Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-02 10:57:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 124
fleet/cmd/maintained-apps/validate/darwin.go
Victor Lyuboslavsky 44c6aee5c7
Converted osquery_utils to slog (#39883) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #38889 

Plan was to convert `osquery_utils` package to slog. Picked up some
additional code that was related.

# Checklist for submitter

- [ ] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
  - Already have changes

## Testing

- [x] Added/updated automated tests
- [x] QA'd all new/changed functionality manually


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

# Release Notes

## Refactor
* Updated internal logging infrastructure to use improved system-level
logging utilities

## Tests
* Updated test suite to align with internal logging changes

---

**Note:** This release contains internal infrastructure improvements
with no user-facing changes or new features.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-16 15:43:59 -06:00

307 lines
11 KiB
Go
Raw Blame History

//go:build darwin
package main
import (
"context"
"encoding/json"
"fmt"
"log/slog"
"os"
"os/exec"
"path/filepath"
"strings"
"time"
"github.com/fleetdm/fleet/v4/orbit/pkg/constant"
"github.com/fleetdm/fleet/v4/orbit/pkg/scripts"
"github.com/fleetdm/fleet/v4/server/fleet"
queries "github.com/fleetdm/fleet/v4/server/service/osquery_utils"
)
var preInstalled = []string{
"firefox/darwin",
}
func postApplicationInstall(ctx context.Context, appLogger *slog.Logger, appPath string) error {
if appPath == "" {
return nil
}
appLogger.InfoContext(ctx, fmt.Sprintf("Forcing LaunchServices refresh for: '%s'", appPath))
err := forceLaunchServicesRefresh(appPath)
if err != nil {
return fmt.Errorf("Error forcing LaunchServices refresh: %v. Attempting to continue", err)
}
appLogger.InfoContext(ctx, fmt.Sprintf("Attempting to remove quarantine for: '%s'", appPath))
quarantineResult, err := removeAppQuarantine(appPath)
appLogger.InfoContext(ctx, fmt.Sprintf("Quarantine output error: %v", quarantineResult.QuarantineOutputError))
appLogger.InfoContext(ctx, fmt.Sprintf("Quarantine status: %s", quarantineResult.QuarantineStatus))
appLogger.InfoContext(ctx, fmt.Sprintf("Spctl output error: %v", quarantineResult.SpctlOutputError))
appLogger.InfoContext(ctx, fmt.Sprintf("spctl status: %s", quarantineResult.SpctlStatus))
if err != nil {
return fmt.Errorf("Error removing app quarantine: %v. Attempting to continue", err)
}
return nil
}
type QuarantineResult struct {
QuarantineOutputError error
QuarantineStatus string
SpctlOutputError error
SpctlStatus string
}
func removeAppQuarantine(appPath string) (QuarantineResult, error) {
var result QuarantineResult
cmd := exec.Command("xattr", "-p", "com.apple.quarantine", appPath)
output, err := cmd.CombinedOutput()
if err != nil {
result.QuarantineOutputError = fmt.Errorf("checking quarantine status: %v", err)
}
result.QuarantineStatus = fmt.Sprintf("Quarantine status: '%s'", strings.TrimSpace(string(output)))
cmd = exec.Command("spctl", "-a", "-v", appPath)
output, err = cmd.CombinedOutput()
if err != nil {
result.SpctlOutputError = fmt.Errorf("checking spctl status: %v", err)
}
result.SpctlStatus = fmt.Sprintf("spctl status: '%s'", strings.TrimSpace(string(output)))
cmd = exec.Command("sudo", "spctl", "--add", appPath)
if err := cmd.Run(); err != nil {
return result, fmt.Errorf("adding app to quarantine exceptions: %w", err)
}
cmd = exec.Command("sudo", "xattr", "-r", "-d", "com.apple.quarantine", appPath)
if err := cmd.Run(); err != nil {
return result, fmt.Errorf("removing quarantine attribute: %w", err)
}
return result, nil
}
func forceLaunchServicesRefresh(appPath string) error {
cmd := exec.Command("/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister", "-f", appPath)
if err := cmd.Run(); err != nil {
return fmt.Errorf("forcing LaunchServices refresh: %w", err)
}
time.Sleep(2 * time.Second)
return nil
}
// normalizeVersion removes common suffixes from version strings
