Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Apple RSR fields to os_version using native API #8011

Merged
merged 6 commits into from
May 23, 2023
Merged

Add Apple RSR fields to os_version using native API #8011

merged 6 commits into from
May 23, 2023

Conversation

jbeker
Copy link
Contributor

@jbeker jbeker commented May 3, 2023

Fixes #8008

Description

This PR adds two new columns to the os_version table to represent the additional data that is now included as part of Apple's RSR patches.

+-------+---------+-------+-------+-------+-------+--------+--------------------+----------+---------------+----------+-------+
| name  | version | major | minor | patch | extra | build  | supplemental_build | platform | platform_like | codename | arch  |
+-------+---------+-------+-------+-------+-------+--------+--------------------+----------+---------------+----------+-------+
| macOS | 13.3.1  | 13    | 3     | 1     | (a)   | 22E261 | 22E772610a         | darwin   | darwin        |          | arm64 |
+-------+---------+-------+-------+-------+-------+--------+--------------------+----------+---------------+----------+-------+

This also converts the way in which the information is collected from parsing the various plist files to using the same API calls that Apple's native sw_vers tool utilizes.

@jbeker jbeker requested review from a team as code owners May 3, 2023 20:15
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented May 3, 2023
edited

CLA Signed

The committers listed above are authorized under a signed CLA.

@zwass zwass mentioned this pull request May 3, 2023
Closed
@directionless directionless added this to the 5.9.0 milestone May 5, 2023
@mike-myers-tob mike-myers-tob changed the title Add Apple RSR fields to os_version using native API Add Apple RSR fields to os_version using native API May 9, 2023
sharvilshah
sharvilshah reviewed May 9, 2023
View reviewed changes
osquery/tables/system/darwin/os_version.mm Show resolved Hide resolved
osquery/tables/system/darwin/os_version.mm Outdated Show resolved Hide resolved
osquery/tables/system/darwin/os_version.mm Show resolved Hide resolved
specs/os_version.table Outdated Show resolved Hide resolved
specs/os_version.table Outdated Show resolved Hide resolved
osquery/tables/system/darwin/os_version.mm Outdated Show resolved Hide resolved
osquery/tables/system/darwin/os_version.mm Outdated Show resolved Hide resolved
@jbeker
Update per office hours & @sharvilshah’s review
c501c7f 
* Updates “version” column to be full “pretty” version as displayed in UI (including supplemental version)
* Moves macOS columns to be extended_schema
* Cleans up how we parse the version data into major/minor/patch
* CFRelease from error states
* Log errors on loading bundle or functions
@jbeker jbeker requested a review from sharvilshah May 9, 2023 18:25
@sharvilshah
Copy link
Member

@jbeker would you mind running clang-format and pushing the changes please?

@sharvilshah
Copy link
Member

Test failure:

80: Row: {arch: "x86_64", build: "20G1231", codename: "", extra: "", major: "11", minor: "7", name: "macOS", patch: "6", platform: "darwin", platform_like: "darwin", version: ""}
80: [  FAILED  ] OsVersion.test_sanity (1 ms)
80: [----------] 1 test from OsVersion (1 ms total)

sharvilshah
sharvilshah approved these changes May 11, 2023
View reviewed changes
Copy link
Member

@sharvilshah sharvilshah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! thanks @jbeker

@directionless directionless merged commit 2c34a22 into osquery:master May 23, 2023
16 checks passed
@directionless directionless mentioned this pull request May 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless left review comments

@sharvilshah sharvilshah sharvilshah approved these changes

Assignees
No one assigned
Labels
macOS virtual tables
Projects
None yet
Milestone
5.9.0
Development

Successfully merging this pull request may close these issues.

os_version does not display Apple's new Rapid Security Response information
4 participants
@jbeker @sharvilshah @directionless @mike-myers-tob