empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
90ef5570e9
fleet/server/kolide/queries_test.go
Zach Wasserman 5b432cccee
Prevent SQLite ATTACH from being used in queries (#129) 
Mitigate
[CVE-2020-26273](https://github.com/osquery/osquery/security/advisories/GHSA-4g56-2482-x7q8)
by attempting to prevent users from executing or saving queries that use
the SQLite `ATTACH` command.

Users must still update to osquery 4.6.0 to ensure the functionality is
fully disabled in osquery.
2020-12-14 18:13:34 -08:00

140 lines
3.2 KiB
Go
Raw Blame History

package kolide
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestLoadQueriesFromYamlStrings(t *testing.T) {
var testCases = []struct {
yaml string
queries []*Query
shouldErr bool
}{
{"notyaml", []*Query{}, true},
{"", []*Query{}, false},
{"---", []*Query{}, false},
{
`
---
apiVersion: k8s.kolide.com/v1alpha1
kind: OsqueryQuery
spec:
name: osquery_version
description: The version of the Launcher and Osquery process
query: select launcher.version, osquery.version from kolide_launcher_info
support:
launcher: 0.3.0
osquery: 2.9.0
---
apiVersion: k8s.kolide.com/v1alpha1
kind: OsqueryQuery
spec:
name: osquery_schedule
description: Report performance stats for each file in the query schedule.
query: select name, interval, executions, output_size, wall_time, (user_time
---
apiVersion: k8s.kolide.com/v1alpha1
kind: OsqueryQuery
spec:
name: foobar
description: froobing
query: select fizz from frog
`,
[]*Query{
&Query{
Name: "osquery_version",
Description: "The version of the Launcher and Osquery process",
Query: "select launcher.version, osquery.version from kolide_launcher_info",
},
&Query{
Name: "osquery_schedule",
Description: "Report performance stats for each file in the query schedule.",
Query: "select name, interval, executions, output_size, wall_time, (user_time",
},
&Query{
Name: "foobar",
Description: "froobing",
Query: "select fizz from frog",
},
},
false,
},
}
for _, tt := range testCases {
t.Run("", func(t *testing.T) {
queries, err := LoadQueriesFromYaml(tt.yaml)
if tt.shouldErr {
require.NotNil(t, err)
} else {
require.Nil(t, err)
assert.Equal(t, tt.queries, queries)
}
})
}
}
func TestRoundtripQueriesYaml(t *testing.T) {
var testCases = []struct{ queries []*Query }{
{[]*Query{{Name: "froob", Description: "bing", Query: "blong"}}},
{
[]*Query{
{Name: "froob", Description: "bing", Query: "blong"},
{Name: "mant", Description: "smump", Query: "tmit"},
{Name: "gorm", Description: "", Query: "blirz"},
{Name: "blob", Description: "shmoo", Query: "smarle"},
},
},
}
for _, tt := range testCases {
t.Run("", func(t *testing.T) {
yml, err := WriteQueriesToYaml(tt.queries)
require.Nil(t, err)
queries, err := LoadQueriesFromYaml(yml)
require.Nil(t, err)
assert.Equal(t, tt.queries, queries)
})
}
}
func TestValidateSQL(t *testing.T) {
var testCases = []struct {
sql string
shouldErr bool
}{
{"", false},
{"foo", false},
{"select 1", false},
{"select * from time", false},
{"select 1 from ATTACH", false},
{"select * from attach where fast = 3", false},
{"attach 'foo' as bar;", true},
{"attach (foo )as bar", true},
{"attach('foo')AS bar", true},
{"ATTACH 'foo' AS bar", true},
{"ATTACH select name from where path = '/foobar' as bar", true},
{`attach
foo
as
bar`, true},
}
for _, tt := range testCases {
t.Run(tt.sql, func(t *testing.T) {
err := Query{Query: tt.sql}.ValidateSQL()
if tt.shouldErr {
require.Error(t, err)
} else {
require.NoError(t, err)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink