Closed grahamgilbert closed 2 years ago
We do check for the rate limiting string. Am I missing something here?
I think what's unclear and it could be me misreading the code, is what happens when there is no json and the device is already rate limited?
I assume no data will be returned, but then it will wait 24 hours to try again. But if another tool runs again, you could perpetually be waiting.
Wonder if there is somewhere private that we could obtain the last check data, that way we are more likely to succeed in getting the data.
Maybe, I’m open to ideas on that one. At the moment this is the best way I can see this succeeding.
I've put the path to the cache file able to be configured with an env var - I can't think of anything better right now. If you have multiple tools calling this, they can share a cache file.
What happens if some other tools runs the command? Shouldn't we instead check for exit status or the string when the command is blocked rather than assuming osquery is the only thing polling/attempting to run this command?