-# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+# Copyright (c) 2019-present Samsung Electronics Co., Ltd All Rights Reserved
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
plugins/sql.cpp
sql/column.cpp
sql/diff_results.cpp
- sql/query_data.cpp
- sql/row.cpp
- sql/scheduled_query.cpp
- sql/table_rows.cpp)
+ sql/scheduled_query.cpp)
FILE(GLOB OSQUERY_CORE_TESTS "tests/*.cpp")
ADD_OSQUERY_TEST(${OSQUERY_SQL_TESTS})
#include <boost/noncopyable.hpp>
-#include <osquery/core/sql/table_rows.h>
+#include <osquery/core/sql/table_row.h>
#include <osquery/utils/status/status.h>
namespace osquery {
#include <vector>
#include <vist/logger.hpp>
-#include <osquery/query.h>
-
-#include <osquery/utils/json/json.h>
-namespace rj = rapidjson;
+#include <osquery/query.h>
+#include <osquery/utils/status/status.h>
namespace osquery {
return Status::success();
}
-Status deserializeDiffResults(const rj::Value& doc, DiffResults& dr) {
- if (!doc.IsObject()) {
- return Status(1);
- }
-
- if (doc.HasMember("removed")) {
- auto status = deserializeQueryData(doc["removed"], dr.removed);
- if (!status.ok()) {
- return status;
- }
- }
-
- if (doc.HasMember("added")) {
- auto status = deserializeQueryData(doc["added"], dr.added);
- if (!status.ok()) {
- return status;
- }
- }
- return Status::success();
-}
-
-inline void addLegacyFieldsAndDecorations(const QueryLogItem& item,
- JSON& doc,
- rj::Document& obj) {
- // Apply legacy fields.
- doc.addRef("name", item.name, obj);
- doc.addRef("hostIdentifier", item.identifier, obj);
- doc.addRef("calendarTime", item.calendar_time, obj);
- doc.add("unixTime", item.time, obj);
- doc.add("epoch", static_cast<size_t>(item.epoch), obj);
- doc.add("counter", static_cast<size_t>(item.counter), obj);
-
- // Append the decorations.
- if (!item.decorations.empty()) {
- auto dec_obj = doc.getObject();
- auto target_obj = std::ref(dec_obj);
- target_obj = std::ref(obj);
-
- for (const auto& name : item.decorations) {
- doc.addRef(name.first, name.second, target_obj);
- }
- }
-}
-
-inline void getLegacyFieldsAndDecorations(const JSON& doc, QueryLogItem& item) {
- if (doc.doc().HasMember("decorations")) {
- if (doc.doc()["decorations"].IsObject()) {
- for (const auto& i : doc.doc()["decorations"].GetObject()) {
- item.decorations[i.name.GetString()] = i.value.GetString();
- }
- }
- }
-
- item.name = doc.doc()["name"].GetString();
- item.identifier = doc.doc()["hostIdentifier"].GetString();
- item.calendar_time = doc.doc()["calendarTime"].GetString();
- item.time = doc.doc()["unixTime"].GetUint64();
-}
-
-Status serializeQueryLogItem(const QueryLogItem& item, JSON& doc) {
- if (item.results.added.size() > 0 || item.results.removed.size() > 0) {
- auto obj = doc.getObject();
- auto status = serializeDiffResults(
- item.results, doc, obj, 0);
- if (!status.ok()) {
- return status;
- }
-
- doc.add("diffResults", obj);
- } else {
- auto arr = doc.getArray();
- auto status = serializeQueryData(
- item.snapshot_results, doc, arr, 0);
- if (!status.ok()) {
- return status;
- }
-
- doc.add("snapshot", arr);
- doc.addRef("action", "snapshot");
- }
-
- addLegacyFieldsAndDecorations(item, doc, doc.doc());
- return Status::success();
-}
-
-Status serializeEvent(const QueryLogItem& item,
- const rj::Value& event_obj,
- JSON& doc,
- rj::Document& obj) {
- addLegacyFieldsAndDecorations(item, doc, obj);
- auto columns_obj = doc.getObject();
- for (const auto& i : event_obj.GetObject()) {
- // Yield results as a "columns." map to avoid namespace collisions.
