This repository was archived by the owner on Jan 10, 2025. It is now read-only.
This repository was archived by the owner on Jan 10, 2025. It is now read-only.
Failed to detect windows vulnerability with the windows vulnerability oval file #1929
This issue is about https://github.com/CISecurity/OVALRepo/tree/master/repository/objects/windows/file_object/4000)/oval_org.cisecurity_obj_4000.xml.
Problems:
We download the whole define xml file from the site url:(https://oval.cisecurity.org/repository/download/5.11.2/vulnerability/microsoft_windows_server_2016.xml) which includes the above obj_4000
Then we tested the 2016.xml with OpenScap For win and OVALDI( older version, now has been deprecated) and failed.
It took a long long time to run and can't terminate.
We analysed the definition and gusessed that the key is the OBJECT which use "SET" to lead to much computing and indefinite loop.
Suggestion to improve:
It's not necessary to use "Set" to define the file_object..
The file to be dectected is determined, can be access with full file path with a variable SYSTEM_ROOT.
We wirte a test oval file in the above way, the result is OK.
Additional, If you can provide the original material, we can rewrite the whole WINDOWS vulnerability oval files.