The following is a description of the elements, types, and attributes that compose the SharePoint specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here.
The SharePoint Component Schema is based on the SharePoint Object Model (Windows SharePoint Services 3.0)
The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org.
The spwebapplication test is used to check the properties or permission settings of a SharePoint web application. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spwebapplication_object element is used by a spwebapplication test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spwebapplication object consists of a webapplicationurl used to define a specific web application. See the defintion of the SPWebApplication class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs webapplicationurl oval-def:EntityObjectStringType 1 1
The spwebapplication_state element defines security settings and permissions that can be checked for a specified SPWebApplications.
The spgroup test is used to check the group properties for site collections. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spgroup_object element is used by a spgroup test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spgroup object consists of a sitecollectionurl used to define a specific site collection. See the defintion of the SPGroup class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityObjectStringType 1 1
The spgroup_state element defines settings for groups in a site collections.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityStateStringType 0 1 gname oval-def:EntityStateStringType 0 1 autoacceptrequesttojoinleave oval-def:EntityStateBoolType 0 1 allowmemberseditmembership oval-def:EntityStateBoolType 0 1 onlyallowmembersviewmembership oval-def:EntityStateBoolType 0 1
The spweb test is used to check the properties for site collections. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spweb_object element is used by a spweb test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spweb object consists of a webcollection url and sitecollection url used to define a specific web apoplication and a specific site collection. See the defintion of the SPWeb class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs webcollectionurl oval-def:EntityObjectStringType 1 1 sitecollectionurl oval-def:EntityObjectStringType 1 1
The spweb_state element defines settings for a site collection.
Child Elements Type MinOccurs MaxOccurs webcollectionurl oval-def:EntityStateStringType 0 1 sitecollectionurl oval-def:EntityStateStringType 0 1 secondarysitecolladmin oval-def:EntityStateStringType 0 1 secondsitecolladminenabled oval-def:EntityStateBoolType 0 1 allowanonymousaccess oval-def:EntityStateBoolType 0 1
The splist test is used to check the properties of lists associated with a SharePoint site or site collection. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an splist_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The splist_object element is used by a splist test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An splist object consists of a spsiteurl used to define a specific site in a site collection that various security related configuration items need to be checked. See the defintion of the SPList class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs spsiteurl oval-def:EntityObjectStringType 1 1
The splist_state element defines the different information that can be used to evaluate the specified Sharepoint sites....
Child Elements Type MinOccurs MaxOccurs spsiteurl oval-def:EntityStateStringType 0 1 irmenabled oval-def:EntityStateBoolType 0 1 enableversioning oval-def:EntityStateBoolType 0 1 nocrawl oval-def:EntityStateBoolType 0 1
The spantivirussettings test is used to check the settings for antivirus software associated with a SharePoint deployment.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spantivirussettings_object element is used by a spantivirussettings test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spantivirussettings object consists of a spwebservicename used to define a specific webservice in a farm that various security related configuration items need to be checked and an spfarmname which denotes the farm of which the spwebservice is a part. See the defintion of the SPAntiVirusSettings class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs spwebservicename oval-def:EntityObjectStringType 1 1 spfarmname oval-def:EntityObjectStringType 1 1
The spantivirus_state element defines the different information that can be used to evaluate the specified Sharepoint sites....
Child Elements Type MinOccurs MaxOccurs spwebservicename oval-def:EntityStateStringType 0 1 spfarmname oval-def:EntityStateStringType 0 1 allowdownload oval-def:EntityStateBoolType 0 1 cleaningenabled oval-def:EntityStateBoolType 0 1 downloadscanenabled oval-def:EntityStateBoolType 0 1 numberofthreads oval-def:EntityStateIntType 0 1 skipsearchcrawl oval-def:EntityStateBoolType 0 1 timeout oval-def:EntityStateIntType 0 1 uploadscanenabled oval-def:EntityStateBoolType 0 1 vendorupdatecount oval-def:EntityStateIntType 0 1
The spsiteadministration test is used to check the properties of a site. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spsiteadministration_object element is used by a spsiteadministration test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spsiteadministration object consists of a webapplicationurl used to define a specific web application. See the defintion of the SPSiteAdministration class in the SharePoint object model documentation. See the defintion of the SPSiteAdministration class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityObjectStringType 1 1
The spspsiteadministration_state element defines security settings and permissions that can be checked for a specified SPSite.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityStateStringType 0 1 storagemaxlevel oval-def:EntityStateIntType 0 1 storagewarninglevel oval-def:EntityStateIntType 0 1
The spsite test is used to check the properties of a site. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an spwebapplication_object and the optional state element specifies the data to check. The evaluation of the test is guided by the check attribute that is inherited from the TestType.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spsite_object element is used by a spsiteadministration test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spsite object consists of a sitecollectionurl used to define a specific web application. See the defintion of the SPSite class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityObjectStringType 1 1
The spsite_state element defines security settings and permissions that can be checked for a specified SPSite.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityStateStringType 0 1 quotaname oval-def:EntityStateStringType 0 1 url oval-def:EntityStateStringType 0 1
The spcrawlrule test is used to check the configuration or rules associated with the SharePoint system's built-in indexer and the sites or documents that will be indexed.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spcrawlrule_object element is used by a spcrawlrule test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spcrawlrule object consists of a spsiteurl used to define a specific resource (eg. website or document) on a server that can be indexed by the SharePoint indexer. See the defintion of the CrawlRule class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs spsiteurl oval-def:EntityObjectStringType 1 1
The spcrawlrule state element defines the various properties of the SharePoint indexer that can be checked.
