We need to patch some security issues with version updates, but
Storybook dependencies currently block them. This updates Storybook and
all addons to the latest version. I test building and serving Storybook
locally and no issues.
## Addresses #11037
### Implement the `privacy_preferences` table for the Fleetd Chrome
extension. Columns correspond to the available properties of
[`chrome.privacy`](https://developer.chrome.com/docs/extensions/reference/privacy/).
Chrome on mac:
<img width="816" alt="Screenshot 2023-06-23 at 11 55 21 AM"
src="https://github.com/fleetdm/fleet/assets/61553566/a4700749-6325-442e-acf2-c14b1c9adf8f">
Chromebook with enterprise access (actual use case):
* Chromebook w/o enterprise access: as you can see, sometimes certain
APIs are not available - this error occurs because the expected API
object that would have a `get` method is actually `undefined` TODO – How
to handle this case given that we want to let errors bubble up to the
level at which Fleet can catch them? Maybe it would be nice to catch
such errors and send them up to the Fleet layer, and still allow the
loop to continue to populate the columns whose APIs _are_ available.
_Decision: catch API errors here to preserve functionality of the
remaining columns_
- [x] Changes file
- [x] Manual QA
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
## Addresses
[confidential/2940](https://github.com/fleetdm/confidential/issues/2940)
Patched a potential security issue in UI
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Changes file added for user-visible changes in `changes/`
- [x] Manual QA for all new/changed functionality
---------
Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
Upgrades webpack and other JS dependencies. This was primarily motivated
by GitHub reporting a vulnerability in Webpack (which shouldn't actually
effect our use of Webpack) and wanting to clean up some tech debt.
Note that equivalent functionality for url-loader and file-loader is now
included in webpack itself.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
import-glob-loader has a very old loader-utils dependency that triggers
security alerting. Hoping that replacing this will allow the
loader-utils version to be updated.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Manual QA for all new/changed functionality
Bumps
[http-cache-semantics](https://github.com/kornelski/http-cache-semantics)
from 4.1.0 to 4.1.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2449650435"><code>2449650</code></a>
Update mocha</li>
<li><a
href="560b2d8ef4"><code>560b2d8</code></a>
Don't use regex to trim whitespace</li>
<li><a
href="b1bdb92638"><code>b1bdb92</code></a>
Remove linting package zoo</li>
<li><a
href="c20dc7eeca"><code>c20dc7e</code></a>
Cache 308</li>
<li>See full diff in <a
href="https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/fleetdm/fleet/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* create new components for query side panel
* add reusable icon component that uses svg for icons
* integrate with new osquery_fleet_schema.json data
* update UI to work with osquery_fleet_schema.json
* add remark-gfm to safely support direct urls in markdown
* move fleet ace into markdown component so we can render code with ace editor
* add testing for new query sidebar
* remove incomplete tests for query sidepanel
* add google analytics to sandbox instances
* Add serverType variable to frontend handler
* update version of html-webpack-plugin
Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com>
* Allow sort by more than one key
* forcing 404 page where entity ids do not exist
* refactored error boundary; handling 404s now
* added 403 overlay; refactored auth wrappers
* fixed test for maintainer
* more efficient fetches; test fixes
* clarify comment
* clean up
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
* Replace content editables with textboxes
* Change log
* removed lib
* fixed bugs; no error handling for empty name
* lint fixes
* fixed query test
* lint fixes
* corrected query test
* bug fix; save modal didn't open for new query
Co-authored-by: Martavis Parker <martavis@auraticdevelopment.com>
* Step 1 for improving query experience (#1591)
* fake change to create draft PR
* temp routes to work and not modify old query page
* created new API abstraction for query
* refactored App.jsx to prepare react-query
* fixed flow of redirects after page refresh; functional component added
* setup for getting data on edit
* implementing functions for query page
* Old form showing on new setup
* improving and breaking up query form
* no need for the helpers anymore; clean up
* added type for button component variant
* step toward new save modal; have to switch gears to #1619
* creating new query works
* clean up
* linting cleanup
* added default value for new query
* will address dynamic save disabled in edit step
* Step 2 for improving query experience (select targets) (#1732)
* fake change to create draft PR
