Add logic for minorVersionRecalculationThreshold

Author: erikng

CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [2.0.5] - 2024-07-24
 Requires macOS 12.0 and higher.
 
+### Added
+- To artificially change the `requredInstallationDate` to honor a previous macOS minor version, set `minorVersionRecalculationThreshold` under `osVersionRequirement` in amount of minor versions.
+  - Ex: `minorVersionRecalculationThreshold` is set to 1 and SOFA feed has macOS 14.5 available
+    - macOS device is 14.3: Target macOS 14.4.1 requiredInstallationDate of 2024-04-15 00:00:00 +0000
+    - macOS device is 14.4: Target macOS 14.4.1 requiredInstallationDate of 2024-04-15 00:00:00 +0000
+    - macOS device is 14.4.1: Target macOS 14.5 requiredInstallationDate of 2024-06-03 00:00:00 +0000
+  - Addresses [612](https://github.com/macadmins/nudge/issues/612)
+
 ### Changed
 - The `Actively Exploited` logic internally within Nudge and the UI on the left sidebar will show `True` if any previous updates missing on the device had active exploits.
   - **WARNNG BREAKING CHANGE** - This changes the SLA computation and will result in a different `requiredInstallationDate` than offered in Nudge v2.0 -> v2.01.

Nudge/Preferences/DefaultPreferencesNudge.swift

@@ -233,6 +233,12 @@ struct OSVersionRequirementVariables {
         ""
     }
 
+    static var minorVersionRecalculationThreshold: Int {
+        osVersionRequirementsProfile?.minorVersionRecalculationThreshold ??
+        osVersionRequirementsJSON?.minorVersionRecalculationThreshold ??
+        0
+    }
+
     static var nonActivelyExploitedCVEsMajorUpgradeSLA: Int {
         osVersionRequirementsProfile?.nonActivelyExploitedCVEsMajorUpgradeSLA ??
         osVersionRequirementsJSON?.nonActivelyExploitedCVEsMajorUpgradeSLA ??

Nudge/Preferences/PreferencesStructure.swift

@@ -151,6 +151,7 @@ struct OSVersionRequirement: Codable {
     var activelyExploitedCVEsMajorUpgradeSLA: Int?
     var activelyExploitedCVEsMinorUpdateSLA: Int?
     var majorUpgradeAppPath: String?
+    var minorVersionRecalculationThreshold: Int?
     var nonActivelyExploitedCVEsMajorUpgradeSLA: Int?
     var nonActivelyExploitedCVEsMinorUpdateSLA: Int?
     var requiredInstallationDate: Date?
@@ -170,6 +171,7 @@ extension OSVersionRequirement {
         self.activelyExploitedCVEsMajorUpgradeSLA = fromDictionary["activelyExploitedCVEsMajorUpgradeSLA"] as? Int
         self.activelyExploitedCVEsMinorUpdateSLA = fromDictionary["activelyExploitedCVEsMinorUpdateSLA"] as? Int
         self.majorUpgradeAppPath = fromDictionary["majorUpgradeAppPath"] as? String
+        self.minorVersionRecalculationThreshold = fromDictionary["minorVersionRecalculationThreshold"] as? Int
         self.nonActivelyExploitedCVEsMajorUpgradeSLA = fromDictionary["nonActivelyExploitedCVEsMajorUpgradeSLA"] as? Int
         self.nonActivelyExploitedCVEsMinorUpdateSLA = fromDictionary["nonActivelyExploitedCVEsMinorUpdateSLA"] as? Int
         self.requiredMinimumOSVersion = fromDictionary["requiredMinimumOSVersion"] as? String
@@ -248,6 +250,7 @@ extension OSVersionRequirement {
         activelyExploitedCVEsMajorUpgradeSLA: Int? = nil,
         activelyExploitedCVEsMinorUpdateSLA: Int? = nil,
         majorUpgradeAppPath: String? = nil,
+        minorVersionRecalculationThreshold: Int? = nil,
         nonActivelyExploitedCVEsMajorUpgradeSLA: Int? = nil,
         nonActivelyExploitedCVEsMinorUpdateSLA: Int? = nil,
         requiredInstallationDate: Date? = nil,
@@ -265,6 +268,7 @@ extension OSVersionRequirement {
             activelyExploitedCVEsMajorUpgradeSLA: activelyExploitedCVEsMajorUpgradeSLA ?? self.activelyExploitedCVEsMajorUpgradeSLA,
             activelyExploitedCVEsMinorUpdateSLA: activelyExploitedCVEsMinorUpdateSLA ?? self.activelyExploitedCVEsMinorUpdateSLA,
             majorUpgradeAppPath: majorUpgradeAppPath ?? self.majorUpgradeAppPath,
+            minorVersionRecalculationThreshold: minorVersionRecalculationThreshold ?? self.minorVersionRecalculationThreshold,
             nonActivelyExploitedCVEsMajorUpgradeSLA: nonActivelyExploitedCVEsMajorUpgradeSLA ?? self.nonActivelyExploitedCVEsMajorUpgradeSLA,
             nonActivelyExploitedCVEsMinorUpdateSLA: nonActivelyExploitedCVEsMinorUpdateSLA ?? self.nonActivelyExploitedCVEsMinorUpdateSLA,
             requiredInstallationDate: requiredInstallationDate ?? self.requiredInstallationDate,

