launcher icon indicating copy to clipboard operation
launcher copied to clipboard
verified publisher icon kolide

`kolide_system_profiler` should not support an all option

Open directionless opened this issue 1 year ago • 4 comments

Chatting with some coworkers, I learned that SELECT * FROM kolide_system_profiler where datatype like "%" works. But it returns so much data it crashes Terminal.app and probably has a bunch of gnarly load.

I think we should disable it. We should require a reasonable argument for datatype

https://github.com/kolide/launcher/blob/1ec19cddf4b2a6fa44a78ef1fccb5531c08a2677/ee/tables/systemprofiler/systemprofiler.go#L111

directionless avatar Oct 02 '24 20:10 directionless

You can find all valid datatypes by running system_profiler -listDataTypes. ~We should restrict the allowed values for datatype to one in that list.~

@directionless do we also want to set a limit on the max number of datatypes that can be specified in one query?

RebeccaMahany avatar Oct 17 '24 16:10 RebeccaMahany

system_profiler documentation: https://ss64.com/mac/system_profiler.html

RebeccaMahany avatar Oct 17 '24 16:10 RebeccaMahany

The intent here is to prevent someone from trivially running something that would effectively hang launcher. Preventing all should have that effect.

I don't know that we need to pre-determine the list of allowed values -- I don't see much harm in letting someone pass a bad data type. (these also vary by macOS release)

I'm ambivalent about putting a max length there. I guess it's reasonable, someday someone will try won't they. Maybe 3?

directionless avatar Oct 18 '24 14:10 directionless

Issue requirements:

  • Disallow passing % as datatype
  • Do now allow more than 3 datatypes in a query

RebeccaMahany avatar Oct 22 '24 17:10 RebeccaMahany