- doc.add(i.name.GetString(), i.value, columns_obj);
- }
- doc.add("columns", columns_obj, obj);
- return Status::success();
-}
-
-Status serializeQueryLogItemAsEvents(const QueryLogItem& item, JSON& doc) {
- auto temp_doc = JSON::newObject();
- if (!item.results.added.empty() || !item.results.removed.empty()) {
- auto status = serializeDiffResults(
- item.results, temp_doc, temp_doc.doc(), 0);
- if (!status.ok()) {
- return status;
- }
- } else if (!item.snapshot_results.empty()) {
- auto arr = doc.getArray();
- auto status = serializeQueryData(
- item.snapshot_results, temp_doc, arr, 0);
- if (!status.ok()) {
- return status;
- }
- temp_doc.add("snapshot", arr);
- } else {
- // This error case may also be represented in serializeQueryLogItem.
- return Status(1, "No differential or snapshot results");
- }
-
- for (auto& action : temp_doc.doc().GetObject()) {
- for (auto& row : action.value.GetArray()) {
- auto obj = doc.getObject();
- serializeEvent(item, row, doc, obj);
- doc.addCopy("action", action.name.GetString(), obj);
- doc.push(obj);
- }
- }
- return Status::success();
-}
-
-Status serializeQueryLogItemJSON(const QueryLogItem& item, std::string& json) {
- auto doc = JSON::newObject();
- auto status = serializeQueryLogItem(item, doc);
- if (!status.ok()) {
- return status;
- }
-
- return doc.toString(json);
-}
-
-Status serializeQueryLogItemAsEventsJSON(const QueryLogItem& item,
- std::vector<std::string>& items) {
- auto doc = JSON::newArray();
- auto status = serializeQueryLogItemAsEvents(item, doc);
- if (!status.ok()) {
- return status;
- }
-
- // return doc.toString()
- for (auto& event : doc.doc().GetArray()) {
- rj::StringBuffer sb;
- rj::Writer<rj::StringBuffer> writer(sb);
- event.Accept(writer);
- items.push_back(sb.GetString());
- }
- return Status::success();
-}
-
}
#include "diff_results.h"
-namespace rj = rapidjson;
-
namespace osquery {
-Status serializeDiffResults(const DiffResults& d,
- JSON& doc,
- rj::Document& obj,
- bool asNumeric) {
- // Serialize and add "removed" first.
- // A property tree is somewhat ordered, this provides a loose contract to
- // the logger plugins and their aggregations, allowing them to parse chunked
- // lines. Note that the chunking is opaque to the database functions.
- auto removed_arr = doc.getArray();
- auto status = serializeQueryData(d.removed, doc, removed_arr, asNumeric);
- if (!status.ok()) {
- return status;
- }
- doc.add("removed", removed_arr, obj);
-
- auto added_arr = doc.getArray();
- status = serializeQueryData(d.added, doc, added_arr, asNumeric);
- if (!status.ok()) {
- return status;
- }
- doc.add("added", added_arr, obj);
- return Status::success();
-}
-
-Status serializeDiffResultsJSON(const DiffResults& d,
- std::string& json,
- bool asNumeric) {
- auto doc = JSON::newObject();
-
- ColumnNames cols;
- auto status = serializeDiffResults(d, doc, doc.doc(), asNumeric);
- if (!status.ok()) {
- return status;
- }
- return doc.toString(json);
-}
-
DiffResults diff(QueryDataSet& old, QueryDataTyped& current) {
DiffResults r;
#pragma once
#include <osquery/core/sql/query_data.h>
+#include <osquery/utils/only_movable.h>
namespace osquery {
};
/**
- * @brief Serialize a DiffResults object into a JSON object.
- *
- * The object JSON will contain two new keys: added and removed.
- *
- * @param d the DiffResults to serialize.
- * @param doc the managed JSON document.
- * @param obj [output] the output JSON object.
