Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 00:18:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 139

fix: false positives on ms teams on macos (#16048)

Browse source 
> 📜 Related issue: #15538

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
This commit is contained in:
Jahziel Villasana-Espinoza 2024-01-11 11:56:27 -05:00 committed by GitHub
parent 26c070eb00
commit bff2d76b19
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changes/15538-ms-teams Normal file
View file

@ -0,0 +1 @@
- Fixes 2 vulnerability false positives on Microsoft Teams on MacOS.

10
server/service/osquery_utils/queries.go
View file

@ -1307,10 +1307,16 @@ func sanitizeSoftware(h *fleet.Host, s *fleet.Software, logger log.Logger) {
// "Microsoft Teams" on macOS defines the `bundle_short_version` (CFBundleShortVersionString) in a different
// unexpected version format. Thus here we transform the version string to the expected format
// (see https://learn.microsoft.com/en-us/officeupdates/teams-app-versioning).
// E.g. `bundle_short_version` comes with `1.00.622155` and instead it should be transformed to `1.6.00.22155`.
// E.g. `bundle_short_version` comes with `1.00.622155` and instead it should be transformed
// to `1.6.00.22155` || s.Name == "Microsoft Teams (work or school).app".
// Note: in December 2023, Microsoft released "New Teams" for MacOS. This new version of
// Teams uses a completely different versioning scheme, which is documented at the URL
// above. Existing versions of Teams on MacOS were renamed to "Microsoft Teams Classic" and still use
// the same versioning scheme discussed above.
{
checkSoftware: func(h *fleet.Host, s *fleet.Software) bool {
return h.Platform == "darwin" && s.Name == "Microsoft Teams.app"
return h.Platform == "darwin" && (s.Name == "Microsoft Teams.app" || s.Name == "Microsoft Teams classic.app")
},
mutateSoftware: func(s *fleet.Software) {
if matches := macOSMSTeamsVersion.FindStringSubmatch(s.Version); len(matches) > 0 {

14
server/service/osquery_utils/queries_test.go
View file

@ -1650,6 +1650,20 @@ func TestSanitizeSoftware(t *testing.T) {
Version: "2400.1.104",
},
},
{
name: "MS Teams classic on MacOS",
h: &fleet.Host{
Platform: "darwin",
},
s: &fleet.Software{
Name: "Microsoft Teams classic.app",
Version: "1.00.634263",
},
sanitized: &fleet.Software{
Name: "Microsoft Teams classic.app",
Version: "1.6.00.34263",
},
},
} {
t.Run(tc.name, func(t *testing.T) {
sanitizeSoftware(tc.h, tc.s, log.NewNopLogger())