Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/server/datastore/mysql/software_test.go

7956 lines
292 KiB
Go
Raw Normal View History

Migrate all mysql tests to the new form (#1408) * Migrate all mysql tests to the new form * Only dump sql if MYSQL_TEST is on * Removing parallel until we get rid of this code * Move TestMain to an actual _test file * A little experiment with tmpfs to speed up the db * Let's make sure the dump.sql file is also in ram
2021-07-19 21:20:31 +00:00
package mysql
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
import (
Add support for context in datastore/mysql layer (#1962) This is just to pass down the context to the datastore layer, it doesn't use it just yet - this will be in a follow-up PR.
2021-09-14 12:11:07 +00:00
"context"
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
"crypto/sha256"
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
"database/sql"
Add checksum hash unique column to software table. (#15598)
2023-12-12 22:51:58 +00:00
"encoding/hex"
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
"fmt"
"math/rand"
Update new sched query stats if there's already some (#1918) * Update new sched query stats if there's already some * IGNORE if the sched query is not present * Make tests less flaky
2021-09-02 20:39:08 +00:00
"sort"
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
"strings"
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
"testing"
"time"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/fleet"
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
"github.com/fleetdm/fleet/v4/server/ptr"
Add v4 suffix in go.mod (#1224)
2021-06-26 04:46:51 +00:00
"github.com/fleetdm/fleet/v4/server/test"
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
"github.com/fleetdm/fleet/v4/server/vulnerabilities/nvd"
Fixes various bugs with NVD vulnerability detection (#7963) - Improved NVD CPE matching process. - Fixed bug with the 'software/<id>' endpoint not showing the generated_cpe value.
2022-10-04 11:04:48 +00:00
"github.com/fleetdm/fleet/v4/server/vulnerabilities/oval"
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
"github.com/google/uuid"
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
"github.com/jmoiron/sqlx"
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
"golang.org/x/exp/slices"
Fix deadlock when deleting software during data ingestion (#15459) This fixes the deadlock reported in #14779. We found a deadlock in software ingestion during load tests performed in October: ``` 2023-10-26T17:20:41.719627Z 0 [Note] [MY-012468] [InnoDB] Transactions deadlock detected, dumping detailed information. (lock0lock.cc:6482) 2023-10-26T17:20:41.719661Z 0 [Note] [MY-012469] [InnoDB] *** (1) TRANSACTION: (lock0lock.cc:6496) TRANSACTION 3069866646, ACTIVE 0 sec starting index read mysql tables in use 2, locked 2 LOCK WAIT 8 lock struct(s), heap size 1136, 18 row lock(s), undo log entries 10 MySQL thread id 95, OS thread handle 70431326097136, query id 340045 10.12.3.105 fleet executing DELETE FROM software WHERE id IN (165, 79, 344, 47, 212, 21, 60, 127, 173, 145) AND NOT EXISTS ( SELECT 1 FROM host_software hsw WHERE hsw.software_id = software.id ) 2023-10-26T17:20:41.719700Z 0 [Note] [MY-012469] [InnoDB] *** (1) HOLDS THE LOCK(S): (lock0lock.cc:6496) RECORD LOCKS space id 932 page no 8 n bits 256 index PRIMARY of table `fleet`.`software` trx id 3069866646 lock_mode X locks rec but not gap Record lock, heap no 22 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 0000000000000015; asc ;; 1: len 6; hex 0000a74c4a7c; asc LJ|;; 2: len 7; hex 82000000d00264; asc d;; 3: len 26; hex 616e74692d76697275735f666f725f736f70686f735f686f6d65; asc anti-virus_for_sophos_home;; 4: len 5; hex 322e322e36; asc 2.2.6;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 48 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000002f; asc /;; 1: len 6; hex 0000a74c4aad; asc LJ ;; 2: len 7; hex 81000000e30220; asc ;; 3: len 10; hex 7265616c706c61796572; asc realplayer;; 4: len 11; hex 31322e302e312e31373338; asc 12.0.1.1738;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 61 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000003c; asc <;; 1: len 6; hex 0000a74c4afb; asc LJ ;; 2: len 7; hex 820000017501ba; asc u ;; 3: len 7; hex 636f6e6e656374; asc connect;; 4: len 5; hex 332e322e37; asc 3.2.7;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 80 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000004f; asc O;; 1: len 6; hex 0000a74c4b32; asc LK2;; 2: len 7; hex 820000008a01cb; asc ;; 3: len 7; hex 68697063686174; asc hipchat;; 4: len 4; hex 342e3330; asc 4.30;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; 2023-10-26T17:20:41.720564Z 0 [Note] [MY-012469] [InnoDB] *** (1) WAITING FOR THIS LOCK TO BE GRANTED: (lock0lock.cc:6496) RECORD LOCKS space id 695 page no 5994 n bits 1000 index host_software_software_id_fk of table `fleet`.`host_software` trx id 3069866646 lock mode S waiting Record lock, heap no 31 PHYSICAL RECORD: n_fields 2; compact format; info bits 32 0: len 8; hex 000000000000004f; asc O;; 1: len 4; hex 0000000c; asc ;; 2023-10-26T17:20:41.720650Z 0 [Note] [MY-012469] [InnoDB] *** (2) TRANSACTION: (lock0lock.cc:6496) TRANSACTION 3069866680, ACTIVE 0 sec starting index read mysql tables in use 2, locked 2 LOCK WAIT 7 lock struct(s), heap size 1136, 12 row lock(s), undo log entries 8 MySQL thread id 98, OS thread handle 70375801900784, query id 340524 10.12.3.9 fleet executing DELETE FROM software WHERE id IN (49, 113, 183, 187, 223, 79, 81, 116) AND NOT EXISTS ( SELECT 1 FROM host_software hsw WHERE hsw.software_id = software.id ) 2023-10-26T17:20:41.720682Z 0 [Note] [MY-012469] [InnoDB] *** (2) HOLDS THE LOCK(S): (lock0lock.cc:6496) RECORD LOCKS space id 695 page no 5994 n bits 1000 index host_software_software_id_fk of table `fleet`.`host_software` trx id 3069866680 lock_mode X locks rec but not gap Record lock, heap no 31 PHYSICAL RECORD: n_fields 2; compact format; info bits 32 0: len 8; hex 000000000000004f; asc O;; 1: len 4; hex 0000000c; asc ;; 2023-10-26T17:20:41.720760Z 0 [Note] [MY-012469] [InnoDB] *** (2) WAITING FOR THIS LOCK TO BE GRANTED: (lock0lock.cc:6496) RECORD LOCKS space id 932 page no 8 n bits 256 index PRIMARY of table `fleet`.`software` trx id 3069866680 lock_mode X locks rec but not gap waiting Record lock, heap no 80 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000004f; asc O;; 1: len 6; hex 0000a74c4b32; asc LK2;; 2: len 7; hex 820000008a01cb; asc ;; 3: len 7; hex 68697063686174; asc hipchat;; 4: len 4; hex 342e3330; asc 4.30;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; 2023-10-26T17:20:41.720984Z 0 [Note] [MY-012469] [InnoDB] *** WE ROLL BACK TRANSACTION (2) (lock0lock.cc:6496) ``` I was able to reproduce this issue on `main` with the added test. The solution is to remove the deletion (cleanup) of `software` to a separate transaction after the main transaction is done. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2023-12-07 12:34:53 +00:00
"golang.org/x/sync/errgroup"
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
)
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
func TestSoftware(t *testing.T) {
Migrate all mysql tests to the new form (#1408) * Migrate all mysql tests to the new form * Only dump sql if MYSQL_TEST is on * Removing parallel until we get rid of this code * Move TestMain to an actual _test file * A little experiment with tmpfs to speed up the db * Let's make sure the dump.sql file is also in ram
2021-07-19 21:20:31 +00:00
ds := CreateMySQLDS(t)
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
cases := []struct {
name string
fn func(t *testing.T, ds *Datastore)
}{
{"SaveHost", testSoftwareSaveHost},
{"CPE", testSoftwareCPE},
{"HostDuplicates", testSoftwareHostDuplicates},
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
{"DuplicateNameDifferentBundleIdentifier", testSoftwareDuplicateNameDifferentBundleIdentifier},
{"DifferentNameSameBundleIdentifier", testSoftwareDifferentNameSameBundleIdentifier},
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
{"LoadVulnerabilities", testSoftwareLoadVulnerabilities},
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
{"ListSoftwareCPEs", testListSoftwareCPEs},
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
{"NothingChanged", testSoftwareNothingChanged},
{"LoadSupportsTonsOfCVEs", testSoftwareLoadSupportsTonsOfCVEs},
{"List", testSoftwareList},
ensure `software_host_counts` is cleaned when software is deleted (#6270) Related to #5982, this ensures we clean up software_host_counts rows referencing software that is not longer present in the software table.
2022-06-22 20:35:53 +00:00
{"SyncHostsSoftware", testSoftwareSyncHostsSoftware},
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
{"DeleteSoftwareVulnerabilities", testDeleteSoftwareVulnerabilities},
Queue jobs for Jira integration when enabled and new vulnerabilities are found. (#4975)
2022-04-11 20:42:16 +00:00
{"HostsByCVE", testHostsByCVE},
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
{"HostVulnSummariesBySoftwareIDs", testHostVulnSummariesBySoftwareIDs},
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
{"UpdateHostSoftware", testUpdateHostSoftware},
Fix deadlock when deleting software during data ingestion (#15459) This fixes the deadlock reported in #14779. We found a deadlock in software ingestion during load tests performed in October: ``` 2023-10-26T17:20:41.719627Z 0 [Note] [MY-012468] [InnoDB] Transactions deadlock detected, dumping detailed information. (lock0lock.cc:6482) 2023-10-26T17:20:41.719661Z 0 [Note] [MY-012469] [InnoDB] *** (1) TRANSACTION: (lock0lock.cc:6496) TRANSACTION 3069866646, ACTIVE 0 sec starting index read mysql tables in use 2, locked 2 LOCK WAIT 8 lock struct(s), heap size 1136, 18 row lock(s), undo log entries 10 MySQL thread id 95, OS thread handle 70431326097136, query id 340045 10.12.3.105 fleet executing DELETE FROM software WHERE id IN (165, 79, 344, 47, 212, 21, 60, 127, 173, 145) AND NOT EXISTS ( SELECT 1 FROM host_software hsw WHERE hsw.software_id = software.id ) 2023-10-26T17:20:41.719700Z 0 [Note] [MY-012469] [InnoDB] *** (1) HOLDS THE LOCK(S): (lock0lock.cc:6496) RECORD LOCKS space id 932 page no 8 n bits 256 index PRIMARY of table `fleet`.`software` trx id 3069866646 lock_mode X locks rec but not gap Record lock, heap no 22 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 0000000000000015; asc ;; 1: len 6; hex 0000a74c4a7c; asc LJ|;; 2: len 7; hex 82000000d00264; asc d;; 3: len 26; hex 616e74692d76697275735f666f725f736f70686f735f686f6d65; asc anti-virus_for_sophos_home;; 4: len 5; hex 322e322e36; asc 2.2.6;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 48 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000002f; asc /;; 1: len 6; hex 0000a74c4aad; asc LJ ;; 2: len 7; hex 81000000e30220; asc ;; 3: len 10; hex 7265616c706c61796572; asc realplayer;; 4: len 11; hex 31322e302e312e31373338; asc 12.0.1.1738;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 61 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000003c; asc <;; 1: len 6; hex 0000a74c4afb; asc LJ ;; 2: len 7; hex 820000017501ba; asc u ;; 3: len 7; hex 636f6e6e656374; asc connect;; 4: len 5; hex 332e322e37; asc 3.2.7;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 80 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000004f; asc O;; 1: len 6; hex 0000a74c4b32; asc LK2;; 2: len 7; hex 820000008a01cb; asc ;; 3: len 7; hex 68697063686174; asc hipchat;; 4: len 4; hex 342e3330; asc 4.30;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; 2023-10-26T17:20:41.720564Z 0 [Note] [MY-012469] [InnoDB] *** (1) WAITING FOR THIS LOCK TO BE GRANTED: (lock0lock.cc:6496) RECORD LOCKS space id 695 page no 5994 n bits 1000 index host_software_software_id_fk of table `fleet`.`host_software` trx id 3069866646 lock mode S waiting Record lock, heap no 31 PHYSICAL RECORD: n_fields 2; compact format; info bits 32 0: len 8; hex 000000000000004f; asc O;; 1: len 4; hex 0000000c; asc ;; 2023-10-26T17:20:41.720650Z 0 [Note] [MY-012469] [InnoDB] *** (2) TRANSACTION: (lock0lock.cc:6496) TRANSACTION 3069866680, ACTIVE 0 sec starting index read mysql tables in use 2, locked 2 LOCK WAIT 7 lock struct(s), heap size 1136, 12 row lock(s), undo log entries 8 MySQL thread id 98, OS thread handle 70375801900784, query id 340524 10.12.3.9 fleet executing DELETE FROM software WHERE id IN (49, 113, 183, 187, 223, 79, 81, 116) AND NOT EXISTS ( SELECT 1 FROM host_software hsw WHERE hsw.software_id = software.id ) 2023-10-26T17:20:41.720682Z 0 [Note] [MY-012469] [InnoDB] *** (2) HOLDS THE LOCK(S): (lock0lock.cc:6496) RECORD LOCKS space id 695 page no 5994 n bits 1000 index host_software_software_id_fk of table `fleet`.`host_software` trx id 3069866680 lock_mode X locks rec but not gap Record lock, heap no 31 PHYSICAL RECORD: n_fields 2; compact format; info bits 32 0: len 8; hex 000000000000004f; asc O;; 1: len 4; hex 0000000c; asc ;; 2023-10-26T17:20:41.720760Z 0 [Note] [MY-012469] [InnoDB] *** (2) WAITING FOR THIS LOCK TO BE GRANTED: (lock0lock.cc:6496) RECORD LOCKS space id 932 page no 8 n bits 256 index PRIMARY of table `fleet`.`software` trx id 3069866680 lock_mode X locks rec but not gap waiting Record lock, heap no 80 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000004f; asc O;; 1: len 6; hex 0000a74c4b32; asc LK2;; 2: len 7; hex 820000008a01cb; asc ;; 3: len 7; hex 68697063686174; asc hipchat;; 4: len 4; hex 342e3330; asc 4.30;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; 2023-10-26T17:20:41.720984Z 0 [Note] [MY-012469] [InnoDB] *** WE ROLL BACK TRANSACTION (2) (lock0lock.cc:6496) ``` I was able to reproduce this issue on `main` with the added test. The solution is to remove the deletion (cleanup) of `software` to a separate transaction after the main transaction is done. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2023-12-07 12:34:53 +00:00
{"UpdateHostSoftwareDeadlock", testUpdateHostSoftwareDeadlock},
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
{"UpdateHostSoftwareUpdatesSoftware", testUpdateHostSoftwareUpdatesSoftware},
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
{"ListSoftwareByHostIDShort", testListSoftwareByHostIDShort},
fix issue with duplicate vulns detected using nvd (#8613) The OVAL analyzer falsely assumes that any vulnerabilities detected on a host only come from OVAL. However, it is possible that NVD detects vulnerabilities on these hosts even though it excludes software from deb_packages and rpm_packages. For example, a python package twisted v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL analyzer would delete this vulnerability, and it would be re-inserted by the NVD scanner on the next run. This creates a loop. The fix is to only delete vulnerabilities that are actually detected using OVAL. We already store this in the source column in the software_cve table.
2022-11-10 17:28:00 +00:00
{"ListSoftwareVulnerabilitiesByHostIDsSource", testListSoftwareVulnerabilitiesByHostIDsSource},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
{"InsertSoftwareVulnerability", testInsertSoftwareVulnerability},
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
{"ListCVEs", testListCVEs},
Bug 7332: Include software without CPE entries (#7334) When listing software for performing vuln. detection include software without CPE entries.
2022-08-22 15:45:17 +00:00
{"ListSoftwareForVulnDetection", testListSoftwareForVulnDetection},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
{"AllSoftwareIterator", testAllSoftwareIterator},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
{"AllSoftwareIteratorForCustomLinuxImages", testSoftwareIteratorForLinuxKernelCustomImages},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
{"UpsertSoftwareCPEs", testUpsertSoftwareCPEs},
{"DeleteOutOfDateVulnerabilities", testDeleteOutOfDateVulnerabilities},
{"DeleteSoftwareCPEs", testDeleteSoftwareCPEs},
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
{"SoftwareByIDNoDuplicatedVulns", testSoftwareByIDNoDuplicatedVulns},
{"SoftwareByIDIncludesCVEPublishedDate", testSoftwareByIDIncludesCVEPublishedDate},
Add `team_identifier` to macOS software (#23766) Changes to add `team_identifier` signing information to macOS applications on the `/api/latest/fleet/hosts/:id/software` API endpoint. Docs: https://github.com/fleetdm/fleet/pull/23743 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ X Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [X] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Tim Lee <timlee@fleetdm.com> Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-11-15 17:17:04 +00:00
{"GetHostSoftwareInstalledPaths", testGetHostSoftwareInstalledPaths},
{"HostSoftwareInstalledPathsDelta", testHostSoftwareInstalledPathsDelta},
{"DeleteHostSoftwareInstalledPaths", testDeleteHostSoftwareInstalledPaths},
{"InsertHostSoftwareInstalledPaths", testInsertHostSoftwareInstalledPaths},
Add checksum hash unique column to software table. (#15598)
2023-12-12 22:51:58 +00:00
{"VerifySoftwareChecksum", testVerifySoftwareChecksum},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
{"ListHostSoftware", testListHostSoftware},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
{"ListIOSHostSoftware", testListIOSHostSoftware},
de-dup host_software and host_vpp_software_installs (#28185) # Checklist for submitter https://github.com/fleetdm/fleet/issues/28156 If some of the following don't apply, delete the relevant line. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-14 20:27:43 +00:00
{"ListHostSoftwareWithVPPApps", testListHostSoftwareWithVPPApps},
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
{"ListHostSoftwareVPPSelfService", testListHostSoftwareVPPSelfService},
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
{"SetHostSoftwareInstallResult", testSetHostSoftwareInstallResult},
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
{"ListHostSoftwareInstallThenTransferTeam", testListHostSoftwareInstallThenTransferTeam},
{"ListHostSoftwareInstallThenDeleteInstallers", testListHostSoftwareInstallThenDeleteInstallers},
Add Software Vulnerability Filters (#21312)
2024-08-15 18:36:47 +00:00
{"ListSoftwareVersionsVulnerabilityFilters", testListSoftwareVersionsVulnerabilityFilters},
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
{"TestListHostSoftwareWithLabelScoping", testListHostSoftwareWithLabelScoping},
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
{"TestListHostSoftwareVulnerabileAndVPP", testListHostSoftwareVulnerabileAndVPP},
fixing host software tab search (#28216) https://github.com/fleetdm/fleet/issues/28149 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [ ] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-14 20:48:59 +00:00
{"TestListHostSoftwareQuerySearching", testListHostSoftwareQuerySearching},
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
{"TestListHostSoftwareWithLabelScopingVPP", testListHostSoftwareWithLabelScopingVPP},
Non fleet installed software properly filtered by labels (#29116) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-13 23:41:33 +00:00
{"TestListHostSoftwareSelfServiceWithLabelScopingHostInstalled", testListHostSoftwareSelfServiceWithLabelScopingHostInstalled},
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
{"DeletedInstalledSoftware", testDeletedInstalledSoftware},
software categories: backend (#28479) > For #28138 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-02 15:41:26 +00:00
{"SoftwareCategories", testSoftwareCategories},
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
}
for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
t.Helper()
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
defer TruncateTables(t, ds)
c.fn(t, ds)
})
}
}
func testSoftwareSaveHost(t *testing.T, ds *Datastore) {
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
host2 := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software1 := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
}
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software2 := []fleet.Software{
{Name: "foo", Version: "0.0.2", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages", BundleIdentifier: "com.some.identifier"},
{Name: "zoo", Version: "0.0.5", Source: "deb_packages", BundleIdentifier: ""},
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
}
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
getHostSoftware := func(h *fleet.Host) []fleet.Software {
var software []fleet.Software
for _, s := range h.Software {
software = append(software, s.Software)
}
return software
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(context.Background(), host1.ID, software1)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(context.Background(), host2.ID, software2)
require.NoError(t, err)
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
host1Software := getHostSoftware(host1)
test.ElementsMatchSkipIDAndHostCount(t, software1, host1Software)
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
soft1ByID, err := ds.SoftwareByID(context.Background(), host1.HostSoftware.Software[0].ID, nil, false, nil)
Add missing software in list hosts response (#2492)
2021-10-12 18:59:01 +00:00
require.NoError(t, err)
require.NotNil(t, soft1ByID)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
assert.Equal(t, host1Software[0], *soft1ByID)
Add missing software in list hosts response (#2492)
2021-10-12 18:59:01 +00:00
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
host2Software := getHostSoftware(host2)
test.ElementsMatchSkipIDAndHostCount(t, software2, host2Software)
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software1 = []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "towel", Version: "42.0.0", Source: "apps"},
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
}
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software2 = []fleet.Software{}
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(context.Background(), host1.ID, software1)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(context.Background(), host2.ID, software2)
require.NoError(t, err)
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
host1Software = getHostSoftware(host1)
test.ElementsMatchSkipIDAndHostCount(t, software1, host1Software)
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
host2Software = getHostSoftware(host2)
test.ElementsMatchSkipIDAndHostCount(t, software2, host2Software)
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software1 = []fleet.Software{
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "towel", Version: "42.0.0", Source: "apps"},
Issue 1009 calculate diff software (#1305) * First approach to diff * Refactor things for better readability and testing * Remove draft comment for algorithm * Format things a bit better * Remove unused and simplify code a bit * Refactor for readability and testing * Add changes file * Implement new approach based on review comments * Make sure to only delete from the current host * Add single uninstall test and fix code * Improve code based on review
2021-07-08 16:57:43 +00:00
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(context.Background(), host1.ID, software1)
require.NoError(t, err)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
host1Software = getHostSoftware(host1)
test.ElementsMatchSkipIDAndHostCount(t, software1, host1Software)
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software2 = []fleet.Software{
{Name: "foo", Version: "0.0.2", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages", BundleIdentifier: "com.some.identifier"},
{Name: "zoo", Version: "0.0.5", Source: "deb_packages", BundleIdentifier: "com.zoo"}, // "empty" -> "non-empty"
Replace into software to update empty bundle_identifier entries (#2676)
2021-10-26 12:48:25 +00:00
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(context.Background(), host2.ID, software2)
require.NoError(t, err)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
host2Software = getHostSoftware(host2)
test.ElementsMatchSkipIDAndHostCount(t, software2, host2Software)
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software2 = []fleet.Software{
{Name: "foo", Version: "0.0.2", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages", BundleIdentifier: "com.some.other"}, // "non-empty" -> "non-empty"
{Name: "zoo", Version: "0.0.5", Source: "deb_packages", BundleIdentifier: ""}, // non-empty -> empty
Replace into software to update empty bundle_identifier entries (#2676)
2021-10-26 12:48:25 +00:00
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(context.Background(), host2.ID, software2)
require.NoError(t, err)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
host2Software = getHostSoftware(host2)
test.ElementsMatchSkipIDAndHostCount(t, software2, host2Software)
Initial backend software inventory implementation (#678) - Maintain software inventory with detail queries. - Associated database migrations. - Feature flagged off by default (see documentation for details to turn on). - Documentation. - New test helper for slice element comparisons skipping ID.
2021-04-26 15:44:22 +00:00
}
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
func testSoftwareCPE(t *testing.T, ds *Datastore) {
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software1 := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
}
Fixes various bugs with NVD vulnerability detection (#7963) - Improved NVD CPE matching process. - Fixed bug with the 'software/<id>' endpoint not showing the generated_cpe value.
2022-10-04 11:04:48 +00:00
software2 := []fleet.Software{
{Name: "bar", Version: "0.0.3", Source: "deb_packages", BundleIdentifier: "com.some.other"}, // "non-empty" -> "non-empty"
{Name: "zoo", Version: "0.0.5", Source: "rpm_packages", BundleIdentifier: ""}, // non-empty -> empty
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(context.Background(), host1.ID, append(software1, software2...))
Fixes various bugs with NVD vulnerability detection (#7963) - Improved NVD CPE matching process. - Fixed bug with the 'software/<id>' endpoint not showing the generated_cpe value.
2022-10-04 11:04:48 +00:00
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
q := fleet.SoftwareIterQueryOptions{ExcludedSources: oval.SupportedSoftwareSources}
iterator, err := ds.AllSoftwareIterator(context.Background(), q)
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
defer iterator.Close()
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
loops := 0
for iterator.Next() {
software, err := iterator.Value()
require.NoError(t, err)
require.NoError(t, iterator.Err())
require.NotEmpty(t, software.ID)
require.NotEmpty(t, software.Name)
require.NotEmpty(t, software.Version)
require.NotEmpty(t, software.Source)
Fixes various bugs with NVD vulnerability detection (#7963) - Improved NVD CPE matching process. - Fixed bug with the 'software/<id>' endpoint not showing the generated_cpe value.
2022-10-04 11:04:48 +00:00
require.NotEqual(t, software.Name, "bar")
require.NotEqual(t, software.Name, "zoo")
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
if loops > 2 {
t.Error("Looping through more software than we have")
}
loops++
}
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
assert.Equal(t, len(software1), loops)
Add coverage to uncovered mysql code (#1855) * Add coverage to uncovered mysql code * Add deleted method and update mock * Fix test
2021-09-07 16:48:04 +00:00
require.NoError(t, iterator.Close())
Issue 1435 software to cpe (#1488) * WIP * WIP * Make path optional and fix tests * Add first generate * Move to nvd package * remove replace * Re-add replace * It's path, not file name * Change how db path is set and use etag * Fix typos * Make db generation faster * Remove quotes * Doesn't like comments * Samitize etag and save to file * Refactor some things and improve writing of etagenv * Compress file and truncate amount of items for faster testing * Remove quotes * Try to improve performance * Ignore truncate error if not exists * Minor cleanup and make sqlite have cpe prefix * Simplify code and test sync * Add VCR for sync test * Check for nvdRelease nil * Add test for the actual translation * Address review comments * Rename generate command because we'll have a cve one too * Move to its own dir * Address review comments
2021-07-29 16:10:34 +00:00
}
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
func testSoftwareDifferentNameSameBundleIdentifier(t *testing.T, ds *Datastore) {
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
ctx := context.Background()
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
host2 := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
incoming := make(map[string]fleet.Software)
sw, err := fleet.SoftwareFromOsqueryRow("GoLand.app", "2024.3", "apps", "", "", "", "", "com.jetbrains.goland", "", "", "")
require.NoError(t, err)
soft2Key := sw.ToUniqueStr()
incoming[soft2Key] = *sw
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
currentSoftware, incomingChecksumToSoftware, incomingChecksumToTitle, existingBundleIDsToUpdate, err := ds.getExistingSoftware(
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
ctx, make(map[string]fleet.Software), incoming,
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
)
require.NoError(t, err)
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
tx, err := ds.writer(ctx).Beginx()
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
require.NoError(t, err)
_, err = ds.insertNewInstalledHostSoftwareDB(
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
ctx, tx, host1.ID, currentSoftware, incomingChecksumToSoftware, incomingChecksumToTitle, existingBundleIDsToUpdate,
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
)
require.NoError(t, err)
require.NoError(t, tx.Commit())
var software []fleet.Software
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
err = sqlx.SelectContext(ctx, ds.reader(ctx),
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
&software, `SELECT id, name, bundle_identifier, title_id FROM software`,
)
require.NoError(t, err)
require.Len(t, software, 1)
var softwareTitle []fleet.SoftwareTitle
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
err = sqlx.SelectContext(ctx, ds.reader(ctx),
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
&softwareTitle, `SELECT id, name FROM software_titles`,
)
require.NoError(t, err)
require.Len(t, softwareTitle, 1)
incoming = make(map[string]fleet.Software)
sw, err = fleet.SoftwareFromOsqueryRow("GoLand 2.app", "2024.3", "apps", "", "", "", "", "com.jetbrains.goland", "", "", "")
require.NoError(t, err)
soft3Key := sw.ToUniqueStr()
incoming[soft3Key] = *sw
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
currentSoftware, incomingChecksumToSoftware, incomingChecksumToTitle, existingBundleIDsToUpdate, err = ds.getExistingSoftware(
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
ctx, make(map[string]fleet.Software), incoming,
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
)
require.NoError(t, err)
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
require.Len(t, existingBundleIDsToUpdate, 1)
tx, err = ds.writer(ctx).Beginx()
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
require.NoError(t, err)
_, err = ds.insertNewInstalledHostSoftwareDB(
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
ctx, tx, host1.ID, currentSoftware, incomingChecksumToSoftware, incomingChecksumToTitle, existingBundleIDsToUpdate,
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
)
require.NoError(t, err)
require.NoError(t, tx.Commit())
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
err = sqlx.SelectContext(ctx, ds.reader(ctx),
&software, `SELECT id, name, bundle_identifier, title_id FROM software`,
)
require.NoError(t, err)
require.Len(t, software, 1)
require.NotEmpty(t, software[0].TitleID)
// hasn't updated yet because we haven't called updateExistingBundleIDs yet
require.Equal(t, "GoLand.app", software[0].Name)
Revert to first-in-wins on names in the software table (#28581) For #28565. Merged into 4.67.0 via #28569. This lets us cleanly evaluate where we stand and fix forward on top of what's already (about to be) out in the wild. Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-04-25 23:56:47 +00:00
// err = updateExistingBundleIDs(ctx, ds.writer(ctx), host1.ID, existingBundleIDsToUpdate)
// require.NoError(t, err)
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
err = sqlx.SelectContext(ctx, ds.reader(ctx),
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
&software, `SELECT id, name, bundle_identifier, title_id FROM software`,
)
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
require.NoError(t, err)
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
// no duplicate row created
require.Len(t, software, 1)
require.NotEmpty(t, software[0].TitleID)
// software.name is updated now
Revert to first-in-wins on names in the software table (#28581) For #28565. Merged into 4.67.0 via #28569. This lets us cleanly evaluate where we stand and fix forward on top of what's already (about to be) out in the wild. Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-04-25 23:56:47 +00:00
// TODO: rename should happen in the future
// require.Equal(t, "GoLand 2.app", software[0].Name)
require.Equal(t, "GoLand.app", software[0].Name)
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
err = sqlx.SelectContext(ctx, ds.reader(ctx),
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
&softwareTitle, `SELECT id, name FROM software_titles`,
)
require.NoError(t, err)
require.Len(t, softwareTitle, 1)
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
// software_title name isn't updated yet, as vulns job hasn't run yet
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
require.Equal(t, "GoLand.app", softwareTitle[0].Name)
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
// Simulate a vulns run by calling ReconcileSoftwareTitles (the method that actually does the
// renaming of software titles)
err = ds.ReconcileSoftwareTitles(ctx)
require.NoError(t, err)
err = sqlx.SelectContext(ctx, ds.reader(ctx),
&softwareTitle, `SELECT id, name FROM software_titles`,
)
require.NoError(t, err)
require.Len(t, softwareTitle, 1)
Revert to first-in-wins on names in the software table (#28581) For #28565. Merged into 4.67.0 via #28569. This lets us cleanly evaluate where we stand and fix forward on top of what's already (about to be) out in the wild. Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-04-25 23:56:47 +00:00
// TODO: we want this to be renamed eventually
// require.Equal(t, "GoLand 2.app", softwareTitle[0].Name)
require.Equal(t, "GoLand.app", softwareTitle[0].Name)
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
// Now ingest software from host2, with a rename
sw, err = fleet.SoftwareFromOsqueryRow("GoLand 3.app", "2024.3", "apps", "", "", "", "", "com.jetbrains.goland", "", "", "")
require.NoError(t, err)
sw2, err := fleet.SoftwareFromOsqueryRow("SomeOther.app", "1.2.3", "apps", "", "", "", "", "com.some.other", "", "", "")
require.NoError(t, err)
_, err = ds.applyChangesForNewSoftwareDB(ctx, host2.ID, []fleet.Software{*sw, *sw2})
require.NoError(t, err)
err = sqlx.SelectContext(ctx, ds.reader(ctx),
&software, `SELECT id, name, bundle_identifier, title_id FROM software`,
)
require.NoError(t, err)
// there's a new row for the new software, but existing software was renamed
require.Len(t, software, 2)
for _, s := range software {
require.NotEmpty(t, s.TitleID)
// software.name is updated now for GoLand
if s.BundleIdentifier == "com.jetbrains.goland" {
Revert to first-in-wins on names in the software table (#28581) For #28565. Merged into 4.67.0 via #28569. This lets us cleanly evaluate where we stand and fix forward on top of what's already (about to be) out in the wild. Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-04-25 23:56:47 +00:00
// require.Equal(t, "GoLand 3.app", s.Name) // TODO: the name should change eventually
require.Equal(t, "GoLand.app", s.Name)
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
}
}
// Simulate a vulns run by calling ReconcileSoftwareTitles (the method that actually does the
// renaming of software titles)
err = ds.ReconcileSoftwareTitles(ctx)
require.NoError(t, err)
var goland fleet.SoftwareTitle
err = sqlx.GetContext(ctx, ds.reader(ctx),
&goland, `SELECT id, name FROM software_titles WHERE bundle_identifier = 'com.jetbrains.goland'`,
)
require.NoError(t, err)
Revert to first-in-wins on names in the software table (#28581) For #28565. Merged into 4.67.0 via #28569. This lets us cleanly evaluate where we stand and fix forward on top of what's already (about to be) out in the wild. Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2025-04-25 23:56:47 +00:00
// TODO: the name should change eventually
// require.Equal(t, "GoLand 3.app", goland.Name)
require.Equal(t, "GoLand.app", goland.Name)
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
}
func testSoftwareDuplicateNameDifferentBundleIdentifier(t *testing.T, ds *Datastore) {
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
incoming := make(map[string]fleet.Software)
sw, err := fleet.SoftwareFromOsqueryRow("a", "0.0.1", "chrome_extension", "", "", "", "", "bundle_id1", "", "", "")
require.NoError(t, err)
soft2Key := sw.ToUniqueStr()
incoming[soft2Key] = *sw
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
currentSoftware, incomingChecksumToSoftware, incomingChecksumToTitle, _, err := ds.getExistingSoftware(
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
context.Background(), make(map[string]fleet.Software), incoming,
)
require.NoError(t, err)
tx, err := ds.writer(context.Background()).Beginx()
require.NoError(t, err)
_, err = ds.insertNewInstalledHostSoftwareDB(
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
context.Background(), tx, host1.ID, currentSoftware, incomingChecksumToSoftware, incomingChecksumToTitle, map[string]fleet.Software{},
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
)
require.NoError(t, err)
require.NoError(t, tx.Commit())
var software []fleet.Software
err = sqlx.SelectContext(context.Background(), ds.reader(context.Background()),
&software, `SELECT id, name, bundle_identifier, title_id FROM software`,
)
require.NoError(t, err)
require.Len(t, software, 1)
var softwareTitle []fleet.SoftwareTitle
err = sqlx.SelectContext(context.Background(), ds.reader(context.Background()),
&softwareTitle, `SELECT id, name FROM software_titles`,
)
require.NoError(t, err)
require.Len(t, softwareTitle, 1)
incoming = make(map[string]fleet.Software)
sw, err = fleet.SoftwareFromOsqueryRow("a", "0.0.1", "chrome_extension", "", "", "", "", "bundle_id2", "", "", "")
require.NoError(t, err)
soft3Key := sw.ToUniqueStr()
incoming[soft3Key] = *sw
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
currentSoftware, incomingChecksumToSoftware, incomingChecksumToTitle, _, err = ds.getExistingSoftware(
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
context.Background(), make(map[string]fleet.Software), incoming,
)
require.NoError(t, err)
tx, err = ds.writer(context.Background()).Beginx()
require.NoError(t, err)
_, err = ds.insertNewInstalledHostSoftwareDB(
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
context.Background(), tx, host1.ID, currentSoftware, incomingChecksumToSoftware, incomingChecksumToTitle, map[string]fleet.Software{},
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
)
require.NoError(t, err)
require.NoError(t, tx.Commit())
err = sqlx.SelectContext(context.Background(), ds.reader(context.Background()),
&software, `SELECT id, name, bundle_identifier, title_id FROM software`,
)
require.NoError(t, err)
require.Len(t, software, 2)
for _, s := range software {
require.NotEmpty(t, s.TitleID)
}
err = sqlx.SelectContext(context.Background(), ds.reader(context.Background()),
&softwareTitle, `SELECT id, name FROM software_titles`,
)
require.NoError(t, err)
require.Len(t, softwareTitle, 2)
}
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
func testSoftwareHostDuplicates(t *testing.T, ds *Datastore) {
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
Fix software ingestion when fields are larger than supported (#13741) Should fix the issue reported in #12230. For Wireshark, osquery was reporting a `vendor` value larger than what we allowed storing in the `vendor` column (32 bytes). But recently we enlarged the `vendor` column to fit `114` chars. The direct software ingestion routine was inserting a new software entry every time because the incoming software vendor was different to what Fleet had stored in the previous ingestion (`vendor` column trimmed from `The Wireshark developer community, https://www.wireshark.org/` to `The Wireshark developer communit`). I've now made sure that all fields are trimmed as soon as they are received by osquery thus not triggering any re-inserts when any field is larger than what Fleet supports. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-06 20:32:11 +00:00
longName := strings.Repeat("a", fleet.SoftwareNameMaxLength+5)
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
incoming := make(map[string]fleet.Software)
Adding extension_id and browser columns to software table. (#15285) https://github.com/fleetdm/confidential/issues/2118 API doc changes are at: https://github.com/fleetdm/fleet/pull/15092 This change affects Chrome-based and Firefox browsers. I tried Safari, but it appears that latest Safari extensions simply show up as regular apps on macOS. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - Tested detail query changes on macOS, Windows, Ubuntu, and ChromeOS - Tested Chrome, Edge, Brave, and Firefox browsers Testing notes: 1. Install some browser extensions. 2. Update fleet to this change. 3. Refresh hosts, and trigger vulnerabilities job (which updates host software). 4. Do something like `GET https://localhost:8080/api/v1/fleet/software?query=Password%20Manager` to see `extension_id` and `browser` for the hosts that have updated.
2023-12-01 01:06:17 +00:00
sw, err := fleet.SoftwareFromOsqueryRow(longName+"b", "0.0.1", "chrome_extension", "", "", "", "", "", "", "", "")
Fix software ingestion when fields are larger than supported (#13741) Should fix the issue reported in #12230. For Wireshark, osquery was reporting a `vendor` value larger than what we allowed storing in the `vendor` column (32 bytes). But recently we enlarged the `vendor` column to fit `114` chars. The direct software ingestion routine was inserting a new software entry every time because the incoming software vendor was different to what Fleet had stored in the previous ingestion (`vendor` column trimmed from `The Wireshark developer community, https://www.wireshark.org/` to `The Wireshark developer communit`). I've now made sure that all fields are trimmed as soon as they are received by osquery thus not triggering any re-inserts when any field is larger than what Fleet supports. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-06 20:32:11 +00:00
require.NoError(t, err)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
soft2Key := sw.ToUniqueStr()
Fix software ingestion when fields are larger than supported (#13741) Should fix the issue reported in #12230. For Wireshark, osquery was reporting a `vendor` value larger than what we allowed storing in the `vendor` column (32 bytes). But recently we enlarged the `vendor` column to fit `114` chars. The direct software ingestion routine was inserting a new software entry every time because the incoming software vendor was different to what Fleet had stored in the previous ingestion (`vendor` column trimmed from `The Wireshark developer community, https://www.wireshark.org/` to `The Wireshark developer communit`). I've now made sure that all fields are trimmed as soon as they are received by osquery thus not triggering any re-inserts when any field is larger than what Fleet supports. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-06 20:32:11 +00:00
incoming[soft2Key] = *sw
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
incomingByChecksum, existingSoftware, existingTitlesForNewSoftware, _, err := ds.getExistingSoftware(
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
context.Background(), make(map[string]fleet.Software), incoming,
)
require.NoError(t, err)
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
tx, err := ds.writer(context.Background()).Beginx()
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
require.NoError(t, err)
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
_, err = ds.insertNewInstalledHostSoftwareDB(
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
context.Background(), tx, host1.ID, incomingByChecksum, existingSoftware, existingTitlesForNewSoftware, map[string]fleet.Software{},
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
require.NoError(t, tx.Commit())
Fix software ingestion when fields are larger than supported (#13741) Should fix the issue reported in #12230. For Wireshark, osquery was reporting a `vendor` value larger than what we allowed storing in the `vendor` column (32 bytes). But recently we enlarged the `vendor` column to fit `114` chars. The direct software ingestion routine was inserting a new software entry every time because the incoming software vendor was different to what Fleet had stored in the previous ingestion (`vendor` column trimmed from `The Wireshark developer community, https://www.wireshark.org/` to `The Wireshark developer communit`). I've now made sure that all fields are trimmed as soon as they are received by osquery thus not triggering any re-inserts when any field is larger than what Fleet supports. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-06 20:32:11 +00:00
// Check that the software entry was stored for the host.
var software []fleet.Software
err = sqlx.SelectContext(context.Background(), ds.reader(context.Background()),
&software, `SELECT s.id, s.name FROM software s JOIN host_software hs WHERE hs.host_id = ?`,
host1.ID,
)
require.NoError(t, err)
require.Len(t, software, 1)
require.NotZero(t, software[0].ID)
require.Equal(t, strings.Repeat("a", fleet.SoftwareNameMaxLength), software[0].Name)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
incoming = make(map[string]fleet.Software)
Adding extension_id and browser columns to software table. (#15285) https://github.com/fleetdm/confidential/issues/2118 API doc changes are at: https://github.com/fleetdm/fleet/pull/15092 This change affects Chrome-based and Firefox browsers. I tried Safari, but it appears that latest Safari extensions simply show up as regular apps on macOS. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality - Tested detail query changes on macOS, Windows, Ubuntu, and ChromeOS - Tested Chrome, Edge, Brave, and Firefox browsers Testing notes: 1. Install some browser extensions. 2. Update fleet to this change. 3. Refresh hosts, and trigger vulnerabilities job (which updates host software). 4. Do something like `GET https://localhost:8080/api/v1/fleet/software?query=Password%20Manager` to see `extension_id` and `browser` for the hosts that have updated.
