Addresses #19300
- [x] Changes file added for user-visible changes in `changes/`,
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
* /api/latest/fleet/hosts now returns `critical_vulnerabilities_count`
for premium users. This data is held in the new `host_issues` table. The
failing policies total is updated in real-time, while the critical
vulnerabilities total is updated every hour after vulnerabilities job.
* /api/latest/fleet/hosts can be sorted by total_issues_count by
specifying `order_key=issues` query parameter.
#18115
Video commentary:
https://www.loom.com/share/ff4425e217db43d6b3ba4aa075374808
@getvictor TODO: Replacing `disable_failing_policies` with
`disable_issues` will be done in a separate PR.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [x] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [x] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [x] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [x] Manual QA for all new/changed functionality
#19545
`/api/latest/fleet/hosts/:id/lock` returns `unlock_pin` for Apple hosts
when query parameter `view_pin=true` is set
The lock host activity now has a `view_pin` parameter. Frontend change
is needed to reflect this in the UI.
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
> Related issue: #19612
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
for #18977
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
@xpkoala the main things to QA:
- Statistics should be sent by the server to our Heroku service.
- The should be a theoretical small improvement to DB load (using the
reader instance instead of the writer). Not sure it will be measureable.
#19600
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
for #18427
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [ ] Manual QA for all new/changed functionality
/api/latest/fleet/hosts/:id/lock returns `unlock_pin` for Apple hosts
#19545
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
Backend changes for #19010.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
#18733
Added a rule for the affected CVEs and made a change to the `IfIgnore`
func. Manually tested CVE removals with `/tools/nvd/nvdvuln`. Existing
test coverage ensures the rule doesn't cause false negatives on vscode
extensions.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [] Added/updated tests
- [X] Manual QA for all new/changed functionality
#19348
Fixed host details page and device details page not showing the latest
software.
- During software ingestion, software titles are now added if needed and
software items have their title_id field populated.
- In addition, after refreshing via UI, the software will be re-fetched
if it has been modified.
Added `exclude_software` query parameter to the
`/api/latest/fleet/hosts/:id` endpoint to exclude software from the
response.
PR for API doc change: #19617
Related issue filed for the Device User Page:
https://github.com/fleetdm/fleet/issues/19618
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Enable gitops to create teams with no enroll secrets, or clear enroll
secrets for an existing team
#19332
`fleetctl apply` also gains this extra functionality. In `fleetctl
apply` secrets will not be change if one of the following:
- secrets is missing from yml
- They are blank in yml, like: `secrets:`
- They are null in yml, like: `secrets: null`
They will only be cleared with `fleetctl apply` if the user explicitly
sets them to an empty array, like:
- `secrets: []`
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#17375
Updating the osquery flags for 5.12.2
And making the changes so that we can just run `cd server/fleet/ && go
generate` on a macOS host every time we need to do this.
Manual tested by setting `logger_tls_backoff_max` in Fleet agent
settings (which is a 5.12.0 flag).
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Victor Lyuboslavsky <victor.lyuboslavsky@gmail.com>
#18534
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#19365
Assuming we release this fix in 4.51.0:
- Migration from a version without the feature (< 4.50.0) to 4.51.0:
Should disable (set `ai_features_disabled=true`).
- Migration from a version with the feature (>= 4.50.X < 4.51.0) to
4.51.0: Should keep `ai_features_disabled` as-is.
- New installation of Fleet: Should come with AI features enabled
(`ai_features_disabled=false`).
