https://github.com/osquery/osquery logo
Powered by
#general
Title
# general
f

fritz

06/23/2020, 1:50 PM
@Brandon Schmoll Are you asking if there is a global API/repository of latest stable release versions for all applications across all platforms?
k

Kyle

06/24/2020, 2:51 AM
I doubt there’d be a global one, but perhaps one for each OS, for at least some of the most popular applications e.g. browsers, productivity tools etc.
To further contextualise my question, when querying for applications with osquery, you can use things like “bundle_name” or “bundle_identifier” and I just want to ensure I am targeting each correctly, without having to go through the process of installing each, doing a select * to see what it shows and then narrowing the query.
f

fritz

06/24/2020, 4:15 PM
@Brandon Schmoll I think unfortunately the answer is yes, there is a great deal of legwork to go through if you want to build a feature like what you are envisioning. Likewise, to do proper version comparisons you will have to attempt to split (via traditional 
SPLIT
or 
REGEX_SPLIT
if the semver is non-traditional) with queries like:
Copy code
SELECT
        'true' AS iterm_vulnerable,
        path AS install_path,
        last_opened_time,
        CAST(SPLIT(bundle_short_version, ".", 0)AS int) AS bsv_major,
        CAST(SPLIT(bundle_short_version, ".", 1)AS int) AS bsv_minor,
        CAST(SPLIT(bundle_short_version, ".", 2)AS int) AS bsv_patch
      FROM apps
      WHERE bundle_identifier = 'com.googlecode.iterm2'
      AND (
        (bsv_major < 3)
        OR  (bsv_major = 3 AND bsv_minor < 3)
        OR  (bsv_major = 3 AND bsv_minor = 3 AND bsv_patch < 6)
      );
k

Kyle

06/26/2020, 2:46 AM
Hmm yeah seems that way. Thanks for the info and tip!
6 Views
Powered by