Hi, I'm afraid we hit the limitation of OVAL specification: https://oval.mitre.org/language/version5.11/ovaldefinition/documentation/oval-definitions-schema.html#ObjectComponentType
> The required object_ref attribute provides a reference to an existing OVAL Object declaration. The referenced OVAL Object specifies a set of OVAL Items to collect. Note that an OVAL Object might identify 0, 1, or many OVAL Items on a system. If no items are found on the system then an error should be reported when determining the value of an ObjectComponentType. If 1 or more OVAL Items are found then each OVAL Item will be considered and the ObjectComponentType may have one or more values. I think that the workaround could be that the regular expression always matches at least an empty string. Then I think the variable will not be empty but it would contain an item that contains an empty string, so the concatenation could proceed. I haven't tried it if it works, though. Regards On Fri, May 31, 2019 at 3:26 PM Ilya Okomin <ilya.oko...@oracle.com> wrote: > Hi Team, > > I need some piece of advice how to implement join in OVAL for variables if > some of them are empty . > > I'm looking at the existing example from master which uses > <concat>-<split>. However this code doesn't work as expected for empty > variable var_rfg_include_config_regex in <concat> - returned result "no > value", while expected would be "%^/etc/rsyslog.conf$": > > https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml#L43 > > Note: UniqueFunctionType > <https://oval.mitre.org/language/version5.11/ovaldefinition/documentation/oval-definitions-schema.html#UniqueFunctionType> > looks more applicable here, but it doesn't work as well with the same > reason - returned result is "no value" when one of variables is empty. > > Can any approach be suggested to avoid getting "no value" and return > expected result for sample var_rfg_all_log_files_as_string_regex variable > (with joined values from defined only variables/objects)? > > Regards, > Ilya. > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list -- Jan Černý Security Technologies | Red Hat, Inc.
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
