ADD_SUBDIRECTORY(registry)
ADD_SUBDIRECTORY(sql)
ADD_SUBDIRECTORY(tables)
-ADD_SUBDIRECTORY(tests)
ADD_SUBDIRECTORY(utils)
ADD_LIBRARY(${TARGET_OSQUERY_LIB}
SET_TARGET_PROPERTIES(${TARGET_OSQUERY_LIB} PROPERTIES OUTPUT_NAME ${TARGET_OSQUERY_LIB})
-ADD_EXECUTABLE(${TARGET_OSQUERY_TEST} main/tests.cpp
+ADD_EXECUTABLE(${TARGET_OSQUERY_TEST} ../vist/main/tests.cpp
${${TARGET_OSQUERY_LIB}_TESTS})
TARGET_LINK_WHOLE(${TARGET_OSQUERY_TEST} ${TARGET_OSQUERY_LIB})
TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_TEST} gtest)
sql/column.cpp
sql/diff_results.cpp
sql/query_data.cpp
- sql/query_performance.cpp
sql/row.cpp
sql/scheduled_query.cpp
sql/table_rows.cpp)
FILE(GLOB OSQUERY_CORE_TESTS "tests/*.cpp")
-FILE(GLOB OSQUERY_CORE_POSIX_TESTS "tests/posix/*.cpp")
-ADD_OSQUERY_TEST(${OSQUERY_SQL_TESTS}
- ${OSQUERY_CORE_POSIX_TESTS})
+ADD_OSQUERY_TEST(${OSQUERY_SQL_TESTS})
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include "query_performance.h"
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <cstddef>
-
-namespace osquery {
-
-/**
- * @brief performance statistics about a query
- */
-struct QueryPerformance {
- /// Number of executions.
- size_t executions{0};
-
- /// Last UNIX time in seconds the query was executed successfully.
- size_t last_executed{0};
-
- /// Total wall time taken
- unsigned long long int wall_time{0};
-
- /// Total user time (cycles)
- unsigned long long int user_time{0};
-
- /// Total system time (cycles)
- unsigned long long int system_time{0};
-
- /// Average memory differentials. This should be near 0.
- unsigned long long int average_memory{0};
-};
-
-} // namespace osquery
#include <osquery/query.h>
#include <osquery/sql/tests/sql_test_utils.h>
-#include <osquery/tests/test_util.h>
namespace osquery {
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <set>
-#include <string>
-
-#include <osquery/plugins/plugin.h>
-#include <osquery/utils/json/json.h>
-
-namespace osquery {
-
-/**
- * @brief These tables populate the "host_details" content.
- *
- * Enrollment plugins should send 'default' host details to enroll request
- * endpoints. This allows the enrollment service to identify the new node.
- */
-extern const std::set<std::string> kEnrollHostDetails;
-
-/**
- * @brief Superclass for enroll plugins.
- *
- * Config and Logger plugins may use some remote API. In most cases an
- * authentication and authorization step is needed. Enroll plugins are an
- * easy wrapper-type facility that other osquery plugin types can choose to
- * implement.
- *
- * An enrollment is useful when a "backend" config or logger facility requires
- * a node or shared secret. The plugins that support this "backend" will
- * request authentication secrets through their well-known enrollment plugin.
- *
- * Enrollment plugins and authentication models are complicated. It is best
- * to use a "suite" of plugins that implement an enroll, config, and log flow.
- * Please see the osquery wiki for more details on Enrollment.
- */
-class EnrollPlugin : public Plugin {
- public:
- /// The EnrollPlugin PluginRequest action router.
- Status call(const PluginRequest& request, PluginResponse& response);
-
- protected:
- /**
- * @brief Perform enrollment on the request of a config/logger.
- *
- * The single 'enroll' plugin request action will call EnrollPlugin::enroll
- *
- * @return An enrollment secret or key material or identifier.
- */
- virtual std::string enroll() = 0;
-
- /**
- * @brief Populate a JSON object with host details.
- *
- * This will use kEnrollHostDetails to select from each table and
- * construct a JSON object from the results of the first row of each.
- * The input JSON object will have a key set for each table.
- *
- * @param host_details An output JSON object containing each table.
- */
- void genHostDetails(JSON& host_details);
-};
-
-/**
- * @brief Get a node key from the osquery RocksDB cache or perform node
- * enrollment.
- *
- * Enrollment allows a new node to announce to an enrollment endpoint via an
- * enroll plugin. While the details of authentication/authorization are up to
- * the plugin implementation, the endpoint may return a "node secret".
- *
- * If a node_key is requested from an enroll plugin because no current key
- * exists in the backing store, the result will be cached.
- *
- * @param enroll_plugin Name of the enroll plugin to use if no node_key set.
- * @return A unique, often private, node secret key.
- */
-std::string getNodeKey(const std::string& enroll_plugin);
-
-/**
- * @brief Delete the existing node key from the persistent storage
- *
- * @return a Status indicating the success or failure of the operation
- */
-Status clearNodeKey();
-
-/**
- * @brief Read the enrollment secret from disk.
- *
- * We suspect multiple enrollment types may require an apriori, and enterprise
- * shared, secret. Use of this enroll or deployment secret is an optional choice
- * made by the enroll plugin type.
- *
- * @return enroll_secret The trimmed content read from FLAGS_enroll_secret_path.
- */
-const std::string getEnrollSecret();
-}
+++ /dev/null
-/*
- * Copyright (c) 2014, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed under the BSD-style license found in the
- * LICENSE file in the root directory of this source tree. An additional grant
- * of patent rights can be found in the PATENTS file in the same directory.
- *
- */
-
-#include <string>
-
-namespace osquery {
-
-/**
- * @brief The supported hashing algorithms in osquery
- *
- * These are usually used as a constructor argument to osquery::Hash
- */
-enum HashType {
- HASH_TYPE_MD5 = 2,
- HASH_TYPE_SHA1 = 4,
- HASH_TYPE_SHA256 = 8,
-};
-
-/**
- * @brief Hash is a general utility class for hashing content
- *
- * @code{.cpp}
- * Hash my_hash(HASH_TYPE_SHA256);
- * my_hash.update(my_buffer, my_buffer_size);
- * std::cout << my_hash.digest();
- * @endcode
- *
- */
-class Hash {
- public:
- /**
- * @brief Hash constructor
- *
- * The hash class should be initialized with one of osquery::HashType as a
- * constructor argument.
