#include <osquery/registry_factory.h>
#include <osquery/utils/conversions/split.h>
-#include <osquery/utils/info/platform_type.h>
#include <osquery/utils/json/json.h>
#include <osquery/utils/system/time.h>
senders.pop();
}
- if (!isPlatform(PlatformType::TYPE_WINDOWS)) {
- first.wait();
- } else {
- // Windows is locking by scheduling an async on the main thread.
- first.wait_for(std::chrono::microseconds(100));
- }
+ first.wait();
}
std::vector<StatusLogLine>& BufferedLogSink::dump() {
#include <osquery/registry_interface.h>
#include <osquery/sql.h>
#include <osquery/sql/sqlite_util.h>
-#include <osquery/utils/info/platform_type.h>
namespace osquery {
#include <osquery/sql.h>
#include <osquery/sql/sqlite_util.h>
#include <osquery/sql/tests/sql_test_utils.h>
-#include <osquery/utils/info/platform_type.h>
#include <gtest/gtest.h>
TEST_F(SQLiteUtilTests, test_table_attributes_event_based) {
{
SQLInternal sql_internal("select * from process_events");
- if (!isPlatform(PlatformType::TYPE_WINDOWS)) {
- EXPECT_TRUE(sql_internal.getStatus().ok());
- EXPECT_TRUE(sql_internal.eventBased());
- }
+ EXPECT_TRUE(sql_internal.getStatus().ok());
+ EXPECT_TRUE(sql_internal.eventBased());
}
{
#include <osquery/logger.h>
#include <osquery/sql.h>
-#include <osquery/utils/info/platform_type.h>
-
#include "osquery/sql/dynamic_table_row.h"
#include "osquery/sql/sqlite_util.h"
namespace osquery {
const char* getSystemVFS(bool respect_locking) {
- if (respect_locking) {
- return nullptr;
- }
- if (isPlatform(PlatformType::TYPE_POSIX)) {
- return "unix-none";
- } else if (isPlatform(PlatformType::TYPE_WINDOWS)) {
- return "win32-none";
- }
- return nullptr;
+ return "unix-none";
}
Status genSqliteTableRow(sqlite3_stmt* stmt,
#include <osquery/utils/conversions/tryto.h>
#include <osquery/tests/test_util.h>
-#include <osquery/utils/info/platform_type.h>
namespace fs = boost::filesystem;
using chrono_clock = std::chrono::high_resolution_clock;
void initTesting() {
- if (osquery::isPlatform(PlatformType::TYPE_OSX)) {
- kTestWorkingDirectory = "/private/tmp/osquery-tests";
- } else {
- kTestWorkingDirectory =
- (fs::temp_directory_path() / "osquery-tests").string();
- }
-
- if (osquery::isPlatform(PlatformType::TYPE_WINDOWS)) {
- kTestDataPath = "../" + kTestDataPath;
- }
+ kTestWorkingDirectory =
+ (fs::temp_directory_path() / "osquery-tests").string();
registryAndPluginInit();
system/posix/errno.cpp
system/posix/filepath.cpp
system/posix/time.cpp
- info/platform_type.cpp
- config/default_paths.cpp
conversions/tryto.cpp
conversions/split.cpp
json/json.cpp)
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include "default_paths.h"
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-/**
- * @brief A series of platform-specific home folders.
- *
- * There are several platform-specific folders where osquery reads and writes
- * content. Most of the variance is due to legacy support.
- *
- * OSQUERY_HOME: Configuration, flagfile, extensions and module autoload.
- * OSQUERY_DB_HOME: Location of RocksDB persistent storage.
- * OSQUERY_LOG_HOME: Location of log data when the filesystem plugin is used.
