fleet

14540 commits 3355 branches 577 tags 2.4 GiB

Author	SHA1	Message	Date
Ian Littman	e8a6456f13	Don't reuse GitHub HTTP client to pull MSRC feeds (#22493 ) See #22492 As of today, MSRC's API will 401 if you pass it a JWT it doesn't expect, and by reusing the GitHub API HTTP client for MSRC pulls we were passing the API an unexpected JWT. Wasn't able to reproduce this locally because I didn't need a GitHub token locally to pull release details, while the token is populated in Actions. Was able to repro both the issue and this fix inside Actions on my fork. This also updates to call v3.0 of the API directly, which v2.0 has been redirecting to for awhile. Finally, adds slightly better logging so we know which part of the feed generation process we're in when we're running this in Actions. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Manual QA for all new/changed functionality	2024-09-27 21:23:48 -05:00
Lucas Manuel Rodriguez	f52e0a0e8c	Fix to not panic if MSRC for current month is not available (#21749 ) See #21745. --------- Co-authored-by: Ian Littman <iansltx@gmail.com>	2024-09-27 16:59:43 -05:00
Juan Fernandez	7e366272c0	Feature 9386: Parse the Mac Office release notes for vulnerability processing (#9993 ) This PR adds the capability of parsing the release notes posted in https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac into a JSON metadata file (to be released in the NVD repo) and use it for detecting vulnerabilities on Mac Office apps.	2023-02-24 14:18:25 -04:00

Author

SHA1

Message

Date

Ian Littman

e8a6456f13

Don't reuse GitHub HTTP client to pull MSRC feeds (#22493 )

See #22492

As of today, MSRC's API will 401 if you pass it a JWT it doesn't expect,
and by reusing the GitHub API HTTP client for MSRC pulls we were passing
the API an unexpected JWT. Wasn't able to reproduce this locally because
I didn't need a GitHub token locally to pull release details, while the
token is populated in Actions. Was able to repro both the issue and this
fix inside Actions on my fork.

This also updates to call v3.0 of the API directly, which v2.0 has been
redirecting to for awhile.

Finally, adds slightly better logging so we know which part of the feed
generation process we're in when we're running this in Actions.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality

2024-09-27 21:23:48 -05:00

Lucas Manuel Rodriguez

f52e0a0e8c

Fix to not panic if MSRC for current month is not available (#21749 )

See #21745.

---------

Co-authored-by: Ian Littman <iansltx@gmail.com>

2024-09-27 16:59:43 -05:00

Juan Fernandez

7e366272c0

Feature 9386: Parse the Mac Office release notes for vulnerability processing (#9993 )

This PR adds the capability of parsing the release notes posted in https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac into a JSON metadata file (to be released in the NVD repo) and use it for detecting vulnerabilities on Mac Office apps.

2023-02-24 14:18:25 -04:00

Renamed from server/vulnerabilities/msrc/io/msrc.go (Browse further)

3 commits