2023-12-01 01:06:17 +00:00
sw, err = fleet.SoftwareFromOsqueryRow(longName+"c", "0.0.1", "chrome_extension", "", "", "", "", "", "", "", "")
Fix software ingestion when fields are larger than supported (#13741) Should fix the issue reported in #12230. For Wireshark, osquery was reporting a `vendor` value larger than what we allowed storing in the `vendor` column (32 bytes). But recently we enlarged the `vendor` column to fit `114` chars. The direct software ingestion routine was inserting a new software entry every time because the incoming software vendor was different to what Fleet had stored in the previous ingestion (`vendor` column trimmed from `The Wireshark developer community, https://www.wireshark.org/` to `The Wireshark developer communit`). I've now made sure that all fields are trimmed as soon as they are received by osquery thus not triggering any re-inserts when any field is larger than what Fleet supports. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-06 20:32:11 +00:00
require.NoError(t, err)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
soft3Key := sw.ToUniqueStr()
Fix software ingestion when fields are larger than supported (#13741) Should fix the issue reported in #12230. For Wireshark, osquery was reporting a `vendor` value larger than what we allowed storing in the `vendor` column (32 bytes). But recently we enlarged the `vendor` column to fit `114` chars. The direct software ingestion routine was inserting a new software entry every time because the incoming software vendor was different to what Fleet had stored in the previous ingestion (`vendor` column trimmed from `The Wireshark developer community, https://www.wireshark.org/` to `The Wireshark developer communit`). I've now made sure that all fields are trimmed as soon as they are received by osquery thus not triggering any re-inserts when any field is larger than what Fleet supports. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-06 20:32:11 +00:00
incoming[soft3Key] = *sw
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
incomingByChecksum, existingSoftware, existingTitlesForNewSoftware, _, err = ds.getExistingSoftware(
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
context.Background(), make(map[string]fleet.Software), incoming,
)
require.NoError(t, err)
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
tx, err = ds.writer(context.Background()).Beginx()
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
require.NoError(t, err)
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
_, err = ds.insertNewInstalledHostSoftwareDB(
prevent new host software that is a re-name of existing software from being processed as regular new software (#28286) > For #28264 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 20:17:59 +00:00
context.Background(), tx, host1.ID, incomingByChecksum, existingSoftware, existingTitlesForNewSoftware, map[string]fleet.Software{},
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
require.NoError(t, tx.Commit())
Fix software ingestion when fields are larger than supported (#13741) Should fix the issue reported in #12230. For Wireshark, osquery was reporting a `vendor` value larger than what we allowed storing in the `vendor` column (32 bytes). But recently we enlarged the `vendor` column to fit `114` chars. The direct software ingestion routine was inserting a new software entry every time because the incoming software vendor was different to what Fleet had stored in the previous ingestion (`vendor` column trimmed from `The Wireshark developer community, https://www.wireshark.org/` to `The Wireshark developer communit`). I've now made sure that all fields are trimmed as soon as they are received by osquery thus not triggering any re-inserts when any field is larger than what Fleet supports. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes (docs/Using Fleet/manage-access.md)~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-09-06 20:32:11 +00:00
// Check that the software entry was not modified with the new insert because of the name trimming.
var software2 []fleet.Software
err = sqlx.SelectContext(context.Background(), ds.reader(context.Background()),
&software2, `SELECT s.id, s.name FROM software s JOIN host_software hs WHERE hs.host_id = ?`,
host1.ID,
)
require.NoError(t, err)
require.Len(t, software2, 1)
require.Equal(t, strings.Repeat("a", fleet.SoftwareNameMaxLength), software2[0].Name)
require.Equal(t, software[0].ID, software2[0].ID)
Ignore duplicate host software (#1546) * Insert ignore software if there's a duplicate * Add test for trigger of duplicate host software
2021-08-04 13:12:07 +00:00
}
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
func testSoftwareLoadVulnerabilities(t *testing.T, ds *Datastore) {
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "apps"},
{Name: "blah", Version: "1.0", Source: "apps"},
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(context.Background(), host.ID, software)
require.NoError(t, err)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host, false))
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes := []fleet.SoftwareCPE{
{SoftwareID: host.Software[0].ID, CPE: "somecpe"},
{SoftwareID: host.Software[1].ID, CPE: "someothercpewithoutvulns"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(context.Background(), cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host, false))
vulns := []fleet.SoftwareVulnerability{
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
{SoftwareID: host.Software[0].ID, CVE: "CVE-2022-0001"},
{SoftwareID: host.Software[0].ID, CVE: "CVE-2022-0002"},
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
for _, v := range vulns {
_, err = ds.InsertSoftwareVulnerability(context.Background(), v, fleet.NVDSource)
require.NoError(t, err)
}
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host, false))
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
softByID, err := ds.SoftwareByID(context.Background(), host.HostSoftware.Software[0].ID, nil, false, nil)
Load vulnerabilities alongisde the software (#2518) * Load vulnerabilities alongisde the software * Update docs
2021-10-14 16:51:41 +00:00
require.NoError(t, err)
require.NotNil(t, softByID)
require.Len(t, softByID.Vulnerabilities, 2)
Add createdAt to Vulnerability responses (#20019)
2024-07-09 17:09:16 +00:00
assert.GreaterOrEqual(t, softByID.Vulnerabilities[0].CreatedAt, time.Now().Add(-time.Minute))
Load vulnerabilities alongisde the software (#2518) * Load vulnerabilities alongisde the software * Update docs
2021-10-14 16:51:41 +00:00
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
assert.Equal(t, "somecpe", host.Software[0].GenerateCPE)
require.Len(t, host.Software[0].Vulnerabilities, 2)
Add createdAt to Vulnerability responses (#20019)
2024-07-09 17:09:16 +00:00
sort.Slice(host.Software[0].Vulnerabilities, func(i, j int) bool {
return host.Software[0].Vulnerabilities[i].CVE < host.Software[0].Vulnerabilities[j].CVE
})
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
assert.Equal(t, "CVE-2022-0001", host.Software[0].Vulnerabilities[0].CVE)
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
assert.Equal(t,
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
"https://nvd.nist.gov/vuln/detail/CVE-2022-0001", host.Software[0].Vulnerabilities[0].DetailsLink)
assert.Equal(t, "CVE-2022-0002", host.Software[0].Vulnerabilities[1].CVE)
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
assert.Equal(t,
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
"https://nvd.nist.gov/vuln/detail/CVE-2022-0002", host.Software[0].Vulnerabilities[1].DetailsLink)
Expose vulnerabilities data in host software data (#1555) * Expose vulnerabilities data in host software data * Gather cves and software in one query * Expand the test to cover all cases * Make test less flaky
2021-08-06 17:04:37 +00:00
assert.Equal(t, "someothercpewithoutvulns", host.Software[1].GenerateCPE)
require.Len(t, host.Software[1].Vulnerabilities, 0)
}
Fix build, add missing tests for cpe translations (#1631) * Fix build, add missing tests for cpe translations Also dont fail alltogether if there's one issue translating CPEs, log it and continue * Make it once every hour again * Use MATCH but escape strings
2021-08-11 17:52:09 +00:00
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
func testListSoftwareCPEs(t *testing.T, ds *Datastore) {
ctx := context.Background()
debian := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now())
debian.Platform = "debian"
Enable `errcheck` linter for `golangci-lint` (#8899)
2022-12-05 22:50:49 +00:00
require.NoError(t, ds.UpdateHost(ctx, debian))
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
ubuntu := test.NewHost(t, ds, "host4", "", "host4key", "host4uuid", time.Now())
ubuntu.Platform = "ubuntu"
Enable `errcheck` linter for `golangci-lint` (#8899)
2022-12-05 22:50:49 +00:00
require.NoError(t, ds.UpdateHost(ctx, ubuntu))
Fix build, add missing tests for cpe translations (#1631) * Fix build, add missing tests for cpe translations Also dont fail alltogether if there's one issue translating CPEs, log it and continue * Make it once every hour again * Use MATCH but escape strings
2021-08-11 17:52:09 +00:00
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "apps"},
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
{Name: "biz", Version: "0.0.1", Source: "deb_packages"},
{Name: "baz", Version: "0.0.3", Source: "deb_packages"},
Fix build, add missing tests for cpe translations (#1631) * Fix build, add missing tests for cpe translations Also dont fail alltogether if there's one issue translating CPEs, log it and continue * Make it once every hour again * Use MATCH but escape strings
2021-08-11 17:52:09 +00:00
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, debian.ID, software[:2])
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, debian, false))
Fix build, add missing tests for cpe translations (#1631) * Fix build, add missing tests for cpe translations Also dont fail alltogether if there's one issue translating CPEs, log it and continue * Make it once every hour again * Use MATCH but escape strings
2021-08-11 17:52:09 +00:00
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, ubuntu.ID, software[2:])
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, ubuntu, false))
Fix build, add missing tests for cpe translations (#1631) * Fix build, add missing tests for cpe translations Also dont fail alltogether if there's one issue translating CPEs, log it and continue * Make it once every hour again * Use MATCH but escape strings
2021-08-11 17:52:09 +00:00
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes := []fleet.SoftwareCPE{
{SoftwareID: debian.Software[0].ID, CPE: "cpe1"},
{SoftwareID: debian.Software[1].ID, CPE: "cpe2"},
{SoftwareID: ubuntu.Software[0].ID, CPE: "cpe3"},
{SoftwareID: ubuntu.Software[1].ID, CPE: "cpe4"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes, err = ds.ListSoftwareCPEs(ctx)
Feature 6538: Remove cpe_id from the software_cve table (#6587) * Don't insert dummy values for non-match CPEs, exclude OVAL platforms when getting software iterator. * Removed CPEID from SoftwareVulnerability type and software_cve.cpe_id column. * Removed GeneratedCPEID property
2022-08-24 17:10:58 +00:00
expected := []string{
"cpe1", "cpe2", "cpe3", "cpe4",
}
var actual []string
for _, v := range cpes {
actual = append(actual, v.CPE)
}
require.NoError(t, err)
assert.ElementsMatch(t, actual, expected)
Fix build, add missing tests for cpe translations (#1631) * Fix build, add missing tests for cpe translations Also dont fail alltogether if there's one issue translating CPEs, log it and continue * Make it once every hour again * Use MATCH but escape strings
2021-08-11 17:52:09 +00:00
}
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
func testSoftwareNothingChanged(t *testing.T, ds *Datastore) {
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
cases := []struct {
desc string
current []fleet.Software
incoming []fleet.Software
want bool
}{
{"both nil", nil, nil, true},
{"different len", nil, []fleet.Software{{}}, false},
{
"identical",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}},
true,
},
{
"different version",
[]fleet.Software{{Name: "A", Version: "1.1", Source: "ASD"}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}},
false,
},
{
"new software",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}, {Name: "B", Version: "1.0", Source: "ASD"}},
false,
},
{
"removed software",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}, {Name: "B", Version: "1.0", Source: "ASD"}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}},
false,
},
{
"identical with similar last open",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now())}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now())}},
true,
},
{
"identical with no new last open",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now())}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}},
true,
},
{
"identical but added last open",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now())}},
false,
},
{
"identical but significantly changed last open",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now().Add(-365 * 24 * time.Hour))}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now())}},
false,
},
{
"identical but insignificantly changed last open",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now().Add(-time.Second))}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now())}},
true,
},
Improved software ingestion performance by deduplicating incoming software. (#19325) #11942 To check if you have duplicate software, install multiple python versions, like: ```shell brew install python@3.11 brew install python@3.12 ``` Then query: `SELECT * FROM python_packages` to see the packages with the same versions but different paths. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-30 18:14:49 +00:00
{
"identical with duplicates incoming",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}},
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD"}, {Name: "A", Version: "1.0", Source: "ASD"}},
true,
},
{
"identical with duplicates incoming and insignificantly changed last open",
[]fleet.Software{{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now().Add(-time.Second))}},
[]fleet.Software{
{Name: "A", Version: "1.0", Source: "ASD"},
{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now().Add(-time.Hour))},
{Name: "A", Version: "1.0", Source: "ASD", LastOpenedAt: ptr.Time(time.Now())},
},
true,
},
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
}
for _, c := range cases {
t.Run(c.desc, func(t *testing.T) {
Improved software ingestion performance by deduplicating incoming software. (#19325) #11942 To check if you have duplicate software, install multiple python versions, like: ```shell brew install python@3.11 brew install python@3.12 ``` Then query: `SELECT * FROM python_packages` to see the packages with the same versions but different paths. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-30 18:14:49 +00:00
current, incoming, got := nothingChanged(c.current, c.incoming, defaultMinLastOpenedAtDiff)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
if c.want {
Improved software ingestion performance by deduplicating incoming software. (#19325) #11942 To check if you have duplicate software, install multiple python versions, like: ```shell brew install python@3.11 brew install python@3.12 ``` Then query: `SELECT * FROM python_packages` to see the packages with the same versions but different paths. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-30 18:14:49 +00:00
assert.True(t, got)
assert.Equal(t, len(current), len(incoming))
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
} else {
Improved software ingestion performance by deduplicating incoming software. (#19325) #11942 To check if you have duplicate software, install multiple python versions, like: ```shell brew install python@3.11 brew install python@3.12 ``` Then query: `SELECT * FROM python_packages` to see the packages with the same versions but different paths. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-30 18:14:49 +00:00
assert.False(t, got)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
}
Improved software ingestion performance by deduplicating incoming software. (#19325) #11942 To check if you have duplicate software, install multiple python versions, like: ```shell brew install python@3.11 brew install python@3.12 ``` Then query: `SELECT * FROM python_packages` to see the packages with the same versions but different paths. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-30 18:14:49 +00:00
assert.Equal(t, len(c.current), len(current))
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
})
}
Add coverage to uncovered mysql code (#1855) * Add coverage to uncovered mysql code * Add deleted method and update mock * Fix test
2021-09-07 16:48:04 +00:00
}
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
func generateCVEMeta(n int) fleet.CVEMeta {
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
CVEID := fmt.Sprintf("CVE-2022-%05d", n)
cvssScore := ptr.Float64(rand.Float64() * 10)
epssProbability := ptr.Float64(rand.Float64())
cisaKnownExploit := ptr.Bool(rand.Intn(2) == 1)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
return fleet.CVEMeta{
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
CVE: CVEID,
CVSSScore: cvssScore,
EPSSProbability: epssProbability,
CISAKnownExploit: cisaKnownExploit,
}
}
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
func testSoftwareLoadSupportsTonsOfCVEs(t *testing.T, ds *Datastore) {
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "apps"},
{Name: "blah", Version: "1.0", Source: "apps"},
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(context.Background(), host.ID, software)
require.NoError(t, err)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host, false))
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
Update new sched query stats if there's already some (#1918) * Update new sched query stats if there's already some * IGNORE if the sched query is not present * Make tests less flaky
2021-09-02 20:39:08 +00:00
sort.Slice(host.Software, func(i, j int) bool { return host.Software[i].Name < host.Software[j].Name })
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes := []fleet.SoftwareCPE{
{SoftwareID: host.Software[1].ID, CPE: "someothercpewithoutvulns"},
{SoftwareID: host.Software[0].ID, CPE: "somecpe"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(context.Background(), cpes)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
require.NoError(t, err)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
var cveMeta []fleet.CVEMeta
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
for i := 0; i < 1000; i++ {
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
cveMeta = append(cveMeta, generateCVEMeta(i))
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
}
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
err = ds.InsertCVEMeta(context.Background(), cveMeta)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
require.NoError(t, err)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
values := strings.TrimSuffix(strings.Repeat("(?, ?), ", len(cveMeta)), ", ")
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
query := `INSERT INTO software_cve (software_id, cve) VALUES ` + values
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
var args []interface{}
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
for _, cve := range cveMeta {
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
args = append(args, host.Software[0].ID, cve.CVE)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
}
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
_, err = ds.writer(context.Background()).ExecContext(context.Background(), query, args...)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
require.NoError(t, err)
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host, false))
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
for _, software := range host.Software {
switch software.Name {
Update new sched query stats if there's already some (#1918) * Update new sched query stats if there's already some * IGNORE if the sched query is not present * Make tests less flaky
2021-09-02 20:39:08 +00:00
case "bar":
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
assert.Equal(t, "somecpe", software.GenerateCPE)
require.Len(t, software.Vulnerabilities, 1000)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
assert.True(t, strings.HasPrefix(software.Vulnerabilities[0].CVE, "CVE-"))
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
assert.Equal(t,
"https://nvd.nist.gov/vuln/detail/"+software.Vulnerabilities[0].CVE,
software.Vulnerabilities[0].DetailsLink,
)
Update new sched query stats if there's already some (#1918) * Update new sched query stats if there's already some * IGNORE if the sched query is not present * Make tests less flaky
2021-09-02 20:39:08 +00:00
case "blah":
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
assert.Len(t, software.Vulnerabilities, 0)
assert.Equal(t, "someothercpewithoutvulns", software.GenerateCPE)
Update new sched query stats if there's already some (#1918) * Update new sched query stats if there's already some * IGNORE if the sched query is not present * Make tests less flaky
2021-09-02 20:39:08 +00:00
case "foo":
Group concat limit (#1860) * wiup * Decouple software select in two * Add changes file * Add missing error check
2021-08-30 19:07:24 +00:00
assert.Len(t, software.Vulnerabilities, 0)
}
}
}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
Improve performance of the Go test suite (#2060) Closes #1805
2021-09-20 18:09:38 +00:00
func testSoftwareList(t *testing.T, ds *Datastore) {
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
host2 := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
host3 := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now())
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software1 := []fleet.Software{
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
}
Improved Datastore usage of osquery hosts requests (#3601) * WIP * Amend tests * Do not load aggregated stats for packs * Add option to host lite * Fix remaining TODOs * Fix osquery_utils tests * Fix SQL * Fix SQL (bis) * Restore AuthenticateHost to load once * Code improvements and re-add deferred host save * More fixes to the PR * Wrap users table update on tx * Add caching to ListPacksForHost and ListScheduledQueriesInPack * Remove SaveHostSoftware (replaced by UpdateHostSoftware) * Add unit tests for new functionality * Add changes file * Fix scheduled queries test
2022-01-18 01:52:09 +00:00
software2 := []fleet.Software{
{Name: "foo", Version: "v0.0.2", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages"},
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
}
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
software3 := []fleet.Software{
{Name: "baz", Version: "0.0.1", Source: "deb_packages"},
}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(context.Background(), host1.ID, software1)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(context.Background(), host2.ID, software2)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(context.Background(), host3.ID, software3)
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
require.NoError(t, ds.LoadHostSoftware(context.Background(), host3, false))
Ignore empty host users or software inventory (#2317) * Ignore empty host users or software inventory * Only store additional if it's not nil * Update label/policy updated at when we record the executions and skip saving host * Update changes file
2021-10-01 21:27:57 +00:00
sort.Slice(host1.Software, func(i, j int) bool {
return host1.Software[i].Name+host1.Software[i].Version < host1.Software[j].Name+host1.Software[j].Version
})
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes := []fleet.SoftwareCPE{
{SoftwareID: host1.Software[0].ID, CPE: "somecpe"},
{SoftwareID: host1.Software[1].ID, CPE: "someothercpewithoutvulns"},
{SoftwareID: host3.Software[0].ID, CPE: "somecpe2"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(context.Background(), cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
require.NoError(t, ds.LoadHostSoftware(context.Background(), host3, false))
sort.Slice(host1.Software, func(i, j int) bool {
return host1.Software[i].Name+host1.Software[i].Version < host1.Software[j].Name+host1.Software[j].Version
})
vulns := []fleet.SoftwareVulnerability{
15254 oval scan err (#15499)
2023-12-14 17:39:28 +00:00
{SoftwareID: host1.Software[0].ID, CVE: "CVE-2022-0001", ResolvedInVersion: ptr.String("2.0.0")},
{SoftwareID: host1.Software[0].ID, CVE: "CVE-2022-0002", ResolvedInVersion: ptr.String("2.0.0")},
{SoftwareID: host3.Software[0].ID, CVE: "CVE-2022-0003", ResolvedInVersion: ptr.String("2.0.0")},
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
for _, v := range vulns {
_, err = ds.InsertSoftwareVulnerability(context.Background(), v, fleet.NVDSource)
require.NoError(t, err)
}
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
now := time.Now().UTC().Truncate(time.Second)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
cveMeta := []fleet.CVEMeta{
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
{
CVE: "CVE-2022-0001",
CVSSScore: ptr.Float64(2.0),
EPSSProbability: ptr.Float64(0.01),
CISAKnownExploit: ptr.Bool(false),
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
Published: ptr.Time(now.Add(-2 * time.Hour)),
Add Description text to CVE Metadata (#13856)
2023-09-15 17:24:10 +00:00
Description: "this is a description for CVE-2022-0001",
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
},
{
CVE: "CVE-2022-0002",
CVSSScore: ptr.Float64(1.0),
EPSSProbability: ptr.Float64(0.99),
CISAKnownExploit: ptr.Bool(false),
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
Published: ptr.Time(now),
Add Description text to CVE Metadata (#13856)
2023-09-15 17:24:10 +00:00
Description: "this is a description for CVE-2022-0002",
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
},
{
CVE: "CVE-2022-0003",
CVSSScore: ptr.Float64(3.0),
EPSSProbability: ptr.Float64(0.98),
CISAKnownExploit: ptr.Bool(true),
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
Published: ptr.Time(now.Add(-1 * time.Hour)),
Add Description text to CVE Metadata (#13856)
2023-09-15 17:24:10 +00:00
Description: "this is a description for CVE-2022-0003",
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
},
}
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
err = ds.InsertCVEMeta(context.Background(), cveMeta)
Trigger webhooks for recently published vulnerabilities (#3941)
2022-02-02 21:34:37 +00:00
require.NoError(t, err)
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
foo001 := fleet.Software{
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
Name: "foo",
Version: "0.0.1",
Source: "chrome_extensions",
GenerateCPE: "somecpe",
Vulnerabilities: fleet.Vulnerabilities{
{
Add version_resolved_in to software API (#13939)
2023-09-18 22:53:32 +00:00
CVE: "CVE-2022-0001",
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2022-0001",
CVSSScore: ptr.Float64Ptr(2.0),
EPSSProbability: ptr.Float64Ptr(0.01),
CISAKnownExploit: ptr.BoolPtr(false),
CVEPublished: ptr.TimePtr(now.Add(-2 * time.Hour)),
Description: ptr.StringPtr("this is a description for CVE-2022-0001"),
ResolvedInVersion: ptr.StringPtr("2.0.0"),
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
},
{
Add version_resolved_in to software API (#13939)
2023-09-18 22:53:32 +00:00
CVE: "CVE-2022-0002",
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2022-0002",
CVSSScore: ptr.Float64Ptr(1.0),
EPSSProbability: ptr.Float64Ptr(0.99),
CISAKnownExploit: ptr.BoolPtr(false),
CVEPublished: ptr.TimePtr(now),
Description: ptr.StringPtr("this is a description for CVE-2022-0002"),
ResolvedInVersion: ptr.StringPtr("2.0.0"),
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
},
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
},
}
Remove host counts from software (#3082) * Remove host counts from software * Actually remove the host count from the struct * Fix get test
2021-11-23 18:50:51 +00:00
foo002 := fleet.Software{Name: "foo", Version: "v0.0.2", Source: "chrome_extensions"}
foo003 := fleet.Software{Name: "foo", Version: "0.0.3", Source: "chrome_extensions", GenerateCPE: "someothercpewithoutvulns"}
bar003 := fleet.Software{Name: "bar", Version: "0.0.3", Source: "deb_packages"}
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
baz001 := fleet.Software{
Name: "baz",
Version: "0.0.1",
Source: "deb_packages",
GenerateCPE: "somecpe2",
Vulnerabilities: fleet.Vulnerabilities{
{
Add version_resolved_in to software API (#13939)
2023-09-18 22:53:32 +00:00
CVE: "CVE-2022-0003",
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2022-0003",
CVSSScore: ptr.Float64Ptr(3.0),
EPSSProbability: ptr.Float64Ptr(0.98),
CISAKnownExploit: ptr.BoolPtr(true),
CVEPublished: ptr.TimePtr(now.Add(-1 * time.Hour)),
Description: ptr.StringPtr("this is a description for CVE-2022-0003"),
ResolvedInVersion: ptr.StringPtr("2.0.0"),
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
},
},
}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
require.NoError(t, ds.SyncHostsSoftware(context.Background(), time.Now()))
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
t.Run("lists everything", func(t *testing.T) {
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name,version",
},
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 5, 5, opts, false)
expected := []fleet.Software{bar003, baz001, foo001, foo002, foo003}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
test.ElementsMatchSkipID(t, software, expected)
})
t.Run("paginates", func(t *testing.T) {
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
Add pagination meta to software versions endpoint (#15550)
2023-12-12 18:24:20 +00:00
Page: 1,
PerPage: 1,
OrderKey: "version",
IncludeMetadata: true,
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
},
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 1, 5, opts, true)
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
require.Len(t, software, 1)
var expected []fleet.Software
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
// Both foo001 and baz001 have the same version, thus we check which one the database picked
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
// for the second page.
if software[0].Name == "foo" {
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
expected = []fleet.Software{foo001}
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
} else {
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
expected = []fleet.Software{baz001}
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
test.ElementsMatchSkipID(t, software, expected)
})
t.Run("filters by team", func(t *testing.T) {
team1, err := ds.NewTeam(context.Background(), &fleet.Team{Name: "team1"})
require.NoError(t, err)
require.NoError(t, ds.AddHostsToTeam(context.Background(), &team1.ID, []uint{host1.ID}))
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
require.NoError(t, ds.SyncHostsSoftware(context.Background(), time.Now()))
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "version",
},
TeamID: &team1.ID,
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 2, 2, opts, true)
Remove host counts from software (#3082) * Remove host counts from software * Actually remove the host count from the struct * Fix get test
2021-11-23 18:50:51 +00:00
expected := []fleet.Software{foo001, foo003}
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
test.ElementsMatchSkipID(t, software, expected)
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
// Now that we have the software, we can test pagination.
// Figure out which software has the highest ID.
targetSoftware := software[0]
if targetSoftware.ID < software[1].ID {
targetSoftware = software[1]
}
expected = []fleet.Software{foo001}
if targetSoftware.Name == "foo" && targetSoftware.Version == "0.0.3" {
expected = []fleet.Software{foo003}
}
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
opts = fleet.SoftwareListOptions{
Fix flaky TestSoftware/filters_by_team_and_paginates (#2835)
2021-11-08 16:07:42 +00:00
ListOptions: fleet.ListOptions{
Add pagination meta to software versions endpoint (#15550)
2023-12-12 18:24:20 +00:00
PerPage: 1,
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
Page: 1, // 2nd item, since 1st item is on page 0
Add pagination meta to software versions endpoint (#15550)
2023-12-12 18:24:20 +00:00
OrderKey: "id",
IncludeMetadata: true,
Fix flaky TestSoftware/filters_by_team_and_paginates (#2835)
2021-11-08 16:07:42 +00:00
},
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
TeamID: &team1.ID,
IncludeCVEScores: true,
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
}
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
software = listSoftwareCheckCount(t, ds, 1, 2, opts, true)
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
test.ElementsMatchSkipID(t, software, expected)
})
Add vulnerable filter for software and also wire up the query search (#2604) * Add vulnerable filter for software and also wire up the query search * Add documentation * Update to use software list options
2021-10-20 21:01:20 +00:00
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
t.Run("filters by no team (team 0)", func(t *testing.T) {
opts := fleet.SoftwareListOptions{
TeamID: ptr.Uint(0),
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 4, 4, opts, true)
expected := []fleet.Software{bar003, baz001, foo002, foo003}
test.ElementsMatchSkipID(t, software, expected)
})
Add vulnerable filter for software and also wire up the query search (#2604) * Add vulnerable filter for software and also wire up the query search * Add documentation * Update to use software list options
2021-10-20 21:01:20 +00:00
t.Run("filters vulnerable software", func(t *testing.T) {
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name",
},
VulnerableOnly: true,
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 2, 2, opts, true)
expected := []fleet.Software{foo001, baz001}
Add vulnerable filter for software and also wire up the query search (#2604) * Add vulnerable filter for software and also wire up the query search * Add documentation * Update to use software list options
2021-10-20 21:01:20 +00:00
test.ElementsMatchSkipID(t, software, expected)
})
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
t.Run("filters by CVE", func(t *testing.T) {
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
MatchQuery: "CVE-2022-0001",
},
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 1, 1, opts, true)
Add filter software by CVE and make osquery-perf also push vulnerable software (#3902) * Add filter software by CVE and make osquery-perf also push vulnerable software * Update based on review comments
2022-01-28 13:05:11 +00:00
expected := []fleet.Software{foo001}
test.ElementsMatchSkipID(t, software, expected)
Added ListOptions validation to fleet/software endpoint. (#14838) #14554 For the following endpoints: /api/v1/fleet/software /api/v1/fleet/software/count - added validation on `page`, `per_page`, `order_key`, `order_direction` -- invalid values will now return 400 HTTP status code # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2023-11-01 14:56:27 +00:00
opts.ListOptions.MatchQuery = "CVE-2022-0002"
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
software = listSoftwareCheckCount(t, ds, 1, 1, opts, true)
Add filter software by CVE and make osquery-perf also push vulnerable software (#3902) * Add filter software by CVE and make osquery-perf also push vulnerable software * Update based on review comments
2022-01-28 13:05:11 +00:00
expected = []fleet.Software{foo001}
test.ElementsMatchSkipID(t, software, expected)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
// partial CVE
Added ListOptions validation to fleet/software endpoint. (#14838) #14554 For the following endpoints: /api/v1/fleet/software /api/v1/fleet/software/count - added validation on `page`, `per_page`, `order_key`, `order_direction` -- invalid values will now return 400 HTTP status code # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2023-11-01 14:56:27 +00:00
opts.ListOptions.MatchQuery = "0002"
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
software = listSoftwareCheckCount(t, ds, 1, 1, opts, true)
Add filter software by CVE and make osquery-perf also push vulnerable software (#3902) * Add filter software by CVE and make osquery-perf also push vulnerable software * Update based on review comments
2022-01-28 13:05:11 +00:00
expected = []fleet.Software{foo001}
test.ElementsMatchSkipID(t, software, expected)
// unknown CVE
Added ListOptions validation to fleet/software endpoint. (#14838) #14554 For the following endpoints: /api/v1/fleet/software /api/v1/fleet/software/count - added validation on `page`, `per_page`, `order_key`, `order_direction` -- invalid values will now return 400 HTTP status code # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2023-11-01 14:56:27 +00:00
opts.ListOptions.MatchQuery = "CVE-2022-0000"
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
listSoftwareCheckCount(t, ds, 0, 0, opts, true)
Add filter software by CVE and make osquery-perf also push vulnerable software (#3902) * Add filter software by CVE and make osquery-perf also push vulnerable software * Update based on review comments
2022-01-28 13:05:11 +00:00
})
Add vulnerable filter for software and also wire up the query search (#2604) * Add vulnerable filter for software and also wire up the query search * Add documentation * Update to use software list options
2021-10-20 21:01:20 +00:00
t.Run("filters by query", func(t *testing.T) {
Try `goqu` as sql builder on `listSoftwareDB` (#2773) * Try goqu as sql builder on listSoftwareDB * Fix case insensitive search and add test
2021-11-04 18:21:39 +00:00
// query by name (case insensitive)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
MatchQuery: "baR",
},
}
software := listSoftwareCheckCount(t, ds, 1, 1, opts, true)
Add vulnerable filter for software and also wire up the query search (#2604) * Add vulnerable filter for software and also wire up the query search * Add documentation * Update to use software list options
2021-10-20 21:01:20 +00:00
expected := []fleet.Software{bar003}
test.ElementsMatchSkipID(t, software, expected)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
Try `goqu` as sql builder on `listSoftwareDB` (#2773) * Try goqu as sql builder on listSoftwareDB * Fix case insensitive search and add test
2021-11-04 18:21:39 +00:00
// query by version
Added ListOptions validation to fleet/software endpoint. (#14838) #14554 For the following endpoints: /api/v1/fleet/software /api/v1/fleet/software/count - added validation on `page`, `per_page`, `order_key`, `order_direction` -- invalid values will now return 400 HTTP status code # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2023-11-01 14:56:27 +00:00
opts.ListOptions.MatchQuery = "0.0.3"
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
software = listSoftwareCheckCount(t, ds, 2, 2, opts, true)
Try `goqu` as sql builder on `listSoftwareDB` (#2773) * Try goqu as sql builder on listSoftwareDB * Fix case insensitive search and add test
2021-11-04 18:21:39 +00:00
expected = []fleet.Software{foo003, bar003}
test.ElementsMatchSkipID(t, software, expected)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
Try `goqu` as sql builder on `listSoftwareDB` (#2773) * Try goqu as sql builder on listSoftwareDB * Fix case insensitive search and add test
2021-11-04 18:21:39 +00:00
// query by version (case insensitive)
Added ListOptions validation to fleet/software endpoint. (#14838) #14554 For the following endpoints: /api/v1/fleet/software /api/v1/fleet/software/count - added validation on `page`, `per_page`, `order_key`, `order_direction` -- invalid values will now return 400 HTTP status code # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2023-11-01 14:56:27 +00:00
opts.ListOptions.MatchQuery = "V0.0.2"
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
software = listSoftwareCheckCount(t, ds, 1, 1, opts, true)
Try `goqu` as sql builder on `listSoftwareDB` (#2773) * Try goqu as sql builder on listSoftwareDB * Fix case insensitive search and add test
2021-11-04 18:21:39 +00:00
expected = []fleet.Software{foo002}
test.ElementsMatchSkipID(t, software, expected)
Add vulnerable filter for software and also wire up the query search (#2604) * Add vulnerable filter for software and also wire up the query search * Add documentation * Update to use software list options
2021-10-20 21:01:20 +00:00
})
Add host count to software API (#2879) * Add host count to software API * Update docs * Update fleetctl tests to account for host counts * Update docs to mention host_count special case * Update func comment
2021-11-11 11:49:17 +00:00
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
t.Run("order by name and id", func(t *testing.T) {
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name,id",
OrderDirection: fleet.OrderAscending,
},
}
software := listSoftwareCheckCount(t, ds, 5, 5, opts, false)
Remove host counts from software (#3082) * Remove host counts from software * Actually remove the host count from the struct * Fix get test
2021-11-23 18:50:51 +00:00
assert.Equal(t, bar003.Name, software[0].Name)
assert.Equal(t, bar003.Version, software[0].Version)
Allow sort by more than one key (#2987) * Allow sort by more than one key * Add test for multi sort * Expand documentation
2021-11-17 19:37:26 +00:00
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
assert.Equal(t, baz001.Name, software[1].Name)
assert.Equal(t, baz001.Version, software[1].Version)
// foo's ordered by id, descending
Remove host counts from software (#3082) * Remove host counts from software * Actually remove the host count from the struct * Fix get test
2021-11-23 18:50:51 +00:00
assert.Greater(t, software[3].ID, software[2].ID)
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
assert.Greater(t, software[4].ID, software[3].ID)
Add host count to software API (#2879) * Add host count to software API * Update docs * Update fleetctl tests to account for host counts * Update docs to mention host_count special case * Update func comment
2021-11-11 11:49:17 +00:00
})
Add `hosts_count` field to "list software" endpoint (#3873)
2022-01-26 14:47:56 +00:00
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
t.Run("order by hosts_count", func(t *testing.T) {
software := listSoftwareCheckCount(t, ds, 5, 5, fleet.SoftwareListOptions{ListOptions: fleet.ListOptions{OrderKey: "hosts_count", OrderDirection: fleet.OrderDescending}, WithHostCounts: true}, false)
Add `hosts_count` field to "list software" endpoint (#3873)
2022-01-26 14:47:56 +00:00
// ordered by counts descending, so foo003 is first
assert.Equal(t, foo003.Name, software[0].Name)
assert.Equal(t, 2, software[0].HostsCount)
})
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
t.Run("order by epss_probability", func(t *testing.T) {
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "epss_probability",
OrderDirection: fleet.OrderDescending,
},
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 5, 5, opts, false)
assert.Equal(t, foo001.Name, software[0].Name)
assert.Equal(t, foo001.Version, software[0].Version)
})
t.Run("order by cvss_score", func(t *testing.T) {
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "cvss_score",
OrderDirection: fleet.OrderDescending,
},
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 5, 5, opts, false)
assert.Equal(t, baz001.Name, software[0].Name)
assert.Equal(t, baz001.Version, software[0].Version)
})
t.Run("order by cisa_known_exploit", func(t *testing.T) {
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "cisa_known_exploit",
OrderDirection: fleet.OrderDescending,
},
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 5, 5, opts, false)
assert.Equal(t, baz001.Name, software[0].Name)
assert.Equal(t, baz001.Version, software[0].Version)
})
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
t.Run("order by cve_published", func(t *testing.T) {
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "cve_published",
OrderDirection: fleet.OrderDescending,
},
IncludeCVEScores: true,
}
software := listSoftwareCheckCount(t, ds, 5, 5, opts, false)
assert.Equal(t, foo001.Name, software[0].Name)
assert.Equal(t, foo001.Version, software[0].Version)
})
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
t.Run("nil cve scores if IncludeCVEScores is false", func(t *testing.T) {
opts := fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name,version",
OrderDirection: fleet.OrderDescending,
},
IncludeCVEScores: false,
}
software := listSoftwareCheckCount(t, ds, 5, 5, opts, false)
for _, s := range software {
for _, vuln := range s.Vulnerabilities {
assert.Nil(t, vuln.CVSSScore)
assert.Nil(t, vuln.EPSSProbability)
assert.Nil(t, vuln.CISAKnownExploit)
}
}
})
Implement fleetctl get software and the underlying API (#1999) * Implement fleetctl get software and the underlying API * Add documentation * Simplify list software implementation * Lint fixes * Make team name unique * Address review comments * Fix lint * Fix tests
2021-09-14 13:58:48 +00:00
}
Add software count API (#3105) * Add software count API * Fix makefile * Fine no mock generating at this point * Actually, one last try * Use go install instead * Fix go sum/mod * Improve documentation * Try setting node to 14
2021-12-03 13:54:17 +00:00
Add `hosts_count` field to "list software" endpoint (#3873)
2022-01-26 14:47:56 +00:00
func listSoftwareCheckCount(t *testing.T, ds *Datastore, expectedListCount int, expectedFullCount int, opts fleet.SoftwareListOptions, returnSorted bool) []fleet.Software {
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
t.Helper()
Add pagination meta to software versions endpoint (#15550)
2023-12-12 18:24:20 +00:00
software, meta, err := ds.ListSoftware(context.Background(), opts)
Add software count API (#3105) * Add software count API * Fix makefile * Fine no mock generating at this point * Actually, one last try * Use go install instead * Fix go sum/mod * Improve documentation * Try setting node to 14
2021-12-03 13:54:17 +00:00
require.NoError(t, err)
require.Len(t, software, expectedListCount)
count, err := ds.CountSoftware(context.Background(), opts)
require.NoError(t, err)
require.Equal(t, expectedFullCount, count)
Add pagination meta to software versions endpoint (#15550)
2023-12-12 18:24:20 +00:00
if opts.ListOptions.IncludeMetadata {
require.NotNil(t, meta)
if expectedListCount == expectedFullCount {
require.False(t, meta.HasPreviousResults)
require.True(t, meta.HasNextResults)
}
if expectedFullCount > expectedListCount {
shouldHavePrevious := opts.ListOptions.Page > 0
require.Equal(t, shouldHavePrevious, meta.HasPreviousResults)
shouldHaveNext := uint(expectedFullCount) > (opts.ListOptions.Page+1)*opts.ListOptions.PerPage // page is 0-indexed
require.Equal(t, shouldHaveNext, meta.HasNextResults)
}
} else {
require.Nil(t, meta)
}
Add createdAt to Vulnerability responses (#20019)
2024-07-09 17:09:16 +00:00
for i, s := range software {
Add fixes for running tests with mysql:8 and add `mysql` to `test-go` job matrix (#3627) * Add fixes for running tests with mysql:8 * Add getServer function * Test github matrix * Add changes file for the user facing fix * Remove unused mysql8 docker-compose
2022-01-12 01:44:37 +00:00
sort.Slice(s.Vulnerabilities, func(i, j int) bool {
return s.Vulnerabilities[i].CVE < s.Vulnerabilities[j].CVE
})
Add createdAt to Vulnerability responses (#20019)
2024-07-09 17:09:16 +00:00
for i2, v := range s.Vulnerabilities {
require.Greater(t, v.CreatedAt, time.Now().Add(-time.Hour)) // assert non-zero
software[i].Vulnerabilities[i2].CreatedAt = time.Time{} // zero out for comparison
}
Add fixes for running tests with mysql:8 and add `mysql` to `test-go` job matrix (#3627) * Add fixes for running tests with mysql:8 * Add getServer function * Test github matrix * Add changes file for the user facing fix * Remove unused mysql8 docker-compose
2022-01-12 01:44:37 +00:00
}
Add `hosts_count` field to "list software" endpoint (#3873)
2022-01-26 14:47:56 +00:00
if returnSorted {
sort.Slice(software, func(i, j int) bool {
return software[i].Name+software[i].Version < software[j].Name+software[j].Version
})
}
Add software count API (#3105) * Add software count API * Fix makefile * Fine no mock generating at this point * Actually, one last try * Use go install instead * Fix go sum/mod * Improve documentation * Try setting node to 14
2021-12-03 13:54:17 +00:00
return software
}
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
ensure `software_host_counts` is cleaned when software is deleted (#6270) Related to #5982, this ensures we clean up software_host_counts rows referencing software that is not longer present in the software table.
2022-06-22 20:35:53 +00:00
func testSoftwareSyncHostsSoftware(t *testing.T, ds *Datastore) {
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
countHostSoftwareBatchSizeOrig := countHostSoftwareBatchSize
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
softwareInsertBatchSizeOrig := softwareInsertBatchSize
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
t.Cleanup(
func() {
countHostSoftwareBatchSize = countHostSoftwareBatchSizeOrig
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
softwareInsertBatchSize = softwareInsertBatchSizeOrig
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
},
)
countHostSoftwareBatchSize = 2
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
softwareInsertBatchSize = 2
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
ctx := context.Background()
cmpNameVersionCount := func(want, got []fleet.Software) {
cmp := make([]fleet.Software, len(got))
for i, sw := range got {
cmp[i] = fleet.Software{Name: sw.Name, Version: sw.Version, HostsCount: sw.HostsCount}
}
require.ElementsMatch(t, want, cmp)
}
ensure `software_host_counts` is cleaned when software is deleted (#6270) Related to #5982, this ensures we clean up software_host_counts rows referencing software that is not longer present in the software table.
2022-06-22 20:35:53 +00:00
// this check ensures that the total number of rows in software_host_counts
// matches the expected value. we can't rely on ds.CountSoftware alone, as
// that method (rightfully) ignores orphaned software counts.
checkTableTotalCount := func(want int) {
var tableCount int
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
err := ds.writer(context.Background()).Get(&tableCount, "SELECT COUNT(*) FROM software_host_counts")
ensure `software_host_counts` is cleaned when software is deleted (#6270) Related to #5982, this ensures we clean up software_host_counts rows referencing software that is not longer present in the software table.
2022-06-22 20:35:53 +00:00
require.NoError(t, err)
require.Equal(t, want, tableCount)
}
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
host0 := test.NewHost(t, ds, "host0", "", "host0key", "host0uuid", time.Now())
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
host2 := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
hostTemp := test.NewHost(t, ds, "hostTemp", "", "hostTempKey", "hostTempUuid", time.Now())
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
// Get counts without any software.
globalOpts := fleet.SoftwareListOptions{
WithHostCounts: true, ListOptions: fleet.ListOptions{OrderKey: "hosts_count", OrderDirection: fleet.OrderDescending},
}
_ = listSoftwareCheckCount(t, ds, 0, 0, globalOpts, false)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
software0 := []fleet.Software{
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
{Name: "abc", Version: "0.0.1", Source: "apps", BundleIdentifier: "com.example.abc"},
{Name: "def", Version: "0.0.1", Source: "apps", BundleIdentifier: "com.example.def"},
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
}
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
software1 := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
}
software2 := []fleet.Software{
{Name: "foo", Version: "v0.0.2", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages"},
}
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
softwareTemp := make([]fleet.Software, 0, 10)
for i := 0; i < 10; i++ {
softwareTemp = append(
softwareTemp, fleet.Software{Name: fmt.Sprintf("foo%d", i), Version: fmt.Sprintf("%d.0.1", i), Source: "deb_packages"},
)
}
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
_, err := ds.UpdateHostSoftware(ctx, host0.ID, software0)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(ctx, host1.ID, software1)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(ctx, hostTemp.ID, softwareTemp)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(ctx, host2.ID, software2)
require.NoError(t, err)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
require.NoError(t, ds.SyncHostsSoftware(ctx, time.Now()))
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
_ = listSoftwareCheckCount(t, ds, 16, 16, globalOpts, false)
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
checkTableTotalCount(32)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
// Now, delete 2 hosts. Software with the lowest ID is removed, and there should be a chunk with missing software IDs from the deleted hostTemp software.
require.NoError(t, ds.DeleteHost(ctx, host0.ID))
require.NoError(t, ds.DeleteHost(ctx, hostTemp.ID))
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
Broke apart the hourly host_software count query to reduce the individual query runtime (#18773) #18221 Broke apart the hourly host_software count query to reduce the individual query runtime. This fixes timeouts seen when host_software table has over 25 million records. I recommend hiding whitespace during review: <img width="240" alt="image" src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032"> # Checklist for submitter <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-08 14:27:17 +00:00
require.NoError(t, ds.SyncHostsSoftware(ctx, time.Now()))
globalCounts := listSoftwareCheckCount(t, ds, 4, 4, globalOpts, false)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
want := []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 2},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
{Name: "foo", Version: "v0.0.2", HostsCount: 1},
{Name: "bar", Version: "0.0.3", HostsCount: 1},
}
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
cmpNameVersionCount(want, globalCounts)
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
checkTableTotalCount(8)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
// update host2, remove "bar" software
software2 = []fleet.Software{
{Name: "foo", Version: "v0.0.2", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, host2.ID, software2)
require.NoError(t, err)
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
require.NoError(t, ds.SyncHostsSoftware(ctx, time.Now()))
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
globalCounts = listSoftwareCheckCount(t, ds, 3, 3, globalOpts, false)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 2},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
{Name: "foo", Version: "v0.0.2", HostsCount: 1},
}
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
cmpNameVersionCount(want, globalCounts)
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
checkTableTotalCount(6)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
// create a software entry without any host and any counts
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
_, err = ds.writer(ctx).ExecContext(ctx, fmt.Sprintf(`INSERT INTO software (name, version, source, checksum) VALUES ('baz', '0.0.1', 'testing', %s)`, softwareChecksumComputedColumn("", "testing")))
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
require.NoError(t, err)
Don't return orphaned software from the API (#5840)
2022-05-30 15:23:27 +00:00
// listing does not return the new software entry
allSw := listSoftwareCheckCount(t, ds, 3, 3, fleet.SoftwareListOptions{}, false)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 0},
{Name: "foo", Version: "0.0.1", HostsCount: 0},
{Name: "foo", Version: "v0.0.2", HostsCount: 0},
}
cmpNameVersionCount(want, allSw)
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
// create 2 teams and assign a new host to each
team1, err := ds.NewTeam(ctx, &fleet.Team{Name: "team1"})
require.NoError(t, err)
team2, err := ds.NewTeam(ctx, &fleet.Team{Name: "team2"})
require.NoError(t, err)
host3 := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now())
require.NoError(t, ds.AddHostsToTeam(ctx, &team1.ID, []uint{host3.ID}))
host4 := test.NewHost(t, ds, "host4", "", "host4key", "host4uuid", time.Now())
require.NoError(t, ds.AddHostsToTeam(ctx, &team2.ID, []uint{host4.ID}))
// assign existing host1 to team1 too, so we have a team with multiple hosts
require.NoError(t, ds.AddHostsToTeam(context.Background(), &team1.ID, []uint{host1.ID}))
// use some software for host3 and host4
software3 := []fleet.Software{
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
}
software4 := []fleet.Software{
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, host3.ID, software3)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(ctx, host4.ID, software4)
require.NoError(t, err)
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
// at this point, there's no counts per team, only global counts
globalCounts = listSoftwareCheckCount(t, ds, 3, 3, globalOpts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 2},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
{Name: "foo", Version: "v0.0.2", HostsCount: 1},
}
cmpNameVersionCount(want, globalCounts)
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
checkTableTotalCount(6)
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
team1Opts := fleet.SoftwareListOptions{WithHostCounts: true, TeamID: ptr.Uint(team1.ID), ListOptions: fleet.ListOptions{OrderKey: "hosts_count", OrderDirection: fleet.OrderDescending}}
team1Counts := listSoftwareCheckCount(t, ds, 0, 0, team1Opts, false)
want = []fleet.Software{}
cmpNameVersionCount(want, team1Counts)
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
checkTableTotalCount(6)
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
nilSoftware, err := ds.SoftwareByID(context.Background(), host1.HostSoftware.Software[0].ID, &team1.ID, false, nil)
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
assert.Nil(t, nilSoftware)
assert.ErrorIs(t, err, sql.ErrNoRows)
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
// after a call to Calculate, the global counts are updated and the team counts appear
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
require.NoError(t, ds.SyncHostsSoftware(ctx, time.Now()))
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
globalCounts = listSoftwareCheckCount(t, ds, 4, 4, globalOpts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 4},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
{Name: "foo", Version: "v0.0.2", HostsCount: 1},
{Name: "bar", Version: "0.0.3", HostsCount: 1},
}
cmpNameVersionCount(want, globalCounts)
team1Counts = listSoftwareCheckCount(t, ds, 2, 2, team1Opts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 2},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
}
cmpNameVersionCount(want, team1Counts)
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
// composite pk (software_id, team_id, global_stats), so we expect more rows
checkTableTotalCount(11)
ensure `software_host_counts` is cleaned when software is deleted (#6270) Related to #5982, this ensures we clean up software_host_counts rows referencing software that is not longer present in the software table.
2022-06-22 20:35:53 +00:00
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
soft1ByID, err := ds.SoftwareByID(context.Background(), host1.HostSoftware.Software[0].ID, &team1.ID, false, nil)
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
require.NoError(t, err)
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
soft2ByID, err := ds.SoftwareByID(context.Background(), host1.HostSoftware.Software[1].ID, &team1.ID, false, nil)
require.NoError(t, err)
test.ElementsMatchSkipIDAndHostCount(t, software1, []fleet.Software{*soft1ByID, *soft2ByID})
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
team2Opts := fleet.SoftwareListOptions{WithHostCounts: true, TeamID: ptr.Uint(team2.ID), ListOptions: fleet.ListOptions{OrderKey: "hosts_count", OrderDirection: fleet.OrderDescending}}
team2Counts := listSoftwareCheckCount(t, ds, 2, 2, team2Opts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 1},
{Name: "bar", Version: "0.0.3", HostsCount: 1},
}
cmpNameVersionCount(want, team2Counts)
// update host4 (team2), remove "bar" software
software4 = []fleet.Software{
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, host4.ID, software4)
require.NoError(t, err)
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
require.NoError(t, ds.SyncHostsSoftware(ctx, time.Now()))
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
globalCounts = listSoftwareCheckCount(t, ds, 3, 3, globalOpts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 4},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
{Name: "foo", Version: "v0.0.2", HostsCount: 1},
}
cmpNameVersionCount(want, globalCounts)
team1Counts = listSoftwareCheckCount(t, ds, 2, 2, team1Opts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 2},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
}
cmpNameVersionCount(want, team1Counts)
team2Counts = listSoftwareCheckCount(t, ds, 1, 1, team2Opts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 1},
}
cmpNameVersionCount(want, team2Counts)
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
checkTableTotalCount(9)
ensure `software_host_counts` is cleaned when software is deleted (#6270) Related to #5982, this ensures we clean up software_host_counts rows referencing software that is not longer present in the software table.
2022-06-22 20:35:53 +00:00
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
// update host4 (team2), remove all software and delete team
software4 = []fleet.Software{}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, host4.ID, software4)
require.NoError(t, err)
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
require.NoError(t, ds.DeleteTeam(ctx, team2.ID))
// this call will remove team2 from the software host counts table
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
require.NoError(t, ds.SyncHostsSoftware(ctx, time.Now()))
Support listing software hosts count filtered by team (#4388)
2022-02-28 18:55:14 +00:00
globalCounts = listSoftwareCheckCount(t, ds, 3, 3, globalOpts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 3},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
{Name: "foo", Version: "v0.0.2", HostsCount: 1},
}
cmpNameVersionCount(want, globalCounts)
team1Counts = listSoftwareCheckCount(t, ds, 2, 2, team1Opts, false)
want = []fleet.Software{
{Name: "foo", Version: "0.0.3", HostsCount: 2},
{Name: "foo", Version: "0.0.1", HostsCount: 1},
}
cmpNameVersionCount(want, team1Counts)
listSoftwareCheckCount(t, ds, 0, 0, team2Opts, false)
Add No Team to Software Backend (#20822)
2024-07-30 17:19:05 +00:00
checkTableTotalCount(8)
Cleanup unused software after calculating the count of hosts (#3887)
2022-01-26 16:32:42 +00:00
}
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
// softwareChecksumComputedColumn computes the checksum for a software entry
// The calculation must match the one in computeRawChecksum
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
func softwareChecksumComputedColumn(tableAlias string, source string) string {
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
if tableAlias != "" && !strings.HasSuffix(tableAlias, ".") {
tableAlias += "."