- * @param asNumeric true iff numeric values are serialized as such
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeDiffResults(const DiffResults& d,
- JSON& doc,
- rapidjson::Document& obj,
- bool asNumeric);
-
-/**
- * @brief Serialize a DiffResults object into a JSON string.
- *
- * @param d the DiffResults to serialize.
- * @param json [output] the output JSON string.
- * @param asNumeric true iff numeric values are serialized as such
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeDiffResultsJSON(const DiffResults& d,
- std::string& json,
- bool asNumeric);
-
-/**
* @brief Diff QueryDataSet object and QueryData object
* and create a DiffResults object
*
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include "query_data.h"
-
-namespace rj = rapidjson;
-
-namespace osquery {
-
-Status serializeQueryData(const QueryData& q,
- const ColumnNames& cols,
- JSON& doc,
- rj::Document& arr) {
- for (const auto& r : q) {
- auto row_obj = doc.getObject();
- auto status = serializeRow(r, cols, doc, row_obj);
- if (!status.ok()) {
- return status;
- }
- doc.push(row_obj, arr);
- }
- return Status::success();
-}
-
-Status serializeQueryData(const QueryDataTyped& q,
- JSON& doc,
- rj::Document& arr,
- bool asNumeric) {
- for (const auto& r : q) {
- auto row_obj = doc.getObject();
- auto status = serializeRow(r, doc, row_obj, asNumeric);
- if (!status.ok()) {
- return status;
- }
- doc.push(row_obj, arr);
- }
- return Status::success();
-}
-
-Status serializeQueryDataJSON(const QueryData& q, std::string& json) {
- auto doc = JSON::newArray();
-
- ColumnNames cols;
- auto status = serializeQueryData(q, cols, doc, doc.doc());
- if (!status.ok()) {
- return status;
- }
- return doc.toString(json);
-}
-
-Status serializeQueryDataJSON(const QueryDataTyped& q,
- std::string& json,
- bool asNumeric) {
- auto doc = JSON::newArray();
-
- auto status = serializeQueryData(q, doc, doc.doc(), asNumeric);
- if (!status.ok()) {
- return status;
- }
- return doc.toString(json);
-}
-
-Status deserializeQueryData(const rj::Value& arr, QueryData& qd) {
- if (!arr.IsArray()) {
- return Status(1);
- }
-
- for (const auto& i : arr.GetArray()) {
- Row r;
- auto status = deserializeRow(i, r);
- if (!status.ok()) {
- return status;
- }
- qd.push_back(r);
- }
- return Status::success();
-}
-
-Status deserializeQueryData(const rj::Value& arr, QueryDataTyped& qd) {
- if (!arr.IsArray()) {
- return Status(1);
- }
-
- for (const auto& i : arr.GetArray()) {
- RowTyped r;
- auto status = deserializeRow(i, r);
- if (!status.ok()) {
- return status;
- }
- qd.push_back(r);
- }
- return Status::success();
-}
-
-Status deserializeQueryData(const rj::Value& v, QueryDataSet& qd) {
- if (!v.IsArray()) {
- return Status(1, "JSON object was not an array");
- }
-
- for (const auto& i : v.GetArray()) {
- RowTyped r;
- auto status = deserializeRow(i, r);
- if (!status.ok()) {
- return status;
- }
- qd.insert(std::move(r));
- }
- return Status::success();
-}
-
-Status deserializeQueryDataJSON(const std::string& json, QueryData& qd) {
- auto doc = JSON::newArray();
- if (!doc.fromString(json) || !doc.doc().IsArray()) {
- return Status(1, "Cannot deserializing JSON");
- }
-
- return deserializeQueryData(doc.doc(), qd);
-}
-
-Status deserializeQueryDataJSON(const std::string& json, QueryDataSet& qd) {
- rj::Document doc;
- if (doc.Parse(json.c_str()).HasParseError()) {
- return Status(1, "Error serializing JSON");
- }
- return deserializeQueryData(doc, qd);
-}
-
-bool addUniqueRowToQueryData(QueryDataTyped& q, const RowTyped& r) {
- if (std::find(q.begin(), q.end(), r) != q.end()) {
- return false;
- }
- q.push_back(r);
- return true;
-}
-
-} // namespace osquery
*/
using QueryDataSet = std::multiset<RowTyped>;
-/**
- * @brief Serialize a QueryData object into a JSON array.