From
https://github.com/fleetdm/fleet/issues/19365#issuecomment-2145825363.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Manual QA for all new/changed functionality
#16393
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
## Addresses #18993
- Return `404` when a user tries to delete team policies from a
non-existent team – see [this precedent in the
codebase](6b3310aa51/server/service/integration_core_test.go (L6212))
for a 404 in this situation
- Add missing authorization check for this action
<img width="1494" alt="Screenshot 2024-06-04 at 6 22 02 PM"
src="https://github.com/fleetdm/fleet/assets/61553566/15b98c7e-5d4b-450c-8403-a062d7d1bd5b">
- [x] Changes file added for user-visible changes in `changes/`,
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
> Related issue; #19526
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Changelog
ADD:
ADD - 18.10.75.1 (L1) Ensure 'Automatic Data Collection' is set to
'Enabled'
ADD - 18.10.92.2 (L1) Ensure 'Enable features introduced via servicing
that are off by default' is set to 'Disabled'
ADD - 18.10.92.4 (L1) Ensure 'Enable optional updates' is set to
'Disabled'
ADD - 18.8 (L2) Ensure 'Remove Personalized Website Recommendations from
the Recommended section in the Start Menu' is set to 'Enabled'
ADD - 18.9.19 (L1) 'Configure security policy processing: Do not apply
during periodic background processing' is set to 'False'
ADD - 18.9.19 (L1) 'Configure security policy processing: Process even
if the Group Policy objects have not changed' is set to 'True'
ADD - 18.9.25 (L1) Ensure 'Configure password backup directory' is set
to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory'
ADD - 18.9.25 (L1) Ensure 'Enable password encryption' is set to
'Enabled'
ADD - 18.9.25 (L1) Ensure 'Post-authentication actions: Actions' is set
to 'Enabled: Reset the password and logoff the managed account' or
higher
ADD - 18.9.25 (L1) Ensure 'Post-authentication actions: Grace period
(hours)' is set to 'Enabled: 8 or fewer hours, but not 0'
ADD - 19.7.38 (L1) Ensure 'Turn off Windows Copilot' is set to 'Enabled'
ADD - 2.3.11 (L1) Ensure 'Network security: Restrict NTLM: Audit
Incoming NTLM Traffic' is set to 'Enable auditing for all accounts'
ADD - 2.3.11 (L1) Ensure 'Network security: Restrict NTLM: Outgoing NTLM
traffic to remote servers' is set to 'Audit all' or higher
REMOVE:
REMOVE - 18.10.76.3 (L1) Ensure 'Prevent bypassing Windows Defender
SmartScreen prompts for sites' is set to 'Enabled'
REMOVE - 5 (L1) Ensure 'Internet Connection Sharing (ICS)
(SharedAccess)' is set to 'Disabled'
REMOVE - 9.1 (L1) Ensure 'Windows Firewall: Domain: Outbound
connections' is set to 'Allow (default)'
REMOVE - 9.2 (L1) Ensure 'Windows Firewall: Private: Outbound
connections' is set to 'Allow (default)'
REMOVE - 9.3 (L1) Ensure 'Windows Firewall: Public: Outbound
connections' is set to 'Allow (default)'
UPDATE:
UPDATE - 18.10.42.7 (L2 -> L1) Ensure 'Enable file hash computation
feature' is set to 'Enabled'
UPDATE - 18.10.86 (L1 -> L2) Ensure 'Turn on PowerShell Script Block
Logging' is set to 'Enabled'
UPDATE - 18.10.86 (L1 -> L2) Ensure 'Turn on PowerShell Transcription'
is set to 'Enabled'
UPDATE - 18.5 'MSS: (AutoAdminLogon) Enable Automatic Logon (not
recommended)' TO 'MSS: (AutoAdminLogon) Enable Automatic Logon'
UPDATE - 18.5 'MSS: (DisableIPSourceRouting IPv6) IP source routing
protection level (protects against packet spoofing)' TO 'MSS:
(DisableIPSourceRouting IPv6) IP source routing protection level'
UPDATE - 18.5 'MSS: (DisableIPSourceRouting) IP source routing
protection level (protects against packet spoofing)' TO 'MSS:
(DisableIPSourceRouting) IP source routing protection level'
UPDATE - 18.5 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and
configure Default Gateway addresses (could lead to DoS)' TO 'MSS:
(PerformRouterDiscovery) Allow IRDP to detect and configure Default
Gateway addresses'
UPDATE - 18.5 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode
(recommended)' TO 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode'
UPDATE - 18.5 'MSS: (ScreenSaverGracePeriod) The time in seconds before
the screen saver grace period expires (0 recommended)' TO 'MSS:
(ScreenSaverGracePeriod) The time in seconds before the screen saver
grace period expires'
UPDATE - 18.5 'MSS: (KeepAliveTime) How often keep-alive packets are
sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes
(recommended)' TO 'Enabled: 300,000 or 5 minutes'
UPDATE - 18.9.50.1 (L2 -> L1) Ensure 'Enable Windows NTP Client' is set
to 'Enabled'
UPDATE - 18.9.50.1 (L2 -> L1) Ensure 'Enable Windows NTP Server' is set
to 'Disabled'
---------
Co-authored-by: Sharon Katz <121527325+sharon-fdm@users.noreply.github.com>
Co-authored-by: Sharon Katz <sharon@fleetdm.com>
#19272
Live queries now work via UI with large (~1 second) replication lag (for
master-replica DB setup).
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
#19152
`fleetctl gitops --dry-run` now errors on duplicate (or conflicting)
global/team enroll secrets.
- One check is done on the backend to check against existing secrets
- Another check is done in fleetctl to detect duplicate secrets coming
in
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Issues https://github.com/fleetdm/fleet/issues/17587,
https://github.com/fleetdm/fleet/issues/18836,
https://github.com/fleetdm/fleet/issues/18837,
https://github.com/fleetdm/fleet/pull/18339, and
https://github.com/fleetdm/fleet/pull/18340
# TODOS
- Integrate backend
- Unit/integration tests
- Various todos noted in comments
- Cleanup styles and organization of components (de-duplicating and
consolidating where possible)
- Activity feed updates (if any)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- [ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.
- [ ] Confirmed that updating the timestamps is acceptable, and will not
cause unwanted side effects.
- [ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).
- [ ] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
---------
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
#11942
To check if you have duplicate software, install multiple python
versions, like:
```shell
brew install python@3.11
brew install python@3.12
```
Then query: `SELECT * FROM python_packages` to see the packages with the
same versions but different paths.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
# Changes
I'm running orbit based osqueryd on a laptop with [Tuxedo
OS](https://www.tuxedocomputers.com/en/TUXEDO-OS_1.tuxedo#).
This OS identifies its platform via osquery as `tuxedo` and is therefore
not recognized by the Fleet server:
```json
{
"err": "unrecognized platform",
"hostID": 76,
"level": "error",
"platform": "tuxedo",
"ts": "2024-05-15T13:17:34.513509387Z"
}
```
This causes policy and scheduled queries to not being run on my system.
With this PR Im adding `tuxedo` to all occurrences found when searching
for `kali`.
Additionally pre-commit checks were failing for me locally as it could
not find the hook-id `RuboCop`. This could be solved by using `rubocop`
instead.
Afterwards all pre-commit checks succeeded locally.
# Checklist for submitter
- [x] Added/updated tests
Signed-off-by: Andreas Ulm <andreas.ulm@prisma-capacity.eu>
> Related issue: #18461
Non-functional change; there were some comments in the embedded script
that referenced Administrator accounts. These references needed to be
removed, as the script can lock out all accounts now.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
relates to #18847
This adds the global and host activities for self service activities.
This also updates the Upcoming host activities to follow the same
pattern as the Host Past activities.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
for #19311
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18119
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] Added/updated tests
- [X] Manual QA for all new/changed functionality
---------
Co-authored-by: RachelElysia <71795832+RachelElysia@users.noreply.github.com>
Co-authored-by: Jacob Shandling <61553566+jacobshandling@users.noreply.github.com>
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
_This PR is the direct-to-`main` replacement for #19096, which merged to
a now-defunct feature branch_
## Addresses #19052
- update config, webhook interfaces, mock
- clean up deprecated Sandbox code
- implement Activity Feed Automations Modal and associated logic
- Also addresses #19284
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
#17309
I added some missing env var replacement tests for policies, queries,
etc.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
> Related issue: #18461
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
for #19179
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
> Related issue: #19014
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Roberto Dip <rroperzh@gmail.com>
Additional telemetry stats to report to Heroku.
FYI - @eashaw, we could later add to datadog as well.
---------
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
## Addresses #18881 and #18858
- Fix the bugs, memoize various props to optimize table rendering
## QA
In addition to the bugs outlined in the addressed issue, this PR
contains rendering optimizations. Please check these functionalities,
which should be unaffected (and were so in my own testing) but should be
double-checked:
- [ ] create query
- [ ] delete query
- [ ] empty state
- [ ] changing platform dropdown
- [ ] different sort orders
- [ ] delete query from table action
- [ ] results count change
## Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
#18838
1. During software ingestion, switched to updating `last_updated_at` as
a batch for 1 host.
2. Removed `DELETE FROM software` statement that ran for every host
update (where software was deleted). This is only done now during the
vulnerability job.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
For #16795, this:
- Updates Go to go1.22.3
- Per
https://github.com/fleetdm/fleet/issues/16795#issuecomment-2100450618, I
also ran the following to update the versions requested by @getvictor
```
go get github.com/kataras/golog@v0.1.12
go get github.com/kataras/iris/v12@v12.2.11
go get github.com/sethvargo/go-password@v0.3.0
```
**Notes**
After this is merged people will need to update their Go version. I use
gvm and I did it like:
```
$ gvm install go1.22.3
$ gvm use go1.22.3 --default
```
**Relevant changes**
The release notes mention:
> Previously, the variables declared by a “for” loop were created once
> and updated by each iteration. In Go 1.22, each iteration of the loop
> creates new variables, to avoid accidental sharing bugs.
However, we already have a lint rule (see
https://github.com/fleetdm/fleet/pull/13877) for this scenario, so it
shouldn't affect us.
> Related issue: #19153
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
Feature cleanup
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
No related issue, just cleanup work on the feature
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18838 and #18986
Optimized master DB accesses during host software ingestion.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18766
Fixed a bug where updating user via `/api/v1/fleet/users/:id` endpoint
sometimes did not update the activity feed and returned the un-updated
user object.
You must use a DB configuration with a replica to reproduce the issue.
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18944
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18477
Built-in labels can now be applied via `fleetctl apply` as long as no
changes are made to them. This allows the following workflow:
1. `fleetctl get labels --yaml > labels.yml`
2. (Optional) Edit/add non-built in labels in labels.yml
3. fleetctl apply -f labels.yml
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Tim Lee <timlee@fleetdm.com>
#18467
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- ~[ ] If database migrations are included, checked table schema to
confirm autoupdate~
- ~For database migrations:~
- ~[ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.~
- ~[ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~
- ~[ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).~
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
#18221
Broke apart the hourly host_software count query to reduce the
individual query runtime. This fixes timeouts seen when host_software
table has over 25 million records.
I recommend hiding whitespace during review:
<img width="240" alt="image"
src="https://github.com/fleetdm/fleet/assets/2685025/6da9b643-8582-4d2f-bf32-8a1cc38f1032">
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
> Related issue: #18330
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
## Notes
- ~I added an `includeTitle bool` parameter to
`ds.GetSoftwareInstallerMetadata`. This allows for the title of the
software (from the `software_titles` page) to be fetched in
`svc.DeleteSoftwareInstaller` without an additional call to the DB.~ We
wound up deciding to just fetch the title every time.
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
#18808
Added the new `sofa_security_release_info` and `sofa_unpatched_cves`
tables from `macadmins/osquery-extension` 1.0.1
These tables do not have detailed documentation in macadmins repo, so
not adding documentation at this point.
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
- For Orbit and Fleet Desktop changes:
- [x] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [x] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
#12619
Fixed MySQL sort buffer overflow when fetching activities. This issue
happened when activities contained very large details, such as large SQL
queries.
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- Existing tests provide sufficient coverage
- [x] Manual QA for all new/changed functionality
#16562
Optimized policy_stats updates to NOT lock the policy_membership table.
This should improve deployment performance with many global policies and
team hosts.
The original implementation that used INSERT ... SELECT (SELECT
COUNT(*)) ... caused performance issues. Given 50 global policies, 10
teams, and 10,000 hosts per team, the INSERT query took 30-60 seconds to
complete. Since it was an INSERT query, it blocked other hosts from
updating their policy results in policy_membership.
Now, we separate the INSERT from the SELECT, since SELECT by itself does
not block other hosts from updating their policy results. In addition,
we process one global policy at a time, which reduces the time to
complete the SELECT query to <2 seconds, and limits the memory usage. We
are not using a transaction to reduce locks. This means that INSERT may
fail if the policy was deleted by a parallel process. Also, the INSERT
may overwrite a clearing of the stats. This is acceptable, since these
are very rare cases. We log and proceed in that case.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18079
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] If database migrations are included, checked table schema to
confirm autoupdate
- For database migrations:
- ~[ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.~
- ~[ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~
- ~[ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).~
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
#18039
Fixed ingestion of private IPv6 address from agent. Host details page
can now display private IPv6 address if private IPv4 does not exist.
How to set up an IPv6-only host:
https://www.loom.com/share/5e205549b6484df88702c27a5aa5a3ee
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
relates to #18326
Add ability to add software from the UI. This includes
- new button on software page to open add software modal
- new add software modal to add software.
> Note: still need to do form error validation but will do on another PR
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
#16677
Improvements to `fleetctl gitops` command:
- Added the ability to pass multiple files, like `fleetctl gitops -f
file1 -f file2`, where the first file must be the global configuration
- Added the ability to remove teams that were not specified in team
configs using the switch `--delete-other-teams`
- When passing a global config and team config during initial
configuration, the `org_settings.mdm.apple_bm_default_team` value can be
set to match the team that will be created by the provided team config.
After these changes are released to prod, we can update
https://github.com/fleetdm/fleet-gitops to use the new switches: #18692
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18464
Added `/fleet/autofill/policy` endpoint to get autogenerated policy
description and resolution for a given SQL query.