- *
- * @param algorithm The hashing algorithm which will be used to compute the
- * hash
- */
- explicit Hash(HashType algorithm);
-
- /**
- * @brief Hash destructor
- */
- ~Hash();
-
- /**
- * @brief Update the internal context buffer with additional content
- *
- * This method allows you to chunk up large content so that it doesn't all
- * have to be loaded into memory at the same time
- *
- * @param buffer The buffer to be hashed
- * @param size The size of the buffer to be hashed
- */
- void update(const void* buffer, size_t size);
-
- /**
- * @brief Compute the final hash and return it's result
- *
- * @return The final hash value
- */
- std::string digest();
-
- private:
- /**
- * @brief Private default constructor
- *
- * The osquery::Hash class should only ever be instantiated with a HashType
- */
- Hash(){};
-
- private:
- /// The hashing algorithm which is used to compute the hash
- HashType algorithm_;
-
- /// The buffer used to maintain the context and state of the hashing
- /// operations
- void* ctx_;
-
- /// The length of the hash to be returned
- size_t length_;
-};
-
-/**
- * @brief Compute a hash digest from an already allocated buffer.
- *
- * @param hash_type The osquery-supported hash algorithm.
- * @param buffer A caller-controlled buffer.
- * @param size The length of buffer in bytes.
- * @return A string (hex) representation of the hash digest.
- */
-std::string hashFromBuffer(HashType hash_type, const void* buffer, size_t size);
-
-/**
- * @brief Compute a hash digest from the file content at a path.
- *
- *
- * @param hash_type The osquery-supported hash algorithm.
- * @param path Filesystem path, the hash target.
- * @return A string (hex) representation of the hash digest.
- */
-std::string hashFromFile(HashType hash_type, const std::string& path);
-}
+++ /dev/null
-/*
- * Copyright (c) 2015, Wesley Shields
- * All rights reserved.
- *
- * This source code is licensed under the BSD-style license found in the
- * LICENSE file in the root directory of this source tree. An additional grant
- * of patent rights can be found in the PATENTS file in the same directory.
- *
- */
-
-#include <cstdio>
-#include <gtest/gtest.h>
-
-int main(int argc, char* argv[]) {
- testing::InitGoogleTest(&argc, argv);
- // Optionally enable Goggle Logging
- // google::InitGoogleLogging(argv[0]);
- return RUN_ALL_TESTS();
-}
# limitations under the License
ADD_OSQUERY_LIBRARY(osquery_sql dynamic_table_row.cpp
- sqlite_encoding.cpp
sqlite_util.cpp
sql.cpp
- sqlite_filesystem.cpp
- sqlite_math.cpp
- sqlite_string.cpp
virtual_table.cpp
virtual_sqlite_table.cpp)
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include <string>
-
-#include <sqlite3.h>
-
-#include <osquery/utils/base64.h>
-#include <osquery/utils/chars.h>
-
-namespace osquery {
-
-enum class B64Type {
- B64_ENCODE_CONDITIONAL = 1,
- B64_ENCODE = 2,
- B64_DECODE = 3,
-};
-
-static void b64SqliteValue(sqlite3_context* ctx,
- int argc,
- sqlite3_value** argv,
- B64Type encode) {
- if (argc == 0) {
- return;
- }
-
- if (SQLITE_NULL == sqlite3_value_type(argv[0])) {
- sqlite3_result_null(ctx);
- return;
- }
-
- const auto* value = sqlite3_value_text(argv[0]);
- auto size = static_cast<size_t>(sqlite3_value_bytes(argv[0]));
-
- std::string input(reinterpret_cast<const char*>(value), size);
- std::string result;
- switch (encode) {
- case B64Type::B64_ENCODE_CONDITIONAL:
- if (isPrintable(input)) {
- result = input;
- break;
- }
- case B64Type::B64_ENCODE:
- result = base64::encode(input);
- break;
- case B64Type::B64_DECODE:
- result = base64::decode(input);
- break;
- }
- sqlite3_result_text(
- ctx, result.c_str(), static_cast<int>(result.size()), SQLITE_TRANSIENT);
-}
-
-static void sqliteB64ConditionalEncFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- b64SqliteValue(context, argc, argv, B64Type::B64_ENCODE_CONDITIONAL);
-}
-
-static void sqliteB64EncFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- b64SqliteValue(context, argc, argv, B64Type::B64_ENCODE);
-}
-
-static void sqliteB64DecFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- b64SqliteValue(context, argc, argv, B64Type::B64_DECODE);
-}
-
-void registerEncodingExtensions(sqlite3* db) {
- sqlite3_create_function(db,
- "conditional_to_base64",
- 1,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- sqliteB64ConditionalEncFunc,
- nullptr,
- nullptr);
- sqlite3_create_function(db,
- "to_base64",
- 1,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- sqliteB64EncFunc,
- nullptr,
- nullptr);
- sqlite3_create_function(db,
- "from_base64",
- 1,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- sqliteB64DecFunc,
- nullptr,
- nullptr);
-}
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2017-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include <string>
-
-#include <boost/filesystem.hpp>
-#include <boost/optional.hpp>
-
-#include <sqlite3.h>
-
-namespace osquery {
-
-static boost::optional<std::string> findExistingProgramPathFromCommand(
- const char* path, char escape_symbol, bool allow_quoting, bool shortest) {
- size_t length = strlen(path);
- std::string result;
- size_t pos = 0;
- // Skip spaces
- for (; pos < length; ++pos) {
- if (!isspace(path[pos])) {
- break;
- }
- }
- std::string temp_string;
- bool is_quoted = false;
- bool is_escaped = false;
- for (; pos < length; ++pos) {
- if (is_escaped) {
- temp_string += path[pos];
- is_escaped = false;
- continue;
- }
- if (allow_quoting && path[pos] == '"') {
- is_quoted = !is_quoted;
- continue;
- }
- if (path[pos] == escape_symbol) {
- is_escaped = true;
- continue;
- }
- if (!is_quoted && isspace(path[pos])) {
- // validate temp string
- boost::filesystem::path test_path = temp_string;