Child Elements Type MinOccurs MaxOccurs spsiteurl oval-def:EntityStateStringType 0 1 crawlashttp oval-def:EntityStateBoolType 0 1 enabled oval-def:EntityStateBoolType 0 1 followcomplexurls oval-def:EntityStateBoolType 0 1 path oval-def:EntityStateStringType 0 1 priority oval-def:EntityStateIntType 0 1 suppressindexing oval-def:EntityStateBoolType 0 1 accountname oval-def:EntityStateStringType 0 1
The spjobdefinition test is used to check the status of the various properties associated with scheduled jobs in the SharePoint system.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spjobdefinition_object element is used by a spjobdefinition test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spjobdefinition object consists of a webappuri used to define a specific web application for which job checks should be done. See the defintion of the SPJobDefinition class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs webappuri oval-def:EntityObjectStringType 1 1
The various properties of a Sharepoint job that can be checked.
Child Elements Type MinOccurs MaxOccurs webappuri oval-def:EntityStateStringType 0 1 displayname oval-def:EntityStateStringType 0 1 isdisabled oval-def:EntityStateBoolType 0 1 retry oval-def:EntityStateBoolType 0 1 title oval-def:EntityStateStringType 0 1
The bestbet test is used to get all the best bets associated with a site.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The bestbet_object element is used by a bestbet test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An bestbet object consists of a sitecollectionurl used to define a specific site and a bestbeturl used to define a specific best bet. See the defintion of the BestBet class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityObjectStringType 1 1 bestbeturl oval-def:EntityObjectStringType 1 1
The various properties of a Best Bet that can be checked.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityStateStringType 0 1 bestbeturl oval-def:EntityStateStringType 0 1 title oval-def:EntityStateStringType 0 1 description oval-def:EntityStateStringType 0 1
The policycoll test is used to get all the Information Policies associated with a site.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The infopolicycoll_object element is used by a policycoll test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
A infopolicycoll object consists of a sitecollectionurl used to define a specific site and an id used to define a specific information policy. See the defintion of the Policy class and policycollection class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityObjectStringType 1 1 id oval-def:EntityObjectStringType 1 1
The various properties of the Information Policy that can be checked.
Child Elements Type MinOccurs MaxOccurs sitecollectionurl oval-def:EntityStateStringType 0 1 id oval-def:EntityStateStringType 0 1 name oval-def:EntityStateStringType 0 1 description oval-def:EntityStateStringType 0 1 longdescription oval-def:EntityStateStringType 0 1
The spdiagnosticsservice test is used to check the diagnostic properties associated with a Sharepoint system.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spdiagnosticsservice_object element is used by an spdiagnosticsservice test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spdiagnosticsservice object consists of a farmname used to define a specific Sharepoint farm for which diagnostics properties should be checked. See the defintion of the SPDiagnosticsService class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs
The various properties of a diagnostics service that can be checked.
Child Elements Type MinOccurs MaxOccurs farmname oval-def:EntityStateStringType 0 1 displayname oval-def:EntityStateStringType 0 1 logcutinterval oval-def:EntityStateIntType 0 1 loglocation oval-def:EntityStateStringType 0 1 logstokeep oval-def:EntityStateIntType 0 1 required oval-def:EntityStateBoolType 0 1 typename oval-def:EntityStateStringType 0 1
The spdiagnosticslevel_test is used to check the status of the logging features associated with a Sharepoint deployment.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The spdiagnosticslevel_object element is used by an spdiagnosticslevel test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An spdiagnosticslevel object consists of a farmname used to define a specific Sharepoint farm for which policy properties should be checked. See the defintion of the SPWebApplication class in the SharePoint object model documentation. See the defintion of the IDiagnosticsLevel Interface in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs
The various properties of a Diagnostics level that can be checked.
