object should be 'equals'
The version entity defines the specific version of the database engine to use. This is alos important in determining the correct driver to use for establishing a connection.
- datatype attribute for the version entity of an sql_object should be 'string'
- operation attribute for the version entity of an sql_object should be 'equals'
The connection_string entity defines specific connection parameters to be used in connecting to the database. This will help a tool connect to the correct database.
- datatype attribute for the connection_string entity of an sql_object should be 'string'
- operation attribute for the connection_string entity of an sql_object should be 'equals'
The sql entity defines a query used to identify the object(s) to test against. Any valid SQL query is usable with one exception, at most one field is allowed in the SELECT portion of the query. For example SELECT name FROM ... is valid, as is SELECT 'true' FROM ..., but SELECT name, number FROM ... is not valid. This is because the result element in the data section is only designed to work against a single field.
- datatype attribute for the sql entity of a sql_object should be 'string'
- operation attribute for the sql entity of a sql_object should be 'equals'
The sql_state element contains two entities that are used to check the name of the specified environment varible and the value associated with it.
The engine entity defines a specific database engine.
- datatype attribute for the engine entity of an sql_state should be 'string'
- operation attribute for the engine entity of an sql_state should be 'equals', 'not equal', or 'pattern match'
The version entity defines a specific version of a given database engine.
- datatype attribute for the version entity of an sql_state should be 'string'
- operation attribute for the version entity of an sql_state should be 'equals', 'not equal', or 'pattern match'
The connection_string entity defines a set of parameters that help identify the connection to the database.
- datatype attribute for the connection_string entity of an sql_state should be 'string'
- operation attribute for the connection_string entity of an sql_state should be 'equals', 'not equal', or 'pattern match'
the sql entity defines a query used to identify the object(s) to test against.
- datatype attribute for the sql entity of a sql_state should be 'string'
- operation attribute for the sql entity of a sql_state should be 'equals', 'not equal', or 'pattern match'
The result entity specifies how to test objects in the result set of the specified SQL statement. Only one comparable field is allowed. So if the SQL statement look like 'SELECT name FROM ...', then a result entity with a value of 'Fred' would test the set of 'name' values returned by the SQL statement against the value 'Fred'.
- the supplied operation attribute for the result entity of a sql_state is not valid given a datatype of ''
- The datatype has been set to 'int' but the value is not an integer.
The textfilecontent_test element is used to check the contents of a text file (aka a configuration file) by looking at individual lines. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a textfilecontent_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a textfilecontent_test must reference a textfilecontent_object
- the state child element of a textfilecontent_test must reference a textfilecontent_state
The textfilecontent_object element is used by a text file content test to define the specific line(s) of a file(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
Specifies the absolute path to a file on the machine, not including the filename.
- datatype attribute for the path entity of a textfilecontent_object should be 'string'
- operation attribute for the path entity of a textfilecontent_object should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a textfilecontent_object should be 'string'
- operation attribute for the filename entity of a textfilecontent_object should be 'equals', 'not equal', or 'pattern match'
The line element represents a line in the file and is represented using a regular expression. A single subexpression can be called out using parentheses. The value of this subexpression can then be checked using a textfilecontent_state.
- datatype attribute for the line entity of a textfilecontent_object should be 'string'
- operation attribute for the line entity of a textfilecontent_object should be 'pattern match'
The textfilecontent_state element contains entities that are used to check the file path and name, as well as the line in question and the value of the specific subexpression.
Specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a textfilecontent_state should be 'string'
- operation attribute for the path entity of a textfilecontent_state should be 'equals', 'not equal', or 'pattern match'
The name of the file.
- datatype attribute for the filename entity of a textfilecontent_state should be 'string'
- operation attribute for the filename entity of a textfilecontent_state should be 'equals', 'not equal', or 'pattern match'
The line element represents a line in the file that was collected.
- datatype attribute for the line entity of a textfilecontent_state should be 'string'
- operation attribute for the line entity of a textfilecontent_state should be 'equals', or 'not equal'
Each subexpression in the regular expression of the line element is then tested against the value specified in the subexpression element.
- the supplied operation attribute for the subexpression entity of a textfilecontent_state is not valid given a datatype of ''
- The datatype has been set to 'int' but the value is not an integer.
The TextfilecontentBehaviors complex type defines a number of behaviors that allow a more detailed definition of the textfilecontentBehaviors_object being specified.
'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recusion off.
'recurse_direction' defines the direction, either 'up' to parent directories, or 'down' into child directories to recursively search for files. When recursing up or down, one is limited by the max_depth behavior. Note that it is not an error if max_depth specifies a certain level of recursion and that level does not exist. Recursing should only go as deep as available. The default value is 'none' for no recursion.
