From 4197076b1697fb1374d40d9237bc8564b030a1f3 Mon Sep 17 00:00:00 2001 From: Jacob Shandling <61553566+jacobshandling@users.noreply.github.com> Date: Tue, 11 Jun 2024 13:40:59 -0700 Subject: [PATCH] fleetd `tcc_access` table: handle non-existent user tcc.db (#19660) ## Follow up to #19355 - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Jacob Shandling --- orbit/pkg/table/tcc_access/tcc_access.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/orbit/pkg/table/tcc_access/tcc_access.go b/orbit/pkg/table/tcc_access/tcc_access.go index de0929aadd..e5f83f7a66 100644 --- a/orbit/pkg/table/tcc_access/tcc_access.go +++ b/orbit/pkg/table/tcc_access/tcc_access.go @@ -8,10 +8,12 @@ import ( "context" "errors" "fmt" + "os" "os/exec" "strings" "github.com/osquery/osquery-go/plugin/table" + "github.com/rs/zerolog/log" ) var ( @@ -69,6 +71,13 @@ func Generate(ctx context.Context, queryContext table.QueryContext) ([]map[strin if satisfiesUidConstraints { tccPath := tccPathPrefix + "/Users/" + username + tccPathSuffix + if _, err := os.Stat(tccPath); err != nil { + if errors.Is(err, os.ErrNotExist) { + log.Debug().Err(err).Msgf("file for user %s not found: %s", username, tccPath) + continue + } + return nil, err + } uRs, err := getTCCAccessRows(uid, tccPath) if err != nil { return nil, err @@ -98,7 +107,7 @@ func Generate(ctx context.Context, queryContext table.QueryContext) ([]map[strin } func getTCCAccessRows(uid, tccPath string) ([]map[string]string, error) { - // querying direclty with sqlite3 avoids additional C compilation requirements that would be introduced by using + // querying directly with sqlite3 avoids additional C compilation requirements that would be introduced by using // https://github.com/mattn/go-sqlite3 cmd := exec.Command(sqlite3Path, tccPath, dbQuery) var dbOut bytes.Buffer