From fc215610a4496e339ce397ed85da51fafc3ee2e0 Mon Sep 17 00:00:00 2001 From: Tomas Touceda Date: Thu, 9 Jun 2022 10:33:49 -0300 Subject: [PATCH] Allow users to customize detail queries for troubleshooting purposes (#6150) * Allow users to customize detail queries for troubleshooting purposes * Address review comments --- changes/issue-6073-customize-queries | 1 + server/service/osquery_utils/queries.go | 15 +++++++++++++++ server/service/osquery_utils/queries_test.go | 14 ++++++++++++++ 3 files changed, 30 insertions(+) create mode 100644 changes/issue-6073-customize-queries diff --git a/changes/issue-6073-customize-queries b/changes/issue-6073-customize-queries new file mode 100644 index 0000000000..fd9677242f --- /dev/null +++ b/changes/issue-6073-customize-queries @@ -0,0 +1 @@ +* Allow users to customize detail queries for debugging purposes diff --git a/server/service/osquery_utils/queries.go b/server/service/osquery_utils/queries.go index a973d8376a..a7c4d80e4d 100644 --- a/server/service/osquery_utils/queries.go +++ b/server/service/osquery_utils/queries.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "net" + "os" "strconv" "strings" "time" @@ -866,5 +867,19 @@ func GetDetailQueries(ac *fleet.AppConfig, fleetConfig config.FleetConfig) map[s generatedMap["scheduled_query_stats"] = scheduledQueryStats } + for _, env := range os.Environ() { + prefix := "FLEET_DANGEROUS_REPLACE_" + if !strings.HasPrefix(env, prefix) { + continue + } + if i := strings.Index(env, "="); i >= 0 { + queryName := strings.ToLower(strings.TrimPrefix(env[:i], prefix)) + newQuery := env[i+1:] + query := generatedMap[queryName] + query.Query = newQuery + generatedMap[queryName] = query + } + } + return generatedMap } diff --git a/server/service/osquery_utils/queries_test.go b/server/service/osquery_utils/queries_test.go index 985c6f3598..1f3c8f1435 100644 --- a/server/service/osquery_utils/queries_test.go +++ b/server/service/osquery_utils/queries_test.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "errors" + "os" "sort" "testing" "time" @@ -441,3 +442,16 @@ func TestDirectIngestChromeProfiles(t *testing.T) { require.NoError(t, err) require.True(t, ds.ReplaceHostDeviceMappingFuncInvoked) } + +func TestDangerousReplaceQuery(t *testing.T) { + queries := GetDetailQueries(&fleet.AppConfig{HostSettings: fleet.HostSettings{EnableHostUsers: true}}, config.FleetConfig{}) + originalQuery := queries["users"].Query + + require.NoError(t, os.Setenv("FLEET_DANGEROUS_REPLACE_USERS", "select * from blah")) + queries = GetDetailQueries(&fleet.AppConfig{HostSettings: fleet.HostSettings{EnableHostUsers: true}}, config.FleetConfig{}) + assert.NotEqual(t, originalQuery, queries["users"].Query) + + require.NoError(t, os.Unsetenv("FLEET_DANGEROUS_REPLACE_USERS")) + queries = GetDetailQueries(&fleet.AppConfig{HostSettings: fleet.HostSettings{EnableHostUsers: true}}, config.FleetConfig{}) + assert.Equal(t, originalQuery, queries["users"].Query) +}