Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Validating XML Schema of OVAL Documents with Python
  • Data Breach
  • Vulnerabilities

Validating XML Schema of OVAL Documents with Python

5 years ago Darlene Hibbs
Validating XML Schema of OVAL Documents with Python

OVAL is the Open Vulnerability Assessment Language, which uses XML based documents to define vulnerabilities based on characteristics of a host system. It can also be used to gather information about the host. When an OVAL file is evaluated, it generates a report file with the results of the vulnerability evaluation or a system characteristics file containing information gathered from the host.

OVAL Definitions, OVAL System Characteristics and OVAL Results

These capabilities are achieved through three distinct document types: OVAL Definitions, OVAL System Characteristics and OVAL Results. The specific format for each type is defined by a Schema, which is a document that contains rules that the structure of the OVAL document must adhere to. These rules include instructions such as the order that elements must appear, how often an element can appear, if the element is required or not, which attributes an element has, and what type of data can be contained within an element.

Validation of an XML file is the process of evaluating whether it conforms to the format described by the schema. If it conforms to the schema, it is considered valid.   

An OVAL interpreter is an executable which evaluates OVAL Definition files and produces OVAL System Characteristic files and OVAL Results. Since System Characteristics and Results are both generated by the interpreter when an OVAL Definition file is processed, it is the interpreter’s responsibility to ensure that the files it generates adhere to the specified schemas. 

The OVAL Definition file, which details the information to be queried from a host and how that data should be evaluated, can be written manually or generated automatically. This means that Definition files may be generated incorrectly due to errors or typos that fail to conform to the schema. Generally, invalid Definition files should be rejected by the interpreter, but in some cases, it could cause the interpreter to fail or to generate incorrect data. Therefore, it is important to ensure that Definition files conform to the schema before passing them to an OVAL interpreter.

An option for validation is to write a script to evaluate generated Definition files. The Python library lxml has functions for processing, modifying and generating XML documents as well as validating XML documents against a schema. The following code can be used to perform XML validation:

import lxml.etree
schema_validator = lxml.etree.XMLSchema(file=<schema_file>)
is_valid = schema_validator.validate(<xml_file>)

With this code validating XML against a single schema is fairly straightforward. However in the case of OVAL documents, multiple schemas are used to define rules for its various components. At minimum, an OVAL Definition file uses the oval-common-schema and the oval-definitions-schema. These schemas define the general structure of OVAL and the structure of the Definition file respectively. In addition to these, at least one other schema is required to define the specific types of data that can be queried from a host such as package versions, file information and configuration settings. For these specific schemas, there is generally one per operating system (eg, Windows, Linux, macOS). This means we need at minimum three different schemas to validate an OVAL Definition. This is problematic given lxml can only accept a single schema file.

Validating an OVAL file in Python

This limitation is mitigated by the ability to import schema files into another schema file. Once imported, the additional schema files will also be available for validation when the importing file contains the additional schemas. The OVAL schema files make use of this functionality, and the OS specific schema files import the required oval-common-schema and the oval-definitions-schema. Therefore, for most cases, to validate an OVAL file in Python with lxml, only the schema file for the OS the OVAL XML is written for needs to be specified. For example, a file written for querying a Windows host would need to pass the windows-definitions-schema to the lxml processor. Here is a snippet from the start of the windows-definitions-schema file showing the additional schemas being imported:

<?xml version="1.0" encoding="utf-8"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" elementFormDefault="qualified" version="5.10.1">
      <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-common-5" schemaLocation="oval-common-schema.xsd"/>
      <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5" schemaLocation="oval-definitions-schema.xsd"/>

There are, however, still scenarios where a Definition file can use elements from more than one additional schema. This will commonly occur when using elements from the independent-definitions-schema, which contains functionality that can be used across multiple operating systems such as hashing files, checking environment variables and reading file contents. A Definition file written for Windows that uses both the Windows schema and Independent schema would not be possible to validate with lxml by passing in any single one of the default schema files. Passing in only one of the required schemas would cause the validation to fail on elements found in the schema that has not been provided to the Python script.

To resolve this problem, we can use the same import functionality that was shown in the example above, only this time using a specially created test schema. The test schema only needs to import the other schema files required for successful validation. It does not itself contain any of the document structure rules found in the other schemas. Any number of schemas can be imported into this file, so it’s not necessary to create a separate test schema file for every variation of Definition files even if they are written for completely different operation systems. Here’s an example of a single file that imports all the supported OVAL schema files:

<?xml version="1.0" encoding="utf-8"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:sch="http://purl.oclc.org/dsdl/schematron" targetNamespace="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" version="5.10.1">
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" schemaLocation="aix-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache" schemaLocation="apache-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#catos" schemaLocation="catos-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#esx" schemaLocation="esx-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#freebsd" schemaLocation="freebsd-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#hpux" schemaLocation="hpux-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" schemaLocation="independent-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#ios" schemaLocation="ios-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" schemaLocation="linux-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#macos" schemaLocation="macos-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#pixos" schemaLocation="pixos-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#sharepoint" schemaLocation="sharepoint-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" schemaLocation="solaris-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" schemaLocation="unix-definitions-schema.xsd"/>
    <xsd:import namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" schemaLocation="windows-definitions-schema.xsd"/>
</xsd:schema>

Using this example as the validator schema in the Python script above allows accurate validation of any OVAL Definition file regardless of the combination of the currently supported schemas it employs.

The post ” Validating XML Schema of OVAL Documents with Python” appeared first on TripWire

Source:TripWire – Darlene Hibbs

Tags: Linux, TripWire

Continue Reading

Previous Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company
Next 2021 Cybersecurity Trends: Bigger Budgets, Endpoint Emphasis and Cloud

More Stories

  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

2 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

2 days ago [email protected] (The Hacker News)

Recent Posts

  • FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
  • Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
  • CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
  • Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
  • Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT