mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 08:55:24 +00:00
02ea8b104b
Fixes both #10378 and https://github.com/fleetdm/confidential/issues/2133 On `main`: ```sh curl -v -k -X POST -H "Authorization: Bearer $TEST_TOKEN" \ https://localhost:8080/api/latest/fleet/queries/run \ -d '{ "query": "select \"With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themselves.\" as Rationale;" }' < HTTP/2 500 < content-type: application/json; charset=utf-8 < content-length: 130 < date: Fri, 10 Mar 2023 17:50:40 GMT < { "message": "invalid query's SQL", "errors": [ { "name": "base", "reason": "invalid query's SQL" } ] } ``` With changes in this PR: ```sh curl -v -k -X POST -H "Authorization: Bearer $TEST_TOKEN" \ https://localhost:8080/api/latest/fleet/queries/run \ -d '{ "query": "select \"With automounting enabled anyone with physical access could attach a USB drive or disc and have its contents available in system even if they lacked permissions to mount it themselves.\" as Rationale;", "selected": { "hosts": [57] } }' < HTTP/2 200 < content-type: application/json; charset=utf-8 < content-length: 325 < date: Fri, 10 Mar 2023 17:49:40 GMT < { "campaign": { "created_at": "0001-01-01T00:00:00Z", "updated_at": "0001-01-01T00:00:00Z", "Metrics": { "TotalHosts": 1, "OnlineHosts": 1, "OfflineHosts": 0, "MissingInActionHosts": 0, "NewHosts": 0 }, "id": 87, "query_id": 85, "status": 0, "user_id": 1 } } ``` - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - ~For Orbit and Fleet Desktop changes:~ - ~[ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux.~ - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
2 lines
92 B
Plaintext
2 lines
92 B
Plaintext
* Remove the `ATTACH` check on SQL osquery queries (osquery bug fixed a while ago in 4.6.0)
|