template<typename Struct, typename Member>
Member operator[](Member Struct::*) const;
+ inline std::size_t size() const { return data.size(); }
+
private:
KeyValuePair data;
};
inline Iter end() { return datas.end(); }
inline CIter end() const { return datas.end(); }
+ inline std::size_t size() const { return datas.size(); }
+
private:
std::vector<Property<T>> datas;
};
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-
-/**
- * @file memory-map.h
- * @brief The scheme of memory map (sync with osquery/tables/spec/linux/memory_map.table)
- */
-
-
-#pragma once
-
-#include <string>
-
-struct MemoryMap {
- int region; /// Region index
- std::string type; /// Textual description
- std::string start; /// Start address of memory region
- std::string end; /// End address of memory region
-};
#include <string>
struct Processes {
- int pid;
+ long long int pid;
std::string name;
std::string path;
std::string cmdline;
long long int gid;
long long int euid;
long long int egid;
- std::string on_disk;
-// std::string wired_size; // It doen't supported
- std::string resident_size;
- std::string phys_footprint;
- std::string user_time;
- std::string system_time;
- std::string start_time;
- int parent;
+ int on_disk;
+ long long int resident_size;
+ long long int parent;
};
#include "manager_impl.h"
+#include <osquery/registry.h>
#include <osquery/core.h>
#include <osquery/filesystem/filesystem.h>
#include <osquery/flags.h>
boost::filesystem::create_directories(logDir);
LOG(INFO) << "Initalize osquery manager. ";
+
+ registryAndPluginInit();
}
ManagerImpl::~ManagerImpl() noexcept
Rows ManagerImpl::execute(const std::string& query)
{
LOG(INFO) << "Execute query: " << query;
+ osquery::SQL sql(query, true);
+ if (!sql.ok()) {
+ LOG(ERROR) << "Executing query failed: " << sql.getMessageString();
+ return Rows();
+ }
- osquery::QueryData results;
- auto status = osquery::query(query, results);
- if (!status.ok())
- LOG(ERROR) << "Executing query failed: " << status.getCode();
-
- return results;
+ return std::move(sql.rows());
}
void ManagerImpl::subscribe(const std::string& table, const Callback& callback)
auto rows = OsqueryManager::execute(query);
EXPECT_EQ(rows.size(), 1);
- VLOG(1) << "[Test] time table rows:";
- VLOG(1) << "\t hour: " << rows[0]["hour"];
- VLOG(1) << "\t minutes: " << rows[0]["minutes"];
- VLOG(1) << "\t seconds: " << rows[0]["seconds"];
+ LOG(INFO) << "[Test] time table rows:";
+ LOG(INFO) << "\t hour: " << rows[0]["hour"];
+ LOG(INFO) << "\t minutes: " << rows[0]["minutes"];
+ LOG(INFO) << "\t seconds: " << rows[0]["seconds"];
}
TEST_F(ManagerTests, test_manager_subscribe) {
int called = 0;
auto callback = [&](const Row& row) {
- VLOG(1) << "NotifyCallback called:";
+ LOG(INFO) << "NotifyCallback called:";
for (const auto& r : row)
- VLOG(1) << "\t" << r.first << " : " << r.second;
+ LOG(INFO) << "\t" << r.first << " : " << r.second;
called++;
};
auto columns = OsqueryManager::columns("time");
EXPECT_TRUE(columns.size() > 0);
- VLOG(1) << "[Test] Enabled columns of time table:";
+ LOG(INFO) << "[Test] Enabled columns of time table:";
for (const auto& c : columns)
- VLOG(1) << "\t" << c;
+ LOG(INFO) << "\t" << c;
}
auto& notifier = Notification::instance();
auto callback = [](const Row& row) {
- VLOG(1) << "NotifyCallback called:";
+ LOG(INFO) << "NotifyCallback called:";
for (const auto& r : row)
- VLOG(1) << "\t" << r.first << " : " << r.second;
+ LOG(INFO) << "\t" << r.first << " : " << r.second;
};
auto s = notifier.add("test", std::move(callback));
auto& notifier = Notification::instance();
auto callback = [](const Row& row) {
- VLOG(1) << "NotifyCallback called:";
+ LOG(INFO) << "NotifyCallback called:";
for (const auto& r : row)
- VLOG(1) << "\t" << r.first << " : " << r.second;
+ LOG(INFO) << "\t" << r.first << " : " << r.second;
};
auto s = notifier.add("", std::move(callback));
int called = 0;
auto callback = [&](const Row& row) {
- VLOG(1) << "NotifyCallback called:";
+ LOG(INFO) << "NotifyCallback called:";
for (const auto& r : row)
- VLOG(1) << "\t" << r.first << " : " << r.second;
+ LOG(INFO) << "\t" << r.first << " : " << r.second;
