Merge branch 'main' into noahtalerman-patch-22

fleetdm · Feb 14, 2025 · ae9d16f · ae9d16f
2 parents 00335ac + b98dacd
commit ae9d16f
Show file tree

Hide file tree

Showing 10 changed files with 100 additions and 48 deletions.
diff --git a/.github/scripts/dogfood-policy-updater-latest-macos.sh b/.github/scripts/dogfood-policy-updater-latest-macos.sh
@@ -103,6 +103,33 @@ if [ "$policy_version_number" != "$latest_macos_version" ]; then
     fi
 
     echo "Pull request created successfully."
+
+    # Extract the pull request number from the response
+    pr_number=$(echo "$pr_response" | jq -r '.number')
+    if [ -z "$pr_number" ] || [ "$pr_number" == "null" ]; then
+        echo "Error: Failed to retrieve pull request number."
+        exit 1
+    fi
+
+    echo "Adding reviewers to PR #$pr_number..."
+
+    # Prepare the reviewers data payload
+    reviewers_data=$(jq -n --arg r1 "harrisonravazzolo" '{reviewers: [$r1]}')
+
+    # Request reviewers for the pull request
+    review_response=$(curl -s -X POST \
+        -H "Authorization: token $DOGFOOD_AUTOMATION_TOKEN" \
+        -H "Accept: application/vnd.github.v3+json" \
+        -d "$reviewers_data" \
+        "https://api.github.com/repos/$REPO_OWNER/$REPO_NAME/pulls/$pr_number/requested_reviewers")
+
+
+    if echo "$review_response" | grep -q "errors"; then
+        echo "Error: Failed to add reviewers. Response: $review_response"
+        exit 1
+    fi
+
+    echo "Reviewers added successfully."
 else
     echo "No updates needed; the version is the same."
 fi
diff --git a/articles/fleet-software-attestation.md b/articles/fleet-software-attestation.md
@@ -1,14 +1,34 @@
 # Fleet software attestation
 
-As of version 4.63.0 Fleet added [SLSA attestations](https://slsa.dev/) to our released binaries and container images.  This includes the `fleet` and `fleetctl` server software, the fleetd (Orbit, osquery, and Fleet Desktop) agent for hosts.
+As of version 4.63.0 Fleet added [SLSA attestations](https://slsa.dev/) to our released binaries and container images.  This includes the Fleet server, [fleetctl](https://fleetdm.com/docs/get-started/anatomy#fleetctl) command-line tool (CLI), and Fleet's agent (specifically the [Orbit](https://fleetdm.com/docs/get-started/anatomy#fleetd) component).
 
 ## What is software attestation?
 
 A software attestation is a cryptographically-signed statement provided by a software creator that certifies the build process and provenance of one or more software _artifacts_ (which might be files, container images, or other outputs). In other words, it's a promise to our users that the software we're providing was built by us, using a process that they can trust and verify. We utilize the SLSA framework for attestations which you can read more about [here](https://slsa.dev/).  After each release, attestations are added to https://github.com/fleetdm/fleet/attestations.
 
-## Verifying our release artifacts
+## Verifying a release
 
-Any product of a Fleet release can be _verified_ to prove that it was indeed created by Fleet, using the `gh` command line tool from Github.  See the [`gh attestation verify`](https://cli.github.com/manual/gh_attestation_verify) docs for more info.
+Any Fleet release can be _verified_ to prove that it was indeed created by Fleet, using the `gh` command line tool from Github.  See the [`gh attestation verify`](https://cli.github.com/manual/gh_attestation_verify) docs for more info.
+
+After downloading the [Fleet binary](https://github.com/fleetdm/fleet/releases), here's how to verify:
+
+```
+gh attestation verify --owner fleetdm /path/to/fleet
+```
+
+Verify the [fleetctl binary](https://github.com/fleetdm/fleet/releases) (CLI):
+
+```
+gh attestation verify --owner fleetdm fleetdm /path/to/fleetctl
+```
+
+After, installing Fleet's agent (fleetd) on a macOS host, run this command on the host to verify:
+
+```
+gh attestation verify --owner fleetdm /usr/local/bin/orbit
+```
+
+TODO: Filepath for Windows and Linux
 