Nudge/UI/Main.swift

@@ -180,6 +180,7 @@ class AppDelegate: NSObject, NSApplicationDelegate {
             if let macOSSOFAAssets = Globals.sofaAssets?.osVersions {
                 // Get current installed OS version
                 let currentInstalledVersion = GlobalVariables.currentOSVersion
+                let currentMajorVersion = VersionManager.getMajorVersion(from: currentInstalledVersion)
 
                 for osVersion in macOSSOFAAssets {
                     if PrefsWrapper.requiredMinimumOSVersion == "latest" {
@@ -224,10 +225,15 @@ class AppDelegate: NSObject, NSApplicationDelegate {
                     allVersions.sort { VersionManager.versionLessThan(currentVersion: $0, newVersion: $1) }
 
                     // Filter versions between current and selected OS version
-                    let filteredVersions = allVersions.filter {
+                    let filteredVersions = VersionManager().removeDuplicates(from: allVersions.filter {
                         VersionManager.versionGreaterThan(currentVersion: $0, newVersion: currentInstalledVersion) &&
                         VersionManager.versionLessThanOrEqual(currentVersion: $0, newVersion: selectedOSVersion)
-                    }
+                    })
+
+                    // Filter versions with the same major version as the current installed version
+                    let minorVersions = VersionManager().removeDuplicates(from: filteredVersions.filter { version in
+                        VersionManager.getMajorVersion(from: version) == currentMajorVersion
+                    })
 
