#5 Objects with no object_reference don't get split properly

open
nobody
7
2011-12-20
2011-12-20
Matthew Hansbury
No

An object with no object_reference doesn't get split out properly. See the following email from Guarav Kumar:

I apologize for spamming. But I think I've found the fix to the problem. By adding below xpath code, I am able to extract registry objects or more generally, any objects which don't refer to any other objects.

$definitionDoc//oval-def:objects/child::*[@id = $inputId]/descendant::*/.

Thanks,

On Tue, Dec 20, 2011 at 12:16 AM, Gaurav Kumar <gk@pivotalsecurity.com> wrote:

I did some more research and would like to provide more details.

The issue arises when objects do not have any "object_reference" element. For example- oval:org.mitre.oval:obj:16243

When objects do have "object_reference" element, for example oval:org.mitre.oval:obj:16179, the splitting works just fine.

I think it has got to something with extract.item.by.id.xsl XPATH expression which is being used to extract element information.

I am researching more to see if I can fix it, but meanwhile if you have any guidance available, please let me know.

Thanks,

On Sat, Dec 17, 2011 at 6:58 PM, Gaurav Kumar <gk@pivotalsecurity.com> wrote:

Hi all,

Just thought of letting you know that there might be an issue with OVAL splitter <http://sourceforge.net/projects/ovalutils/files/oval_splitter/oval_splitter_v1.0/> .

If I split Windows 7 vulnerability definition file (oval 5.9 version) into objects , OVAL splitter doesn’t create most of the registry objects files. I am attaching observed and expected files. I downloaded the expected file from MITRE’s OVAL repository.

Thanks,

---

Gaurav Kumar

Chief Security Consultant| Pivotal Security LLC | gk@pivotalsecurity.com <mailto:gk@pivotalsecurity.com> | Phone: +1(425)686-9695 <tel:%2B1%28425%29686-9695>

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: gk@pivotalsecurity.com | Phone:(425)686-9695 <tel:%28425%29686-9695>

--

Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: gk@pivotalsecurity.com | Phone:(425)686-9695

Discussion