From acb297d5051165d58232b05d3c70bd26ef7c9b89 Mon Sep 17 00:00:00 2001
From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Date: Tue, 29 Nov 2022 10:21:55 -0500
Subject: [PATCH] Update "No 1Password recovery kits..." policy (#8800)

* Update "No 1Password recovery kits..." policy

- Update policy in standard query library shown on fleetdm.com
- Update policy in standard templates shown in Fleet UI

* Update policy template shown in UI

* Commit Sharvil's exits to standard query library

* Commit Sharvil's edits to policy templates
---
 .../standard-query-library/standard-query-library.yml           | 2 +-
 frontend/pages/policies/constants.ts                            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
index ecaea091e4..d21bfcc2a6 100644
--- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
+++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
@@ -880,7 +880,7 @@ apiVersion: v1
 kind: policy
 spec:
   name: No 1Password emergency kit stored on desktop or in downloads (macOS)
-  query: SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM file WHERE filename like '%%Emergency Kit%%.pdf' AND (path LIKE '/Users/%%/Downloads/%%' OR path LIKE '/Users/%%/Desktop/%%'));
+  query: SELECT EXISTS(SELECT 1 FROM file WHERE filename like '%Emergency Kit%.pdf' AND (path LIKE '/Users/%%/Downloads/%%' OR path LIKE '/Users/%%/Desktop/%%')) as does_1p_ek_exist;
   description: "Looks for PDF files with file names typically used by 1Password for emergency recovery kits." 
   resolution: "Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location."
   platform: darwin
diff --git a/frontend/pages/policies/constants.ts b/frontend/pages/policies/constants.ts
index 03b9ba882a..25fffbe8c1 100644
--- a/frontend/pages/policies/constants.ts
+++ b/frontend/pages/policies/constants.ts
@@ -426,7 +426,7 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
   {
     key: 38,
     query:
-      "SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM file WHERE filename like '%%Emergency Kit%%.pdf' AND (path LIKE '/Users/%%/Downloads/%%' OR path LIKE '/Users/%%/Desktop/%%'));",
+      "SELECT EXISTS(SELECT 1 FROM file WHERE filename like '%Emergency Kit%.pdf' AND (path LIKE '/Users/%%/Downloads/%%' OR path LIKE '/Users/%%/Desktop/%%')) as does_1p_ek_exist;",
     name: "No 1Password emergency kit stored on desktop or in downloads (macOS)",
     description:
       "Looks for PDF files with file names typically used by 1Password for emergency recovery kits.",