-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Port ranges should be limited to OS port limits #1772
Comments
This is an apt observation. I will add that the "obvious" reserved ports (see IANA Service Name and Transport Protocol Port Number Registry) should be excluded (namely, 0, 1023, 1024, 49151). I say "obvious" because other port reservations are dependent on transport type as well as historic IANA actions. See also #1674. |
So does that mean that the current OSCAL schema already support this feature? Since #1674 has been merged. Except port 0 (since it's a wildcard port), I don't think it would be a good idea to exclude known protocols since some systems could use those ports for something else (even though they shouldn't). Also, I'm not sure if it's possible to do with a JSON/XML schema, but adding a check to make sure that multiple components dont have the same ports/port ranges, might be a good idea. |
Such is not possible with a simple schema. It is possible using Schematron for XML. Components may share port usage. For example, multiple components using the HTTPS protocol might all declare the use of port 443. Worthy of note: |
This is actually a good point. With the current rise of web-based applications and interfaces, it might be a good idea to include a client/server tag and/or add network direction (ingress/egress/both). |
Describe the bug
Currently, the OSCAL schema allows the user to add a network port range (part of the oscal-implementation-common) model. However, an OS (Windows and Linux) has a logical port range of 0-65535, while the schema allows for any number. The schema should be edited to bound the port range to what an OS can utilize.
Who is the bug affecting
Component and POAM writers. This "bug" is more of a sanity check than anything else.
What is affected by this bug
Metaschema, Modeling
How do we replicate this issue
Set the protocol port range to any number.
Expected behavior (i.e. solution)
The protocol port range should only allow whole numbers between 0 and 65535.
Other comments
No response
Revisions
No response
The text was updated successfully, but these errors were encountered: