Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 60

Minio vulnerability false positives (#21644)

Browse source
This commit is contained in:
Tim Lee 2024-08-29 11:06:47 -06:00 committed by GitHub
parent 9a09b52201
commit 209ee10327
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 50 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changes/21404-minio-false-positive Normal file
View file

@ -0,0 +1 @@
- resolved issue where minio was reporting false positive vulnerabilities due to a mismatch in version strings

25
server/service/osquery_utils/queries.go
View file

@ -1599,6 +1599,31 @@ func sanitizeSoftware(h *fleet.Host, s *fleet.Software, logger log.Logger) {
s.Version = strings.Join(newParts, ".")
},
},
{
// Trim the "RELEASE." prefix from Minio versions.
checkSoftware: func(h *fleet.Host, s *fleet.Software) bool {
return s.Name == "minio" && strings.Contains(s.Version, "RELEASE.")
},
mutateSoftware: func(s *fleet.Software) {
s.Version = strings.TrimPrefix(s.Version, "RELEASE.")
},
},
{
// Convert the timestamp to NVD's format for Minio versions.
checkSoftware: func(h *fleet.Host, s *fleet.Software) bool {
regex := regexp.MustCompile(`^\d{14}$`)
return s.Name == "minio" && regex.MatchString(s.Version)
},
mutateSoftware: func(s *fleet.Software) {
timestamp, err := time.Parse("20060102150405", s.Version)
if err != nil {
level.Debug(logger).Log("msg", "failed to parse software version", "name", s.Name, "version", s.Version, "err", err)
return
}
s.Version = timestamp.Format("2006-01-02T15-04-05Z")
},
},
}
for _, softwareSanitizer := range softwareSanitizers {

24
server/service/osquery_utils/queries_test.go
View file

@ -1830,6 +1830,30 @@ func TestSanitizeSoftware(t *testing.T) {
Version: "1.6.00.34263",
},
},
{
name: "minio",
h: &fleet.Host{},
s: &fleet.Software{
Name: "minio",
Version: "RELEASE.2022-03-10T00-00-00Z",
},
sanitized: &fleet.Software{
Name: "minio",
Version: "2022-03-10T00-00-00Z",
},
},
{
name: "minio",
h: &fleet.Host{},
s: &fleet.Software{
Name: "minio",
Version: "20200310000000",
},
sanitized: &fleet.Software{
Name: "minio",
Version: "2020-03-10T00-00-00Z",
},
},
} {
t.Run(tc.name, func(t *testing.T) {
sanitizeSoftware(tc.h, tc.s, log.NewNopLogger())