                     // Count actively exploited CVEs in the filtered versions
                     for osVersion in macOSSOFAAssets {
@@ -272,7 +278,28 @@ class AppDelegate: NSObject, NSApplicationDelegate {
                     nudgePrimaryState.activelyExploitedCVEs = activelyExploitedCVEs
                     releaseDate = selectedOS!.releaseDate ?? Date()
                     if requiredInstallationDate == Date(timeIntervalSince1970: 0) {
-                        requiredInstallationDate = selectedOS!.releaseDate?.addingTimeInterval(slaExtension) ?? DateManager().getCurrentDate().addingTimeInterval(TimeInterval(90 * 86400))
+                        if OSVersionRequirementVariables.minorVersionRecalculationThreshold > 0 {
+                            let safeIndex = max(0, minorVersions.count - (OSVersionRequirementVariables.minorVersionRecalculationThreshold + 1)) // Ensure the index is within bounds
+                            let targetVersion = minorVersions[safeIndex]
+                            var foundVersion = false
+                            LogManager.notice("minorVersionRecalculationThreshold is set - Targeting macOS \(targetVersion) requiredInstallationDate via SOFA", logger: sofaLog)
+                            for osVersion in macOSSOFAAssets {
+                                for securityRelease in osVersion.securityReleases {
+                                    if securityRelease.productVersion == targetVersion && VersionManager.versionLessThan(currentVersion: currentInstalledVersion, newVersion: targetVersion) {
+                                        requiredInstallationDate = securityRelease.releaseDate?.addingTimeInterval(slaExtension) ?? DateManager().getCurrentDate().addingTimeInterval(TimeInterval(90 * 86400))
+                                        foundVersion = true
+                                        break
+                                    }
+                                }
+                            }
+                            if !foundVersion {
+                                requiredInstallationDate = selectedOS!.releaseDate?.addingTimeInterval(slaExtension) ?? DateManager().getCurrentDate().addingTimeInterval(TimeInterval(90 * 86400))
+                                LogManager.warning("Could not find requiredInstallationDate from target macOS \(targetVersion)", logger: sofaLog)
+                                LogManager.notice("Setting requiredInstallationDate via SOFA to \(requiredInstallationDate)", logger: sofaLog)
+                            }
+                        } else {
+                            requiredInstallationDate = selectedOS!.releaseDate?.addingTimeInterval(slaExtension) ?? DateManager().getCurrentDate().addingTimeInterval(TimeInterval(90 * 86400))
+                        }
                         LogManager.notice("Setting requiredInstallationDate via SOFA to \(requiredInstallationDate)", logger: sofaLog)
                     }
                     LogManager.notice("SOFA Matched OS Version: \(selectedOS!.productVersion)", logger: sofaLog)

Nudge/Utilities/Utils.swift

@@ -1492,6 +1492,10 @@ struct VersionManager {
         return majorVersion
     }
 
+    static func getMajorVersion(from version: String) -> Int {
+        return Int(version.split(separator: ".").first.map(String.init)!)!
+    }
+
     static func getMinorOSVersion() -> Int {
         var minorOSVersion = ProcessInfo().operatingSystemVersion.minorVersion
 //        if (CommandLineUtilities().simulateOSVersion() != nil) {
@@ -1516,6 +1520,12 @@ struct VersionManager {
         versionGreaterThan(currentVersion: nudgePrimaryState.requiredMinimumOSVersion, newVersion: nudgePrimaryState.userRequiredMinimumOSVersion)
     }
 
+    // Helper function to remove duplicates while preserving order
+    func removeDuplicates(from array: [String]) -> [String] {
+        var seen = Set<String>()
+        return array.filter { seen.insert($0).inserted }
+    }
+
     // Adapted from https://stackoverflow.com/a/25453654
     static func versionEqual(currentVersion: String, newVersion: String) -> Bool {
         return currentVersion.compare(newVersion, options: .numeric) == .orderedSame

Schema/jamf/com.github.macadmins.Nudge.json

@@ -508,6 +508,25 @@
                                     }
                                 ]
                             },
+                            "minorVersionRecalculationThreshold": {
+                                "description": "The amount of minor versions a device can be behind before the requiredInstallationDate is recalculated against a previous update. (Note: This key is only used with Nudge v2.0.5 and higher)",
+                                "anyOf": [
+                                    {
+                                        "title": "Not Configured",
+                                        "type": "null"
+                                    },
+                                    {
+                                        "title": "Configured",
+                                        "default": 0,
+                                        "type": "integer",
+                                        "options": {
+                                            "inputAttributes": {
+                                                "placeholder": "0"
+                                            }
+                                        }
+                                    }
+                                ]
+                            },
                             "nonActivelyExploitedCVEsMajorUpgradeSLA": {
                                 "description": "When a major upgrade is not under active exploit but contains CVEs, this is the amount of days a user has to install the update. (Note: This key is only used with Nudge v2.0 and higher)",
                                 "anyOf": [