func normalizeVersion(v string) string {
suffixes := []string{"-latest", "-beta", "-alpha", "-rc", "-pre"}
normalized := v
for _, suffix := range suffixes {
normalized = strings.TrimSuffix(normalized, suffix)
}
return normalized
}
// checkVersionMatch checks if the expected version matches any of the found versions
// using various matching strategies: exact match, normalization, concatenation, and prefix matching
func checkVersionMatch(expectedVersion, foundVersion, foundBundledVersion string) bool {
// Check exact matches first (no normalization needed)
if expectedVersion == foundVersion || expectedVersion == foundBundledVersion {
return true
}
// Only normalize if exact match failed (lazy normalization)
normalizedExpected := normalizeVersion(expectedVersion)
normalizedFound := normalizeVersion(foundVersion)
normalizedBundled := normalizeVersion(foundBundledVersion)
// Check normalized exact matches
if normalizedExpected == normalizedFound || normalizedExpected == normalizedBundled {
return true
}
// Check if expected version is a concatenation of short version + bundled version
// This handles cases like "1.4.230579" = "1.4.2" + "30579" or "1.4.2.30579" = "1.4.2" + "." + "30579"
// Only check concatenation if the expected version is longer than the short version alone,
// which indicates it might be a concatenation (avoids false positives)
if foundVersion != "" && foundBundledVersion != "" && len(expectedVersion) > len(foundVersion) {
// Try direct concatenation (no separator)
concatenated := foundVersion + foundBundledVersion
if expectedVersion == concatenated {
return true
}
// Check normalized concatenation
normalizedConcatenated := normalizedFound + normalizedBundled
if normalizedExpected == normalizedConcatenated {
return true
}
// Try concatenation with dot separator
concatenatedWithDot := foundVersion + "." + foundBundledVersion
if expectedVersion == concatenatedWithDot {
return true
}
normalizedConcatenatedWithDot := normalizedFound + "." + normalizedBundled
if normalizedExpected == normalizedConcatenatedWithDot {
return true
}
}
// Check if found version starts with expected version (handles suffixes like ".CE")
// This handles cases where the app version is "8.0.44.CE" but expected is "8.0.44"
if strings.HasPrefix(foundVersion, expectedVersion+".") ||
strings.HasPrefix(foundBundledVersion, expectedVersion+".") {
return true
}
if strings.HasPrefix(normalizedFound, normalizedExpected+".") ||
strings.HasPrefix(normalizedBundled, normalizedExpected+".") {
return true
}
// Check if expected version starts with found version (handles cases where osquery reports shorter version)
// This handles cases where expected is "2025.2.1.8" but osquery reports "2025.2"
if strings.HasPrefix(expectedVersion, foundVersion+".") {
return true
}
if strings.HasPrefix(normalizedExpected, normalizedFound+".") {
return true
}
// Also check bundled version for prefix matches
if strings.HasPrefix(expectedVersion, foundBundledVersion+".") {
return true
}
if strings.HasPrefix(normalizedExpected, normalizedBundled+".") {
return true
}
return false
}
func appExists(ctx context.Context, logger *slog.Logger, appName, uniqueAppIdentifier, appVersion, appPath string) (bool, error) {
execTimeout, cancel := context.WithTimeout(ctx, 30*time.Second)
defer cancel()
if err := validateSqlInput(appName); err != nil {
return false, fmt.Errorf("Invalid character found in appName: '%w'. Not executing query...", err)
}
if err := validateSqlInput(uniqueAppIdentifier); err != nil {
return false, fmt.Errorf("Invalid character found in uniqueAppIdentifier: '%w'. Not executing query...", err)
}
if err := validateSqlInput(appPath); err != nil {
return false, fmt.Errorf("Invalid character found in appPath: '%w'. Not executing query...", err)
}
logger.InfoContext(ctx, fmt.Sprintf("Looking for app: %s, version: %s", appName, appVersion))
query := `
SELECT
COALESCE(NULLIF(display_name, ''), NULLIF(bundle_name, ''), NULLIF(bundle_executable, ''), TRIM(name, '.app') ) AS name,
