empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Website: update get-extended-osquery-schema helper to ensure all column types are lowercase. (#17931)

Browse Source 
Closes: #17883

Changes:
- Updated the `get-extended-osquery-schema` helper to set the `type`
values of columns of tables with Fleet overrides to be lowercase.
- Regenerated `osquery_fleet_schema.json`
This commit is contained in:
Eric 2024-04-01 12:05:42 -05:00 committed by GitHub
parent 4ae6b362b9
commit 2ae85ac2c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 51 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
schema/osquery_fleet_schema.json
View File

@ -14,7 +14,7 @@
{
"name": "uid",
"description": "[User ID](https://superuser.com/a/1108201)",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,
@ -3964,7 +3964,7 @@
{
"name": "path",
"description": "Path to extension folder. Defaults to '' on ChromeOS",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -4061,7 +4061,7 @@
{
"name": "state",
"description": "1 if this extension is enabled",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -6792,7 +6792,7 @@
{
"name": "type",
"description": "The interface type of the disk.",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -6801,7 +6801,7 @@
{
"name": "id",
"description": "The unique identifier of the drive on the system.",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -6822,7 +6822,7 @@
{
"name": "disk_size",
"description": "Size of the disk.",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,
@ -6855,7 +6855,7 @@
{
"name": "name",
"description": "The label of the disk object.",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -18801,7 +18801,7 @@
{
"name": "uid",
"description": "User ID for the policy. Returns `-1` if the policy applies to all users.",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,
@ -18810,7 +18810,7 @@
{
"name": "policy_identifier",
"description": "Policy identifier, such as `ProfilePayload:1d33ef8c-da1c-4534-8458-95a4d43d849e:minLength`.",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -18819,7 +18819,7 @@
{
"name": "policy_content",
"description": "Policy content, such as `policyAttributePassword matches '.{10,}'`.",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -18828,7 +18828,7 @@
{
"name": "policy_description",
"description": "Policy description, such as `Contain at least 10 characters.`",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20687,7 +20687,7 @@
{
"name": "operation",
"description": "Operation type",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20696,7 +20696,7 @@
{
"name": "pid",
"description": "Process ID",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,
@ -20705,7 +20705,7 @@
{
"name": "ppid",
"description": "Parent process ID",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,
@ -20714,7 +20714,7 @@
{
"name": "time",
"description": "Time of execution in UNIX time",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,
@ -20723,7 +20723,7 @@
{
"name": "executable",
"description": "The executable path",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20732,7 +20732,7 @@
{
"name": "partial",
"description": "True if this is a partial event (i.e.: this process existed before we started osquery)",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20741,7 +20741,7 @@
{
"name": "cwd",
"description": "The current working directory of the process",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20750,7 +20750,7 @@
{
"name": "path",
"description": "The path associated with the event",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20759,7 +20759,7 @@
{
"name": "dest_path",
"description": "The canonical path associated with the event",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20768,7 +20768,7 @@
{
"name": "uid",
"description": "The uid of the process performing the action",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20777,7 +20777,7 @@
{
"name": "gid",
"description": "The gid of the process performing the action",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20786,7 +20786,7 @@
{
"name": "auid",
"description": "Audit user ID of the process using the file",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20795,7 +20795,7 @@
{
"name": "euid",
"description": "Effective user ID of the process using the file",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20804,7 +20804,7 @@
{
"name": "egid",
"description": "Effective group ID of the process using the file",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20813,7 +20813,7 @@
{
"name": "fsuid",
"description": "Filesystem user ID of the process using the file",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20822,7 +20822,7 @@
{
"name": "fsgid",
"description": "Filesystem group ID of the process using the file",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20831,7 +20831,7 @@
{
"name": "suid",
"description": "Saved user ID of the process using the file",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20840,7 +20840,7 @@
{
"name": "sgid",
"description": "Saved group ID of the process using the file",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -20849,7 +20849,7 @@
{
"name": "uptime",
"description": "Time of execution in system uptime",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,
@ -20858,7 +20858,7 @@
{
"name": "eid",
"description": "Event ID",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": true,
"required": false,
@ -25556,7 +25556,7 @@
{
"name": "hostname",
"description": "Network hostname including domain. For ChromeOS, this is only available if the extension was force-installed by an enterprise policy",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -25574,7 +25574,7 @@
{
"name": "cpu_type",
"description": "CPU type",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -25597,7 +25597,7 @@
{
"name": "cpu_brand",
"description": "CPU brand string, contains vendor and model",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -25657,7 +25657,7 @@
{
"name": "physical_memory",
"description": "Total physical memory in bytes",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -25666,7 +25666,7 @@
{
"name": "hardware_vendor",
"description": "Hardware vendor. For ChromeOS, this is only available if the extension was force-installed by an enterprise policy",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -25675,7 +25675,7 @@
{
"name": "hardware_model",
"description": "Hardware model. For ChromeOS, this is only available if the extension was force-installed by an enterprise policy",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -25698,7 +25698,7 @@
{
"name": "hardware_serial",
"description": "The device's serial number. For ChromeOS, this is only available if the extension was force-installed by an enterprise policy",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -25763,7 +25763,7 @@
{
"name": "computer_name",
"description": "Friendly computer name (optional). For ChromeOS, if the extension wasn't force-installed by an enterprise policy this will default to 'ChromeOS' only",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -27515,7 +27515,7 @@
{
"name": "name",
"description": "Extension Name",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -27524,7 +27524,7 @@
{
"name": "uuid",
"description": "Extension UUID",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -27533,7 +27533,7 @@
{
"name": "version",
"description": "Extension version",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -27542,7 +27542,7 @@
{
"name": "path",
"description": "Extension path",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -27551,7 +27551,7 @@
{
"name": "publisher",
"description": "Publisher Name",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -27560,7 +27560,7 @@
{
"name": "publisher_id",
"description": "Publisher ID",
"type": "TEXT",
"type": "text",
"notes": "",
"hidden": false,
"required": false,
@ -27569,7 +27569,7 @@
{
"name": "installed_at",
"description": "Installed Timestamp",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,
@ -27578,7 +27578,7 @@
{
"name": "prerelease",
"description": "Pre release version",
"type": "INTEGER",
"type": "integer",
"notes": "",
"hidden": false,
"required": false,
@ -27587,7 +27587,7 @@
{
"name": "uid",
"description": "The local user that owns the plugin",
"type": "BIGINT",
"type": "bigint",
"notes": "",
"hidden": false,
"required": false,

