This needed to be set specifically for the live query websocket dialer,
since that doesn't use the HTTP client that the rest of the API client
methods use.
Co-authored-by: Tomas Touceda <chiiph@gmail.com>
* add premium feature critical policies
* update documentation
* add test for premium-only field
* update old change-file
* test policies more comprehensively
* also test team policies
* PATCH returns wrong timestamp, updating test
rel: https://github.com/fleetdm/fleet/issues/8768 thanks to @gillespi314 for the idea, the test consistently fails with:
```
=== RUN TestHosts/TestHostOrder
hosts_test.go:5392:
Error Trace: /home/runner/work/fleet/fleet/server/datastore/mysql/hosts_test.go:5392
/home/runner/work/fleet/fleet/server/datastore/mysql/hosts_test.go:5416
/home/runner/work/fleet/fleet/server/datastore/mysql/hosts_test.go:139
Error: "[]" should have 3 item(s), but has 0
Test: TestHosts/TestHostOrder
```
and the relevant code around line `5416`:
```go
_, err = ds.writer.Exec(`UPDATE hosts SET created_at = created_at + id`)
require.NoError(t, err)
hosts, err = ds.ListHosts(ctx, fleet.TeamFilter{User: test.UserAdmin}, fleet.HostListOptions{
ListOptions: fleet.ListOptions{
OrderKey: "created_at",
After: "2010-10-22T20:22:03Z",
OrderDirection: fleet.OrderAscending,
},
})
require.NoError(t, err)
chk(hosts, "0001", "0004", "0003")
```
This PR changes it to be `UPDATE hosts SET created_at = DATE_ADD(created_at, INTERVAL id DAY)` instead, which seems to fix the issue (so far 3 runs without issues)
This test was failing in Dec 2022, because in this line:
```go
_, err := sut.GetFeed((now.AddDate(0, 1, 0)).Month(), now.Year())
```
`(now.AddDate(0, 1, 0)).Month()` returns `"January"` , and `now.Year()` returns `2022` , so we were sending a date in the past.
The value of this attribute is used by macOS in "System Preferences >
Profiles" to display a note saying "This Mac is supervised and managed
by <xyz>".
When <PayloadOrganization> is not set, it uses the URL of the MDM server
for the message, which looks unpolished.
The OVAL analyzer falsely assumes that any vulnerabilities detected on a
host only come from OVAL. However, it is possible that NVD detects
vulnerabilities on these hosts even though it excludes software from
deb_packages and rpm_packages. For example, a python package twisted
v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL
analyzer would delete this vulnerability, and it would be re-inserted by
the NVD scanner on the next run. This creates a loop.
The fix is to only delete vulnerabilities that are actually detected
using OVAL. We already store this in the source column in the
software_cve table.
This improves osquery-perf with support for a more realistic orbit + fleet desktop simulation as described in #8212
This was based on the work done by @sharvilshah in his branch.