* temp routes to work and not modify old query page
* created new API abstraction for query
* refactored App.jsx to prepare react-query
* fixed flow of redirects after page refresh; functional component added
* setup for getting data on edit
* implementing functions for query page
* Old form showing on new setup
* improving and breaking up query form
* no need for the helpers anymore; clean up
* added type for button component variant
* step toward new save modal; have to switch gears to #1619
* creating new query works
* clean up
* linting cleanup
* added default value for new query
* split steps into separate files for readability
* components laid out
* new targets picker
* function clean up
* styling tables
* fixing logic
* fixed logic to keep getting related hosts
* formatting targets for API
* fixed default query
* clean up
* styled target selectors; fixed target input styles
* began total count
* forgot to remove debugging code
* lint fixes
* added target count from API
* clean up
* able to remove selected host targets from table
* lint fixes
* Improving query experience - Step 3 (query results) (#1766)
* fake change to create draft PR
* temp routes to work and not modify old query page
* created new API abstraction for query
* refactored App.jsx to prepare react-query
* fixed flow of redirects after page refresh; functional component added
* setup for getting data on edit
* implementing functions for query page
* Old form showing on new setup
* improving and breaking up query form
* no need for the helpers anymore; clean up
* added type for button component variant
* step toward new save modal; have to switch gears to #1619
* creating new query works
* clean up
* linting cleanup
* added default value for new query
* split steps into separate files for readability
* components laid out
* new targets picker
* function clean up
* styling tables
* fixing logic
* fixed logic to keep getting related hosts
* formatting targets for API
* fixed default query
* clean up
* styled target selectors; fixed target input styles
* began total count
* forgot to remove debugging code
* lint fixes
* added target count from API
* clean up
* able to remove selected host targets from table
* lint fixes
* connected run query with modern React/JS; clean up
* linting fixes
* fixed logic to retrieve results from live query
* linting fixes
* created new, simpler query progress
* populating results and errors tables as expected
* syntax fixes
* fixing styles for query results
* more styling for query results
* manual merge from main
* Rename core->free and basic->premium
* Fix lint js
* Comment out portion of test that seems to timeout
* Rename tier to premium if basic is still loaded
* go sum
* Query Experience Cleanup Tasks (#1807)
* fixes to get merged main branch to build and work
* moved screens for query pages; clean up
* updated and typed react ace for query form; clean up
* using console error instead
* added real types instead of `any` except for errors
* query side panel ts and functional. prep for close task.
* ability to hide, show query table sidebar
* improved live query status warning
* added loading and error state for targets search
* error screen for targets; improved loading display
* now using API-created label for all linux
* missed some files on previous commit
* able to edit query
* clean up
* lint fixes
* query results showing as they come
* remove unused code
* removed old query page. major file cleanup.
* removed selectedTargets redux implementation
* removed unused redux actions and reducers
* removed unused keys in initial state
* selectedOsqueryTable is now using context API
* removed all querypages redux code
* set up context for app and user
* fixed auth with temp fix for wrapper
* completed redux removal from query page
* fixed var names coming from main branch
* fixed var name changes coming from issue 1501
* fixed save popup bug; clean up
* added permissions
* fixed login redirect
* removed unused props
* linting fix
* clean up
* removed unused component, refactor, and clean up
* fixed styles for step 1 as admin
* fixed styles for step 1 as observer
* fixed percentage of online hosts
* added loading progress to query stop button
* reset query status on run again
* added download icon to export button text
* fixed error reset on name input; fixed styles
* fixed bug where query value wasn't saving
* fixed query value when blank
* fixed bug - default query was running every time
* auto adding host from url to targets
* fixed flows for repeating run and save steps
* fleet ace is now TS and functional
* fixed a couple of tests
* fixed issues with query value text inconsistencies
* fixed query side panel not showing
* hiding error count if not > 0
* fixed showing editor for different roles
* using integer for targets
* go sum
* fixed targets param
* catching all errors while running query
* fixed hover state for title and description
* ignore unit test for now; lint fixes
* locking react-ace version
