Commit Graph

5842 Commits

Author SHA1 Message Date
Roberto Dip
4042f8d826
add browser-related security headers to HTML responses (#8180)
related to #8031, this adds the following headers to HTML responses:

- Strict-Transport-Security: informs browsers that the site should only
  be accessed using HTTPS, and that any future attempts to access it
  using HTTP should automatically be converted to HTTPS.
- X-Frames-Options: disallows embedding the UI in other sites via
  <frame>, <iframe>, <embed> or <object>, which can prevent attacks like
  clickjacking.
- X-Content-Type-Options: prevents browsers from trying to guess the MIME
  type which can cause browsers to transform non-executable content into
  executable content.
- Referrer-Policy: prevents leaking the origin of the referrer in the
  Referer.

additionally, this ensures we set `X-Content-Type-Options` for CSV and
installer responses.
2022-10-12 10:19:21 -03:00
Martin Angers
d321cfc68e
Add inherited policies to the team's list policies response payload (#8068) 2022-10-12 08:35:36 -04:00
Lucas Manuel Rodriguez
42c47a6fa7
Add missing return to ingestKubequeryInfo (#8178)
* Add missing return to ingestKubequeryInfo

* No need to log error twice
2022-10-12 09:00:49 -03:00
Lucas Manuel Rodriguez
8de3e9f258
Fix Orbit bug when setting empty command_line_flags in agent options (#8176) 2022-10-11 20:11:01 -03:00
Mike McNeil
6fa02da54b
Handbook: Add link to key review deck (#8177) 2022-10-11 15:26:05 -06:00
Frank Sievertsen
23199c3d83
Add missing display_name to getHostEndpoint (#8174) 2022-10-11 17:00:32 -04:00
Eric
831155eb9c
Website: update osquery schema pages - add evented table icons to sidenav, update code highlighting (#8168)
* Add evented table labels, update code syntax highlighting

* update styles, lint fix

* update comment

* Update osquery-table-details.page.js
2022-10-11 14:40:08 -05:00
Roberto Dip
174f894b53
fix migration order check by only checking additions (#8172)
this modifies the migration order CI check to only check for added files
by:

1. Escaping the blob we give to git, so bash doesn't perform expansion,
   this lets git handle the blob matching, which for reasons I don't
   fully understand allows to find file renames.
2. Applying `--diff-filter=A`, which makes git only list file additions.
2022-10-11 16:31:40 -03:00
Roberto Dip
2bb4ec2e6d
add script to check for migration order (#7803)
Related to #6142, this adds a CI check for the order of migrations.

As I noted in a comment on the workflow file, it's important to keep in mind that some migrations might still go unnoticed even with this check, example:

1. PR1 adds a migration, CI check pass
2. PR2 adds a migration, CI pass, gets merged
3. PR1 can still be merged because the CI checks aren't run again

The check will fail in `main` however, so if we find the current script to be reliable, we could setup a Slack ping or something similar, to make sure somebody takes a look
2022-10-11 15:36:15 -03:00
Lucas Manuel Rodriguez
28744bf57e
Consistently log migrations (#8154)
* Consistently log migrations

* Fix name and update goose version
2022-10-11 15:20:12 -03:00
Juan Fernandez
351d2c93c4
Add new page explaining how osquery children process are terminated (#8134)
Add new page explaining how osquery children process are terminated
2022-10-11 14:09:56 -04:00
Tomas Touceda
d912376f02
Handle tcp read timeouts (#8163)
* Handle tcp read timeouts properly

* Add changes file

* Fix bad mini refactor after nailing the test

* Update based on review

* Update comment
2022-10-11 13:58:52 -03:00
Zay Hanlon
dca77054c5
Onboarding: Add 'zayhanlon' to Humans (#8166)
As part of onboarding issue, add 'zayhanlon' to Humans within receive-from-github.js
2022-10-11 11:35:23 -05:00
Zay Hanlon
cadcb5e784
Handbook: Remove rotation schedule from CEO shadow (#8164)
Removed the rotation schedule from CEO shadow program section, per Mike's request. We'll track this via Google Sheets
2022-10-11 09:56:54 -06:00
Mo Zhu
a6cf95495c
fix formatting and spelling of handbook quality section (#8078) 2022-10-11 11:47:24 -04:00
RachelElysia
7de1b847ea
Fleet UI: Host's software details links to software, improved responsiveness (#8080) 2022-10-11 09:27:20 -04:00
Charlie Chance
6e91039d09
Update ceo-handbook.md (#8158) 2022-10-10 16:35:40 -06:00
dependabot[bot]
35ae71502f
Bump actions/setup-go from 3.2.1 to 3.3.0 (#7470)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](84cbf80943...268d8c0ca0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-10 18:55:13 -03:00
dependabot[bot]
c307800718
Bump github.com/oschwald/geoip2-golang from 1.6.1 to 1.8.0 (#7767)
Bumps [github.com/oschwald/geoip2-golang](https://github.com/oschwald/geoip2-golang) from 1.6.1 to 1.8.0.
- [Release notes](https://github.com/oschwald/geoip2-golang/releases)
- [Commits](https://github.com/oschwald/geoip2-golang/compare/v1.6.1...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/oschwald/geoip2-golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-10 18:53:19 -03:00
dependabot[bot]
52b298ff69
Bump gopkg.in/guregu/null.v3 from 3.4.0 to 3.5.0 (#7768)
Bumps [gopkg.in/guregu/null.v3](https://github.com/guregu/null) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/guregu/null/releases)
- [Commits](https://github.com/guregu/null/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: gopkg.in/guregu/null.v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-10 18:52:07 -03:00
dependabot[bot]
ddc47b3096
Bump golang from 1.19.1-bullseye to 1.19.2-bullseye (#8091)
Bumps golang from 1.19.1-bullseye to 1.19.2-bullseye.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-10 18:45:01 -03:00
Roberto Dip
e630fabf89
token rotation for fleet desktop (#7779)
This implements what's described in detail here https://github.com/fleetdm/fleet/blob/main/proposals/fleet-desktop-token-rotation.md
2022-10-10 17:15:35 -03:00
gillespi314
ca379e7459
Fix directIngestOSWindows error in query ingestion for non-Windows hosts (#8148) 2022-10-10 13:27:15 -05:00
RachelElysia
858bb75609
Documentation: Seeding data links to creating test hosts (#8131) 2022-10-10 14:08:18 -04:00
RachelElysia
6d94472224
Fleet UI: Move status from route param to query param (#8035) 2022-10-10 14:07:47 -04:00
Robert Fairburn
dc0427117e
Add loadtesting ECR Cleanup one-liner (#8041) 2022-10-10 10:02:11 -05:00
Ivan Panteleev
2dae3aa62b
Add extraVolumes and extraVolumeMounts to fleet (#7684) 2022-10-10 10:01:45 -05:00
Gabriel Hernandez
bc194d18c7
Feat/update live query states (#8122)
* add awaitng results state to live query search