 <meta name="authorGitHubUsername" value="sgress454">
 <meta name="authorFullName" value="Scott Gress">

diff --git a/articles/install-fleet-maintained-apps-on-macos-hosts.md b/articles/install-fleet-maintained-apps-on-macos-hosts.md
@@ -22,7 +22,7 @@ Fleet maintains these [celebrity apps](https://github.com/fleetdm/fleet/blob/mai
    - Post-install script
    - Uninstall scripts
 
-These scripts are auto-generated based on the app's Homebrew Cask formula, but you can modify them. Modifying these scripts allows you to tailor the app installation process to your organization's needs, such as automating additional setup tasks or custom configurations post-installation.
+If you find that a script doesn't work as expected, please file a [bug](https://github.com/fleetdm/fleet/issues/new?template=bug-report.md). When scripts are fixed, after upgrading Fleet, they are automatically updated for you unless you edited any of the scripts.
 
 ## Install the app
 

diff --git a/changes/26178-fix-2 b/changes/26178-fix-2
@@ -0,0 +1,2 @@
+- Fixed an issue with increased resource usage during vulnerabilities processing by adding a
+  database index.
diff --git a/frontend/pages/ManageControlsPage/Scripts/Scripts.tsx b/frontend/pages/ManageControlsPage/Scripts/Scripts.tsx
@@ -37,9 +37,7 @@ interface IScriptsProps {
 const Scripts = ({ router, currentPage, teamIdForApi }: IScriptsProps) => {
   const { isPremiumTier } = useContext(AppContext);
   const [showDeleteScriptModal, setShowDeleteScriptModal] = useState(false);
-  const [showScriptDetailsModal, setShowScriptDetailsModal] = useState(false);
   const [showEditScripsModal, setShowEditScriptModal] = useState(false);
-  const [goBackToScriptDetails, setGoBackToScriptDetails] = useState(false); // Used for onCancel in delete modal
 
   const selectedScript = useRef<IScript | null>(null);
 
@@ -86,13 +84,7 @@ const Scripts = ({ router, currentPage, teamIdForApi }: IScriptsProps) => {
 
   const onClickScript = (script: IScript) => {
     selectedScript.current = script;
-    setShowScriptDetailsModal(true);
-  };
-
-  const onCancelScriptDetails = () => {
-    selectedScript.current = null;
-    setShowScriptDetailsModal(false);
-    setGoBackToScriptDetails(false);
+    setShowEditScriptModal(true);
   };
 
   const onEditScript = (script: IScript) => {
@@ -112,12 +104,7 @@ const Scripts = ({ router, currentPage, teamIdForApi }: IScriptsProps) => {
 
   const onCancelDelete = () => {
     setShowDeleteScriptModal(false);
-
-    if (goBackToScriptDetails) {
-      setShowScriptDetailsModal(true);
-    } else {
-      selectedScript.current = null;
-    }
+    selectedScript.current = null;
   };
 
   const onDeleteScript = () => {
@@ -200,21 +187,6 @@ const Scripts = ({ router, currentPage, teamIdForApi }: IScriptsProps) => {
           onDone={onDeleteScript}
         />
       )}
-      {showScriptDetailsModal && selectedScript.current && (
-        <ScriptDetailsModal
-          selectedScriptDetails={{
-            script_id: selectedScript.current?.id,
-            name: selectedScript.current?.name,
-          }}
-          onCancel={onCancelScriptDetails}
-          onDelete={() => {
-            setShowScriptDetailsModal(false);
-            setShowDeleteScriptModal(true);
-            setGoBackToScriptDetails(true);
-          }}
-          runScriptHelpText
-        />
-      )}
       {showEditScripsModal && selectedScript.current && (
         <EditScriptModal
           scriptId={selectedScript.current.id}

diff --git a/frontend/pages/ManageControlsPage/Scripts/components/EditScriptModal/EditScriptModal.tsx b/frontend/pages/ManageControlsPage/Scripts/components/EditScriptModal/EditScriptModal.tsx
@@ -106,11 +106,12 @@ const EditScriptModal = ({
       <>
         <form onSubmit={onSubmit}>
           <Editor
-            value={scriptFormData}
-            onChange={onChange}
-            isFormField
             error={formError}
+            isFormField
+            label="Script"
             onBlur={onBlur}
+            onChange={onChange}
+            value={scriptFormData}
           />
           <div className="form-field__help-text">
             To run this script on a host, go to the{" "}

