Store deb packages list for a device. #395
Conversation
a-martynovich
force-pushed
the
agent-22
branch
2 times, most recently
from
224811d
to
c23ffab
Compare
a-martynovich
force-pushed
the
agent-22
branch
from
c23ffab
to
1973b7d
Compare
|
@a-martynovich This only appears to store the checksum. This is good, but we also need the actual list server side to both do CVE checking and list bad services. |
a-martynovich
force-pushed
the
agent-22
branch
from
d043620
to
938c387
Compare
|
I've been thinking: maybe I should store deb packages not as a JSON list, but as a m2m relation? This way we can avoid duplicates (i.e. save on storage) and using background CVE scanner we can mark packages as "vulnerable". |
|
That’s a good idea. We just need to ensure that we track down the distribution too. |
|
|
||
| def post(self, request, *args, **kwargs): | ||
| data = request.data | ||
| device = Device.objects.get(device_id=request.device_id) | ||
| device.last_ping = timezone.now() | ||
| device.agent_version = data.get('agent_version') | ||
| if 'deb_packages' in data: |
There was a problem hiding this comment.
This way you'll keep old and outdated packages list if the agent was reverted to some old version that doesn't pass deb_packages. I recommend sending (from agent) None as the deb_packages payload element, which means it was not changed. So you'll do nothing if deb_packages is None and you'll clear device.deb_packages content in case of no deb_packages in data.
There was a problem hiding this comment.
Why should we clear deb_packages? Isn't outdated data better than no data at all?
@vpetersson need your input on this.
There was a problem hiding this comment.
We have a timestamp on the actual report, right? If so, then yes, old data is better than no data.
|
Since we decided to store packages as db entities, not in JSON as it's currently done, I'm closing this PR until I implement this. Otherwise I'll have to write a complex migration from JSON to m2m which will be a waste of time. |
Needed for WoTTsecurity/agent#22 and #23.