}
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
var nameCol string
if source != "apps" {
nameCol = fmt.Sprintf("%sname,", tableAlias)
}
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
// concatenate with separator \x00
return fmt.Sprintf(
` UNHEX(
MD5(
CONCAT_WS(CHAR(0),
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
%s
%[2]sversion,
%[2]ssource,
COALESCE(%[2]sbundle_identifier, ''),
`+"%[2]s`release`"+`,
%[2]sarch,
%[2]svendor,
%[2]sbrowser,
%[2]sextension_id
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
)
)
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
) `, nameCol, tableAlias,
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
)
}
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
func insertVulnSoftwareForTest(t *testing.T, ds *Datastore) {
7135 host display name (#7873)
2022-10-08 12:57:46 +00:00
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now(), test.WithComputerName("computer1"))
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
host2 := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
software1 := []fleet.Software{
{
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Name: "foo.rpm",
Version: "0.0.1",
Source: "rpm_packages",
GenerateCPE: "cpe_foo_rpm",
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
{
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Name: "foo.chrome",
Version: "0.0.3",
Source: "chrome_extensions",
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
GenerateCPE: "cpe_foo_chrome_3",
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
}
software2 := []fleet.Software{
{
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Name: "foo.chrome",
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
Version: "0.0.2",
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Source: "chrome_extensions",
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
GenerateCPE: "cpe_foo_chrome_2",
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
{
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Name: "foo.chrome",
Version: "0.0.3",
Source: "chrome_extensions",
GenerateCPE: "cpe_foo_chrome_3",
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
Vulnerabilities: fleet.Vulnerabilities{
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
{
CVE: "CVE-2022-0001",
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2022-0001",
},
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
},
{
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Name: "bar.rpm",
Version: "0.0.3",
Source: "rpm_packages",
GenerateCPE: "cpe_bar_rpm",
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
Vulnerabilities: fleet.Vulnerabilities{
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
{
CVE: "CVE-2022-0002",
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-2022-0002",
},
{
CVE: "CVE-2022-0003",
DetailsLink: "https://nvd.nist.gov/vuln/detail/CVE-333-444-555",
},
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
},
}
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
mutationResults, err := ds.UpdateHostSoftware(context.Background(), host1.ID, software1)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
// Insert paths for software1
s1Paths := map[string]struct{}{}
for _, s := range software1 {
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
key := fmt.Sprintf("%s%s%s%s%s%s%s", fmt.Sprintf("/some/path/%s", s.Name), fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, s.ToUniqueStr())
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
s1Paths[key] = struct{}{}
}
require.NoError(t, ds.UpdateHostSoftwareInstalledPaths(context.Background(), host1.ID, s1Paths, mutationResults))
mutationResults, err = ds.UpdateHostSoftware(context.Background(), host2.ID, software2)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
// Insert paths for software2
s2Paths := map[string]struct{}{}
for _, s := range software2 {
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
key := fmt.Sprintf("%s%s%s%s%s%s%s", fmt.Sprintf("/some/path/%s", s.Name), fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, s.ToUniqueStr())
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
s2Paths[key] = struct{}{}
}
require.NoError(t, ds.UpdateHostSoftwareInstalledPaths(context.Background(), host2.ID, s2Paths, mutationResults))
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
sort.Slice(host1.Software, func(i, j int) bool {
return host1.Software[i].Name+host1.Software[i].Version < host1.Software[j].Name+host1.Software[j].Version
})
sort.Slice(host2.Software, func(i, j int) bool {
return host2.Software[i].Name+host2.Software[i].Version < host2.Software[j].Name+host2.Software[j].Version
})
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes := []fleet.SoftwareCPE{
{SoftwareID: host1.Software[0].ID, CPE: "cpe_foo_chrome_3"},
{SoftwareID: host1.Software[1].ID, CPE: "cpe_foo_rpm"},
{SoftwareID: host2.Software[0].ID, CPE: "cpe_bar_rpm"},
{SoftwareID: host2.Software[1].ID, CPE: "cpe_foo_chrome_2"},
{SoftwareID: host2.Software[2].ID, CPE: "cpe_foo_chrome_3"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(context.Background(), cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
sort.Slice(host1.Software, func(i, j int) bool {
return host1.Software[i].Name+host1.Software[i].Version < host1.Software[j].Name+host1.Software[j].Version
})
sort.Slice(host2.Software, func(i, j int) bool {
return host2.Software[i].Name+host2.Software[i].Version < host2.Software[j].Name+host2.Software[j].Version
})
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
chrome3 := host2.Software[2]
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
inserted, err := ds.InsertSoftwareVulnerability(context.Background(), fleet.SoftwareVulnerability{
SoftwareID: chrome3.ID,
CVE: "CVE-2022-0001",
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
}, fleet.NVDSource)
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.True(t, inserted)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
barRpm := host2.Software[0]
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
vulns := []fleet.SoftwareVulnerability{
{
SoftwareID: barRpm.ID,
CVE: "CVE-2022-0002",
},
{
SoftwareID: barRpm.ID,
CVE: "CVE-2022-0003",
},
}
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
for _, v := range vulns {
inserted, err := ds.InsertSoftwareVulnerability(context.Background(), v, fleet.NVDSource)
require.NoError(t, err)
require.True(t, inserted)
}
Bug 5983: Performance issues when listing software (#6879) Improve performance when listing software by using the software_host_counts aggregate table.
2022-08-10 21:43:22 +00:00
require.NoError(t, ds.SyncHostsSoftware(context.Background(), time.Now()))
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
}
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
func testDeleteSoftwareVulnerabilities(t *testing.T, ds *Datastore) {
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
ctx := context.Background()
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
err := ds.DeleteSoftwareVulnerabilities(ctx, nil)
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
require.NoError(t, err)
insertVulnSoftwareForTest(t, ds)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
err = ds.DeleteSoftwareVulnerabilities(ctx, []fleet.SoftwareVulnerability{
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
{
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
SoftwareID: 999, // unknown software
CVE: "CVE-2022-0003",
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
})
require.NoError(t, err)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
host2, err := ds.HostByIdentifier(ctx, "host2")
require.NoError(t, err)
err = ds.LoadHostSoftware(ctx, host2, false)
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
require.NoError(t, err)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
sort.Slice(host2.Software, func(i, j int) bool {
return host2.Software[i].Name+host2.Software[i].Version < host2.Software[j].Name+host2.Software[j].Version
})
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
barRPM := host2.Software[0]
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
require.Len(t, barRPM.Vulnerabilities, 2)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
err = ds.DeleteSoftwareVulnerabilities(ctx, []fleet.SoftwareVulnerability{
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
{
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
SoftwareID: barRPM.ID,
CVE: "CVE-0000-0000", // unknown CVE
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
})
require.NoError(t, err)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
err = ds.DeleteSoftwareVulnerabilities(ctx, []fleet.SoftwareVulnerability{
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
{
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
SoftwareID: barRPM.ID,
CVE: "CVE-2022-0003",
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
})
require.NoError(t, err)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
err = ds.LoadHostSoftware(ctx, host2, false)
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
require.NoError(t, err)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
sort.Slice(host2.Software, func(i, j int) bool {
return host2.Software[i].Name+host2.Software[i].Version < host2.Software[j].Name+host2.Software[j].Version
})
barRPM = host2.Software[0]
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
require.Len(t, barRPM.Vulnerabilities, 1)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
err = ds.DeleteSoftwareVulnerabilities(ctx, []fleet.SoftwareVulnerability{
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
{
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
SoftwareID: barRPM.ID,
CVE: "CVE-2022-0002",
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
},
})
require.NoError(t, err)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
err = ds.LoadHostSoftware(ctx, host2, false)
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
require.NoError(t, err)
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
sort.Slice(host2.Software, func(i, j int) bool {
return host2.Software[i].Name+host2.Software[i].Version < host2.Software[j].Name+host2.Software[j].Version
})
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
Feature 6096: Scan RHEL/CentOS hosts using OVAL definitions (#6241) Extended the OVAL parser/analyzer so that we can scan RHEL based systems.
2022-06-23 20:44:45 +00:00
barRPM = host2.Software[0]
require.Empty(t, barRPM.Vulnerabilities)
Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) * Add CentOS parsing and post-processing in fleet * Add tests and amend SyncCPEDatabase * Add test for centosPostProcessing * Changes from PR comments * Amend software test * Fix sync test * Add index to source and vendor * Use os.MkdirTemp * Rearrange migrations * Regenerate test schema * Add support for testing migrations (#4112) * Add support for testing migrations * Rename migration in tests * Changes suggested in PR * Go mod tidy
2022-02-14 18:13:44 +00:00
}
Queue jobs for Jira integration when enabled and new vulnerabilities are found. (#4975)
2022-04-11 20:42:16 +00:00
func testHostsByCVE(t *testing.T, ds *Datastore) {
ctx := context.Background()
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
hosts, err := ds.HostsByCVE(ctx, "CVE-0000-0000")
Queue jobs for Jira integration when enabled and new vulnerabilities are found. (#4975)
2022-04-11 20:42:16 +00:00
require.NoError(t, err)
require.Len(t, hosts, 0)
insertVulnSoftwareForTest(t, ds)
// CVE of foo chrome 0.0.3, both hosts have it
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
hosts, err = ds.HostsByCVE(ctx, "CVE-2022-0001")
Queue jobs for Jira integration when enabled and new vulnerabilities are found. (#4975)
2022-04-11 20:42:16 +00:00
require.NoError(t, err)
require.Len(t, hosts, 2)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
require.ElementsMatch(t, hosts, []fleet.HostVulnerabilitySummary{
7135 host display name (#7873)
2022-10-08 12:57:46 +00:00
{
ID: 1,
Hostname: "host1",
DisplayName: "computer1",
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
SoftwareInstalledPaths: []string{
"/some/path/foo.chrome",
},
7135 host display name (#7873)
2022-10-08 12:57:46 +00:00
}, {
ID: 2,
Hostname: "host2",
DisplayName: "host2",
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
SoftwareInstalledPaths: []string{
"/some/path/foo.chrome",
},
7135 host display name (#7873)
2022-10-08 12:57:46 +00:00
},
})
Queue jobs for Jira integration when enabled and new vulnerabilities are found. (#4975)
2022-04-11 20:42:16 +00:00
// CVE of bar.rpm 0.0.3, only host 2 has it
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
hosts, err = ds.HostsByCVE(ctx, "CVE-2022-0002")
Queue jobs for Jira integration when enabled and new vulnerabilities are found. (#4975)
2022-04-11 20:42:16 +00:00
require.NoError(t, err)
require.Len(t, hosts, 1)
require.Equal(t, hosts[0].Hostname, "host2")
}
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
func testHostVulnSummariesBySoftwareIDs(t *testing.T, ds *Datastore) {
fix duplicate hosts in vuln webhook (#5843)
2022-05-25 17:40:12 +00:00
ctx := context.Background()
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
// Invalid non-existing host id
hosts, err := ds.HostVulnSummariesBySoftwareIDs(ctx, []uint{0})
fix duplicate hosts in vuln webhook (#5843)
2022-05-25 17:40:12 +00:00
require.NoError(t, err)
require.Len(t, hosts, 0)
insertVulnSoftwareForTest(t, ds)
Add pagination meta to software versions endpoint (#15550)
2023-12-12 18:24:20 +00:00
allSoftware, _, err := ds.ListSoftware(ctx, fleet.SoftwareListOptions{})
Do not use golangci action for better reproducibility (use `make lint-go`) (#6175) * Do not use golangci action for better reproducibility * Add fix to trigger build * Fix all reported issues * fix more lint errors * Add missing import * Remove unused method * Remove change not necessary
2022-06-10 21:52:24 +00:00
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
var fooRpm fleet.Software
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
var chrome3 fleet.Software
var barRpm fleet.Software
for _, s := range allSoftware {
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
switch s.GenerateCPE {
case "cpe_foo_rpm":
fooRpm = s
case "cpe_foo_chrome_3":
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
chrome3 = s
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
case "cpe_bar_rpm":
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
barRpm = s
}
}
Feature 6487: Deprecate cpe_id from software_cve table (#6562) Part 2/3 of the removal of the cpe_id column from the software_cve table in favor of using the newly added software_id coumn.
2022-08-04 13:24:44 +00:00
require.NotZero(t, chrome3.ID)
require.NotZero(t, barRpm.ID)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
hosts, err = ds.HostVulnSummariesBySoftwareIDs(ctx, []uint{chrome3.ID})
fix duplicate hosts in vuln webhook (#5843)
2022-05-25 17:40:12 +00:00
require.NoError(t, err)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
require.ElementsMatch(t, hosts, []fleet.HostVulnerabilitySummary{
7135 host display name (#7873)
2022-10-08 12:57:46 +00:00
{
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
ID: 1,
Hostname: "host1",
DisplayName: "computer1",
SoftwareInstalledPaths: []string{"/some/path/foo.chrome"},
7135 host display name (#7873)
2022-10-08 12:57:46 +00:00
}, {
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
ID: 2,
Hostname: "host2",
DisplayName: "host2",
SoftwareInstalledPaths: []string{"/some/path/foo.chrome"},
Enable `errcheck` linter for `golangci-lint` (#8899)
2022-12-05 22:50:49 +00:00
},
})
fix duplicate hosts in vuln webhook (#5843)
2022-05-25 17:40:12 +00:00
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
hosts, err = ds.HostVulnSummariesBySoftwareIDs(ctx, []uint{barRpm.ID})
fix duplicate hosts in vuln webhook (#5843)
2022-05-25 17:40:12 +00:00
require.NoError(t, err)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
require.ElementsMatch(t, hosts, []fleet.HostVulnerabilitySummary{
{
ID: 2,
Hostname: "host2",
DisplayName: "host2",
SoftwareInstalledPaths: []string{"/some/path/bar.rpm"},
},
})
fix duplicate hosts in vuln webhook (#5843)
2022-05-25 17:40:12 +00:00
// Duplicates should not be returned if cpes are found on the same host ie host2 should only appear once
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
hosts, err = ds.HostVulnSummariesBySoftwareIDs(ctx, []uint{chrome3.ID, barRpm.ID, fooRpm.ID})
fix duplicate hosts in vuln webhook (#5843)
2022-05-25 17:40:12 +00:00
require.NoError(t, err)
require.Len(t, hosts, 2)
require.Equal(t, hosts[0].Hostname, "host1")
require.Equal(t, hosts[1].Hostname, "host2")
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
require.ElementsMatch(t, hosts[0].SoftwareInstalledPaths, []string{"/some/path/foo.rpm", "/some/path/foo.chrome"})
require.ElementsMatch(t, hosts[1].SoftwareInstalledPaths, []string{"/some/path/bar.rpm", "/some/path/foo.chrome"})
fix duplicate hosts in vuln webhook (#5843)
2022-05-25 17:40:12 +00:00
}
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
// testUpdateHostSoftwareUpdatesSoftware tests that uninstalling applications
// from hosts (ds.UpdateHostSoftware) will remove the corresponding entry in
// `software` if no more hosts have the application installed.
func testUpdateHostSoftwareUpdatesSoftware(t *testing.T, ds *Datastore) {
ctx := context.Background()
h1 := test.NewHost(t, ds, "host", "", "hostkey", "hostuuid", time.Now())
h2 := test.NewHost(t, ds, "host2", "", "hostkey2", "hostuuid2", time.Now())
// Set the initial software list.
sw1 := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "test", GenerateCPE: "cpe_foo"},
{Name: "bar", Version: "0.0.2", Source: "test", GenerateCPE: "cpe_bar"},
{Name: "baz", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, h1.ID, sw1)
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
require.NoError(t, err)
sw2 := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "test", GenerateCPE: "cpe_foo"},
{Name: "bar", Version: "0.0.2", Source: "test", GenerateCPE: "cpe_bar"},
{Name: "baz", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz"},
{Name: "baz2", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, h2.ID, sw2)
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
require.NoError(t, err)
// ListSoftware uses host_software_counts table.
err = ds.SyncHostsSoftware(ctx, time.Now())
require.NoError(t, err)
// Check the returned software.
cmpNameVersionCount := func(expected, got []fleet.Software) {
cmp := make([]fleet.Software, len(got))
for i, sw := range got {
cmp[i] = fleet.Software{Name: sw.Name, Version: sw.Version, HostsCount: sw.HostsCount}
}
require.ElementsMatch(t, expected, cmp)
}
opts := fleet.SoftwareListOptions{WithHostCounts: true}
software := listSoftwareCheckCount(t, ds, 4, 4, opts, false)
expectedSoftware := []fleet.Software{
{Name: "foo", Version: "0.0.1", HostsCount: 2},
{Name: "bar", Version: "0.0.2", HostsCount: 2},
{Name: "baz", Version: "0.0.3", HostsCount: 2},
{Name: "baz2", Version: "0.0.3", HostsCount: 1},
}
cmpNameVersionCount(expectedSoftware, software)
// Update software for the two hosts.
//
// - foo is still present in both hosts
// - new is added to h1.
// - baz is removed from h2.
// - baz2 is removed from h2.
// - bar is removed from both hosts.
sw1Updated := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "test", GenerateCPE: "cpe_foo"},
{Name: "baz", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz"},
{Name: "new", Version: "0.0.4", Source: "test", GenerateCPE: "cpe_new"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, h1.ID, sw1Updated)
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
require.NoError(t, err)
sw2Updated := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "test", GenerateCPE: "cpe_foo"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, h2.ID, sw2Updated)
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
require.NoError(t, err)
var (
bazSoftwareID uint
barSoftwareID uint
baz2SoftwareID uint
)
for _, s := range software {
if s.Name == "baz" {
bazSoftwareID = s.ID
}
if s.Name == "baz2" {
baz2SoftwareID = s.ID
}
if s.Name == "bar" {
barSoftwareID = s.ID
}
}
require.NotZero(t, bazSoftwareID)
require.NotZero(t, barSoftwareID)
require.NotZero(t, baz2SoftwareID)
Optimizing MySQL master DB based on customer feedback (#19075) #18838 1. During software ingestion, switched to updating `last_updated_at` as a batch for 1 host. 2. Removed `DELETE FROM software` statement that ran for every host update (where software was deleted). This is only done now during the vulnerability job. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-23 19:45:50 +00:00
// "baz2" is still present in the database, even though no hosts are using it, until ds.SyncHostsSoftware is executed.
soft, err := ds.SoftwareByID(ctx, baz2SoftwareID, nil, false, nil)
require.NoError(t, err)
assert.Equal(t, "baz2", soft.Name)
assert.Zero(t, soft.HostsCount)
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
// "new" is not returned until ds.SyncHostsSoftware is executed.
Optimizing MySQL master DB based on customer feedback (#19075) #18838 1. During software ingestion, switched to updating `last_updated_at` as a batch for 1 host. 2. Removed `DELETE FROM software` statement that ran for every host update (where software was deleted). This is only done now during the vulnerability job. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-23 19:45:50 +00:00
// "bar" and "baz2" are gone from host_software, but will not be deleted until ds.SyncHostsSoftware is executed.
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
// "baz" still has the wrong count because ds.SyncHostsSoftware hasn't run yet.
//
// So... counts are "off" until ds.SyncHostsSoftware is run.
Optimizing MySQL master DB based on customer feedback (#19075) #18838 1. During software ingestion, switched to updating `last_updated_at` as a batch for 1 host. 2. Removed `DELETE FROM software` statement that ran for every host update (where software was deleted). This is only done now during the vulnerability job. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-23 19:45:50 +00:00
software = listSoftwareCheckCount(t, ds, 4, 4, opts, false)
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
expectedSoftware = []fleet.Software{
{Name: "foo", Version: "0.0.1", HostsCount: 2},
{Name: "baz", Version: "0.0.3", HostsCount: 2},
Optimizing MySQL master DB based on customer feedback (#19075) #18838 1. During software ingestion, switched to updating `last_updated_at` as a batch for 1 host. 2. Removed `DELETE FROM software` statement that ran for every host update (where software was deleted). This is only done now during the vulnerability job. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-23 19:45:50 +00:00
{Name: "bar", Version: "0.0.2", HostsCount: 2},
{Name: "baz2", Version: "0.0.3", HostsCount: 1},
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
}
cmpNameVersionCount(expectedSoftware, software)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
hosts, err := ds.HostVulnSummariesBySoftwareIDs(ctx, []uint{bazSoftwareID})
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
require.NoError(t, err)
require.Len(t, hosts, 1)
require.Equal(t, hosts[0].ID, h1.ID)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
hosts, err = ds.HostVulnSummariesBySoftwareIDs(ctx, []uint{barSoftwareID})
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
require.NoError(t, err)
require.Empty(t, hosts)
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
hosts, err = ds.HostVulnSummariesBySoftwareIDs(ctx, []uint{baz2SoftwareID})
Uninstalling software in a host also updates `software` table (#10540) https://github.com/fleetdm/confidential/issues/1968 It's ready for review but I still need to load test this. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-04-05 16:53:43 +00:00
require.NoError(t, err)
require.Empty(t, hosts)
// ListSoftware uses host_software_counts table.
err = ds.SyncHostsSoftware(ctx, time.Now())
require.NoError(t, err)
software = listSoftwareCheckCount(t, ds, 3, 3, opts, false)
expectedSoftware = []fleet.Software{
{Name: "foo", Version: "0.0.1", HostsCount: 2},
{Name: "baz", Version: "0.0.3", HostsCount: 1},
{Name: "new", Version: "0.0.4", HostsCount: 1},
}
cmpNameVersionCount(expectedSoftware, software)
}
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
func testUpdateHostSoftware(t *testing.T, ds *Datastore) {
ctx := context.Background()
Optimizing MySQL master DB based on customer feedback (#19075) #18838 1. During software ingestion, switched to updating `last_updated_at` as a batch for 1 host. 2. Removed `DELETE FROM software` statement that ran for every host update (where software was deleted). This is only done now during the vulnerability job. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-23 19:45:50 +00:00
softwareInsertBatchSizeOrig := softwareInsertBatchSize
t.Cleanup(
func() {
softwareInsertBatchSize = softwareInsertBatchSizeOrig
},
)
softwareInsertBatchSize = 2
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
now := time.Now()
lastYear := now.Add(-365 * 24 * time.Hour)
// sort software slice by last opened at timestamp
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
genSortFn := func(sl []fleet.HostSoftwareEntry) func(l, r int) bool {
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
return func(l, r int) bool {
lsw, rsw := sl[l], sl[r]
lts, rts := lsw.LastOpenedAt, rsw.LastOpenedAt
switch {
case lts == nil && rts == nil:
return true
case lts == nil && rts != nil:
return true
case lts != nil && rts == nil:
return false
default:
Updating golangci-lint to 1.61.0 (#22973)
2024-10-18 17:38:26 +00:00
return lts.Before(*rts) || (lts.Equal(*rts) && lsw.Name < rsw.Name)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
}
}
}
host := test.NewHost(t, ds, "host", "", "hostkey", "hostuuid", time.Now())
type tup struct {
name string
ts time.Time
}
validateSoftware := func(expect ...tup) {
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
err := ds.LoadHostSoftware(ctx, host, false)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
require.NoError(t, err)
require.Len(t, host.Software, len(expect))
sort.Slice(host.Software, genSortFn(host.Software))
for i, sw := range host.Software {
want := expect[i]
require.Equal(t, want.name, sw.Name)
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
var titleID uint
require.NoError(
t, ds.writer(ctx).GetContext(
ctx, &titleID,
`SELECT s.title_id FROM software s INNER JOIN software_titles st ON (s.name = st.name AND s.source = st.source AND s.browser = st.browser) WHERE st.id = ?`,
sw.ID,
),
)
assert.NotZero(t, titleID)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
if want.ts.IsZero() {
require.Nil(t, sw.LastOpenedAt)
} else {
require.WithinDuration(t, want.ts, *sw.LastOpenedAt, time.Second)
}
}
}
// set the initial software list
sw := []fleet.Software{
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
{Name: "foo", Version: "0.0.1", Source: "test", GenerateCPE: "cpe_foo", Browser: "chrome"},
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
{Name: "bar", Version: "0.0.2", Source: "test", GenerateCPE: "cpe_bar", LastOpenedAt: &lastYear},
{Name: "baz", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz", LastOpenedAt: &now},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, host.ID, sw)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
require.NoError(t, err)
validateSoftware(tup{name: "foo"}, tup{"bar", lastYear}, tup{"baz", now})
// make changes: remove foo, add qux, no new timestamp on bar, small ts change on baz
nowish := now.Add(3 * time.Second)
sw = []fleet.Software{
{Name: "bar", Version: "0.0.2", Source: "test", GenerateCPE: "cpe_bar"},
{Name: "baz", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz", LastOpenedAt: &nowish},
{Name: "qux", Version: "0.0.4", Source: "test", GenerateCPE: "cpe_qux"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, host.ID, sw)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
require.NoError(t, err)
validateSoftware(tup{name: "qux"}, tup{"bar", lastYear}, tup{"baz", now}) // baz hasn't been updated to nowish, too small diff
// more changes: bar receives a date further in the past, baz and qux to future
lastLastYear := lastYear.Add(-365 * 24 * time.Hour)
future := now.Add(3 * 24 * time.Hour)
sw = []fleet.Software{
{Name: "bar", Version: "0.0.2", Source: "test", GenerateCPE: "cpe_bar", LastOpenedAt: &lastLastYear},
{Name: "baz", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz", LastOpenedAt: &future},
{Name: "qux", Version: "0.0.4", Source: "test", GenerateCPE: "cpe_qux", LastOpenedAt: &future},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpdateHostSoftware(ctx, host.ID, sw)
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
require.NoError(t, err)
validateSoftware(tup{"bar", lastYear}, tup{"baz", future}, tup{"qux", future})
Optimizing MySQL master DB based on customer feedback (#19075) #18838 1. During software ingestion, switched to updating `last_updated_at` as a batch for 1 host. 2. Removed `DELETE FROM software` statement that ran for every host update (where software was deleted). This is only done now during the vulnerability job. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-23 19:45:50 +00:00
// more changes: all software receives a date further in the future, so all should be updated
farFuture := now.Add(4 * 24 * time.Hour)
sw = []fleet.Software{
{Name: "bar", Version: "0.0.2", Source: "test", GenerateCPE: "cpe_bar", LastOpenedAt: &farFuture},
{Name: "baz", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz", LastOpenedAt: &farFuture},
{Name: "qux", Version: "0.0.4", Source: "test", GenerateCPE: "cpe_qux", LastOpenedAt: &farFuture},
}
_, err = ds.UpdateHostSoftware(ctx, host.ID, sw)
require.NoError(t, err)
validateSoftware(tup{"bar", farFuture}, tup{"baz", farFuture}, tup{"qux", farFuture})
Collect last_opened_at for macOS software, and return it in host details payload (#5376)
2022-04-26 18:16:59 +00:00
}
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
func testListSoftwareByHostIDShort(t *testing.T, ds *Datastore) {
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
host2 := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
software1 := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
}
software2 := []fleet.Software{
{Name: "foo", Version: "v0.0.2", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(context.Background(), host1.ID, software1)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(context.Background(), host2.ID, software2)
require.NoError(t, err)
Sync CVE scores periodically (#5838)
2022-06-01 16:06:57 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host1, false))
require.NoError(t, ds.LoadHostSoftware(context.Background(), host2, false))
Include CVE scores when listing software (#5673)
2022-05-20 16:58:40 +00:00
software, err := ds.ListSoftwareByHostIDShort(context.Background(), host1.ID)
require.NoError(t, err)
test.ElementsMatchSkipID(t, software1, software)
software, err = ds.ListSoftwareByHostIDShort(context.Background(), host2.ID)
require.NoError(t, err)
test.ElementsMatchSkipID(t, software2, software)
// bad host id returns no software
badHostID := uint(3)
software, err = ds.ListSoftwareByHostIDShort(context.Background(), badHostID)
require.NoError(t, err)
require.Len(t, software, 0)
}
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
fix issue with duplicate vulns detected using nvd (#8613) The OVAL analyzer falsely assumes that any vulnerabilities detected on a host only come from OVAL. However, it is possible that NVD detects vulnerabilities on these hosts even though it excludes software from deb_packages and rpm_packages. For example, a python package twisted v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL analyzer would delete this vulnerability, and it would be re-inserted by the NVD scanner on the next run. This creates a loop. The fix is to only delete vulnerabilities that are actually detected using OVAL. We already store this in the source column in the software_cve table.
2022-11-10 17:28:00 +00:00
func testListSoftwareVulnerabilitiesByHostIDsSource(t *testing.T, ds *Datastore) {
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
ctx := context.Background()
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "apps"},
{Name: "blah", Version: "1.0", Source: "apps"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes := []fleet.SoftwareCPE{
{SoftwareID: host.Software[0].ID, CPE: "foo_cpe"},
{SoftwareID: host.Software[1].ID, CPE: "bar_cpe"},
{SoftwareID: host.Software[2].ID, CPE: "blah_cpe"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
cveMap := map[int]string{
0: "cve-123",
1: "cve-456",
}
for i, s := range host.Software {
cve, ok := cveMap[i]
if ok {
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
inserted, err := ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
SoftwareID: s.ID,
CVE: cve,
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
}, fleet.NVDSource)
require.NoError(t, err)
require.True(t, inserted)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
}
fix issue with duplicate vulns detected using nvd (#8613) The OVAL analyzer falsely assumes that any vulnerabilities detected on a host only come from OVAL. However, it is possible that NVD detects vulnerabilities on these hosts even though it excludes software from deb_packages and rpm_packages. For example, a python package twisted v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL analyzer would delete this vulnerability, and it would be re-inserted by the NVD scanner on the next run. This creates a loop. The fix is to only delete vulnerabilities that are actually detected using OVAL. We already store this in the source column in the software_cve table.
2022-11-10 17:28:00 +00:00
result, err := ds.ListSoftwareVulnerabilitiesByHostIDsSource(ctx, []uint{host.ID}, fleet.NVDSource)
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
fix issue with duplicate vulns detected using nvd (#8613) The OVAL analyzer falsely assumes that any vulnerabilities detected on a host only come from OVAL. However, it is possible that NVD detects vulnerabilities on these hosts even though it excludes software from deb_packages and rpm_packages. For example, a python package twisted v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL analyzer would delete this vulnerability, and it would be re-inserted by the NVD scanner on the next run. This creates a loop. The fix is to only delete vulnerabilities that are actually detected using OVAL. We already store this in the source column in the software_cve table.
2022-11-10 17:28:00 +00:00
var actualCVEs []string
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
for _, r := range result[host.ID] {
actualCVEs = append(actualCVEs, r.CVE)
}
fix issue with duplicate vulns detected using nvd (#8613) The OVAL analyzer falsely assumes that any vulnerabilities detected on a host only come from OVAL. However, it is possible that NVD detects vulnerabilities on these hosts even though it excludes software from deb_packages and rpm_packages. For example, a python package twisted v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL analyzer would delete this vulnerability, and it would be re-inserted by the NVD scanner on the next run. This creates a loop. The fix is to only delete vulnerabilities that are actually detected using OVAL. We already store this in the source column in the software_cve table.
2022-11-10 17:28:00 +00:00
expectedCVEs := []string{"cve-123", "cve-456"}
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.ElementsMatch(t, expectedCVEs, actualCVEs)
for _, r := range result[host.ID] {
require.NotEqual(t, r.SoftwareID, 0)
}
}
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
func testInsertSoftwareVulnerability(t *testing.T, ds *Datastore) {
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
ctx := context.Background()
t.Run("no vulnerabilities to insert", func(t *testing.T) {
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
inserted, err := ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{}, fleet.UbuntuOVALSource)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.False(t, inserted)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
})
t.Run("duplicated vulnerabilities", func(t *testing.T) {
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := fleet.Software{
Name: "foo", Version: "0.0.1", Source: "chrome_extensions",
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, host.ID, []fleet.Software{software})
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes := []fleet.SoftwareCPE{
{SoftwareID: host.Software[0].ID, CPE: "foo_cpe_1"},
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
inserted, err := ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
SoftwareID: host.Software[0].ID, CVE: "cve-1",
}, fleet.UbuntuOVALSource)
require.NoError(t, err)
require.True(t, inserted)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Profiles batch activity (#21604) #20757 API endpoint `/api/v1/fleet/mdm/profiles/batch` will now not log an activity for profile types that did not change in the database (Apple configuration profiles, Windows configuration profiles, or Apple declarations). Demo video: https://www.loom.com/share/8b75cbd8e7394c12ac6b56746b72c244 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - [x] Manual QA for all new/changed functionality
2024-08-30 21:00:35 +00:00
// Sleep so that the updated_at timestamp is guaranteed to be updated.
time.Sleep(1 * time.Second)
insertedOrUpdated, err := ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
SoftwareID: host.Software[0].ID, CVE: "cve-1",
}, fleet.UbuntuOVALSource)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, err)
Profiles batch activity (#21604) #20757 API endpoint `/api/v1/fleet/mdm/profiles/batch` will now not log an activity for profile types that did not change in the database (Apple configuration profiles, Windows configuration profiles, or Apple declarations). Demo video: https://www.loom.com/share/8b75cbd8e7394c12ac6b56746b72c244 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - [x] Manual QA for all new/changed functionality
2024-08-30 21:00:35 +00:00
// This will always return true because we always update the timestamp
assert.True(t, insertedOrUpdated)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
fix issue with duplicate vulns detected using nvd (#8613) The OVAL analyzer falsely assumes that any vulnerabilities detected on a host only come from OVAL. However, it is possible that NVD detects vulnerabilities on these hosts even though it excludes software from deb_packages and rpm_packages. For example, a python package twisted v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL analyzer would delete this vulnerability, and it would be re-inserted by the NVD scanner on the next run. This creates a loop. The fix is to only delete vulnerabilities that are actually detected using OVAL. We already store this in the source column in the software_cve table.
2022-11-10 17:28:00 +00:00
storedVulns, err := ds.ListSoftwareVulnerabilitiesByHostIDsSource(ctx, []uint{host.ID}, fleet.UbuntuOVALSource)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, err)
occurrence := make(map[string]int)
for _, v := range storedVulns[host.ID] {
Updating golangci-lint to 1.61.0 (#22973)
2024-10-18 17:38:26 +00:00
occurrence[v.CVE]++
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
require.Equal(t, 1, occurrence["cve-1"])
})
t.Run("a vulnerability already exists", func(t *testing.T) {
host := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
software := fleet.Software{
Name: "foo", Version: "0.0.1", Source: "chrome_extensions",
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, host.ID, []fleet.Software{software})
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
cpes := []fleet.SoftwareCPE{
{SoftwareID: host.Software[0].ID, CPE: "foo_cpe_2"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
var vulns []fleet.SoftwareVulnerability
for _, s := range host.Software {
vulns = append(vulns, fleet.SoftwareVulnerability{
SoftwareID: s.ID,
CVE: "cve-2",
})
}
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
inserted, err := ds.InsertSoftwareVulnerability(ctx, vulns[0], fleet.UbuntuOVALSource)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.True(t, inserted)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
Profiles batch activity (#21604) #20757 API endpoint `/api/v1/fleet/mdm/profiles/batch` will now not log an activity for profile types that did not change in the database (Apple configuration profiles, Windows configuration profiles, or Apple declarations). Demo video: https://www.loom.com/share/8b75cbd8e7394c12ac6b56746b72c244 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - [x] Manual QA for all new/changed functionality
2024-08-30 21:00:35 +00:00
// Sleep so that the updated_at timestamp is guaranteed to be updated.
time.Sleep(1 * time.Second)
insertedOrUpdated, err := ds.InsertSoftwareVulnerability(ctx, vulns[0], fleet.UbuntuOVALSource)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
require.NoError(t, err)
Profiles batch activity (#21604) #20757 API endpoint `/api/v1/fleet/mdm/profiles/batch` will now not log an activity for profile types that did not change in the database (Apple configuration profiles, Windows configuration profiles, or Apple declarations). Demo video: https://www.loom.com/share/8b75cbd8e7394c12ac6b56746b72c244 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - [x] Manual QA for all new/changed functionality
2024-08-30 21:00:35 +00:00
// This will always return true because we always update the timestamp
assert.True(t, insertedOrUpdated)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
fix issue with duplicate vulns detected using nvd (#8613) The OVAL analyzer falsely assumes that any vulnerabilities detected on a host only come from OVAL. However, it is possible that NVD detects vulnerabilities on these hosts even though it excludes software from deb_packages and rpm_packages. For example, a python package twisted v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL analyzer would delete this vulnerability, and it would be re-inserted by the NVD scanner on the next run. This creates a loop. The fix is to only delete vulnerabilities that are actually detected using OVAL. We already store this in the source column in the software_cve table.
2022-11-10 17:28:00 +00:00
storedVulns, err := ds.ListSoftwareVulnerabilitiesByHostIDsSource(ctx, []uint{host.ID}, fleet.UbuntuOVALSource)
Do not use golangci action for better reproducibility (use `make lint-go`) (#6175) * Do not use golangci action for better reproducibility * Add fix to trigger build * Fix all reported issues * fix more lint errors * Add missing import * Remove unused method * Remove change not necessary
2022-06-10 21:52:24 +00:00
require.NoError(t, err)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
occurrence := make(map[string]int)
for _, v := range storedVulns[host.ID] {
Updating golangci-lint to 1.61.0 (#22973)
2024-10-18 17:38:26 +00:00
occurrence[v.CVE]++
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
require.Equal(t, 1, occurrence["cve-1"])
require.Equal(t, 1, occurrence["cve-2"])
})
Add version_resolved_in to software API (#13939)
2023-09-18 22:53:32 +00:00
t.Run("vulnerability includes version range", func(t *testing.T) {
// new host
host := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now())
// new software
software := fleet.Software{
Name: "host3software", Version: "0.0.1", Source: "chrome_extensions",
}
_, err := ds.UpdateHostSoftware(ctx, host.ID, []fleet.Software{software})
require.NoError(t, err)
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
// new software cpe
cpes := []fleet.SoftwareCPE{
{SoftwareID: host.Software[0].ID, CPE: "cpe:2.3:a:foo:foo:0.0.1:*:*:*:*:*:*:*"},
}
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
require.NoError(t, err)
// new vulnerability
vuln := fleet.SoftwareVulnerability{
SoftwareID: host.Software[0].ID,
CVE: "cve-3",
15254 oval scan err (#15499)
2023-12-14 17:39:28 +00:00
ResolvedInVersion: ptr.String("1.2.3"),
Add version_resolved_in to software API (#13939)
2023-09-18 22:53:32 +00:00
}
inserted, err := ds.InsertSoftwareVulnerability(ctx, vuln, fleet.UbuntuOVALSource)
require.NoError(t, err)
require.True(t, inserted)
15254 oval scan err (#15499)
2023-12-14 17:39:28 +00:00
// vulnerability with no ResolvedInVersion
vuln = fleet.SoftwareVulnerability{
SoftwareID: host.Software[0].ID,
CVE: "cve-4",
}
inserted, err = ds.InsertSoftwareVulnerability(ctx, vuln, fleet.UbuntuOVALSource)
require.NoError(t, err)
require.True(t, inserted)
Add version_resolved_in to software API (#13939)
2023-09-18 22:53:32 +00:00
storedVulns, err := ds.ListSoftwareVulnerabilitiesByHostIDsSource(ctx, []uint{host.ID}, fleet.UbuntuOVALSource)
require.NoError(t, err)
15254 oval scan err (#15499)
2023-12-14 17:39:28 +00:00
require.Len(t, storedVulns[host.ID], 2)
Add version_resolved_in to software API (#13939)
2023-09-18 22:53:32 +00:00
require.Equal(t, "cve-3", storedVulns[host.ID][0].CVE)
15254 oval scan err (#15499)
2023-12-14 17:39:28 +00:00
require.Equal(t, "1.2.3", *storedVulns[host.ID][0].ResolvedInVersion)
require.Equal(t, "cve-4", storedVulns[host.ID][1].CVE)
require.Nil(t, storedVulns[host.ID][1].ResolvedInVersion)
Add version_resolved_in to software API (#13939)
2023-09-18 22:53:32 +00:00
})
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
func testListCVEs(t *testing.T, ds *Datastore) {
ctx := context.Background()
now := time.Now().UTC()
threeDaysAgo := now.Add(-3 * 24 * time.Hour)
twoWeeksAgo := now.Add(-14 * 24 * time.Hour)
twoMonthsAgo := now.Add(-60 * 24 * time.Hour)
testCases := []fleet.CVEMeta{
Add Description text to CVE Metadata (#13856)
2023-09-15 17:24:10 +00:00
{CVE: "cve-1", Published: &threeDaysAgo, Description: "cve-1 description"},
{CVE: "cve-2", Published: &twoWeeksAgo, Description: "cve-2 description"},
{CVE: "cve-3", Published: &twoMonthsAgo}, // past maxAge
{CVE: "cve-4"}, // no published date
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
err := ds.InsertCVEMeta(ctx, testCases)
require.NoError(t, err)
result, err := ds.ListCVEs(ctx, 30*24*time.Hour)
require.NoError(t, err)
Add Description text to CVE Metadata (#13856)
2023-09-15 17:24:10 +00:00
expected := []string{"cve-1", "cve-1 description", "cve-2", "cve-2 description"}
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
var actual []string
for _, r := range result {
actual = append(actual, r.CVE)
Add Description text to CVE Metadata (#13856)
2023-09-15 17:24:10 +00:00
actual = append(actual, r.Description)
Improve vulnerability detection for Ubuntu (#6102) Feature: Improve our capability to detect vulnerable software on Ubuntu hosts To improve the capability of detecting vulnerable software on Ubuntu, we are now using OVAL definitions to detect vulnerable software on Ubuntu hosts. If data sync is enabled (disable_data_sync=false) OVAL definitions are automatically kept up to date (they are 'refreshed' once per day) - there's also the option to manually download the OVAL definitions using the 'fleetctl vulnerability-data-stream' command. Downloaded definitions are then parsed into an intermediary format and then used to identify vulnerable software on Ubuntu hosts. Finally, any 'recent' detected vulnerabilities are sent to any third-party integrations.
2022-06-08 01:09:47 +00:00
}
require.ElementsMatch(t, expected, actual)
}
Bug 7332: Include software without CPE entries (#7334) When listing software for performing vuln. detection include software without CPE entries.
2022-08-22 15:45:17 +00:00
func testListSoftwareForVulnDetection(t *testing.T, ds *Datastore) {
t.Run("returns software without CPE entries", func(t *testing.T) {
ctx := context.Background()
host := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now())
host.Platform = "debian"
Enable `errcheck` linter for `golangci-lint` (#8899)
2022-12-05 22:50:49 +00:00
require.NoError(t, ds.UpdateHost(ctx, host))
Bug 7332: Include software without CPE entries (#7334) When listing software for performing vuln. detection include software without CPE entries.
2022-08-22 15:45:17 +00:00
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "apps"},
{Name: "biz", Version: "0.0.1", Source: "deb_packages"},
{Name: "baz", Version: "0.0.3", Source: "deb_packages"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
Bug 7332: Include software without CPE entries (#7334) When listing software for performing vuln. detection include software without CPE entries.
2022-08-22 15:45:17 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(ctx, []fleet.SoftwareCPE{{SoftwareID: host.Software[0].ID, CPE: "cpe1"}})
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Bug 7332: Include software without CPE entries (#7334) When listing software for performing vuln. detection include software without CPE entries.
2022-08-22 15:45:17 +00:00
// Load software again so that CPE data is included.
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
Custom Vulnerability Matching (#20118)
2024-07-09 17:50:22 +00:00
filter := fleet.VulnSoftwareFilter{HostID: &host.ID}
result, err := ds.ListSoftwareForVulnDetection(ctx, filter)
Bug 7332: Include software without CPE entries (#7334) When listing software for performing vuln. detection include software without CPE entries.
2022-08-22 15:45:17 +00:00
require.NoError(t, err)
sort.Slice(host.Software, func(i, j int) bool { return host.Software[i].ID < host.Software[j].ID })
sort.Slice(result, func(i, j int) bool { return result[i].ID < result[j].ID })
require.Equal(t, len(host.Software), len(result))
for i := range host.Software {
require.Equal(t, host.Software[i].ID, result[i].ID)
require.Equal(t, host.Software[i].Name, result[i].Name)
require.Equal(t, host.Software[i].Version, result[i].Version)
require.Equal(t, host.Software[i].Release, result[i].Release)
require.Equal(t, host.Software[i].Arch, result[i].Arch)
require.Equal(t, host.Software[i].GenerateCPE, result[i].GenerateCPE)
}
Custom Vulnerability Matching (#20118)
2024-07-09 17:50:22 +00:00
// test name filter
filter = fleet.VulnSoftwareFilter{Name: "fo"} // LIKE match
result, err = ds.ListSoftwareForVulnDetection(ctx, filter)
require.NoError(t, err)
require.Len(t, result, 1)
require.Equal(t, "foo", result[0].Name)
// test source filter
filter = fleet.VulnSoftwareFilter{Source: "deb_packages"}
result, err = ds.ListSoftwareForVulnDetection(ctx, filter)
sort.Slice(result, func(i, j int) bool { return result[i].Name < result[j].Name })
require.NoError(t, err)
require.Len(t, result, 2)
require.Equal(t, "baz", result[0].Name)
require.Equal(t, "biz", result[1].Name)
Bug 7332: Include software without CPE entries (#7334) When listing software for performing vuln. detection include software without CPE entries.
2022-08-22 15:45:17 +00:00
})
}
Bug 7320: Fixed dulp. vulns. on software details. (#7342) * Bug 7320: Fixed dulp. vulns. on software details. The software details page was showing duplicated vulnerabilities if the software was being used by many hosts.
2022-08-24 13:45:20 +00:00
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
func testSoftwareByIDNoDuplicatedVulns(t *testing.T, ds *Datastore) {
Bug 7320: Fixed dulp. vulns. on software details. (#7342) * Bug 7320: Fixed dulp. vulns. on software details. The software details page was showing duplicated vulnerabilities if the software was being used by many hosts.
2022-08-24 13:45:20 +00:00
t.Run("software installed in multiple hosts does not have duplicated vulnerabilities", func(t *testing.T) {
ctx := context.Background()
hostA := test.NewHost(t, ds, "hostA", "", "hostAkey", "hostAuuid", time.Now())
hostA.Platform = "ubuntu"
Enable `errcheck` linter for `golangci-lint` (#8899)
2022-12-05 22:50:49 +00:00
require.NoError(t, ds.UpdateHost(ctx, hostA))
Bug 7320: Fixed dulp. vulns. on software details. (#7342) * Bug 7320: Fixed dulp. vulns. on software details. The software details page was showing duplicated vulnerabilities if the software was being used by many hosts.
2022-08-24 13:45:20 +00:00
hostB := test.NewHost(t, ds, "hostB", "", "hostBkey", "hostBuuid", time.Now())
hostB.Platform = "ubuntu"
Enable `errcheck` linter for `golangci-lint` (#8899)
2022-12-05 22:50:49 +00:00
require.NoError(t, ds.UpdateHost(ctx, hostB))
Bug 7320: Fixed dulp. vulns. on software details. (#7342) * Bug 7320: Fixed dulp. vulns. on software details. The software details page was showing duplicated vulnerabilities if the software was being used by many hosts.