Child Elements Type MinOccurs MaxOccurs farmname oval-def:EntityStateStringType 0 1 eventseverity sp-def:EntityStateEventSeverityType 0 1 hidden oval-def:EntityStateBoolType 0 1 levelid oval-def:EntityStateStringType 0 1 levelname oval-def:EntityStateStringType 0 1 traceseverity sp-def:EntityStateTraceSeverityType 0 1
The sppolicyfeature test enables one to check the attributes associated with policies and policy features on the Sharepoint deployment.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The sppolicyfeature_object element is used by an sppolicyfeature test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An sppolicyfeature object consists of a farmname used to define a specific Sharepoint farm for which policy feature properties should be checked. See the defintion of the PolicyFeature class in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs
The various properties of a policy feature that can be checked.
Child Elements Type MinOccurs MaxOccurs farmname oval-def:EntityStateStringType 0 1 configpage oval-def:EntityStateStringType 0 1 defaultcustomdata oval-def:EntityStateStringType 0 1 description oval-def:EntityStateStringType 0 1 globalconfigpage oval-def:EntityStateStringType 0 1 globalcustomdata oval-def:EntityStateStringType 0 1 group oval-def:EntityStateStringType 0 1 name oval-def:EntityStateStringType 0 1 publisher oval-def:EntityStateStringType 0 1 state sp-def:EntityStatePolicyFeatureStateType 0 1
The sppolicy test enables one to check the attributes of the policies associated with a particular URL Zone in a Sharepoint system.
Child Elements Type MinOccurs MaxOccurs object oval-def:ObjectRefType 1 1 state oval-def:StateRefType 0 1
The sppolicy_object element is used by an sppolicy test to define the object to be evaluated. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.
An sppolicy object consists of a webappuri and a URL Zone used to define a specific Sharepoint web application and zone for which policy properties should be checked. See the defintion of the SPPolicy class and the sppolicyroletype in the SharePoint object model documentation.
Child Elements Type MinOccurs MaxOccurs urlzone sp-def:EntityObjectUrlZoneType 1 1
The various properties of a policy that can be checked.
Child Elements Type MinOccurs MaxOccurs webappuri oval-def:EntityStateStringType 0 1 urlzone sp-def:EntityStateUrlZoneType 0 1 displayname oval-def:EntityStateStringType 0 1 issystemuser oval-def:EntityStateBoolType 0 1 username oval-def:EntityStateStringType 0 1 policyroletype sp-def:EntityStatePolicyRoleType 0 1
The EntityObjectUrlZoneType restricts a string value to a set of values that describe the different IIS Url Zones. The empty string is also allowed to support empty element associated with error conditions.
Value Description Custom
Default
Extranet
Intranet
Internet
The empty string value is permitted here to allow for empty elements associated with variable references.
The EntityStateEventSeverityType restricts a string value to a set of values that describe the different states that can be configured for a diagnostics level event severity level property of the diagnostics service.
Value Description Error
ErrorCritical
ErrorSecurityBreach
ErrorServiceUnavailable
FailureAudit
Information
None
Success
SuccessAudit
Warning
The empty string value is permitted here to allow for empty elements associated with variable references.
The EntityStateTraceSeverityType restricts a string value to a set of values that describe the different states that can be configured for a diagnostics level trace severity level property of the diagnostics service.
Value Description High
Medium
Monitorable
None
Unexpected
Verbose
The empty string value is permitted here to allow for empty elements associated with variable references.
The EntityStatePolicyRoleType restricts a string value to a set of values that describe the different Policy settings for Access Control that are available for users.
Value Description DenyAll
Deny all rights.
DenyWrite
Deny write permissions.
FullControl
Grant full control.
FullRead
Grant full read permissions.
None
No role type assigned.
The empty string value is permitted here to allow for empty elements associated with variable references.
The EntityStatePolicyRoleType restricts a string value to a set of values that describe the different policy feature states that can be configured for a policy feature.
Value Description Hidden
Specifies that the policy feature is hidden from the Sharepoint Central Administration user interface.
Visible
Specifies that the policy feature is visible from the Sharepoint Central Administration user interface.
The empty string value is permitted here to allow for empty elements associated with variable references.
The EntityStateUrlZoneType restricts a string value to a set of values that describe the different IIS Url Zones.
Value Description Custom
Default
Extranet
Intranet
Internet
The empty string value is permitted here to allow for empty elements associated with variable references.