Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add osquery ingestion for host certificates feature #26426

Merged
merged 8 commits into from
Feb 19, 2025
Merged

Add osquery ingestion for host certificates feature #26426

merged 8 commits into from
Feb 19, 2025
+280 −10

Conversation

gillespi314
Copy link
Contributor

@gillespi314 gillespi314 commented Feb 18, 2025
edited
Loading

For #23235 and #25459

Checklist for submitter

  • Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements)
  • Added/updated automated tests
  • A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it)
  • Manual QA for all new/changed functionality

NOTE: Other submitter checklist items (osquery-perf, changes file, etc.) will be covered in subsequent PRs

@codecov Codecov
Copy link

codecov bot commented Feb 18, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 74.66667% with 19 lines in your changes missing coverage. Please review.

Please upload report for BASE (feat-23235-host-certificates@7b6e212). Learn more about missing BASE report.

Files with missing lines Patch % Lines
server/service/osquery_utils/queries.go 66.66% 10 Missing and 4 partials ⚠️
server/datastore/mysql/host_certificates.go 16.66% 5 Missing ⚠️
Additional details and impacted files 
@@                       Coverage Diff                       @@
##             feat-23235-host-certificates   #26426   +/-   ##
===============================================================
  Coverage                                ?   63.82%           
===============================================================
  Files                                   ?     1657           
  Lines                                   ?   159035           
  Branches                                ?     4093           
===============================================================
  Hits                                    ?   101505           
  Misses                                  ?    49583           
  Partials                                ?     7947
Flag Coverage Δ
backend 64.65% <74.66%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Base automatically changed from 23235-host-certificates-2 to feat-23235-host-certificates February 18, 2025 23:49
@gillespi314 gillespi314 marked this pull request as ready for review February 19, 2025 16:47
@gillespi314 gillespi314 requested review from rachaelshaw and a team as code owners February 19, 2025 16:47
mna
mna approved these changes Feb 19, 2025
View reviewed changes
Copy link
Member

@mna mna left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

server/fleet/host_certificates.go
@@ -139,8 +140,39 @@ type MDMAppleErrorChainItem struct {
//
// See https://osquery.io/schema/5.15.0/#certificates
func ExtractDetailsFromOsqueryDistinguishedName(str string) (*HostCertificateNameDetails, error) {
// TODO
return nil, errors.New("not implemented")
str = strings.TrimSpace(str)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It feels like there should be a built-in Go function to parse this format, but I couldn't find one (I'm not sure how that format is called). I found this: https://pkg.go.dev/crypto/x509/pkix#Name, but it takes a RDNSequence that is unmarshalled from asn1 binary data, not something like the string osquery gives us. In any case, your implementation looks fine!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it took me some time trying to track down the provenance of the format used by osquery since it doesn't seem to be an official specification. Based on some online sleuthing, my best guess it that osquery is following "openSSL-style" formatting, which refers to the formatting requirements of the -subj flag for openssl req.

@gillespi314 gillespi314 merged commit 351f402 into feat-23235-host-certificates Feb 19, 2025
33 of 34 checks passed
@gillespi314 gillespi314 deleted the 23235-host-certs-3 branch February 19, 2025 20:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mna mna mna approved these changes

@rachaelshaw rachaelshaw Awaiting requested review from rachaelshaw rachaelshaw is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gillespi314 @mna