<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #40348
# Details
This PR updates a number of error message on the server to use `fleet`
and `report` instead of `team` or `query` where applicable.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
this is all internal, i don't think it warrants a changelog
## Testing
- [X] Added/updated automated tests
- [ ] QA'd all new/changed functionality manually
I did not go trying to trigger all these errors. It's text changes.
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#40028
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
## Testing
- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Bug Fixes**
* Fixed telemetry misclassification where client-side errors were
incorrectly reported as server errors. Client-side errors and request
cancellations are now properly categorized for improved error tracking
and observability.
* **Tests**
* Added test coverage for client error detection and context
cancellation handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** For #39344
# Details
As a first step to deprecating API params like `team_id` in favor of
`fleet_id` and `query_id` in favor of `report_id`, this PR adds
`renameto` tags to all deprecated keys. There is no logic in this PR to
actually use these tags in any way. The logic and test fixes will be in
the next PR, but in the interest of keeping things manageable I'm
pushing this out first.
There were definitely params with "query" in them that we don't want to
change (mainly osquery-related), and I think I kept them all out but
it's worth double-checking here. The team -> fleet changes are pretty
safe in comparison.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
Deferring changelog to PR with logic changes
## Testing
- [ ] Added/updated automated tests
This should be a no-op. All existing tests shoud pass.
- [X] QA'd all new/changed functionality manually
Refactoring some functionality out of the service package so it can be
reused by a different service package.
- auth middleware
- logging errors
No functional changes.
main task: #19857
subtask: #21392
- For GET /api/v1/fleet/vulnerabilities/{cve} endpoint, added validation
of CVE format, and added a 204 response. The 204 response indicates that
the vulnerability is known to Fleet but not present on any hosts.
- Removed the previous known_vulnerability field implementation
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Update to #19857 after customer feedback.
If the search query is in CVE format (CVE-YYYY-<4+digits>), we always
return if that exact match is a CVE known to Fleet.
# Checklist for submitter
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#19857
For `GET /api/v1/fleet/vulnerabilities` endpoint, added
`known_vulnerability` field to the response. This field is present when
query is a valid CVE format and returns no results. It indicates whether
the vulnerability is in Fleet's DB.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#16906
**IN DRAFT, WAITING ON https://github.com/fleetdm/fleet/pull/16897**
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
#16891
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: Victor Lyuboslavsky <victor@fleetdm.com>
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
