Webex Chrome Extension Version

jgwentworth · January 26, 2017, 3:13pm

I came across the below fixlet for the relevance of WebEx Chrome Extension version. But I am having an error when I try to import the fixlet into BigFix. Do I need to alter the relevance with the version that I’m looking for?

unique values of (substrings between “%22” of following texts of firsts “:” of it) of lines containing “%22version%22” of files “manifest.json” whose(exists lines containing “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html” of it) of ( ( folders of folders of folders “AppData\Local\Google\Chrome\User Data\Default\Extensions” of folders of folders (“C:\Users”; “C:\Documents and Settings”) ); (folders of folders of folders “Library/Application Support/Google/Chrome/Default/Extensions” of folders of folders “/Users”) ; ( folders of folders of folders “google-chrome/Default/Extensions” of folders of folders “/home” ) )

https://bigfix.me/relevance/details/3019270

ctan · January 26, 2017, 3:18pm

I’m looking at it a bit different, maybe this can help…

 if
   not 
   (
     exists folder of folder "AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma" of folders of parent folder of folder 
     (
       home directories of local users
     )
   )
 then
   "0" 
 else
   substrings between "%22" of following texts of firsts ":" of lines containing "%22version%22" of file "manifest.json" of folder of folder "AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma" of folders of parent folder of folder 
   (
     home directories of local users
   )

jgwentworth · January 26, 2017, 3:29pm

So what is the expected action and output of this? Ideally, I would want this to look for “\jlhmfgmfgeifomenelglieieghnjghma\1.0.7_0” as the folder that exists so I can know that the Extension is upgrading on it’s own. It looks like opening the Chrome browser with that extension updates it automatically, but you can never be too sure.

Edit: I modified your relevance to look for the existence of the “1.0.7” folder, and if it exists, you joined an automatic group. Then I can compare that group to another group that has anyone with Chrome installed. I suppose I could reverse it and say, “exists …\jlhmfgmfgeifomenelglieieghnjghma” but not exists “1.0.7” so I know people who have the extension installed but who do not have the latest version.

ctan · January 26, 2017, 3:46pm

Yea, this was written before I realized that Chrome extensions are not removed from Chrome, rather just appened.

Going to have to re-write it before it goes into testing now.

ctan · January 26, 2017, 7:07pm

Put up a new version check to see what is currently loaded into Chrome via the preferences.

Currently loaded version of Cisco WebEx Extension for Chrome - Windows Preferences Eddition

jgstew · January 26, 2017, 7:46pm

This isn’t a fixlet, it is a piece of relevance. I don’t have a lot of luck downloading content from BigFix.Me and importing it into the console in general.

You can just copy and paste the relevance into a new property or a new property inside of an analysis. Give it a name and set the reporting period to once every 6 hours, give or take.

The relevance should output the version that is installed across all users and OSes. It may need some testing.

I’m not sure if the folder name is always the same, also you should get multiple results for some systems as they will have multiple users with chrome extensions.

this would be what I would recommend:

not exists it whose(it as version < "1.0.7") of ...

where ... is the relevance that returns all versions of the extension installed.

Pete_F · January 26, 2017, 7:49pm

When I check the relevance on various machines. I get Singular Expression refers to non-unique object.
SAme goes in the Debugger…
This applied to machines where the Webex extension is not loaded…

However, its reporting webex extensions correctly on machines that do have it installed

jgstew · January 26, 2017, 7:54pm

I’ll give a breakdown of the relevance and what it is doing.

This should give all of the folders of all of the chrome extensions of all users for all OSes: ( This relevance could be simplified, which I haven’t done yet )

Q: ( ( folders of folders of folders "AppData\Local\Google\Chrome\User Data\Default\Extensions" of folders of folders ("C:\Users"; "C:\Documents and Settings") ); (folders of folders of folders "Library/Application Support/Google/Chrome/Default/Extensions" of folders of folders "/Users") ; ( folders of folders of folders "google-chrome/Default/Extensions" of folders of folders "/home" ) )
A: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0
A: ...redacted...

This returns all of the manifest.json files that contain the string “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html” which should correlate to WebEx.

files "manifest.json" whose(exists lines containing "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" of it) of ( ( folders of folders of folders "AppData\Local\Google\Chrome\User Data\Default\Extensions" of folders of folders ("C:\Users"; "C:\Documents and Settings") ); (folders of folders of folders "Library/Application Support/Google/Chrome/Default/Extensions" of folders of folders "/Users") ; ( folders of folders of folders "google-chrome/Default/Extensions" of folders of folders "/home" ) )

This relevance returns all lines of manifest.json that contain the string "version", but %22 is used because double quotes have to be escaped within relevance:

lines containing "%22version%22" of files "manifest.json" whose(exists lines containing "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" of it) of ( ( folders of folders of folders "AppData\Local\Google\Chrome\User Data\Default\Extensions" of folders of folders ("C:\Users"; "C:\Documents and Settings") ); (folders of folders of folders "Library/Application Support/Google/Chrome/Default/Extensions" of folders of folders "/Users") ; ( folders of folders of folders "google-chrome/Default/Extensions" of folders of folders "/home" ) )

The full relevance parses out the version info from that file line for all of the files that exist, then collapses any duplicate versions found:

unique values of (substrings between "%22" of following texts of firsts ":" of it) of lines containing "%22version%22" of files "manifest.json" whose(exists lines containing "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" of it) of ( ( folders of folders of folders "AppData\Local\Google\Chrome\User Data\Default\Extensions" of folders of folders ("C:\Users"; "C:\Documents and Settings") ); (folders of folders of folders "Library/Application Support/Google/Chrome/Default/Extensions" of folders of folders "/Users") ; ( folders of folders of folders "google-chrome/Default/Extensions" of folders of folders "/home" ) )

This is the part that does the parsing: (substrings between "%22" of following texts of firsts ":" of it) of ... while unique values collapses any duplication.

