Help with cross platform relevance

anon88724953 · March 8, 2019, 11:57pm

Hello,

I’m trying to get the below relevance working. If I omit the debian section it works in the Fixlet Debugger.

((versions of regapps “chrome.exe”);(versions of applications “Google Chrome.app”);versions of ((packages of debianpackages) whose (it as string contains “google-chrome”))) whose (it < version “72.0.3626.121”)

Can you help me?

vnovik · March 9, 2019, 2:14am

Hello tasaif,

Please try the following relevance:

( (versions of regapps "chrome.exe");(versions of applications "Google Chrome.app"); (if exists properties whose (it as string contains "debianpackage:") then debianpackages else NOTHINGS) ) whose (it < version "72.0.3626.121")

Also it’s usually a good idea to protect the platform specific items in an if condition:
windows of operating system
mac of operating system
…

For example:

if (windows of operating system) then (blah) else (if (mac of operating system) then () else ())

You may find here another example (apt version):
https://bigfix.me/analysis/details/2998050

Regards,
Vitaliy

anon88724953 · March 11, 2019, 6:52pm

Hi Vitaliy,

Thank you for your help.

I’m trying to write one relevance statement that checks to see if there is an installed version of chrome whose version is less than “72.0.3626.121” for Windows, Mac, and Ubuntu.

The Windows and Mac ones seem to work fine, but I’m running into trouble with the Ubuntu one.

Am I doing something obviously wrong in the following?

  (
   versions of 
   (
     (
       packages of debianpackages
     )
     whose
     (
       it as string contains "google-chrome"
     )
   )
 )
 whose
 (
   it < version "72.0.3626.121"
 )

Thanks to anyone who can help

steve · March 11, 2019, 9:27pm

Apparently version of package of debianpackages doesn’t return a version type, but rather a debian package version type. So you’ll need to create the same type in your version comparison or just use a string. See https://developer.bigfix.com/relevance/reference/debian-package-version.html#version-of-debian-versioned-package-debian-package-version

You might also want to use name of it when doing the google-chrome match, since I’m not sure exactly what a package returns when cast to a string directly.

anon88724953 · March 11, 2019, 9:37pm

That did it. Thank you. Below is the final relevance. It can be used to detect CVE-2019-5786 as described by Google: https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html

 exists 
 (
   (
     if
       (
         windows of operating system
       )
     then
       (
         versions of regapps "chrome.exe"
       )
     else
       (
         if
           (
             mac of operating system
           )
         then
           (
             versions of applications "Google Chrome.app"
           )
         else
           (
             versions of 
             (
               (
                 packages of debianpackages
               )
               whose
               (
                 name of it contains "google-chrome"
               )
             )
           )
       )
   )
   whose
   (
     it as string as version < version "72.0.3626.121"
   )
 )