Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

macOS .apps directory name leak into software titles #23999

Open
lucasmrod opened this issue Nov 20, 2024 · 0 comments
Open

macOS .apps directory name leak into software titles #23999

lucasmrod opened this issue Nov 20, 2024 · 0 comments
Labels
bug Something isn't working as documented ~csa Issue was created by or deemed important by the Customer Solutions Architect. customer-ufa #g-endpoint-ops Endpoint ops product group :incoming New issue in triage process. :product Product Design department (shows up on 🦢 Drafting board)

Comments

@lucasmrod
Copy link
Member

lucasmrod commented Nov 20, 2024
edited
Loading

Fleet version: v4.59.1 (probably previous versions too)

If a user (or the system, e.g. downloading an .app twice on the ~/Downloads folder) has renamed an application .app folder, this new name of the folder can end up as the "Software Title" for the corresponding bundle identifier.

See below for steps to reproduce.

💥  Actual behavior

A user or the system renaming an .app folder should not end up in the software title.

🧑‍💻  Steps to reproduce

  1. Have macOS host A rename its /Applications/Google Chrome.app to /Applications/Google Chrome 2.app
  2. Enroll a macOS host A to Fleet.
  3. Software title for host A's Google Chrome will be Google Chrome 2.app.
  4. Enroll a macOS host B to Fleet with Chrome installed (but no renaming).
  5. Host B software tab will show Google Chrome 2.app as the software title for the installed Google Chrome version (which is not correct).

Data from customer

  • ~450 titles are reported with the 2.app suffix (out of 50k titles).
  • We are not sure how the devices end up with the 2.app suffixes but it's happening and causing software titles to be invalid.

🕯️ More info (optional)

  • osquery's apps.name uses the directory name and Fleet uses such field to populate the Fleet software "name". Consider using bundle_name, bundle_executable and display_name.
  • Software title should also include the software name in its unique index, not just bundle_identifier.

Related issue: #22994
@lucasmrod lucasmrod added bug Something isn't working as documented customer-ufa :product Product Design department (shows up on 🦢 Drafting board) #g-endpoint-ops Endpoint ops product group :incoming New issue in triage process. labels Nov 20, 2024
@nonpunctual nonpunctual added the ~csa Issue was created by or deemed important by the Customer Solutions Architect. label Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working as documented ~csa Issue was created by or deemed important by the Customer Solutions Architect. customer-ufa #g-endpoint-ops Endpoint ops product group :incoming New issue in triage process. :product Product Design department (shows up on 🦢 Drafting board)
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lucasmrod @nonpunctual