Possible issue with SRC-330-3 #16
Comments
|
Thank you for reporting this. There are a couple of issue here. First, the SRC-330-3 has a total of 128 hits of varying severity from information to error. However after 10 results they are truncated in the html report. The overall result of SRC-330-3 will ultimately be assigned the most severe error status found, in this case error, it is just within the 118 truncated results so the specific error result is not visible in the HTML report. This is a known issue and is being tracked with usnistgov/decima#7 In the meantime you can view the xml results file for complete results Second, the error text "the value of lockout_duration must be greater than or equal to zero - TEST: string-length(.) = 0 or number(.) < 0" comes from a schematron TEST for OVAL 5.11.2 content. |
|
Dragos, you can track the first issue at usnistgov/decima#7 |
|
Cross reference to OVAL Language issue: OVALProject/Language#304 |
|
Hello Scott, Can you please update the schematron rules in SCAPVAL as done in OVALProject/Language#302 ? Thanks, |
Hello Scott,
The attached content fails validation, but there is just one warning (SRC-330-3):
"Warning | 'Warning: The 'cpe:/' prefix (CPE URI binding) is allowed within an @idref attribute, but the CPE Formatted String binding is preferred. See the XCCDF 1.2.1 specification, Section 6.2.5. - TEST: false()'"
Is this the requirement that triggers the error?
Thanks,
_Dragos.
content-and-val-results.zip
The text was updated successfully, but these errors were encountered: