The existing query used a CROSS JOIN with USING(uid), which is not valid
SQL in Fleet/osquery/SQLite and prevented the query from being saved.
This change replaces the CROSS JOIN with a standard JOIN ... ON ...
clause. The explicit ON form was chosen for clarity:
- Makes the join condition (u.uid = vs.uid) explicit to readers
- Avoids the subtle column-merging behavior of USING
This preserves the intended behavior (joining users with their installed
VS Code extensions) while ensuring the query runs correctly in Fleet.
The existing query used a CROSS JOIN with USING(id), which is not valid
SQL in Fleet/SQLite and resulted in a syntax error when saving the
query.
This change replaces the CROSS JOIN with a standard JOIN ... ON ...
clause. The explicit ON form was chosen for clarity:
- Makes the join condition (c.id = p.id) obvious to readers
- Avoids the subtle column-merging behavior of USING
This preserves the intended behavior (joining containers with their
processes by ID) while ensuring the query can be saved and run correctly
in Fleet.
Changes:
- Updated the query for the "Software codesign" host vital. (The vital
was incorrectly using the same query as the "Software (macOS)" host
vital)
Closes: https://github.com/fleetdm/confidential/issues/10005
Changes:
- Updated the vitals in docs/queries.yml to have the latest changes from
docs/contributing/understanding-host-vitals.md (updated the software
vitals for Windows and macOS, added the host certificate vital, added
two python packages vitals)
Softwares query for macOS corrected in Vitals. Was showing query for
linux.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Manual QA for all new/changed functionality
---------
Co-authored-by: Rachael Shaw <r@rachael.wtf>
Changes:
- Updated the query-detail, vital-detail, and policy-detail pages to
have a tab for bash commands.
- Updated queries, vitals, and policies to have a bash command that
returns the same results as the SQL query.
Changes:
- Added powershell commands to windows queries in queries.yml and
windows policies in the standard query library.
- Updated code blocks on the vital details, policy details, and query
details pages to have a tab switcher to switch to view PowerShell
commands.
---------
Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
Related to: https://github.com/fleetdm/confidential/issues/9096
Changes:
- Created docs/queries.yml. A YAML file that contains the queries from
the standard query library (`kind: query`) and the host vitals queries
(`kind: built-in`).
- Added the `vitals/*` page, a page that displays details about host
vital queries used to gather information about.
- Updated the /queries page to show queries from the new
`docs/queries.yml` file, and moved policies to a new page (/policies)
- Updated the view action for the query-detail page to look for/redirect
to a policy page with a matching slug before returning a 404 response if
a matching query is not found. This behavior will make it so all of the
old URLs for policy pages will redirect users to the new URL.
- Updated the website's "Docs" navigation menu to have links to the new
vitals and policies pages.
