2024-01-25 18:03:44 +00:00
|
|
|
import { ISoftwareVulnerability } from "./software";
|
|
|
|
|
|
2025-08-14 13:30:49 +00:00
|
|
|
export interface IOperatingSystemKernels {
|
|
|
|
|
id: number; // the software version ID of the kernel
|
|
|
|
|
version: string;
|
|
|
|
|
vulnerabilities: string[] | null;
|
|
|
|
|
hosts_count: number;
|
|
|
|
|
}
|
2022-04-05 20:04:00 +00:00
|
|
|
export interface IOperatingSystemVersion {
|
2024-01-31 18:32:45 +00:00
|
|
|
os_version_id: number;
|
2025-08-14 13:30:49 +00:00
|
|
|
/** name often includes "<name> <version>" */
|
2022-04-05 20:04:00 +00:00
|
|
|
name: string;
|
2022-08-15 21:39:00 +00:00
|
|
|
name_only: string;
|
|
|
|
|
version: string;
|
2025-08-14 13:30:49 +00:00
|
|
|
platform: string; // TODO: More specific
|
2022-04-05 20:04:00 +00:00
|
|
|
hosts_count: number;
|
2024-02-06 20:12:09 +00:00
|
|
|
generated_cpes?: string[];
|
2024-01-25 18:03:44 +00:00
|
|
|
vulnerabilities: ISoftwareVulnerability[];
|
os_versions endpoint performance improvements (#34897)
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #34500 and Resolves #33758
Video demo: https://www.youtube.com/watch?v=4HZlKG0G1B0
- Added a new aggregation table
`operating_system_version_vulnerabilities` for faster queries. The table
is currently used only for Linux vulnerabilities, but could be used for
other OS vulnerabilities.
- Added `max_vulnerabilities` parameter per [API
doc](https://github.com/fleetdm/fleet/pull/33533)
- Also added `max_vulnerabilities` parameter to `os_versions/{id}`
endpoint, but not making it public since that endpoint is still slow and
needs other API changes. bug #34974
- Removed `"kernels": []` from `os_versions` endpoint result
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
## Database migrations
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added ability to limit the number of vulnerabilities displayed for
operating system versions via an optional parameter.
* Introduced vulnerability count tracking for operating system versions,
now visible in API responses and UI displays.
* Enhanced operating system vulnerability visualization with improved
count-based rendering.
* **Tests**
* Added comprehensive test coverage for vulnerability limiting behavior
across multiple operating system versions and architectures.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-11-03 19:07:44 +00:00
|
|
|
vulnerabilities_count?: number;
|
2025-08-14 13:30:49 +00:00
|
|
|
kernels: IOperatingSystemKernels[] | [];
|
2022-04-05 20:04:00 +00:00
|
|
|
}
|
2022-08-15 21:39:00 +00:00
|
|
|
|
2024-02-07 02:39:49 +00:00
|
|
|
export type IVulnerabilityOSVersion = Omit<
|
|
|
|
|
IOperatingSystemVersion,
|
|
|
|
|
"vulnerabilities"
|
|
|
|
|
> & { resolved_in_version: string };
|
|
|
|
|
|
2022-08-15 21:39:00 +00:00
|
|
|
export const OS_VENDOR_BY_PLATFORM: Record<string, string> = {
|
|
|
|
|
darwin: "Apple",
|
|
|
|
|
windows: "Microsoft",
|
|
|
|
|
} as const;
|
|
|
|
|
|
|
|
|
|
export const OS_END_OF_LIFE_LINK_BY_PLATFORM: Record<string, string> = {
|
|
|
|
|
darwin: "https://endoflife.date/macos",
|
|
|
|
|
windows: "https://endoflife.date/windows",
|
|
|
|
|
} as const;
|
2022-08-30 15:16:48 +00:00
|
|
|
|
|
|
|
|
export const formatOperatingSystemDisplayName = (name: string) => {
|
|
|
|
|
let displayName = name;
|
|
|
|
|
if (displayName.startsWith("Microsoft Windows")) {
|
|
|
|
|
displayName = displayName.replace("Microsoft Windows", "Windows");
|
|
|
|
|
}
|
|
|
|
|
return displayName;
|
|
|
|
|
};
|