Bug 1192428 - STIG, OVAL validating: var_check has been supplied, var_ref missing
Summary: STIG, OVAL validating: var_check has been supplied, var_ref missing
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openscap
Version: 6.8
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Šimon Lukašík
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-13 10:37 UTC by Martin Žember
Modified: 2015-07-22 06:29 UTC (History)
2 users (show)

Fixed In Version: openscap-1.0.10-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: OVAL standard requires that content var_check XML attribute included within any XML elements that has var_ref attribute. OpenSCAP scanner has omitted var_check attribute in some cases (default/implicit values). Consequence: Strict schematron validation of OVAL results warned user. Fix: OVAL module has been amended to export var_check explicitly whenever exporting var_ref. Result: Strict schematron validation passes.
Clone Of:
: 1192431 (view as bug list)
Environment:
Last Closed: 2015-07-22 06:29:18 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1317 normal SHIPPED_LIVE openscap bug fix and enhancement update 2015-07-20 17:53:22 UTC

Description Martin Žember 2015-02-13 10:37:30 UTC
Description of problem:
Validating of OVAL results displays:
oval:mil.disa.fso.redhat.rhel6:obj:3184 - a var_ref has been supplied for the ind-def:pattern entity so a var_check should also be provided

Version-Release number of selected component (if applicable):
openscap-1.0.8-1.el6_5.1

How reproducible:
Always

Steps to Reproduce:
1. Downloading :: actually running 'wget http://iase.disa.mil/stigs/Documents/u_redhat_6_v1r5_stig_scap_1-1_benchmark.zip'
2. Unzipping :: actually running 'unzip u_redhat_6_v1r5_stig_scap_1-1_benchmark.zip -d stig'
3. Evaluating STIG profile :: actually running 'oscap xccdf eval --profile MAC-1_Public --report stig-xccdf-results.html --results stig-xccdf-results.xml --oval-results --cpe stig/U_RedHat_6_V1R5_Benchmark-cpe-dictionary.xml stig/U_RedHat_6_V1R5_Benchmark-xccdf.xml stig/U_RedHat_6_V1R5_Benchmark-oval.xml'
4. Validating XCCDF results :: actually running 'oscap xccdf validate-xml stig-xccdf-results.xml'
5. Validating OVAL results :: actually running 'oscap oval validate-xml --results --schematron       U_RedHat_6_V1R5_Benchmark-oval.xml.result.xml'


Actual results:
<?xml version="1.0"?>
oval:mil.disa.fso.redhat.rhel6:obj:3184 - a var_ref has been supplied for the ind-def:pattern entity so a var_check should also be provided

Invalid OVAL Results content(5.8) in U_RedHat_6_V1R5_Benchmark-oval.xml.result.xml.
(return code 2)

Expected results:
Nothing (return code 0)

Additional info:

Comment 2 Šimon Lukašík 2015-02-16 15:32:28 UTC
Note to myself: This is clone of bug 1182242 and bug 1182242.

Fixed upstream in aebc254a4e6993ef79a549c2f71b5a6a4eb3ed01 and 0e3c7e6833630d55d00ac3e91cdb2ae067fabcb6.

Comment 8 errata-xmlrpc 2015-07-22 06:29:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1317.html


Note You need to log in before you can comment on or make changes to this bug.