2022-08-24 13:45:20 +00:00
software := []fleet.Software{
{Name: "foo_123", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar_123", Version: "0.0.3", Source: "apps"},
{Name: "biz_123", Version: "0.0.1", Source: "deb_packages"},
{Name: "baz_123", Version: "0.0.3", Source: "deb_packages"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, hostA.ID, software)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(ctx, hostB.ID, software)
require.NoError(t, err)
Bug 7320: Fixed dulp. vulns. on software details. (#7342) * Bug 7320: Fixed dulp. vulns. on software details. The software details page was showing duplicated vulnerabilities if the software was being used by many hosts.
2022-08-24 13:45:20 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, hostA, false))
require.NoError(t, ds.LoadHostSoftware(ctx, hostB, false))
// Add one vulnerability to each software
for i, s := range hostA.Software {
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
inserted, err := ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
Bug 7320: Fixed dulp. vulns. on software details. (#7342) * Bug 7320: Fixed dulp. vulns. on software details. The software details page was showing duplicated vulnerabilities if the software was being used by many hosts.
2022-08-24 13:45:20 +00:00
SoftwareID: s.ID,
CVE: fmt.Sprintf("cve-%d", i),
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
}, fleet.UbuntuOVALSource)
require.NoError(t, err)
require.True(t, inserted)
Bug 7320: Fixed dulp. vulns. on software details. (#7342) * Bug 7320: Fixed dulp. vulns. on software details. The software details page was showing duplicated vulnerabilities if the software was being used by many hosts.
2022-08-24 13:45:20 +00:00
}
for _, s := range hostA.Software {
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
result, err := ds.SoftwareByID(ctx, s.ID, nil, true, nil)
Bug 7320: Fixed dulp. vulns. on software details. (#7342) * Bug 7320: Fixed dulp. vulns. on software details. The software details page was showing duplicated vulnerabilities if the software was being used by many hosts.
2022-08-24 13:45:20 +00:00
require.NoError(t, err)
require.Len(t, result.Vulnerabilities, 1)
}
})
}
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
func testSoftwareByIDIncludesCVEPublishedDate(t *testing.T, ds *Datastore) {
t.Run("software.vulnerabilities includes the published date", func(t *testing.T) {
ctx := context.Background()
host := test.NewHost(t, ds, "hostA", "", "hostAkey", "hostAuuid", time.Now())
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
team1, err := ds.NewTeam(context.Background(), &fleet.Team{Name: "team1"})
require.NoError(t, err)
require.NoError(t, ds.AddHostsToTeam(context.Background(), &team1.ID, []uint{host.ID}))
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
now := time.Now().UTC().Truncate(time.Second)
testCases := []struct {
name string
hasVuln bool
hasMeta bool
hasPublishedDate bool
}{
{"foo_123", true, true, true},
{"bar_123", true, true, false},
{"foo_456", true, false, false},
{"bar_456", false, true, true},
{"foo_789", false, true, false},
{"bar_789", false, false, false},
}
// Add software
var software []fleet.Software
for _, t := range testCases {
software = append(software, fleet.Software{
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
Name: t.name,
Version: "0.0.1",
Source: "apps",
BundleIdentifier: fmt.Sprintf("com.example.%s", t.name),
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
})
}
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
_, err = ds.UpdateHostSoftware(ctx, host.ID, software)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
require.NoError(t, ds.SyncHostsSoftware(ctx, time.Now()))
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
// Add vulnerabilities and CVEMeta
var meta []fleet.CVEMeta
for _, tC := range testCases {
idx := -1
for i, s := range host.Software {
if s.Name == tC.name {
idx = i
break
}
}
require.NotEqual(t, -1, idx, "software not found")
if tC.hasVuln {
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
inserted, err := ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
SoftwareID: host.Software[idx].ID,
CVE: fmt.Sprintf("cve-%s", tC.name),
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
}, fleet.UbuntuOVALSource)
require.NoError(t, err)
require.True(t, inserted)
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
}
if tC.hasMeta {
var published *time.Time
if tC.hasPublishedDate {
published = &now
}
meta = append(meta, fleet.CVEMeta{
CVE: fmt.Sprintf("cve-%s", tC.name),
CVSSScore: ptr.Float64(5.4),
EPSSProbability: ptr.Float64(0.5),
CISAKnownExploit: ptr.Bool(true),
Published: published,
})
}
}
require.NoError(t, ds.InsertCVEMeta(ctx, meta))
for _, tC := range testCases {
idx := -1
for i, s := range host.Software {
if s.Name == tC.name {
idx = i
break
}
}
require.NotEqual(t, -1, idx, "software not found")
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
for _, teamID := range []*uint{nil, &team1.ID} {
// Test that scores are not included if includeCVEScores = false
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
withoutScores, err := ds.SoftwareByID(ctx, host.Software[idx].ID, teamID, false, nil)
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
require.NoError(t, err)
if tC.hasVuln {
require.Len(t, withoutScores.Vulnerabilities, 1)
require.Equal(t, fmt.Sprintf("cve-%s", tC.name), withoutScores.Vulnerabilities[0].CVE)
require.Nil(t, withoutScores.Vulnerabilities[0].CVSSScore)
require.Nil(t, withoutScores.Vulnerabilities[0].EPSSProbability)
require.Nil(t, withoutScores.Vulnerabilities[0].CISAKnownExploit)
} else {
require.Empty(t, withoutScores.Vulnerabilities)
}
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
withScores, err := ds.SoftwareByID(ctx, host.Software[idx].ID, teamID, true, nil)
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
require.NoError(t, err)
if tC.hasVuln {
require.Len(t, withScores.Vulnerabilities, 1)
require.Equal(t, fmt.Sprintf("cve-%s", tC.name), withoutScores.Vulnerabilities[0].CVE)
if tC.hasMeta {
require.NotNil(t, withScores.Vulnerabilities[0].CVSSScore)
require.NotNil(t, *withScores.Vulnerabilities[0].CVSSScore)
require.Equal(t, **withScores.Vulnerabilities[0].CVSSScore, 5.4)
require.NotNil(t, withScores.Vulnerabilities[0].EPSSProbability)
require.NotNil(t, *withScores.Vulnerabilities[0].EPSSProbability)
require.Equal(t, **withScores.Vulnerabilities[0].EPSSProbability, 0.5)
require.NotNil(t, withScores.Vulnerabilities[0].CISAKnownExploit)
require.NotNil(t, *withScores.Vulnerabilities[0].CISAKnownExploit)
require.Equal(t, **withScores.Vulnerabilities[0].CISAKnownExploit, true)
if tC.hasPublishedDate {
require.NotNil(t, withScores.Vulnerabilities[0].CVEPublished)
require.NotNil(t, *withScores.Vulnerabilities[0].CVEPublished)
require.Equal(t, (**withScores.Vulnerabilities[0].CVEPublished), now)
}
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
}
Add team filter to software detail APIs (#16876) #16787
2024-02-18 13:14:20 +00:00
} else {
require.Empty(t, withoutScores.Vulnerabilities)
Feature 9834: Add published date to vulnerability object (#10434) This only applies to Premium users, we want to show the vulnerabilities' published date anywhere vulnerabilities are shown including API endpoints and third party integrations.
2023-03-28 20:11:31 +00:00
}
}
}
})
}
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
func testAllSoftwareIterator(t *testing.T, ds *Datastore) {
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
{Name: "foobar", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "chrome_extensions"},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
{Name: "foo", Version: "v0.0.2", Source: "apps"},
{Name: "foo", Version: "0.0.3", Source: "apps"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages"},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
{Name: "baz", Version: "0.0.3", Source: "deb_packages"},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(context.Background(), host.ID, software)
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, ds.LoadHostSoftware(context.Background(), host, false))
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
foo_ce_v1 := slices.IndexFunc(host.Software, func(c fleet.HostSoftwareEntry) bool {
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
return c.Name == "foo" && c.Version == "0.0.1" && c.Source == "chrome_extensions"
})
Feature 10196: Add filepath to end-points and third party integrations (#11285) Adds the software installed path property to the proper end-points and third party integrations (webhook, Zendesk and Jira).
2023-05-17 20:53:15 +00:00
foo_app_v2 := slices.IndexFunc(host.Software, func(c fleet.HostSoftwareEntry) bool {
return c.Name == "foo" && c.Version == "v0.0.2" && c.Source == "apps"
})
bar_v3 := slices.IndexFunc(host.Software, func(c fleet.HostSoftwareEntry) bool {
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
return c.Name == "bar" && c.Version == "0.0.3" && c.Source == "deb_packages"
})
cpes := []fleet.SoftwareCPE{
{SoftwareID: host.Software[foo_ce_v1].ID, CPE: "cpe:foo_ce_v1"},
{SoftwareID: host.Software[foo_app_v2].ID, CPE: "cpe:foo_app_v2"},
{SoftwareID: host.Software[bar_v3].ID, CPE: "cpe:bar_v3"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(context.Background(), cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
testCases := []struct {
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
name string
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
q fleet.SoftwareIterQueryOptions
expected []fleet.Software
}{
{
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
name: "include apps source",
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
expected: []fleet.Software{
{Name: "foo", Version: "v0.0.2", Source: "apps", GenerateCPE: "cpe:foo_app_v2"},
{Name: "foo", Version: "0.0.3", Source: "apps"},
},
q: fleet.SoftwareIterQueryOptions{IncludedSources: []string{"apps"}},
},
{
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
name: "exclude apps source",
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
expected: []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions", GenerateCPE: "cpe:foo_ce_v1"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
{Name: "bar", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "foobar", Version: "0.0.1", Source: "chrome_extensions"},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
{Name: "bar", Version: "0.0.3", Source: "deb_packages", GenerateCPE: "cpe:bar_v3"},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
{Name: "baz", Version: "0.0.3", Source: "deb_packages"},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
},
q: fleet.SoftwareIterQueryOptions{ExcludedSources: []string{"apps"}},
},
{
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
name: "no filter",
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
expected: []fleet.Software{
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions", GenerateCPE: "cpe:foo_ce_v1"},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
{Name: "foo", Version: "v0.0.2", Source: "apps", GenerateCPE: "cpe:foo_app_v2"},
{Name: "foo", Version: "0.0.3", Source: "apps"},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "foobar", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "baz", Version: "0.0.3", Source: "deb_packages"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages", GenerateCPE: "cpe:bar_v3"},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
q: fleet.SoftwareIterQueryOptions{},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
},
{
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
name: "partial name filter includes deb_packages",
expected: []fleet.Software{
{Name: "bar", Version: "0.0.3", Source: "deb_packages", GenerateCPE: "cpe:bar_v3"},
},
q: fleet.SoftwareIterQueryOptions{NameMatch: `ba[r|f]`, IncludedSources: []string{"deb_packages"}},
},
{
name: "name filter includes chrome_extensions",
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
expected: []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions", GenerateCPE: "cpe:foo_ce_v1"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
{Name: "foobar", Version: "0.0.1", Source: "chrome_extensions"},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
},
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
q: fleet.SoftwareIterQueryOptions{NameMatch: "foo\\.*", IncludedSources: []string{"chrome_extensions"}},
},
{
name: "name filter and not name filter",
expected: []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions", GenerateCPE: "cpe:foo_ce_v1"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
},
q: fleet.SoftwareIterQueryOptions{NameMatch: "foo\\.*", NameExclude: "bar$", IncludedSources: []string{"chrome_extensions"}},
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
},
}
for _, tC := range testCases {
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
t.Run(tC.name, func(t *testing.T) {
var actual []fleet.Software
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
iter, err := ds.AllSoftwareIterator(context.Background(), tC.q)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
for iter.Next() {
software, err := iter.Value()
require.NoError(t, err)
actual = append(actual, *software)
}
iter.Close()
test.ElementsMatchSkipID(t, tC.expected, actual)
})
}
}
func testSoftwareIteratorForLinuxKernelCustomImages(t *testing.T, ds *Datastore) {
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := []fleet.Software{
{Name: "linux-image-5.4.0-42-generic", Version: "5.4.0-42.46", Source: "deb_packages"},
{Name: "linux-image-6.5.0-42-generic", Version: "6.5.0-100.27", Source: "deb_packages"},
{Name: "linux-image-5.4.0-42-custom", Version: "5.4.0-42.46", Source: "deb_packages"},
{Name: "linux-image-6.5.0-42-1234-foo", Version: "6.5.0-100.27", Source: "deb_packages"},
{Name: "linux-image-generic", Version: "1.0.0", Source: "deb_packages"},
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages"},
}
_, err := ds.UpdateHostSoftware(context.Background(), host.ID, software)
require.NoError(t, err)
require.NoError(t, ds.LoadHostSoftware(context.Background(), host, false))
expected := []fleet.Software{
{Name: "linux-image-5.4.0-42-custom", Version: "5.4.0-42.46", Source: "deb_packages"},
{Name: "linux-image-6.5.0-42-1234-foo", Version: "6.5.0-100.27", Source: "deb_packages"},
}
opts := fleet.SoftwareIterQueryOptions{
NameMatch: nvd.LinuxImageRegex,
NameExclude: nvd.BuildLinuxExclusionRegex(),
IncludedSources: []string{"deb_packages"},
}
iterator, err := ds.AllSoftwareIterator(context.Background(), opts)
require.NoError(t, err)
var actual []fleet.Software
for iterator.Next() {
software, err := iterator.Value()
require.NoError(t, err)
actual = append(actual, *software)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
}
Custom Ubuntu Kernel Vuln Scanning (#19588)
2024-06-17 21:44:01 +00:00
iterator.Close()
test.ElementsMatchSkipID(t, expected, actual)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
}
func testUpsertSoftwareCPEs(t *testing.T, ds *Datastore) {
ctx := context.Background()
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
cpes := []fleet.SoftwareCPE{
{SoftwareID: host.Software[0].ID, CPE: "cpe:foo_ce_v1"},
{SoftwareID: host.Software[0].ID, CPE: "cpe:foo_ce_v2"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
cpes, err = ds.ListSoftwareCPEs(ctx)
require.NoError(t, err)
require.Equal(t, len(cpes), 1)
require.Equal(t, cpes[0].CPE, "cpe:foo_ce_v2")
cpes = []fleet.SoftwareCPE{
{SoftwareID: host.Software[0].ID, CPE: "cpe:foo_ce_v3"},
}
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
require.NoError(t, err)
cpes = []fleet.SoftwareCPE{
{SoftwareID: host.Software[0].ID, CPE: "cpe:foo_ce_v4"},
}
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
require.NoError(t, err)
cpes, err = ds.ListSoftwareCPEs(ctx)
require.NoError(t, err)
require.Equal(t, len(cpes), 1)
require.Equal(t, cpes[0].CPE, "cpe:foo_ce_v4")
}
func testDeleteOutOfDateVulnerabilities(t *testing.T, ds *Datastore) {
ctx := context.Background()
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
vulns := []fleet.SoftwareVulnerability{
{
SoftwareID: host.Software[0].ID,
CVE: "CVE-2023-001",
},
{
SoftwareID: host.Software[0].ID,
CVE: "CVE-2023-002",
},
}
inserted, err := ds.InsertSoftwareVulnerability(ctx, vulns[0], fleet.NVDSource)
require.NoError(t, err)
require.True(t, inserted)
inserted, err = ds.InsertSoftwareVulnerability(ctx, vulns[1], fleet.NVDSource)
require.NoError(t, err)
require.True(t, inserted)
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
_, err = ds.writer(ctx).ExecContext(ctx, "UPDATE software_cve SET updated_at = '2020-10-10 12:00:00'")
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
// This should update the 'updated_at' timestamp.
Profiles batch activity (#21604) #20757 API endpoint `/api/v1/fleet/mdm/profiles/batch` will now not log an activity for profile types that did not change in the database (Apple configuration profiles, Windows configuration profiles, or Apple declarations). Demo video: https://www.loom.com/share/8b75cbd8e7394c12ac6b56746b72c244 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - [x] Manual QA for all new/changed functionality
2024-08-30 21:00:35 +00:00
insertedOrUpdated, err := ds.InsertSoftwareVulnerability(ctx, vulns[0], fleet.NVDSource)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
Profiles batch activity (#21604) #20757 API endpoint `/api/v1/fleet/mdm/profiles/batch` will now not log an activity for profile types that did not change in the database (Apple configuration profiles, Windows configuration profiles, or Apple declarations). Demo video: https://www.loom.com/share/8b75cbd8e7394c12ac6b56746b72c244 # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - [x] Manual QA for all new/changed functionality
2024-08-30 21:00:35 +00:00
assert.True(t, insertedOrUpdated)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
err = ds.DeleteOutOfDateVulnerabilities(ctx, fleet.NVDSource, 2*time.Hour)
require.NoError(t, err)
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
storedSoftware, err := ds.SoftwareByID(ctx, host.Software[0].ID, nil, false, nil)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
require.Equal(t, 1, len(storedSoftware.Vulnerabilities))
require.Equal(t, "CVE-2023-001", storedSoftware.Vulnerabilities[0].CVE)
}
func testDeleteSoftwareCPEs(t *testing.T, ds *Datastore) {
ctx := context.Background()
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.1", Source: "chrome_extensions"},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
cpes := []fleet.SoftwareCPE{
{
SoftwareID: host.Software[0].ID,
CPE: "CPE-001",
},
{
SoftwareID: host.Software[1].ID,
CPE: "CPE-002",
},
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
_, err = ds.UpsertSoftwareCPEs(ctx, cpes)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
t.Run("nothing to delete", func(t *testing.T) {
affected, err := ds.DeleteSoftwareCPEs(ctx, nil)
require.NoError(t, err)
require.Zero(t, affected)
})
t.Run("with invalid software id", func(t *testing.T) {
toDelete := []fleet.SoftwareCPE{cpes[0], {
SoftwareID: host.Software[1].ID + 1234,
CPE: "CPE-002",
}}
affected, err := ds.DeleteSoftwareCPEs(ctx, toDelete)
require.NoError(t, err)
require.Equal(t, int64(1), affected)
storedCPEs, err := ds.ListSoftwareCPEs(ctx)
require.NoError(t, err)
test.ElementsMatchSkipID(t, cpes[1:], storedCPEs)
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
storedSoftware, err := ds.SoftwareByID(ctx, cpes[0].SoftwareID, nil, false, nil)
Clean out-of-date NVD results. (#10514) Keep the vulnerabilities detected via NVD and stored in the DB in sync. with the results from the NVD vulnerability process.
2023-04-03 17:45:18 +00:00
require.NoError(t, err)
require.Empty(t, storedSoftware.GenerateCPE)
})
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
func testGetHostSoftwareInstalledPaths(t *testing.T, ds *Datastore) {
ctx := context.Background()
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.1", Source: "chrome_extensions"},
}
_, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
// No installed_path entries
actual, err := ds.getHostSoftwareInstalledPaths(ctx, host.ID)
require.NoError(t, err)
require.Empty(t, actual)
// Insert an installed_path for a single software entry
query := `INSERT INTO host_software_installed_paths (host_id, software_id, installed_path) VALUES (?, ?, ?)`
args := []interface{}{host.ID, host.Software[0].ID, "/some/path"}
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
_, err = ds.writer(ctx).ExecContext(ctx, query, args...)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
actual, err = ds.getHostSoftwareInstalledPaths(ctx, host.ID)
require.Len(t, actual, 1)
require.Equal(t, actual[0].SoftwareID, host.Software[0].ID)
require.Equal(t, actual[0].HostID, host.ID)
require.Equal(t, actual[0].InstalledPath, "/some/path")
require.NoError(t, err)
}
func testHostSoftwareInstalledPathsDelta(t *testing.T, ds *Datastore) {
host := fleet.Host{ID: 1}
software := []fleet.Software{
{
ID: 2,
Name: "foo",
Version: "0.0.1",
Source: "chrome_extensions",
},
{
ID: 3,
Name: "bar",
Version: "0.0.2",
Source: "chrome_extensions",
},
{
ID: 4,
Name: "zub",
Version: "0.0.3",
Source: "chrome_extensions",
},
{
ID: 5,
Name: "zib",
Version: "0.0.4",
Source: "chrome_extensions",
},
}
t.Run("empty args", func(t *testing.T) {
Downgrade sotware paths error (#28736)
2025-05-05 20:47:59 +00:00
toI, toD, err := hostSoftwareInstalledPathsDelta(host.ID, nil, nil, nil, nil)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.Empty(t, toI)
require.Empty(t, toD)
require.NoError(t, err)
})
t.Run("nothing reported from osquery", func(t *testing.T) {
var stored []fleet.HostSoftwareInstalledPath
for i, s := range software {
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
var executableSHA256 *string
if i%2 == 0 {
hash := fmt.Sprintf("%x", sha256.Sum256([]byte(fmt.Sprintf("hash-%d", s.ID))))
executableSHA256 = &hash
}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
stored = append(stored, fleet.HostSoftwareInstalledPath{
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
ID: uint(i),
HostID: host.ID,
SoftwareID: s.ID,
InstalledPath: fmt.Sprintf("/some/path/%d", s.ID),
ExecutableSHA256: executableSHA256,
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
})
}
Downgrade sotware paths error (#28736)
2025-05-05 20:47:59 +00:00
toI, toD, err := hostSoftwareInstalledPathsDelta(host.ID, nil, stored, software, nil)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
require.Empty(t, toI)
// Kind of an edge case ... but if nothing is reported by osquery we want the state of the
// DB to reflect that.
require.Len(t, toD, len(stored))
var expected []uint
for _, s := range stored {
expected = append(expected, s.ID)
}
require.ElementsMatch(t, toD, expected)
})
t.Run("host has no software but some paths were reported", func(t *testing.T) {
reported := make(map[string]struct{})
Add `team_identifier` to macOS software (#23766) Changes to add `team_identifier` signing information to macOS applications on the `/api/latest/fleet/hosts/:id/software` API endpoint. Docs: https://github.com/fleetdm/fleet/pull/23743 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [ X Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [X] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --------- Co-authored-by: Tim Lee <timlee@fleetdm.com> Co-authored-by: Ian Littman <iansltx@gmail.com>
2024-11-15 17:17:04 +00:00
reported[fmt.Sprintf("/some/path/%d%s%s%s%s", software[0].ID, fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, software[0].ToUniqueStr())] = struct{}{}
reported[fmt.Sprintf("/some/path/%d%s%s%s%s", software[1].ID+1, fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, software[1].ToUniqueStr())] = struct{}{}
reported[fmt.Sprintf("/some/path/%d%s%s%s%s", software[2].ID, fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, software[2].ToUniqueStr())] = struct{}{}
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
var stored []fleet.HostSoftwareInstalledPath
Downgrade sotware paths error (#28736)
2025-05-05 20:47:59 +00:00
_, _, err := hostSoftwareInstalledPathsDelta(host.ID, reported, stored, nil, nil)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.Error(t, err)
})
t.Run("we have some deltas", func(t *testing.T) {
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
hash1 := fmt.Sprintf("%x", sha256.Sum256([]byte("hash-1")))
hash2 := fmt.Sprintf("%x", sha256.Sum256([]byte("hash-2")))
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
getKey := func(s fleet.Software, change uint) string {
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
var key string
switch s.ID {
case 3:
key = fmt.Sprintf(
"%s%d%s%s%s%s%s%s",
"/some/path/", s.ID+change, fleet.SoftwareFieldSeparator, "corp1", fleet.SoftwareFieldSeparator, hash1, fleet.SoftwareFieldSeparator, s.ToUniqueStr(),
)
case 5:
key = fmt.Sprintf(
"%s%d%s%s%s%s%s%s",
"/some/path/", s.ID+change, fleet.SoftwareFieldSeparator, "corp1", fleet.SoftwareFieldSeparator, hash2, fleet.SoftwareFieldSeparator, s.ToUniqueStr(),
)
default:
key = fmt.Sprintf(
"%s%d%s%s%s%s%s%s",
"/some/path/", s.ID+change, fleet.SoftwareFieldSeparator, "corp1", fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, s.ToUniqueStr(),
)
}
return key
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
}
reported := make(map[string]struct{})
reported[getKey(software[0], 0)] = struct{}{}
reported[getKey(software[1], 1)] = struct{}{}
reported[getKey(software[2], 0)] = struct{}{}
var stored []fleet.HostSoftwareInstalledPath
stored = append(stored, fleet.HostSoftwareInstalledPath{
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
ID: 1,
HostID: host.ID,
SoftwareID: software[0].ID,
TeamIdentifier: "corp1",
InstalledPath: fmt.Sprintf("/some/path/%d", software[0].ID),
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
})
stored = append(stored, fleet.HostSoftwareInstalledPath{
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
ID: 2,
HostID: host.ID,
SoftwareID: software[1].ID,
TeamIdentifier: "corp1",
InstalledPath: fmt.Sprintf("/some/path/%d", software[1].ID),
ExecutableSHA256: &hash1,
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
})
stored = append(stored, fleet.HostSoftwareInstalledPath{
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
ID: 3,
HostID: host.ID,
SoftwareID: software[2].ID,
TeamIdentifier: "corp1",
InstalledPath: fmt.Sprintf("/some/path/%d", software[2].ID+1),
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
})
stored = append(stored, fleet.HostSoftwareInstalledPath{
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
ID: 4,
HostID: host.ID,
SoftwareID: software[3].ID,
TeamIdentifier: "corp1",
InstalledPath: fmt.Sprintf("/some/path/%d", software[3].ID),
ExecutableSHA256: &hash2,
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
})
Downgrade sotware paths error (#28736)
2025-05-05 20:47:59 +00:00
toI, toD, err := hostSoftwareInstalledPathsDelta(host.ID, reported, stored, software, nil)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
require.Len(t, toD, 3)
require.ElementsMatch(t,
[]uint{toD[0], toD[1], toD[2]},
[]uint{stored[1].ID, stored[2].ID, stored[3].ID},
)
require.Len(t, toI, 2)
for i := range toI {
require.Equal(t, toI[i].HostID, host.ID)
}
require.ElementsMatch(t,
[]uint{toI[0].SoftwareID, toI[1].SoftwareID},
[]uint{software[1].ID, software[2].ID},
)
require.ElementsMatch(t,
[]string{toI[0].InstalledPath, toI[1].InstalledPath},
[]string{fmt.Sprintf("/some/path/%d", software[1].ID+1), fmt.Sprintf("/some/path/%d", software[2].ID)},
)
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
require.ElementsMatch(t,
[]*string{toI[0].ExecutableSHA256, toI[1].ExecutableSHA256},
[]*string{&hash1, nil},
)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
})
}
func testDeleteHostSoftwareInstalledPaths(t *testing.T, ds *Datastore) {
ctx := context.Background()
host1 := fleet.Host{ID: 1}
host2 := fleet.Host{ID: 2}
software1 := []fleet.Software{
{ID: 1, Name: "foo", Version: "0.0.1", Source: "chrome_extensions"},
{ID: 2, Name: "bar", Version: "0.0.1", Source: "chrome_extensions"},
{ID: 3, Name: "zoo", Version: "0.0.1", Source: "chrome_extensions"},
}
software2 := []fleet.Software{
{ID: 4, Name: "zip", Version: "0.0.1", Source: "apps"},
{ID: 5, Name: "bur", Version: "0.0.1", Source: "apps"},
}
query := `INSERT INTO host_software_installed_paths (host_id, software_id, installed_path) VALUES (?, ?, ?)`
for _, s := range software1 {
args := []interface{}{host1.ID, s.ID, fmt.Sprintf("/some/path/%d", s.ID)}
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
_, err := ds.writer(ctx).ExecContext(ctx, query, args...)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
}
args := []interface{}{host2.ID, software2[0].ID, fmt.Sprintf("/some/path/%d", software2[0].ID)}
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
_, err := ds.writer(ctx).ExecContext(ctx, query, args...)
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.NoError(t, err)
storedOnHost1, err := ds.getHostSoftwareInstalledPaths(ctx, host1.ID)
require.NoError(t, err)
storedOnHost2, err := ds.getHostSoftwareInstalledPaths(ctx, host2.ID)
require.NoError(t, err)
var toDelete []uint
for _, r := range storedOnHost1 {
if r.SoftwareID == software1[0].ID || r.SoftwareID == software1[1].ID {
toDelete = append(toDelete, r.ID)
}
}
for _, r := range storedOnHost2 {
if r.SoftwareID == software2[0].ID {
toDelete = append(toDelete, r.ID)
}
}
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
require.NoError(t, deleteHostSoftwareInstalledPaths(ctx, ds.writer(ctx), toDelete))
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
var actual []fleet.HostSoftwareInstalledPath
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
require.NoError(t, sqlx.SelectContext(ctx, ds.reader(ctx), &actual, `SELECT host_id, software_id, installed_path FROM host_software_installed_paths`))
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
expected := []fleet.HostSoftwareInstalledPath{
{
HostID: host1.ID,
SoftwareID: software1[2].ID,
InstalledPath: fmt.Sprintf("/some/path/%d", software1[2].ID),
},
}
test.ElementsMatchSkipID(t, actual, expected)
}
func testInsertHostSoftwareInstalledPaths(t *testing.T, ds *Datastore) {
ctx := context.Background()
toInsert := []fleet.HostSoftwareInstalledPath{
{
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
HostID: 1,
SoftwareID: 1,
InstalledPath: "1",
TeamIdentifier: "corp1",
ExecutableSHA256: nil,
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
},
{
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
HostID: 1,
SoftwareID: 2,
InstalledPath: "2",
TeamIdentifier: "corp2",
ExecutableSHA256: ptr.String("c32f12fc330236fcef22a4c776b001da75e6a54d68aa4f1fd3f24ad66be76f63"),
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
},
{
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
HostID: 1,
SoftwareID: 3,
InstalledPath: "3",
TeamIdentifier: "",
ExecutableSHA256: nil,
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
},
}
Add mechanism to force read from primary DB, use it for puppet matching (#12396)
2023-06-19 17:55:15 +00:00
require.NoError(t, insertHostSoftwareInstalledPaths(ctx, ds.writer(ctx), toInsert))
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
var actual []fleet.HostSoftwareInstalledPath
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
require.NoError(t, sqlx.SelectContext(ctx, ds.reader(ctx), &actual, `SELECT host_id, software_id, installed_path, team_identifier, executable_sha256 FROM host_software_installed_paths`))
Feature: Store installed file path when ingesting software (#11214) Store software installed paths into the host_software_installed_paths table when ingesting osquery software data.
2023-05-17 18:49:09 +00:00
require.ElementsMatch(t, actual, toInsert)
}
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
func TestReconcileSoftwareTitles(t *testing.T) {
ds := CreateMySQLDS(t)
ctx := context.Background()
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
host2 := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
host3 := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now())
expectedSoftware := []fleet.Software{
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
{Name: "foo", Version: "0.0.1", Source: "chrome_extensions", Browser: "chrome"},
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
{Name: "foo", Version: "v0.0.2", Source: "chrome_extensions"},
{Name: "foo", Version: "0.0.3", Source: "chrome_extensions"},
{Name: "bar", Version: "0.0.3", Source: "deb_packages"},
{Name: "baz", Version: "0.0.1", Source: "deb_packages"},
}
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
expectedTitlesByNSB := map[string]fleet.SoftwareTitle{}
for _, s := range expectedSoftware {
expectedTitlesByNSB[s.Name+s.Source+s.Browser] = fleet.SoftwareTitle{
Name: s.Name,
Source: s.Source,
Browser: s.Browser,
}
}
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
software1 := []fleet.Software{expectedSoftware[0], expectedSoftware[2]}
software2 := []fleet.Software{expectedSoftware[1], expectedSoftware[2], expectedSoftware[3]}
software3 := []fleet.Software{expectedSoftware[4]}
_, err := ds.UpdateHostSoftware(ctx, host1.ID, software1)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(ctx, host2.ID, software2)
require.NoError(t, err)
_, err = ds.UpdateHostSoftware(ctx, host3.ID, software3)
require.NoError(t, err)
getSoftware := func() ([]fleet.Software, error) {
var sw []fleet.Software
Add checksum hash unique column to software table. (#15598)
2023-12-12 22:51:58 +00:00
err := ds.writer(ctx).SelectContext(ctx, &sw, `SELECT
id, name, version, bundle_identifier, source, extension_id, browser, `+"`release`"+`, vendor, arch, title_id
FROM software ORDER BY name, source, browser, version`)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
if err != nil {
return nil, err
}
return sw, nil
}
getTitles := func() ([]fleet.SoftwareTitle, error) {
var swt []fleet.SoftwareTitle
Add checksum hash unique column to software table. (#15598)
2023-12-12 22:51:58 +00:00
err := ds.writer(ctx).SelectContext(ctx, &swt, `SELECT id, name, source, browser FROM software_titles ORDER BY name, source, browser`)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
if err != nil {
return nil, err
}
return swt, nil
}
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
assertSoftware := func(t *testing.T, wantSoftware []fleet.Software) {
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
gotSoftware, err := getSoftware()
require.NoError(t, err)
require.Len(t, gotSoftware, len(wantSoftware))
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
byNSBV := map[string]fleet.Software{}
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
for _, s := range wantSoftware {
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
byNSBV[s.Name+s.Source+s.Browser+s.Version] = s
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
}
for _, r := range gotSoftware {
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
_, ok := byNSBV[r.Name+r.Source+r.Browser+r.Version]
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
require.True(t, ok)
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
assert.NotNil(t, r.TitleID)
swt, ok := expectedTitlesByNSB[r.Name+r.Source+r.Browser]
require.True(t, ok)
assert.Equal(t, swt.ID, *r.TitleID)
assert.Equal(t, swt.Name, r.Name)
assert.Equal(t, swt.Source, r.Source)
assert.Equal(t, swt.Browser, r.Browser)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
}
}
assertTitles := func(t *testing.T, gotTitles []fleet.SoftwareTitle, expectMissing []string) {
for _, r := range gotTitles {
if len(expectMissing) > 0 {
require.NotContains(t, expectMissing, r.Name)
}
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
e, ok := expectedTitlesByNSB[r.Name+r.Source+r.Browser]
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
require.True(t, ok)
require.Equal(t, e.ID, r.ID)
require.Equal(t, e.Name, r.Name)
require.Equal(t, e.Source, r.Source)
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Equal(t, e.Browser, r.Browser)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
}
}
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
swTitles, err := getTitles()
require.NoError(t, err)
for _, swt := range swTitles {
if _, ok := expectedTitlesByNSB[swt.Name+swt.Source+swt.Browser]; ok {
expectedTitlesByNSB[swt.Name+swt.Source+swt.Browser] = swt
}
}
assertSoftware(t, expectedSoftware)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
// reconcile software titles
require.NoError(t, ds.ReconcileSoftwareTitles(ctx))
swt, err := getTitles()
require.NoError(t, err)
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Len(t, swt, 4)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
require.Equal(t, swt[0].Name, "bar")
require.Equal(t, swt[0].Source, "deb_packages")
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Equal(t, swt[0].Browser, "")
expectedTitlesByNSB[swt[0].Name+swt[0].Source+swt[0].Browser] = swt[0]
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
require.Equal(t, swt[1].Name, "baz")
require.Equal(t, swt[1].Source, "deb_packages")
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Equal(t, swt[1].Browser, "")
expectedTitlesByNSB[swt[1].Name+swt[1].Source+swt[1].Browser] = swt[1]
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
require.Equal(t, swt[2].Name, "foo")
require.Equal(t, swt[2].Source, "chrome_extensions")
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Equal(t, swt[2].Browser, "")
expectedTitlesByNSB[swt[2].Name+swt[2].Source+swt[2].Browser] = swt[2]
require.Equal(t, swt[3].Name, "foo")
require.Equal(t, swt[3].Source, "chrome_extensions")
require.Equal(t, swt[3].Browser, "chrome")
expectedTitlesByNSB[swt[3].Name+swt[3].Source+swt[3].Browser] = swt[3]
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
// Double check software and titles
assertSoftware(t, expectedSoftware)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
// remove the bar software title from host 2
_, err = ds.UpdateHostSoftware(context.Background(), host2.ID, software2[:2])
require.NoError(t, err)
Optimizing MySQL master DB based on customer feedback (#19075) #18838 1. During software ingestion, switched to updating `last_updated_at` as a batch for 1 host. 2. Removed `DELETE FROM software` statement that ran for every host update (where software was deleted). This is only done now during the vulnerability job. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-23 19:45:50 +00:00
// SyncHostsSoftware will remove the above software item from the software table
require.NoError(t, ds.SyncHostsSoftware(context.Background(), time.Now()))
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
assertSoftware(t, []fleet.Software{expectedSoftware[0], expectedSoftware[1], expectedSoftware[2], expectedSoftware[4]})
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
// bar is no longer associated with any host so the title should be deleted
require.NoError(t, ds.ReconcileSoftwareTitles(context.Background()))
gotTitles, err := getTitles()
require.NoError(t, err)
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Len(t, gotTitles, 3)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
assertTitles(t, gotTitles, []string{"bar"})
// add bar to host 3
_, err = ds.UpdateHostSoftware(context.Background(), host3.ID, []fleet.Software{expectedSoftware[3], expectedSoftware[4]})
require.NoError(t, err)
require.NoError(t, ds.SyncHostsSoftware(context.Background(), time.Now()))
gotTitles, err = getTitles()
require.NoError(t, err)
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Len(t, gotTitles, 4)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
// bar was added back to software titles with a new ID
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Equal(t, "bar", gotTitles[0].Name)
require.Equal(t, "deb_packages", gotTitles[0].Source)
require.NotEqual(t, expectedTitlesByNSB[gotTitles[0].Name+gotTitles[0].Source], gotTitles[0].ID)
expectedTitlesByNSB[gotTitles[0].Name+gotTitles[0].Source] = gotTitles[0]
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
assertTitles(t, gotTitles, nil)
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
assertSoftware(t, expectedSoftware)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
// add a new version of foo to host 3
expectedSoftware = append(expectedSoftware, fleet.Software{Name: "foo", Version: "0.0.4", Source: "chrome_extensions"})
_, err = ds.UpdateHostSoftware(ctx, host3.ID, expectedSoftware[3:])
require.NoError(t, err)
gotTitles, err = getTitles()
require.NoError(t, err)
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Len(t, gotTitles, 4)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
assertTitles(t, gotTitles, nil)
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
assertSoftware(t, expectedSoftware)
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
// add a new source of foo to host 3
expectedSoftware = append(expectedSoftware, fleet.Software{Name: "foo", Version: "0.0.4", Source: "rpm_packages"})
_, err = ds.UpdateHostSoftware(ctx, host3.ID, expectedSoftware[3:])
require.NoError(t, err)
// new source of foo results in a new software title entry
gotTitles, err = getTitles()
require.NoError(t, err)
Update software titles cron to include browser field (#15491)
2023-12-07 23:43:37 +00:00
require.Len(t, gotTitles, 5)
require.Equal(t, "foo", gotTitles[4].Name)
require.Equal(t, "rpm_packages", gotTitles[4].Source)
require.Equal(t, "", gotTitles[4].Browser)
expectedTitlesByNSB[gotTitles[4].Name+gotTitles[4].Source+gotTitles[4].Browser] = gotTitles[4]
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
assertTitles(t, gotTitles, nil)
Display ingested software on host details page. (#19576) #19348 Fixed host details page and device details page not showing the latest software. - During software ingestion, software titles are now added if needed and software items have their title_id field populated. - In addition, after refreshing via UI, the software will be re-fetched if it has been modified. Added `exclude_software` query parameter to the `/api/latest/fleet/hosts/:id` endpoint to exclude software from the response. PR for API doc change: #19617 Related issue filed for the Device User Page: https://github.com/fleetdm/fleet/issues/19618 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-06-12 13:38:57 +00:00
assertSoftware(t, expectedSoftware)
Fix software title reconciliation (#24146) for #24131 This PR fixes an issue that can occur when reconciling entries in the `software` and `software_titles` tables. This can cause vulnerability-scanning cron jobs to exit early. The error is: ``` upsert software titles: Error 1869 (HY000): Auto-increment value in UPDATE conflicts with internally generated values ``` I haven't had any luck reproducing this locally; the relevant query seems to cover all the bases as far as ensuring there are no duplicates. I suspect it may be due to data in these instances that existed prior to the introduction of the `additional_identifier` column in `software_titles`. In any case, replacing the `id = id` no-op with a clause that updates non-auto-incrementing fields is the standard practice here (in fact it's done in other ON DUPLICATE KEY UPDATE queries in the same file). There are automated tests for `ReconcileSoftwareTitles`. I'd gladly add one to test this case if I could figure out how to reliably cause it, but if that involves altering the database to put in bad data, it's so far from the happy path that it's probably not worth it.
2024-12-03 19:29:18 +00:00
// Test duplicate key handling in `ReconcileSoftwareTitles`.
// Since the existing software_titles and software entries have different `source` values,
// the code will attempt to insert into `software_titles`, but the bundle_identifier + additional_identifier
// key (com.example.app1-0) will conflict.
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
_, err = q.ExecContext(ctx, `INSERT INTO software_titles (id, name, source, browser, bundle_identifier) VALUES (7, 'App1', 'some_source', 'Chrome', 'com.example.app1')`)
require.NoError(t, err)
_, err = q.ExecContext(ctx, `INSERT INTO software (name, source, browser, bundle_identifier) VALUES ('App1', 'some_other_source', 'Chrome', 'com.example.app1')`)
require.NoError(t, err)
require.NoError(t, ds.ReconcileSoftwareTitles(ctx))
return nil
})
Add cron for software titles feature (#15422)
2023-12-04 16:09:23 +00:00
}
Fix deadlock when deleting software during data ingestion (#15459) This fixes the deadlock reported in #14779. We found a deadlock in software ingestion during load tests performed in October: ``` 2023-10-26T17:20:41.719627Z 0 [Note] [MY-012468] [InnoDB] Transactions deadlock detected, dumping detailed information. (lock0lock.cc:6482) 2023-10-26T17:20:41.719661Z 0 [Note] [MY-012469] [InnoDB] *** (1) TRANSACTION: (lock0lock.cc:6496) TRANSACTION 3069866646, ACTIVE 0 sec starting index read mysql tables in use 2, locked 2 LOCK WAIT 8 lock struct(s), heap size 1136, 18 row lock(s), undo log entries 10 MySQL thread id 95, OS thread handle 70431326097136, query id 340045 10.12.3.105 fleet executing DELETE FROM software WHERE id IN (165, 79, 344, 47, 212, 21, 60, 127, 173, 145) AND NOT EXISTS ( SELECT 1 FROM host_software hsw WHERE hsw.software_id = software.id ) 2023-10-26T17:20:41.719700Z 0 [Note] [MY-012469] [InnoDB] *** (1) HOLDS THE LOCK(S): (lock0lock.cc:6496) RECORD LOCKS space id 932 page no 8 n bits 256 index PRIMARY of table `fleet`.`software` trx id 3069866646 lock_mode X locks rec but not gap Record lock, heap no 22 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 0000000000000015; asc ;; 1: len 6; hex 0000a74c4a7c; asc LJ|;; 2: len 7; hex 82000000d00264; asc d;; 3: len 26; hex 616e74692d76697275735f666f725f736f70686f735f686f6d65; asc anti-virus_for_sophos_home;; 4: len 5; hex 322e322e36; asc 2.2.6;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 48 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000002f; asc /;; 1: len 6; hex 0000a74c4aad; asc LJ ;; 2: len 7; hex 81000000e30220; asc ;; 3: len 10; hex 7265616c706c61796572; asc realplayer;; 4: len 11; hex 31322e302e312e31373338; asc 12.0.1.1738;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 61 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000003c; asc <;; 1: len 6; hex 0000a74c4afb; asc LJ ;; 2: len 7; hex 820000017501ba; asc u ;; 3: len 7; hex 636f6e6e656374; asc connect;; 4: len 5; hex 332e322e37; asc 3.2.7;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; Record lock, heap no 80 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000004f; asc O;; 1: len 6; hex 0000a74c4b32; asc LK2;; 2: len 7; hex 820000008a01cb; asc ;; 3: len 7; hex 68697063686174; asc hipchat;; 4: len 4; hex 342e3330; asc 4.30;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; 2023-10-26T17:20:41.720564Z 0 [Note] [MY-012469] [InnoDB] *** (1) WAITING FOR THIS LOCK TO BE GRANTED: (lock0lock.cc:6496) RECORD LOCKS space id 695 page no 5994 n bits 1000 index host_software_software_id_fk of table `fleet`.`host_software` trx id 3069866646 lock mode S waiting Record lock, heap no 31 PHYSICAL RECORD: n_fields 2; compact format; info bits 32 0: len 8; hex 000000000000004f; asc O;; 1: len 4; hex 0000000c; asc ;; 2023-10-26T17:20:41.720650Z 0 [Note] [MY-012469] [InnoDB] *** (2) TRANSACTION: (lock0lock.cc:6496) TRANSACTION 3069866680, ACTIVE 0 sec starting index read mysql tables in use 2, locked 2 LOCK WAIT 7 lock struct(s), heap size 1136, 12 row lock(s), undo log entries 8 MySQL thread id 98, OS thread handle 70375801900784, query id 340524 10.12.3.9 fleet executing DELETE FROM software WHERE id IN (49, 113, 183, 187, 223, 79, 81, 116) AND NOT EXISTS ( SELECT 1 FROM host_software hsw WHERE hsw.software_id = software.id ) 2023-10-26T17:20:41.720682Z 0 [Note] [MY-012469] [InnoDB] *** (2) HOLDS THE LOCK(S): (lock0lock.cc:6496) RECORD LOCKS space id 695 page no 5994 n bits 1000 index host_software_software_id_fk of table `fleet`.`host_software` trx id 3069866680 lock_mode X locks rec but not gap Record lock, heap no 31 PHYSICAL RECORD: n_fields 2; compact format; info bits 32 0: len 8; hex 000000000000004f; asc O;; 1: len 4; hex 0000000c; asc ;; 2023-10-26T17:20:41.720760Z 0 [Note] [MY-012469] [InnoDB] *** (2) WAITING FOR THIS LOCK TO BE GRANTED: (lock0lock.cc:6496) RECORD LOCKS space id 932 page no 8 n bits 256 index PRIMARY of table `fleet`.`software` trx id 3069866680 lock_mode X locks rec but not gap waiting Record lock, heap no 80 PHYSICAL RECORD: n_fields 11; compact format; info bits 0 0: len 8; hex 000000000000004f; asc O;; 1: len 6; hex 0000a74c4b32; asc LK2;; 2: len 7; hex 820000008a01cb; asc ;; 3: len 7; hex 68697063686174; asc hipchat;; 4: len 4; hex 342e3330; asc 4.30;; 5: len 4; hex 61707073; asc apps;; 6: len 0; hex ; asc ;; 7: len 0; hex ; asc ;; 8: len 0; hex ; asc ;; 9: len 0; hex ; asc ;; 10: len 0; hex ; asc ;; 2023-10-26T17:20:41.720984Z 0 [Note] [MY-012469] [InnoDB] *** WE ROLL BACK TRANSACTION (2) (lock0lock.cc:6496) ``` I was able to reproduce this issue on `main` with the added test. The solution is to remove the deletion (cleanup) of `software` to a separate transaction after the main transaction is done. - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [X] Added/updated tests - [X] Manual QA for all new/changed functionality
2023-12-07 12:34:53 +00:00
func testUpdateHostSoftwareDeadlock(t *testing.T, ds *Datastore) {
// To increase chance of deadlock increase these numbers.
