Title
#general
f

fritz

06/23/2020, 1:50 PM
@Brandon Schmoll Are you asking if there is a global API/repository of latest stable release versions for all applications across all platforms?
k

Kyle

06/24/2020, 2:51 AM
I doubt there’d be a global one, but perhaps one for each OS, for at least some of the most popular applications e.g. browsers, productivity tools etc.
3:00 AM
To further contextualise my question, when querying for applications with osquery, you can use things like “bundle_name” or “bundle_identifier” and I just want to ensure I am targeting each correctly, without having to go through the process of installing each, doing a select * to see what it shows and then narrowing the query.
f

fritz

06/24/2020, 4:15 PM
@Brandon Schmoll I think unfortunately the answer is yes, there is a great deal of legwork to go through if you want to build a feature like what you are envisioning. Likewise, to do proper version comparisons you will have to attempt to split (via traditional
SPLIT
or
REGEX_SPLIT
if the semver is non-traditional) with queries like:
SELECT
        'true' AS iterm_vulnerable,
        path AS install_path,
        last_opened_time,
        CAST(SPLIT(bundle_short_version, ".", 0)AS int) AS bsv_major,
        CAST(SPLIT(bundle_short_version, ".", 1)AS int) AS bsv_minor,
        CAST(SPLIT(bundle_short_version, ".", 2)AS int) AS bsv_patch
      FROM apps
      WHERE bundle_identifier = 'com.googlecode.iterm2'
      AND (
        (bsv_major < 3)
        OR  (bsv_major = 3 AND bsv_minor < 3)
        OR  (bsv_major = 3 AND bsv_minor = 3 AND bsv_patch < 6)
      );
k

Kyle

06/26/2020, 2:46 AM
Hmm yeah seems that way. Thanks for the info and tip!