- auto status = boost::filesystem::status(test_path);
- if (boost::filesystem::exists(status) &&
- !boost::filesystem::is_directory(status)) {
- result = temp_string;
- if (shortest) {
- break;
- }
- }
- }
- temp_string += path[pos];
- }
- if (result.length() == 0 || !shortest) {
- boost::filesystem::path test_path = temp_string;
- auto status = boost::filesystem::status(test_path);
- if (boost::filesystem::exists(status) &&
- !boost::filesystem::is_directory(status)) {
- result = temp_string;
- }
- }
- return result;
-}
-
-static boost::optional<std::string> findExistingProgramPathFromCommandSqlArgs(
- int argc, sqlite3_value** argv, bool shortest) {
- if (argc == 0) {
- return boost::none;
- }
- // NULLs are not allowed
- for (int i = 0; i < argc; i++) {
- if (SQLITE_NULL == sqlite3_value_type(argv[i])) {
- return boost::none;
- }
- }
- const char* path = reinterpret_cast<const char*>(sqlite3_value_text(argv[0]));
- bool allow_quoting = false;
- if (argc > 1) {
- allow_quoting = sqlite3_value_int(argv[1]) != 0 ? true : false;
- }
-#ifdef WIN32
- char escape_symbol = '^';
-#else
- char escape_symbol = '\\';
-#endif
- if (argc > 2) {
- const char* escape_symbol_string =
- reinterpret_cast<const char*>(sqlite3_value_text(argv[2]));
- if (escape_symbol_string == NULL ||
- std::strlen(escape_symbol_string) != 1) {
- return boost::none;
- }
- escape_symbol = escape_symbol_string[0];
- }
- return findExistingProgramPathFromCommand(
- path, escape_symbol, allow_quoting, shortest);
-}
-
-static void findFilePathInLaunchCommand(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- auto result = findExistingProgramPathFromCommandSqlArgs(argc, argv, true);
- if (result) {
- sqlite3_result_text(context,
- result->c_str(),
- static_cast<int>(result->size()),
- SQLITE_TRANSIENT);
- } else {
- sqlite3_result_error(
- context, "Invalid inputs to find_binary_path_from_cmd", -1);
- }
-}
-
-static void isPathDeterministic(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- auto shortest = findExistingProgramPathFromCommandSqlArgs(argc, argv, true);
- if (shortest) {
- const char* path = (const char*)sqlite3_value_text(argv[0]);
- if (shortest->length() == 0 || shortest->length() == strlen(path)) {
- // There are 2 cases:
- // 1 - empty string, all parts of path are invalid,
- // so path is deterministic
- // 2 - short == full, then there is only 1 valid path
- sqlite3_result_int(context, 1);
- return;
- } else {
- auto longest =
- findExistingProgramPathFromCommandSqlArgs(argc, argv, false);
- if (longest) {
- sqlite3_result_int(context,
- shortest->length() == longest->length() ? 1 : 0);
- return;
- }
- }
- }
- sqlite3_result_error(context, "Invalid inputs to is_path_deterministic", -1);
-}
-
-static void getParentDirectory(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- if (sqlite3_value_type(argv[0]) != SQLITE_TEXT) {
- sqlite3_result_error(
- context, "Invalid inputs to parent_directory, TEXT was expected", -1);
- return;
- }
- const char* path = reinterpret_cast<const char*>(sqlite3_value_text(argv[0]));
- if (path == nullptr) {
- sqlite3_result_null(context);
- return;
- }
-
- int pos = 0;
- int last_slash_pos = -1;
-#if defined(OSQUERY_WINDOWS)
- char directory_symbol = '\\';
-#elif defined(OSQUERY_POSIX)
- char directory_symbol = '/';
-#else
-#error Unsupported platform
-#endif
- while (path[pos] != '\0') {
- if (path[pos] == directory_symbol) {
- last_slash_pos = pos;
- }
- pos++;
- }
- if (last_slash_pos < 0) {
- // No parent directory
- sqlite3_result_null(context);
- return;
- }
- char* result = reinterpret_cast<char*>(malloc(last_slash_pos));
- memcpy(result, path, last_slash_pos);
- sqlite3_result_text(context, result, last_slash_pos, free);
-}
-
-void registerFilesystemExtensions(sqlite3* db) {
- sqlite3_create_function(db,
- "is_path_deterministic",
- -1,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- isPathDeterministic,
- nullptr,
- nullptr);
- sqlite3_create_function(db,
- "find_file_path_in_cmd",
- -1,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- findFilePathInLaunchCommand,
- nullptr,
- nullptr);
- sqlite3_create_function(db,
- "parent_directory",
- 1,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- getParentDirectory,
- nullptr,
- nullptr);
-}
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#ifdef WIN32
-#define _USE_MATH_DEFINES
-#endif
-// Include cmath here to ensure it is included after the define.
-#include <cmath>
-
-#include <osquery/utils/system/errno.h>
-
-#include <assert.h>
-#include <errno.h>
-
-#include <string.h>
-
-#include <functional>
-
-#include <sqlite3.h>
-
-namespace osquery {
-
-using DoubleDoubleFunction = std::function<double(double)>;
-
-/**
- * Force use of the double(double) math functions without these lambda
- * functions, MSVC will error because it fails to select an overload compatible
- * with DoubleDoubleFunction.
- */
-// clang-format off
-#define SIN_FUNC [](double a)->double { return sin(a); }
-#define COS_FUNC [](double a)->double { return cos(a); }
-#define TAN_FUNC [](double a)->double { return tanl(a); }
-#define ASIN_FUNC [](double a)->double { return asin(a); }
-#define ACOS_FUNC [](double a)->double { return acos(a); }
-#define ATAN_FUNC [](double a)->double { return atan(a); }
-#define LOG_FUNC [](double a)->double { return log(a); }
-#define LOG10_FUNC [](double a)->double { return log10(a); }
-#define SQRT_FUNC [](double a)->double { return sqrt(a); }
-#define EXP_FUNC [](double a)->double { return expl(a); }
-#define CEIL_FUNC [](double a)->double { return ceil(a); }
-#define FLOOR_FUNC [](double a)->double { return floor(a); }
-// clang-format on
-
-/**
- * @brief Call a math function that takes a double and returns a double.
