https://github.com/osquery/osquery logo
#fleet
Title
# fleet
e

Esteban

08/12/2021, 1:40 PM
I'm getting an error trying to use the new vulnerability detection. I'm using MariaDB
Copy code
sql: Scan error on column index 5, name "vulnerabilities": json: cannot unmarshal object into Go value of type fleet.VulnerabilitiesSlice
t

Tomas Touceda

08/12/2021, 3:02 PM
Hi Esteban, sorry to hear you're having trouble with that feature. Could you tell me a bit more about your deployment? How many hosts do you have? And would you be able to run a SQL query so that we can understand what data might be causing that error?
e

Esteban

08/12/2021, 3:29 PM
Hello, I have aprox 100hosts. Right now I can't run any query on the host since it shows me an error page with that message. The only thing I did was declaring the FLEET_BETA_SOFTWARE_INVENTORY=1 environmental variable on my docker compose.
Right now without the variable setting I can't query any host
t

Tomas Touceda

08/12/2021, 3:31 PM
would you be able to provide us with the result of the following sql query:
Copy code
SELECT s.id, s.name, s.version, s.source, coalesce(scp.cpe, "") as generated_cpe, 
			IF(
				JSON_ARRAYAGG(scv.cve) = JSON_ARRAYAGG(null), 
				null, 
				JSON_ARRAYAGG(
					JSON_OBJECT(
						"cve", scv.cve, 
						"details_link", CONCAT('<https://nvd.nist.gov/vuln/detail/>', scv.cve)
					)
				)
			) as vulnerabilities FROM software s
		LEFT JOIN software_cpe scp ON (s.id=scp.software_id)
		LEFT JOIN software_cve scv ON (scp.id=scv.cpe_id)
		group by s.id, s.name, s.version, s.source, generated_cpe
?
e

Esteban

08/12/2021, 3:35 PM
I've sent you the result of the query
t

Tomas Touceda

08/12/2021, 3:38 PM
the work around for now would be: disable software inventory, and clear the table host_software. That should break it seems mariadb is behaving unexpectedly with the query. We'll need to tweak it
@Esteban what version of mariadb are you running?
e

Esteban

08/12/2021, 3:55 PM
Version: 5.7
I had a simular issue with MariaDB on a new update. https://osquery.slack.com/archives/C01DXJL16D8/p1625139217334900
t

Tomas Touceda

08/12/2021, 3:58 PM
is that mariadb? or the mysql compatibility? if it's the mariadb version, sounds quite old, I see it's on 10.x now
e

Esteban

08/12/2021, 4:00 PM
Let me check
My bad, it's 10.5.4
t

Tomas Touceda

08/12/2021, 4:03 PM
great, will check against that
10.6 seems to work so far, fwiw
ok, I see tests failing on 10.5.4, 10.5.12 works as well
e

Esteban

08/12/2021, 5:26 PM
I see, I can't update the service right now. There's a possible fix?
t

Tomas Touceda

08/12/2021, 5:28 PM
there is, there's a PR for review, we might push a minor release with that fix and another one
e

Esteban

08/12/2021, 5:30 PM
Thanks, I'll be waiting for the release
4 Views