search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.91k stars 404 forks source link

Calendar events created for policies with invalid SQL #18350

Closed getvictor closed 4 months ago

getvictor commented 4 months ago

Fleet version: <!-- Copy this from the "My account" page in the Fleet UI, or run fleetctl --version --> 4.48.0 Web browser and operating system:

💥  Actual behavior

With calendar events enabled on a policy with invalid SQL, calendar event is created, and end user has no idea why.

🧑‍💻  Steps to reproduce

  1. Using gitops (or fleetctl apply), create an invalid policy with calendar enabled for this policy only: 
    - name: macOS - Check if latest version
query: SELECT 1 WHERE 
EXISTS ( 
  SELECT major, concat_ws(".", major, minor, patch) AS "macOS Version" FROM os_version --Sonoma WHERE 
    (major = "14" AND "macOS Version" < "14.4.1")
);
critical: false
description: This policy check if macOS version is most recent version available.
resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
platform: darwin
calendar_events_enabled: true
  2. Calendar event gets created, even though this policy has no results.

🕯️ More info (optional)

N/A

fleet-release commented 4 months ago

SQL error in event, Fleet's fix brings clarity, Users breathe easy.