Schema validation failure for Mac plist510_object

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Schema validation failure for Mac plist510_object

sprabhu
Hi,

As per the 5.10.1 specification on
plist510_object, app_id child element has
minimum occurrence as 1, so this mandates the useĀ  of it compulsory in the respective object,
but the corresponding schema xsd doesn't seem to be in line with this specification.

The xsd has written to choose between the app_id/filepath elements, therefore this
triggers schema validation to fail when I use app_id along with filepath element.

We've requirement where the use of both elements is necessary for parsing the exact the setting
value from the plist file.

L
et me know about my observation.

--
regards,

Prabhu S A

Saner Personal, a free vulnerability mitigation software
http://www.secpod.com
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Schema validation failure for Mac plist510_object

David Solin-3
How is that possible? The schema is correct.

The two are mutually exclusive.

Sent from my iPhone

On May 20, 2015, at 7:38 AM, Prabhu S Angadi <[hidden email]> wrote:

Hi,

As per the 5.10.1 specification on
plist510_object, app_id child element has
minimum occurrence as 1, so this mandates the use  of it compulsory in the respective object,
but the corresponding schema xsd doesn't seem to be in line with this specification.

The xsd has written to choose between the app_id/filepath elements, therefore this
triggers schema validation to fail when I use app_id along with filepath element.

We've requirement where the use of both elements is necessary for parsing the exact the setting
value from the plist file.

L
et me know about my observation.

--
regards,

Prabhu S A

Saner Personal, a free vulnerability mitigation software
http://www.secpod.com
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Schema validation failure for Mac plist510_object

David Solin-3
To clarify, use of appid implies a plist file location of:
${HOME}/Library/Preferences/[appid].plist

Since there is no way to explicitly control the user account context in OVAL, it's a pretty bad means of creating an object. If anything it should be deprecated.

So, I don't understand how you could require both an appid and filepath in a single object.

Regards,
--David Solin

Sent from my iPhone

On May 20, 2015, at 7:42 AM, David Solin <[hidden email]> wrote:

How is that possible? The schema is correct.

The two are mutually exclusive.

Sent from my iPhone

On May 20, 2015, at 7:38 AM, Prabhu S Angadi <[hidden email]> wrote:

Hi,

As per the 5.10.1 specification on
plist510_object, app_id child element has
minimum occurrence as 1, so this mandates the use  of it compulsory in the respective object,
but the corresponding schema xsd doesn't seem to be in line with this specification.

The xsd has written to choose between the app_id/filepath elements, therefore this
triggers schema validation to fail when I use app_id along with filepath element.

We've requirement where the use of both elements is necessary for parsing the exact the setting
value from the plist file.

L
et me know about my observation.

--
regards,

Prabhu S A

Saner Personal, a free vulnerability mitigation software
http://www.secpod.com
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Schema validation failure for Mac plist510_object

Danny Haynes
Administrator
In reply to this post by David Solin-3

Hi Prahbu,

As David mentioned, the schema is correct.  The test was based on the fact you can use either use the app_id to look for the preference key in pre-designated locations depending on the scope or use the filepath entity to select a specific plist file on the system in the case it is a non-standard location.  More information about the pre-designated locations and scope can be found here (https://developer.apple.com/library/mac/documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/UserPreferences.html).

 

I think the confusion is around the fact that the HTML representation of the schema documentation (http://oval.mitre.org/language/version5.10.1/ovaldefinition/documentation/macos-definitions-schema.html) does not make it clear that you can only use one or the other.  It simply extracts the name of the entity, type, minOccurs, maxOccurs, and the description.  It does not account for the xsd:choice structure in the schema.

 

Hope this helps.


Thanks,

Danny

 

From: David Solin [mailto:[hidden email]]
Sent: Wednesday, May 20, 2015 8:42 AM
To: oval-developer-list OVAL Developer List/Closed Public Discussion
Subject: Re: [OVAL-DEVELOPER-LIST] Schema validation failure for Mac plist510_object

 

How is that possible? The schema is correct.

 

The two are mutually exclusive.

Sent from my iPhone


On May 20, 2015, at 7:38 AM, Prabhu S Angadi <[hidden email]> wrote:

Hi,

As per the 5.10.1 specification on plist510_object, app_id child element has
minimum occurrence as 1, so this mandates the use  of it compulsory in the respective object,
but the corresponding schema xsd doesn't seem to be in line with this specification.

The xsd has written to choose between the app_id/filepath elements, therefore this
triggers schema validation to fail when I use app_id along with filepath element.

We've requirement where the use of both elements is necessary for parsing the exact the setting
value from the plist file.

Let me know about my observation.

--
regards,

Prabhu S A

Saner Personal, a free vulnerability mitigation software
http://www.secpod.com

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DEVELOPER-LIST in the BODY of the message. If you have difficulties, write to [hidden email].