- *
- * @param q the QueryData to serialize.
- * @param cols the TableColumn vector indicating column order.
- * @param doc the managed JSON document.
- * @param arr [output] the output JSON array.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeQueryData(const QueryData& q,
- const ColumnNames& cols,
- JSON& doc,
- rapidjson::Document& arr);
-
-/**
- * @brief Serialize a QueryDataTyped object into a JSON array.
- *
- * @param q the QueryDataTyped to serialize.
- * @param cols the TableColumn vector indicating column order.
- * @param doc the managed JSON document.
- * @param arr [output] the output JSON array.
- * @param asNumeric true iff numeric values are serialized as such
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeQueryData(const QueryDataTyped& q,
- JSON& doc,
- rapidjson::Document& arr,
- bool asNumeric);
-
-/**
- * @brief Serialize a QueryData object into a JSON string.
- *
- * @param q the QueryData to serialize.
- * @param json [output] the output JSON string.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeQueryDataJSON(const QueryData& q, std::string& json);
-
-/**
- * @brief Serialize a QueryDataTyped object into a JSON string.
- *
- * @param q the QueryDataTyped to serialize.
- * @param json [output] the output JSON string.
- * @param asNumeric true iff numeric values are serialized as such
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeQueryDataJSON(const QueryDataTyped& q,
- std::string& json,
- bool asNumeric);
-
-/// Inverse of serializeQueryData, convert JSON to QueryData.
-Status deserializeQueryData(const rapidjson::Value& arr, QueryData& qd);
-
-/// Inverse of serializeQueryData, convert JSON to QueryDataTyped.
-Status deserializeQueryData(const rapidjson::Value& arr, QueryDataTyped& qd);
-
-/// Inverse of serializeQueryData, convert JSON to QueryDataSet.
-Status deserializeQueryData(const rapidjson::Value& arr, QueryDataSet& qd);
-
-/// Inverse of serializeQueryDataJSON, convert a JSON string to QueryData.
-Status deserializeQueryDataJSON(const std::string& json, QueryData& qd);
-
-/// Inverse of serializeQueryDataJSON, convert a JSON string to QueryDataSet.
-Status deserializeQueryDataJSON(const std::string& json, QueryDataSet& qd);
-
-/**
- * @brief Add a Row to a QueryData if the Row hasn't appeared in the QueryData
- * already
- *
- * Note that this function will iterate through the QueryData list until a
- * given Row is found (or not found). This shouldn't be that significant of an
- * overhead for most use-cases, but it's worth keeping in mind before you use
- * this in it's current state.
- *
- * @param q the QueryDataTyped list to append to
- * @param r the RowTyped to add to q
- *
- * @return true if the Row was added to the QueryData, false if it was not
- */
-bool addUniqueRowToQueryData(QueryDataTyped& q, const RowTyped& r);
-
} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include "row.h"
-#include <osquery/utils/conversions/castvariant.h>
-
-namespace rj = rapidjson;
-
-namespace osquery {
-
-Status serializeRow(const Row& r,
- const ColumnNames& cols,
- JSON& doc,
- rj::Value& obj) {
- if (cols.empty()) {
- for (const auto& i : r) {
- doc.addRef(i.first, i.second, obj);
- }
- } else {
- for (const auto& c : cols) {
- auto i = r.find(c);
- if (i != r.end()) {
- doc.addRef(c, i->second, obj);
- }
- }
- }
-
- return Status::success();
-}
-
-class DocAppenderVisitor : public boost::static_visitor<> {
- public:
- DocAppenderVisitor(JSON& dc, rj::Value& ob) : doc(dc), obj(ob) {}
- void operator()(const std::string& key, const long long& i) const {
- doc.add(key, i, obj);
- }
-
- void operator()(const std::string& key, const double& d) const {
- doc.add(key, d, obj);
- }
-
- void operator()(const std::string& key, const std::string& str) const {
- doc.addRef(key, str, obj);
- }
-
- private:
- JSON& doc;
- rj::Value& obj;
-};
-
-Status serializeRow(const RowTyped& r,
- JSON& doc,
- rj::Value& obj,
- bool asNumeric) {
- DocAppenderVisitor visitor(doc, obj);
- for (const auto& i : r) {
- if (asNumeric) {
- boost::apply_visitor([&doc, &obj, key = i.first](
- auto value) { doc.add(key, value, obj); },
- i.second);
- } else {
- doc.addRef(i.first, castVariant(i.second), obj);
- }
- }
- return Status::success();
-}
-
-Status serializeRowJSON(const RowTyped& r, std::string& json, bool asNumeric) {
- auto doc = JSON::newObject();
- auto status = serializeRow(r, doc, doc.doc(), asNumeric);
- if (!status.ok()) {
- return status;
- }
- return doc.toString(json);
-}
-
-Status serializeRowJSON(const Row& r, std::string& json) {
- auto doc = JSON::newObject();
-
- // An empty column list will traverse the row map.