- */
-static void callDoubleFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv,
- DoubleDoubleFunction f) {
- double rVal = 0.0, val;
- assert(argc == 1);
- switch (sqlite3_value_type(argv[0])) {
- case SQLITE_NULL:
- sqlite3_result_null(context);
- break;
- default:
- rVal = sqlite3_value_double(argv[0]);
- errno = 0;
- val = f(rVal);
- if (errno == 0) {
- sqlite3_result_double(context, val);
- } else {
- sqlite3_result_error(context, platformStrerr(errno).c_str(), errno);
- }
- break;
- }
-}
-
-static void sinFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, SIN_FUNC);
-}
-
-static void cosFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, COS_FUNC);
-}
-
-static void tanFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, TAN_FUNC);
-}
-
-static void asinFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, ASIN_FUNC);
-}
-
-static void acosFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, ACOS_FUNC);
-}
-
-static void atanFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, ATAN_FUNC);
-}
-
-static double cot(double x) {
- return 1.0 / tan(x);
-}
-
-static void cotFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, cot);
-}
-
-static void logFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, LOG_FUNC);
-}
-
-static void log10Func(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, LOG10_FUNC);
-}
-
-static void sqrtFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, SQRT_FUNC);
-}
-
-static void expFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, EXP_FUNC);
-}
-
-static void powerFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- assert(argc == 2);
-
- if (sqlite3_value_type(argv[0]) == SQLITE_NULL ||
- sqlite3_value_type(argv[1]) == SQLITE_NULL) {
- sqlite3_result_null(context);
- } else {
- double r1 = sqlite3_value_double(argv[0]);
- double r2 = sqlite3_value_double(argv[1]);
- errno = 0;
- double val = pow(r1, r2);
- if (errno == 0) {
- sqlite3_result_double(context, val);
- } else {
- sqlite3_result_error(context, platformStrerr(errno).c_str(), errno);
- }
- }
-}
-
-static void callCastedDoubleFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv,
- DoubleDoubleFunction f) {
- double rVal = 0.0;
- assert(argc == 1);
- switch (sqlite3_value_type(argv[0])) {
- case SQLITE_INTEGER: {
- int64_t iVal = sqlite3_value_int64(argv[0]);
- sqlite3_result_int64(context, iVal);
- break;
- }
- case SQLITE_NULL:
- sqlite3_result_null(context);
- break;
- default:
- rVal = sqlite3_value_double(argv[0]);
- sqlite3_result_int64(context, (int64_t)f(rVal));
- break;
- }
-}
-
-static void ceilFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- callCastedDoubleFunc(context, argc, argv, CEIL_FUNC);
-}
-
-static void floorFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- callCastedDoubleFunc(context, argc, argv, FLOOR_FUNC);
-}
-
-/** Convert Degrees into Radians */
-static double deg2rad(double x) {
- return x * M_PI / 180.0;
-}
-
-/** Convert Radians into Degrees */
-static double rad2deg(double x) {
- return 180.0 * x / M_PI;
-}
-
-static void rad2degFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, rad2deg);
-}
-
-static void deg2radFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- callDoubleFunc(context, argc, argv, deg2rad);
-}
-
-static void piFunc(sqlite3_context* context, int argc, sqlite3_value** argv) {
- sqlite3_result_double(context, M_PI);
-}
-
-struct FuncDef {
- const char* zFunctionName;
- int nArg;
- void (*xFunc)(sqlite3_context*, int, sqlite3_value**);
-};
-
-void registerMathExtensions(sqlite3* db) {
- // This approach to adding non-standard Math functions was inspired by the
- // somewhat deprecated/legacy work by Liam Healy from 2010 in the extension
- // functions contribution.
- static const struct FuncDef aFuncs[] = {
- {"sqrt", 1, sqrtFunc},
- {"acos", 1, acosFunc},
- {"asin", 1, asinFunc},
- {"atan", 1, atanFunc},
- {"cos", 1, cosFunc},
- {"sin", 1, sinFunc},
- {"tan", 1, tanFunc},
- {"cot", 1, cotFunc},
- {"exp", 1, expFunc},
- {"log", 1, logFunc},
- {"log10", 1, log10Func},
- {"power", 2, powerFunc},
- {"ceil", 1, ceilFunc},
- {"floor", 1, floorFunc},
- {"degrees", 1, rad2degFunc},
- {"radians", 1, deg2radFunc},
- {"pi", 0, piFunc},
- };
-
- for (size_t i = 0; i < sizeof(aFuncs) / sizeof(struct FuncDef); i++) {
- sqlite3_create_function(db,
- aFuncs[i].zFunctionName,
- aFuncs[i].nArg,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- aFuncs[i].xFunc,
- nullptr,
- nullptr);
- }
-}
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include <assert.h>
-
-#ifdef WIN32
-#include <ws2tcpip.h>
-#else
-#include <arpa/inet.h>
-#endif
-
-#include <functional>
-#include <string>
-#include <vector>
-
-#include <boost/algorithm/string/regex.hpp>
-#include <boost/regex.hpp>
-
-#include <osquery/utils/conversions/split.h>
-
-#include <sqlite3.h>
-
-namespace osquery {
-
-using SplitResult = std::vector<std::string>;
-using StringSplitFunction = std::function<SplitResult(
- const std::string& input, const std::string& tokens)>;
-
-/**
- * @brief A simple SQLite column string split implementation.
- *
- * Split a column value using a single token and select an expected index.
- * If multiple characters are given to the token parameter, each is used to
- * split, similar to boost::is_any_of.
