Channels
#macos
Title
# macos
t
Tarek Talaat
06/28/2022, 10:38 PMDo you guys know if there is a function in osquery to get a substring ? substr exists in sqlite, but it seems like osquery doesn't like it.
z
zwass
06/29/2022, 12:12 AM
The normal
substr Copy code
osqueryi "SELECT substr('SQLite substr', 1, 6);"
+-------------------------------+
| substr('SQLite substr', 1, 6) |
+-------------------------------+
| SQLite |
+-------------------------------+t
Tarek Talaat
06/29/2022, 12:19 AMyeah, I think the problem might be from fleetdm, not osquery. Thanks anyway
z
zwass
06/29/2022, 12:20 AM
If there might be a problem in Fleet, would love to understand and fix that. Anything supported in osquery should be supported also in Fleet.
t
Tarek Talaat
06/29/2022, 2:30 PMThe problem is when I execute the query I get an error right away "Something has gone wrong. Please try again" Usually if it's syntax issue I get an error saying what was wrong with the syntax, but this error is weird. Fleetdm logs doesn't show anything about it and neither the workstation that the query was supposed to be execute on.
z
zwass
06/29/2022, 5:45 PM
Can you open the network inspector in the browser and see what the response is from the Fleet server?
FWIW that query works in Fleet for me
t
Tarek Talaat
06/29/2022, 5:51 PMoh great idea, haven't thought about using the network inspector to check the response.
Thanks for the tip. It turned out that cloudflare is the one blocking the query.
z
zwass
06/29/2022, 10:17 PM
Oh wow very interesting. Cloudflare blocks only that query?
t
Tarek Talaat
06/30/2022, 3:51 PMCloudflare blocks certain queries that think it's a SQL injection. I've had this problem with other functions as well.
ty 1
9 Views