How to find files and its location?

I want to search a specific file and its pathname. Any idea how can I extract those data in BF? Thanks.

When you say find files and their locations…

Please explain the scenario more clearly - you don’t want to make the BES Client getting stuck while recursive searching for files.

The more appropriate solution will be running a script which will search for those files and then will write the results into a file. BigFix will then read lines of this file.

Q: lines of file “PATH-TO-FILES”

1 Like

Hi! I want to generate list of all pc (both windowa and linix) that are using jquery or juery fole and its location path. Thanks.

@julius.susmina so you want to identify usage of jQuery on Windows or Linux Servers?

From my knowledge, jQuery can be used and not being installed as Package on Windows or Linux.

And as such, you need a different tool to search for existence of it - for example , Tenable - JQuery 1.2 < 3.5.0 Multiple XSS<!-- --> | TenableÂŽ

Anyone else have a different view about this?

1 Like

Well noted. But any idea how to search computers with jquery*.js file and its location?

Some like if we can do it in Analysis and Property?

This requires a combination approach. Doing this entirely in BigFix will tie up the Client unnecessarily and prevent it from doing other work. Instead, use a script (executed as an action by BigFix) to search for the files in question which will deposit the output in a log file. Then use an analysis to read the log file and return the results to the Console and Web Reports. See this thread for an example: Need to uninstall/remove all files of Anaconda3 from all machines.

1 Like

Thank you! Btw. Is this only for windows, right?

The example happens to be for Windows, yes. But the principal is the same for any OS. Use the appropriate script for the OS.

2 Likes

As has been pointed out already by @orbiton and @itsmpro92,

  • Searching for jquery*.js files is not a truly effective solution for any JQuery vulnerabilities, because it’s very common for HTML content to load javascript files from remote sources (such as JQuery’s CDN) without hosting a copy of the file locally; and
  • File searches should not be done in pure Relevance; I’ve worked with several customers who have left the clients completely unresponsive because they issue searches with ‘descendant files’ and ‘descendant’ inspectors to search entire hard drives.

What is needed to give the minimal visibility offered by searching for jquery*.js files, is a separate Task that can be executed one-time or on a schedule, and an Analysis to read the results of that scan.

By the way, that is an approach we leverage heavily in Bigfix Inventory – and if you have a BigFix Inventory license, a custom Signature is trivial to add there; if you don’t have Inventory you should consider it if this is a use-case for you.

If you must write your own though, I think probably the most recent versions of filesystem scans I’d reference are from the Spring Boot Vulnerability scans. I have write-ups at Spring Framework RCE Vulnerability – Current BigFix Actions

As part of that Spring scan content we produced scans for WIndows and Linux and an Analysis to read the results. Those are probably the cleanest content from which you could start, and revise it to match the files you want instead. You could probably just remove the portions about extracting .JAR files entirely and only base the results on the directory searches.

Windows Scan:
https://bigfix.me/fixlet/details/26932

Linux Scan:
https://bigfix.me/fixlet/details/26921

Analysis Results:
https://bigfix.me/analysis/details/2998672

3 Likes

Thanks you! I will update you after will do ny testing! I highly appreciated all your recommendation.

Is this correct?

parameter “output”=“{pathname of parent folder of data folder of client & “\search_results.txt”}”

delete “{parameter “output”}”
delete __appendfile

appendfile {concatenation “%0d%0a” of (“for /F %22tokens=*%22 %25%25i in (‘dir /s /b " & it & "\ ^| findstr /R /C:%22jquery*.js$%22’) do @echo %25%25~dpnxi>>%22” & (parameter “output”) & “%22”) of pathnames of root folders of drives whose (type of it = “DRIVE_FIXED”)}

delete search.cmd
move __appendfile search.cmd

//override timeout after 30 min
action launch preference low-priority
override wait
hidden=true
timeout_seconds=1800
disposition=terminate
wait cmd.exe /c search.cmd

For an update: i was able to create text file per client and created analysis. Thanks Guys!

1 Like