ruby-jss 1.6.0 → 1.6.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4e0dafc4e4ff96d1752578ca2cdb38bd4410f6aa5a32d42d02b8abf499269ab0
-  data.tar.gz: 5d4cb7b7846541246c029f9d562fed7a30eba677aeae8f50e186d0ebcef33a97
+  metadata.gz: ee3b11d92a6a8458b44076a60036f3f0444452f223d4b6d4d8511bb952eb84df
+  data.tar.gz: 4b4f15a1325b53ac1658adf9cd0b19fb05b371f67025036a4b50107afed1106d
 SHA512:
-  metadata.gz: ca56f63003f45b7eeeda5adc2843dc399c4944126d116fc16dd8ce73b3a5af70333a581847b5e15641b76171e8bf6e7969622a52052fff1d25fbace4564c36d3
-  data.tar.gz: 37dd3abb514c208cda9329296ce1b1f4aa9746adb1a93837920d47a62aa171db20bcd9aa20927012445e979b8b69ecc07642202eaef6f0faa9252b2bd28df9dc
+  metadata.gz: a00b4942915039bc4a1b71ccdc794c4fa4bb96a5e816579406b363a4250ddda27144942951e34e517f8cffd7e6a3e945408c59d6b9de504cec6c6dea87d3361b
+  data.tar.gz: ea75b60f659291a3791f5a551fba38da11e6943871e8d0ccb8af1150e525ad4869fc1f4a73e4597ac3b561b282a7ec8fcdf9be8ae458333958c8b2f22df530b5

data/CHANGES.md

@@ -4,7 +4,51 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## \[1.6.0] - 2021-05-??
+## **IMPORTANT: Known Security Issue in v1.5.3 and below**
+
+Versions of ruby-jss prior to 1.6.0 contain a known security issue due to the use of the 'plist' gem.
+
+This has been resolved in 1.6.0, which now uses the CFProperlyList gem.
+
+Please update all installations of ruby-jss to at least v1.6.0.
+
+Many many thanks to actae0n of Blacksun Hackers Club for reporting this issue and providing examples of how it could be exploited.
+
+## \[1.6.4] - 2021-10-04
+
+### Fixed
+
+  - Removed erroneous call to generate self-service XML from JSS::RestrictedSoftware#rest_xml, restricted software items in Jamf Pro are not 'self servable'. Thanks to @marekluban for catching and reporting this one!
+
+### Added
+
+  - Attribute reader JSS::Computer#security, returning the hash of data from the 'security' subset of API computer data.
+
+## \[1.6.3] - 2021-09-13
+
+### Fixed
+
+  - Fixed a bug where some Jamf Pro API CollectionResource subclasses could not be fetched twice without a '.all' scache refresh
+
+### Changed
+
+  - DBConnection.valid_server? connection timeout raised to 60 seconds
+
+  - Update JSS.expand_min_os to handle the fact that OS versions from Apple now have three meaningful parts (major.minor.patch) and that the patch version might be an 'x', as well as the minor version.
+
+
+## \[1.6.1] - 2021-07-27
+
+### Fixed
+
+  - Resolved some more typo-errors regarding display names in the SelfServable mixin module.
+
+### Changed
+
+  - MySQL connections via the DBConnection class now report some authentication errors more clearly.
+
+
+## \[1.6.0] - 2021-05-24
 
 ### Fixed
 

data/README.md

@@ -1,6 +1,16 @@
 # ruby-jss: Working with the Jamf Pro Classic API in Ruby
 [![Gem Version](https://badge.fury.io/rb/ruby-jss.svg)](http://badge.fury.io/rb/ruby-jss)
 
+## **IMPORTANT: Known Security Issue in v1.5.3 and below**
+
+Versions of ruby-jss prior to 1.6.0 contain a known security issue due to the use of the 'plist' gem.
+
+This has been resolved in 1.6.0, which now uses the CFProperlyList gem.
+
+Please update all installations of ruby-jss to at least v1.6.0.
+
+Many many thanks to actae0n of Blacksun Hackers Club for reporting this issue and providing examples of how it could be exploited.
+
 ### Table of contents
 * [DESCRIPTION](#description)
 * [SYNOPSIS](#synopsis)

data/lib/jamf/api/base_classes/collection_resource.rb

@@ -373,10 +373,9 @@ module Jamf
       identifiers.each do |ident|
         next if ident == :id
 
-        id = raw_data_by_other_identifier(ident, value, cnx: cnx)
-        return id if id
+        data = raw_data_by_other_identifier(ident, value, cnx: cnx)
+        return data if data
       end # identifiers.each
-      return
     end
     private_class_method :raw_data_by_value_only
 
@@ -392,9 +391,9 @@ module Jamf
     private_class_method :raw_data_by_id
 
     # Given an indentier attr. key, and a value,
-    # return the id where that ident has that value, or nil
+    # return the raw data where that ident has that value, or nil
     #
-    def self.raw_data_by_other_identifier(identifier, value, refresh: false, cnx: Jamf.cnx)
+    def self.raw_data_by_other_identifier(identifier, value, refresh: true, cnx: Jamf.cnx)
       # if the API supports filtering by this identifier, just use that
       return all(filter: "#{identifier}=='#{value}'", paged: true, page_size: 1, cnx: cnx).first if self::OBJECT_MODEL[identifier][:filter_key]
 

data/lib/jamf/api/base_classes/json_object.rb

@@ -848,7 +848,6 @@ module Jamf
     # @param cnx[Jamf::Connection] the API connection for the object
     #
     def initialize(data, cnx: Jamf.cnx)
-
       raise Jamf::InvalidDataError, 'Invalid JSONObject data - must be a Hash' unless data.is_a? Hash
 
