The second chapter in Oval study

Vulnerability Library, Vulnerability Library, every day to get this thing baby is almost crying. Be aware that your baby is doing the reverse.

I'm using Escape-1.2.2.jar to write oval, see. Jar, yes, we have to build the Java set of environment t^t. Because there is no Chinese for this kind of English only after the 4 grade of the slag to have a Youdao dictionary.

OK, now we're going to start writing oval.
(Open the specific description of the XML symbol with oval in the previous blog.) ）
! [Translate: Start Sprite mode edit.] This mode will ask you a few questions and build several directories according to your answers.
No need to know the techniques of oval and XCCDF.

Started standard mode editing. This mode allows you to create oval and XCCDF immediately. Need you to know Oval
and XCCDF technology. ] (http://img.blog.csdn.net/20160412102945513)
OK, here's the standard mode. And then sit back.fileInNewOneOval。

Here you select the schema version (depending on your needs).
Here is the relevant operating system (depending on your needs).

Here is the creation of the Oval.xml file, note that the file name must have-oval.xml end.

After finish is created, several familiar tags appear. OK here we have successfully created a framework for oval. Now let's find a loophole in the actual combat demo.
We chose the 2016-02-14 Adobe Flash Player security Update severity level 3 vulnerability.
Right-click Label on leftDefinitions, add a description.

Just post my instructions.
<definition xmlns= "http://oval.mitre.org/XMLSchema/oval-definitions-5" id= "Oval:my.first.oval:def:1" version= " 1 "class=" > "Vulnerability"
<metadata>
<title>adobe Flash Player Security update </title>
<affected family= "Windows" >
<platform>adobe Flash player</platform>
</affected>
<reference source= "Adobe Flash Player" ref_id= "2016-02-14"/>
<description>&lt;? XML version= "1.0" encoding= "UTF-8"?&gt;
&lt;oval_definitions xmlns:oval-def= "Http://oval.mitre.org/XMLSchema/oval-definitions-5" &gt;
&lt;definitions&gt;
&lt;definition xmlns= "http://oval.mitre.org/XMLSchema/oval-definitions-5" id= "Oval:my.first.oval.oval:def:1" version= "1" class= "vulnerability" &gt;
&lt;metadata&gt;
&lt;title&gt; Adobe Flash Player Security update &lt;/title&gt;
&lt;affected family= "Windows" &gt;
&lt;platform&gt; Microsoft windows&lt;/platform&gt;
&lt;/affected&gt;
&lt;reference source= "ICM" ref_id= "Microsoft_windows_10_insider_preview"/&gt;
&lt;description&gt; fix vulnerabilities in Flash Player20.0.0.306 or earlier &lt;/description&gt;
&lt;oval_repository&gt;
&lt;status&gt; Accepted&lt;/status&gt;
&lt;/oval_repository&gt;
&lt;/metadata&gt;
&lt;criteria&gt;
&lt;criterion comment= "Detection is below this version" test_ref= "Oval:my.first.oval.oval:tst:1"/&gt;
&lt;/criteria&gt;
&lt;/definition&gt;
&lt;/definitions&gt;</description>
</metadata>
</definition>(I don't know why the label on the left is gone).
The next step is to create tests

Here to select the Registry_test registry test.

The same steps create a registry object.

The same steps create a registry state. And then make the changes.

Then right-click in the ObjectADD ParametersAdd the registry information you want to check.

Associating State and Object methods in tests


The last thing to note is that our operation in the state we just wrote is Equals (equals), and we want less than this version number. So after closing the Escape-1.2.2.jar, change to less than or equal with Notepad open.
So our first oval will be finished.
How do you read this XML? I used the Ovaldi.exe.
Open the console and drag the XML you just wrote into the Ovaldi.exe installation directory.
Then console input ovalid-m-o myfirstoval.xml return result

This machine is Windows 10 and its Adobe Flash Player is packaged in a Spartan browser so our registry directory does not have Adobe Flash Player this thing. So there is no not evaluated (cannot be evaluated).
Finish the job.

The second chapter in Oval study