Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes issue verifying Windows CSP profiles that contain ADMX policies. #25528

Merged
merged 7 commits into from
Jan 17, 2025
Merged

Fixes issue verifying Windows CSP profiles that contain ADMX policies. #25528

merged 7 commits into from
Jan 17, 2025
+339 −7

Conversation

getvictor
Copy link
Member

@getvictor getvictor commented Jan 16, 2025
edited
Loading

For #24790

Support verifying Windows CSPs with ADMX policies.
https://learn.microsoft.com/en-us/windows/client-management/understanding-admx-backed-policies

Checklist for submitter

  • Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  • Added/updated automated tests
  • Manual QA for all new/changed functionality

@codecov Codecov
Copy link

codecov bot commented Jan 16, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 88.88889% with 9 lines in your changes missing coverage. Please review.

Project coverage is 63.60%. Comparing base (7c6e0cb) to head (966a8c2).
Report is 16 commits behind head on main.

Files with missing lines Patch % Lines
server/mdm/microsoft/profile_verifier.go 60.86% 7 Missing and 2 partials ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #25528   +/-   ##
=======================================
  Coverage   63.59%   63.60%           
=======================================
  Files        1619     1620    +1     
  Lines      155002   155038   +36     
  Branches     3985     3990    +5     
=======================================
+ Hits        98580    98614   +34     
  Misses      48653    48653           
- Partials     7769     7771    +2
Flag Coverage Δ
backend 64.45% <88.88%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@getvictor getvictor marked this pull request as ready for review January 16, 2025 23:09
@getvictor getvictor requested a review from a team as a code owner January 16, 2025 23:09
@getvictor
Merge remote-tracking branch 'origin/main' into victor/24790-admx
7b390b7 
# Conflicts:
#	server/mdm/microsoft/profile_verifier.go
gillespi314
gillespi314 reviewed Jan 17, 2025
View reviewed changes
server/mdm/microsoft/admx/admx.go
// ADMX policy elements are not case-sensitive. For example: <enabled/> and <Enabled/> are equivalent
// For simplicity, we compare everything in lowercase.
var policy admxPolicy
err = xml.Unmarshal([]byte(`<admx>`+strings.ToLower(unescaped)+`</admx>`), &policy)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't unescaped already include the <admx/> tags? Is it intentional to wrap in those <admx/> again here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, unescaped looks like: <enabled/><data id="Item" value="foo"/>

I don't know how to unmarshal it without adding a root XML element.

<admx> is just a random throw-away name. It could be <bozo>

@getvictor getvictor merged commit e6e7c3f into main Jan 17, 2025
32 checks passed
@getvictor getvictor deleted the victor/24790-admx branch January 17, 2025 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gillespi314 gillespi314 gillespi314 approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@getvictor @gillespi314