[SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.

Todd Heberlein todd_heberlein at mac.com
Sun Jul 21 12:03:35 PDT 2013 

I've been conducting some experiments to figure out how different data collection methods behave. (spoiler, I like system_profiler). Here are my findings on three methods.

find

	find . -type f -perm +111

I did not find very useful because of the high number of false positives. For example, on my system this flagged 1804 "png" files, 1086 "jpg" files, and 2104 "html" files that were marked executable.

system_profiler

I found this very useful. It caught application bundles I dragged to the /Applications folder (something pkgutil did not). I also searched for app bundles installed in home folders and found a surprising number (though, much of that is because I do software development):

	system_profiler -xml SPApplicationsDataType | grep '/Users/.*\.app<'

There are some limitations however. For example, it did *not* pick up "java", which seems pretty critical.

pkgutil

I did not find this as useful as system_profiler for a number of reasons. For starters, as mentioned previously it does not pick up applications that are dragged onto the system. There are still a lot of programs that are download as DMGs that you just drag into your /Applications folder.

I also found the data more obtuse and less understandable than system_profiler; although, perhaps with more use that difference would diminish.

Also, and this may be due to my lack of experience, I had to two loops of this. The first to collect the list of app package IDs and then a second call on each package ID to get more information about it.


Conclusions

On Jul 21, 2013, at 7:59 AM, David Solin <david at joval.org> wrote:

> The original test proposal was an attempt to create an object that could be used generically to represent an installed application on OSX.

Unfortunately, even defining "application" is difficult. Is it a ".app" bundle? If so, system_profiler is great. But once you expand beyond this (e.g., "java" or "python"), the definition gets much murkier.

There are also lots of ways "applications" (however that is defined) are installed and modified on your system:

	(1) standard installer packages (e.g., something installed from Mac App Store)

	(2) drag & drop (e.g., from a DMG file)

	(3) custom methods (e.g., Google has a very messy process)

My feeling is that

	system_profiler -xml SPApplicationsDataType

is the best starting point, and with more experience and testing, spiraling out from there.

Todd

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130721/93474b93/attachment.html>

More information about the SCAP-On-Apple-Dev mailing list