9
website/api/helpers/get-extended-osquery-schema.js vendored
View File

@ -31,7 +31,6 @@ module.exports = {
let util = require('util');
let topLvlRepoPath = path.resolve(sails.config.appPath, '../');
require('assert')(sails.config.custom.versionOfOsquerySchemaToUseWhenGeneratingDocumentation, 'Please set sails.config.custom.sails.config.custom.versionOfOsquerySchemaToUseWhenGeneratingDocumentation to the version of osquery to use, for example \'5.8.1\'.');
let VERSION_OF_OSQUERY_SCHEMA_TO_USE = sails.config.custom.versionOfOsquerySchemaToUseWhenGeneratingDocumentation;
@ -212,10 +211,6 @@ module.exports = {
} else {// If the Fleet overrides JSON has column data for this table, we'll find the matching column and use the values from the Fleet overrides in the final schema.
let columnHasFleetOverrides = _.find(fleetOverridesForTable.columns, {'name': osquerySchemaColumn.name});
if(!columnHasFleetOverrides) {// If this column has no Fleet overrides, we'll add it to the final schema unchanged
let columnWithNoOverrides = _.clone(osquerySchemaColumn);
if(osquerySchemaColumn.type !== undefined) {
columnWithNoOverrides.type = osquerySchemaColumn.type.toUpperCase();
}
mergedTableColumns.push(osquerySchemaColumn);
} else { // If this table has Fleet overrides, we'll adjust the value in the merged schema
let fleetColumn = _.clone(osquerySchemaColumn);
@ -240,7 +235,7 @@ module.exports = {
}
}
if(columnHasFleetOverrides.type !== undefined) {
fleetColumn.type = _.clone(columnHasFleetOverrides.type.toUpperCase());
fleetColumn.type = _.clone(columnHasFleetOverrides.type.toLowerCase());
}
if(columnHasFleetOverrides.required !== undefined) {
fleetColumn.required = _.clone(columnHasFleetOverrides.required);
@ -282,6 +277,7 @@ module.exports = {
if(typeof overrideColumnToAdd.type !== 'string') {
throw new Error(`The osquery tables could not be merged with the Fleet overrides. The "type" for the "${fleetOverrideColumn.name}" column of the "${fleetOverridesForTable.name}" table is an invalid type (${typeof fleetOverrideColumn.type}). To resolve, change the value of a column's "type" to be a string.`);
}//•
overrideColumnToAdd.type = overrideColumnToAdd.type.toLowerCase();
} else {
throw new Error(`The osquery tables could not be merged with the Fleet overrides. The "${fleetOverrideColumn.name}" column added to the merged schema for the "${fleetOverridesForTable.name}" table is missing a "type" in the Fleet overrides schema. To resolve, add a type for this column to the Fleet overrides schema.`);
}
@ -353,6 +349,7 @@ module.exports = {
} else if(typeof columnToValidate.type !== 'string') {
throw new Error(`Could not add a table from the Fleet overrides schema. The "type" of the "${columnToValidate.name}" column of the "${fleetOverrideToPush.name}" table at ${path.resolve(topLvlRepoPath+'/schema/tables', fleetOverrideToPush.name+'.yml')} has an invalid value. (expected a string, but got a ${typeof columnToValidate.type}) To resolve, change the value of the column's "type" be a string.`);
}//•
columnToValidate.type = columnToValidate.type.toLowerCase();
if(!columnToValidate.description) {
throw new Error(`Could not add a new table from the Fleet overrides schema. The "${columnToValidate.name}" column of the "${fleetOverrideToPush.name}" table is missing a "description". To resolve add a "description" property to the "${columnToValidate.name}" column at ${path.resolve(topLvlRepoPath+'/schema/tables', fleetOverrideToPush.name+'.yml')}`);