JSON inspectors could be used instead, but I didn’t use them in this case, partly because I didn’t take the time to do so, and partly because I need to check which platforms support the JSON inspectors at which version of the BigFix client. The direct string parsing should work everywhere.

jgstew · January 26, 2017, 7:54pm

Which relevance gives you this result?

Pete_F · January 26, 2017, 8:19pm

I took the code that ctan ;posted and pasted it into an analysis property…
I also took teh same code an posted it into QnA

I ran qna in local client and local fixlet modes and came up with the same result…
"Error: Singular expression refers to non-unique object."
This was on my own machine that didnt have the cisco webex extension installed.
I than ran the anaysis against other machines…
Some reported a version back, others reported “not applicable” and quite a large number reported the Error.

I then installed the webex client into my chrome and ran the qna again… Same Error.

In the graphic breakdown , I see lots of Eval errors

Pete_F · January 26, 2017, 8:40pm

James your last section of code works perfectly…
Thanks.

jgstew · January 26, 2017, 8:42pm

Glad it works. Do you have linux endpoints reporting in? I haven’t tested it completely on linux yet.

That last section of code is also in the very top post which started this whole thing, from here: https://bigfix.me/relevance/details/3019270

jgstew · January 26, 2017, 8:53pm

I’m working on improving my relevance in general as I think being able to report on many different chrome config items in a cross platform way will be useful going forward. This is something I have meant to do for a very long time.

This should be a simplified cross platform relevance to get the Chrome Extensions folder: https://bigfix.me/relevance/details/3019272

folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

This is all of the actual extensions:

Q: folders of folders of folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )
A: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0

This should be an easier option for the WebEx version:

unique values of (substrings between "%22" of following texts of firsts ":" of it) of lines containing "%22version%22" of files "manifest.json" whose(exists lines containing "cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html" of it) of folders of folders of folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

jgstew · January 26, 2017, 9:22pm

This attempts to give the names of the chrome extensions installed, for certain extensions:

unique values of (it as string) of values of keys "message" of values of keys "appName" of jsons whose(exists keys "appName" of it) of files "messages.json" of folders whose(name of it as lowercase contains "en") of folders "_locales" of folders of folders of folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

Not all extensions follow this format.

This should get the name of most other extensions:

unique values whose(it does not contain "__MSG_") of (it as string) of values of keys "name" of jsons of files "manifest.json" of folders of folders of folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

both of the above combined:

(unique values whose(it does not contain "__MSG_") of (it as string) of values of keys "name" of jsons of files "manifest.json" of it; unique values of (it as string) of values of keys "message" of values of keys "appName" of jsons whose(exists keys "appName" of it) of files "messages.json" of folders whose(name of it as lowercase contains "en") of folders "_locales" of it) of folders of folders of folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

handle another case:

(unique values whose(it does not contain "__MSG_") of (it as string) of values of keys "name" of jsons of files "manifest.json" of it; unique values of ( (it as string) of values of keys "message" of values of (keys "appName" of it) of jsons whose(exists keys "appName" of it) of it ; (it as string) of values of keys "message" of values of (keys "app_name" of it) of jsons whose(exists keys "app_name" of it) of it ) of files "messages.json" of folders whose(name of it as lowercase contains "en") of folders "_locales" of it) of folders of folders of folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

A different method:

unique values whose(it does not contain "%0a") of (( (it as string) of values of keys "message" of values of (keys whose(name of it as lowercase contains "app" AND name of it as lowercase contains "name") of it) of jsons whose(exists keys whose(name of it as lowercase contains "app" AND name of it as lowercase contains "name") of it) of it ) of files "messages.json" of folders whose(name of it as lowercase contains "en") of folders "_locales" of it) of folders of folders of folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

Name & Version of certain extensions:

unique values whose(it does not contain "__MSG_") of (value of key "name" of it as string & " " & value of key "version" of it as string) of jsons of files "manifest.json" of folders of folders of folders "Extensions" of folders "Default" of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

Entaille · January 26, 2017, 11:29pm

thank you for sharing your work and process on this one gents. very helpful.

JasonWalker · February 3, 2017, 8:29pm

In this case, the folder name is always the same. According to Cisco WebEx Browser Extension Remote Code Execution Vulnerability,

The Cisco WebEx Extension for Google Chrome identification string, which organizations can use to identify hosts that contain the plugin, is the following:
Jlhmfgmfgeifomenelglieieghnjghma

A user account may have more than one Chrome profile defined, however, so it’s not always beneath the User Data\Default folder; it could be beneath User Data\Profile 1 or any number of other folders. Taking your Cisco Webex-specific relevance below, I’ve made it as far as

unique values of (substrings between "%22" of following texts of firsts ":" of it) of lines containing "%22version%22" of files "manifest.json" of folders of folders "jlhmfgmfgeifomenelglieieghnjghma" of folders "Extensions" of folders of ( ( folders "google-chrome" of folders of folders "/home" );( folders "Library/Application Support/Google/Chrome" of folders of folders "/Users" );( folders "AppData\Local\Google\Chrome\User Data" of folders of folders ("C:\Users"; "C:\Documents and Settings") ) )

JasonWalker · February 3, 2017, 10:21pm

Has anyone found a good method for forcing Chrome to update the extension?