Conversation
224811d
to
c23ffab
Compare
c23ffab
to
1973b7d
Compare
@a-martynovich This only appears to store the checksum. This is good, but we also need the actual list server side to both do CVE checking and list bad services. |
d043620
to
938c387
Compare
I've been thinking: maybe I should store deb packages not as a JSON list, but as a m2m relation? This way we can avoid duplicates (i.e. save on storage) and using background CVE scanner we can mark packages as "vulnerable". |
That’s a good idea. We just need to ensure that we track down the distribution too. |
|
||
def post(self, request, *args, **kwargs): | ||
data = request.data | ||
device = Device.objects.get(device_id=request.device_id) | ||
device.last_ping = timezone.now() | ||
device.agent_version = data.get('agent_version') | ||
if 'deb_packages' in data: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This way you'll keep old and outdated packages list if the agent was reverted to some old version that doesn't pass deb_packages
. I recommend sending (from agent) None as the deb_packages
payload element, which means it was not changed. So you'll do nothing if deb_packages is None
and you'll clear device.deb_packages
content in case of no deb_packages
in data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why should we clear deb_packages
? Isn't outdated data better than no data at all?
@vpetersson need your input on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a timestamp on the actual report, right? If so, then yes, old data is better than no data.
Since we decided to store packages as db entities, not in JSON as it's currently done, I'm closing this PR until I implement this. Otherwise I'll have to write a complex migration from JSON to m2m which will be a waste of time. |
Needed for WoTTsecurity/agent#22 and #23.