called++;
};
#include <schema/processes.h>
#include <schema/users.h>
#include <schema/groups.h>
-#include <schema/memory-map.h>
#include <osquery/logger.h>
make_column("euid", &Processes::euid),
make_column("egid", &Processes::egid),
make_column("on_disk", &Processes::on_disk),
-// make_column("wired_size", &Processes::wired_size),
- make_column("resident_size", &Processes::resident_size),
- make_column("phys_footprint", &Processes::phys_footprint),
- make_column("user_time", &Processes::user_time),
- make_column("system_time", &Processes::system_time),
- make_column("start_time", &Processes::start_time),
make_column("parent", &Processes::parent));
auto users = make_table("users",
make_column("gid_signed", &Groups::gid_signed),
make_column("groupname", &Groups::groupname));
-auto memoryMap = make_table("memory_map",
- make_column("region", &MemoryMap::region),
- make_column("type", &MemoryMap::type),
- make_column("start", &MemoryMap::start),
- make_column("end", &MemoryMap::end));
-
-auto db = make_database("db", time, processes, users, groups, memoryMap);
+auto db = make_database("db", time, processes, users, groups);
} // anonymous namespace
if (value.empty()) {
LOG(ERROR) << "The value of key[" << key << "] is not exist.";
return Member();
- } else {
- /// TODO(Sangwan): Catch boost::bad_lexical_cast
+ }
+
+ try {
return boost::lexical_cast<Member>(value);
+ } catch (...) {
+ LOG(ERROR) << "Failed to casting [key]: " << key;
+ return Member();
}
}
template std::string Property<Groups>::at(std::string Groups::*) const;
template std::string Property<Groups>::operator[](std::string Groups::*) const;
-template class Property<MemoryMap>;
-template class Properties<MemoryMap>;
-template int Property<MemoryMap>::at(int MemoryMap::*) const;
-template int Property<MemoryMap>::operator[](int MemoryMap::*) const;
-template std::string Property<MemoryMap>::at(std::string MemoryMap::*) const;
-template std::string Property<MemoryMap>::operator[](std::string MemoryMap::*) const;
-
} // namespace osquery
#include <schema/processes.h>
#include <schema/users.h>
#include <schema/groups.h>
-#include <schema/memory-map.h>
using namespace osquery;
result.seconds = time.at(&Time::seconds);
/// Once query execution
- VLOG(1) << "[Test] time table:";
- VLOG(1) << "\t hour: " << result.hour;
- VLOG(1) << "\t minutes: " << result.minutes;
- VLOG(1) << "\t seconds: " << result.seconds;
+ LOG(INFO) << "[Test] time table:";
+ LOG(INFO) << "\t hour: " << result.hour;
+ LOG(INFO) << "\t minutes: " << result.minutes;
+ LOG(INFO) << "\t seconds: " << result.seconds;
/// Each query execution
- VLOG(1) << "[Test] time table:";
- VLOG(1) << "\t hour: " << Property<Time>().at(&Time::hour);
- VLOG(1) << "\t minutes: " << Property<Time>().at(&Time::minutes);
- VLOG(1) << "\t seconds: " << Property<Time>().at(&Time::seconds);
+ LOG(INFO) << "[Test] time table:";
+ LOG(INFO) << "\t hour: " << Property<Time>().at(&Time::hour);
+ LOG(INFO) << "\t minutes: " << Property<Time>().at(&Time::minutes);
+ LOG(INFO) << "\t seconds: " << Property<Time>().at(&Time::seconds);
EXPECT_NE(result.hour, -1);
EXPECT_NE(result.minutes, -1);
result.seconds = time[&Time::seconds];
/// Once query execution
- VLOG(1) << "[Test] time table:";
- VLOG(1) << "\t hour: " << result.hour;
- VLOG(1) << "\t minutes: " << result.minutes;
- VLOG(1) << "\t seconds: " << result.seconds;
+ LOG(INFO) << "[Test] time table:";
+ LOG(INFO) << "\t hour: " << result.hour;
+ LOG(INFO) << "\t minutes: " << result.minutes;
+ LOG(INFO) << "\t seconds: " << result.seconds;
EXPECT_NE(result.hour, -1);
EXPECT_NE(result.minutes, -1);
}
TEST_F(PropertyTests, propertiesProcesses) {
- Processes result = {
- -1, /// pid
- "", /// name
- "", /// path
- "", /// cmdline
- -1, /// uid
- -1, /// gid
- -1, /// euid
- -1, /// egid
- "", /// on_disk
-// "", /// wired_size
- "", /// resident_size
- "", /// phys_footprint
- "", /// user_time
- "", /// system_time
- "", /// start_time
- -1 /// parent
- };
-
+ Processes result;
Properties<Processes> processes;
+ EXPECT_TRUE(processes.size() > 0);
for(auto& p : processes) {