// We are keeping them low to not cause CI issues ("too many connections" errors
// due to concurrent tests).
const (
hostCount = 10
updateCount = 10
)
ctx := context.Background()
var hosts []*fleet.Host
for i := 1; i <= hostCount; i++ {
h, err := ds.NewHost(ctx, &fleet.Host{
ID: uint(i),
OsqueryHostID: ptr.String(fmt.Sprintf("id-%d", i)),
NodeKey: ptr.String(fmt.Sprintf("key-%d", i)),
Platform: "linux",
Hostname: fmt.Sprintf("host-%d", i),
DetailUpdatedAt: time.Now(),
LabelUpdatedAt: time.Now(),
PolicyUpdatedAt: time.Now(),
SeenTime: time.Now(),
})
require.NoError(t, err)
hosts = append(hosts, h)
}
var g errgroup.Group
for _, h := range hosts {
hostID := h.ID
g.Go(func() error {
for i := 0; i < updateCount; i++ {
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "test", GenerateCPE: "cpe_foo"},
{Name: "bar", Version: "0.0.2", Source: "test", GenerateCPE: "cpe_bar"},
{Name: "baz", Version: "0.0.3", Source: "test", GenerateCPE: "cpe_baz"},
}
removeIdx := rand.Intn(len(software))
software = append(software[:removeIdx], software[removeIdx+1:]...)
if _, err := ds.UpdateHostSoftware(ctx, hostID, software); err != nil {
return err
}
time.Sleep(10 * time.Millisecond)
}
return nil
})
}
err := g.Wait()
require.NoError(t, err)
}
Merge branch 'main' into 15919-vulnerabilities-page
2024-02-21 18:42:21 +00:00
Add checksum hash unique column to software table. (#15598)
2023-12-12 22:51:58 +00:00
func testVerifySoftwareChecksum(t *testing.T, ds *Datastore) {
ctx := context.Background()
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
software := []fleet.Software{
{Name: "foo", Version: "0.0.1", Source: "test"},
{Name: "foo", Version: "0.0.1", Source: "test", Browser: "firefox"},
{Name: "foo", Version: "0.0.1", Source: "test", ExtensionID: "ext"},
{Name: "foo", Version: "0.0.2", Source: "test"},
}
_, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
checksums := make([]string, len(software))
for i, sw := range software {
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
checksum, err := sw.ComputeRawChecksum()
Optimizations to reduce MySQL writer DB load (#18880) #18838 and #18986 Optimized master DB accesses during host software ingestion. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 15:34:21 +00:00
require.NoError(t, err)
checksums[i] = hex.EncodeToString(checksum)
Add checksum hash unique column to software table. (#15598)
2023-12-12 22:51:58 +00:00
}
for i, cs := range checksums {
var got fleet.Software
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
return sqlx.GetContext(ctx, q, &got,
`SELECT name, version, source, bundle_identifier, `+"`release`"+`, arch, vendor, browser, extension_id FROM software WHERE checksum = UNHEX(?)`, cs)
})
require.Equal(t, software[i], got)
}
}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
func testListHostSoftware(t *testing.T, ds *Datastore) {
ctx := context.Background()
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
t.Cleanup(func() { ds.testActivateSpecificNextActivities = nil })
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, host, false)
otherHost := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now(), test.WithPlatform("linux"))
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
opts := fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 11, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
feat: VPP app installation flow (#20448) > Related issue: #19868 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-07-18 22:35:26 +00:00
user, err := ds.NewUser(ctx, &fleet.User{
Password: []byte("p4ssw0rd.123"),
Name: "user1",
Email: "user1@example.com",
GlobalRole: ptr.String(fleet.RoleAdmin),
})
require.NoError(t, err)
Delete apps associated with VPP tokens when they're moved or deleted (#21852) #21804
2024-09-06 13:14:09 +00:00
test.CreateInsertGlobalVPPToken(t, ds)
Add software installer details to get software title API response and add software install status filter to list hosts API (#18748)
2024-05-08 20:52:35 +00:00
expectStatus := func(s fleet.SoftwareInstallerStatus) *fleet.SoftwareInstallerStatus {
return &s
}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// no software yet
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
sw, meta, err := ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
require.Empty(t, sw)
require.Equal(t, &fleet.PaginationMetadata{}, meta)
// works with available software too
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.IncludeAvailableForInstall = true
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Empty(t, sw)
require.Equal(t, &fleet.PaginationMetadata{}, meta)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
// available for install only works too
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = true
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Empty(t, sw)
assert.Equal(t, &fleet.PaginationMetadata{}, meta)
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
// self-service only works too
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = false
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.SelfServiceOnly = true
opts.IncludeAvailableForInstall = true
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Empty(t, sw)
require.Equal(t, &fleet.PaginationMetadata{}, meta)
opts.IncludeAvailableForInstall = false
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
require.Empty(t, sw)
require.Equal(t, &fleet.PaginationMetadata{}, meta)
// add software to the host
software := []fleet.Software{
{Name: "a", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "a", Version: "0.0.2", Source: "deb_packages"}, // different source, so different title than a-chrome
{Name: "b", Version: "0.0.3", Source: "apps"},
{Name: "c", Version: "0.0.4", Source: "deb_packages"},
{Name: "c", Version: "0.0.5", Source: "deb_packages"},
{Name: "d", Version: "0.0.6", Source: "deb_packages"},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
{Name: "e", Version: "0.0.2", Source: "deb_packages"}, // not vulnerable version
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
byNSV := map[string]fleet.Software{}
for _, s := range software {
byNSV[s.Name+s.Source+s.Version] = s
}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
mutationResults, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
require.Len(t, mutationResults.Inserted, len(software))
for _, m := range mutationResults.Inserted {
s, ok := byNSV[m.Name+m.Source+m.Version]
require.True(t, ok)
require.Equal(t, m.Name, s.Name, "name")
require.Equal(t, m.Version, s.Version, "version")
require.Equal(t, m.Source, s.Source, "source")
require.Zero(t, s.ID) // not set in the map yet
require.NotZero(t, m.ID)
s.ID = m.ID
byNSV[s.Name+s.Source+s.Version] = s
}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, ds.LoadHostSoftware(ctx, host, false))
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
require.Equal(t, len(host.Software), len(software))
for _, hs := range host.Software {
s, ok := byNSV[hs.Name+hs.Source+hs.Version]
require.True(t, ok)
require.Equal(t, hs.Name, s.Name, "name")
require.Equal(t, hs.Version, s.Version, "version")
require.Equal(t, hs.Source, s.Source, "source")
require.Equal(t, hs.ID, s.ID)
}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// add other software to the other host, won't be returned
otherSoftware := []fleet.Software{
{Name: "a", Version: "0.0.7", Source: "chrome_extensions"},
{Name: "f", Version: "0.0.8", Source: "chrome_extensions"},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
{Name: "e", Version: "0.0.1", Source: "deb_packages"}, // vulnerable version
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
otherSoftwareByNSV := map[string]fleet.Software{}
for _, s := range otherSoftware {
otherSoftwareByNSV[s.Name+s.Source+s.Version] = s
}
otherMutationResults, err := ds.UpdateHostSoftware(ctx, otherHost.ID, otherSoftware)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
for _, m := range otherMutationResults.Inserted {
s, ok := otherSoftwareByNSV[m.Name+m.Source+m.Version]
require.True(t, ok)
s.ID = m.ID
otherSoftwareByNSV[s.Name+s.Source+s.Version] = s
}
require.NoError(t, ds.LoadHostSoftware(ctx, otherHost, false))
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
// shorthand keys for expected software
a1 := software[0].Name + software[0].Source + software[0].Version
a2 := software[1].Name + software[1].Source + software[1].Version
b := software[2].Name + software[2].Source + software[2].Version
c1 := software[3].Name + software[3].Source + software[3].Version
c2 := software[4].Name + software[4].Source + software[4].Version
d := software[5].Name + software[5].Source + software[5].Version
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
e2 := software[6].Name + software[6].Source + software[6].Version
// shorthand keys for other software
e1 := otherSoftware[2].Name + otherSoftware[2].Source + otherSoftware[2].Version
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// add some vulnerabilities and installed paths
vulns := []fleet.SoftwareVulnerability{
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
{SoftwareID: byNSV[a1].ID, CVE: "CVE-a-0001"},
{SoftwareID: byNSV[a1].ID, CVE: "CVE-a-0002"},
{SoftwareID: byNSV[a1].ID, CVE: "CVE-a-0003"},
{SoftwareID: byNSV[b].ID, CVE: "CVE-b-0001"},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
{SoftwareID: otherSoftwareByNSV[e1].ID, CVE: "CVE-e-0001"},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
for _, v := range vulns {
_, err = ds.InsertSoftwareVulnerability(ctx, v, fleet.NVDSource)
require.NoError(t, err)
}
swPaths := map[string]struct{}{}
installPaths := make([]string, 0, len(software))
for _, s := range software {
path := fmt.Sprintf("/some/path/%s", s.Name)
Added SHA256 hash from mac apps on install paths (#29280) https://github.com/fleetdm/fleet/issues/25545 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Make sure fleetd is compatible with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)). - [x] Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (`runtime.GOOS`). - [x] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).
2025-05-21 04:38:59 +00:00
key := fmt.Sprintf("%s%s%s%s%s%s%s", path, fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, "", fleet.SoftwareFieldSeparator, s.ToUniqueStr())
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
swPaths[key] = struct{}{}
installPaths = append(installPaths, path)
}
err = ds.UpdateHostSoftwareInstalledPaths(ctx, host.ID, swPaths, mutationResults)
require.NoError(t, err)
err = ds.ReconcileSoftwareTitles(ctx)
require.NoError(t, err)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
expected := map[string]fleet.HostSoftwareWithInstaller{
byNSV[a1].Name + byNSV[a1].Source: {Name: byNSV[a1].Name, Source: byNSV[a1].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[a1].Version, Vulnerabilities: []string{vulns[0].CVE, vulns[1].CVE, vulns[2].CVE}, InstalledPaths: []string{installPaths[0]}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}},
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
// a1 and a2 are different software titles because they have different sources
byNSV[a2].Name + byNSV[a2].Source: {Name: byNSV[a2].Name, Source: byNSV[a2].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[a2].Version, InstalledPaths: []string{installPaths[1]}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}},
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
byNSV[b].Name + byNSV[b].Source: {Name: byNSV[b].Name, Source: byNSV[b].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[b].Version, Vulnerabilities: []string{vulns[3].CVE}, InstalledPaths: []string{installPaths[2]}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}},
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
// c1 and c2 are the same software title because they have the same name and source
byNSV[c1].Name + byNSV[c1].Source: {Name: byNSV[c1].Name, Source: byNSV[c1].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[c1].Version, InstalledPaths: []string{installPaths[3]}},
{Version: byNSV[c2].Version, InstalledPaths: []string{installPaths[4]}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}},
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
byNSV[d].Name + byNSV[d].Source: {Name: byNSV[d].Name, Source: byNSV[d].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[d].Version, InstalledPaths: []string{installPaths[5]}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
byNSV[e2].Name + byNSV[e2].Source: {Name: byNSV[e2].Name, Source: byNSV[e2].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[e2].Version, InstalledPaths: []string{installPaths[6]}},
}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
compareResults := func(expected map[string]fleet.HostSoftwareWithInstaller, got []*fleet.HostSoftwareWithInstaller, expectAsc bool, expectOmitted ...string) {
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
gotToString := func() string {
var builder strings.Builder
builder.WriteString("Got:\n")
for _, g := range got {
builder.WriteString(fmt.Sprintf("%+v\n", g))
}
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
builder.WriteString("Expected:\n")
for _, e := range expected {
builder.WriteString(fmt.Sprintf("%+v\n", e))
}
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
return builder.String()
}
require.Len(t, got, len(expected)-len(expectOmitted), gotToString())
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
prev := ""
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
for _, g := range got {
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
for _, omit := range expectOmitted {
if g.Name+g.Source == omit {
t.Errorf("Did not expect %s in results", omit)
continue
}
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
e, ok := expected[g.Name+g.Source]
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
require.True(t, ok, "unexpected software %s%s", g.Name, g.Source)
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
t.Log("Validating ", g.Name, g.Source)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
require.Equal(t, e.Name, g.Name)
require.Equal(t, e.Source, g.Source)
fix: move last install data into apps and packages (#20664) > Related issue: #20662 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-24 17:39:23 +00:00
if e.SoftwarePackage != nil {
require.Equal(t, e.SoftwarePackage.SelfService, g.SoftwarePackage.SelfService)
require.Equal(t, e.SoftwarePackage.IconURL, g.SoftwarePackage.IconURL)
require.Equal(t, e.SoftwarePackage.AppStoreID, g.SoftwarePackage.AppStoreID)
require.Equal(t, e.SoftwarePackage.Name, g.SoftwarePackage.Name)
require.Equal(t, e.SoftwarePackage.Version, g.SoftwarePackage.Version)
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
if e.SoftwarePackage.LastInstall == nil {
require.Nil(t, g.SoftwarePackage.LastInstall)
} else {
require.NotNil(t, g.SoftwarePackage.LastInstall)
fix: move last install data into apps and packages (#20664) > Related issue: #20662 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-24 17:39:23 +00:00
require.Equal(t, e.SoftwarePackage.LastInstall.CommandUUID, g.SoftwarePackage.LastInstall.CommandUUID)
require.Equal(t, e.SoftwarePackage.LastInstall.InstallUUID, g.SoftwarePackage.LastInstall.InstallUUID)
require.NotNil(t, g.SoftwarePackage.LastInstall.InstalledAt)
}
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
if e.SoftwarePackage.LastUninstall == nil {
require.Nil(t, g.SoftwarePackage.LastUninstall)
} else {
require.NotNil(t, g.SoftwarePackage.LastUninstall)
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
assert.Equal(t, e.SoftwarePackage.LastUninstall.ExecutionID, g.SoftwarePackage.LastUninstall.ExecutionID)
assert.NotNil(t, g.SoftwarePackage.LastUninstall.UninstalledAt)
}
fix: move last install data into apps and packages (#20664) > Related issue: #20662 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-24 17:39:23 +00:00
}
if e.AppStoreApp != nil {
require.Equal(t, e.AppStoreApp.SelfService, g.AppStoreApp.SelfService)
require.Equal(t, e.AppStoreApp.IconURL, g.AppStoreApp.IconURL)
require.Equal(t, e.AppStoreApp.AppStoreID, g.AppStoreApp.AppStoreID)
require.Equal(t, e.AppStoreApp.Name, g.AppStoreApp.Name)
require.Equal(t, e.AppStoreApp.Version, g.AppStoreApp.Version)
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
require.Equal(t, e.AppStoreApp.Platform, g.AppStoreApp.Platform)
fix: move last install data into apps and packages (#20664) > Related issue: #20662 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-24 17:39:23 +00:00
if e.AppStoreApp.LastInstall != nil {
require.Equal(t, e.AppStoreApp.LastInstall.InstallUUID, g.AppStoreApp.LastInstall.InstallUUID)
require.Equal(t, e.AppStoreApp.LastInstall.CommandUUID, g.AppStoreApp.LastInstall.CommandUUID)
require.NotNil(t, g.AppStoreApp.LastInstall.InstalledAt)
}
}
// require.Equal(t, e.SoftwarePackage, g.SoftwarePackage)
// require.Equal(t, e.AppStoreApp, g.AppStoreApp)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
require.Len(t, g.InstalledVersions, len(e.InstalledVersions))
if len(e.InstalledVersions) > 0 {
byVers := make(map[string]fleet.HostSoftwareInstalledVersion, len(e.InstalledVersions))
for _, v := range e.InstalledVersions {
byVers[v.Version] = *v
}
for _, v := range g.InstalledVersions {
ev, ok := byVers[v.Version]
require.True(t, ok)
require.Equal(t, ev.Version, v.Version)
require.ElementsMatch(t, ev.InstalledPaths, v.InstalledPaths)
require.ElementsMatch(t, ev.Vulnerabilities, v.Vulnerabilities)
}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
if prev != "" {
if expectAsc {
require.Greater(t, g.Name+g.Source, prev)
} else {
require.Less(t, g.Name+g.Source, prev)
}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
prev = g.Name + g.Source
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
}
// it now returns the software with vulnerabilities and installed paths
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.SelfServiceOnly = false
opts.IncludeAvailableForInstall = false
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 6}, meta)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
compareResults(expected, sw, true)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
fix: filter by vulnerable software (#20241) > Related issue: #20050 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
2024-07-09 14:02:49 +00:00
opts.VulnerableOnly = true
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 2}, meta)
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
compareResults(expected, sw, true, byNSV[a2].Name+byNSV[a2].Source, byNSV[c1].Name+byNSV[c1].Source, byNSV[d].Name+byNSV[d].Source, byNSV[e2].Name+byNSV[e2].Source)
fix: filter by vulnerable software (#20241) > Related issue: #20050 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
2024-07-09 14:02:49 +00:00
opts.VulnerableOnly = false
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
// No software that is available for install
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = true
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Empty(t, sw)
assert.Equal(t, &fleet.PaginationMetadata{}, meta)
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = false
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// create some Fleet installers and map them to a software title,
// including one for a team
tm, err := ds.NewTeam(ctx, &fleet.Team{Name: "team1"})
require.NoError(t, err)
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
const numberOfSoftwareInstallers = 8
var swi1Pending, swi2Installed, swi3Failed, swi4Available, swi5Tm, swi6PendingUninstall, swi7FailedUninstall, swi8Uninstalled uint
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
var hostSwi1InstallUUID, hostSwi2InstallUUID, hostSwi3InstallUUID, hostSwi6InstallUUID, hostSwi6UninstallUUID, hostSwi7UninstallUUID, hostSwi8InstallUUID, hostSwi8UninstallUUID,
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
otherHostI1UUID, otherHostI2UUID string
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
// keep title id of software B, will use it to associate an installer with it
var swbTitleID uint
err := sqlx.GetContext(ctx, q, &swbTitleID, `SELECT id FROM software_titles WHERE name = 'b' AND source = 'apps'`)
if err != nil {
return err
}
// create the install script content (same for all installers, doesn't matter)
installScript := `echo 'foo'`
res, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`, installScript, installScript)
if err != nil {
return err
}
scriptContentID, _ := res.LastInsertId()
Fixed tests
2024-09-06 14:49:07 +00:00
// create the uninstall script content (same for all installers, doesn't matter)
uninstallScript := `echo 'bar'`
resUninstall, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`,
uninstallScript, uninstallScript)
if err != nil {
return err
}
uninstallScriptContentID, _ := resUninstall.LastInsertId()
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// create software titles for all but swi1Pending (will be linked to
// existing software title b)
var titleIDs []uint
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
for i := 0; i < numberOfSoftwareInstallers-1; i++ {
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
res, err := q.ExecContext(ctx, `INSERT INTO software_titles (name, source) VALUES (?, 'apps')`, fmt.Sprintf("i%d", i))
if err != nil {
return err
}
id, _ := res.LastInsertId()
titleIDs = append(titleIDs, uint(id))
}
var swiIDs []uint
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
for i := 0; i < numberOfSoftwareInstallers; i++ {
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
var (
titleID uint
teamID *uint
globalOrTeamID uint
)
if i == 0 {
titleID = swbTitleID
} else {
titleID = titleIDs[i-1]
}
if i == 4 {
teamID = &tm.ID
globalOrTeamID = tm.ID
}
res, err := q.ExecContext(ctx, `
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
INSERT INTO software_installers
Add software installer extension column to database (#22017) #22044 This is distinct from the filename extension due to being based on package introspection. # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-09-12 21:22:35 +00:00
(team_id, global_or_team_id, title_id, filename, extension, version, install_script_content_id, uninstall_script_content_id, storage_id, platform, self_service)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
VALUES
Add software installer extension column to database (#22017) #22044 This is distinct from the filename extension due to being based on package introspection. # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-09-12 21:22:35 +00:00
(?, ?, ?, ?, ?, ?, ?, ?, unhex(?), ?, ?)`,
teamID, globalOrTeamID, titleID, fmt.Sprintf("installer-%d.pkg", i), "pkg", fmt.Sprintf("v%d.0.0", i), scriptContentID,
Fixed tests
2024-09-06 14:49:07 +00:00
uninstallScriptContentID,
hex.EncodeToString([]byte("test")), "darwin", i < 2)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
if err != nil {
return err
}
id, _ := res.LastInsertId()
swiIDs = append(swiIDs, uint(id))
}
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
// sw1Pending and swi2Installed are self-service installers
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
swi1Pending, swi2Installed, swi3Failed, swi4Available, swi5Tm,
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
swi6PendingUninstall, swi7FailedUninstall, swi8Uninstalled = swiIDs[0], swiIDs[1], swiIDs[2], swiIDs[3], swiIDs[4], swiIDs[5], swiIDs[6], swiIDs[7]
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
// create the requests/results for the host
ds.testActivateSpecificNextActivities = []string{"-"}
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// swi1 is pending (all results are NULL)
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
hostSwi1InstallUUID, err = ds.InsertSoftwareInstallRequest(ctx, host.ID, swi1Pending, fleet.HostSoftwareInstallOptions{})
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
if err != nil {
return err
}
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
// swi2 is installed successfully
hostSwi2InstallUUID, err = ds.InsertSoftwareInstallRequest(ctx, host.ID, swi2Installed, fleet.HostSoftwareInstallOptions{})
if err != nil {
return err
}
ds.testActivateSpecificNextActivities = []string{hostSwi2InstallUUID}
activated, err := ds.activateNextUpcomingActivity(ctx, q, host.ID, "")
if err != nil {
return err
}
require.Equal(t, ds.testActivateSpecificNextActivities, activated)
ds.testActivateSpecificNextActivities = []string{"-"}
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
HostID: host.ID,
InstallUUID: hostSwi2InstallUUID,
PreInstallConditionOutput: ptr.String("ok"),
InstallScriptExitCode: ptr.Int(0),
PostInstallScriptExitCode: ptr.Int(0),
})
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
if err != nil {
return err
}
// swi3 is failed, also add an install request on the other host
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
hostSwi3InstallUUID, err = ds.InsertSoftwareInstallRequest(ctx, host.ID, swi3Failed, fleet.HostSoftwareInstallOptions{})
if err != nil {
return err
}
ds.testActivateSpecificNextActivities = []string{hostSwi3InstallUUID}
activated, err = ds.activateNextUpcomingActivity(ctx, q, host.ID, "")
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
if err != nil {
return err
}
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
require.Equal(t, ds.testActivateSpecificNextActivities, activated)
ds.testActivateSpecificNextActivities = []string{"-"}
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
HostID: host.ID,
InstallUUID: hostSwi3InstallUUID,
PreInstallConditionOutput: ptr.String("ok"),
InstallScriptExitCode: ptr.Int(1),
})
if err != nil {
return err
}
otherHostI1UUID, err = ds.InsertSoftwareInstallRequest(ctx, otherHost.ID, swi3Failed, fleet.HostSoftwareInstallOptions{})
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
if err != nil {
return err
}
// swi4 is available (no install request), but add a pending request on the other host
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
otherHostI2UUID, err = ds.InsertSoftwareInstallRequest(ctx, otherHost.ID, swi4Available, fleet.HostSoftwareInstallOptions{})
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
if err != nil {
return err
}
// swi5 is for another team
_ = swi5Tm
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
// swi6 has been installed, and is pending uninstall
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
hostSwi6InstallUUID, err = ds.InsertSoftwareInstallRequest(ctx, host.ID, swi6PendingUninstall, fleet.HostSoftwareInstallOptions{})
if err != nil {
return err
}
ds.testActivateSpecificNextActivities = []string{hostSwi6InstallUUID}
activated, err = ds.activateNextUpcomingActivity(ctx, q, host.ID, "")
if err != nil {
return err
}
require.Equal(t, ds.testActivateSpecificNextActivities, activated)
ds.testActivateSpecificNextActivities = []string{"-"}
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
HostID: host.ID,
InstallUUID: hostSwi6InstallUUID,
PreInstallConditionOutput: ptr.String("ok"),
InstallScriptExitCode: ptr.Int(0),
PostInstallScriptExitCode: ptr.Int(0),
})
if err != nil {
return err
}
hostSwi6UninstallUUID = uuid.NewString()
Propagate self-service flag on uninstalls through to activity (#29691) Fixes part of unreleased for #28846. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality
2025-06-03 15:09:43 +00:00
err = ds.InsertSoftwareUninstallRequest(ctx, hostSwi6UninstallUUID, host.ID, swi6PendingUninstall, false)
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
if err != nil {
return err
}
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
// swi7 is failed uninstall
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
hostSwi7UninstallUUID = uuid.NewString()
Propagate self-service flag on uninstalls through to activity (#29691) Fixes part of unreleased for #28846. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality
2025-06-03 15:09:43 +00:00
err = ds.InsertSoftwareUninstallRequest(ctx, hostSwi7UninstallUUID, host.ID, swi7FailedUninstall, true)
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
if err != nil {
return err
}
ds.testActivateSpecificNextActivities = []string{hostSwi7UninstallUUID}
activated, err = ds.activateNextUpcomingActivity(ctx, q, host.ID, "")
if err != nil {
return err
}
require.Equal(t, ds.testActivateSpecificNextActivities, activated)
ds.testActivateSpecificNextActivities = []string{"-"}
_, _, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
HostID: host.ID,
ExecutionID: hostSwi7UninstallUUID,
ExitCode: 1,
})
if err != nil {
return err
}
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
// swi8 is successfully installed
hostSwi8InstallUUID, err = ds.InsertSoftwareInstallRequest(ctx, host.ID, swi8Uninstalled, fleet.HostSoftwareInstallOptions{})
if err != nil {
return err
}
ds.testActivateSpecificNextActivities = []string{hostSwi8InstallUUID}
activated, err = ds.activateNextUpcomingActivity(ctx, q, host.ID, "")
if err != nil {
return err
}
require.Equal(t, ds.testActivateSpecificNextActivities, activated)
ds.testActivateSpecificNextActivities = []string{"-"}
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
HostID: host.ID,
InstallUUID: hostSwi8InstallUUID,
PreInstallConditionOutput: ptr.String("ok"),
InstallScriptExitCode: ptr.Int(0),
PostInstallScriptExitCode: ptr.Int(0),
})
if err != nil {
return err
}
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
// swi8 is successful uninstall
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
hostSwi8UninstallUUID = uuid.NewString()
Propagate self-service flag on uninstalls through to activity (#29691) Fixes part of unreleased for #28846. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality
2025-06-03 15:09:43 +00:00
err = ds.InsertSoftwareUninstallRequest(ctx, hostSwi8UninstallUUID, host.ID, swi8Uninstalled, true)
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
if err != nil {
return err
}
ds.testActivateSpecificNextActivities = []string{hostSwi8UninstallUUID}
activated, err = ds.activateNextUpcomingActivity(ctx, q, host.ID, "")
if err != nil {
return err
}
require.Equal(t, ds.testActivateSpecificNextActivities, activated)
ds.testActivateSpecificNextActivities = []string{"-"}
_, _, err = ds.SetHostScriptExecutionResult(ctx, &fleet.HostScriptResultPayload{
HostID: host.ID,
ExecutionID: hostSwi8UninstallUUID,
ExitCode: 0,
})
if err != nil {
return err
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
return nil
})
// swi1Pending uses software title id of "b"
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
expected[byNSV[b].Name+byNSV[b].Source] = fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "b",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallPending),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-0.pkg", Version: "v0.0.0", Platform: "darwin", SelfService: ptr.Bool(true), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: hostSwi1InstallUUID}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
{Version: byNSV[b].Version, Vulnerabilities: []string{vulns[3].CVE}, InstalledPaths: []string{installPaths[2]}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
i0 := fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "i0",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstalled),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-1.pkg", Version: "v1.0.0", Platform: "darwin", SelfService: ptr.Bool(true), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: hostSwi2InstallUUID}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
expected[i0.Name+i0.Source] = i0
i1 := fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "i1",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallFailed),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-2.pkg", Version: "v2.0.0", Platform: "darwin", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: hostSwi3InstallUUID}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
expected[i1.Name+i1.Source] = i1
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
// request without available software
opts.IncludeAvailableForInstall = false
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected))}, meta)
compareResults(expected, sw, true)
// request with available software
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
i4 := fleet.HostSoftwareWithInstaller{
Name: "i4",
Source: "apps",
Status: expectStatus(fleet.SoftwareUninstallPending),
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
Name: "installer-5.pkg", Version: "v5.0.0", Platform: "darwin", SelfService: ptr.Bool(false),
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
LastInstall: &fleet.HostSoftwareInstall{InstallUUID: hostSwi6InstallUUID},
LastUninstall: &fleet.HostSoftwareUninstall{ExecutionID: hostSwi6UninstallUUID},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
},
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
}
expected[i4.Name+i4.Source] = i4
i5 := fleet.HostSoftwareWithInstaller{
Name: "i5",
Source: "apps",
Status: expectStatus(fleet.SoftwareUninstallFailed),
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
Name: "installer-6.pkg", Version: "v6.0.0", Platform: "darwin", SelfService: ptr.Bool(false),
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
LastUninstall: &fleet.HostSoftwareUninstall{ExecutionID: hostSwi7UninstallUUID},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
},
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
}
expected[i5.Name+i5.Source] = i5
i6 := fleet.HostSoftwareWithInstaller{
Name: "i6",
Source: "apps",
Status: nil,
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
Name: "installer-7.pkg", Version: "v7.0.0", Platform: "darwin", SelfService: ptr.Bool(false),
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
LastInstall: &fleet.HostSoftwareInstall{InstallUUID: hostSwi8InstallUUID},
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
LastUninstall: &fleet.HostSoftwareUninstall{ExecutionID: hostSwi8UninstallUUID},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
},
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
}
expected[i6.Name+i6.Source] = i6
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
i2 := fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "i2",
Source: "apps",
Status: nil,
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-3.pkg", Version: "v3.0.0", Platform: "darwin", SelfService: ptr.Bool(false)},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
expected[i2.Name+i2.Source] = i2
i3 := fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "i3",
Source: "apps",
Status: nil,
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-4.pkg", Version: "v4.0.0", Platform: "darwin", SelfService: ptr.Bool(false)},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
expected[i3.Name+i3.Source] = i3
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.IncludeAvailableForInstall = true
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
opts.ListOptions.PerPage = 20
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 1}, meta)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
compareResults(expected, sw, true, i3.Name+i3.Source)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
// request with available software only (attempted to install and never attempted to install)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
expectedAvailableOnly := map[string]fleet.HostSoftwareWithInstaller{}
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
expectedAvailableOnly[byNSV[b].Name+byNSV[b].Source] = expected[byNSV[b].Name+byNSV[b].Source]
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
// Although this is already installed, we ignore the status on the host because we can "reinstall" it
// if there is a compatible software package available for the host
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
expectedAvailableOnly[i0.Name+i0.Source] = i0
expectedAvailableOnly[i1.Name+i1.Source] = i1
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
expectedAvailableOnly[i2.Name+i2.Source] = i2
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
expectedAvailableOnly[i4.Name+i4.Source] = i4
expectedAvailableOnly[i5.Name+i5.Source] = i5
expectedAvailableOnly[i6.Name+i6.Source] = i6
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = true
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
assert.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expectedAvailableOnly))}, meta)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
compareResults(expectedAvailableOnly, sw, true)
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = false
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
Create and return upcoming/past host activities for software installs (#18772)
2024-05-07 15:28:16 +00:00
// request in descending order
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.ListOptions.OrderDirection = fleet.OrderDescending
opts.ListOptions.TestSecondaryOrderDirection = fleet.OrderDescending
opts.IncludeAvailableForInstall = false
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
Create and return upcoming/past host activities for software installs (#18772)
2024-05-07 15:28:16 +00:00
require.NoError(t, err)
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 5}, meta)
compareResults(expected, sw, false, i2.Name+i2.Source, i3.Name+i3.Source, i4.Name+i4.Source, i5.Name+i5.Source, i6.Name+i6.Source)
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.ListOptions.OrderDirection = fleet.OrderAscending
opts.ListOptions.TestSecondaryOrderDirection = fleet.OrderAscending
Create and return upcoming/past host activities for software installs (#18772)
2024-05-07 15:28:16 +00:00
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
// record a new install request for i1 (swi3), this time as pending, and mark install request for b (swi1) as failed
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
time.Sleep(time.Second) // ensure the timestamp is later
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
ds.testActivateSpecificNextActivities = []string{hostSwi1InstallUUID}
activated, err := ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), host.ID, "")
require.NoError(t, err)
require.Equal(t, ds.testActivateSpecificNextActivities, activated)
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
HostID: host.ID,
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
InstallUUID: hostSwi1InstallUUID,
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
InstallScriptExitCode: ptr.Int(2),
})
require.NoError(t, err)
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
ds.testActivateSpecificNextActivities = []string{"-"}
// swi3 has a new install request pending
hostSwi3PendingInstallUUID, err := ds.InsertSoftwareInstallRequest(ctx, host.ID, swi3Failed, fleet.HostSoftwareInstallOptions{})
require.NoError(t, err)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
expected[byNSV[b].Name+byNSV[b].Source] = fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "b",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallFailed),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-0.pkg", Version: "v0.0.0", Platform: "darwin", SelfService: ptr.Bool(true), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: hostSwi1InstallUUID}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
{Version: byNSV[b].Version, Vulnerabilities: []string{vulns[3].CVE}, InstalledPaths: []string{installPaths[2]}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
}
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
expected[i1.Name+i1.Source] = fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "i1",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallPending),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-2.pkg", Version: "v2.0.0", Platform: "darwin", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: hostSwi3PendingInstallUUID}},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
expectedAvailableOnly[byNSV[b].Name+byNSV[b].Source] = expected[byNSV[b].Name+byNSV[b].Source]
expectedAvailableOnly[i1.Name+i1.Source] = expected[i1.Name+i1.Source]
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Create and return upcoming/past host activities for software installs (#18772)
2024-05-07 15:28:16 +00:00
// request without available software
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.IncludeAvailableForInstall = false
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 5}, meta)
compareResults(expected, sw, true, i2.Name+i2.Source, i3.Name+i3.Source, i4.Name+i4.Source, i5.Name+i5.Source, i6.Name+i6.Source)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
// request with available software
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.IncludeAvailableForInstall = true
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 1}, meta)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
compareResults(expected, sw, true, i3.Name+i3.Source)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// create a new host in the team, with no software
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
tmHost := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, tmHost, false)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
err = ds.AddHostsToTeam(ctx, &tm.ID, []uint{tmHost.ID})
require.NoError(t, err)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
tmHost.TeamID = &tm.ID
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// no installed software for this host
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.IncludeAvailableForInstall = false
sw, meta, err = ds.ListHostSoftware(ctx, tmHost, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
require.Empty(t, sw)
require.Equal(t, &fleet.PaginationMetadata{}, meta)
// sees the available installer in its team
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.IncludeAvailableForInstall = true
sw, meta, err = ds.ListHostSoftware(ctx, tmHost, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
add counts to host software endpoints (#18995) part of #18677 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-05-15 12:55:27 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 1}, meta)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
compareResults(map[string]fleet.HostSoftwareWithInstaller{
i3.Name + i3.Source: expected[i3.Name+i3.Source],
}, sw, true)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// test with a search query (searches on name), with and without available software
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.ListOptions.MatchQuery = "a"
opts.IncludeAvailableForInstall = false
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
compareResults(map[string]fleet.HostSoftwareWithInstaller{
byNSV[a1].Name + byNSV[a1].Source: expected[byNSV[a1].Name+byNSV[a1].Source],
byNSV[a2].Name + byNSV[a2].Source: expected[byNSV[a2].Name+byNSV[a2].Source],
}, sw, true)
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.IncludeAvailableForInstall = true
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
Update list host software to omit software installers for other platforms (#19088)
2024-05-16 22:09:41 +00:00
compareResults(map[string]fleet.HostSoftwareWithInstaller{
byNSV[a1].Name + byNSV[a1].Source: expected[byNSV[a1].Name+byNSV[a1].Source],
byNSV[a2].Name + byNSV[a2].Source: expected[byNSV[a2].Name+byNSV[a2].Source],
}, sw, true)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.ListOptions.MatchQuery = "zz"
opts.IncludeAvailableForInstall = false
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
require.Empty(t, sw)
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts.IncludeAvailableForInstall = true
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
require.Empty(t, sw)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
// add VPP apps, one for both no team and team, and two for no-team only.
Added VPP support for iOS/iPadOS (#20837) #19447 iOS and iPadOS apps can be installed using Apple's VPP (Volume Purchase Program) VPP apps are now using a composite primary key (Adam ID and platform) because we want to keep iOS/iPadOS/macOS separate. It is possible for one app to be installable on all Apple platforms. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-07-30 20:43:51 +00:00
va1, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}, nil)
fix: remove temporary functions in tests (#20615) > Related issue: #20229 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-19 21:10:03 +00:00
require.NoError(t, err)
Added VPP support for iOS/iPadOS (#20837) #19447 iOS and iPadOS apps can be installed using Apple's VPP (Volume Purchase Program) VPP apps are now using a composite primary key (Adam ID and platform) because we want to keep iOS/iPadOS/macOS separate. It is possible for one app to be installable on all Apple platforms. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-07-30 20:43:51 +00:00
_, err = ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.IOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}, nil)
Added VPP support for iOS/iPadOS (#20837) #19447 iOS and iPadOS apps can be installed using Apple's VPP (Volume Purchase Program) VPP apps are now using a composite primary key (Adam ID and platform) because we want to keep iOS/iPadOS/macOS separate. It is possible for one app to be installable on all Apple platforms. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-07-30 20:43:51 +00:00
require.NoError(t, err)
_, err = ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}, &tm.ID)
fix: remove temporary functions in tests (#20615) > Related issue: #20229 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-19 21:10:03 +00:00
require.NoError(t, err)
vpp1 := va1.AdamID
Added VPP support for iOS/iPadOS (#20837) #19447 iOS and iPadOS apps can be installed using Apple's VPP (Volume Purchase Program) VPP apps are now using a composite primary key (Adam ID and platform) because we want to keep iOS/iPadOS/macOS separate. It is possible for one app to be installable on all Apple platforms. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-07-30 20:43:51 +00:00
va2, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_2", Platform: fleet.MacOSPlatform}}, Name: "vpp2",
BundleIdentifier: "com.app.vpp2",
}, nil)
fix: remove temporary functions in tests (#20615) > Related issue: #20229 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-19 21:10:03 +00:00
require.NoError(t, err)
Bugfix: take VPP apps into account in "self-service" filter and My Device page (#21473)
2024-08-21 20:40:01 +00:00
// create vpp3 app that allows self-service
Added VPP support for iOS/iPadOS (#20837) #19447 iOS and iPadOS apps can be installed using Apple's VPP (Volume Purchase Program) VPP apps are now using a composite primary key (Adam ID and platform) because we want to keep iOS/iPadOS/macOS separate. It is possible for one app to be installable on all Apple platforms. # Checklist for submitter - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-07-30 20:43:51 +00:00
va3, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_3", Platform: fleet.MacOSPlatform}, SelfService: true}, Name: "vpp3",
BundleIdentifier: "com.app.vpp3",
}, nil)
fix: remove temporary functions in tests (#20615) > Related issue: #20229 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-19 21:10:03 +00:00
require.NoError(t, err)
vpp2, vpp3 := va2.AdamID, va3.AdamID
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
// create an installation request for vpp1 and vpp2, leaving vpp3 as
// available only
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, host, vpp1, user)
vpp2CmdUUID := createVPPAppInstallRequest(t, ds, host, vpp2, user)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
// make vpp1 install a success, while vpp2 has its initial request as failed
// and a subsequent request as pending.
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
ds.testActivateSpecificNextActivities = []string{vpp1CmdUUID, vpp2CmdUUID}
activated, err = ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), host.ID, "")
require.NoError(t, err)
require.Equal(t, ds.testActivateSpecificNextActivities, activated)
ds.testActivateSpecificNextActivities = []string{"-"}
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
createVPPAppInstallResult(t, ds, host, vpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
createVPPAppInstallResult(t, ds, host, vpp2CmdUUID, fleet.MDMAppleStatusError)
time.Sleep(time.Second) // ensure a different created_at timestamp
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
vpp2bCmdUUID := createVPPAppInstallRequest(t, ds, host, vpp2, user)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
require.NotEmpty(t, vpp2bCmdUUID)
// add an install request for the team host on vpp1, should not impact
// main host
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
vpp1TmCmdUUID := createVPPAppInstallRequest(t, ds, tmHost, vpp1, user)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
require.NotEmpty(t, vpp1TmCmdUUID)
expected["vpp1apps"] = fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "vpp1",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstalled),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp1, Platform: "darwin", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp1CmdUUID}},
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
}
expected["vpp2apps"] = fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "vpp2",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallPending),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp2, Platform: "darwin", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp2bCmdUUID}},
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
}
opts.IncludeAvailableForInstall = false
opts.ListOptions.MatchQuery = ""
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 5}, meta)
compareResults(expected, sw, true, i3.Name+i3.Source, i2.Name+i2.Source, i4.Name+i4.Source, i5.Name+i5.Source, i6.Name+i6.Source) // i3 is for team, i2 is available (excluded)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
expected["vpp3apps"] = fleet.HostSoftwareWithInstaller{
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "vpp3",
Source: "apps",
Status: nil,
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp3, Platform: "darwin", SelfService: ptr.Bool(true)},
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
}
Add clause to exclude VPP apps from host software list (#23207)
2024-10-28 19:48:54 +00:00
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
expectedAvailableOnly["vpp1apps"] = expected["vpp1apps"]
expectedAvailableOnly["vpp2apps"] = expected["vpp2apps"]
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
expectedAvailableOnly["vpp3apps"] = expected["vpp3apps"]
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
opts.IncludeAvailableForInstall = true
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
opts.IsMDMEnrolled = true
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
opts.ListOptions.PerPage = 20
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 1}, meta)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
compareResults(expected, sw, true, i3.Name+i3.Source) // i3 is for team
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
// Host is not MDM enrolled - we should not get "vpp3papps" because we can't install it.
opts.IsMDMEnrolled = false
Add clause to exclude VPP apps from host software list (#23207)
2024-10-28 19:48:54 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected)) - 2}, meta)
compareResults(expected, sw, true, "vpp3apps", i3.Name+i3.Source) // i3 is for team
Add clause to exclude VPP apps from host software list (#23207)
2024-10-28 19:48:54 +00:00
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
// Available for install only
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = true
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
opts.IsMDMEnrolled = true
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
assert.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expectedAvailableOnly))}, meta)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
compareResults(expectedAvailableOnly, sw, true)
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
// Available for install only with host not MDM enrolled
// We should only exclude "vpp3apps", because it was not installed previously and we can't
// install it without MDM
opts.IsMDMEnrolled = false
Add clause to exclude VPP apps from host software list (#23207)
2024-10-28 19:48:54 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expectedAvailableOnly) - 1)}, meta)
compareResults(expectedAvailableOnly, sw, true, "vpp3apps")
opts.IsMDMEnrolled = false
Add clause to exclude VPP apps from host software list (#23207)
2024-10-28 19:48:54 +00:00
opts.OnlyAvailableForInstall = false
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
// team host sees available i3 and pending vpp1
opts.IncludeAvailableForInstall = true
sw, meta, err = ds.ListHostSoftware(ctx, tmHost, opts)
require.NoError(t, err)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 2}, meta)
compareResults(map[string]fleet.HostSoftwareWithInstaller{
i3.Name + i3.Source: expected[i3.Name+i3.Source],
"vpp1apps": {
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "vpp1",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallPending),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp1, Platform: "darwin", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp1TmCmdUUID}},
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
},
}, sw, true)
// other host does not see available VPP apps because it is a linux host
opts.IncludeAvailableForInstall = true
sw, meta, err = ds.ListHostSoftware(ctx, otherHost, opts)
require.NoError(t, err)
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 5}, meta)
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
expectedOther := map[string]fleet.HostSoftwareWithInstaller{
otherSoftware[0].Name + otherSoftware[0].Source: {Name: otherSoftware[0].Name, Source: otherSoftware[0].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: otherSoftware[0].Version},
}},
otherSoftware[1].Name + otherSoftware[1].Source: {Name: otherSoftware[1].Name, Source: otherSoftware[1].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: otherSoftware[1].Version},
}},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
otherSoftware[2].Name + otherSoftware[2].Source: {Name: otherSoftware[2].Name, Source: otherSoftware[2].Source, InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: otherSoftware[2].Version, Vulnerabilities: []string{vulns[4].CVE}},
}},
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
"i1apps": {
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "i1",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallPending),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-2.pkg", Version: "v2.0.0", Platform: "darwin", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: otherHostI1UUID}},
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
},
"i2apps": {
VPP: update list software titles/list host's software response payloads (#20553) #20536 # Checklist for submitter - [ ] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Added/updated tests --------- Co-authored-by: Roberto Dip <rroperzh@gmail.com> Co-authored-by: Roberto Dip <dip.jesusr@gmail.com>
2024-07-18 21:33:07 +00:00
Name: "i2",
Source: "apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallPending),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
SoftwarePackage: &fleet.SoftwarePackageOrApp{Name: "installer-3.pkg", Version: "v3.0.0", Platform: "darwin", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{InstallUUID: otherHostI2UUID}},
VPP: add VPP apps to list host's software endpoint (#20483)
2024-07-16 20:18:44 +00:00
},
}
compareResults(expectedOther, sw, true)
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
// i4 is "pending uninstall"
// force i4 to be returned by osquery
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
var i4Title struct {
ID uint `db:"id"`
Name string `db:"name"`
Source string `db:"source"`
Version string `db:"version"`
}
err := sqlx.GetContext(ctx, q, &i4Title, `
SELECT software_titles.id, software_titles.name, software_titles.source, software_installers.version
FROM software_installers
JOIN software_titles ON software_installers.title_id = software_titles.id
WHERE software_installers.id = ?`, swi6PendingUninstall)
if err != nil {
return err
}
res, err := q.ExecContext(ctx,
`INSERT INTO software (name, source, bundle_identifier, version, title_id, checksum) VALUES (?, ?, ?, ?, ?, ?)`,
i4Title.Name,
i4Title.Source,
"i4Title.com.example",
i4Title.Version,
i4Title.ID,
"i4-checksum",
)
if err != nil {
return err
}
softwareID, err := res.LastInsertId()
if err != nil {
return err
}
_, err = q.ExecContext(ctx, `INSERT INTO host_software (host_id, software_id) VALUES (?, ?)`,
host.ID, softwareID)
if err != nil {
return err
}
return nil
})
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// test the pagination
cases := []struct {
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
name string
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
opts fleet.HostSoftwareTitleListOptions
wantNames []string
wantMeta *fleet.PaginationMetadata
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}{
{
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
name: "No available for install software, page 0",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 5}, IncludeAvailableForInstall: false},
wantNames: []string{byNSV[a1].Name, byNSV[a2].Name, byNSV[b].Name, byNSV[c1].Name, byNSV[d].Name},
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
wantMeta: &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 11},
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
},
{
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
name: "No available for install software, page 1",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 1, PerPage: 5}, IncludeAvailableForInstall: false},
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
wantNames: []string{byNSV[e2].Name, i0.Name, i1.Name, i4.Name, "vpp1"},
wantMeta: &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: true, TotalResults: 11},
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
},
{
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
name: "No available for install software, page 2",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 2, PerPage: 5}, IncludeAvailableForInstall: false},
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
wantNames: []string{"vpp2"},
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 11},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
{
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
name: "No available for install software, page 3",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 3, PerPage: 5}, IncludeAvailableForInstall: false},
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
wantNames: []string{},
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 11},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
{
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
name: "Include Available for install software with MDM on, page 0",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 5}, IncludeAvailableForInstall: true, IsMDMEnrolled: true},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
wantNames: []string{byNSV[a1].Name, byNSV[a2].Name, byNSV[b].Name, byNSV[c1].Name, byNSV[d].Name},
wantMeta: &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 15},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
{
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
name: "Include Available for install software with MDM on, page 1",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 1, PerPage: 5}, IncludeAvailableForInstall: true, IsMDMEnrolled: true},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
wantNames: []string{byNSV[e2].Name, i0.Name, i1.Name, i2.Name, i4.Name},
wantMeta: &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: true, TotalResults: 15},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
{
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
name: "Include Available for install software with MDM on, page 2",
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
opts: fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{Page: 2, PerPage: 5},
IncludeAvailableForInstall: true,
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
IsMDMEnrolled: true,
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
},
wantNames: []string{i5.Name, i6.Name, "vpp1", "vpp2", "vpp3"},
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 15},
},
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
{
// Excludes vpp3 because it was never installed, and we can't install it with MDM off
name: "Include Available for install software with MDM off, page 2",
opts: fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{Page: 2, PerPage: 5},
IncludeAvailableForInstall: true,
},
wantNames: []string{i5.Name, i6.Name, "vpp1", "vpp2"},
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 14},
},
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
{
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
name: "Include Available for install software with MDM on, page 3",
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
opts: fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{Page: 3, PerPage: 5},
IncludeAvailableForInstall: true,
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
IsMDMEnrolled: true,
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
},
wantNames: []string{},
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 15},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
{
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
name: "Available for install and self-service only software with MDM on, page 0",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 3}, IncludeAvailableForInstall: true, SelfServiceOnly: true, IsMDMEnrolled: true},
Bugfix: take VPP apps into account in "self-service" filter and My Device page (#21473)
2024-08-21 20:40:01 +00:00
wantNames: []string{byNSV[b].Name, i0.Name, "vpp3"},
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: false, TotalResults: 3},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
{
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
name: "Available for install and self-service only software with MDM on, page 1",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 1, PerPage: 3}, IncludeAvailableForInstall: true, SelfServiceOnly: true, IsMDMEnrolled: true},
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
wantNames: []string{},
Bugfix: take VPP apps into account in "self-service" filter and My Device page (#21473)
2024-08-21 20:40:01 +00:00
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 3},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
{
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
name: "Available for install and self-service only software with MDM off, page 0",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 3}, IncludeAvailableForInstall: true, SelfServiceOnly: true},
wantNames: []string{byNSV[b].Name, i0.Name},
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: false, TotalResults: 2},
},
{
name: "Only available for install software with MDM on, page 0",
opts: fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{Page: 0, PerPage: 4}, OnlyAvailableForInstall: true, IsMDMEnrolled: true},
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
wantNames: []string{byNSV[b].Name, "i0", "i1", "i2"},
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
wantMeta: &fleet.PaginationMetadata{HasNextResults: true, HasPreviousResults: false, TotalResults: 10},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
},
{
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
name: "Only available for install with MDM on, page 2",
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
opts: fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{Page: 2, PerPage: 4},
OnlyAvailableForInstall: true,
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
IsMDMEnrolled: true,
Fix Host Software Vulnerability Filter (#21899)
2024-09-13 14:28:26 +00:00
},
Updated ListHostSoftware test and fixed issues.
