empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9ad0962de2
fleet/server
History
Lucas Manuel Rodriguez ae6c387059
Fix false positive vulnerabilities on Chrome and Firefox extensions (#14791) 
- Fix many vulnerability false positives on Chrome and Firefox
extensions. This is related to #11924 and also related to the following
5 false positives found in dogfood around Chrome extensions.
- Reduced `TestTranslateCPEToCVE` run time considerably:
```
--- PASS: TestTranslateCPEToCVE (8.59s)
    --- PASS: TestTranslateCPEToCVE/find_vulns_on_cpes (38.45s)
    --- PASS: TestTranslateCPEToCVE/recent_vulns (62.03s)

vs.

=== RUN   TestTranslateCPEToCVE/recent_vulns
=== NAME  TestTranslateCPEToCVE
    nettest.go:36: network test done: TestTranslateCPEToCVE
--- PASS: TestTranslateCPEToCVE (269.86s)
    --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️1password:1password:3.9.9:*:*:*:*:macos:*:* (31.31s)
    --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️1password:1password:3.9.9:*:*:*:*:*:*:* (29.00s)
    --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️pypa:pip:9.0.3:*:*:*:*:python:*:* (52.59s)
    --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️mozilla:firefox:93.0:*:*:*:*:windows:*:* (34.29s)
    --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️mozilla:firefox:93.0.100:*:*:*:*:windows:*:* (28.17s)
    --- PASS: TestTranslateCPEToCVE/cpe:2.3🅰️apple:icloud:1.0:*:*:*:*:macos:*:* (28.44s)
    --- PASS: TestTranslateCPEToCVE/recent_vulns (56.95s)
```

![Screenshot 2023-10-30 at 09 34
25](https://github.com/fleetdm/fleet/assets/2073526/30ff798d-362d-4df4-876e-53619d2d8802)
![Screenshot 2023-10-30 at 09 34
35](https://github.com/fleetdm/fleet/assets/2073526/ae65583f-26d3-403a-93e3-39c1393bc471)
![Screenshot 2023-10-30 at 09 34
47](https://github.com/fleetdm/fleet/assets/2073526/aba99efe-b744-4f05-927c-981c490fc02f)
![Screenshot 2023-10-30 at 09 35
41](https://github.com/fleetdm/fleet/assets/2073526/aaff0725-ceca-494e-b64f-c30ff5e63aec)
<img width="868" alt="Screenshot 2023-10-30 at 10 21 42"
src="https://github.com/fleetdm/fleet/assets/2073526/284a2373-09bc-44f7-952b-1e53650232ff">

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- [X] Added/updated tests
- [X] Manual QA for all new/changed functionality
  - ~For Orbit and Fleet Desktop changes:~
- ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.~
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2023-11-01 09:26:26 -03:00
..
authz Feat: saved scripts (#14409) 2023-10-10 19:00:45 -03:00
bindata Allow users to be readded if they were ever removed (#1945) 2021-09-07 13:33:40 -03:00
config chore: remove refs to deprecated io/ioutil (#14485) 2023-10-27 15:28:54 -03:00
contexts allow clients to report errors back to the server (#13478) 2023-08-24 13:04:27 -03:00
datastore feat: reset yes/no count when query changes (#14776) 2023-10-31 12:29:09 -04:00
errorstore Enable errcheck linter for golangci-lint (#8899) 2022-12-05 16:50:49 -06:00
fleet feat: reset yes/no count when query changes (#14776) 2023-10-31 12:29:09 -04:00
health Separate health checks for MySQL and Redis (#6468) 2022-07-01 08:08:03 -03:00
launcher Ingest pending MDM hosts (#9065) 2022-12-26 15:32:39 -06:00
live_query Bump go to 1.19.1 (#7690) 2022-09-12 20:32:43 -03:00
logging chore: remove refs to deprecated io/ioutil (#14485) 2023-10-27 15:28:54 -03:00
mail Feat UI windows automatic enrollment (#12988) 2023-08-08 15:57:55 +01:00
mdm chore: remove refs to deprecated io/ioutil (#14485) 2023-10-27 15:28:54 -03:00
mock feat: reset yes/no count when query changes (#14776) 2023-10-31 12:29:09 -04:00
policies Refactor webhooks cron to new schedule package (#7840) 2022-09-20 14:26:36 -05:00
ptr Add Description text to CVE Metadata (#13856) 2023-09-15 11:24:10 -06:00
pubsub Provide more feedback to the user when there's a Redis connection issue when running live queries (#11947) 2023-06-01 16:11:55 -03:00
service feat: reset yes/no count when query changes (#14776) 2023-10-31 12:29:09 -04:00
sso chore: remove refs to deprecated io/ioutil (#14485) 2023-10-27 15:28:54 -03:00
test Prevent empty logging_type when creating and editing queries (#14575) 2023-10-16 19:33:39 -03:00
vulnerabilities Fix false positive vulnerabilities on Chrome and Firefox extensions (#14791) 2023-11-01 09:26:26 -03:00
webhooks chore: remove refs to deprecated io/ioutil (#14485) 2023-10-27 15:28:54 -03:00
websocket Enable errcheck linter for golangci-lint (#8899) 2022-12-05 16:50:49 -06:00
worker chore: remove refs to deprecated io/ioutil (#14485) 2023-10-27 15:28:54 -03:00
utils_test.go allow padded strings in mdm/apple/enqueue endpoint (#13502) 2023-08-24 15:17:05 -03:00
utils.go chore: remove refs to deprecated io/ioutil (#14485) 2023-10-27 15:28:54 -03:00