[ BUG ] SensorTag and Uninstall commands do not handle MacOS uninstallation tokens

[adub24]

Describe the bug
When executing the Add-FalconSensorTag and targeting a MACOS host, the process does not pull maintenance token information or pass it to the falconctl executable with the -t flag. The results of the entire process will complete as successful but the tag will not be successfully added.

To Reproduce
run Add-FalconSensorTag and target a MacOS host

Expected behavior
Tag should be applied to the host when running the Add-FalconSensorTag command
For the tag to be officially applied, a reboot of the sensor must happen, but this is not required as part of this process.

Environment (please complete the following information):

• OS: MacOS Sonoma 14.4.1
• PowerShell: 7.4.2 (macos)
• PSFalcon: 2.2.6

Additional context
It appears that a maintenance token is not required with Windows (and maybe linux), so this may be a step specific to MacOS.

Transcript content

1. Set $VerbosePreference = 'Continue'
2. Run Import-Module, Request-FalconToken, Start-Transcript, Show-FalconModule, the affected PSFalcon commands or script, and Stop-Transcript
3. Copy/paste transcript content

[bk-cs]

Updated to use this issue to track Uninstall-FalconSensor support as well

[59e5aaf4]

Might be related to #421 where CRLF endings in the .sh / .zsh scripts as shipped by the powershell module package, while they're not present in the github version of the source code. If you check telemetry data you'll see sub-commands contain extra "\000d" which are likely messing with the internal falconctl option parsing, or UNIX program option parsing in general. Try removing these pesky CR bytes ?

[bk-cs]

Might be related to #421 where CRLF endings in the .sh / .zsh scripts as shipped by the powershell module package, while they're not present in the github version of the source code. If you check telemetry data you'll see sub-commands contain extra "\000d" which are likely messing with the internal falconctl option parsing, or UNIX program option parsing in general. Try removing these pesky CR bytes ?

Yes, this will definitely factor in. The primary problem is that the uninstallation tokens are not retrieved or supplied during these commands because they weren't supported in MacOS when I created the commands.

[c2mfj]

When trying to set a sensor tag with psFalcon on MacOS, I am getting a success response but it does not set the tag. Is this part of the same of issue?

[bk-cs]

When trying to set a sensor tag with psFalcon on MacOS, I am getting a success response but it does not set the tag. Is this part of the same of issue?

Yes, it could be the line feed issues, or the fact that the MacOS commands aren't designed to support uninstallation tokens.