path,
bundle_short_version,
bundle_version
FROM apps
WHERE
bundle_identifier LIKE '%` + uniqueAppIdentifier + `%' OR
LOWER(COALESCE(NULLIF(display_name, ''), NULLIF(bundle_name, ''), NULLIF(bundle_executable, ''), TRIM(name, '.app'))) LIKE LOWER('%` + appName + `%')
`
if appPath != "" {
query += fmt.Sprintf(" OR path LIKE '%%%s%%'", appPath)
}
cmd := exec.CommandContext(execTimeout, "osqueryi", "--json", query)
output, err := cmd.Output()
if err != nil {
return false, fmt.Errorf("executing osquery command: %w", err)
}
type AppResult struct {
Name string `json:"name"`
Path string `json:"path"`
Version string `json:"bundle_short_version"`
BundledVersion string `json:"bundle_version"`
}
var results []AppResult
if err := json.Unmarshal(output, &results); err != nil {
return false, fmt.Errorf("parsing osquery JSON output: %w", err)
}
if len(results) > 0 {
for _, result := range results {
software := &fleet.Software{
Name: result.Name,
Version: result.Version,
BundleIdentifier: uniqueAppIdentifier,
Source: "apps",
}
queries.MutateSoftwareOnIngestion(ctx, software, logger)
result.Version = software.Version
result.Name = software.Name
logger.InfoContext(ctx, fmt.Sprintf("Found app: '%s' at %s, Version: %s, Bundled Version: %s", result.Name, result.Path, result.Version, result.BundledVersion))
// OneDrive auto-updates immediately after installation, so the installed version
// might be newer than the installer version. For OneDrive, we only verify that
// the app exists rather than checking the version.
if uniqueAppIdentifier == "com.microsoft.OneDrive" {
logger.InfoContext(ctx, "OneDrive detected - skipping version check due to auto-update behavior")
return true, nil
}
// GPG Suite's installer version (e.g., "2023.3") doesn't match the app bundle version
// (e.g., "1.12" with bundled version "1800"). We only verify that the app exists
// rather than checking the version.
if uniqueAppIdentifier == "org.gpgtools.gpgkeychain" {
logger.InfoContext(ctx, "GPG Suite detected - skipping version check due to version mismatch between installer and app bundle")
return true, nil
}
// Adobe DNG Converter's version format includes build number in parentheses
// (e.g., "18.0 (2389)") which doesn't match the installer version (e.g., "18.0")
// Check if the version starts with the expected version to handle this case
if uniqueAppIdentifier == "com.adobe.DNGConverter" {
if strings.HasPrefix(result.Version, appVersion+" ") || strings.HasPrefix(result.Version, appVersion+"(") {
logger.InfoContext(ctx, "Adobe DNG Converter detected - version matches with build number")
return true, nil
}
}
// WhatsApp: Homebrew sometimes reports a newer version than what's actually available.
// If version doesn't match but app is installed, fall back to existence-only validation.
if uniqueAppIdentifier == "net.whatsapp.WhatsApp" {
if !checkVersionMatch(appVersion, result.Version, result.BundledVersion) {
logger.InfoContext(ctx, "WhatsApp detected - version mismatch but app is installed, falling back to existence-only validation")
return true, nil
}
}
// Check various version matching strategies
if checkVersionMatch(appVersion, result.Version, result.BundledVersion) {
return true, nil
}
}
}
return false, nil
}
func executeScript(cfg *Config, scriptContents string) (string, error) {
scriptExtension := ".sh"
scriptPath := filepath.Join(cfg.tmpDir, "script"+scriptExtension)
if err := os.WriteFile(scriptPath, []byte(scriptContents), constant.DefaultFileMode); err != nil {
return "", fmt.Errorf("writing script: %w", err)
}
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
output, exitCode, err := scripts.ExecCmd(ctx, scriptPath, cfg.env)
result := fmt.Sprintf(`
--------------------
%s
--------------------`, string(output))
if err != nil {
return result, err
}
if exitCode != 0 {
return result, fmt.Errorf("script execution failed with exit code %d: %s", exitCode, string(output))
}
return result, nil
}
Reference in a new issue View git blame Copy permalink