compliance_count function in generated guidance script does not correctly count findings #276

New Issue

michael · 2026-01-19T18:29:54Z

michael commented

2026-01-19 18:29:54 +00:00

Originally created by @bernstei on GitHub.

From what I can tell, compliance_count tries to count the number of findings, but it just looks through the output of PlistBuddy -c looking for true or false, without checking if those are for the finding or exempt fields:
932a51f3e8/scripts/generate_guidance.py (L671)
As a result, it will miscount findings.

Originally created by @bernstei on GitHub. From what I can tell, `compliance_count` tries to count the number of findings, but it just looks through the output of `PlistBuddy -c` looking for true or false, without checking if those are for the `finding` or `exempt` fields: https://github.com/usnistgov/macos_security/blob/932a51f3e819dd3e02ebfcf3ef433cfffafbe28b/scripts/generate_guidance.py#L671 As a result, it will miscount findings.

michael closed this issue

2026-01-19 18:29:54 +00:00

michael commented

2026-01-19 18:29:54 +00:00

@golbiga commented on GitHub:

Thanks again, it's now checking for "finding = false" so it will no longer count the exempt fields.

@golbiga commented on GitHub: Thanks again, it's now checking for `"finding = false"` so it will no longer count the `exempt` fields.

michael commented

2026-01-19 18:29:54 +00:00

@bernstei commented on GitHub:

Thanks for the quick response.

@bernstei commented on GitHub: Thanks for the quick response.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: usnistgov/macos_security#276