From edc68d304215e3ab47af13bb4ff2e24ab8ff8407 Mon Sep 17 00:00:00 2001 From: Scott Gress Date: Tue, 17 Dec 2024 09:46:03 -0600 Subject: [PATCH] Add versions to product names in MSRC bulletins to aid Windows vulnerability matching (#24172) for #24041 This PR addresses an issue that can cause Windows vulnerability checks to fail (possibly causing false negatives). We determine whether a vulnerability in an MSRC bulletin applies to any hosts in a Fleet instance by attempting to matching the data in [each row of the `operating_systems` table](https://github.com/fleetdm/fleet/blob/65e374c85c32a7dd582aa1d438161663a4abc43c/cmd/fleet/cron.go#L297-L303) with [at least one "product" in a bulletin](https://github.com/fleetdm/fleet/blob/e2d9a9016cb2bbf6cfe0ef7512f58d9934bf69de/server/vulnerabilities/msrc/analyzer.go#L39), including [matching architecture and "display version"](https://github.com/fleetdm/fleet/blob/76f5baced9360576743c9aa87a62f30b0fe63d45/server/vulnerabilities/msrc/parsed/product.go#L26-L39). However a subset of products listed in these bulletins do not include the display version, so for example a host whose OS was listed as `Microsoft Windows Server 2022 Datacenter 21H2` (21H2 being the "display version") would match nothing in the bulletins because no listed Server 2022 products include "21H2" in their names. The fix made here is to add relevant version info to the products list when we do our ETL of the MSRC bulletins. The version info was gleaned from https://en.wikipedia.org/wiki/List_of_Microsoft_Windows_versions. We see logs related to this issue a lot, so cleaning this up will alleviate some noise and infra costs as well. --- cmd/fleet/cron.go | 2 +- server/vulnerabilities/msrc/parsed/product.go | 48 +- .../msrc/parsed/product_test.go | 491 ++++++++++-------- .../msrc/parsed/security_bulletin.go | 6 +- server/vulnerabilities/msrc/parser_test.go | 77 ++- 5 files changed, 409 insertions(+), 215 deletions(-) diff --git a/cmd/fleet/cron.go b/cmd/fleet/cron.go index 1adc6ade43d1..36e00ddaafbe 100644 --- a/cmd/fleet/cron.go +++ b/cmd/fleet/cron.go @@ -309,7 +309,7 @@ func checkWinVulnerabilities( "found new", len(r)) results = append(results, r...) if err != nil { - errHandler(ctx, logger, "analyzing hosts for Windows vulnerabilities", err) + errHandler(ctx, kitlog.With(logger, "os name", o.Name, "display version", o.DisplayVersion), "analyzing hosts for Windows vulnerabilities", err) } } } diff --git a/server/vulnerabilities/msrc/parsed/product.go b/server/vulnerabilities/msrc/parsed/product.go index 2da20eac863b..09b9caea8700 100644 --- a/server/vulnerabilities/msrc/parsed/product.go +++ b/server/vulnerabilities/msrc/parsed/product.go @@ -66,7 +66,53 @@ func (p Products) GetMatchForOS(ctx context.Context, os fleet.OperatingSystem) ( } func NewProductFromFullName(fullName string) Product { - return Product(fullName) + // If the full name includes a version, return it as-is. + p := Product(fullName) + if p.HasDisplayVersion() { + return p + } + + // Several Windows products listed in MSRC bulletins don't include the OS version number. + // We need this to match the product with a host's OS, so we'll add them here. + versionString := "" + switch { + case strings.Contains(fullName, "Windows Server 2022"): + versionString = "21H2" + + case strings.Contains(fullName, "Windows Server 2016"): + versionString = "1607" + + case strings.Contains(fullName, "Windows Server 2019"): + versionString = "1809" + + case strings.Contains(fullName, "Windows 8.1"): + versionString = "6.3 / NT 6.3" + + case strings.Contains(fullName, "Windows RT 8.1"): + versionString = "6.3 / NT 6.3" + + case strings.Contains(fullName, "Windows Server 2012 R2"): + versionString = "6.3 / NT 6.3" + + case strings.Contains(fullName, "Windows Server 2012"): + versionString = "6.2 / NT 6.2" + + case strings.Contains(fullName, "Windows Server 2008 R2"): + versionString = "6.1 / NT 6.1" + + case strings.Contains(fullName, "Windows 7"): + versionString = "6.1 / NT 6.1" + + case strings.Contains(fullName, "Windows Server 2008"): + versionString = "6.0 / NT 6.0" + } + + finalName := fullName + if versionString != "" { + finalName += (" Version " + versionString) + } + + return Product(finalName) } func NewProductFromOS(os fleet.OperatingSystem) Product { diff --git a/server/vulnerabilities/msrc/parsed/product_test.go b/server/vulnerabilities/msrc/parsed/product_test.go index 13f7a4db4942..4164617b0675 100644 --- a/server/vulnerabilities/msrc/parsed/product_test.go +++ b/server/vulnerabilities/msrc/parsed/product_test.go @@ -67,354 +67,424 @@ func TestMatches(t *testing.T) { func TestFullProductName(t *testing.T) { testCases := []struct { - fullName string - arch string - prodName string + fullName string + arch string + prodName string + finalName string }{ { - fullName: "Windows 10 Version 1809 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1809 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1809 for 32-bit Systems", }, { - fullName: "Windows 10 Version 1809 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1809 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1809 for x64-based Systems", }, { - fullName: "Windows 10 Version 1809 for ARM64-based Systems", - arch: "arm64", - prodName: "Windows 10", + fullName: "Windows 10 Version 1809 for ARM64-based Systems", + arch: "arm64", + prodName: "Windows 10", + finalName: "Windows 10 Version 1809 for ARM64-based Systems", }, { - fullName: "Windows Server 2019", - arch: "all", - prodName: "Windows Server 2019", + fullName: "Windows Server 2019", + arch: "all", + prodName: "Windows Server 2019", + finalName: "Windows Server 2019 Version 1809", }, { - fullName: "Windows Server 2019 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2019", + fullName: "Windows Server 2019 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2019", + finalName: "Windows Server 2019 (Server Core installation) Version 1809", }, { - fullName: "Windows 10 Version 1909 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1909 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1909 for 32-bit Systems", }, { - fullName: "Windows 10 Version 1909 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1909 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1909 for x64-based Systems", }, { - fullName: "Windows 10 Version 1909 for ARM64-based Systems", - arch: "arm64", - prodName: "Windows 10", + fullName: "Windows 10 Version 1909 for ARM64-based Systems", + arch: "arm64", + prodName: "Windows 10", + finalName: "Windows 10 Version 1909 for ARM64-based Systems", }, { - fullName: "Windows 10 Version 21H1 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 21H1 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 21H1 for x64-based Systems", }, { - fullName: "Windows 10 Version 21H1 for ARM64-based Systems", - arch: "arm64", - prodName: "Windows 10", + fullName: "Windows 10 Version 21H1 for ARM64-based Systems", + arch: "arm64", + prodName: "Windows 10", + finalName: "Windows 10 Version 21H1 for ARM64-based Systems", }, { - fullName: "Windows 10 Version 21H1 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 21H1 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 21H1 for 32-bit Systems", }, { - fullName: "Windows Server 2022", - arch: "all", - prodName: "Windows Server 2022", + fullName: "Windows Server 2022", + arch: "all", + prodName: "Windows Server 2022", + finalName: "Windows Server 2022 Version 21H2", }, { - fullName: "Windows Server 2022 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2022", + fullName: "Windows Server 2022 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2022", + finalName: "Windows Server 2022 (Server Core installation) Version 21H2", }, { - fullName: "Windows 10 Version 20H2 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 20H2 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 20H2 for x64-based Systems", }, { - fullName: "Windows 10 Version 20H2 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 20H2 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 20H2 for 32-bit Systems", }, { - fullName: "Windows 10 Version 20H2 for ARM64-based Systems", - arch: "arm64", - prodName: "Windows 10", + fullName: "Windows 10 Version 20H2 for ARM64-based Systems", + arch: "arm64", + prodName: "Windows 10", + finalName: "Windows 10 Version 20H2 for ARM64-based Systems", }, { - fullName: "Windows Server, version 20H2 (Server Core Installation)", - arch: "all", - prodName: "Windows Server", + fullName: "Windows Server, version 20H2 (Server Core Installation)", + arch: "all", + prodName: "Windows Server", + finalName: "Windows Server, version 20H2 (Server Core Installation)", }, { - fullName: "Windows 11 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 11", + fullName: "Windows 11 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 11", + finalName: "Windows 11 for x64-based Systems", }, { - fullName: "Windows 11 for ARM64-based Systems", - arch: "arm64", - prodName: "Windows 11", + fullName: "Windows 11 for ARM64-based Systems", + arch: "arm64", + prodName: "Windows 11", + finalName: "Windows 11 for ARM64-based