Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#228 [PATCH] Version on collected object not set if error occurs

Version 5.10.1
closed-fixed
nobody
5
2012-08-17
2012-08-17
No

When ovaldi 5.10.1.2 fails to to resolve a problem using ObjectFactory::GetObjectById(objectId) in AbsObjectCollector.cpp, a CollectedObject is generated, but the version on it is not set properly. This seems to violate the OVAL specification stating:

> The required version attribute is the specific version of the global OVAL Object that was used by the data collection engine. The version is necessary so > that analysis using a system characteristics file knows exactly what was collected.

Given that the collection process aborted due to the error, the specification may still be implemented, but I would assume that even if an error occurs, the system characteristics file should know exactly what failed.

Discussion

  • Added a patch resolving the problem via an explicit version lookup in the DOM before calling ObjectFactory::GetObjectById(objectId).

     
    • summary: Version on collected object not set if error occurs --> [PATCH] Version on collected object not set if error occurs
     
  • "Fails to resolve a problem" in the description should be "Fails to resolve an object" ;)

     
    • status: open --> closed-fixed
     
  • I've committed a slight variant of your patch. I think it's kind of a
    hack; the real issue is that "ObjectFactory::GetObjectById(objectId);"
    does too much. Instead of just pulling info out of the definition and
    setting up a data structure, it actually partially "runs" the definition
    (e.g. evaluates a variable). Then if that fails, all of the data
    structure creation fails and you lose everything about the object that
    would have been created. So it's unavailable to put into the collected
    object. You really shouldn't have to peek into the definition to get
    the version ahead of time, because you might lose it later. If you
    decided you wanted to copy more than just the version into the collected
    object, you'd have to peek in and get whatever else you wanted too (e.g.
    the comment). And you wind up with a lot of code that would go into
    creating the object being copy-pasted before actual object creation
    occurs, so you don't lose it. Anyway... your patch did the minimal job
    with minimal code changes, so I've incorporated it.