- *
- * Example:
- * 1. SELECT ip_address from addresses;
- * 192.168.0.1
- * 2. SELECT SPLIT(ip_address, ".", 1) from addresses;
- * 168
- * 3. SELECT SPLIT(ip_address, ".0", 0) from addresses;
- * 192
- */
-static SplitResult tokenSplit(const std::string& input,
- const std::string& tokens) {
- return osquery::split(input, tokens);
-}
-
-/**
- * @brief A regex SQLite column string split implementation.
- *
- * Split a column value using a single or multi-character token and select an
- * expected index. The token input is considered a regex.
- *
- * Example:
- * 1. SELECT ip_address from addresses;
- * 192.168.0.1
- * 2. SELECT SPLIT(ip_address, "\.", 1) from addresses;
- * 168
- * 3. SELECT SPLIT(ip_address, "\.0", 0) from addresses;
- * 192.168
- */
-static SplitResult regexSplit(const std::string& input,
- const std::string& token) {
- // Split using the token as a regex to support multi-character tokens.
- std::vector<std::string> result;
- boost::algorithm::split_regex(result, input, boost::regex(token));
- return result;
-}
-
-static void callStringSplitFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv,
- StringSplitFunction f) {
- assert(argc == 3);
- if (SQLITE_NULL == sqlite3_value_type(argv[0]) ||
- SQLITE_NULL == sqlite3_value_type(argv[1]) ||
- SQLITE_NULL == sqlite3_value_type(argv[2])) {
- sqlite3_result_null(context);
- return;
- }
-
- // Parse and verify the split input parameters.
- std::string input((char*)sqlite3_value_text(argv[0]));
- std::string token((char*)sqlite3_value_text(argv[1]));
- auto index = static_cast<size_t>(sqlite3_value_int(argv[2]));
- if (token.empty()) {
- // Allow the input string to be empty.
- sqlite3_result_error(context, "Invalid input to split function", -1);
- return;
- }
-
- auto result = f(input, token);
- if (index >= result.size()) {
- // Could emit a warning about a selected index that is out of bounds.
- sqlite3_result_null(context);
- return;
- }
-
- // Yield the selected index.
- const auto& selected = result[index];
- sqlite3_result_text(context,
- selected.c_str(),
- static_cast<int>(selected.size()),
- SQLITE_TRANSIENT);
-}
-
-static void tokenStringSplitFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- callStringSplitFunc(context, argc, argv, tokenSplit);
-}
-
-static void regexStringSplitFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- callStringSplitFunc(context, argc, argv, regexSplit);
-}
-
-/**
- * @brief Convert an IPv4 string address to decimal.
- */
-static void ip4StringToDecimalFunc(sqlite3_context* context,
- int argc,
- sqlite3_value** argv) {
- assert(argc == 1);
-
- if (SQLITE_NULL == sqlite3_value_type(argv[0])) {
- sqlite3_result_null(context);
- return;
- }
-
- struct sockaddr sa;
- std::string address((char*)sqlite3_value_text(argv[0]));
- if (address.find(':') != std::string::npos) {
- // Assume this is an IPv6 address.
- sqlite3_result_null(context);
- } else {
- auto in4 = (struct sockaddr_in*)&sa;
- if (inet_pton(AF_INET, address.c_str(), &(in4->sin_addr)) == 1) {
- sqlite3_result_int64(context, ntohl(in4->sin_addr.s_addr));
- } else {
- sqlite3_result_null(context);
- }
- }
-}
-
-void registerStringExtensions(sqlite3* db) {
- sqlite3_create_function(db,
- "split",
- 3,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- tokenStringSplitFunc,
- nullptr,
- nullptr);
- sqlite3_create_function(db,
- "regex_split",
- 3,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- regexStringSplitFunc,
- nullptr,
- nullptr);
- sqlite3_create_function(db,
- "inet_aton",
- 1,
- SQLITE_UTF8 | SQLITE_DETERMINISTIC,
- nullptr,
- ip4StringToDecimalFunc,
- nullptr,
- nullptr);
-}
-} // namespace osquery
settings += "PRAGMA " + setting.first + "=" + setting.second + "; ";
}
sqlite3_exec(db, settings.c_str(), nullptr, nullptr, nullptr);
-
- // Register function extensions.
- registerMathExtensions(db);
-#if !defined(FREEBSD)
- registerStringExtensions(db);
-#endif
- registerFilesystemExtensions(db);
- registerEncodingExtensions(db);
}
void SQLiteDBInstance::init() {
EXPECT_EQ(input, "The quick brown fox jumps over the lazy dog.");
}
-TEST_F(SQLTests, test_sql_base64_encode) {
- QueryData d;
- query("select to_base64('test') as test;", d);
- EXPECT_EQ(d.size(), 1U);
- EXPECT_EQ(d[0]["test"], "dGVzdA==");
-}
-
-TEST_F(SQLTests, test_sql_base64_decode) {
- QueryData d;
- query("select from_base64('dGVzdA==') as test;", d);
- EXPECT_EQ(d.size(), 1U);
- EXPECT_EQ(d[0]["test"], "test");
-}
-
-TEST_F(SQLTests, test_sql_base64_conditional_encode) {
- QueryData d;
- query("select conditional_to_base64('test') as test;", d);
- EXPECT_EQ(d.size(), 1U);
- EXPECT_EQ(d[0]["test"], "test");
-
- QueryData d2;
- query("select conditional_to_base64('悪因悪果') as test;", d2);
- EXPECT_EQ(d2.size(), 1U);
- EXPECT_EQ(d2[0]["test"], "5oKq5Zug5oKq5p6c");
-}
-
-TEST_F(SQLTests, test_sql_md5) {
- QueryData d;
- query("select md5('test') as test;", d);
- EXPECT_EQ(d.size(), 1U);
- EXPECT_EQ(d[0]["test"], "098f6bcd4621d373cade4e832627b4f6");
-}
-
-TEST_F(SQLTests, test_sql_sha1) {
- QueryData d;
- query("select sha1('test') as test;", d);
- EXPECT_EQ(d.size(), 1U);
- EXPECT_EQ(d[0]["test"], "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3");
-}
-
-TEST_F(SQLTests, test_sql_sha256) {
- QueryData d;
- query("select sha256('test') as test;", d);
- EXPECT_EQ(d.size(), 1U);
- EXPECT_EQ(d[0]["test"],
- "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08");
-}
-
}
}
}
-TEST_F(SQLiteUtilTests, test_affected_tables) {
- auto dbc = getTestDBC();
- QueryDataTyped results;
- auto status = queryInternal("SELECT * FROM time", results, dbc);
-
- // Since the table scanned from "time", it should be recorded as affected.