diff --git a/package.json b/package.json
@@ -23,7 +23,7 @@
     "core-js": "3.25.1",
     "date-fns": "3.6.0",
     "date-fns-tz": "3.1.3",
-    "dompurify": "3.1.3",
+    "dompurify": "3.2.4",
     "es6-object-assign": "1.1.0",
     "es6-promise": "4.2.8",
     "file-saver": "1.3.8",

diff --git a/server/datastore/mysql/migrations/tables/20250214205657_AddCVEIndex.go b/server/datastore/mysql/migrations/tables/20250214205657_AddCVEIndex.go
@@ -0,0 +1,22 @@
+package tables
+
+import (
+	"database/sql"
+	"fmt"
+)
+
+func init() {
+	MigrationClient.AddMigration(Up_20250214205657, Down_20250214205657)
+}
+
+func Up_20250214205657(tx *sql.Tx) error {
+	_, err := tx.Exec(`ALTER TABLE software_cve ADD INDEX idx_software_cve_cve (cve);`)
+	if err != nil {
+		return fmt.Errorf("failed to add index to software_cve.cve: %w", err)
+	}
+	return nil
+}
+
+func Down_20250214205657(tx *sql.Tx) error {
+	return nil
+}
diff --git a/server/datastore/mysql/schema.sql b/server/datastore/mysql/schema.sql
diff --git a/yarn.lock b/yarn.lock
@@ -3825,6 +3825,11 @@
   resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.3.tgz#a136f83b0758698df454e328759dbd3d44555311"
   integrity sha512-NfQ4gyz38SL8sDNrSixxU2Os1a5xcdFxipAFxYEuLUlvU2uDwS4NUpsImcf1//SlWItCVMMLiylsxbmNMToV/g==
 
+"@types/trusted-types@^2.0.7":
+  version "2.0.7"
+  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.7.tgz#baccb07a970b91707df3a3e8ba6896c57ead2d11"
+  integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==
+
 "@types/unist@*", "@types/unist@^2.0.0":
   version "2.0.6"
   resolved "https://registry.npmjs.org/@types/unist/-/unist-2.0.6.tgz"
@@ -6075,10 +6080,12 @@ domhandler@^4.0.0, domhandler@^4.2.0, domhandler@^4.3.0:
   dependencies:
     domelementtype "^2.2.0"
 
-dompurify@3.1.3:
-  version "3.1.3"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.3.tgz#cfe3ce4232c216d923832f68f2aa18b2fb9bd223"
-  integrity sha512-5sOWYSNPaxz6o2MUPvtyxTTqR4D3L77pr5rUQoWgD5ROQtVIZQgJkXbo1DLlK3vj11YGw5+LnF4SYti4gZmwng==
+dompurify@3.2.4:
+  version "3.2.4"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.4.tgz#af5a5a11407524431456cf18836c55d13441cd8e"
+  integrity sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==
+  optionalDependencies:
+    "@types/trusted-types" "^2.0.7"
 
 domutils@^1.5.1:
   version "1.7.0"
@@ -6131,9 +6138,9 @@ electron-to-chromium@^1.5.73:
   integrity sha512-LcUDPqSt+V0QmI47XLzZrz5OqILSMGsPFkDYus22rIbgorSvBYEFqq854ltTmUdHkY92FSdAAvsh4jWEULMdfQ==
 
 elliptic@^6.5.3, elliptic@^6.5.4:
-  version "6.6.0"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.0.tgz#5919ec723286c1edf28685aa89261d4761afa210"
-  integrity sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==
+  version "6.6.1"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.6.1.tgz#3b8ffb02670bf69e382c7f65bf524c97c5405c06"
+  integrity sha512-RaddvvMatK2LJHqFJ+YA4WysVN5Ita9E35botqIYspQ4TkRAlCicdzKOjlyv/1Za5RyTNn7di//eEV0uTAfe3g==
   dependencies:
     bn.js "^4.11.9"
     brorand "^1.1.0"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		- Fixed an issue with increased resource usage during vulnerabilities processing by adding a
		database index.