* make spinner more reusable and add it to query page awaiting results

* create common QueryResultsHeader component to use on query policy flows
2022-10-10 15:39:49 +01:00
Noah Talerman
91f02f31ca
Product handbook: Update projects (#8143)
- Add link to Roadmap project
- Remove retired projects
2022-10-10 10:12:17 -04:00
Frank Sievertsen
1eacecf637
Add new missing value to existing status URL parameter at the GET /hosts endpoint (#7916) 2022-10-10 07:45:39 -04:00
Charlie Chance
03e9a2d778
Handbook: slack channel update (#8126)
| `#help-key-review-prep`     | Charlie Chance
2022-10-10 17:13:18 +09:00
Chris McGillicuddy
6e0854b4ef
Adding turnaround time for deck revisions.md (#8133) 2022-10-10 16:52:30 +09:00
Frank Sievertsen
b25e74b285
add missing_30_days_count to host_summary response (#7915) 2022-10-08 08:58:27 -04:00
Frank Sievertsen
e9f7066d87
7135 host display name (#7873) 2022-10-08 08:57:46 -04:00
Chris McGillicuddy
0a5c2656f6
Adding details about contacting the CEO.md (#8132)
Revised and carried over content from the Slack thread about contacting the CEO. Addresses this issue: https://github.com/fleetdm/confidential/issues/1630.
2022-10-07 15:41:45 -06:00
Mike McNeil
c36e1cc4ad
Update Supported-host-operating-systems.md (#8130) 2022-10-07 16:13:03 -05:00
Mo Zhu
1810578e13
Link to documentation improvement backlog (#7814) 2022-10-07 16:32:53 -04:00
Lucas Manuel Rodriguez
832b29f8c7
Update go-tuf to v0.5.0 (bis) (#8112)
* Update go-tuf to v0.5.0

This was triggered by the security advisory
[GHSA-3633-5h82-39pq](https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-3633-5h82-39pq).
Fleet's use of go-tuf is not vulnerable to this issue due to not using
key thresholds greater than 1.

There were some API changes that necessitate changing the initialization
code for the TUF client. See
https://github.com/theupdateframework/go-tuf/issues/379 for further
discussion.

* Add changes file

* Update default root metadata

* Add review changes to update-go-tuf branch

* Update tests

* Add more checks to roots output

Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2022-10-07 17:03:39 -03:00
gillespi314
4c0456be73
Update documentation for automations (#8084) 2022-10-07 12:24:24 -05:00
Eric
2408dc0298
remove platforms attribute, update query library to use platform (#8116) 2022-10-07 12:10:30 -05:00
Eric
588c9abef3
modify markdown links on table pages (#8123) 2022-10-07 11:48:37 -05:00
Michal Nicpon
9056b22874
set default shell in workflows (#8108)
* wait for mysql in workflows
2022-10-07 09:43:56 -06:00
Roberto Dip
bfe698d090
cleanup all policy memberships for a host on re-enrollment (#8120)
Related to #7664, this cleans up all policy memberships for a host when its re-enrolled, afterwards only the relevant policy memberships for the host will be created.
2022-10-07 11:36:17 -03:00
Gabriel Hernandez
b14c7af645
move policies to own constants and allow escaping on DEFAULT_POLICIES (#8121) 2022-10-07 14:31:57 +01:00
Mike McNeil
60a9e4de80
Define "certificate authorities" + normalize capitalization (#8118) 2022-10-07 09:22:35 -04:00
Eric
8f304f8d0e
Website: Update sticky header behavior (#8115)
* Update sticky header behavior

* update sticky header function
2022-10-06 18:49:11 -05:00
Luke Heath
97155238c7
Disable linting for constants file (#8107) 2022-10-06 14:45:59 -05:00
RachelElysia
34088aaab9
Fleet UI: /login route redirects to /dashboard if logged in (#8102) 2022-10-06 13:33:32 -04:00
Josh Brower
b7daa3d0ad
Add Windows CIS policies (#7959)
- Add 7 policies to fleetdm.com/queries and the Fleet product
2022-10-06 12:43:34 -04:00
Eric
9970ac668b
Docs: add missing pageOrderInSection meta tag (#8104)
* Update Orbit-development-and-release-strategy.md

* Update docs/Contributing/Orbit-development-and-release-strategy.md

Co-authored-by: Chris McGillicuddy <108031970+chris-mcgillicuddy@users.noreply.github.com>

Co-authored-by: Chris McGillicuddy <108031970+chris-mcgillicuddy@users.noreply.github.com>
2022-10-06 11:04:36 -05:00