- EXPECT_EQ(dbc->affected_tables_.count("time"), 1U);
- dbc->clearAffectedTables();
- EXPECT_EQ(dbc->affected_tables_.size(), 0U);
-}
-
-TEST_F(SQLiteUtilTests, test_table_attributes_event_based) {
- {
- SQLInternal sql_internal("select * from process_events");
- EXPECT_TRUE(sql_internal.getStatus().ok());
- EXPECT_TRUE(sql_internal.eventBased());
- }
-
- {
- SQLInternal sql_internal("select * from time");
- EXPECT_TRUE(sql_internal.getStatus().ok());
- EXPECT_FALSE(sql_internal.eventBased());
- }
-}
-
-TEST_F(SQLiteUtilTests, test_get_query_columns) {
- auto dbc = getTestDBC();
- TableColumns results;
-
- std::string query = "SELECT seconds, version FROM time JOIN osquery_info";
- auto status = getQueryColumnsInternal(query, results, dbc);
- ASSERT_TRUE(status.ok());
- ASSERT_EQ(2U, results.size());
- EXPECT_EQ(std::make_tuple(
- std::string("seconds"), INTEGER_TYPE, ColumnOptions::DEFAULT),
- results[0]);
- EXPECT_EQ(std::make_tuple(
- std::string("version"), TEXT_TYPE, ColumnOptions::DEFAULT),
- results[1]);
-
- query = "SELECT * FROM foo";
- status = getQueryColumnsInternal(query, results, dbc);
- ASSERT_FALSE(status.ok());
-}
-
-TEST_F(SQLiteUtilTests, test_get_query_tables_failed) {
- std::string query =
- "SELECT * FROM time, osquery_info, (SELECT * FROM file) ff GROUP BY pid";
- std::vector<std::string> tables;
- auto status = getQueryTables(query, tables);
- EXPECT_TRUE(status.ok());
-
- std::vector<std::string> expected = {};
- EXPECT_EQ(expected, tables);
-}
-
-TEST_F(SQLiteUtilTests, test_get_query_tables) {
- std::string query =
- "SELECT * FROM time, osquery_info, (SELECT * FROM users) ff GROUP BY pid";
- std::vector<std::string> tables;
- auto status = getQueryTables(query, tables);
- EXPECT_TRUE(status.ok());
-
- std::vector<std::string> expected = {"time", "osquery_info", "users"};
- EXPECT_EQ(expected, tables);
-}
-
-TEST_F(SQLiteUtilTests, test_get_query_tables_required) {
- std::string query =
- "SELECT * FROM time, osquery_info, (SELECT * FROM file where path = "
- "'osquery') ff GROUP BY pid";
- std::vector<std::string> tables;
- auto status = getQueryTables(query, tables);
- EXPECT_TRUE(status.ok());
-
- std::vector<std::string> expected = {"time", "osquery_info", "file"};
- EXPECT_EQ(expected, tables);
-}
-
-std::vector<ColumnType> getTypes(const TableColumns& columns) {
- std::vector<ColumnType> types;
- for (const auto& col : columns) {
- types.push_back(std::get<1>(col));
- }
- return types;
-}
-
-TEST_F(SQLiteUtilTests, test_query_planner) {
- using TypeList = std::vector<ColumnType>;
-
- auto dbc = getTestDBC();
- TableColumns columns;
-
- std::string query = "select path, path from file";
- EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok());
-
- query = "select path, path from file where path in ('osquery', 'noquery')";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE, TEXT_TYPE}));
-
- query = "select path, seconds from file, time where path LIKE 'osquery'";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE, INTEGER_TYPE}));
-
- query = "select path || path from file";
- EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok());
-
- query = "select path || path from file where path = 'osquery'";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE}));
-
- query = "select seconds, path || path from file, time ";
- EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok());
-
- query =
- "select seconds, path || path from file, time where path in ('osquery')";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({INTEGER_TYPE, TEXT_TYPE}));
-
- query = "select seconds, seconds from time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({INTEGER_TYPE, INTEGER_TYPE}));
-
- query = "select count(*) from time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({BIGINT_TYPE}));
-
- query = "select count(*), count(seconds), seconds from time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns),
- TypeList({BIGINT_TYPE, BIGINT_TYPE, INTEGER_TYPE}));
-
- query = "select 1, 'path', path from file";
- EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok());
-
- query = "select 1, 'path', path from file where path = 'os'";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({INTEGER_TYPE, TEXT_TYPE, TEXT_TYPE}));
-
- query = "select weekday, day, count(*), seconds from time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns),
- TypeList({TEXT_TYPE, INTEGER_TYPE, BIGINT_TYPE, INTEGER_TYPE}));
-
- query = "select seconds + 1 from time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({BIGINT_TYPE}));
-
- query = "select seconds * seconds from time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({BIGINT_TYPE}));
-
- query = "select seconds > 1, seconds, count(seconds) from time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns),
- TypeList({INTEGER_TYPE, INTEGER_TYPE, BIGINT_TYPE}));
-
- query =
- "select f1.*, seconds, f2.directory from (select path || path from file) "
- "f1, file as f2, time";
- EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok());
-
- query =
- "select f1.*, seconds, f2.directory from (select path || path from file) "
- "f1, file as f2, time where path in ('query', 'query')";
- EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok());
-
- query =
- "select f1.*, seconds, f2.directory from (select path || path from file "
- "where path = 'query') "
- "f1, file as f2, time where path in ('query', 'query')";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE, INTEGER_TYPE, TEXT_TYPE}));