- */
-
-#pragma once
-
-#if defined(__linux__)
-#define OSQUERY_HOME "/etc/osquery/"
-#define OSQUERY_DB_HOME "/var/osquery/"
-#define OSQUERY_SOCKET OSQUERY_DB_HOME
-#define OSQUERY_PIDFILE "/var/run/"
-#define OSQUERY_LOG_HOME "/var/log/osquery/"
-#define OSQUERY_CERTS_HOME "/usr/share/osquery/certs/"
-#elif defined(WIN32)
-#define OSQUERY_HOME "\\Program Files\\osquery\\"
-#define OSQUERY_DB_HOME OSQUERY_HOME
-#define OSQUERY_SOCKET "\\\\.\\pipe\\"
-#define OSQUERY_PIDFILE OSQUERY_DB_HOME
-#define OSQUERY_LOG_HOME OSQUERY_HOME "log\\"
-#define OSQUERY_CERTS_HOME OSQUERY_HOME "certs\\"
-#elif defined(FREEBSD)
-#define OSQUERY_HOME "/var/db/osquery/"
-#define OSQUERY_DB_HOME OSQUERY_HOME
-#define OSQUERY_SOCKET "/var/run/"
-#define OSQUERY_PIDFILE "/var/run/"
-#define OSQUERY_LOG_HOME "/var/log/osquery/"
-#define OSQUERY_CERTS_HOME "/etc/ssl/"
-#else
-#define OSQUERY_HOME "/var/osquery/"
-#define OSQUERY_DB_HOME OSQUERY_HOME
-#define OSQUERY_SOCKET OSQUERY_DB_HOME
-#define OSQUERY_PIDFILE OSQUERY_DB_HOME
-#define OSQUERY_LOG_HOME "/var/log/osquery/"
-#define OSQUERY_CERTS_HOME OSQUERY_HOME "certs/"
-#endif
+++ /dev/null
-/**
- * Copyright (c) 2018-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <type_traits>
-
-namespace osquery {
-
-/**
- * This is just a ad-hoc fix up to handle libc++ and libstdc++ bug:
- * http://www.open-std.org/jtc1/sc22/wg21/docs/lwg-defects.html#2148
- * Eventually it will be removed.
- */
-struct EnumClassHash {
- template <typename EnumClassType>
- typename std::enable_if<std::is_enum<EnumClassType>::value, std::size_t>::type
- operator()(EnumClassType t) const {
- return static_cast<std::size_t>(t);
- }
-};
-
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include <osquery/utils/info/platform_type.h>
-
-namespace osquery {
-
-const std::string kSDKPlatform = OSQUERY_PLATFORM;
-
-/// Helper method for platform type detection.
-bool isPlatform(PlatformType a, const PlatformType& t) {
- return (static_cast<int>(t) & static_cast<int>(a)) != 0;
-}
-
-PlatformType operator|(PlatformType a, PlatformType b) {
- return static_cast<PlatformType>(static_cast<int>(a) | static_cast<int>(b));
-}
-
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <string>
-
-#include <osquery/utils/info/version.h>
-#include <osquery/utils/macros/macros.h>
-
-namespace osquery {
-
-/**
- * @brief A helpful runtime-detection enumeration of platform configurations.
- *
- * CMake, or the build tooling, will generate a OSQUERY_PLATFORM_MASK and pass
- * it to the library compile only.
- */
-enum class PlatformType {
- TYPE_POSIX = 0x01,
- TYPE_WINDOWS = 0x02,
- TYPE_BSD = 0x04,
- TYPE_LINUX = 0x08,
- TYPE_OSX = 0x10,
- TYPE_FREEBSD = 0x20,
-};
-
-/// The build-defined set of platform types.
-constexpr PlatformType kPlatformType = static_cast<PlatformType>(0u
-#ifdef POSIX
- | static_cast<unsigned>(PlatformType::TYPE_POSIX)
-#endif
-#ifdef WINDOWS
- | static_cast<unsigned>(PlatformType::TYPE_WINDOWS)
-#endif
-#ifdef BSD
- | static_cast<unsigned>(PlatformType::TYPE_BSD)
-#endif
-#ifdef LINUX
- | static_cast<unsigned>(PlatformType::TYPE_LINUX)
-#endif
-#ifdef DARWIN
- | static_cast<unsigned>(PlatformType::TYPE_OSX)
-#endif
-#ifdef FREEBSD
- | static_cast<unsigned>(PlatformType::TYPE_FREEBSD)
-#endif
-);
-
-bool isPlatform(PlatformType a, const PlatformType& t = kPlatformType);
-
-PlatformType operator|(PlatformType a, PlatformType b);
-
-/**
- * @brief Platform specific code isolation and define-based conditionals.