* ignoring tests breaking in github actions
* brought tests back
* fixing file name
* fixing file name again
* fixed e2e test
* have to ignore tests for now
* ignore certain premium tests for now
* one last test to revamp
* another test
* fixed teamflow test
* fixed observer query 403
* lint fixes
* fixed maintainer test
* added changes file
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
* add messaging in autocomplete dropdown to show reason why user cannot be selected
* user permission utils
* doc autocomplete dropdown and move it closer to wehre its used
* test for select teams form
* test for data table and transfer host endpoint
gss
* moving host actions and entities to ts
* change host transfer to new endpoint:
* added more tests to data table
* change some comments
* change import path
* fix build TS errors
* change data table test string
* Team managers can configure agent_options for each team
* Previous osquery_options now passes teamId for team.agent_options
* Code conversions: JS to TS, global to team specific, class components to functional components
(Linting errors on PR are just those external broken links)
* added reducers and kolide api teams code, hooked up empty state
* request for get all teams and remove unused loading bar
* added create team functionality|gs
* update link cell to be more generic
* create teams detail page and hook it up
* added tabbing and styling to top nav team details
* added edit and delete modal functionality
* add in table and modals for members for teams
* created reusable edit user modal and use it in manage teams page
* creating add member autocomplete
* hook up adding members to teams
* hook up real members from api into table, and empty state for table
* fix proptype warning
* hooked up table querying for member page
* added remove member modal
* added tems to edit useres on member page
* finish remove member from team
* fixed up editing on members page
* fix the role value in member table
* fix prettier errors
* fixes from PR comments round 1
* add missing error handler on add member
* add dynamic team name to member page and user dynamic user and team names to succuess and errors
* add test for userManagementHelper module
* fix lint errors
* fix tests
* add member test to row results on member page
- Use NODE_ENV=development for Webpack in CI.
- Add caching for Webpack modules in development.
- Remove time of day from dates in version string (helps with build caching).
- Use Go cache in CI.
This makes about a 20% savings on the total time for the CI run.
* create skeleton of team management page and hook it up with routing
* added reducers and kolide api teams code, hooked up empty state
* request for get all teams and remove unused loading bar
* fix sending teams response to store
* added create team functionality|gs
* added edit and delete fuctionality to teams management
* fixed up some edge cases for deleting and editing teams
* remove unused UserRow
* get list of teams for user to add new users to, fix up Userform
* add prettier and have it format all js code except website:
:
* trying running prettier check in CI
* fix runs on in CI
* change CI job name
* fix prettier erros and fix CI
Label flow
- Create a new label and make sure it shows up on the hosts page
- Edit the label name
- Delete the label
Query flow
- Create a new saved query
- Edit the query
- Delete the query
Pack flow
- Create a pack
- Edit the pack name
- Schedule a query
- Remove a query from the pack
- Delete the pack
Closes#597
- unhandledPromiseRejection errors caused test failures on Node 15.
Instead verbose log these for later followup.
- Fix uses of Nock in tests
- Fix some warnings in tests
- Upgrade some test dependencies
* e2e test for manage user page, and updating styles for ui components
* make checkbox more accessible and create e2e test around creating user
* add react testing library and use it for radio testing
* clean up comments
* update docs and clean up
* start with making nav horizontal and updating nav and main content areas
* remove unneded subnav styling and JS code
* remove unused isSmallNav and --small styles
* remove isSmallNav in reducer and fix tests
* change 'admin' to 'settings'
* remove unnneded username to logo
* change account page urls
* Add user avatar dropdown to nav
* remove unused background colour on company logo
* get tabbing to work correctly
* implement styling of tab and page descriptions
* change default settings nav to organisation settings
* remove more unneeded subnav code
* fix some broken tests after changes
* pull out getdefaultTabIndex in settingsWrapper
* sticky sub nav for settings pages
* tweak zindex for setting subnav
* updated yarn.lock
* update icons
* fix collapsing nav items
* tweak avatar dropdown styles
* remove sidebar on osquery page
Beginning of an e2e testing framework for the fleet application.
This uses [Cypress](https://www.cypress.io/) to implement a first end-to-end test in Fleet.