-
- query = "select CAST(seconds AS INTEGER) FROM time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({BIGINT_TYPE}));
-
- query = "select CAST(seconds AS TEXT) FROM time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE}));
-
- query = "select CAST(seconds AS REAL) FROM time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({DOUBLE_TYPE}));
-
- query = "select CAST(seconds AS BOOLEAN) FROM time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({UNKNOWN_TYPE}));
-
- query = "select CAST(seconds AS DATETIME) FROM time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({UNKNOWN_TYPE}));
-
- query = "select CAST(seconds AS BLOB) FROM time";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns), TypeList({BLOB_TYPE}));
-
- query = "select url, round_trip_time, response_code from curl";
- EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok());
-
- query =
- "select url, round_trip_time, response_code from curl where url = "
- "'https://github.com/facebook/osquery'";
- EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok());
- EXPECT_EQ(getTypes(columns),
- TypeList({TEXT_TYPE, BIGINT_TYPE, INTEGER_TYPE}));
-}
-
-using TypeMap = std::map<std::string, ColumnType>;
-
-// Using ColumnType enum just labeling in test_column_type_determination)
-class type_picker_visitor : public boost::static_visitor<ColumnType> {
- public:
- ColumnType operator()(const long long& i) const {
- return INTEGER_TYPE;
- }
-
- ColumnType operator()(const std::string& str) const {
- return TEXT_TYPE;
- }
-
- ColumnType operator()(const double& d) const {
- return DOUBLE_TYPE;
- }
-};
-
-void testTypesExpected(std::string query, TypeMap expectedTypes) {
- auto dbc = getTestDBC();
- QueryDataTyped typedResults;
- queryInternal(query, typedResults, dbc);
- for (const auto& row : typedResults) {
- for (const auto& col : row) {
- if (expectedTypes.count(col.first)) {
- EXPECT_EQ(boost::apply_visitor(type_picker_visitor(), col.second),
- expectedTypes[col.first])
- << " These are the integer values of actual/expected ColumnType "
- "(resp) of "
- << col.first << " for query: " << query;
- } else {
- FAIL() << "Found no expected type for " << col.first
- << " in test of column types for query " << query;
- }
- }
- }
-}
-
-TEST_F(SQLiteUtilTests, test_column_type_determination) {
- // Correct identification of text and ints
- testTypesExpected("select path, inode from file where path like '%'",
- TypeMap({{"path", TEXT_TYPE}, {"inode", INTEGER_TYPE}}));
- // Correctly treating BLOBs as text
- testTypesExpected("select CAST(seconds AS BLOB) as seconds FROM time",
- TypeMap({{"seconds", TEXT_TYPE}}));
- // Correctly treating ints cast as double as doubles
- testTypesExpected("select CAST(seconds AS DOUBLE) as seconds FROM time",
- TypeMap({{"seconds", DOUBLE_TYPE}}));
- // Correctly treating bools as ints
- testTypesExpected("select CAST(seconds AS BOOLEAN) as seconds FROM time",
- TypeMap({{"seconds", INTEGER_TYPE}}));
- // Correctly recognizing values from columns declared double as double, even
- // if they happen to have integer value. And also test multi-statement
- // queries.
- testTypesExpected(
- "CREATE TABLE test_types_table (username varchar(30) primary key, age "
- "double);INSERT INTO test_types_table VALUES (\"mike\", 23); SELECT age "
- "from test_types_table",
- TypeMap({{"age", DOUBLE_TYPE}}));
-}
} // namespace osquery
results[0]["sql"]);
}
-TEST_F(VirtualTableTests, test_sqlite3_table_joins) {
- // Get a database connection.
- auto dbc = SQLiteDBManager::getUnique();
-
- QueryData results;
- // Run a query with a join within.
- std::string statement =
- "SELECT p.pid FROM osquery_info oi, processes p WHERE oi.pid = p.pid";
- auto status = queryInternal(statement, results, dbc);
- ASSERT_TRUE(status.ok());
- ASSERT_EQ(results.size(), 1U);
-}
-
class pTablePlugin : public TablePlugin {
private:
TableColumns columns() const override {
size_t scans{0};
};
-TEST_F(VirtualTableTests, test_indexing_costs) {
- // Get a database connection.
- auto dbc = SQLiteDBManager::getUnique();
- auto table_registry = RegistryFactory::get().registry("table");
-
- auto i = std::make_shared<indexIOptimizedTablePlugin>();
- table_registry->add("index_i", i);
- attachTableInternal("index_i", i->columnDefinition(false), dbc, false);
-
- auto j = std::make_shared<indexJOptimizedTablePlugin>();
- table_registry->add("index_j", j);
- attachTableInternal("index_j", j->columnDefinition(false), dbc, false);
-
- auto default_scan = std::make_shared<defaultScanTablePlugin>();
- table_registry->add("default_scan", default_scan);
- attachTableInternal(
- "default_scan", default_scan->columnDefinition(false), dbc, false);
-
- QueryData results;
- queryInternal(
- "SELECT * from default_scan JOIN index_i using (i);", results, dbc);
- dbc->clearAffectedTables();
-
- // We expect index_i to optimize, meaning the constraint evaluation
- // understood the marked columns and returned a low cost.
- ASSERT_EQ(1U, default_scan->scans);
- EXPECT_EQ(10U, i->scans);
-
- // Reset.
- default_scan->scans = 0;
- i->scans = 0;
-
- // The inverse should also hold, all cost evaluations will be high.
- queryInternal(
- "SELECT * from index_i JOIN default_scan using (i);", results, dbc);
- dbc->clearAffectedTables();
- EXPECT_EQ(10U, i->scans);
- EXPECT_EQ(1U, default_scan->scans);
-
- // Reset.