- *
- * The following preprocessor defines are expected to be available for all
- * osquery code. Please use them sparingly and prefer the run-time detection
- * methods first. See the %PlatformType class and %isPlatform method.
- *
- * OSQUERY_BUILD_PLATFORM: For Linux, this is the distro name, for OS X this is
- * darwin, and on Windows it is windows. The set of potential values comes
- * the ./tools/platform scripts and may be overridden.
- * OSQUERY_BUILD_DISTRO: For Linux, this is the version, for OS X this is the
- * version (10.10, 10.11, 10.12), for Windows this is Win10.
- * OSQUERY_PLATFORM: available as kSDKPlatform, a OSQUERY_BUILD_PLATFORM string.
- */
-#if !defined(OSQUERY_BUILD_PLATFORM)
-#error The build must define OSQUERY_BUILD_PLATFORM.
-#endif
-
-#if !defined(OSQUERY_BUILD_DISTRO)
-#error The build must define OSQUERY_BUILD_DISTRO.
-#endif
-
-#define OSQUERY_PLATFORM STR(OSQUERY_BUILD_PLATFORM)
-
-/// Identifies the build platform of either the core extension.
-extern const std::string kSDKPlatform;
-
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include <osquery/utils/info/version.h>
-#include <osquery/utils/conversions/split.h>
-
-#include <stdexcept>
-#include <stdexcept>
-
-namespace osquery {
-
-const std::string kVersion = STR(OSQUERY_VERSION);
-const std::string kSDKVersion = STR(OSQUERY_BUILD_SDK_VERSION);
-
-bool versionAtLeast(const std::string& v, const std::string& sdk) {
- if (v == "0.0.0" || sdk == "0.0.0") {
- // This is a please-pass check.
- return true;
- }
-
- auto required_version = split(v, ".");
- auto build_version = split(sdk, ".");
-
- size_t index = 0;
- for (const auto& chunk : build_version) {
- if (required_version.size() <= index) {
- return true;
- }
- try {
- if (std::stoi(chunk) < std::stoi(required_version[index])) {
- return false;
- } else if (std::stoi(chunk) > std::stoi(required_version[index])) {
- return true;
- }
- } catch (const std::invalid_argument& /* e */) {
- if (chunk.compare(required_version[index]) < 0) {
- return false;
- }
- }
- index++;
- }
- return true;
-}
-
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <string>
-
-#include <osquery/utils/macros/macros.h>
-
-namespace osquery {
-
-#if !defined(OSQUERY_VERSION)
-#error The build must define OSQUERY_VERSION.
-#endif
-
-#if !defined(OSQUERY_BUILD_VERSION)
-#warning The build should define OSQUERY_BUILD_VERSION.
-#define OSQUERY_BUILD_VERSION 1.0.0-unknown
-#endif
-
-#if !defined(OSQUERY_BUILD_SDK_VERSION)
-#error The build must define OSQUERY_BUILD_SDK_VERSION.
-#endif
-
-#define OSQUERY_SDK_VERSION STR(OSQUERY_BUILD_SDK_VERSION)
-
-/// The version of osquery
-extern const std::string kVersion;
-
-/// The osquery SDK version
-extern const std::string kSDKVersion;
-
-/**
- * @brief Compare osquery SDK/extension/core version strings.
- *
- * SDK versions are in major.minor.patch-commit-hash form. We provide a helper
- * method for performing version comparisons to allow gating and compatibility
- * checks throughout the code.
- *
- * @param v version to check
- * @param sdk (optional) the SDK version to check against.
- * return true if the input version is at least the SDK version.
- */
-bool versionAtLeast(const std::string& v,
- const std::string& version = kVersion);
-
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2018-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <map>
-#include <unordered_map>
-
-#include <osquery/utils/expected/expected.h>
-
-namespace osquery {
-
-/**
- * Helper functions to look up in key-value tables.