+ EXPECT_TRUE(p.size() > 0);
result.pid = p.at(&Processes::pid);
result.name = p.at(&Processes::name);
result.path = p.at(&Processes::path);
result.euid = p.at(&Processes::euid);
result.egid = p.at(&Processes::egid);
result.on_disk = p.at(&Processes::on_disk);
-// result.wired_size = p.at(&Processes::wired_size);
- result.resident_size = p.at(&Processes::resident_size);
- result.phys_footprint = p.at(&Processes::phys_footprint);
- result.user_time = p.at(&Processes::user_time);
- result.system_time = p.at(&Processes::system_time);
- result.start_time = p.at(&Processes::start_time);
result.parent = p.at(&Processes::parent);
- VLOG(1) << "[Test] Processes table:";
- VLOG(1) << "\t pid: " << result.pid;
- VLOG(1) << "\t name: " << result.name;
- VLOG(1) << "\t path: " << result.path;
- VLOG(1) << "\t cmdline: " << result.cmdline;
- VLOG(1) << "\t uid: " << result.uid;
- VLOG(1) << "\t gid: " << result.gid;
- VLOG(1) << "\t euid: " << result.euid;
- VLOG(1) << "\t egid: " << result.egid;
- VLOG(1) << "\t on_disk: " << result.on_disk;
-// VLOG(1) << "\t wired_size: " << result.wired_size;
- VLOG(1) << "\t resident_size: " << result.resident_size;
- VLOG(1) << "\t phys_footprint: " << result.phys_footprint;
- VLOG(1) << "\t user_time: " << result.user_time;
- VLOG(1) << "\t system_time: " << result.system_time;
- VLOG(1) << "\t start_time: " << result.start_time;
- VLOG(1) << "\t parent: " << result.parent;
+ LOG(INFO) << "[Test] Processes table:";
+ LOG(INFO) << "\t pid: " << result.pid;
+ LOG(INFO) << "\t name: " << result.name;
+ LOG(INFO) << "\t path: " << result.path;
+ LOG(INFO) << "\t cmdline: " << result.cmdline;
+ LOG(INFO) << "\t uid: " << result.uid;
+ LOG(INFO) << "\t gid: " << result.gid;
+ LOG(INFO) << "\t euid: " << result.euid;
+ LOG(INFO) << "\t egid: " << result.egid;
+ LOG(INFO) << "\t on_disk: " << result.on_disk;
+ LOG(INFO) << "\t parent: " << result.parent;
}
}
TEST_F(PropertyTests, propertiesUsers) {
Properties<Users> users;
+ EXPECT_TRUE(users.size() > 0);
+
for(const auto& user : users) {
- VLOG(1) << "[Test] User table:";
- VLOG(1) << "\t uid: " << user[&Users::uid];
- VLOG(1) << "\t gid: " << user[&Users::gid];
- VLOG(1) << "\t uid_signed: " << user[&Users::uid_signed];
- VLOG(1) << "\t gid_signed: " << user[&Users::gid_signed];
- VLOG(1) << "\t username: " << user[&Users::username];
- VLOG(1) << "\t description: " << user[&Users::description];
- VLOG(1) << "\t directory: " << user[&Users::directory];
- VLOG(1) << "\t shell: " << user[&Users::shell];
+ EXPECT_TRUE(user.size() > 0);
+ LOG(INFO) << "[Test] User table:";
+ LOG(INFO) << "\t uid: " << user[&Users::uid];
+ LOG(INFO) << "\t gid: " << user[&Users::gid];
+ LOG(INFO) << "\t uid_signed: " << user[&Users::uid_signed];
+ LOG(INFO) << "\t gid_signed: " << user[&Users::gid_signed];
+ LOG(INFO) << "\t username: " << user[&Users::username];
+ LOG(INFO) << "\t description: " << user[&Users::description];
+ LOG(INFO) << "\t directory: " << user[&Users::directory];
+ LOG(INFO) << "\t shell: " << user[&Users::shell];
}
}
TEST_F(PropertyTests, propertiesGroups) {
Properties<Groups> groups;
- for(const auto& group : groups) {
- VLOG(1) << "[Test] Group table:";
- VLOG(1) << "\t gid: " << group[&Groups::gid];
- VLOG(1) << "\t gid_signed: " << group[&Groups::gid_signed];
- VLOG(1) << "\t groupname: " << group[&Groups::groupname];
- }
-}
+ EXPECT_TRUE(groups.size() > 0);
-TEST_F(PropertyTests, propertiesMemoryMap) {
- Properties<MemoryMap> memoryMap;
- for(const auto& mm : memoryMap) {
- VLOG(1) << "[Test] memory_map table:";
- VLOG(1) << "\t region: " << mm[&MemoryMap::region];
- VLOG(1) << "\t type: " << mm[&MemoryMap::type];
- VLOG(1) << "\t start: " << mm[&MemoryMap::start];
- VLOG(1) << "\t end: " << mm[&MemoryMap::end];
+ for(const auto& group : groups) {
+ EXPECT_TRUE(group.size() > 0);
+ LOG(INFO) << "[Test] Group table:";
+ LOG(INFO) << "\t gid: " << group[&Groups::gid];
+ LOG(INFO) << "\t gid_signed: " << group[&Groups::gid_signed];
+ LOG(INFO) << "\t groupname: " << group[&Groups::groupname];
}
}
projects / platform / core / security / vist.git / commitdiff