2024-09-06 21:34:00 +00:00
wantNames: []string{"vpp2", "vpp3"},
wantMeta: &fleet.PaginationMetadata{HasNextResults: false, HasPreviousResults: true, TotalResults: 10},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
},
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
for _, c := range cases {
Add gosimple linter (#23250) #23249 Add gosimple linter to golangci-lint CI job.
2024-10-29 19:17:51 +00:00
t.Run(c.name, func(t *testing.T) {
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
// always include metadata
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
c.opts.ListOptions.IncludeMetadata = true
c.opts.ListOptions.OrderKey = "name"
c.opts.ListOptions.TestSecondaryOrderKey = "source"
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
Software SS: add self-service filter to list software titles and list host's/device's software (#19186)
2024-05-27 14:53:41 +00:00
sw, meta, err := ds.ListHostSoftware(ctx, host, c.opts)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
require.NoError(t, err)
names := make([]string, 0, len(sw))
for _, s := range sw {
names = append(names, s.Name)
}
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
assert.Equal(t, c.wantNames, names)
assert.Equal(t, c.wantMeta, meta)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
})
}
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
darwinHost := test.NewHost(t, ds, "hostD", "", "hostDkey", "hostDuuid", time.Now(), test.WithPlatform("darwin"))
softwareAlreadyInstalled := fleet.Software{Name: "DummyApp.app", Version: "1.0.1", Source: "apps", BundleIdentifier: "com.example.dummy"}
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
// Host has software installed, but not by Fleet, and there is no matching software installer.
// Ensure it is not surfaced as "available for install" when filtering by `VulnerableOnly`
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
res, err := q.ExecContext(ctx, `INSERT INTO software_titles (name, source, bundle_identifier) VALUES (?, ?, ?)`,
softwareAlreadyInstalled.Name, softwareAlreadyInstalled.Source, softwareAlreadyInstalled.BundleIdentifier)
if err != nil {
return err
}
titleID, err := res.LastInsertId()
if err != nil {
return err
}
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
titleIDUint := uint(titleID)
softwareAlreadyInstalled.TitleID = &titleIDUint
available_for_install false hides uninstalled software (#30404) https://github.com/fleetdm/fleet/issues/30188 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-07-01 16:08:15 +00:00
res, err = q.ExecContext(ctx, `INSERT INTO software (name, source, bundle_identifier, version, title_id, checksum) VALUES (?, ?, ?, ?, ?,?)`,
softwareAlreadyInstalled.Name, softwareAlreadyInstalled.Source, softwareAlreadyInstalled.BundleIdentifier, softwareAlreadyInstalled.Version, titleID, "dummy-checksum")
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
if err != nil {
return err
}
softwareID, err := res.LastInsertId()
if err != nil {
return err
}
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
softwareAlreadyInstalled.ID = uint(softwareID)
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
_, err = q.ExecContext(ctx, `INSERT INTO host_software (host_id, software_id) VALUES (?, ?)`,
darwinHost.ID, softwareID)
if err != nil {
return err
}
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
return nil
})
opts = fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 11, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
opts.OnlyAvailableForInstall = true
opts.VulnerableOnly = true
sw, _, err = ds.ListHostSoftware(ctx, darwinHost, opts)
require.NoError(t, err)
assert.Len(t, sw, 0, "Expected to find no software in the list")
// Now add a vulnerability to DummyApp.pkg, it should still not come back because we are filtering for "available for install"
_, err = ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{SoftwareID: softwareAlreadyInstalled.ID, CVE: "CVE-2025-10101"}, fleet.NVDSource)
require.NoError(t, err)
opts = fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 11, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
opts.OnlyAvailableForInstall = true
opts.VulnerableOnly = true
sw, _, err = ds.ListHostSoftware(ctx, darwinHost, opts)
require.NoError(t, err)
assert.Len(t, sw, 0, "Expected to find no software in the list")
// Add a matching software installer
// Ensure it is surfaced as "available for install"
var SoftwareInstallerID uint
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
installScript := `install 'DummyApp.app'`
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
res, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`, installScript, installScript)
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
if err != nil {
return err
}
scriptContentID, _ := res.LastInsertId()
uninstallScript := `uinstall 'DummyApp.app'`
resUninstall, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`,
uninstallScript, uninstallScript)
if err != nil {
return err
}
uninstallScriptContentID, _ := resUninstall.LastInsertId()
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
res, err = q.ExecContext(ctx, `
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
INSERT INTO software_installers
(team_id, global_or_team_id, title_id, filename, extension, version, install_script_content_id, uninstall_script_content_id, storage_id, platform, self_service)
VALUES
(?, ?, ?, ?, ?, ?, ?, ?, unhex(?), ?, ?)`,
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
darwinHost.TeamID, 0, softwareAlreadyInstalled.TitleID, "DummyApp.pkg", "pkg", "2.0.0",
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
scriptContentID, uninstallScriptContentID,
hex.EncodeToString([]byte("test")), "darwin", true)
if err != nil {
return err
}
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
lastInsertID, err := res.LastInsertId()
if err != nil {
return err
}
SoftwareInstallerID = uint(lastInsertID)
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
return nil
})
require.NoError(t, err)
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
opts = fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 11, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
opts.OnlyAvailableForInstall = true
sw, _, err = ds.ListHostSoftware(ctx, darwinHost, opts)
require.NoError(t, err)
var found bool
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
index := -1
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
for i, s := range sw {
if s.Name == softwareAlreadyInstalled.Name && s.Source == softwareAlreadyInstalled.Source {
found = true
index = i
break
}
}
require.True(t, found, "Expected to find software %s in the list", softwareAlreadyInstalled.Name)
assert.Equal(t, sw[index].InstalledVersions[0].Version, softwareAlreadyInstalled.Version)
assert.Equal(t, sw[index].SoftwarePackage.Name, "DummyApp.pkg")
assert.Equal(t, sw[index].SoftwarePackage.Version, "2.0.0")
assert.Equal(t, sw[index].SoftwarePackage.Platform, "darwin")
Corrected available for install software that is vulnerabilities (#28269) https://github.com/fleetdm/fleet/issues/28203 If software has not been installed on the host but has vulnerabilities it should not be returned when filtering by "VulnerableOnly" - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-16 14:01:34 +00:00
// Now with matching software installer, if filtering by `VulnerableOnly` we should get the software, as it has a vulnerability
opts = fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 11, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
opts.OnlyAvailableForInstall = true
opts.VulnerableOnly = true
sw, _, err = ds.ListHostSoftware(ctx, darwinHost, opts)
require.NoError(t, err)
found = false
index = -1
for i, s := range sw {
if s.Name == softwareAlreadyInstalled.Name && s.Source == softwareAlreadyInstalled.Source {
found = true
index = i
break
}
}
require.True(t, found, "Expected to find software %s in the list", softwareAlreadyInstalled.Name)
assert.Equal(t, sw[index].InstalledVersions[0].Version, softwareAlreadyInstalled.Version)
// This vulnerable software is not installed on the host, however, has a software installer available for install, should not be returned
opts = fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 11, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
opts.OnlyAvailableForInstall = true
opts.VulnerableOnly = true
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
found = false
for _, s := range sw {
if s.Name == softwareAlreadyInstalled.Name && s.Source == softwareAlreadyInstalled.Source {
found = true
break
}
}
require.False(t, found, "Expected not find software %s in the list", softwareAlreadyInstalled.Name)
// Attempt to install the vulnerable software on the host (pending), if filtering by `VulnerableOnly`, should not be returned
_, err = ds.InsertSoftwareInstallRequest(ctx, host.ID, SoftwareInstallerID, fleet.HostSoftwareInstallOptions{})
require.NoError(t, err)
opts = fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 11, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
opts.OnlyAvailableForInstall = true
opts.VulnerableOnly = true
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
found = false
for _, s := range sw {
if s.Name == softwareAlreadyInstalled.Name && s.Source == softwareAlreadyInstalled.Source {
found = true
break
}
}
require.False(t, found, "Expected not find software %s in the list", softwareAlreadyInstalled.Name)
Add API endpoint to list host/device software (#18676)
2024-05-01 18:37:52 +00:00
}
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
func testListIOSHostSoftware(t *testing.T, ds *Datastore) {
ctx := context.Background()
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now(), test.WithPlatform("ios"))
nanoEnroll(t, ds, host, false)
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
opts := fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{
PerPage: 10, IncludeMetadata: true, OrderKey: "name",
TestSecondaryOrderKey: "source",
}}
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
Delete apps associated with VPP tokens when they're moved or deleted (#21852) #21804
2024-09-06 13:14:09 +00:00
test.CreateInsertGlobalVPPToken(t, ds)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
user, err := ds.NewUser(ctx, &fleet.User{
Password: []byte("p4ssw0rd.123"),
Name: "userIOS",
Email: "userIOS@example.com",
GlobalRole: ptr.String(fleet.RoleAdmin),
})
require.NoError(t, err)
expectStatus := func(s fleet.SoftwareInstallerStatus) *fleet.SoftwareInstallerStatus {
return &s
}
// no software yet
sw, meta, err := ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Empty(t, sw)
assert.Equal(t, &fleet.PaginationMetadata{}, meta)
// add software to the host
software := []fleet.Software{
{Name: "a", Version: "0.0.1", Source: "ios_apps"},
{Name: "b", Version: "0.0.2", Source: "ios_apps"},
{Name: "c", Version: "0.0.3", Source: "ios_apps"},
{Name: "c", Version: "0.0.4", Source: "ios_apps"},
}
byNSV := map[string]fleet.Software{}
for _, s := range software {
byNSV[s.Name+s.Source+s.Version] = s
}
mutationResults, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
assert.Len(t, mutationResults.Inserted, len(software))
for _, m := range mutationResults.Inserted {
s, ok := byNSV[m.Name+m.Source+m.Version]
assert.True(t, ok)
assert.Equal(t, m.Name, s.Name, "name")
assert.Equal(t, m.Version, s.Version, "version")
assert.Equal(t, m.Source, s.Source, "source")
assert.Zero(t, s.ID) // not set in the map yet
assert.NotZero(t, m.ID)
s.ID = m.ID
byNSV[s.Name+s.Source+s.Version] = s
}
assert.NoError(t, ds.LoadHostSoftware(ctx, host, false))
assert.Equal(t, len(host.Software), len(software))
for _, hs := range host.Software {
s, ok := byNSV[hs.Name+hs.Source+hs.Version]
assert.True(t, ok)
assert.Equal(t, hs.Name, s.Name, "name")
assert.Equal(t, hs.Version, s.Version, "version")
assert.Equal(t, hs.Source, s.Source, "source")
assert.Equal(t, hs.ID, s.ID)
}
// shorthand keys for expected software
getKey := func(i int) string {
return software[i].Name + software[i].Source + software[i].Version
}
a1 := getKey(0)
b := getKey(1)
c1 := getKey(2)
c2 := getKey(3)
// add some vulnerabilities
vulns := []fleet.SoftwareVulnerability{
{SoftwareID: byNSV[a1].ID, CVE: "CVE-a-0001"},
{SoftwareID: byNSV[a1].ID, CVE: "CVE-a-0002"},
{SoftwareID: byNSV[a1].ID, CVE: "CVE-a-0003"},
{SoftwareID: byNSV[b].ID, CVE: "CVE-b-0001"},
}
for _, v := range vulns {
_, err = ds.InsertSoftwareVulnerability(ctx, v, fleet.NVDSource)
require.NoError(t, err)
}
err = ds.ReconcileSoftwareTitles(ctx)
require.NoError(t, err)
expected := map[string]fleet.HostSoftwareWithInstaller{
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
byNSV[a1].Name + byNSV[a1].Source: {
Name: byNSV[a1].Name, Source: byNSV[a1].Source,
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[a1].Version, Vulnerabilities: []string{vulns[0].CVE, vulns[1].CVE, vulns[2].CVE}},
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
},
},
byNSV[b].Name + byNSV[b].Source: {
Name: byNSV[b].Name, Source: byNSV[b].Source,
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[b].Version, Vulnerabilities: []string{vulns[3].CVE}},
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
},
},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
// c1 and c2 are the same software title because they have the same name and source
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
byNSV[c1].Name + byNSV[c1].Source: {
Name: byNSV[c1].Name, Source: byNSV[c1].Source,
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
InstalledVersions: []*fleet.HostSoftwareInstalledVersion{
{Version: byNSV[c1].Version},
{Version: byNSV[c2].Version},
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
},
},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
}
compareResults := func(expected map[string]fleet.HostSoftwareWithInstaller, got []*fleet.HostSoftwareWithInstaller, expectAsc bool,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
expectOmitted ...string,
) {
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.Len(t, got, len(expected)-len(expectOmitted))
prev := ""
for _, g := range got {
e, ok := expected[g.Name+g.Source]
require.True(t, ok, "unexpected software name:%s source:%s", g.Name, g.Source)
require.Equal(t, e.Name, g.Name)
require.Equal(t, e.Source, g.Source)
if e.SoftwarePackage != nil {
require.Equal(t, e.SoftwarePackage.SelfService, g.SoftwarePackage.SelfService)
require.Equal(t, e.SoftwarePackage.IconURL, g.SoftwarePackage.IconURL)
require.Equal(t, e.SoftwarePackage.AppStoreID, g.SoftwarePackage.AppStoreID)
require.Equal(t, e.SoftwarePackage.Name, g.SoftwarePackage.Name)
require.Equal(t, e.SoftwarePackage.Version, g.SoftwarePackage.Version)
if e.SoftwarePackage.LastInstall != nil {
require.Equal(t, e.SoftwarePackage.LastInstall.CommandUUID, g.SoftwarePackage.LastInstall.CommandUUID)
require.Equal(t, e.SoftwarePackage.LastInstall.InstallUUID, g.SoftwarePackage.LastInstall.InstallUUID)
require.NotNil(t, g.SoftwarePackage.LastInstall.InstalledAt)
}
}
if e.AppStoreApp != nil {
require.Equal(t, e.AppStoreApp.SelfService, g.AppStoreApp.SelfService)
require.Equal(t, e.AppStoreApp.IconURL, g.AppStoreApp.IconURL)
require.Equal(t, e.AppStoreApp.AppStoreID, g.AppStoreApp.AppStoreID)
require.Equal(t, e.AppStoreApp.Name, g.AppStoreApp.Name)
require.Equal(t, e.AppStoreApp.Version, g.AppStoreApp.Version)
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
require.Equal(t, e.AppStoreApp.Platform, g.AppStoreApp.Platform)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
if e.AppStoreApp.LastInstall != nil {
require.Equal(t, e.AppStoreApp.LastInstall.InstallUUID, g.AppStoreApp.LastInstall.InstallUUID)
require.Equal(t, e.AppStoreApp.LastInstall.CommandUUID, g.AppStoreApp.LastInstall.CommandUUID)
require.NotNil(t, g.AppStoreApp.LastInstall.InstalledAt)
}
}
require.Len(t, g.InstalledVersions, len(e.InstalledVersions))
if len(e.InstalledVersions) > 0 {
byVers := make(map[string]fleet.HostSoftwareInstalledVersion, len(e.InstalledVersions))
for _, v := range e.InstalledVersions {
byVers[v.Version] = *v
}
for _, v := range g.InstalledVersions {
ev, ok := byVers[v.Version]
require.True(t, ok)
require.Equal(t, ev.Version, v.Version)
require.ElementsMatch(t, ev.InstalledPaths, v.InstalledPaths)
require.ElementsMatch(t, ev.Vulnerabilities, v.Vulnerabilities)
}
}
if prev != "" {
if expectAsc {
require.Greater(t, g.Name+g.Source, prev)
} else {
require.Less(t, g.Name+g.Source, prev)
}
}
prev = g.Name + g.Source
}
}
// it now returns the software with vulnerabilities and installed paths
opts.SelfServiceOnly = false
opts.IncludeAvailableForInstall = false
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected))}, meta)
compareResults(expected, sw, true)
opts.VulnerableOnly = true
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected) - 1)}, meta)
compareResults(expected, sw, true, byNSV[c1].Name+byNSV[c1].Source)
opts.VulnerableOnly = false
// No software that is available for install
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = true
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Empty(t, sw)
assert.Equal(t, &fleet.PaginationMetadata{}, meta)
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = false
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
// Create a team
tm, err := ds.NewTeam(ctx, &fleet.Team{Name: "mobile team"})
require.NoError(t, err)
// add VPP apps, one for both no team and team, and three for no-team only.
va1, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.IOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}, nil)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.NoError(t, err)
_, err = ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}, nil)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.NoError(t, err)
_, err = ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.IPadOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}, nil)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.NoError(t, err)
_, err = ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.IPadOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}, &tm.ID)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.NoError(t, err)
vpp1 := va1.AdamID
va2, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_2", Platform: fleet.IOSPlatform}}, Name: "vpp2",
BundleIdentifier: "com.app.vpp2",
}, nil)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.NoError(t, err)
va3, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_3", Platform: fleet.IOSPlatform}}, Name: "vpp3",
BundleIdentifier: "com.app.vpp3",
}, nil)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.NoError(t, err)
va4, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_4", Platform: fleet.IOSPlatform}}, Name: "vpp4",
BundleIdentifier: "com.app.vpp4",
}, nil)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.NoError(t, err)
vpp2, vpp3, vpp4 := va2.AdamID, va3.AdamID, va4.AdamID
// create an installation request for vpp1 and vpp2, leaving vpp3 and vpp4 as
// available only
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, host, vpp1, user)
vpp2CmdUUID := createVPPAppInstallRequest(t, ds, host, vpp2, user)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
// make vpp1 install a success, while vpp2 has its initial request as failed
// and a subsequent request as pending.
createVPPAppInstallResult(t, ds, host, vpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
createVPPAppInstallResult(t, ds, host, vpp2CmdUUID, fleet.MDMAppleStatusError)
time.Sleep(time.Second) // ensure a different created_at timestamp
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
vpp2bCmdUUID := createVPPAppInstallRequest(t, ds, host, vpp2, user)
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
require.NotEmpty(t, vpp2bCmdUUID)
expected["vpp1ios_apps"] = fleet.HostSoftwareWithInstaller{
Name: "vpp1",
Source: "ios_apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstalled),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp1, Platform: "ios", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp1CmdUUID}},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
}
expected["vpp2ios_apps"] = fleet.HostSoftwareWithInstaller{
Name: "vpp2",
Source: "ios_apps",
Updated host_software_installs table.
2024-09-04 21:46:48 +00:00
Status: expectStatus(fleet.SoftwareInstallPending),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp2, Platform: "ios", SelfService: ptr.Bool(false), LastInstall: &fleet.HostSoftwareInstall{CommandUUID: vpp2bCmdUUID}},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
}
opts.IncludeAvailableForInstall = false
opts.ListOptions.MatchQuery = ""
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected))}, meta)
compareResults(expected, sw, true) // i3 is for team, i2 is available (excluded)
expected["vpp3ios_apps"] = fleet.HostSoftwareWithInstaller{
Name: "vpp3",
Source: "ios_apps",
Status: nil,
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp3, Platform: "ios", SelfService: ptr.Bool(false)},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
}
expected["vpp4ios_apps"] = fleet.HostSoftwareWithInstaller{
Name: "vpp4",
Source: "ios_apps",
Status: nil,
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
AppStoreApp: &fleet.SoftwarePackageOrApp{AppStoreID: vpp4, Platform: "ios", SelfService: ptr.Bool(false)},
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
}
expectedAvailableOnly := map[string]fleet.HostSoftwareWithInstaller{}
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
expectedAvailableOnly["vpp1ios_apps"] = expected["vpp1ios_apps"]
expectedAvailableOnly["vpp2ios_apps"] = expected["vpp2ios_apps"]
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
expectedAvailableOnly["vpp3ios_apps"] = expected["vpp3ios_apps"]
expectedAvailableOnly["vpp4ios_apps"] = expected["vpp4ios_apps"]
opts.IncludeAvailableForInstall = true
fix: update logic for filtering VPP apps based on host MDM status (#23656) > Related issue: #23247 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-11-11 19:35:05 +00:00
opts.IsMDMEnrolled = true
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
opts.ListOptions.PerPage = 20
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expected))}, meta)
compareResults(expected, sw, true)
// Available for install only
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = true
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Equal(t, &fleet.PaginationMetadata{TotalResults: uint(len(expectedAvailableOnly))}, meta)
compareResults(expectedAvailableOnly, sw, true)
Bugfix: list host software "Available for install" filter must show installers that have an install request on the host (#21083)
2024-08-06 14:14:01 +00:00
opts.OnlyAvailableForInstall = false
Added `available_for_install` query parameter to host details (#20876) Missing part of #19447 Added `available_for_install` query parameter to `GET /api/v1/fleet/hosta/:id/software` # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-07-31 14:27:43 +00:00
}
de-dup host_software and host_vpp_software_installs (#28185) # Checklist for submitter https://github.com/fleetdm/fleet/issues/28156 If some of the following don't apply, delete the relevant line. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-14 20:27:43 +00:00
func testListHostSoftwareWithVPPApps(t *testing.T, ds *Datastore) {
ctx := context.Background()
tm, err := ds.NewTeam(ctx, &fleet.Team{Name: "team1"})
require.NoError(t, err)
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
nanoEnroll(t, ds, host, false)
user := test.NewUser(t, ds, "Alice", "alice@example.com", true)
err = ds.AddHostsToTeam(ctx, &tm.ID, []uint{host.ID})
require.NoError(t, err)
host.TeamID = &tm.ID
numberOfApps := 5
Mdm turn off, not install vpp apps are not available for install (#29068) https://github.com/fleetdm/fleet/issues/29004 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-13 17:35:50 +00:00
// create a second host and add it to the team
anotherHost := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now())
nanoEnroll(t, ds, anotherHost, false)
err = ds.AddHostsToTeam(ctx, &tm.ID, []uint{anotherHost.ID})
require.NoError(t, err)
anotherHost.TeamID = &tm.ID
de-dup host_software and host_vpp_software_installs (#28185) # Checklist for submitter https://github.com/fleetdm/fleet/issues/28156 If some of the following don't apply, delete the relevant line. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-14 20:27:43 +00:00
software := []fleet.Software{}
for i := 0; i < numberOfApps; i++ {
software = append(software, fleet.Software{
Name: fmt.Sprintf("z%d", i),
Version: fmt.Sprintf("0.0.%d", i),
Source: "apps",
BundleIdentifier: fmt.Sprintf("com.example.%d", i),
})
}
_, err = ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
dataToken, err := test.CreateVPPTokenData(time.Now().Add(24*time.Hour), "Test org"+t.Name(), "Test location"+t.Name())
require.NoError(t, err)
tok1, err := ds.InsertVPPToken(ctx, dataToken)
require.NoError(t, err)
_, err = ds.UpdateVPPTokenTeams(ctx, tok1.ID, []uint{})
require.NoError(t, err)
time.Sleep(time.Second)
vPPApp := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}},
Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
Ensured vpp apps return installed version if exists (#29007) https://github.com/fleetdm/fleet/issues/28985 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 20:11:27 +00:00
LatestVersion: "1.0.0",
de-dup host_software and host_vpp_software_installs (#28185) # Checklist for submitter https://github.com/fleetdm/fleet/issues/28156 If some of the following don't apply, delete the relevant line. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-14 20:27:43 +00:00
}
va1, err := ds.InsertVPPAppWithTeam(ctx, vPPApp, &tm.ID)
require.NoError(t, err)
vpp1 := va1.AdamID
Mdm turn off, not install vpp apps are not available for install (#29068) https://github.com/fleetdm/fleet/issues/29004 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-13 17:35:50 +00:00
// vpp1 is not installed yet, but host is mdm enrolled so it should show up
sw, _, err := ds.ListHostSoftware(
ctx,
anotherHost,
fleet.HostSoftwareTitleListOptions{
OnlyAvailableForInstall: true,
IsMDMEnrolled: true,
ListOptions: fleet.ListOptions{PerPage: 10, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"},
},
)
require.NoError(t, err)
assert.Len(t, sw, 1)
assert.Equal(t, vPPApp.Name, sw[0].Name)
// vpp1 is not installed yet, but host is not mdm enrolled so it should not show up
sw, _, err = ds.ListHostSoftware(
ctx,
anotherHost,
fleet.HostSoftwareTitleListOptions{
OnlyAvailableForInstall: true,
IsMDMEnrolled: false,
ListOptions: fleet.ListOptions{PerPage: 10, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"},
},
)
require.NoError(t, err)
assert.Len(t, sw, 0)
de-dup host_software and host_vpp_software_installs (#28185) # Checklist for submitter https://github.com/fleetdm/fleet/issues/28156 If some of the following don't apply, delete the relevant line. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-14 20:27:43 +00:00
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, host, vpp1, user)
_, err = ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), host.ID, "")
require.NoError(t, err)
createVPPAppInstallResult(t, ds, host, vpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
// Insert software entry for vpp app
res, err := ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
Ensured vpp apps return installed version if exists (#29007) https://github.com/fleetdm/fleet/issues/28985 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 20:11:27 +00:00
vPPApp.Name, "1.2.3", "apps", vPPApp.BundleIdentifier, vPPApp.TitleID, hex.EncodeToString([]byte("vpp1")),
de-dup host_software and host_vpp_software_installs (#28185) # Checklist for submitter https://github.com/fleetdm/fleet/issues/28156 If some of the following don't apply, delete the relevant line. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-14 20:27:43 +00:00
)
require.NoError(t, err)
time.Sleep(time.Second)
softwareID, err := res.LastInsertId()
require.NoError(t, err)
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO host_software (host_id, software_id)
VALUES (?, ?)
`, host.ID, softwareID)
require.NoError(t, err)
opts := fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: uint(numberOfApps - 1), IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
sw, meta, err := ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Len(t, sw, numberOfApps-1)
assert.Equal(t, numberOfApps+1, int(meta.TotalResults))
assert.True(t, meta.HasNextResults)
Ensured vpp apps return installed version if exists (#29007) https://github.com/fleetdm/fleet/issues/28985 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 20:11:27 +00:00
// The vpp app returned should have an installed version as per the sql above.
// However this is a special case because we are not
// passing one of the IncludeAvailableForInstall or OnlyAvailableForInstall flags.
// Passing one of those flags would typically add the installed version (from host_software/software) to the list
// of InstalledVersions. But we need to make a special case for this when neither of those flags are set.
assert.Len(t, sw[0].InstalledVersions, 1)
assert.Equal(t, "1.2.3", sw[0].InstalledVersions[0].Version)
assert.Equal(t, "apps", sw[0].InstalledVersions[0].Source)
assert.Equal(t, vPPApp.BundleIdentifier, sw[0].InstalledVersions[0].BundleIdentifier)
Surface vpp apps installed on host but not by fleet (#28401) [#28337](https://github.com/fleetdm/fleet/issues/28337) - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 16:16:56 +00:00
Handled fleet installed & inventoried vpp app versions (#29051) https://github.com/fleetdm/fleet/issues/28985 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-13 03:20:33 +00:00
// The vpp app is installed by fleet, and also has been inventoried by osquery
// Ensure we don't lose the version for the vpp app
opts.IncludeAvailableForInstall = true
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Len(t, sw[0].InstalledVersions, 1)
assert.Equal(t, "1.2.3", sw[0].InstalledVersions[0].Version)
Surface vpp apps installed on host but not by fleet (#28401) [#28337](https://github.com/fleetdm/fleet/issues/28337) - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 16:16:56 +00:00
// have the second host install a vpp app, but not by fleet
res, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
vPPApp.Name, "0.1.0", "apps", vPPApp.BundleIdentifier, vPPApp.TitleID, hex.EncodeToString([]byte("vpp1v0.1.0")),
)
require.NoError(t, err)
time.Sleep(time.Second)
softwareID, err = res.LastInsertId()
require.NoError(t, err)
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO host_software (host_id, software_id)
VALUES (?, ?)
`, anotherHost.ID, softwareID)
require.NoError(t, err)
// when filtering by available for install ensure
// that the pre-installed app store app that has a match vpp app is returned
opts = fleet.HostSoftwareTitleListOptions{OnlyAvailableForInstall: true, ListOptions: fleet.ListOptions{PerPage: uint(numberOfApps - 1), IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"}}
sw, _, err = ds.ListHostSoftware(ctx, anotherHost, opts)
require.NoError(t, err)
assert.Len(t, sw, 1)
assert.Equal(t, vPPApp.Name, sw[0].Name)
assert.Equal(t, vPPApp.AdamID, sw[0].AppStoreApp.AppStoreID)
assert.Equal(t, "0.1.0", sw[0].InstalledVersions[0].Version)
assert.Nil(t, sw[0].Status)
de-dup host_software and host_vpp_software_installs (#28185) # Checklist for submitter https://github.com/fleetdm/fleet/issues/28156 If some of the following don't apply, delete the relevant line. - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-14 20:27:43 +00:00
}
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
func testListHostSoftwareVPPSelfService(t *testing.T, ds *Datastore) {
ctx := context.Background()
tm, err := ds.NewTeam(ctx, &fleet.Team{Name: "team1"})
require.NoError(t, err)
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
nanoEnroll(t, ds, host, false)
user := test.NewUser(t, ds, "Alice", "alice@example.com", true)
err = ds.AddHostsToTeam(ctx, &tm.ID, []uint{host.ID})
require.NoError(t, err)
host.TeamID = &tm.ID
tests for vpp with app self service (#29029) https://github.com/fleetdm/fleet/issues/28919 Looks like either #29007 or #28991 fixed this issue. But adding a test to ensure - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-12 14:44:05 +00:00
opts := fleet.HostSoftwareTitleListOptions{
SelfServiceOnly: true,
IsMDMEnrolled: true,
IncludeAvailableForInstall: true,
OnlyAvailableForInstall: false,
VulnerableOnly: false,
KnownExploit: false,
ListOptions: fleet.ListOptions{PerPage: 10, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"},
}
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
// setup vpp
dataToken, err := test.CreateVPPTokenData(time.Now().Add(24*time.Hour), "Test org"+t.Name(), "Test location"+t.Name())
require.NoError(t, err)
tok1, err := ds.InsertVPPToken(ctx, dataToken)
require.NoError(t, err)
_, err = ds.UpdateVPPTokenTeams(ctx, tok1.ID, []uint{})
require.NoError(t, err)
time.Sleep(time.Second)
vPPApp := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{SelfService: true, VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}},
Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
LatestVersion: "1.0.0",
}
va1, err := ds.InsertVPPAppWithTeam(ctx, vPPApp, &tm.ID)
require.NoError(t, err)
vpp1 := va1.AdamID
tests for vpp with app self service (#29029) https://github.com/fleetdm/fleet/issues/28919 Looks like either #29007 or #28991 fixed this issue. But adding a test to ensure - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-12 14:44:05 +00:00
// vpp1 is self service, not installed yet, so it should show as available for install
sw, _, err := ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Len(t, sw, 1)
Handled installed vpp apps when mdm is turned off (#29063) https://github.com/fleetdm/fleet/issues/28985 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-13 14:09:39 +00:00
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, host, vpp1, user)
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
_, err = ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), host.ID, "")
require.NoError(t, err)
vPPApp2 := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{SelfService: true, VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_2", Platform: fleet.MacOSPlatform}},
Name: "vpp2",
BundleIdentifier: "com.app.vpp2",
LatestVersion: "1.0.1",
}
_, err = ds.InsertVPPAppWithTeam(ctx, vPPApp2, &tm.ID)
require.NoError(t, err)
res, err := ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
vPPApp2.Name, "0.5.0", "apps", vPPApp2.BundleIdentifier, vPPApp2.TitleID, hex.EncodeToString([]byte("vpp2")),
)
require.NoError(t, err)
time.Sleep(time.Second)
softwareID, err := res.LastInsertId()
require.NoError(t, err)
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO host_software (host_id, software_id)
VALUES (?, ?)
`, host.ID, softwareID)
require.NoError(t, err)
tests for vpp with app self service (#29029) https://github.com/fleetdm/fleet/issues/28919 Looks like either #29007 or #28991 fixed this issue. But adding a test to ensure - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-12 14:44:05 +00:00
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
require.NoError(t, err)
assert.Len(t, sw, 2)
Fixed search with self service filter (#28991) For https://github.com/fleetdm/fleet/issues/28880 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 19:52:11 +00:00
// pending install
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
assert.NotNil(t, sw[0].AppStoreApp)
assert.Equal(t, "1.0.0", sw[0].AppStoreApp.Version)
Fixed search with self service filter (#28991) For https://github.com/fleetdm/fleet/issues/28880 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 19:52:11 +00:00
assert.Equal(t, fleet.SoftwareInstallerStatus("pending_install"), *sw[0].Status)
assert.NotNil(t, sw[0].AppStoreApp.LastInstall)
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
assert.Nil(t, sw[0].InstalledVersions)
Fixed search with self service filter (#28991) For https://github.com/fleetdm/fleet/issues/28880 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 19:52:11 +00:00
// installed but not by fleet, so status is nil
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
assert.NotNil(t, sw[1].AppStoreApp)
assert.Equal(t, "1.0.1", sw[1].AppStoreApp.Version)
Fixed search with self service filter (#28991) For https://github.com/fleetdm/fleet/issues/28880 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 19:52:11 +00:00
assert.Nil(t, sw[1].Status)
assert.Nil(t, sw[1].AppStoreApp.LastInstall)
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
assert.NotNil(t, sw[1].InstalledVersions)
assert.Equal(t, "0.5.0", sw[1].InstalledVersions[0].Version)
Handled installed vpp apps when mdm is turned off (#29063) https://github.com/fleetdm/fleet/issues/28985 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-13 14:09:39 +00:00
createVPPAppInstallResult(t, ds, host, vpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
// Insert software entry for vpp app
res, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
vPPApp.Name, "1.2.3", "apps", vPPApp.BundleIdentifier, vPPApp.TitleID, hex.EncodeToString([]byte("vpp1")),
)
require.NoError(t, err)
time.Sleep(time.Second)
softwareID, err = res.LastInsertId()
require.NoError(t, err)
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO host_software (host_id, software_id)
VALUES (?, ?)
`, host.ID, softwareID)
require.NoError(t, err)
// vpp apps should not be returned in self service
// if the host is not mdm enrolled
opts.IsMDMEnrolled = false
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Len(t, sw, 0)
Tests for self service vpp apps & weird installed vpp app edge case (#28372) https://github.com/fleetdm/fleet/issues/28345 When a vpp app is marked as self service, it should be returned and the data about it should be hydrated. When writing tests for this, another bug was found around vpp apps that were installed and present in host software. These apps need to be retrieved and the data about them needs to be merged onto the host `hostInstalledSoftware` record. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 03:53:06 +00:00
}
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
func testSetHostSoftwareInstallResult(t *testing.T, ds *Datastore) {
ctx := context.Background()
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
// create a software installer and some host install requests
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
installScript := `echo 'foo'`
res, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`, installScript, installScript)
if err != nil {
return err
}
scriptContentID, _ := res.LastInsertId()
Fixed tests
2024-09-06 14:49:07 +00:00
uninstallScript := `echo 'bar'`
resUninstall, err := q.ExecContext(ctx, `INSERT INTO script_contents (md5_checksum, contents) VALUES (UNHEX(md5(?)), ?)`,
uninstallScript, uninstallScript)
if err != nil {
return err
}
uninstallScriptContentID, _ := resUninstall.LastInsertId()
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
res, err = q.ExecContext(ctx, `INSERT INTO software_titles (name, source) VALUES ('foo', 'apps')`)
if err != nil {
return err
}
titleID, _ := res.LastInsertId()
res, err = q.ExecContext(ctx, `
INSERT INTO software_installers
Add software installer extension column to database (#22017) #22044 This is distinct from the filename extension due to being based on package introspection. # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-09-12 21:22:35 +00:00
(title_id, filename, extension, version, install_script_content_id, uninstall_script_content_id, storage_id)
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
VALUES
Add software installer extension column to database (#22017) #22044 This is distinct from the filename extension due to being based on package introspection. # Checklist for submitter - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Manual QA for all new/changed functionality
2024-09-12 21:22:35 +00:00
(?, ?, ?, ?, ?, ?, unhex(?))`,
titleID, "installer.pkg", "pkg", "v1.0.0", scriptContentID, uninstallScriptContentID, hex.EncodeToString([]byte("test")))
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
if err != nil {
return err
}
id, _ := res.LastInsertId()
// create some install requests for the host
for i := 0; i < 3; i++ {
_, err = q.ExecContext(ctx, `
INSERT INTO host_software_installs (execution_id, host_id, software_installer_id) VALUES (?, ?, ?)`,
fmt.Sprintf("uuid%d", i), host.ID, id)
if err != nil {
return err
}
}
return nil
})
checkResults := func(want *fleet.HostSoftwareInstallResultPayload) {
type result struct {
HostID uint `db:"host_id"`
InstallUUID string `db:"execution_id"`
PreInstallConditionOutput *string `db:"pre_install_query_output"`
InstallScriptExitCode *int `db:"install_script_exit_code"`
InstallScriptOutput *string `db:"install_script_output"`
PostInstallScriptExitCode *int `db:"post_install_script_exit_code"`
PostInstallScriptOutput *string `db:"post_install_script_output"`
}
var got result
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
return sqlx.GetContext(ctx, q, &got,
`SELECT
host_id,
execution_id,
pre_install_query_output,
install_script_exit_code,
install_script_output,
post_install_script_exit_code,
post_install_script_output
FROM
host_software_installs
WHERE execution_id = ?`, want.InstallUUID)
})
assert.Equal(t, want.HostID, got.HostID)
assert.Equal(t, want.InstallUUID, got.InstallUUID)
if want.PreInstallConditionOutput == nil {
assert.Nil(t, got.PreInstallConditionOutput)
} else {
assert.NotNil(t, got.PreInstallConditionOutput)
assert.Equal(t, *want.PreInstallConditionOutput, *got.PreInstallConditionOutput)
}
assert.Equal(t, want.InstallScriptExitCode, got.InstallScriptExitCode)
if want.InstallScriptOutput == nil {
assert.Nil(t, got.InstallScriptOutput)
} else {
assert.NotNil(t, got.InstallScriptOutput)
assert.EqualValues(t, want.InstallScriptOutput, got.InstallScriptOutput)
}
assert.Equal(t, want.PostInstallScriptExitCode, got.PostInstallScriptExitCode)
if want.PostInstallScriptOutput == nil {
assert.Nil(t, got.PostInstallScriptOutput)
} else {
assert.NotNil(t, got.PostInstallScriptOutput)
assert.EqualValues(t, want.InstallScriptOutput, got.InstallScriptOutput)
}
}
// set a result with all fields provided
want := &fleet.HostSoftwareInstallResultPayload{
HostID: host.ID,
InstallUUID: "uuid0",
PreInstallConditionOutput: ptr.String("1"),
InstallScriptExitCode: ptr.Int(0),
InstallScriptOutput: ptr.String("ok"),
PostInstallScriptExitCode: ptr.Int(0),
PostInstallScriptOutput: ptr.String("ok"),
}
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
wasCanceled, err := ds.SetHostSoftwareInstallResult(ctx, want)
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
require.NoError(t, err)
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
require.False(t, wasCanceled)
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
checkResults(want)
// set a result with only the pre-condition that failed
want = &fleet.HostSoftwareInstallResultPayload{
HostID: host.ID,
InstallUUID: "uuid1",
PreInstallConditionOutput: ptr.String(""),
}
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, want)
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
require.NoError(t, err)
checkResults(want)
// set a result with only the install that failed
want = &fleet.HostSoftwareInstallResultPayload{
HostID: host.ID,
InstallUUID: "uuid2",
InstallScriptExitCode: ptr.Int(1),
InstallScriptOutput: ptr.String("fail"),
}
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, want)
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
require.NoError(t, err)
checkResults(want)
// set a result for a non-existing uuid
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
Add orbit endpoint to receive results of a software installation attempt (#18689) #18675
2024-05-03 16:03:59 +00:00
HostID: host.ID,
InstallUUID: "uuid-no-such",
InstallScriptExitCode: ptr.Int(0),
InstallScriptOutput: ptr.String("ok"),
})
require.Error(t, err)
require.True(t, fleet.IsNotFound(err))
}
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
func testListHostSoftwareInstallThenTransferTeam(t *testing.T, ds *Datastore) {
ctx := context.Background()
user := test.NewUser(t, ds, "user1", "user1@example.com", false)
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, host, false)
opts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{PerPage: 10, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"},
IncludeAvailableForInstall: true,
}
Delete apps associated with VPP tokens when they're moved or deleted (#21852) #21804
2024-09-06 13:14:09 +00:00
test.CreateInsertGlobalVPPToken(t, ds)
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
team1, err := ds.NewTeam(ctx, &fleet.Team{Name: "team 1"})
require.NoError(t, err)
team2, err := ds.NewTeam(ctx, &fleet.Team{Name: "team 2"})
require.NoError(t, err)
err = ds.AddHostsToTeam(ctx, &team1.ID, []uint{host.ID})
require.NoError(t, err)
host.TeamID = &team1.ID
// add a single "externally-installed" software for that host
software := []fleet.Software{
{Name: "a", Version: "0.0.1", Source: "chrome_extensions"},
}
_, err = ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
// create a software installer for team 1
Improve memory usage of software installers parsing (#23596)
2024-11-12 14:28:08 +00:00
tfr1, err := fleet.NewTempFileReader(strings.NewReader("hello"), t.TempDir)
require.NoError(t, err)
feat: add software title ID to add software activity (#24577) > Related issue: #24120 ## Changes - Added the `software_title_id` field to the activity details for `added_software` activities, which get generated when adding a customer installer or a FMA - Added a return value (`titleID`) to `ds.MatchOrCreateSoftwareInstaller` - Removed `ds.GetSoftwareTitleIDByMaintainedAppID`. Since we're returning the new value above, this method was no longer needed. ## Testing steps 1. Add a custom installer 2. Add a FMA 3. Check the activity details in the response to `GET /activities`. Verify that the `software_title_id` field exists and is correct. 4. Add a FMA with automatic install. Make sure the policy is correctly created, has the correct software title ID associated with it, and that it installs the app. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-11 14:54:15 +00:00
installerTm1, _, err := ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
SSVL: Add labels to upload endpoint; add validations and related datastore methods (#24733)
2024-12-17 00:17:13 +00:00
InstallScript: "hello",
InstallerFile: tfr1,
StorageID: "storage1",
Filename: "file1",
Title: "file1",
Version: "1.0",
Source: "apps",
TeamID: &team1.ID,
UserID: user.ID,
ValidatedLabels: &fleet.LabelIdentsWithScope{},
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
})
require.NoError(t, err)
// install it on the host
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
hostInstall1, err := ds.InsertSoftwareInstallRequest(ctx, host.ID, installerTm1, fleet.HostSoftwareInstallOptions{})
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
require.NoError(t, err)
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
HostID: host.ID,
InstallUUID: hostInstall1,
InstallScriptExitCode: ptr.Int(0),
})
require.NoError(t, err)
// add a VPP app for team 1
vppTm1, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}, &team1.ID)
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
require.NoError(t, err)
// fail to install it on the host
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, host, vppTm1.AdamID, user)
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
createVPPAppInstallResult(t, ds, host, vpp1CmdUUID, fleet.MDMAppleStatusError)
// add the successful installer to the reported installed software
software = []fleet.Software{
{Name: "a", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "file1", Version: "1.0", Source: "apps"},
}
_, err = ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
// listing the host's software (including available for install) at this
// point lists "a", "file1" and "vpp1" (because of the install attempt)
sw, meta, err := ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Len(t, sw, 3)
require.EqualValues(t, 3, meta.TotalResults)
require.Equal(t, sw[0].Name, "a")
require.Nil(t, sw[0].AppStoreApp)
require.Nil(t, sw[0].SoftwarePackage)
require.Equal(t, sw[1].Name, "file1")
require.Nil(t, sw[1].AppStoreApp)
require.NotNil(t, sw[1].SoftwarePackage)
require.Equal(t, sw[2].Name, "vpp1")
require.NotNil(t, sw[2].AppStoreApp)
require.Nil(t, sw[2].SoftwarePackage)
// move host to team 2
err = ds.AddHostsToTeam(ctx, &team2.ID, []uint{host.ID})
require.NoError(t, err)
host.TeamID = &team2.ID
// listing the host's software (including available for install) should now
// only list "a" and "file1" (because they are actually installed) and not
// link them to the installer/VPP app. With and without available software
// should result in the same rows (no available software in that new team).