- *
- * There are several reasons for using this code:
- * 1. To reduce amount of code and increase the readability of it.
- * Instead of verbose piece of code such as:
- * @code{.cpp}
- * auto takenValue = ValueType{};
- * auto const it = table.find("key");
- * if (it != table.end()) {
- * takenValue = it->second;
- * }
- * @endcode
- * Have more short and simple:
- * @code{.cpp}
- * auto const takenValue = tryTakeCopy(table, "key").takeOr(ValueType{});
- * @endcode
- *
- * 2. To avoid nonoptimal code with two exactly the same lookups, e.g.:
- * @code{.cpp}
- * auto takenValue = table.count(key) ? table.at(key) : ValueType{};
- * @endcode
- *
- * 3. To reduce the possibility of dangerous misstypes such as:
- * @code{.cpp}
- * auto takenValue = table.count("key") ? table.at("KeY") : ValueType{};
- * @endcode
- */
-
-enum class MapTakeError {
- NoSuchKey = 1,
-};
-
-namespace impl {
-
-template <typename T>
-struct IsMap : std::false_type {};
-
-template <typename... TemplateArgs>
-struct IsMap<std::map<TemplateArgs...>> : std::true_type {};
-
-template <typename... TemplateArgs>
-struct IsMap<std::unordered_map<TemplateArgs...>> : std::true_type {};
-
-} // namespace impl
-
-/**
- * @brief Take out object from the table by key
- *
- * @param table to look up (std::map or std::unordered_map)
- * @param key to look up by in the table
- *
- * @return Expected object with value if such key exists in the table,
- * otherwise Error of type MapTakeError
- */
-template <typename MapType,
- typename KeyType = typename MapType::key_type,
- typename ValueType = typename MapType::mapped_type>
-inline typename std::enable_if<impl::IsMap<MapType>::value,
- Expected<ValueType, MapTakeError>>::type
-tryTake(MapType& table, const KeyType& key) {
- auto it = table.find(key);
- if (it == table.end()) {
- return createError(MapTakeError::NoSuchKey) << "no such key in the table";
- }
- auto item = std::move(it->second);
- table.erase(it);
- return item;
-}
-
-/**
- * @brief Take object copy from the table by key
- *
- * @param table to look up (std::map or std::unordered_map)
- * @param key to look up by in the table
- *
- * @return Expected object with value if such key exists in the table,
- * otherwise Error of type MapTakeError
- */
-template <typename MapType,
- typename KeyType = typename MapType::key_type,
- typename ValueType = typename MapType::mapped_type>
-inline typename std::enable_if<impl::IsMap<MapType>::value,
- Expected<ValueType, MapTakeError>>::type
-tryTakeCopy(MapType const& from, KeyType const& key) {
- auto const it = from.find(key);
- if (it == from.end()) {
- return createError(MapTakeError::NoSuchKey) << "no such key in the table";
- }
- return it->second;
-}
-
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2018-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <utility>
-
-namespace osquery {
-
-namespace scope_guard {
-/**
- * The RAII based scope guard class.
- *
- * To be sure that resources are always released/removed/closed/verified/stoped
- * in face of multiple return statements from the function.
- *
- * It takes functor object by value during the construction. It is going to be
- * called once and only once during the destruction of Guard object.
- *
- * There is helper function to create the object of guard.
- * @code{.cpp}
- * {
- * auto const manager = scope_guard::create(
- * [&file_path]() { fs::remove(file_path); }
- * );
- * ...
- * // it will be removed at the end of scope
- * }
- * @endcode
- */
-template <typename FinalRoutineType>
-class Guard final {
- public:
- explicit Guard(FinalRoutineType final_routine)
- : final_routine_(std::move(final_routine)) {}
-
- ~Guard() {
- final_routine_();
- }
-
- private:
- FinalRoutineType final_routine_;
-};
-
-template <typename FinalRoutineType>
-inline auto create(FinalRoutineType&& final_routine) {
- return Guard<FinalRoutineType>(std::forward<FinalRoutineType>(final_routine));
-}
-
-} // namespace scope_guard
-
-} // namespace osquery
projects / platform / core / security / vist.git / commitdiff