An unknown test acts as a placeholder for tests whose implementation is unknown. Any information that is known about the test should be held in the notes child element that is available through the extension of the abstract test element. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. Note that for an unknown test, the required check attribute that is part of the extended TestType should be ignored during evaluation and hence can be set to any valid value.
The variable test allows the value of a variable to be compared to a defined value. As an example one might use this test to validate that a variable being passed in from an external source falls within a specified range. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a variable_object and the optional state element specifies the value to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a variable_test must reference a variable_object
- the state child element of a variable_test must reference a variable_state
The id of the variable you want.
- datatype attribute for the var_ref entity of a variable_object should be 'string'
- operation attribute for the var_ref entity of a variable_object should be 'equals', 'not equal', or 'pattern match'
The variable_state element contains two entities that are used to check the var_ref of the specified varible and the value associated with it.
The id of the variable.
- datatype attribute for the var_ref entity of a variable_state should be 'string'
- operation attribute for the var_ref entity of a variable_state should be 'equals', 'not equal', or 'pattern match'
The value of the variable.
- the supplied operation attribute for the value entity of a variable_state is not valid given a datatype of ''
- The datatype has been set to 'int' but the value is not an integer.
The xmlfilecontent_test element is used to explore the contents of an xml file. This test basically allows specific pieces of an xml document specified using xpath to be tested. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a family_object and the optional state element specifies the metadata to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
- the object child element of a xmlfilecontent_test must reference a xmlfilecontent_object
- the state child element of a xmlfilecontent_test must reference a xmlfilecontent_state
The xmlfilecontent_object element is used by a xml file content test to define the specific piece of an xml file(s) to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
Specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a xmlfilecontent_object should be 'string'
- operation attribute for the path entity of a xmlfilecontent_object should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a xmlfilecontent_object should be 'string'
- operation attribute for the filename entity of a xmlfilecontent_object should be 'equals', 'not equal', or 'pattern match'
Specifies an Xpath expression describing the nodes to look at. The only valid operator for xpath is equals since there is an infinite number of possible xpaths and determinining all those that do not equal a give xpath would be impossible.
- datatype attribute for the xpath entity of a xmlfilecontent_object should be 'string'
- operation attribute for the xpath entity of a xmlfilecontent_object should be 'equals'
The xmlfilecontent_state element contains entities that are used to check the file path and name, as well as the xpath used and the value of the this xpath.
Specifies the absolute path to a file on the machine.
- datatype attribute for the path entity of a xmlfilecontent_state should be 'string'
- operation attribute for the path entity of a xmlfilecontent_state should be 'equals', 'not equal', or 'pattern match'
The filename element specifies the name of the file.
- datatype attribute for the filename entity of a xmlfilecontent_state should be 'string'
- operation attribute for the filename entity of a xmlfilecontent_state should be 'equals', 'not equal', or 'pattern match'
Specifies an Xpath expression describing the nodes to look at.
- datatype attribute for the xpath entity of a xmlfilecontent_state should be 'string'
- operation attribute for the xpath entity of a xmlfilecontent_state should be 'equals', or 'not equal'
The value element checks the value of the nodes found.
- datatype attribute for the value_of entity of a xmlfilecontent_state should be 'string'
- operation attribute for the value_of entity of a xmlfilecontent_state should be 'equals', 'not equal', or 'pattern match'
The XmlfilecontentBehaviors complex type defines a number of behaviors that allow a more detailed definition of the xmlfilecontentBehaviors_object being specified.
'max_depth' defines the maximum depth of recursion to perform when a recurse_direction is specified. A value of '0' is equivalent to no recursion, '1' means to step only one directory level up/down, and so on. The default value is '-1' meaning no limitation. Note that the default recurse_direction behavior is 'none' so even though max_depth specifies no limitation by default, the recurse_direction behavior turns recusion off.
'recurse_direction' defines the direction, either 'up' to parent directories, or 'down' into child directories to recursively search for files. When recursing up or down, one is limited by the max_depth behavior. Note that it is not an error if max_depth specifies a certain level of recursion and that level does not exist. Recursing should only go as deep as available. The default value is 'none' for no recursion.
The EntityObjectEngineType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a valid database engine. The empty string is also allowed to support empty emlement associated with variable references.
The EntityStateEngineType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a valid database engine. The empty string is also allowed to support empty emlement associated with variable references.
The EntityStateFamilyType complex type defines a string entity value that is restricted to a set of enumerations. Each valid enumeration is a high-level family of system operating system. The empty string is also allowed to support empty emlement associated with variable references.
The EntityObjectVariableRefType complex type defines a string object entity that has a valid OVAL variable id as the value. The empty string is also allowed to support empty emlement associated with variable references.
The EntityStateVariableRefType complex type defines a string state entity that has a valid OVAL variable id as the value. The empty string is also allowed to support empty emlement associated with variable references.