Skip to content

Commit

Permalink
Removed invalid UUID error from Apple MDM UDID. (#25074)
Browse files Browse the repository at this point in the history 
#24961 

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Manual QA for all new/changed functionality
  • Loading branch information
@getvictor
getvictor authored Jan 2, 2025
1 parent feedb50 commit eef1757
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 9 deletions.
1 change: 1 addition & 0 deletions changes/24961-invalid-uuid
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Removed `invalid UUID` log message when validating Apple MDM UDID.
14 changes: 5 additions & 9 deletions server/mdm/nanomdm/storage/mysql/queue.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (
"fmt"
"strings"

"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
"github.com/fleetdm/fleet/v4/server/datastore/mysql/common_mysql"
"github.com/fleetdm/fleet/v4/server/mdm/nanomdm/mdm"
"github.com/google/uuid"
Expand Down Expand Up @@ -195,17 +194,14 @@ func (m *MySQLStorage) RetrieveNextCommand(r *mdm.Request, skipNotNow bool) (*md
command := new(mdm.CommandWithSubtype)
id := "?"
var args []interface{}
// Validate the ID to avoid SQL injection.
// This performance optimization eliminates the prepare statement for this frequent query.
// Eventually, we should use binary storage for id (UUID).
// This performance optimization eliminates the prepare statement for this frequent query for macOS devices.
// For macOS devices, UDID is a UUID, so we can validate it and use it directly in the query.
if err := uuid.Validate(r.ID); err == nil {
id = "'" + r.ID + "'"
} else {
err = ctxerr.Wrap(r.Context, err, "device ID is not a valid UUID: %s", r.ID)
m.logger.Info("msg", "device ID is not a UUID", "device_id", r.ID, "err", err)
// Handle the error by sending it to Redis to be included in aggregated statistics.
// Before switching UUID to use binary storage, we should ensure that this error rate is low/none.
ctxerr.Handle(r.Context, err)
// iOS devices have a UDID that is not a valid UUID.
// User enrollments have their own identifier, which is not a UUID.
// We use a prepared statement for these cases to avoid SQL injection.
args = append(args, r.ID)
}
err := m.reader(r.Context).QueryRowxContext(
Expand Down

0 comments on commit eef1757

Please sign in to comment.