EA to Inventory Edge Extensions

raymondap
Contributor

Hello all,

I had a request to inventory all Edge extensions in our environment so we can consider whitelisting/blacklisting extensions. I was able to modify the script in this Chrome EA from Jamf's GitHub to fit our needs. Specifically, I needed to modify it to look at Edge's data folder and to check all users on the client instead of just the currently logged in one or last user. I'm providing my modified script below in case it's helpful to anyone else looking to do the same.

#!/bin/bash
# Setting IFS Env to only use new lines as field separator
IFS=$'\n'
result="NA"
createChromeExtList ()
{
    for userHome in /Users/*
    do
        user=`echo $userHome | rev | cut -d"/" -f1 | rev`
        if [ -d "$userHome/Library/Application Support/Microsoft Edge/Default/Extensions" ]
        then
            for manifest in $(find "$userHome/Library/Application Support/Microsoft Edge/Default/Extensions" -name 'manifest.json')
            do
                name=$(cat $manifest | grep '"name":' | awk -F "\"" '{print $4}')
                if [[ `echo $name | grep "__MSG"` ]]
                    then
                    msgName="\"`echo $name | awk -F '__MSG_|__' '{print $2}'`\":"
                    if [ -f $(dirname $manifest)/_locales/en/messages.json ]
                    then reportedName=$(cat $(dirname $manifest)/_locales/en/messages.json | grep -i -A 3 "$msgName" | grep "message" | head -1 | awk -F ": " '{print $2}' | tr -d "\"")
                    elif [ -f $(dirname $manifest)/_locales/en_US/messages.json ]
                    then reportedName=$(cat $(dirname $manifest)/_locales/en_US/messages.json | grep -i -A 3 "$msgName" | grep "message" | head -1 | awk -F ": " '{print $2}' | tr -d "\"")
                    fi
                else
                    reportedName=$(cat $manifest | grep '"name":' | awk -F "\"" '{print $4}')
                fi
            version=$(cat $manifest | grep '"version":' | awk -F "\"" '{print $4}')
            extID=$(basename $(dirname $(dirname $manifest)))
# This is the default output style - looks nice in JSS
# Comment out line below if you wish to use alternate output
            echo -e "User: $user\nName: $reportedName \nVersion: $version \nID: $extID \n"

# This is the alternate output style - looks ugly in JSS, but possibly more useful
# Uncomment line below to use this output instead
# echo -e "$user;$reportedName;$version;$extID"
            done
        fi
    done
}

result="`createChromeExtList`"
echo -e "<result>$result</result>"

 

2 REPLIES 2

AJPinto
Honored Contributor II

You will need to read the users directory and list all the user accounts, and set a loop to run your script for each user account. Though this is getting deeper than I would want for an Extension Attribute. I would probably do this with a policy, print a log and read that log with an EA or move the log somewhere you can access it.

 

I am sniping your script though :).

raymondap
Contributor

Yup! That's what the for (each) loop is doing :) It won't work in its current state if your user homes are somewhere other than /Users though. I doubt I'll keep it in place as an EA after we collect the info we need, provided I can convince management that a whitelist is the right way to handle browser extensions.

Also forgot to mention the script is provided as is without any sort of guarantee that it won't hose all your clients and brick your Jamf Pro instance. Run at your own risk!