for _, b := range []bool{true, false} {
opts.IncludeAvailableForInstall = b
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Len(t, sw, 2)
require.EqualValues(t, 2, meta.TotalResults)
require.Equal(t, sw[0].Name, "a")
require.Nil(t, sw[0].AppStoreApp)
require.Nil(t, sw[0].SoftwarePackage)
require.Equal(t, sw[1].Name, "file1")
require.Nil(t, sw[1].AppStoreApp)
require.Nil(t, sw[1].SoftwarePackage)
}
}
func testListHostSoftwareInstallThenDeleteInstallers(t *testing.T, ds *Datastore) {
ctx := context.Background()
user := test.NewUser(t, ds, "user1", "user1@example.com", false)
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, host, false)
opts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{PerPage: 10, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"},
IncludeAvailableForInstall: true,
}
Delete apps associated with VPP tokens when they're moved or deleted (#21852) #21804
2024-09-06 13:14:09 +00:00
test.CreateInsertGlobalVPPToken(t, ds)
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
team1, err := ds.NewTeam(ctx, &fleet.Team{Name: "team 1"})
require.NoError(t, err)
err = ds.AddHostsToTeam(ctx, &team1.ID, []uint{host.ID})
require.NoError(t, err)
host.TeamID = &team1.ID
// add a single "externally-installed" software for that host
software := []fleet.Software{
{Name: "a", Version: "0.0.1", Source: "chrome_extensions"},
}
_, err = ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
// create a software installer for team 1
Improve memory usage of software installers parsing (#23596)
2024-11-12 14:28:08 +00:00
tfr1, err := fleet.NewTempFileReader(strings.NewReader("hello"), t.TempDir)
require.NoError(t, err)
feat: add software title ID to add software activity (#24577) > Related issue: #24120 ## Changes - Added the `software_title_id` field to the activity details for `added_software` activities, which get generated when adding a customer installer or a FMA - Added a return value (`titleID`) to `ds.MatchOrCreateSoftwareInstaller` - Removed `ds.GetSoftwareTitleIDByMaintainedAppID`. Since we're returning the new value above, this method was no longer needed. ## Testing steps 1. Add a custom installer 2. Add a FMA 3. Check the activity details in the response to `GET /activities`. Verify that the `software_title_id` field exists and is correct. 4. Add a FMA with automatic install. Make sure the policy is correctly created, has the correct software title ID associated with it, and that it installs the app. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-11 14:54:15 +00:00
installerTm1, _, err := ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
SSVL: Add labels to upload endpoint; add validations and related datastore methods (#24733)
2024-12-17 00:17:13 +00:00
InstallScript: "hello",
InstallerFile: tfr1,
StorageID: "storage1",
Filename: "file1",
Title: "file1",
Version: "1.0",
Source: "apps",
TeamID: &team1.ID,
UserID: user.ID,
ValidatedLabels: &fleet.LabelIdentsWithScope{},
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
})
require.NoError(t, err)
// fail to install it on the host
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
hostInstall1, err := ds.InsertSoftwareInstallRequest(ctx, host.ID, installerTm1, fleet.HostSoftwareInstallOptions{})
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
require.NoError(t, err)
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
HostID: host.ID,
InstallUUID: hostInstall1,
InstallScriptExitCode: ptr.Int(1),
})
require.NoError(t, err)
// add a VPP app for team 1
vppTm1, err := ds.InsertVPPAppWithTeam(ctx,
Backend for policy automation to install software (#21650) #21428 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [X] Added/updated tests - [X] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [X] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [X] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [X] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [X] Manual QA for all new/changed functionality
2024-08-30 17:13:25 +00:00
&fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}}, Name: "vpp1",
BundleIdentifier: "com.app.vpp1", LatestVersion: "1.0",
}, &team1.ID)
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
require.NoError(t, err)
// install it on the host
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, host, vppTm1.AdamID, user)
Bugfix: don't show as available for install a software with an install request once host is moved/installer is deleted (#21064)
2024-08-06 16:31:01 +00:00
createVPPAppInstallResult(t, ds, host, vpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
// add the successful VPP app to the reported installed software
software = []fleet.Software{
{Name: "a", Version: "0.0.1", Source: "chrome_extensions"},
{Name: "vpp1", Version: "1.0", Source: "apps", BundleIdentifier: "com.app.vpp1"},
}
_, err = ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
// listing the host's software (including available for install) at this
// point lists "a", "file1" and "vpp1" (because of the install attempt)
sw, meta, err := ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Len(t, sw, 3)
require.EqualValues(t, 3, meta.TotalResults)
require.Equal(t, sw[0].Name, "a")
require.Nil(t, sw[0].AppStoreApp)
require.Nil(t, sw[0].SoftwarePackage)
require.Equal(t, sw[1].Name, "file1")
require.Nil(t, sw[1].AppStoreApp)
require.NotNil(t, sw[1].SoftwarePackage)
require.Equal(t, sw[2].Name, "vpp1")
require.NotNil(t, sw[2].AppStoreApp)
require.Nil(t, sw[2].SoftwarePackage)
// delete both installers
err = ds.DeleteSoftwareInstaller(ctx, installerTm1)
require.NoError(t, err)
err = ds.DeleteVPPAppFromTeam(ctx, &team1.ID, vppTm1.VPPAppID)
require.NoError(t, err)
// listing the host's software (including available for install) should now
// only list "a" and "vpp1" (because they are actually installed) and not
// link them to the installer/VPP app. With and without available software
// should result in the same rows (no available software anymore).
for _, b := range []bool{true, false} {
opts.IncludeAvailableForInstall = b
sw, meta, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Len(t, sw, 2)
require.EqualValues(t, 2, meta.TotalResults)
require.Equal(t, sw[0].Name, "a")
require.Nil(t, sw[0].AppStoreApp)
require.Nil(t, sw[0].SoftwarePackage)
require.Equal(t, sw[1].Name, "vpp1")
require.Nil(t, sw[1].AppStoreApp)
require.Nil(t, sw[1].SoftwarePackage)
}
}
Add Software Vulnerability Filters (#21312)
2024-08-15 18:36:47 +00:00
func testListSoftwareVersionsVulnerabilityFilters(t *testing.T, ds *Datastore) {
ctx := context.Background()
host := test.NewHost(t, ds, "host", "", "hostkey", "hostuuid", time.Now())
software := []fleet.Software{
fix: change how macOS software names are calculated to avoid erroneous duplicates (#28037) > For #24087 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-11 23:19:07 +00:00
{Name: "chrome", Version: "0.0.1", Source: "apps", BundleIdentifier: "com.example.chrome"},
{Name: "chrome", Version: "0.0.3", Source: "apps", BundleIdentifier: "com.example.chrome"},
{Name: "safari", Version: "0.0.3", Source: "apps", BundleIdentifier: "com.example.safari"},
{Name: "safari", Version: "0.0.1", Source: "apps", BundleIdentifier: "com.example.safari"},
{Name: "firefox", Version: "0.0.3", Source: "apps", BundleIdentifier: "com.example.firefox"},
{Name: "edge", Version: "0.0.3", Source: "apps", BundleIdentifier: "com.example.edge"},
{Name: "brave", Version: "0.0.3", Source: "apps", BundleIdentifier: "com.example.brave"},
{Name: "opera", Version: "0.0.3", Source: "apps", BundleIdentifier: "com.example.opera"},
{Name: "internet explorer", Version: "0.0.3", Source: "apps", BundleIdentifier: "com.example.ie"},
{Name: "netscape", Version: "0.0.3", Source: "apps", BundleIdentifier: "com.example.netscape"},
Add Software Vulnerability Filters (#21312)
2024-08-15 18:36:47 +00:00
}
sw, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
var chrome001 uint
var safari001 uint
var firefox003 uint
var edge003 uint
var brave003 uint
var opera003 uint
var ie003 uint
for s := range sw.Inserted {
switch {
case sw.Inserted[s].Name == "chrome" && sw.Inserted[s].Version == "0.0.1":
chrome001 = sw.Inserted[s].ID
case sw.Inserted[s].Name == "safari" && sw.Inserted[s].Version == "0.0.1":
safari001 = sw.Inserted[s].ID
case sw.Inserted[s].Name == "firefox" && sw.Inserted[s].Version == "0.0.3":
firefox003 = sw.Inserted[s].ID
case sw.Inserted[s].Name == "edge" && sw.Inserted[s].Version == "0.0.3":
edge003 = sw.Inserted[s].ID
case sw.Inserted[s].Name == "brave" && sw.Inserted[s].Version == "0.0.3":
brave003 = sw.Inserted[s].ID
case sw.Inserted[s].Name == "opera" && sw.Inserted[s].Version == "0.0.3":
opera003 = sw.Inserted[s].ID
case sw.Inserted[s].Name == "internet explorer" && sw.Inserted[s].Version == "0.0.3":
ie003 = sw.Inserted[s].ID
}
}
_, err = ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
SoftwareID: chrome001,
CVE: "CVE-2024-1234",
}, fleet.NVDSource)
require.NoError(t, err)
_, err = ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
SoftwareID: safari001,
CVE: "CVE-2024-1235",
}, fleet.NVDSource)
require.NoError(t, err)
_, err = ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
SoftwareID: firefox003,
CVE: "CVE-2024-1236",
}, fleet.NVDSource)
require.NoError(t, err)
_, err = ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
SoftwareID: edge003,
CVE: "CVE-2024-1237",
}, fleet.NVDSource)
require.NoError(t, err)
_, err = ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
SoftwareID: brave003,
CVE: "CVE-2024-1238",
}, fleet.NVDSource)
require.NoError(t, err)
_, err = ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
SoftwareID: opera003,
CVE: "CVE-2024-1239",
}, fleet.NVDSource)
require.NoError(t, err)
_, err = ds.InsertSoftwareVulnerability(ctx, fleet.SoftwareVulnerability{
SoftwareID: ie003,
CVE: "CVE-2024-1240",
}, fleet.NVDSource)
require.NoError(t, err)
err = ds.InsertCVEMeta(ctx, []fleet.CVEMeta{
{
// chrome
CVE: "CVE-2024-1234",
CVSSScore: ptr.Float64(7.5),
CISAKnownExploit: ptr.Bool(true),
},
{
// safari
CVE: "CVE-2024-1235",
CVSSScore: ptr.Float64(7.5),
CISAKnownExploit: ptr.Bool(false),
},
{
// firefox
CVE: "CVE-2024-1236",
CVSSScore: ptr.Float64(8.0),
CISAKnownExploit: ptr.Bool(true),
},
{
// edge
CVE: "CVE-2024-1237",
CVSSScore: ptr.Float64(8.0),
CISAKnownExploit: ptr.Bool(false),
},
{
// brave
CVE: "CVE-2024-1238",
CVSSScore: ptr.Float64(9.0),
CISAKnownExploit: ptr.Bool(true),
},
// CVE-2024-1239 for opera has no CVE Meta
{
// internet explorer
CVE: "CVE-2024-1240",
CVSSScore: nil,
CISAKnownExploit: nil,
},
})
require.NoError(t, err)
require.NoError(t, ds.SyncHostsSoftware(ctx, time.Now()))
require.NoError(t, ds.ReconcileSoftwareTitles(ctx))
require.NoError(t, ds.SyncHostsSoftwareTitles(ctx, time.Now()))
type swVersion struct {
Name string
Version string
}
tc := []struct {
name string
opts fleet.SoftwareListOptions
expected []swVersion
err error
}{
{
name: "vulnerable only",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name"},
VulnerableOnly: true,
},
expected: []swVersion{
{
Name: "brave",
Version: "0.0.3",
},
{
Name: "chrome",
Version: "0.0.1",
},
{
Name: "edge",
Version: "0.0.3",
},
{
Name: "firefox",
Version: "0.0.3",
},
{
Name: "internet explorer",
Version: "0.0.3",
},
{
Name: "opera",
Version: "0.0.3",
},
{
Name: "safari",
Version: "0.0.1",
},
},
},
{
name: "known exploit true",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
KnownExploit: true,
},
expected: []swVersion{
{
Name: "brave",
Version: "0.0.3",
},
{
Name: "chrome",
Version: "0.0.1",
},
{
Name: "firefox",
Version: "0.0.3",
},
},
},
{
name: "minimum cvss 8.0",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MinimumCVSS: 8.0,
},
expected: []swVersion{
{
Name: "brave",
Version: "0.0.3",
},
{
Name: "edge",
Version: "0.0.3",
},
{
Name: "firefox",
Version: "0.0.3",
},
},
},
{
name: "minimum cvss 7.9",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MinimumCVSS: 7.9,
},
expected: []swVersion{
{
Name: "brave",
Version: "0.0.3",
},
{
Name: "edge",
Version: "0.0.3",
},
{
Name: "firefox",
Version: "0.0.3",
},
},
},
{
name: "minimum cvss 8.0 and known exploit",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MinimumCVSS: 8.0,
KnownExploit: true,
},
expected: []swVersion{
{
Name: "brave",
Version: "0.0.3",
},
{
Name: "firefox",
Version: "0.0.3",
},
},
},
{
name: "minimum cvss 7.5 and known exploit",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MinimumCVSS: 7.5,
KnownExploit: true,
},
expected: []swVersion{
{
Name: "brave",
Version: "0.0.3",
},
{
Name: "chrome",
Version: "0.0.1",
},
{
Name: "firefox",
Version: "0.0.3",
},
},
},
{
name: "maximum cvss 7.5",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MaximumCVSS: 7.5,
},
expected: []swVersion{
{
Name: "chrome",
Version: "0.0.1",
},
{
Name: "safari",
Version: "0.0.1",
},
},
},
{
name: "maximum cvss 7.6",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MaximumCVSS: 7.6,
},
expected: []swVersion{
{
Name: "chrome",
Version: "0.0.1",
},
{
Name: "safari",
Version: "0.0.1",
},
},
},
{
name: "maximum cvss 7.5 and known exploit",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MaximumCVSS: 7.5,
KnownExploit: true,
},
expected: []swVersion{
{
Name: "chrome",
Version: "0.0.1",
},
},
},
{
name: "minimum cvss 7.5 and maximum cvss 8.0",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MinimumCVSS: 7.5,
MaximumCVSS: 8.0,
},
expected: []swVersion{
{
Name: "chrome",
Version: "0.0.1",
},
{
Name: "edge",
Version: "0.0.3",
},
{
Name: "firefox",
Version: "0.0.3",
},
{
Name: "safari",
Version: "0.0.1",
},
},
},
{
name: "minimum cvss 7.5 and maximum cvss 8.0 and known exploit",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{OrderKey: "name", OrderDirection: fleet.OrderAscending},
IncludeCVEScores: true,
VulnerableOnly: true,
MinimumCVSS: 7.5,
MaximumCVSS: 8.0,
KnownExploit: true,
},
expected: []swVersion{
{
Name: "chrome",
Version: "0.0.1",
},
{
Name: "firefox",
Version: "0.0.3",
},
},
},
{
name: "err if vulnerableOnly is not set with MinimumCVSS",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{},
MinimumCVSS: 7.5,
},
err: fleet.NewInvalidArgumentError("query", "min_cvss_score, max_cvss_score, and exploit can only be provided with vulnerable=true"),
},
{
name: "err if vulnerableOnly is not set with MaximumCVSS",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{},
MaximumCVSS: 7.5,
},
err: fleet.NewInvalidArgumentError("query", "min_cvss_score, max_cvss_score, and exploit can only be provided with vulnerable=true"),
},
{
name: "err if vulnerableOnly is not set with KnownExploit",
opts: fleet.SoftwareListOptions{
ListOptions: fleet.ListOptions{},
KnownExploit: true,
},
err: fleet.NewInvalidArgumentError("query", "min_cvss_score, max_cvss_score, and exploit can only be provided with vulnerable=true"),
},
}
for _, tt := range tc {
t.Run(tt.name, func(t *testing.T) {
sw, _, err := ds.ListSoftware(ctx, tt.opts)
if tt.err != nil {
require.Error(t, err)
require.Equal(t, tt.err, err)
return
}
require.Len(t, sw, len(tt.expected))
for i, s := range sw {
require.Equal(t, tt.expected[i].Name, s.Name)
require.Equal(t, tt.expected[i].Version, s.Version)
}
Bugfix: add filter to counts (#21411)
2024-08-19 22:55:59 +00:00
count, err := ds.CountSoftware(ctx, tt.opts)
require.NoError(t, err)
require.Equal(t, len(tt.expected), count)
Add Software Vulnerability Filters (#21312)
2024-08-15 18:36:47 +00:00
})
}
}
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
func testListHostSoftwareWithLabelScoping(t *testing.T, ds *Datastore) {
ctx := context.Background()
// create a host
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, host, false)
user1 := test.NewUser(t, ds, "Alice", "alice@example.com", true)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
anotherHost := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, anotherHost, false)
thirdHost := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, thirdHost, false)
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
time.Sleep(time.Second) // ensure the labels_updated_at timestamp is before labels creation
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
// create a software installer
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
tfr1, err := fleet.NewTempFileReader(strings.NewReader("hello"), t.TempDir)
require.NoError(t, err)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
installer1 := &fleet.UploadSoftwareInstallerPayload{
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
InstallScript: "hello",
PreInstallQuery: "SELECT 1",
PostInstallScript: "world",
UninstallScript: "goodbye",
InstallerFile: tfr1,
StorageID: "storage1",
Filename: "file1",
Title: "file1",
Version: "1.0",
Source: "apps",
UserID: user1.ID,
BundleIdentifier: "bi1",
Platform: "darwin",
SSVL: Add labels to upload endpoint; add validations and related datastore methods (#24733)
2024-12-17 00:17:13 +00:00
ValidatedLabels: &fleet.LabelIdentsWithScope{},
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
}
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
installerID1, titleID, err := ds.MatchOrCreateSoftwareInstaller(ctx, installer1)
require.NoError(t, err)
// self-service software installer
tfr2, err := fleet.NewTempFileReader(strings.NewReader("hello"), t.TempDir)
require.NoError(t, err)
selfServiceinstaller := &fleet.UploadSoftwareInstallerPayload{
InstallScript: "hello 2",
PreInstallQuery: "SELECT 2",
PostInstallScript: "world 2",
UninstallScript: "goodbye 2",
InstallerFile: tfr2,
StorageID: "storage 2",
Filename: "file2",
Title: "file2",
Version: "1.0",
Source: "apps",
UserID: user1.ID,
BundleIdentifier: "bi2",
Platform: "darwin",
SelfService: true,
ValidatedLabels: &fleet.LabelIdentsWithScope{},
}
selfServiceInstallerID, selfServiceTitleID, err := ds.MatchOrCreateSoftwareInstaller(ctx, selfServiceinstaller)
require.NoError(t, err)
// install software installer on host via fleet
hostInstall1, err := ds.InsertSoftwareInstallRequest(ctx, thirdHost.ID, selfServiceInstallerID, fleet.HostSoftwareInstallOptions{})
require.NoError(t, err)
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
HostID: thirdHost.ID,
InstallUUID: hostInstall1,
InstallScriptExitCode: ptr.Int(0),
})
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
require.NoError(t, err)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
installedSoftware := []fleet.Software{
{
Name: "file2",
Version: "1.0",
Source: "apps",
TitleID: &selfServiceTitleID,
},
}
mutationResults, err := ds.UpdateHostSoftware(ctx, thirdHost.ID, installedSoftware)
require.NoError(t, err)
assert.Len(t, mutationResults.Inserted, len(installedSoftware))
softwareAlreadyInstalled := fleet.Software{Name: "file1", Version: "1.0.1", Source: "apps", BundleIdentifier: "bi1"}
// Host has software installed, but not by Fleet, that matches the software installer available
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
titleIDUint := titleID
softwareAlreadyInstalled.TitleID = &titleIDUint
res, err := q.ExecContext(ctx, `INSERT INTO software (name, source, bundle_identifier, version, title_id) VALUES (?, ?, ?, ?, ?)`,
softwareAlreadyInstalled.Name, softwareAlreadyInstalled.Source, softwareAlreadyInstalled.BundleIdentifier, softwareAlreadyInstalled.Version, titleID)
if err != nil {
return err
}
softwareID, err := res.LastInsertId()
if err != nil {
return err
}
softwareAlreadyInstalled.ID = uint(softwareID)
_, err = q.ExecContext(ctx, `INSERT INTO host_software (host_id, software_id) VALUES (?, ?)`,
anotherHost.ID, softwareID)
if err != nil {
return err
}
return nil
})
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// we should see installer1, since it has no label associated yet
opts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
PerPage: 11,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
},
IncludeAvailableForInstall: true,
}
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
expectedInstallers := map[string]*fleet.SoftwarePackageOrApp{
installer1.Filename: {
Name: installer1.Filename,
Version: installer1.Version,
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
Platform: installer1.Platform,
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
SelfService: ptr.Bool(false),
},
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
selfServiceinstaller.Filename: {
Name: selfServiceinstaller.Filename,
Version: selfServiceinstaller.Version,
Platform: selfServiceinstaller.Platform,
SelfService: ptr.Bool(true),
},
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
}
checkSoftware := func(swList []*fleet.HostSoftwareWithInstaller, excludeNames ...string) {
for _, got := range swList {
want, ok := expectedInstallers[got.SoftwarePackage.Name]
if slices.Contains(excludeNames, got.SoftwarePackage.Name) {
require.False(t, ok)
continue
}
require.True(t, ok)
require.Equal(t, want, got.SoftwarePackage)
}
}
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
software, _, err := ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
checkSoftware(software)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
software, _, err = ds.ListHostSoftware(ctx, anotherHost, opts)
require.NoError(t, err)
require.Len(t, software, 2)
// software[0] was inserted into software/host_software in the ad-hoc SQL execution above, so has an installed version
require.Equal(t, softwareAlreadyInstalled.Name, software[0].Name)
require.Equal(t, softwareAlreadyInstalled.Version, software[0].InstalledVersions[0].Version)
require.Equal(t, installer1.Version, software[0].SoftwarePackage.Version)
require.Len(t, software[0].InstalledVersions, 1)
require.Equal(t, mutationResults.Inserted[0].Name, software[1].Name)
// software[1] is *not* installed but *is* available for install
require.Nil(t, software[1].InstalledVersions)
require.Equal(t, selfServiceinstaller.Version, software[1].SoftwarePackage.Version)
software, _, err = ds.ListHostSoftware(ctx, thirdHost, opts)
require.NoError(t, err)
require.Len(t, software, 2)
require.Equal(t, softwareAlreadyInstalled.Name, software[0].Name)
require.Nil(t, software[0].InstalledVersions)
require.Equal(t, installer1.Version, software[0].SoftwarePackage.Version)
require.Equal(t, mutationResults.Inserted[0].Name, software[1].Name)
require.Equal(t, mutationResults.Inserted[0].Version, software[1].InstalledVersions[0].Version)
require.Equal(t, selfServiceinstaller.Version, software[1].SoftwarePackage.Version)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
// installer1 should be in scope since it has no labels
scoped, err := ds.IsSoftwareInstallerLabelScoped(ctx, installerID1, host.ID)
require.NoError(t, err)
require.True(t, scoped)
fix: retrigger automatic installations after label scope changes (#25163) > Related issue: #25071 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-01-06 17:18:16 +00:00
hostsInScope, err := ds.GetIncludedHostIDMapForSoftwareInstaller(ctx, installerID1)
require.NoError(t, err)
require.Contains(t, hostsInScope, host.ID)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
require.Contains(t, hostsInScope, anotherHost.ID)
require.Contains(t, hostsInScope, thirdHost.ID)
fix: retrigger automatic installations after label scope changes (#25163) > Related issue: #25071 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-01-06 17:18:16 +00:00
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
label1, err := ds.NewLabel(ctx, &fleet.Label{Name: "label1" + t.Name()})
require.NoError(t, err)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
// assign the label to the hosts
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
require.NoError(t, ds.AddLabelsToHost(ctx, host.ID, []uint{label1.ID}))
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
host.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, host)
require.NoError(t, err)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
require.NoError(t, ds.AddLabelsToHost(ctx, anotherHost.ID, []uint{label1.ID}))
anotherHost.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, anotherHost)
require.NoError(t, err)
require.NoError(t, ds.AddLabelsToHost(ctx, thirdHost.ID, []uint{label1.ID}))
anotherHost.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, anotherHost)
require.NoError(t, err)
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
time.Sleep(time.Second)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
// assign the label to the software installers
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), installerID1, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{label1.Name: {LabelName: label1.Name, LabelID: label1.ID}},
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
}, softwareTypeInstaller)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
require.NoError(t, err)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), selfServiceInstallerID, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{label1.Name: {LabelName: label1.Name, LabelID: label1.ID}},
}, softwareTypeInstaller)
require.NoError(t, err)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// should be empty as the installer label is "exclude any"
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Empty(t, software)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
software, _, err = ds.ListHostSoftware(ctx, anotherHost, opts)
require.NoError(t, err)
require.Len(t, software, 1)
require.Equal(t, software[0].InstalledVersions[0].Version, softwareAlreadyInstalled.Version)
require.Nil(t, software[0].SoftwarePackage)
software, _, err = ds.ListHostSoftware(ctx, thirdHost, opts)
require.NoError(t, err)
require.Len(t, software, 1)
require.Equal(t, software[0].InstalledVersions[0].Version, selfServiceinstaller.Version)
require.Nil(t, software[0].SoftwarePackage)
fix: retrigger automatic installations after label scope changes (#25163) > Related issue: #25071 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-01-06 17:18:16 +00:00
hostsNotInScope, err := ds.GetExcludedHostIDMapForSoftwareInstaller(ctx, installerID1)
require.NoError(t, err)
require.Contains(t, hostsNotInScope, host.ID)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
// installer1 should be out of scope since the label is "exclude any"
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID1, host.ID)
require.NoError(t, err)
require.False(t, scoped)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
// self-service flag
selfServiceOpts := fleet.HostSoftwareTitleListOptions{ListOptions: fleet.ListOptions{PerPage: 10}, IncludeAvailableForInstall: true, SelfServiceOnly: true, IsMDMEnrolled: true}
// softwareAlreadyInstalled should not be returned because it is not self service
software, _, err = ds.ListHostSoftware(ctx, anotherHost, selfServiceOpts)
require.NoError(t, err)
require.Len(t, software, 0)
// selfServiceinstaller is self service however, excluded by label so should not be returned
software, _, err = ds.ListHostSoftware(ctx, thirdHost, selfServiceOpts)
require.NoError(t, err)
require.Len(t, software, 0)
selfServiceOpts.OnlyAvailableForInstall = true
software, _, err = ds.ListHostSoftware(ctx, anotherHost, selfServiceOpts)
require.NoError(t, err)
require.Len(t, software, 0)
software, _, err = ds.ListHostSoftware(ctx, thirdHost, selfServiceOpts)
require.NoError(t, err)
require.Len(t, software, 0)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// Update the label to be "include any"
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), installerID1, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeIncludeAny,
ByName: map[string]fleet.LabelIdent{label1.Name: {LabelName: label1.Name, LabelID: label1.ID}},
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
}, softwareTypeInstaller)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
require.NoError(t, err)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
checkSoftware(software)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
// Now installer1 is in scope again: label is "include any"
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID1, host.ID)
require.NoError(t, err)
require.True(t, scoped)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// Add an installer. No label yet.
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
installer2 := &fleet.UploadSoftwareInstallerPayload{
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
InstallScript: "hello",
PreInstallQuery: "SELECT 1",
PostInstallScript: "world",
UninstallScript: "goodbye",
InstallerFile: tfr1,
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
StorageID: "storage3",
Filename: "file3",
Title: "file3",
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
Version: "2.0",
Source: "apps",
UserID: user1.ID,
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
BundleIdentifier: "bi3",
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
Platform: "darwin",
SSVL: Add labels to upload endpoint; add validations and related datastore methods (#24733)
2024-12-17 00:17:13 +00:00
ValidatedLabels: &fleet.LabelIdentsWithScope{},
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
}
installerID2, _, err := ds.MatchOrCreateSoftwareInstaller(ctx, installer2)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
require.NoError(t, err)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
expectedInstallers[installer2.Filename] = &fleet.SoftwarePackageOrApp{
Name: installer2.Filename,
Version: installer2.Version,
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
Platform: installer2.Platform,
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
SelfService: ptr.Bool(false),
}
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// There's 2 installers now: installerID1 and installerID2 (because it has no labels associated)
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
checkSoftware(software)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// Add "exclude any" labels to installer2
label2, err := ds.NewLabel(ctx, &fleet.Label{Name: "label2" + t.Name()})
require.NoError(t, err)
label3, err := ds.NewLabel(ctx, &fleet.Label{Name: "label3" + t.Name()})
require.NoError(t, err)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), installerID2, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{
label2.Name: {LabelName: label2.Name, LabelID: label2.ID},
label3.Name: {LabelName: label3.Name, LabelID: label3.ID},
},
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
}, softwareTypeInstaller)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
require.NoError(t, err)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// Now host has label1, label2
require.NoError(t, ds.AddLabelsToHost(ctx, host.ID, []uint{label2.ID}))
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
host.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, host)
require.NoError(t, err)
time.Sleep(time.Second)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
// List should be back to just installer1
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
checkSoftware(software, installer2.Filename)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
// installer1 is still in scope
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID1, host.ID)
require.NoError(t, err)
require.True(t, scoped)
// installer2 is out of scope, because host has label2
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID2, host.ID)
require.NoError(t, err)
require.False(t, scoped)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// Add an installer. No label yet.
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
installer3 := &fleet.UploadSoftwareInstallerPayload{
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
InstallScript: "hello",
PreInstallQuery: "SELECT 1",
PostInstallScript: "world",
UninstallScript: "goodbye",
InstallerFile: tfr1,
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
StorageID: "storage4",
Filename: "file4",
Title: "file4",
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
Version: "3.0",
Source: "apps",
UserID: user1.ID,
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
BundleIdentifier: "bi4",
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
Platform: "darwin",
SSVL: Add labels to upload endpoint; add validations and related datastore methods (#24733)
2024-12-17 00:17:13 +00:00
ValidatedLabels: &fleet.LabelIdentsWithScope{},
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
}
installerID3, _, err := ds.MatchOrCreateSoftwareInstaller(ctx, installer3)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
require.NoError(t, err)
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
time.Sleep(time.Second)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
expectedInstallers[installer3.Filename] = &fleet.SoftwarePackageOrApp{
Name: installer3.Filename,
Version: installer3.Version,
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
Platform: installer3.Platform,
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
SelfService: ptr.Bool(false),
}
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// Add a new label and apply it to the installer. There are no hosts with this label.
fix: exclude any label edge case for VPP apps (#26289) > For #26275 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Manual QA for all new/changed functionality - [x] Added/updated automated tests
2025-02-12 19:41:13 +00:00
label4, err := ds.NewLabel(ctx, &fleet.Label{Name: "label4" + t.Name(), LabelMembershipType: fleet.LabelMembershipTypeDynamic})
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
require.NoError(t, err)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), installerID3, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{label4.Name: {LabelName: label4.Name, LabelID: label4.ID}},
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
}, softwareTypeInstaller)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
require.NoError(t, err)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
// We should have [installerID1, installerID3], but the exclude any label has
// no results for this host yet, so it's just installerID1 for now.
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
require.Len(t, software, 1)
// installer1 is still in scope
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID1, host.ID)
require.NoError(t, err)
require.True(t, scoped)
// installer3 is not in scope yet, because label is "exclude any" and host doesn't have results
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID3, host.ID)
require.NoError(t, err)
require.False(t, scoped)
// mark as if label had been reported (but host is still not a member)
host.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, host)
require.NoError(t, err)
time.Sleep(time.Second)
// now has 2 software (installer1 and 3)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
checkSoftware(software, installer2.Filename)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
// installer1 is still in scope
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID1, host.ID)
require.NoError(t, err)
require.True(t, scoped)
// installer3 is in scope, because label is "exclude any" and host doesn't have the label
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID3, host.ID)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
require.NoError(t, err)
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
require.True(t, scoped)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// Now include hosts with label4. No host has this label, so we shouldn't see installerID3 anymore.
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), installerID3, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeIncludeAny,
ByName: map[string]fleet.LabelIdent{label4.Name: {LabelName: label4.Name, LabelID: label4.ID}},
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
}, softwareTypeInstaller)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
require.NoError(t, err)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
// We should have [installerID1]
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
feat: some testing updates (#24890) > Related issue: #24646 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Added/updated tests
2024-12-19 02:20:36 +00:00
checkSoftware(software, installer2.Filename, installer3.Filename)
feat: skip automatic install policy if installer is not scoped to host (#24843) > Related issue: #24533 - We're still running the policy, but in the handler for the results we check if the software is in label scope. If not, we set the policy to be "undetermined" and we do not add an installation request - Added checks for label scoping to the "install software" and "self service install" endpoints # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-18 15:58:28 +00:00
// installer1 is still in scope
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID1, host.ID)
require.NoError(t, err)
require.True(t, scoped)
SSVL: add timestamp-based check for the exclude-any case (#24889) Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com>
2024-12-19 17:03:44 +00:00
// installer3 is not in scope
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, installerID3, host.ID)
require.NoError(t, err)
require.False(t, scoped)
feat: filter host software by label scoping (#24801) > Related issue: #24534 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated tests - [x] Manual QA for all new/changed functionality
2024-12-16 22:02:06 +00:00
}
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
func testListHostSoftwareVulnerabileAndVPP(t *testing.T, ds *Datastore) {
ctx := context.Background()
// filter by only vulnerable software
vulnerableOnlyOpts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name",
},
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
VulnerableOnly: true,
IncludeAvailableForInstall: true,
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
}
// filter by has known exploit
knownExploitOpts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name",
},
VulnerableOnly: true,
KnownExploit: true,
}
// filter by min CVSSScore
minCVSSScoreOpts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name",
},
VulnerableOnly: true,
MinimumCVSS: 2.0,
}
// filter by max CVSSScore
maxCVSSScoreOpts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name",
},
VulnerableOnly: true,
MaximumCVSS: 1.5,
}
now := time.Now().UTC().Truncate(time.Second)
// create a user
user := test.NewUser(t, ds, "Alice", "alice@example.com", true)
// create a team
tm, err := ds.NewTeam(ctx, &fleet.Team{Name: "team1"})
require.NoError(t, err)
// create a host on team
tmHost := test.NewHost(t, ds, "host", "", "hostkey", "hostuuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, tmHost, false)
err = ds.AddHostsToTeam(ctx, &tm.ID, []uint{tmHost.ID})
require.NoError(t, err)
tmHost.TeamID = &tm.ID
// add software to the host
software := []fleet.Software{
{Name: "a", Version: "0.0.1", Source: "ios_apps"},
{Name: "b", Version: "0.0.2", Source: "apps"},
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
{Name: "c", Version: "0.0.3", Source: "apps"},
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
}
byNSV := map[string]fleet.Software{}
for _, s := range software {
byNSV[s.Name+s.Source+s.Version] = s
}
mutationResults, err := ds.UpdateHostSoftware(ctx, tmHost.ID, software)
for _, m := range mutationResults.Inserted {
s, ok := byNSV[m.Name+m.Source+m.Version]
assert.True(t, ok)
s.ID = m.ID
byNSV[s.Name+s.Source+s.Version] = s
}
require.NoError(t, err)
assert.Len(t, mutationResults.Inserted, len(software))
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
bTitleId := mutationResults.Inserted[0].TitleID
// insert vulnerable software with the same software title as c, but this version is not added to host
result, err := ds.writer(ctx).ExecContext(
ctx,
`INSERT INTO software (name, version, source, title_id, checksum) VALUES (?, ?, ?, ?, ?)`,
"c", "0.0.1", "apps", &bTitleId, hex.EncodeToString([]byte("c.0.0.1apps")),
)
require.NoError(t, err)
insertedID, err := result.LastInsertId()
require.NoError(t, err)
_, err = ds.InsertSoftwareVulnerability(
ctx,
fleet.SoftwareVulnerability{SoftwareID: uint(insertedID), CVE: "CVE-c-00c1"},
fleet.NVDSource,
)
require.NoError(t, err)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
getKey := func(i int) string {
return software[i].Name + software[i].Source + software[i].Version
}
a := getKey(0)
b := getKey(1)
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
// add vulnerabilities to a and b
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
vulns := []fleet.SoftwareVulnerability{
{SoftwareID: byNSV[a].ID, CVE: "CVE-a-0001"},
{SoftwareID: byNSV[b].ID, CVE: "CVE-b-0002"},
}
for _, v := range vulns {
_, err = ds.InsertSoftwareVulnerability(ctx, v, fleet.NVDSource)
require.NoError(t, err)
}
// add meta around vulnerabilities
cveMeta := []fleet.CVEMeta{
{
CVE: "CVE-a-0001",
CVSSScore: ptr.Float64(2.5),
CISAKnownExploit: ptr.Bool(true),
Published: ptr.Time(now.Add(-2 * time.Hour)),
Description: "description for CVE-a-0001",
},
{
CVE: "CVE-b-0002",
CVSSScore: ptr.Float64(1.0),
CISAKnownExploit: ptr.Bool(false),
Published: ptr.Time(now),
Description: "description for CVE-b-0002",
},
}
err = ds.InsertCVEMeta(context.Background(), cveMeta)
require.NoError(t, err)
swPaths := map[string]struct{}{}
err = ds.UpdateHostSoftwareInstalledPaths(ctx, tmHost.ID, swPaths, mutationResults)
require.NoError(t, err)
err = ds.ReconcileSoftwareTitles(ctx)
require.NoError(t, err)
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
var ensureVulnerableState []struct {
HostID *uint `db:"host_id"`
CVE *string `db:"cve"`
}
err = ds.writer(ctx).SelectContext(ctx, &ensureVulnerableState, `
SELECT
host_software.host_id as host_id,
software_cve.cve
FROM software_titles
LEFT JOIN software on software.title_id = software_titles.id
LEFT JOIN software_cve on software_cve.software_id = software.id
LEFT JOIN host_software on host_software.software_id = software.id
WHERE
software_titles.name = 'c'
ORDER BY host_software.host_id IS NOT NULL, host_software.host_id
`)
require.NoError(t, err)
require.Nil(t, ensureVulnerableState[0].HostID)
require.NotNil(t, ensureVulnerableState[0].CVE)
require.Equal(t, ensureVulnerableState[1].HostID, &tmHost.ID)
require.Nil(t, ensureVulnerableState[1].CVE)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
// Ensure that software "a" & "b" are returned as they are vulnerable
require.NoError(t, ds.LoadHostSoftware(ctx, tmHost, false))
sw, _, err := ds.ListHostSoftware(ctx, tmHost, vulnerableOnlyOpts)
require.NoError(t, err)
require.Len(t, sw, 2)
require.Equal(t, software[0].Name, sw[0].Name)
require.Equal(t, software[1].Name, sw[1].Name)
// last_software_install
tfr1, err := fleet.NewTempFileReader(strings.NewReader("hello"), t.TempDir)
require.NoError(t, err)
installerTm1, installerTitleID, err := ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
InstallScript: "hello",
InstallerFile: tfr1,
StorageID: "storage1",
Filename: "file1",
Title: "file1",
Version: "1.0",
Source: "apps",
TeamID: &tm.ID,
UserID: user.ID,
ValidatedLabels: &fleet.LabelIdentsWithScope{},
})
require.NoError(t, err)
hostInstall1, err := ds.InsertSoftwareInstallRequest(ctx, tmHost.ID, installerTm1, fleet.HostSoftwareInstallOptions{})
require.NoError(t, err)
Cancel upcoming activities: create past canceled activities (#27956)
2025-04-09 20:08:51 +00:00
_, err = ds.SetHostSoftwareInstallResult(ctx, &fleet.HostSoftwareInstallResultPayload{
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
HostID: tmHost.ID,
InstallUUID: hostInstall1,
InstallScriptExitCode: ptr.Int(0),
})
require.NoError(t, err)
software = append(software, fleet.Software{
Name: "file1",
Version: "1.0",
Source: "apps",
TitleID: &installerTitleID,
})
mutationResults, err = ds.UpdateHostSoftware(ctx, tmHost.ID, software)
require.NoError(t, err)
err = ds.ReconcileSoftwareTitles(ctx)
require.NoError(t, err)
// set up vpp
dataToken, err := test.CreateVPPTokenData(time.Now().Add(24*time.Hour), "Test org"+t.Name(), "Test location"+t.Name())
require.NoError(t, err)
tok1, err := ds.InsertVPPToken(ctx, dataToken)
require.NoError(t, err)
_, err = ds.UpdateVPPTokenTeams(ctx, tok1.ID, []uint{})
require.NoError(t, err)
time.Sleep(time.Second) // ensure the labels_updated_at timestamp is before labels creation
// last_vpp_install
vPPApp := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}},
Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
}
va1, err := ds.InsertVPPAppWithTeam(ctx, vPPApp, &tm.ID)
require.NoError(t, err)
vpp1 := va1.AdamID
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, tmHost, vpp1, user)
_, err = ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), tmHost.ID, "")
require.NoError(t, err)
createVPPAppInstallResult(t, ds, tmHost, vpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
// Insert software entry for vpp app
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
res, err := ds.writer(ctx).ExecContext(ctx, `
Filter pending installs/uninstalls for vulnerabilities (#27752) If there is a pending install or uninstall for a software_title that has a cooresponding software record (perhaps installed by another host), then we need to apply the vulnerability joins to properly filter them. https://github.com/fleetdm/fleet/issues/27745 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-02 22:04:52 +00:00
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
`,
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
vPPApp.Name, "0.1.1", "apps", vPPApp.BundleIdentifier, vPPApp.TitleID, hex.EncodeToString([]byte("vpp1")),
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
)
require.NoError(t, err)
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
vppSoftwareID, err := res.LastInsertId()
require.NoError(t, err)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
time.Sleep(time.Second) // ensure a different created_at timestamp
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
_, err = ds.InsertSoftwareVulnerability(
ctx,
fleet.SoftwareVulnerability{SoftwareID: uint(vppSoftwareID), CVE: "CVE-vpp1-0001"},
fleet.NVDSource,
)
require.NoError(t, err)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
// Ensure that software "a" & "b" are returned as they are the only vulnerable apps at this point
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
// "vpp1" app is not in inventory yet, so it should not be returned
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
sw, _, err = ds.ListHostSoftware(ctx, tmHost, vulnerableOnlyOpts)
require.NoError(t, err)
require.Len(t, sw, 2)
require.Equal(t, software[0].Name, sw[0].Name)
require.Equal(t, software[1].Name, sw[1].Name)
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
// "vpp1" is now in inventory
// "vpp1" although vpp, it is vulnerable software installed on host so make sure it is also returned
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO host_software (host_id, software_id)
VALUES (?, ?)
`, tmHost.ID, vppSoftwareID)
require.NoError(t, err)
sw, _, err = ds.ListHostSoftware(ctx, tmHost, vulnerableOnlyOpts)
require.NoError(t, err)
require.Len(t, sw, 3)
require.Equal(t, vPPApp.Name, sw[2].Name)
require.Len(t, sw[2].InstalledVersions, 1)
require.Equal(t, "0.1.1", sw[2].InstalledVersions[0].Version)
require.Equal(t, "adam_vpp_1", sw[2].AppStoreApp.AppStoreID)
// remove "vpp1" vulnerability
_, err = ds.writer(ctx).ExecContext(ctx, `
DELETE FROM software_cve
WHERE software_id = ? AND cve = ?
`, vppSoftwareID, "CVE-vpp1-0001")
require.NoError(t, err)
Filter pending installs/uninstalls for vulnerabilities (#27752) If there is a pending install or uninstall for a software_title that has a cooresponding software record (perhaps installed by another host), then we need to apply the vulnerability joins to properly filter them. https://github.com/fleetdm/fleet/issues/27745 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-02 22:04:52 +00:00
// upcoming_software_install
installerID, titleID, err := ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
Title: "foo",
Source: "bar",
InstallScript: "echo",
TeamID: &tm.ID,
Filename: "foo.pkg",
UserID: user.ID,
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
Version: "1.0.0",
Filter pending installs/uninstalls for vulnerabilities (#27752) If there is a pending install or uninstall for a software_title that has a cooresponding software record (perhaps installed by another host), then we need to apply the vulnerability joins to properly filter them. https://github.com/fleetdm/fleet/issues/27745 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-02 22:04:52 +00:00
ValidatedLabels: &fleet.LabelIdentsWithScope{},
})
require.NoError(t, err)
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
// insert non-vulnerable software without adding to host
Filter pending installs/uninstalls for vulnerabilities (#27752) If there is a pending install or uninstall for a software_title that has a cooresponding software record (perhaps installed by another host), then we need to apply the vulnerability joins to properly filter them. https://github.com/fleetdm/fleet/issues/27745 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-02 22:04:52 +00:00
_, err = ds.writer(ctx).ExecContext(
ctx,
`INSERT INTO software (name, version, source, title_id, checksum) VALUES (?, ?, ?, ?, ?)`,
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
"foo", "1.0.0", "bar", &titleID, hex.EncodeToString([]byte("foo1.0")),
Filter pending installs/uninstalls for vulnerabilities (#27752) If there is a pending install or uninstall for a software_title that has a cooresponding software record (perhaps installed by another host), then we need to apply the vulnerability joins to properly filter them. https://github.com/fleetdm/fleet/issues/27745 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-02 22:04:52 +00:00
)
require.NoError(t, err)
Refactoring ListHostSoftware (#27490) # Checklist for submitter https://github.com/fleetdm/fleet/issues/27003 If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-04-10 22:29:15 +00:00
// insert vulnerable software with the same software title, but still not added to host
result, err = ds.writer(ctx).ExecContext(
ctx,
`INSERT INTO software (name, version, source, title_id, checksum) VALUES (?, ?, ?, ?, ?)`,
"foo", "0.5", "bar", &titleID, hex.EncodeToString([]byte("foo0.5")),
)
require.NoError(t, err)
insertedID, err = result.LastInsertId()
require.NoError(t, err)
_, err = ds.InsertSoftwareVulnerability(
ctx,
fleet.SoftwareVulnerability{SoftwareID: uint(insertedID), CVE: "CVE-bar-0001"},
fleet.NVDSource,
)
require.NoError(t, err)
// pending install request for foo1.0 (non-vulnerable version)
Filter pending installs/uninstalls for vulnerabilities (#27752) If there is a pending install or uninstall for a software_title that has a cooresponding software record (perhaps installed by another host), then we need to apply the vulnerability joins to properly filter them. https://github.com/fleetdm/fleet/issues/27745 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-02 22:04:52 +00:00
_, err = ds.InsertSoftwareInstallRequest(ctx, tmHost.ID, installerID, fleet.HostSoftwareInstallOptions{})
require.NoError(t, err)
require.NoError(t, ds.ReconcileSoftwareTitles(ctx))
// Ensure that software "a" & "b" are returned as they are the only vulnerable apps at this point
sw, _, err = ds.ListHostSoftware(ctx, tmHost, vulnerableOnlyOpts)
require.NoError(t, err)
require.Len(t, sw, 2)
require.Equal(t, software[0].Name, sw[0].Name)
require.Equal(t, software[1].Name, sw[1].Name)
// upcoming_software_uninstall
installerID, titleID, err = ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
Title: "foo2",
Source: "bar2",
InstallScript: "cat",
TeamID: &tm.ID,
Filename: "foo2.pkg",
UserID: user.ID,
ValidatedLabels: &fleet.LabelIdentsWithScope{},
})
require.NoError(t, err)
// insert into software without adding to host
_, err = ds.writer(ctx).ExecContext(
ctx,
`INSERT INTO software (name, version, source, title_id, checksum) VALUES (?, ?, ?, ?, ?)`,
"foo2", "1.0.0", "bar2", &titleID, hex.EncodeToString([]byte("foo2")),
)
require.NoError(t, err)
// pending install request
Propagate self-service flag on uninstalls through to activity (#29691) Fixes part of unreleased for #28846. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] Manual QA for all new/changed functionality
2025-06-03 15:09:43 +00:00
err = ds.InsertSoftwareUninstallRequest(ctx, "abc123", tmHost.ID, installerID, true)
Filter pending installs/uninstalls for vulnerabilities (#27752) If there is a pending install or uninstall for a software_title that has a cooresponding software record (perhaps installed by another host), then we need to apply the vulnerability joins to properly filter them. https://github.com/fleetdm/fleet/issues/27745 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-04-02 22:04:52 +00:00
require.NoError(t, err)
require.NoError(t, ds.ReconcileSoftwareTitles(ctx))
// Ensure that software "a" & "b" are returned as they are the only vulnerable apps at this point
sw, _, err = ds.ListHostSoftware(ctx, tmHost, vulnerableOnlyOpts)
require.NoError(t, err)
require.Len(t, sw, 2)
require.Equal(t, software[0].Name, sw[0].Name)
require.Equal(t, software[1].Name, sw[1].Name)
// upcoming_vpp_install
pendingVPPApp := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_2", Platform: fleet.MacOSPlatform}},
Name: "vpp2",
BundleIdentifier: "com.app.vpp2",
}
va2, err := ds.InsertVPPAppWithTeam(ctx, pendingVPPApp, &tm.ID)
require.NoError(t, err)
vpp2 := va2.AdamID
createVPPAppInstallRequest(t, ds, tmHost, vpp2, user)
_, err = ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), tmHost.ID, "")
require.NoError(t, err)
// Insert software entry for vpp app
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
pendingVPPApp.Name, pendingVPPApp.LatestVersion, "apps", pendingVPPApp.BundleIdentifier, pendingVPPApp.TitleID, hex.EncodeToString([]byte("vpp2")),
)
require.NoError(t, err)
time.Sleep(time.Second) // ensure a different created_at timestamp
// Ensure that software "a" & "b" are returned as they are the only vulnerable apps at this point
sw, _, err = ds.ListHostSoftware(ctx, tmHost, vulnerableOnlyOpts)
require.NoError(t, err)
require.Len(t, sw, 2)
require.Equal(t, software[0].Name, sw[0].Name)
require.Equal(t, software[1].Name, sw[1].Name)
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
// host has vulnerable software installed (not by fleet) that happens to match a vpp app in the fleet catalog
hostInstalledVpps := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_3", Platform: fleet.MacOSPlatform}},
Name: "vpp3",
BundleIdentifier: "com.app.vpp3",
}
hvpp, err := ds.InsertVPPAppWithTeam(ctx, hostInstalledVpps, &tm.ID)
require.NoError(t, err)
res, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
hostInstalledVpps.Name, "0.1.0", "apps", hostInstalledVpps.BundleIdentifier, hvpp.TitleID, hex.EncodeToString([]byte("vpp3v0.1.0")),
)
require.NoError(t, err)
time.Sleep(time.Second)
vppSoftwareID, err = res.LastInsertId()
require.NoError(t, err)
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO host_software (host_id, software_id)
VALUES (?, ?)
