oneiroi
07/05/2022, 5:48 PMSELECT CAST(replace(bundle_short_version,'.','') as INTEGER) AS ver FROM apps WHERE bundle_identifier = 'com.google.Chrome' AND ver < 10305060114;
seems to work (at least atm)Mike Myers
07/05/2022, 5:50 PM103.0.5060.53
and 103.0.50.6053
going to be treated as the same version?Mike Myers
07/05/2022, 5:51 PM<
or >
really would require splitting on the .
and then comparing four timesStefano Bonicatti
07/05/2022, 5:53 PMoneiroi
07/05/2022, 5:57 PMseph
seph
oneiroi
07/05/2022, 7:40 PMWITH okVER as (SELECT '103.0.5060.114' as okVER) SELECT CAST(split(bundle_short_version, '.', 0) as INTEGER) as vA, CAST(split(bundle_short_version, '.', 1) as INTEGER) as vB, CAST(split(bundle_short_version, '.', 2) as INTEGER) as vC, CAST(split(bundle_short_version, '.', 3) as INTEGER) as vD, CAST(split(okVER, '.', 0) as INTEGER) as oA, CAST(split(okVER, '.', 1) as INTEGER) as oB, CAST(split(okVER, '.', 2) as INTEGER) as oC, CAST(split(okVER, '.', 3) as INTEGER) as oD FROM apps, okVER WHERE bundle_identifier = 'com.google.Chrome' AND (vA < oA) OR (vA = OA AND vB < oB) OR (vA = oA AND vB = oB AND vC < oC) OR (vA = oA AND vB = oB AND vC = oC AND vD < oD);
1. sets okVER to the acceptable value
2. splits the bunlde_short_version parts to vA->vD casting as integer
3. splits the okVER parts oA -> oD casting as integer
4. four conditions in the WHERE
a. where bunlde_short_version major < okVER major
b. bundle_short_version major == okVER major AND bundle_short_version minor < okVER minor
c. bundle_short_version major == okVER major AND bundle_short_version minor == okVER minor AND bundle_short_version path < okVER patch
d. bundle_short_version major == okVER major AND bundle_short_version minor == okVER minor AND bundle_short_version path == okVER patch AND bundle_short_version build < okVER buildoneiroi
07/05/2022, 7:54 PMfritz
07/05/2022, 7:54 PMfritz
07/05/2022, 7:55 PMfritz
07/05/2022, 7:55 PMversion
may be better than bundle_short_version
fritz
07/05/2022, 7:56 PMfritz
07/05/2022, 7:56 PMfritz
07/05/2022, 7:57 PMfritz
07/05/2022, 7:57 PMoneiroi
07/05/2022, 8:17 PMAleksandr Maus
07/06/2022, 2:47 PMosquery> select * from curl where url='<https://httpstat.us/200?sleep=15500>';
+-------------------------------------+--------+------------+---------------+-----------------+-------+--------+
| url | method | user_agent | response_code | round_trip_time | bytes | result |
+-------------------------------------+--------+------------+---------------+-----------------+-------+--------+
| <https://httpstat.us/200?sleep=15500> | GET | osquery | 200 | 15703207 | 6 | 200 OK |
+-------------------------------------+--------+------------+---------------+-----------------+-------+--------+
osquery> select * from curl where url='<https://httpstat.us/200?sleep=16000>';
W0706 10:45:20.738400 191976960 curl.cpp:83] Error making request: Operation timed out
+-------------------------------------+--------+------------+---------------+-----------------+-------+--------+
| url | method | user_agent | response_code | round_trip_time | bytes | result |
+-------------------------------------+--------+------------+---------------+-----------------+-------+--------+
| <https://httpstat.us/200?sleep=16000> | GET | osquery | | | | |
+-------------------------------------+--------+------------+---------------+-----------------+-------+--------+
Think this it the place where it is hardcoded:
https://github.com/osquery/osquery/blob/master/osquery/remote/transports/tls.cpp#L97
Any idea why 16 secs? Any plans to make it configurable?Aleksandr Maus
07/06/2022, 2:58 PMBrandon Mesa
07/06/2022, 5:56 PMPooja K
07/07/2022, 7:34 PMGetQueriesFunc
WriteResultsFunc
HarlanF
07/07/2022, 11:48 PMDaniel Cross
07/08/2022, 1:30 AMdistributed_plugin
eg with Fleet, I have observed that the query results do not log to the logger_plugin
location, these are only within their own comms path. Is that correct? Any way to have the queries logged locally also?Brandon Mesa
07/12/2022, 2:32 PMHarlanF
07/12/2022, 10:39 PMInvalid argument: Column families not opened: distributed
jimmy
07/13/2022, 4:07 PMJay
07/14/2022, 9:40 PMDavid Serrano Amarelle
07/15/2022, 11:15 AMOleg Koreev
07/15/2022, 1:10 PMDaniel
07/15/2022, 4:09 PM5.4.0
pre-release might be done testing and promoted to the latest release. Based on the release process that I read and the previous release dates, it seemed like Tuesday the 19th might be likely?