Missing software titles in software tab

[lucasmrod]

Fleet version: v4.59.1 (probably previous versions too)

---

💥  Actual behavior

On the main Software tab:

• Software versions are listed properly when Show versions is enabled. E.g. user can see names like Slack.app or Google Chrome.app. API: GET /api/latest/fleet/software/versions.
• Some software titles are missing when Show versions is disabled. E.g. user searches and cannot find Slack.app or Google Chrome.app. API: GET /api/latest/fleet/software/titles.

This happens on All teams and when selecting a specific team.

🧑‍💻  Steps to reproduce

We don't know how to reproduce (see https://github.com/fleetdm/fleet/issues/24131).

🕯️ More info (optional)

The vulnerabilities cron is failing to aggregate software titles (if a title has hosts_count = 0 then it's not returned on the software titles API). Error log from the customer:

{
    "@timestamp": "2024-11-22T00:07:11.565Z",
    "instance": "...",
    "level": "error",
    "cron": "vulnerabilities",
    "err": "running job",
    "details": "upsert software titles: Error 1869 (HY000): Auto-increment value in UPDATE conflicts with internally generated values",
    "jobID": "cron_reconcile_software_titles"
},

@iansltx: To update the name for existing software titles, we’ll have to do something like modify the name of software titles every time a new name comes in (when we get new host vitals).

[sharon-fdm]

This has a solution but we can't reproduce so can't QA. Setting 1 story point to review/merge for to suggest as a solution

[mostlikelee]

may be related to #22364

[lucasmrod]

I was not able to reproduce this issue but https://github.com/fleetdm/fleet/pull/24146 is fixing the MySQL query to prevent it from happening (change released in v4.61.0).

[fleet-release]

Software titles lost, Fleet's improvement now blooms, Clarity in cost.

[lukeheath]

Customer is reporting still seeing this issue after upgrading to the latest version.

[ddribeiro]

UPDATE: @noahtalerman: Shorter Gong here: https://us-65885.app.gong.io/call?id=3084016983924431589&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A321%2C%22to%22%3A698%7D%5D

---

I have more details after chatting with the customer. Here's the Gong clip of what we discovered: https://us-65885.app.gong.io/call?id=3084016983924431589&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A40%2C%22to%22%3A698%7D%5D

It appears the software titles are not missing, but rather being renamed to something unexpected.

This appears to be similar to the issue described in #23999, but in this case the "missing" titles are being renamed to something less obvious than 'Google Chrome 2'

cc: @lukeheath @mostlikelee

[Sampfluger88]

Linked to Unthread ticket:

Issue with missing software titles in software tab after upgrade to 4.64.2 #4892

[mostlikelee]

This will be fixed with #23999

[jahzielv]

QA plan

(also for https://github.com/fleetdm/fleet/issues/23999)

1. Make sure there are macOS hosts in the Fleet instance and that they have software in Fleet as well
2. Migrate from 4.66.0 -> 4.67.0 RC
3. Validate that all macOS software no longer has .app in the software entry or the software_titles entry

Name stays the same

1. Change the name of a macOS software. You can do this by changing the name of an app in ~/Applications on a real/VM macOS host.
2. Refetch the host. Validate that the software does NOT change in Fleet.

Name changes

1. Enroll several macOS osquery-perf hosts. Make sure they add their "common software" to the software inventory
2. Now enroll one more macOS OSQP host, but use the -common_software_name_suffix flag to change the name of the common software. The value isn't important, anything that is memorable will do.
3. Validate that the name DID change in the host software page.
4. Run the vulns job. Validate that the software title is now updated with the name change as well.

[jmwatts]

QA Notes I was able to reproduce the original issue, and did so prior to migrating from 4.66.0 to 4.67.0. Note, this needs to be done before the software is returned in host vitals for any host.

1. Install an app that has never been ingested in Fleet. I used Opera browser.

2. Rename the software prior to submitting host vitals. I changed the name to SingSong.app and then refetched host vitals.

3. Notice the app is shown in Host >> Software as SingSong.app.

4. Make sure there are macOS hosts in the Fleet instance and that they have software in Fleet as well

5. Migrate from 4.66.0 -> 4.67.0 RC

• [x] Validate that all macOS software no longer has .app in the software entry or the software_titles entry
• [x] Validate that the app that was incorrectly named in the above steps now shows in Host >> Software with the correct name. (SingSong.app -> Opera)

Name stays the same

1. Change the name of a macOS software. You can do this by changing the name of an app in ~/Applications on a real/VM macOS host.
2. Refetch the host.

• [x] Validate that the software does NOT change in Fleet.

1. Install an app that has never been ingested in Fleet. I used Arc browser.
2. Rename the software prior to submitting host vitals. I changed the name to nArc.app and then refetched host vitals.

• [x] Confirmed the app is shown in Host >> Software as Arc.

Name changes - Found and filed #28264 as this test failed. Further testing will be completed on that ticket.

1. Enroll several macOS osquery-perf hosts. Make sure they add their "common software" to the software inventory
2. Now enroll one more macOS OSQP host, but use the -common_software_name_suffix flag to change the name of the common software. The value isn't important, anything that is memorable will do.

• [ ] Validate that the name DID change in the host software page.
• [ ] Run the vulns job. Validate that the software title is now updated with the name change as well.

[fleet-release]

In Fleet's glass city, Software titles reappear, Clarity restored.