Hello, Here are few more issues related the file_test: 1. Incorrect item collected by OpenSCAP 1.2.10
Given the following object: <unix:file_object id="oval:nist.validation.macosFileTest:obj:185" xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; comment="@recurse='symlinks and directories'" version="1"> <unix:behaviors max_depth="1" recurse_file_system="local" recurse_direction="down"/> <unix:path operation="equals" datatype="string">/scapVal/File-Test-Level2</unix:path> <unix:filename operation="pattern match">.+</unix:filename> </unix:file_object> and the following folder structure: /scapVal/File-Test-Level2 drwxr-xr-x. 2 root root 6 Feb 28 15:46 Level3-Folder020 drwxr-xr-x. 2 root root 6 Feb 28 15:46 Level3-Folder030 drwxr-xr-x. 2 root root 6 Feb 28 15:46 Level3-Folder050 drwxr-xr-x. 3 root root 54 Feb 28 15:46 Level3-Folder010 drwxr-xr-x. 3 root root 29 Feb 28 15:46 Level4-Folder011 -rw-r--r--. 1 root root 49 Feb 28 15:46 Level3-File010.txt drwxr-xr-x. 2 root root 30 Feb 28 15:46 Level3-Folder040 OpenSCAP collects two items: <unix-sys:file_item id="14726417" status="exists"> <unix-sys:filepath>/scapVal/File-Test-Level2/Level3-Folder010/Level3-File010.txt</unix-sys:filepath> <unix-sys:path>/scapVal/File-Test-Level2/Level3-Folder010</unix-sys:path> <unix-sys:filename>Level3-File010.txt</unix-sys:filename> <unix-sys:type>regular</unix-sys:type> … </unix-sys:file_item> <unix-sys:file_item id="14726416" status="exists"> <unix-sys:path>/scapVal/File-Test-Level2/Level3-Folder010/Level4-Folder011/Level5-Folder012</unix-sys:path> <unix-sys:filename/> <unix-sys:type>directory</unix-sys:type> ... </unix-sys:file_item> I believe the item with id="14726416" was incorrectly collected because the obj:185 supposed to collect only files. 2. A similar issue related to #1 it happens when the recurse_direction="up". Here is an example: <unix:file_object xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"; id="oval:nist.validation.macosFileTest:obj:181" comment="@recurse='symlinks and directories'" version="1"> <unix:behaviors max_depth="0" recurse_file_system="local" recurse="symlinks and directories" recurse_direction="up"/> <unix:path>/scapVal/File-Test-Level2/Level3-Folder010</unix:path> <unix:filename datatype="string" operation="pattern match">.+</unix:filename> </unix:file_object> <object id="oval:nist.validation.macosFileTest:obj:181" version="1" flag="complete"> <reference item_ref="14726417"/> <reference item_ref="14726426"/> <reference item_ref="14726427"/> </object> <unix-sys:file_item id="14726417" status="exists"> <unix-sys:filepath>/scapVal/File-Test-Level2/Level3-Folder010/Level3-File010.txt</unix-sys:filepath> <unix-sys:path>/scapVal/File-Test-Level2/Level3-Folder010</unix-sys:path> <unix-sys:filename>Level3-File010.txt</unix-sys:filename> <unix-sys:type>regular</unix-sys:type> </unix-sys:file_item> <unix-sys:file_item id="14726426" status="exists"> <unix-sys:filepath>/scapVal/File-Test-Level2/Level3-Folder010/Level4-Folder011</unix-sys:filepath> <unix-sys:path>/scapVal/File-Test-Level2/Level3-Folder010</unix-sys:path> <unix-sys:filename>Level4-Folder011</unix-sys:filename> <unix-sys:type>directory</unix-sys:type> </unix-sys:file_item> <unix-sys:file_item id="14726427" status="exists"> <unix-sys:filepath>/scapVal/File-Test-Level2/Level3-Folder010</unix-sys:filepath> <unix-sys:path>/scapVal/File-Test-Level2</unix-sys:path> <unix-sys:filename>Level3-Folder010</unix-sys:filename> <unix-sys:type>directory</unix-sys:type> </unix-sys:file_item> Since the recurse_direction="up" and the file Level3-File010.txt is a 'child', it should not be collected. Also, the other 2 items corresponding to folders should not be collected because they are directories. In fact , the obj:181 should have flag="does not exist". 3. According to unix-system-characteristics-schema.html, when <unix:filename xsi:nil="true" datatype="string"/>, the filename element of the file_item should be “<unix-sys:filename xsi:nil="true"/>”, but OpenSCAP creates: “<unix-sys:filename/>”. Please let me know if you have any questions. Respectfully, _Dragos. _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