Added `server_settings.ai_features_disabled` setting to disable the
above endpoint.
For Google calendar integration,
- changed the event title to: "💻🚫 Scheduled maintenance"
- updated event description to include policy description and resolution
if only one policy is failing
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Luke Heath <luke@fleetdm.com>
#16562
Updated MySQL host_operating_system insert statement to reduce table
lock time.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- Existing tests provide full coverage of the changes.
- [x] Manual QA for all new/changed functionality
#18157
When updating a policy's 'platform' field, the aggregated policy stats
are now cleared.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18173
Creates a detached child shell process to wipe the host. This lets the
main shell script return and tells the server the command has completed,
clearing it from the run queue.
Now shuts the host down after being wiped instead of leaving it running
without files like a zombie
#18424
I believe the hosts users for linux broke when we added Chrome support
(https://github.com/fleetdm/fleet/pull/10281/files).
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [x] Added/updated tests
- ~[ ] If database migrations are included, checked table schema to
confirm autoupdate~
- ~For database migrations:~
- ~[ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.~
- ~[ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~
- ~[ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).~
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
#16989
API draft PR: #17809.
UI draft PR: #18243.
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- ~[ ] If database migrations are included, checked table schema to
confirm autoupdate~
- ~For database migrations:~
- ~[ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.~
- ~[ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~
- ~[ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).~
- [X] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
relates to #18389
This fixes an issue with some signed apple mobileconfig profiles were
not able to be uploaded.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
relates to #18483
This fixes an issue with downloading a manual enrollment profile on the
device user page. This changes how we download the file to use an anchor
tag and default browser behaviour instead of doing it in JS with the
FileSaver library.
We will probably want to remove all FileSaver library implementations in
the future
#18126
Ignoring Valve Corporation's Steam client's vulnerabilities on Windows
and macOS
- On Windows and macOS, the true version of the Steam client (like
2021-04-10) cannot be retrieved by standard methods used on other
software. We would need to create custom logic to retrieve the version
of the Steam client.
- Steam client automatically updates itself, so security risk is
somewhat mitigated.
QA note: Items from software_cve table are cleared after 2 hours.
# Checklist for submitter
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
For calendar integration, calendar event no longer created when policy
has an invalid SQL query.
#18350
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
#18299
Fixed fleetctl gitops dry-run validation issues when enabling calendar
integration for the first time.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] Manual QA for all new/changed functionality
relates to #17031
Adds functionality to create manual labels in fleet.
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [x] Added/updated tests
- [x] M0anual QA for all new/changed functionality
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
#17695
The windows exit code is a 32-bit unsigned integer, but the command
interpreter treats it like a signed integer. When a process is killed,
it returns 0xFFFFFFFF (interpreted as -1). We convert the integer to an
signed 32-bit integer to flip it to a -1 to match our expectations, and
fit in our db column.
https://en.wikipedia.org/wiki/Exit_status#Windows
FIxed on both the client and server side.
#16767
To create a manual label:
```sh
cat labels.yml
---
apiVersion: v1
kind: label
spec:
name: Manually Managed Example
label_membership_type: manual
hosts:
- lucass-macbook-pro.local
```
To add/delete a manual label to/from a host:
```
curl -k -v -X POST -H "Authorization: Bearer $TEST_TOKEN" https://localhost:8080/api/latest/fleet/hosts/1/labels -d '{"labels": ["Manually Managed Example"]}'
curl -k -v -X DELETE -H "Authorization: Bearer $TEST_TOKEN" https://localhost:8080/api/latest/fleet/hosts/1/labels -d '{"labels": ["Manually Managed Example"]}'
```
API draft changes: https://github.com/fleetdm/fleet/pull/16979/files
Figma with error strings:
https://www.figma.com/file/JiWoAiuHlkt76s3o3Uyz6h/%2316767-API-endpoint-for-updating-a-host's-manual-labels?type=design&node-id=2-130&mode=design&t=pxRPhrn6E1bOCrEd-0
- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
~- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- ~[ ] If database migrations are included, checked table schema to
confirm autoupdate~
- ~For database migrations:~
- ~[ ] Checked schema for all modified table for columns that will
auto-update timestamps during migration.~
- ~[ ] Confirmed that updating the timestamps is acceptable, and will
not cause unwanted side effects.~
- ~[ ] Ensured the correct collation is explicitly set for character
columns (`COLLATE utf8mb4_unicode_ci`).~
- [x] Manual QA for all new/changed functionality
- ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