* chnage webpack to resolve typescript modules. convert TextCell to TS
* change headercell and statuscell to ts
* ignore casesensitve error, seems a bit buggy
* ignore camelcase error, we already use snakecase many places
* updated LinkCell and modules it depends on to typescript
* fix up some warnings from changes
* fix more types in textcell and hosttableconfig
* use alias imports
* add require button state interfcae
* updated typescript version and tsconfig in project
* updated eslint version
* change from experimental export to supported export
* removed accidentally added script
* turn off buggy jsx-a11y eslint rules
* remove unused tslint.json
* fix wrong jsx-a11y depedency
* use correct eslint-plugin-jsx-a11y version
* fix rest of linting errors
* move back js-yaml version to 3 major
* start adding global search filter
* update polyfill setup to use async await for react-table
* update browerslist to sensible defaults
* get global search functionality woring
* more progress on the data table
* get label network calls working in hostdatatable
* get pagination functionality into the HostDataTable
* get search query making network call
* get ordering making query
* make actual sort order network calls
* disable cpu column sorting
* seperate get table data from get labels
* fix issues with input resetting and got search query working
* get sort working
* ignore vs code editor settings
* improve loading spinner to move inside the table
* improve styling
* add sorting arrows
* remove unused sorting arrow component
* add host query params to labels endpoint
* fix style for query textarea on label hosts
* got new pagination working
* set server data as source of truth for table global filter
* cleanup logs
* clean up pagination styles
* fix up paginationa and no host styles
* add result count to table
* remove logs
* tweak header styles
* fix to sort order
* simplify default sort direction
* keep sort order of server api responses and use in host table
* clean up logs
* Add styles for header cell and pagination
* fix tests for ManageHostPage
* fix tests for HostContainer
* fix lower level action reducer and thunk tests
* fix tests for hosts client
* fix up some host count styling
* added back no hosts start message
* fix linting errors
* remove unused old pagination code
* add back scrollToTop utility on pagination
* remove unused code in managehostpage test
Co-authored-by: Noah Talerman <noahtal@umich.edu>
* recreate host table with react-table
* move old host table and container next to other code related to host page
* start replacing old host table with new host table
* replace old table with with new data table
* fix up tests and remove some unused code
* update react-redux to 7.7.2
* update redux to 4.05
* update react to 17.0.1
* Revert "update react to 17.0.1"
This reverts commit 004f3bb5a9e26bfcea9e921a2093adcc1e95068f.
This PR adds a new Host details page as part of the Hosts UI project #162
Summary of changes:
- New component <HostDetailsPage />
- Move "Query" and "Delete" buttons from the hosts list to the Host details page
- Add new button variants label and text-link
- Add react-tooltip package to the project (v4.2.13)
Resolves a GitHub security alert about node-notifier (https://github.com/advisories/GHSA-5fw9-fq32-wv5p). This was unlikely
to be relevant in the case of Fleet where this was used only as a
development dependency.
- Move from Mocha to Jest for JS testing (Jest seems to have better support for
'watching' tests and a more active community these days).
- Codemod existing tests to Jest syntax (using https://github.com/skovhus/jest-codemods)
- Fix some errors in tests that were previously hidden.
- Update Babel.
- Output easy to parse stack traces during run of tests
- Fix some spurious warnings and errors in tests
- Add --exit flag to Mocha invocation to fix hang due to timers in ACE editor
Created 3 new components: <OsqueryOptionsPage /> , <OsqueryOptionsForm />, and <YamlAce />
The <OsqueryOptionsPage /> component is rendered at the new route /admin/osquery. The user navigates to this route by selecting the "Osquery Options" sub-navigation in the admin dropdown menu.
On the Osquery Options page, the user is presented with a ACE editor filled with the current osquery options. The current osquery options are retrieved from the serve when the page component mounts. These current osquery options are stored in the osquery slice of state.
Clicking "UPDATE OPTIONS" will trigger a form submit and hit the v1/kolide/spec/osquery_options endpoint if the yaml is valid. If the yaml is not valid, an error message is presented to the user with details on what the error is and where it occurred. If the yaml is valid, the osquery options will be updated even if the options haven't change.
There was a prototype pollution vulnerability in 4.17.11 that is
unlikely to have high impact on Fleet due to all JS executing on the
client side. Upgrading lodash to satisfy security warnings from
Github.
