OVAL Author’s Resources
This page gathers documents and tools for authoring content in the OVAL Language into a single location. As with any software language, your ability to successfully author OVAL content will continue to grow the more you work with the language. We encourage you to familiarize yourself with the information here as part of that process, and to offer feedback and ask any questions you might have on the OVAL Community Forums as you continue the ongoing process of developing your knowledge of OVAL.
Prerequisites
- A working knowledge of XML is highly recommended before attempting to author content in the OVAL Language.
- A strong knowledge of the technical nuances of the operating system or application for which you intend to write OVAL Definitions.
- A basic understanding of the most recent version of the OVAL Language.
Instructional Documents
Language Structure — Excellent as background material, this document provides a detailed explanation of how the OVAL Language is structured with three main categories of XML schemas (system characteristics, definitions, and results), and how each category contains a core schema and a number of component schemas.
Challenges of Writing OVAL Definitions — Describes the skill set required for authoring OVAL Definitions, of which knowledge of the OVAL Language itself is only a small part. Also explained is how the underlying research necessary to sufficiently understand a known good or bad system state is a challenge that is independent of OVAL, but that by providing a standard format for describing it OVAL significantly helps software vendors and researchers by providing a baseline for them to collaborate in investigating the detailed system information that is needed.
Definition Tutorial — A primer on how OVAL Definitions are structured in the OVAL Language.
Validating a Document — Explains how to validate an OVAL document to ensure a common and expected structure amongst OVAL documents being passed between different users.
OVAL Repository Style Guide — A living document detailing the stylistic decisions that have been made for OVAL Language content including definitions, tests, objects, states, and variables.
Writing an OVAL Definition — Instructions for writing OVAL Definitions in the OVAL Language.
Useful Tools
OVAL Checker — This free Schematron-based utility will flag common mistakes and poor stylistic decisions in OVAL Definition documents. The list of issues that the utility detects and reports is ever-evolving as the community identifies OVAL authoring best practices. The current listing of authoring style guidelines is based on the OVAL Repository Style Guide.
OVAL Merge — This free utility takes one or more files that contain valid OVAL content and combines them into a single, valid OVAL file that contains the union of all of the definitions, tests, objects, states, and variables found in the individual OVAL files.
OVAL Splitter — This free utility takes an XML file that contains one or more definitions as a command line input and splits the input document in one of two ways: (1) the user indicates on the command line the OVAL-ID of a definition, test, object, state, or variable and each of the items is split into its own new valid document; or (2) the user indicates on the command line that the input document should be fully split at a specified level (definitions, test, object, state, variable) and the utility creates a new XML file for each item at the designated level (for example, if the input document has five definitions and the user indicates that the document should be split at the definition level the utility will create a new XML file for each definition in the input document).
OVAL Normalizer — This is a free command-line utility that takes an XML file containing one or more OVAL Definitions as input and validates the document(s) against the OVAL Definitions Schema and the OVAL Definitions Schema Schematron rules. If the input document is valid, the utility will normalize the input XML file and output to a user-specified XML file. During the normalization process, unused XML namespaces will be removed and an attempt is made to clean-up comments on all items, simplify the usage of XML namespaces, and remove optional attributes. This normalization process is intended to make the input definition more easily readable and give users some consistency in the format of the OVAL Definitions with which they are working.
XCCDF Splitter — This free utility allows you to input a complete SCAP Benchmark, such as the FDCC for Windows XP, and create a new benchmark that contains only one user-elected Rule and all related material. This enables a user to easily create a new benchmark to check for a single rule in an existing SCAP Benchmark for evaluation with an SCAP Validated Compliance Scanner. The utility takes as input the XCCDF document portion of an SCAP Benchmark and the ID of the user’s desired rule and outputs to a new directory a pared-down XCCDF document that contains only the user’s selected rule and the minimal required set of OVAL Definitions.
XSL Transforms — A free set of independent transformations that will perform specific functions upon an OVAL or XCCDF file. These include commonly performed operations for handling subsets of data, or to change the way the user interacts with the content. All may be called in a similar fashion with varying input parameters.
OVAL Test Content — A set of OVAL Definitions that provides a simple way to test the capability of OVAL Definition Evaluators. After running the OVAL Test Content through an OVAL Definition Evaluator, the OVAL Results will show which tests are properly supported by that tool. This allows unit testing of tools against the language. Content authors may use the content as a reference for writing new content.
OVAL Interpreter — This free reference implementation can be used by definition writers to test content and ensure correct syntax and adherence to the OVAL Schemas.
Additional OVAL Authoring Tools — Tools for Authoring OVAL Content available from participants in the OVAL Adoption Program.
Further Assistance
OVAL Developer’s Forum — Contact for questions about the OVAL Language itself.
OVAL Repository Forum — Contact for questions about creating OVAL content.
OVAL Team — Contact directly for questions about the OVAL Language and/or about creating OVAL content.
Page Last Updated: May 13, 2013