An object with no object_reference doesn't get split out properly. See the following email from Guarav Kumar:
I apologize for spamming. But I think I've found the fix to the problem. By adding below xpath code, I am able to extract registry objects or more generally, any objects which don't refer to any other objects.
$definitionDoc//oval-def:objects/child::*[@id = $inputId]/descendant::*/.
Thanks,
On Tue, Dec 20, 2011 at 12:16 AM, Gaurav Kumar <gk@pivotalsecurity.com> wrote:
I did some more research and would like to provide more details.
The issue arises when objects do not have any "object_reference" element. For example- oval:org.mitre.oval:obj:16243
When objects do have "object_reference" element, for example oval:org.mitre.oval:obj:16179, the splitting works just fine.
I think it has got to something with extract.item.by.id.xsl XPATH expression which is being used to extract element information.
I am researching more to see if I can fix it, but meanwhile if you have any guidance available, please let me know.
Thanks,
On Sat, Dec 17, 2011 at 6:58 PM, Gaurav Kumar <gk@pivotalsecurity.com> wrote:
Hi all,
Just thought of letting you know that there might be an issue with OVAL splitter <http://sourceforge.net/projects/ovalutils/files/oval_splitter/oval_splitter_v1.0/> .
If I split Windows 7 vulnerability definition file (oval 5.9 version) into objects , OVAL splitter doesn’t create most of the registry objects files. I am attaching observed and expected files. I downloaded the expected file from MITRE’s OVAL repository.
Thanks,
---
Gaurav Kumar
Chief Security Consultant| Pivotal Security LLC | gk@pivotalsecurity.com <mailto:gk@pivotalsecurity.com> | Phone: +1(425)686-9695 <tel:%2B1%28425%29686-9695>
--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: gk@pivotalsecurity.com | Phone:(425)686-9695 <tel:%28425%29686-9695>
--
Gaurav Kumar
Chief Security Consultant, Pivotal Security LLC | Email: gk@pivotalsecurity.com | Phone:(425)686-9695