- default_scan->scans = 0;
- i->scans = 0;
-
- queryInternal(
- "SELECT * from default_scan join index_i using (i) join index_j using "
- "(j);",
- results,
- dbc);
- dbc->clearAffectedTables();
- ASSERT_EQ(1U, default_scan->scans);
- EXPECT_EQ(10U, i->scans);
- EXPECT_EQ(10U, j->scans);
-}
-
class colsUsedTablePlugin : public TablePlugin {
private:
TableColumns columns() const override {
TEST_F(PolicyTests, get_admin_all) {
auto admins = policy::API::Admin::GetAll();
- EXPECT_EQ(admins.size(), 0);
+ EXPECT_EQ(admins.size(), 1);
policy::API::Admin::Enroll("testAdmin");
admins = policy::API::Admin::GetAll();
- EXPECT_EQ(admins.size(), 1);
+ EXPECT_EQ(admins.size(), 2);
policy::API::Admin::Enroll("testAdmin1");
admins = policy::API::Admin::GetAll();
- EXPECT_EQ(admins.size(), 2);
+ EXPECT_EQ(admins.size(), 3);
policy::API::Admin::Disenroll("testAdmin");
admins = policy::API::Admin::GetAll();
- EXPECT_EQ(admins.size(), 1);
+ EXPECT_EQ(admins.size(), 2);
policy::API::Admin::Disenroll("testAdmin1");
admins = policy::API::Admin::GetAll();
- EXPECT_EQ(admins.size(), 0);
+ EXPECT_EQ(admins.size(), 1);
}
+++ /dev/null
-# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-
-ADD_OSQUERY_LIBRARY(osquery_tests test_util.cpp)
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include <chrono>
-#include <deque>
-#include <random>
-#include <sstream>
-#include <thread>
-
-#include <csignal>
-#include <ctime>
-
-#include <gtest/gtest.h>
-
-#include <boost/filesystem/operations.hpp>
-
-#include <vist/logger.hpp>
-#include <osquery/registry_factory.h>
-#include <osquery/sql.h>
-#include <osquery/utils/system/time.h>
-#include <osquery/utils/conversions/tryto.h>
-
-#include <osquery/tests/test_util.h>
-
-namespace fs = boost::filesystem;
-
-namespace osquery {
-
-/// Will be set with initTesting in test harness main.
-std::string kFakeDirectory;
-
-/// Will be set with initTesting in test harness main.
-std::string kTestWorkingDirectory;
-
-/// The relative path within the source repo to find test content.
-std::string kTestDataPath{"../../../tools/tests/"};
-
-using chrono_clock = std::chrono::high_resolution_clock;
-
-void initTesting() {
- kTestWorkingDirectory =
- (fs::temp_directory_path() / "osquery-tests").string();
-
- registryAndPluginInit();
-
- // Allow unit test execution from anywhere in the osquery source/build tree.
- if (fs::exists("test_data/test_inline_pack.conf")) {
- // If the execution occurs within the build/shared directory and shared
- // is pointing to a tmp build directory. See #3414.
- kTestDataPath = "test_data/";
- } else if (fs::exists("../test_data/test_inline_pack.conf")) {
- // ctest executes from the osquery subdirectory. If this is a build/shared
- // link then the test_data directory links to the source repo.
- kTestDataPath = "../test_data/";
- } else {
- while (kTestDataPath.find("tools") != 0) {
- if (!fs::exists(kTestDataPath + "test_inline_pack.conf")) {
- kTestDataPath = kTestDataPath.substr(3, kTestDataPath.size());
- } else {
- break;
- }
- }
- }
-
- // The tests will fail randomly without test data.
- if (!fs::exists(kTestDataPath)) {
- throw std::runtime_error("Cannot find test data path");
- }
-
- // Seed the random number generator, some tests generate temporary files
- // ports, sockets, etc using random numbers.
- std::srand(static_cast<unsigned int>(
- chrono_clock::now().time_since_epoch().count()));
-
- // Set safe default values for path-based flags.
- // Specific unittests may edit flags temporarily.
- kTestWorkingDirectory += std::to_string(1234) + "/";
- kFakeDirectory = kTestWorkingDirectory + kFakeDirectoryName;
-
- fs::remove_all(kTestWorkingDirectory);
- fs::create_directories(kTestWorkingDirectory);
-}
-
-void shutdownTesting() {
-}
-
-ScheduledQuery getOsqueryScheduledQuery() {
- ScheduledQuery sq(
- "path_pack",
- "bin",
- "SELECT filename FROM fs WHERE path = '/bin' ORDER BY filename");
-
- sq.interval = 5;
-
- return sq;
-}
-
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <string>
-#include <utility>
-#include <vector>
-
-#include <osquery/core.h>
-
-namespace osquery {
-
-/// The following codes are specifically for checking whether the child worker
-/// or extension process ran successfully. These values should be the values
-/// captured as exit codes if all the child process checks complete without
-/// deviation.
-#define EXTENSION_SUCCESS_CODE 0x45
-#define WORKER_SUCCESS_CODE 0x57
-
-/// The following are error codes returned by the child process.
-#define ERROR_COMPARE_ARGUMENT (-1)
-#define ERROR_LAUNCHER_PROCESS (-2)
-#define ERROR_QUERY_PROCESS_IMAGE (-3)
-#define ERROR_IMAGE_NAME_LENGTH (-4)
-#define ERROR_LAUNCHER_MISMATCH (-5)
-
-/// Init function for tests and benchmarks.
-void initTesting();
-
-/// Cleanup/stop function for tests and benchmarks.
-void shutdownTesting();
-
-/// A fake directory tree should be used for filesystem iterator testing.
-const std::string kFakeDirectoryName{"fstree"};
-
-/// Tests can be run from within the source or build directory.
-/// The test initializer will attempt to discovery the current working path.
-extern std::string kTestDataPath;
-
-/// Tests should limit intermediate input/output to a working directory.
-/// Config data, logging results, and intermediate database/caching usage.
-extern std::string kTestWorkingDirectory;
-extern std::string kFakeDirectory;
-
-/// Stores the path of the currently executing executable
-extern std::string kProcessTestExecPath;
-
-/// This is the expected module name of the launcher process.
-extern const char* kOsqueryTestModuleName;
-
-/// These are the expected arguments for our test worker process.
-extern const char* kExpectedWorkerArgs[];
-extern const size_t kExpectedWorkerArgsCount;
-
-/// These are the expected arguments for our test extensions process.
-extern const char* kExpectedExtensionArgs[];
-extern const size_t kExpectedExtensionArgsCount;
-
-ScheduledQuery getOsqueryScheduledQuery();
-
-} // namespace osquery
projects / platform / core / security / vist.git / commitdiff