       @cnx = cnx
@@ -1021,8 +1020,7 @@ module Jamf
         value =
           if attr_def[:multi]
             raw_array = data[attr_name] || []
-
-            raw_array.map! { |v| parse_single_init_value v, attr_name, attr_def }
+            raw_array.map { |v| parse_single_init_value v, attr_name, attr_def }
           else
             parse_single_init_value data[attr_name], attr_name, attr_def
           end

data/lib/jamf/utility.rb

@@ -140,7 +140,7 @@ module Jamf
     #   "10.8.x" /^10\.8\.?\d*$/
     req_regexps = requirement.map do |r|
       if r.end_with?('.x')
-        /^#{r.chomp('.x').gsub('.', '\.')}\.?\d*$/
+        /^#{r.chomp('.x').gsub('.', '\.')}(\.?\d*)*$/
 
       elsif r =~ /^\d+\.\d+$/
         /^#{r.gsub('.', '\.')}(.0)?$/

data/lib/jamf/version.rb

@@ -27,6 +27,6 @@
 module Jamf
 
   ### The version of the Jamf module
-  VERSION = '0.0.6a1'.freeze
+  VERSION = '0.0.8'.freeze
 
 end # module

data/lib/jss/api_object/computer.rb

@@ -584,6 +584,15 @@ module JSS
     # @return [Hash] the :name and :id of the site for this machine
     attr_reader :site
 
+    # @return [Hash] The security settings for this Computer
+    #   Keys are:
+    #   activation_lock:  Boolean
+    #   recovery_lock_enabled: Boolean
+    #   secure_boot_level: String
+    #   external_boot_level: String
+    #   firewall_enabled: Boolean
+    attr_reader :security
+
     # @return [String] the name of the Software Update Server assigned to this machine.
     attr_reader :sus
 
@@ -798,6 +807,8 @@ module JSS
         @report_date = JSS.epoch_to_time @init_data[:general][:report_date_epoch]
         @sus = @init_data[:general][:sus]
 
+        @security = @init_data[:security] || {}
+
         @configuration_profiles = @init_data[:configuration_profiles]
 
         @management_status = @init_data[:general][:management_status]

data/lib/jss/api_object/restricted_software.rb

@@ -187,7 +187,6 @@ module JSS
       site.add_element('name').text = @site
 
       obj << @scope.scope_xml
-      add_self_service_xml doc
       doc.to_s
     end # rest_xml
 

data/lib/jss/api_object/self_servable.rb

@@ -361,9 +361,9 @@ module JSS
     #
     def self_service_display_name=(new_val)
       new_val = new_val.strip
-      return nil if @self_service_dislay_name == new_val
+      return nil if @self_service_display_name == new_val
       raise JSS::InvalidDataError, 'Only macOS Self Service items have display names' unless self_service_targets.include? :macos
-      @self_service_dislay_name = new_val
+      @self_service_display_name = new_val
       @need_to_update = true
     end
     # alias for backward compatibility with the typo

data/lib/jss/db_connection.rb

@@ -167,8 +167,6 @@ module JSS
       args[:read_timeout] ||= args[:timeout] ? args[:timeout] : DFT_TIMEOUT
       args[:write_timeout] ||= args[:timeout] ? args[:timeout] : DFT_TIMEOUT
 
-
-
       @port = args[:port]
       @socket = args[:socket]
       @mysql_name = args[:db_name]
@@ -178,7 +176,7 @@ module JSS
       @write_timeout = args[:write_timeout]
 
       # make sure we have a user, pw, server
-      raise JSS::MissingDataError, 'No MySQL user specified, or listed in configuration.' unless args[:user]
+      raise JSS::MissingDataError, 'No MySQL user specified, or defined in configuration.' unless args[:user]
       raise JSS::MissingDataError, "Missing :pw (or :prompt/:stdin) for user '#{@user}'" unless args[:pw]
       raise JSS::MissingDataError, 'No MySQL Server hostname specified, or listed in configuration.' unless @server
 
@@ -204,6 +202,8 @@ module JSS
       @connected = true
 
       @server
+    rescue Mysql::ServerError::NotSupportedAuthMode => e
+      raise Mysql::ServerError::AccessDeniedError, "Probable unknown MySQL user '#{@user}'. Original error was 'Mysql::ServerError::NotSupportedAuthMode: #{e}' which is sometimes raised when the user does not exist on the server."
     end # connect
 
     ###
@@ -239,7 +239,7 @@ module JSS
     ###
     def valid_server?(server, port = DFT_PORT)
       mysql = Mysql.init
-      mysql.options Mysql::OPT_CONNECT_TIMEOUT, 5
+      mysql.options Mysql::OPT_CONNECT_TIMEOUT, 60
       mysql.charset = DFT_CHARSET
 
       begin

data/lib/jss/utility.rb

@@ -263,7 +263,7 @@ module JSS
     #   "10.8.x" /^10\.8\.?\d*$/
     req_regexps = requirement.map do |r|
       if r.end_with?('.x')
-        /^#{r.chomp('.x').gsub('.', '\.')}\.?\d*$/
+        /^#{r.chomp('.x').gsub('.', '\.')}(\.?\d*)*$/
 
       elsif r =~ /^\d+\.\d+$/
         /^#{r.gsub('.', '\.')}(.0)?$/

data/lib/jss/version.rb

@@ -27,6 +27,6 @@
 module JSS
 
   ### The version of ruby-jss
-  VERSION = '1.6.0'.freeze
+  VERSION = '1.6.4'.freeze
 
 end # module

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby-jss
 version: !ruby/object:Gem::Version
-  version: 1.6.0
+  version: 1.6.4
 platform: ruby
 authors:
 - Chris Lasell
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-24 00:00:00.000000000 Z
+date: 2021-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: CFPropertyList