`kolide_system_profiler` should not support an all option
Closed this issue · 4 comments
Chatting with some coworkers, I learned that SELECT * FROM kolide_system_profiler where datatype like "%" works. But it returns so much data it crashes Terminal.app and probably has a bunch of gnarly load.
I think we should disable it. We should require a reasonable argument for datatype
You can find all valid datatypes by running system_profiler -listDataTypes. We should restrict the allowed values for datatype to one in that list.
@directionless do we also want to set a limit on the max number of datatypes that can be specified in one query?
system_profiler documentation: https://ss64.com/mac/system_profiler.html
The intent here is to prevent someone from trivially running something that would effectively hang launcher. Preventing all should have that effect.
I don't know that we need to pre-determine the list of allowed values -- I don't see much harm in letting someone pass a bad data type. (these also vary by macOS release)
I'm ambivalent about putting a max length there. I guess it's reasonable, someday someone will try won't they. Maybe 3?
Issue requirements:
- Disallow passing
%asdatatype - Do now allow more than 3 datatypes in a query