`, tmHost.ID, vppSoftwareID)
require.NoError(t, err)
// add vulnerabilities to last_software_install and last_vpp_install and host installed vpp app
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
vulns = []fleet.SoftwareVulnerability{
{SoftwareID: mutationResults.Inserted[0].ID, CVE: "CVE-file1-0003"},
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
{SoftwareID: uint(vppSoftwareID), CVE: "CVE-vpp3-0005"},
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
}
for _, v := range vulns {
_, err = ds.InsertSoftwareVulnerability(ctx, v, fleet.NVDSource)
require.NoError(t, err)
}
// add meta around vulnerabilities
cveMeta = []fleet.CVEMeta{
{
CVE: "CVE-file1-0003",
CVSSScore: ptr.Float64(1.7),
CISAKnownExploit: ptr.Bool(false),
Published: ptr.Time(now.Add(-2 * time.Hour)),
Description: "description for CVE-file1-0003",
},
{
CVE: "CVE-vpp1-0004",
CVSSScore: ptr.Float64(1.8),
CISAKnownExploit: ptr.Bool(false),
Published: ptr.Time(now),
Description: "description for CVE-vpp1-0004",
},
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
{
CVE: "CVE-vpp3-0005",
CVSSScore: ptr.Float64(1.7),
CISAKnownExploit: ptr.Bool(false),
Published: ptr.Time(now.Add(-2 * time.Hour)),
Description: "description for CVE-vpp3-0005",
},
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
}
err = ds.InsertCVEMeta(context.Background(), cveMeta)
require.NoError(t, err)
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
sw, _, err = ds.ListHostSoftware(ctx, tmHost, vulnerableOnlyOpts)
require.NoError(t, err)
require.Len(t, sw, 4)
require.Equal(t, software[0].Name, sw[0].Name) // "a"
require.Equal(t, software[1].Name, sw[1].Name) // "b"
require.Equal(t, software[3].Name, sw[2].Name) // "file1"
// "vpp3" although vpp, it is vulnerable software installed on host
require.Equal(t, hostInstalledVpps.Name, sw[3].Name)
require.Len(t, sw[3].InstalledVersions, 1)
require.Equal(t, "0.1.0", sw[3].InstalledVersions[0].Version)
require.Equal(t, "adam_vpp_3", sw[3].AppStoreApp.AppStoreID)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
sw, _, err = ds.ListHostSoftware(ctx, tmHost, knownExploitOpts)
require.NoError(t, err)
require.Len(t, sw, 1)
require.Equal(t, software[0].Name, sw[0].Name) // should only return "a"
sw, _, err = ds.ListHostSoftware(ctx, tmHost, minCVSSScoreOpts)
require.NoError(t, err)
require.Len(t, sw, 1)
require.Equal(t, software[0].Name, sw[0].Name) // should only return "a"
sw, _, err = ds.ListHostSoftware(ctx, tmHost, maxCVSSScoreOpts)
require.NoError(t, err)
require.Len(t, sw, 1)
require.Equal(t, software[1].Name, sw[0].Name) // should only return "b"
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
sw, _, err = ds.ListHostSoftware(ctx, tmHost, fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name",
},
VulnerableOnly: true,
MinimumCVSS: 1.6,
IncludeAvailableForInstall: true,
})
require.NoError(t, err)
// should return "a" (2.5), "file1" (1.7), "vpp3" (1.7)
require.Len(t, sw, 3)
require.Equal(t, software[0].Name, sw[0].Name) // should only return "a"
require.Equal(t, software[3].Name, sw[1].Name) // should only return "file1"
require.Equal(t, hostInstalledVpps.Name, sw[2].Name) // should only return "vpp3"
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
matchingsOpts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "name",
},
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
IncludeAvailableForInstall: true,
VulnerableOnly: true,
MinimumCVSS: 1.5,
MaximumCVSS: 2.0,
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
}
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
// should return "file1" & "vpp3" (vpp1 is not compatible with the platform)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
sw, _, err = ds.ListHostSoftware(ctx, tmHost, matchingsOpts)
require.NoError(t, err)
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
require.Len(t, sw, 2)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
require.Equal(t, "file1", sw[0].Name)
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
require.Equal(t, "vpp3", sw[1].Name)
require.Len(t, sw[1].InstalledVersions, 1)
require.Equal(t, "adam_vpp_3", sw[1].AppStoreApp.AppStoreID)
Updated ListHostSoftware vulnerability filtering (#27020) Include vulnerability filtering conditions on vpp apps and latest host software installs/uninstalls https://github.com/fleetdm/fleet/issues/26824 - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: RachelElysia <rachel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-03-21 16:02:55 +00:00
}
fixing host software tab search (#28216) https://github.com/fleetdm/fleet/issues/28149 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [ ] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-14 20:48:59 +00:00
func testListHostSoftwareQuerySearching(t *testing.T, ds *Datastore) {
ctx := context.Background()
// create a user
user := test.NewUser(t, ds, "Alice", "alice@example.com", true)
// create a team
tm, err := ds.NewTeam(ctx, &fleet.Team{Name: "team1"})
require.NoError(t, err)
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
nanoEnroll(t, ds, host, false)
err = ds.AddHostsToTeam(ctx, &tm.ID, []uint{host.ID})
require.NoError(t, err)
host.TeamID = &tm.ID
software := []fleet.Software{
{Name: "microsoft office 2025", Version: "1.0.0", Source: "apps", BundleIdentifier: "com.example.office"},
{Name: "1password", Version: "1.0.0", Source: "apps", BundleIdentifier: "com.example.1password"},
{Name: "microsoft edge", Version: "1.0.0", Source: "apps", BundleIdentifier: "com.example.edge"},
{Name: "chrome", Version: "1.0.0", Source: "apps", BundleIdentifier: "com.example.chrome"},
{Name: "brave", Version: "1.0.0", Source: "apps", BundleIdentifier: "com.example.brave"},
}
byName := map[string]fleet.Software{}
for _, s := range software {
byName[s.Name] = s
}
mutationResults, err := ds.UpdateHostSoftware(ctx, host.ID, software)
require.NoError(t, err)
require.Len(t, mutationResults.Inserted, len(software))
err = ds.ReconcileSoftwareTitles(ctx)
require.NoError(t, err)
for _, m := range mutationResults.Inserted {
s := byName[m.Name]
s.ID = m.ID
byName[s.Name] = s
}
vulns := []fleet.SoftwareVulnerability{
{SoftwareID: byName["1password"].ID, CVE: "CVE-2025-0001"},
{SoftwareID: byName["chrome"].ID, CVE: "CVE-2024-0001"},
{SoftwareID: byName["brave"].ID, CVE: "CVE-2024-0002"},
}
for _, v := range vulns {
_, err = ds.InsertSoftwareVulnerability(ctx, v, fleet.NVDSource)
require.NoError(t, err)
}
// no search term, make sure we get all software
sw, meta, err := ds.ListHostSoftware(
ctx,
host,
fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
PerPage: 11,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
},
},
)
require.NoError(t, err)
require.Len(t, sw, 5)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 5}, meta)
// search for microsoft
sw, meta, err = ds.ListHostSoftware(
ctx,
host,
fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
PerPage: 11,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
MatchQuery: "microsoft",
},
},
)
require.NoError(t, err)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 2}, meta)
require.Equal(t, software[2].Name, sw[0].Name)
require.Equal(t, software[0].Name, sw[1].Name)
// search for 2025
sw, meta, err = ds.ListHostSoftware(
ctx,
host,
fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
PerPage: 11,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
MatchQuery: "2025",
},
},
)
require.NoError(t, err)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 2}, meta)
require.Equal(t, software[1].Name, sw[0].Name)
require.Equal(t, software[0].Name, sw[1].Name)
// search for cve-2024
sw, meta, err = ds.ListHostSoftware(
ctx,
host,
fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
PerPage: 11,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
MatchQuery: "2024",
},
},
)
require.NoError(t, err)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 2}, meta)
require.Equal(t, software[4].Name, sw[0].Name)
require.Equal(t, software[3].Name, sw[1].Name)
Fixed searching with VulnerableOnly filter (#28277) https://github.com/fleetdm/fleet/issues/28250 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-16 14:02:24 +00:00
// search for brave and `VulnerableOnly` filter
sw, meta, err = ds.ListHostSoftware(
ctx,
host,
fleet.HostSoftwareTitleListOptions{
VulnerableOnly: true,
ListOptions: fleet.ListOptions{
PerPage: 11,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
MatchQuery: "brave",
},
},
)
require.NoError(t, err)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 1}, meta)
require.Equal(t, software[4].Name, sw[0].Name)
fixing host software tab search (#28216) https://github.com/fleetdm/fleet/issues/28149 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [ ] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-14 20:48:59 +00:00
// set up vpp
dataToken, err := test.CreateVPPTokenData(time.Now().Add(24*time.Hour), "Test org"+t.Name(), "Test location"+t.Name())
require.NoError(t, err)
tok1, err := ds.InsertVPPToken(ctx, dataToken)
require.NoError(t, err)
_, err = ds.UpdateVPPTokenTeams(ctx, tok1.ID, []uint{})
require.NoError(t, err)
time.Sleep(time.Second) // ensure the labels_updated_at timestamp is before labels creation
// last_vpp_install
vPPApp := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform}},
Name: "microsoft teams",
BundleIdentifier: "com.app.teams",
}
va1, err := ds.InsertVPPAppWithTeam(ctx, vPPApp, &tm.ID)
require.NoError(t, err)
vpp1 := va1.AdamID
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, host, vpp1, user)
_, err = ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), host.ID, "")
require.NoError(t, err)
createVPPAppInstallResult(t, ds, host, vpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
// Insert software entry for vpp app
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
vPPApp.Name, vPPApp.LatestVersion, "apps", vPPApp.BundleIdentifier, vPPApp.TitleID, hex.EncodeToString([]byte("vpp1")),
)
require.NoError(t, err)
time.Sleep(time.Second) // ensure a different created_at timestamp
// search for microsoft
sw, meta, err = ds.ListHostSoftware(
ctx,
host,
fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
PerPage: 11,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
MatchQuery: "microsoft",
},
},
)
require.NoError(t, err)
require.Equal(t, &fleet.PaginationMetadata{TotalResults: 3}, meta)
require.Equal(t, software[2].Name, sw[0].Name)
require.Equal(t, software[0].Name, sw[1].Name)
require.Equal(t, vPPApp.Name, sw[2].Name)
Fixed search with self service filter (#28991) For https://github.com/fleetdm/fleet/issues/28880 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 19:52:11 +00:00
Host installed vulnerable vpp apps (#29369) If the user has a software installed on their machine that happens to match a vpp app in our catalog. When searching by vulnerable attributes do not link that software to a vpp app. Just treat it like a non-fleet installed application. https://github.com/fleetdm/fleet/issues/29308 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-29 14:37:10 +00:00
// search with self-service
Fixed search with self service filter (#28991) For https://github.com/fleetdm/fleet/issues/28880 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-09 19:52:11 +00:00
vPPAppSlack := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{SelfService: true, VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_2", Platform: fleet.MacOSPlatform}},
Name: "slack",
BundleIdentifier: "com.app.slack",
}
_, err = ds.InsertVPPAppWithTeam(ctx, vPPAppSlack, &tm.ID)
require.NoError(t, err)
vPPApp1Password := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{SelfService: true, VPPAppID: fleet.VPPAppID{AdamID: "adam_vpp_3", Platform: fleet.MacOSPlatform}},
Name: "1password",
BundleIdentifier: "com.app.1password",
}
_, err = ds.InsertVPPAppWithTeam(ctx, vPPApp1Password, &tm.ID)
require.NoError(t, err)
opts := fleet.HostSoftwareTitleListOptions{
SelfServiceOnly: true,
IsMDMEnrolled: true,
IncludeAvailableForInstall: true,
ListOptions: fleet.ListOptions{
PerPage: 10,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
},
}
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Len(t, sw, 2)
require.Equal(t, vPPApp1Password.Name, sw[0].Name)
require.Equal(t, vPPAppSlack.Name, sw[1].Name)
opts.ListOptions.MatchQuery = "1password"
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Len(t, sw, 1)
require.Equal(t, vPPApp1Password.Name, sw[0].Name)
fixing host software tab search (#28216) https://github.com/fleetdm/fleet/issues/28149 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [ ] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [ ] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-14 20:48:59 +00:00
}
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
func testListHostSoftwareWithLabelScopingVPP(t *testing.T, ds *Datastore) {
ctx := context.Background()
// create a host
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, host, false)
user1 := test.NewUser(t, ds, "Alice", "alice@example.com", true)
dataToken, err := test.CreateVPPTokenData(time.Now().Add(24*time.Hour), "Test org"+t.Name(), "Test location"+t.Name())
require.NoError(t, err)
tok1, err := ds.InsertVPPToken(ctx, dataToken)
require.NoError(t, err)
_, err = ds.UpdateVPPTokenTeams(ctx, tok1.ID, []uint{})
require.NoError(t, err)
time.Sleep(time.Second) // ensure the labels_updated_at timestamp is before labels creation
Fleet installed vpp apps, prior to being inventoried, correctly pull self service flag (#29272) https://github.com/fleetdm/fleet/issues/29240 Prior to being accounted for in software inventory we store vpp app installs in `host_vpp_software_installs`. The query pull data from this table was not getting self service flag information which was necessary for label scoping logic later on while fetching software available for install on the service service page. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-20 15:44:27 +00:00
vppApp := &fleet.VPPApp{Name: "vpp_app_1", VPPAppTeam: fleet.VPPAppTeam{SelfService: true, VPPAppID: fleet.VPPAppID{AdamID: "1", Platform: fleet.MacOSPlatform}}, BundleIdentifier: "b1"}
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
vppApp, err = ds.InsertVPPAppWithTeam(ctx, vppApp, nil)
require.NoError(t, err)
vppAppTeamID := vppApp.VPPAppTeam.AppTeamID
// create a software installer
tfr1, err := fleet.NewTempFileReader(strings.NewReader("hello"), t.TempDir)
require.NoError(t, err)
installer1 := &fleet.UploadSoftwareInstallerPayload{
InstallScript: "hello",
PreInstallQuery: "SELECT 1",
PostInstallScript: "world",
UninstallScript: "goodbye",
InstallerFile: tfr1,
StorageID: "storage1",
Filename: "file1",
Title: "file1",
Version: "1.0",
Source: "apps",
UserID: user1.ID,
BundleIdentifier: "bi1",
Platform: "darwin",
ValidatedLabels: &fleet.LabelIdentsWithScope{},
}
installerID1, _, err := ds.MatchOrCreateSoftwareInstaller(ctx, installer1)
require.NoError(t, err)
// we should see installer1, since it has no label associated yet
opts := fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{
PerPage: 11,
IncludeMetadata: true,
OrderKey: "name",
TestSecondaryOrderKey: "source",
},
IncludeAvailableForInstall: true,
IsMDMEnrolled: true,
}
expectedInstallers := map[string]*fleet.SoftwarePackageOrApp{
installer1.Filename: {
Name: installer1.Filename,
Version: installer1.Version,
SelfService: ptr.Bool(false),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
Platform: "darwin",
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
},
vppApp.Name: {
AppStoreID: vppApp.AdamID,
Fleet installed vpp apps, prior to being inventoried, correctly pull self service flag (#29272) https://github.com/fleetdm/fleet/issues/29240 Prior to being accounted for in software inventory we store vpp app installs in `host_vpp_software_installs`. The query pull data from this table was not getting self service flag information which was necessary for label scoping logic later on while fetching software available for install on the service service page. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-20 15:44:27 +00:00
SelfService: ptr.Bool(true),
Rest API: Add platform to endpoints with software packages and vpp apps (#27124)
2025-03-17 13:59:03 +00:00
Platform: "darwin",
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
},
}
checkSoftware := func(swList []*fleet.HostSoftwareWithInstaller, excludeNames ...string) {
expectedLen := len(expectedInstallers) - len(excludeNames)
require.Equal(t, len(swList), expectedLen)
for _, got := range swList {
if got.IsPackage() {
want, ok := expectedInstallers[got.SoftwarePackage.Name]
if slices.Contains(excludeNames, got.SoftwarePackage.Name) {
require.False(t, ok)
continue
}
require.True(t, ok)
require.Equal(t, want, got.SoftwarePackage)
}
if got.IsAppStoreApp() {
want, ok := expectedInstallers[got.Name]
if slices.Contains(excludeNames, got.AppStoreApp.AppStoreID) {
require.False(t, ok)
continue
}
require.True(t, ok)
require.Equal(t, want, got.AppStoreApp)
}
}
}
software, _, err := ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
checkSoftware(software)
// installer1 should be in scope since it has no labels
scoped, err := ds.IsSoftwareInstallerLabelScoped(ctx, installerID1, host.ID)
require.NoError(t, err)
require.True(t, scoped)
// vppApp should be in scope since it has no labels
scoped, err = ds.IsVPPAppLabelScoped(ctx, vppApp.VPPAppTeam.AppTeamID, host.ID)
require.NoError(t, err)
require.True(t, scoped)
// Create a couple of labels
label1, err := ds.NewLabel(ctx, &fleet.Label{Name: "label1" + t.Name()})
require.NoError(t, err)
label2, err := ds.NewLabel(ctx, &fleet.Label{Name: "label2" + t.Name()})
require.NoError(t, err)
// assign the label to the host
require.NoError(t, ds.AddLabelsToHost(ctx, host.ID, []uint{label1.ID}))
host.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, host)
require.NoError(t, err)
time.Sleep(time.Second)
// assign the label to the software installer
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), installerID1, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{label1.Name: {LabelName: label1.Name, LabelID: label1.ID}},
}, softwareTypeInstaller)
require.NoError(t, err)
// should contain only the VPP app as the installer label is "exclude any"
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
checkSoftware(software, installer1.Filename)
fix: clear auto install policy statuses for vpp app scope changes (#26121) > For #26086 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-02-07 14:53:54 +00:00
hostsNotInScope, err := ds.GetExcludedHostIDMapForVPPApp(ctx, vppAppTeamID)
require.NoError(t, err)
require.Empty(t, hostsNotInScope)
hostsInScope, err := ds.GetIncludedHostIDMapForVPPApp(ctx, vppAppTeamID)
require.NoError(t, err)
require.Equal(t, map[uint]struct{}{host.ID: {}}, hostsInScope)
Applying label scope to vpp apps (#28432) https://github.com/fleetdm/fleet/issues/28328 Also related to https://github.com/fleetdm/fleet/pull/28372 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 22:00:19 +00:00
anotherHost := test.NewHost(t, ds, "host2", "", "host2key", "host2uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, anotherHost, false)
// intall vpp app
vpp1CmdUUID := createVPPAppInstallRequest(t, ds, anotherHost, vppApp.AdamID, user1)
_, err = ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), anotherHost.ID, "")
require.NoError(t, err)
createVPPAppInstallResult(t, ds, anotherHost, vpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
// Insert software entry for vpp app
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
vppApp.Name, vppApp.LatestVersion, "apps", vppApp.BundleIdentifier, vppApp.TitleID, hex.EncodeToString([]byte("vpp1")),
)
require.NoError(t, err)
time.Sleep(time.Second)
// update host label timestamp
require.NoError(t, ds.AddLabelsToHost(ctx, anotherHost.ID, []uint{label1.ID}))
anotherHost.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, anotherHost)
require.NoError(t, err)
time.Sleep(time.Second)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
thirdHost := test.NewHost(t, ds, "host3", "", "host3key", "host3uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, thirdHost, false)
// have a pre-installed vpp app
res, err := ds.writer(ctx).ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
vppApp.Name, "0.1.10", "apps", vppApp.BundleIdentifier, vppApp.TitleID, hex.EncodeToString([]byte("vpp1v0.1.10")),
)
require.NoError(t, err)
time.Sleep(time.Second)
softwareID, err := res.LastInsertId()
require.NoError(t, err)
_, err = ds.writer(ctx).ExecContext(ctx, `
INSERT INTO host_software (host_id, software_id)
VALUES (?, ?)
`, thirdHost.ID, softwareID)
require.NoError(t, err)
// update host label timestamp
require.NoError(t, ds.AddLabelsToHost(ctx, thirdHost.ID, []uint{label1.ID}))
thirdHost.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, thirdHost)
require.NoError(t, err)
time.Sleep(time.Second)
Fleet installed vpp apps, prior to being inventoried, correctly pull self service flag (#29272) https://github.com/fleetdm/fleet/issues/29240 Prior to being accounted for in software inventory we store vpp app installs in `host_vpp_software_installs`. The query pull data from this table was not getting self service flag information which was necessary for label scoping logic later on while fetching software available for install on the service service page. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-20 15:44:27 +00:00
fourthHost := test.NewHost(t, ds, "host4", "", "host4key", "host4uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, fourthHost, false)
require.NoError(t, ds.AddLabelsToHost(ctx, fourthHost.ID, []uint{label1.ID}))
fourthHost.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, fourthHost)
require.NoError(t, err)
time.Sleep(time.Second)
scoped, err = ds.IsVPPAppLabelScoped(ctx, vppApp.VPPAppTeam.AppTeamID, fourthHost.ID)
require.NoError(t, err)
require.True(t, scoped)
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
// Assign the label to the VPP app. Now we should have an empty list
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), vppAppTeamID, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{label1.Name: {LabelName: label1.Name, LabelID: label1.ID}},
}, softwareTypeVPP)
require.NoError(t, err)
Fleet installed vpp apps, prior to being inventoried, correctly pull self service flag (#29272) https://github.com/fleetdm/fleet/issues/29240 Prior to being accounted for in software inventory we store vpp app installs in `host_vpp_software_installs`. The query pull data from this table was not getting self service flag information which was necessary for label scoping logic later on while fetching software available for install on the service service page. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-20 15:44:27 +00:00
// intall vpp app on fourth host
vpp verify followup (#30389) > Fixes #29851 > Fixes #29902 > Mainly followups from https://github.com/fleetdm/fleet/pull/30295, plus improved integration testing # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-01 15:19:42 +00:00
fourthHostVpp1CmdUUID := createVPPAppInstallRequest(t, ds, fourthHost, vppApp.AdamID, user1)
Fleet installed vpp apps, prior to being inventoried, correctly pull self service flag (#29272) https://github.com/fleetdm/fleet/issues/29240 Prior to being accounted for in software inventory we store vpp app installs in `host_vpp_software_installs`. The query pull data from this table was not getting self service flag information which was necessary for label scoping logic later on while fetching software available for install on the service service page. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-20 15:44:27 +00:00
_, err = ds.activateNextUpcomingActivity(ctx, ds.writer(ctx), fourthHost.ID, "")
require.NoError(t, err)
vpp verify followup (#30389) > Fixes #29851 > Fixes #29902 > Mainly followups from https://github.com/fleetdm/fleet/pull/30295, plus improved integration testing # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-01 15:19:42 +00:00
createVPPAppInstallResult(t, ds, fourthHost, fourthHostVpp1CmdUUID, fleet.MDMAppleStatusAcknowledged)
Fleet installed vpp apps, prior to being inventoried, correctly pull self service flag (#29272) https://github.com/fleetdm/fleet/issues/29240 Prior to being accounted for in software inventory we store vpp app installs in `host_vpp_software_installs`. The query pull data from this table was not getting self service flag information which was necessary for label scoping logic later on while fetching software available for install on the service service page. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-20 15:44:27 +00:00
// but inventory has not been updated yet so no software/host software records exist
software, _, err = ds.ListHostSoftware(
ctx,
fourthHost,
fleet.HostSoftwareTitleListOptions{
ListOptions: fleet.ListOptions{PerPage: 10},
IncludeAvailableForInstall: true,
SelfServiceOnly: true,
IsMDMEnrolled: true,
},
)
require.NoError(t, err)
// installer one is not self service, vpp app is but out of scope due to label
checkSoftware(software, installer1.Filename, vppApp.Name)
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
checkSoftware(software, installer1.Filename, vppApp.Name)
fix: clear auto install policy statuses for vpp app scope changes (#26121) > For #26086 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-02-07 14:53:54 +00:00
hostsNotInScope, err = ds.GetExcludedHostIDMapForVPPApp(ctx, vppAppTeamID)
require.NoError(t, err)
Fleet installed vpp apps, prior to being inventoried, correctly pull self service flag (#29272) https://github.com/fleetdm/fleet/issues/29240 Prior to being accounted for in software inventory we store vpp app installs in `host_vpp_software_installs`. The query pull data from this table was not getting self service flag information which was necessary for label scoping logic later on while fetching software available for install on the service service page. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-20 15:44:27 +00:00
require.Equal(t, map[uint]struct{}{host.ID: {}, anotherHost.ID: {}, thirdHost.ID: {}, fourthHost.ID: {}}, hostsNotInScope)
fix: clear auto install policy statuses for vpp app scope changes (#26121) > For #26086 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-02-07 14:53:54 +00:00
hostsInScope, err = ds.GetIncludedHostIDMapForVPPApp(ctx, vppAppTeamID)
require.NoError(t, err)
require.Empty(t, hostsInScope)
vpp verify followup (#30389) > Fixes #29851 > Fixes #29902 > Mainly followups from https://github.com/fleetdm/fleet/pull/30295, plus improved integration testing # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-01 15:19:42 +00:00
// vpp app is installed but not verified, so should still be pending
software, _, err = ds.ListHostSoftware(ctx, anotherHost, opts)
require.NoError(t, err)
require.Len(t, software, 1)
require.Equal(t, software[0].Name, vppApp.Name)
expectedStatus := fleet.SoftwareInstallPending
require.Equal(t, &expectedStatus, software[0].Status)
// but should not be available for install because of the ExcludeAny label
require.Nil(t, software[0].AppStoreApp)
// verify the install
require.NoError(t, ds.SetVPPInstallAsVerified(ctx, anotherHost.ID, vpp1CmdUUID))
// Now the app should come back as installed
Applying label scope to vpp apps (#28432) https://github.com/fleetdm/fleet/issues/28328 Also related to https://github.com/fleetdm/fleet/pull/28372 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 22:00:19 +00:00
software, _, err = ds.ListHostSoftware(ctx, anotherHost, opts)
require.NoError(t, err)
require.Len(t, software, 1)
require.Equal(t, software[0].Name, vppApp.Name)
vpp verify followup (#30389) > Fixes #29851 > Fixes #29902 > Mainly followups from https://github.com/fleetdm/fleet/pull/30295, plus improved integration testing # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality
2025-07-01 15:19:42 +00:00
expectedStatus = fleet.SoftwareInstalled
require.Equal(t, &expectedStatus, software[0].Status)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
// but should not be available for install because of the ExcludeAny label
require.Nil(t, software[0].AppStoreApp)
// vpp app is installed, so should come back in list of software
software, _, err = ds.ListHostSoftware(ctx, thirdHost, opts)
require.NoError(t, err)
require.Len(t, software, 1)
require.Equal(t, software[0].Name, vppApp.Name)
// nil because it was pre-installed on host
require.Nil(t, software[0].Status)
// but should not be available for install because of the ExcludeAny label
require.Nil(t, software[0].AppStoreApp)
Applying label scope to vpp apps (#28432) https://github.com/fleetdm/fleet/issues/28328 Also related to https://github.com/fleetdm/fleet/pull/28372 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 22:00:19 +00:00
// filtering by only available for install should exclude the vpp app
opts.OnlyAvailableForInstall = true
software, _, err = ds.ListHostSoftware(ctx, anotherHost, opts)
require.NoError(t, err)
checkSoftware(software, installer1.Filename, vppApp.Name)
Rewrite label scoping logic for listing host software, fix other ListHostSoftware bugs (#28592) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-06 17:32:35 +00:00
software, _, err = ds.ListHostSoftware(ctx, thirdHost, opts)
require.NoError(t, err)
checkSoftware(software, installer1.Filename, vppApp.Name)
Applying label scope to vpp apps (#28432) https://github.com/fleetdm/fleet/issues/28328 Also related to https://github.com/fleetdm/fleet/pull/28372 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-04-22 22:00:19 +00:00
opts.OnlyAvailableForInstall = false
Add labels and editing for VPP apps (#25979) For #24609 --------- Co-authored-by: Jahziel Villasana-Espinoza <jahziel@fleetdm.com> Co-authored-by: Jahziel Villasana-Espinoza <jahzielv@gmail.com>
2025-02-03 17:16:21 +00:00
// Make the label include any. We should have both of them back.
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), installerID1, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeIncludeAny,
ByName: map[string]fleet.LabelIdent{label1.Name: {LabelName: label1.Name, LabelID: label1.ID}},
}, softwareTypeInstaller)
require.NoError(t, err)
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), vppAppTeamID, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeIncludeAny,
ByName: map[string]fleet.LabelIdent{label1.Name: {LabelName: label1.Name, LabelID: label1.ID}},
}, softwareTypeVPP)
require.NoError(t, err)
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
checkSoftware(software)
// Give the VPP app a different label. Only the installer should show up now, since the host
// only has label1.
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), vppAppTeamID, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeIncludeAny,
ByName: map[string]fleet.LabelIdent{label2.Name: {LabelName: label2.Name, LabelID: label2.ID}},
}, softwareTypeVPP)
require.NoError(t, err)
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
checkSoftware(software, vppApp.Name)
scoped, err = ds.IsVPPAppLabelScoped(ctx, vppApp.VPPAppTeam.AppTeamID, host.ID)
require.NoError(t, err)
require.False(t, scoped)
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), vppAppTeamID, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeIncludeAny,
ByName: map[string]fleet.LabelIdent{label2.Name: {LabelName: label2.Name, LabelID: label2.ID}, label1.Name: {LabelName: label1.Name, LabelID: label1.ID}},
}, softwareTypeVPP)
require.NoError(t, err)
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
checkSoftware(software)
scoped, err = ds.IsVPPAppLabelScoped(ctx, vppApp.VPPAppTeam.AppTeamID, host.ID)
require.NoError(t, err)
require.True(t, scoped)
// Create another label.
time.Sleep(time.Second)
label3, err := ds.NewLabel(ctx, &fleet.Label{Name: "label3" + t.Name()})
require.NoError(t, err)
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), vppAppTeamID, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{label3.Name: {LabelName: label3.Name, LabelID: label3.ID}},
}, softwareTypeVPP)
require.NoError(t, err)
// the VPP app is still out of scope, because label3 was added as exclude any and the host's
// LabelUpdatedAt isn't fresh enough.
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
checkSoftware(software, vppApp.Name)
scoped, err = ds.IsVPPAppLabelScoped(ctx, vppApp.VPPAppTeam.AppTeamID, host.ID)
require.NoError(t, err)
require.False(t, scoped)
// mark as if label had been reported (but host is still not a member). This should bring the
// VPP app back in scope, since it's exclude any and the host doesn't have label 3.
host.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, host)
require.NoError(t, err)
time.Sleep(time.Second)
software, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
checkSoftware(software)
scoped, err = ds.IsVPPAppLabelScoped(ctx, vppApp.VPPAppTeam.AppTeamID, host.ID)
require.NoError(t, err)
require.True(t, scoped)
}
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
Non fleet installed software properly filtered by labels (#29116) https://github.com/fleetdm/fleet/issues/28328 - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Added/updated automated tests - [x] Manual QA for all new/changed functionality - [x] For unreleased bug fixes in a release candidate, confirmed that the fix is not expected to adversely impact load test results or alerted the release DRI if additional load testing is needed.
2025-05-13 23:41:33 +00:00
func testListHostSoftwareSelfServiceWithLabelScopingHostInstalled(t *testing.T, ds *Datastore) {
ctx := context.Background()
user1 := test.NewUser(t, ds, "Alice", "alice@example.com", true)
tm, err := ds.NewTeam(ctx, &fleet.Team{Name: "team1"})
require.NoError(t, err)
host := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now(), test.WithPlatform("darwin"))
nanoEnroll(t, ds, host, false)
err = ds.AddHostsToTeam(ctx, &tm.ID, []uint{host.ID})
require.NoError(t, err)
host.TeamID = &tm.ID
opts := fleet.HostSoftwareTitleListOptions{
SelfServiceOnly: true,
IsMDMEnrolled: true,
IncludeAvailableForInstall: true,
OnlyAvailableForInstall: false,
VulnerableOnly: false,
KnownExploit: false,
ListOptions: fleet.ListOptions{PerPage: 10, IncludeMetadata: true, OrderKey: "name", TestSecondaryOrderKey: "source"},
}
dataToken, err := test.CreateVPPTokenData(time.Now().Add(24*time.Hour), "Test org"+t.Name(), "Test location"+t.Name())
require.NoError(t, err)
tok1, err := ds.InsertVPPToken(ctx, dataToken)
require.NoError(t, err)
_, err = ds.UpdateVPPTokenTeams(ctx, tok1.ID, []uint{})
require.NoError(t, err)
time.Sleep(time.Second)
// self-service software installer
tfr2, err := fleet.NewTempFileReader(strings.NewReader("hello"), t.TempDir)
require.NoError(t, err)
selfServiceinstaller := &fleet.UploadSoftwareInstallerPayload{
InstallScript: "hello 2",
PreInstallQuery: "SELECT 2",
PostInstallScript: "world 2",
UninstallScript: "goodbye 2",
InstallerFile: tfr2,
StorageID: "storage 2",
Filename: "file2",
Title: "file2",
Version: "1.0",
Source: "apps",
UserID: user1.ID,
BundleIdentifier: "bi2",
Platform: "darwin",
SelfService: true,
TeamID: &tm.ID,
ValidatedLabels: &fleet.LabelIdentsWithScope{},
}
selfServiceInstallerID, selfServiceTitleID, err := ds.MatchOrCreateSoftwareInstaller(ctx, selfServiceinstaller)
require.NoError(t, err)
vPPApp := &fleet.VPPApp{
VPPAppTeam: fleet.VPPAppTeam{
SelfService: true,
VPPAppID: fleet.VPPAppID{
AdamID: "adam_vpp_1", Platform: fleet.MacOSPlatform,
},
},
Name: "vpp1",
BundleIdentifier: "com.app.vpp1",
LatestVersion: "1.0.0",
}
_, err = ds.InsertVPPAppWithTeam(ctx, vPPApp, &tm.ID)
require.NoError(t, err)
// Install software on host
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
res, err := q.ExecContext(ctx, `INSERT INTO software (name, source, bundle_identifier, version, title_id) VALUES (?, ?, ?, ?, ?)`,
selfServiceinstaller.Title, selfServiceinstaller.Source, selfServiceinstaller.BundleIdentifier, selfServiceinstaller.Version, selfServiceTitleID)
if err != nil {
return err
}
softwareID, err := res.LastInsertId()
if err != nil {
return err
}
_, err = q.ExecContext(ctx, `INSERT INTO host_software (host_id, software_id) VALUES (?, ?)`,
host.ID, softwareID)
if err != nil {
return err
}
res, err = q.ExecContext(ctx, `
INSERT INTO software (name, version, source, bundle_identifier, title_id, checksum)
VALUES (?, ?, ?, ?, ?, ?)
`,
vPPApp.Name, "1.2.3", "apps", vPPApp.BundleIdentifier, vPPApp.TitleID, hex.EncodeToString([]byte("vpp1")),
)
require.NoError(t, err)
time.Sleep(time.Second)
softwareID, err = res.LastInsertId()
require.NoError(t, err)
_, err = q.ExecContext(ctx, `
INSERT INTO host_software (host_id, software_id)
VALUES (?, ?)
`,
host.ID, softwareID)
require.NoError(t, err)
return nil
})
sw, _, err := ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Len(t, sw, 2)
// selfServiceIstaller should be in scope since it has no labels
scoped, err := ds.IsSoftwareInstallerLabelScoped(ctx, selfServiceInstallerID, host.ID)
require.NoError(t, err)
require.True(t, scoped)
hostsInScope, err := ds.GetIncludedHostIDMapForSoftwareInstaller(ctx, selfServiceInstallerID)
require.NoError(t, err)
require.Contains(t, hostsInScope, host.ID)
// vppApp should be in scope since it has no labels
scoped, err = ds.IsVPPAppLabelScoped(ctx, vPPApp.VPPAppTeam.AppTeamID, host.ID)
require.NoError(t, err)
require.True(t, scoped)
hostsInScope, err = ds.GetIncludedHostIDMapForVPPApp(ctx, vPPApp.VPPAppTeam.AppTeamID)
require.NoError(t, err)
require.Contains(t, hostsInScope, host.ID)
// exclude label
excludeLabel, err := ds.NewLabel(ctx, &fleet.Label{Name: "Exclude Label" + t.Name()})
require.NoError(t, err)
// label host
require.NoError(t, ds.AddLabelsToHost(ctx, host.ID, []uint{excludeLabel.ID}))
host.LabelUpdatedAt = time.Now()
err = ds.UpdateHost(ctx, host)
require.NoError(t, err)
// label software
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), selfServiceInstallerID, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{excludeLabel.Name: {LabelName: excludeLabel.Name, LabelID: excludeLabel.ID}},
}, softwareTypeInstaller)
require.NoError(t, err)
// label vpp app
err = setOrUpdateSoftwareInstallerLabelsDB(ctx, ds.writer(ctx), vPPApp.VPPAppTeam.AppTeamID, fleet.LabelIdentsWithScope{
LabelScope: fleet.LabelScopeExcludeAny,
ByName: map[string]fleet.LabelIdent{excludeLabel.Name: {LabelName: excludeLabel.Name, LabelID: excludeLabel.ID}},
}, softwareTypeVPP)
require.NoError(t, err)
// selfServiceIstaller should not be in scope since it has exclude any label
scoped, err = ds.IsSoftwareInstallerLabelScoped(ctx, selfServiceInstallerID, host.ID)
require.NoError(t, err)
require.False(t, scoped)
hostsInScope, err = ds.GetIncludedHostIDMapForSoftwareInstaller(ctx, selfServiceInstallerID)
require.NoError(t, err)
require.Empty(t, hostsInScope)
// vppApp should not be in scope since it has exclude any label
scoped, err = ds.IsVPPAppLabelScoped(ctx, vPPApp.VPPAppTeam.AppTeamID, host.ID)
require.NoError(t, err)
require.False(t, scoped)
hostsInScope, err = ds.GetIncludedHostIDMapForVPPApp(ctx, vPPApp.VPPAppTeam.AppTeamID)
require.NoError(t, err)
require.Empty(t, hostsInScope)
// both apps are out of scope so we should get an empty list
sw, _, err = ds.ListHostSoftware(ctx, host, opts)
require.NoError(t, err)
assert.Len(t, sw, 0)
}
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
func testDeletedInstalledSoftware(t *testing.T, ds *Datastore) {
ctx := context.Background()
host1 := test.NewHost(t, ds, "host1", "", "host1key", "host1uuid", time.Now())
user1 := test.NewUser(t, ds, "Alice", "alice@example.com", true)
team, err := ds.NewTeam(ctx, &fleet.Team{Name: "team 1"})
require.NoError(t, err)
installerID, _, err := ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
Title: "GoLand",
Source: "app",
InstallScript: "echo",
TeamID: &team.ID,
Filename: "foo.pkg",
UserID: user1.ID,
BundleIdentifier: "com.jetbrains.goland",
ValidatedLabels: &fleet.LabelIdentsWithScope{},
})
require.NoError(t, err)
Upcoming Activities feature branch (#25450)
2025-02-11 19:53:11 +00:00
_, err = ds.InsertSoftwareInstallRequest(ctx, host1.ID, installerID, fleet.HostSoftwareInstallOptions{})
Added software_titles unique index `idx_unique_sw_titles` (#25794) For #25235 This allows software with different names but the same bundle identifier to be grouped under the same title. It also allows for software with the same name but different bundle identifiers to be under two separate titles. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Checked schema for all modified table for columns that will auto-update timestamps during migration. - [x] Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects. - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality
2025-02-03 19:23:21 +00:00
require.NoError(t, err)
ExecAdhocSQL(t, ds, func(q sqlx.ExtContext) error {
_, err = q.ExecContext(ctx, `UPDATE host_software_installs SET post_install_script_exit_code = 0`)
require.NoError(t, err)
return nil
})
software1 := []fleet.Software{
{Name: "GoLand", Version: "1.0.2", Source: "app", BundleIdentifier: "com.jetbrains.goland"},
{Name: "GoLand", Version: "1.0.2", Source: "app", BundleIdentifier: "com.jetbrains.goland2"},
}
_, err = ds.UpdateHostSoftware(context.Background(), host1.ID, software1)
require.NoError(t, err)
// remove software with different bundle id same name as installed software
software1 = []fleet.Software{
{Name: "GoLand", Version: "1.0.2", Source: "app", BundleIdentifier: "com.jetbrains.goland"},
}
_, err = ds.UpdateHostSoftware(context.Background(), host1.ID, software1)
require.NoError(t, err)
var hostSoftwareInstalls []struct {
HostID uint `db:"host_id"`
SoftwareInstallerID uint `db:"software_installer_id"`
Removed bool `db:"removed"`
Status string `db:"status"`
}
err = sqlx.SelectContext(
ctx,
ds.writer(ctx),
&hostSoftwareInstalls,
`select host_id, software_installer_id, removed, status from host_software_installs where host_id = ?`,
host1.ID,
)
if err != nil {
fmt.Printf("error getting software titles: %v\n", err)
}
// Ensure installed software is not marked as removed
for _, value := range hostSoftwareInstalls {
assert.False(t, value.Removed)
}
}
software categories: backend (#28479) > For #28138 # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] If database migrations are included, checked table schema to confirm autoupdate - For database migrations: - [x] Ensured the correct collation is explicitly set for character columns (`COLLATE utf8mb4_unicode_ci`). - [x] Added/updated automated tests - [x] A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it) - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Ian Littman <iansltx@gmail.com>
2025-05-02 15:41:26 +00:00
func testSoftwareCategories(t *testing.T, ds *Datastore) {
ctx := context.Background()
user := test.NewUser(t, ds, "user1"+t.Name(), fmt.Sprintf("user1%s@example.com", t.Name()), false)
// create some categories
cat1, err := ds.NewSoftwareCategory(ctx, "category1")
require.NoError(t, err)
require.Equal(t, "category1", cat1.Name)
cat2, err := ds.NewSoftwareCategory(ctx, "category2")
require.NoError(t, err)
require.Equal(t, "category2", cat2.Name)
// get the IDs
ids, err := ds.GetSoftwareCategoryIDs(ctx, []string{cat1.Name, cat2.Name})
require.NoError(t, err)
require.Len(t, ids, 2)
require.Contains(t, ids, cat1.ID)
require.Contains(t, ids, cat2.ID)
// create a software installer for no team
tfr1, err := fleet.NewTempFileReader(strings.NewReader("hello"), t.TempDir)
require.NoError(t, err)
installerNoTeam, titleID, err := ds.MatchOrCreateSoftwareInstaller(ctx, &fleet.UploadSoftwareInstallerPayload{
InstallScript: "hello",
InstallerFile: tfr1,
StorageID: "storage1",
Filename: "file1",
Title: "file1",
Version: "1.0",
Source: "apps",
UserID: user.ID,
ValidatedLabels: &fleet.LabelIdentsWithScope{},
})
require.NoError(t, err)
// Add the categories to the installer
err = ds.SaveInstallerUpdates(ctx, &fleet.UpdateSoftwareInstallerPayload{
TitleID: titleID,
InstallerID: installerNoTeam,
CategoryIDs: ids,
InstallScript: ptr.String("hello"),
SelfService: ptr.Bool(false),
UninstallScript: ptr.String(""),
PreInstallQuery: ptr.String(""),
UserID: user.ID,
})
require.NoError(t, err)
categories, err := ds.GetCategoriesForSoftwareTitles(ctx, []uint{titleID}, nil)
require.NoError(t, err)
require.Len(t, categories, 1)
require.Contains(t, categories[installerNoTeam], cat1.Name)
require.Contains(t, categories[installerNoTeam], cat2.Name)
dataToken, err := test.CreateVPPTokenData(time.Now().Add(24*time.Hour), "Test org"+t.Name(), "Test location"+t.Name())
require.NoError(t, err)
tok1, err := ds.InsertVPPToken(ctx, dataToken)
require.NoError(t, err)
_, err = ds.UpdateVPPTokenTeams(ctx, tok1.ID, []uint{})
require.NoError(t, err)
vppApp := &fleet.VPPApp{Name: "vpp_app_1", VPPAppTeam: fleet.VPPAppTeam{VPPAppID: fleet.VPPAppID{AdamID: "1", Platform: fleet.MacOSPlatform}, CategoryIDs: ids}, BundleIdentifier: "b1"}
vppApp, err = ds.InsertVPPAppWithTeam(ctx, vppApp, nil)
require.NoError(t, err)
vppAppTitleID := vppApp.TitleID
categories, err = ds.GetCategoriesForSoftwareTitles(ctx, []uint{titleID, vppAppTitleID}, nil)
require.NoError(t, err)
require.Len(t, categories, 2)
require.Contains(t, categories[installerNoTeam], cat1.Name)
require.Contains(t, categories[installerNoTeam], cat2.Name)
require.Contains(t, categories[installerNoTeam], cat1.Name)
require.Contains(t, categories[installerNoTeam], cat2.Name)
}
Reference in a new issue Copy permalink