Systems", }, { - fullName: "Windows 10 Version 21H2 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 21H2 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 21H2 for 32-bit Systems", }, { - fullName: "Windows 10 Version 21H2 for ARM64-based Systems", - arch: "arm64", - prodName: "Windows 10", + fullName: "Windows 10 Version 21H2 for ARM64-based Systems", + arch: "arm64", + prodName: "Windows 10", + finalName: "Windows 10 Version 21H2 for ARM64-based Systems", }, { - fullName: "Windows 10 Version 21H2 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 21H2 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 21H2 for x64-based Systems", }, { - fullName: "Windows 10 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 for 32-bit Systems", }, { - fullName: "Windows 10 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 for x64-based Systems", }, { - fullName: "Windows 10 Version 1607 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1607 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1607 for 32-bit Systems", }, { - fullName: "Windows 10 Version 1607 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1607 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1607 for x64-based Systems", }, { - fullName: "Windows Server 2016", - arch: "all", - prodName: "Windows Server 2016", + fullName: "Windows Server 2016", + arch: "all", + prodName: "Windows Server 2016", + finalName: "Windows Server 2016 Version 1607", }, { - fullName: "Windows Server 2016 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2016", + fullName: "Windows Server 2016 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2016", + finalName: "Windows Server 2016 (Server Core installation) Version 1607", }, { - fullName: "Windows 8.1 for 32-bit systems", - arch: "32-bit", - prodName: "Windows 8.1", + fullName: "Windows 8.1 for 32-bit systems", + arch: "32-bit", + prodName: "Windows 8.1", + finalName: "Windows 8.1 for 32-bit systems Version 6.3 / NT 6.3", }, { - fullName: "Windows 8.1 for x64-based systems", - arch: "64-bit", - prodName: "Windows 8.1", + fullName: "Windows 8.1 for x64-based systems", + arch: "64-bit", + prodName: "Windows 8.1", + finalName: "Windows 8.1 for x64-based systems Version 6.3 / NT 6.3", }, { - fullName: "Windows RT 8.1", - arch: "all", - prodName: "Windows RT 8.1", + fullName: "Windows RT 8.1", + arch: "all", + prodName: "Windows RT 8.1", + finalName: "Windows RT 8.1 Version 6.3 / NT 6.3", }, { - fullName: "Windows Server 2012", - arch: "all", - prodName: "Windows Server 2012", + fullName: "Windows Server 2012", + arch: "all", + prodName: "Windows Server 2012", + finalName: "Windows Server 2012 Version 6.2 / NT 6.2", }, { - fullName: "Windows Server 2012 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2012", + fullName: "Windows Server 2012 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2012", + finalName: "Windows Server 2012 (Server Core installation) Version 6.2 / NT 6.2", }, { - fullName: "Windows Server 2012 R2", - arch: "all", - prodName: "Windows Server 2012 R2", + fullName: "Windows Server 2012 R2", + arch: "all", + prodName: "Windows Server 2012 R2", + finalName: "Windows Server 2012 R2 Version 6.3 / NT 6.3", }, { - fullName: "Windows Server 2012 R2 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2012 R2", + fullName: "Windows Server 2012 R2 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2012 R2", + finalName: "Windows Server 2012 R2 (Server Core installation) Version 6.3 / NT 6.3", }, { - fullName: "Windows 7 for 32-bit Systems Service Pack 1", - arch: "32-bit", - prodName: "Windows 7", + fullName: "Windows 7 for 32-bit Systems Service Pack 1", + arch: "32-bit", + prodName: "Windows 7", + finalName: "Windows 7 for 32-bit Systems Service Pack 1 Version 6.1 / NT 6.1", }, { - fullName: "Windows 7 for x64-based Systems Service Pack 1", - arch: "64-bit", - prodName: "Windows 7", + fullName: "Windows 7 for x64-based Systems Service Pack 1", + arch: "64-bit", + prodName: "Windows 7", + finalName: "Windows 7 for x64-based Systems Service Pack 1 Version 6.1 / NT 6.1", }, { - fullName: "Windows Server 2008 for 32-bit Systems Service Pack 2", - arch: "32-bit", - prodName: "Windows Server 2008", + fullName: "Windows Server 2008 for 32-bit Systems Service Pack 2", + arch: "32-bit", + prodName: "Windows Server 2008", + finalName: "Windows Server 2008 for 32-bit Systems Service Pack 2 Version 6.0 / NT 6.0", }, { - fullName: "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", - arch: "32-bit", - prodName: "Windows Server 2008", + fullName: "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", + arch: "32-bit", + prodName: "Windows Server 2008", + finalName: "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Version 6.0 / NT 6.0", }, { - fullName: "Windows Server 2008 for x64-based Systems Service Pack 2", - arch: "64-bit", - prodName: "Windows Server 2008", + fullName: "Windows Server 2008 for x64-based Systems Service Pack 2", + arch: "64-bit", + prodName: "Windows Server 2008", + finalName: "Windows Server 2008 for x64-based Systems Service Pack 2 Version 6.0 / NT 6.0", }, { - fullName: "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", - arch: "64-bit", - prodName: "Windows Server 2008", + fullName: "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)", + arch: "64-bit", + prodName: "Windows Server 2008", + finalName: "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Version 6.0 / NT 6.0", }, { - fullName: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", - arch: "64-bit", - prodName: "Windows Server 2008 R2", + fullName: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", + arch: "64-bit", + prodName: "Windows Server 2008 R2", + finalName: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version 6.1 / NT 6.1", }, { - fullName: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", - arch: "64-bit", - prodName: "Windows Server 2008 R2", + fullName: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + arch: "64-bit", + prodName: "Windows Server 2008 R2", + finalName: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version 6.1 / NT 6.1", }, { - fullName: "Windows 10 Version 1803 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1803 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1803 for x64-based Systems", }, { - fullName: "Windows Server, version 1803 (Server Core Installation)", - arch: "all", - prodName: "Windows Server", + fullName: "Windows Server, version 1803 (Server Core Installation)", + arch: "all", + prodName: "Windows Server", + finalName: "Windows Server, version 1803 (Server Core Installation)", }, { - fullName: "Windows 10 Version 1809 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1809 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1809 for x64-based Systems", }, { - fullName: "Windows Server 2019", - arch: "all", - prodName: "Windows Server 2019", + fullName: "Windows Server 2019", + arch: "all", + prodName: "Windows Server 2019", + finalName: "Windows Server 2019 Version 1809", }, { - fullName: "Windows Server 2019 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2019", + fullName: "Windows Server 2019 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2019", + finalName: "Windows Server 2019 (Server Core installation) Version 1809", }, { - fullName: "Windows 10 Version 1709 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1709 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1709 for x64-based Systems", }, { - fullName: "Windows 10 Version 1903 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1903 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1903 for x64-based Systems", }, { - fullName: "Windows Server, version 1903 (Server Core installation)", - arch: "all", - prodName: "Windows Server", + fullName: "Windows Server, version 1903 (Server Core installation)", + arch: "all", + prodName: "Windows Server", + finalName: "Windows Server, version 1903 (Server Core installation)", }, { - fullName: "Windows 10 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 for x64-based Systems", }, { - fullName: "Windows 10 Version 1607 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1607 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1607 for x64-based Systems", }, { - fullName: "Windows Server 2016", - arch: "all", - prodName: "Windows Server 2016", + fullName: "Windows Server 2016", + arch: "all", + prodName: "Windows Server 2016", + finalName: "Windows Server 2016 Version 1607", }, { - fullName: "Windows Server 2016 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2016", + fullName: "Windows Server 2016 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2016", + finalName: "Windows Server 2016 (Server Core installation) Version 1607", }, { - fullName: "Windows 8.1 for x64-based systems", - arch: "64-bit", - prodName: "Windows 8.1", + fullName: "Windows 8.1 for x64-based systems", + arch: "64-bit", + prodName: "Windows 8.1", + finalName: "Windows 8.1 for x64-based systems Version 6.3 / NT 6.3", }, { - fullName: "Windows Server 2012", - arch: "all", - prodName: "Windows Server 2012", + fullName: "Windows Server 2012", + arch: "all", + prodName: "Windows Server 2012", + finalName: "Windows Server 2012 Version 6.2 / NT 6.2", }, { - fullName: "Windows Server 2012 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2012", + fullName: "Windows Server 2012 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2012", + finalName: "Windows Server 2012 (Server Core installation) Version 6.2 / NT 6.2", }, { - fullName: "Windows Server 2012 R2", - arch: "all", - prodName: "Windows Server 2012 R2", + fullName: "Windows Server 2012 R2", + arch: "all", + prodName: "Windows Server 2012 R2", + finalName: "Windows Server 2012 R2 Version 6.3 / NT 6.3", }, { - fullName: "Windows Server 2012 R2 (Server Core installation)", - arch: "all", - prodName: "Windows Server 2012 R2", + fullName: "Windows Server 2012 R2 (Server Core installation)", + arch: "all", + prodName: "Windows Server 2012 R2", + finalName: "Windows Server 2012 R2 (Server Core installation) Version 6.3 / NT 6.3", }, { - fullName: "Windows 10 Version 1909 for x64-based Systems", - arch: "64-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1909 for x64-based Systems", + arch: "64-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1909 for x64-based Systems", }, { - fullName: "Windows Server, version 1909 (Server Core installation)", - arch: "all", - prodName: "Windows Server", + fullName: "Windows Server, version 1909 (Server Core installation)", + arch: "all", + prodName: "Windows Server", + finalName: "Windows Server, version 1909 (Server Core installation)", }, { - fullName: "Windows 10 Version 1803 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1803 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1803 for 32-bit Systems", }, { - fullName: "Windows 10 Version 1803 for ARM64-based Systems", - arch: "arm64", - prodName: "Windows 10", + fullName: "Windows 10 Version 1803 for ARM64-based Systems", + arch: "arm64", + prodName: "Windows 10", + finalName: "Windows 10 Version 1803 for ARM64-based Systems", }, { - fullName: "Windows 10 Version 1809 for 32-bit Systems", - arch: "32-bit", - prodName: "Windows 10", + fullName: "Windows 10 Version 1809 for 32-bit Systems", + arch: "32-bit", + prodName: "Windows 10", + finalName: "Windows 10 Version 1809 for 32-bit Systems", }, { - fullName: "None Available", - arch: "all", - prodName: "", + fullName: "None Available", + arch: "all", + prodName: "", + finalName: "None Available", }, { - fullName: "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", - arch: "32-bit", - prodName: "Windows Server 2008", + fullName: "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", + arch: "32-bit", + prodName: "Windows Server 2008", + finalName: "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Version 6.0 / NT 6.0", }, { - fullName: "Windows Server 2008 for Itanium-Based Systems Service Pack 2", - arch: "itanium", - prodName: "Windows Server 2008", + fullName: "Windows Server 2008 for Itanium-Based Systems Service Pack 2", + arch: "itanium", + prodName: "Windows Server 2008", + finalName: "Windows Server 2008 for Itanium-Based Systems Service Pack 2 Version 6.0 / NT 6.0", }, { - fullName: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", - arch: "itanium", - prodName: "Windows Server 2008 R2", + fullName: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", + arch: "itanium", + prodName: "Windows Server 2008 R2", + finalName: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Version 6.1 / NT 6.1", }, } @@ -429,6 +499,7 @@ func TestFullProductName(t *testing.T) { for _, tCase := range testCases { sut := NewProductFromFullName(tCase.fullName) require.Equal(t, tCase.prodName, sut.Name(), tCase) + require.Equal(t, tCase.finalName, string(sut), tCase) } }) } diff --git a/server/vulnerabilities/msrc/parsed/security_bulletin.go b/server/vulnerabilities/msrc/parsed/security_bulletin.go index de90cc7f0fcc..8a9c4a527193 100644 --- a/server/vulnerabilities/msrc/parsed/security_bulletin.go +++ b/server/vulnerabilities/msrc/parsed/security_bulletin.go @@ -3,9 +3,10 @@ package parsed import ( "encoding/json" "errors" + "os" + "github.com/fleetdm/fleet/v4/server/ptr" "golang.org/x/exp/slices" - "os" ) type SecurityBulletin struct { @@ -45,6 +46,9 @@ func UnmarshalBulletin(fPath string) (*SecurityBulletin, error) { if err != nil { return nil, err } + for pID, name := range bulletin.Products { + bulletin.Products[pID] = NewProductFromFullName(string(name)) + } return &bulletin, nil } diff --git a/server/vulnerabilities/msrc/parser_test.go b/server/vulnerabilities/msrc/parser_test.go index d93dac23fddc..598d2c705e38 100644 --- a/server/vulnerabilities/msrc/parser_test.go +++ b/server/vulnerabilities/msrc/parser_test.go @@ -39,7 +39,7 @@ func TestParser(t *testing.T) { f.Close() require.NoError(t, err) - // All the products we expect to see, grouped by their product name + // All the products we expect to see after marshaling, grouped by their product name. expectedProducts := map[string]parsed.Products{ "Windows 10": { "11568": parsed.NewProductFromFullName("Windows 10 Version 1809 for 32-bit Systems"), @@ -112,6 +112,79 @@ func TestParser(t *testing.T) { }, } + // All the products we expect to see in the parsed XML file, grouped by product name. + expectedXMLProducts := map[string]parsed.Products{ + "Windows 10": { + "11568": parsed.Product("Windows 10 Version 1809 for 32-bit Systems"), + "11569": parsed.Product("Windows 10 Version 1809 for x64-based Systems"), + "11570": parsed.Product("Windows 10 Version 1809 for ARM64-based Systems"), + "11712": parsed.Product("Windows 10 Version 1909 for 32-bit Systems"), + "11713": parsed.Product("Windows 10 Version 1909 for x64-based Systems"), + "11714": parsed.Product("Windows 10 Version 1909 for ARM64-based Systems"), + "11896": parsed.Product("Windows 10 Version 21H1 for x64-based Systems"), + "11897": parsed.Product("Windows 10 Version 21H1 for ARM64-based Systems"), + "11898": parsed.Product("Windows 10 Version 21H1 for 32-bit Systems"), + "11800": parsed.Product("Windows 10 Version 20H2 for x64-based Systems"), + "11801": parsed.Product("Windows 10 Version 20H2 for 32-bit Systems"), + "11802": parsed.Product("Windows 10 Version 20H2 for ARM64-based Systems"), + "11929": parsed.Product("Windows 10 Version 21H2 for 32-bit Systems"), + "11930": parsed.Product("Windows 10 Version 21H2 for ARM64-based Systems"), + "11931": parsed.Product("Windows 10 Version 21H2 for x64-based Systems"), + "10729": parsed.Product("Windows 10 for 32-bit Systems"), + "10735": parsed.Product("Windows 10 for x64-based Systems"), + "10852": parsed.Product("Windows 10 Version 1607 for 32-bit Systems"), + "10853": parsed.Product("Windows 10 Version 1607 for x64-based Systems"), + }, + "Windows Server 2019": { + "11571": parsed.Product("Windows Server 2019"), + "11572": parsed.Product("Windows Server 2019 (Server Core installation)"), + }, + "Windows Server 2022": { + "11923": parsed.Product("Windows Server 2022"), + "11924": parsed.Product("Windows Server 2022 (Server Core installation)"), + }, + "Windows Server": { + "11803": parsed.Product("Windows Server, version 20H2 (Server Core Installation)"), + }, + "Windows 11": { + "11926": parsed.Product("Windows 11 for x64-based Systems"), + "11927": parsed.Product("Windows 11 for ARM64-based Systems"), + }, + "Windows Server 2016": { + "10816": parsed.Product("Windows Server 2016"), + "10855": parsed.Product("Windows Server 2016 (Server Core installation)"), + }, + "Windows 8.1": { + "10481": parsed.Product("Windows 8.1 for 32-bit systems"), + "10482": parsed.Product("Windows 8.1 for x64-based systems"), + }, + "Windows RT 8.1": { + "10484": parsed.Product("Windows RT 8.1"), + }, + "Windows Server 2012": { + "10378": parsed.Product("Windows Server 2012"), + "10379": parsed.Product("Windows Server 2012 (Server Core installation)"), + }, + "Windows Server 2012 R2": { + "10483": parsed.Product("Windows Server 2012 R2"), + "10543": parsed.Product("Windows Server 2012 R2 (Server Core installation)"), + }, + "Windows 7": { + "10047": parsed.Product("Windows 7 for 32-bit Systems Service Pack 1"), + "10048": parsed.Product("Windows 7 for x64-based Systems Service Pack 1"), + }, + "Windows Server 2008": { + "9312": parsed.Product("Windows Server 2008 for 32-bit Systems Service Pack 2"), + "10287": parsed.Product("Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)"), + "9318": parsed.Product("Windows Server 2008 for x64-based Systems Service Pack 2"), + "9344": parsed.Product("Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"), + }, + "Windows Server 2008 R2": { + "10051": parsed.Product("Windows Server 2008 R2 for x64-based Systems Service Pack 1"), + "10049": parsed.Product("Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"), + }, + } + expectedCVEs := map[string][]string{ "Windows 10": { "CVE-2022-30190", @@ -1213,7 +1286,7 @@ func TestParser(t *testing.T) { t.Run("parseXML", func(t *testing.T) { t.Run("only windows products are included", func(t *testing.T) { var expected []msrcxml.Product - for _, grp := range expectedProducts { + for _, grp := range expectedXMLProducts { for pID, pFn := range grp { expected = append( expected,