- ColumnNames cols;
- auto status = serializeRow(r, cols, doc, doc.doc());
- if (!status.ok()) {
- return status;
- }
- return doc.toString(json);
-}
-
-Status deserializeRow(const rj::Value& doc, Row& r) {
- if (!doc.IsObject()) {
- return Status(1);
- }
-
- for (const auto& i : doc.GetObject()) {
- std::string name(i.name.GetString());
- if (!name.empty() && i.value.IsString()) {
- r[name] = i.value.GetString();
- }
- }
- return Status::success();
-}
-
-Status deserializeRow(const rj::Value& doc, RowTyped& r) {
- if (!doc.IsObject()) {
- return Status(1);
- }
-
- for (const auto& i : doc.GetObject()) {
- std::string name(i.name.GetString());
- if (!name.empty()) {
- if (i.value.IsString()) {
- r[name] = i.value.GetString();
- } else if (i.value.IsDouble()) {
- r[name] = i.value.GetDouble();
- } else if (i.value.IsInt64()) {
- // Cast required for linux-x86_64
- r[name] = (long long)i.value.GetInt64();
- }
- }
- }
- return Status::success();
-}
-
-Status deserializeRowJSON(const std::string& json, Row& r) {
- auto doc = JSON::newObject();
- if (!doc.fromString(json) || !doc.doc().IsObject()) {
- return Status(1, "Cannot deserializing JSON");
- }
- return deserializeRow(doc.doc(), r);
-}
-
-Status deserializeRowJSON(const std::string& json, RowTyped& r) {
- auto doc = JSON::newObject();
- if (!doc.fromString(json) || !doc.doc().IsObject()) {
- return Status(1, "Cannot deserializing JSON");
- }
- return deserializeRow(doc.doc(), r);
-}
-
-} // namespace osquery
#include <string>
#include <vector>
-#include <boost/lexical_cast.hpp>
#include <boost/variant.hpp>
-#include <osquery/utils/json/json.h>
-#include <osquery/utils/status/status.h>
-
namespace osquery {
/**
*/
using ColumnNames = std::vector<std::string>;
-/**
- * @brief Serialize a Row into a JSON document.
- *
- * @param r the Row to serialize.
- * @param cols the TableColumn vector indicating column order
- * @param doc the managed JSON document.
- * @param obj [output] the JSON object to assign values.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeRow(const Row& r,
- const ColumnNames& cols,
- JSON& doc,
- rapidjson::Value& obj);
-
-/**
- * @brief Serialize a RowTyped into a JSON document.
- *
- * @param r the RowTyped to serialize.
- * @param doc the managed JSON document.
- * @param obj [output] the JSON object to assign values.
- * @param asNumeric true iff numeric values are serialized as such
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeRow(const RowTyped& r,
- JSON& doc,
- rapidjson::Value& obj,
- bool asNumeric);
-
-/**
- * @brief Serialize a Row object into a JSON string.
- *
- * @param r the Row to serialize.
- * @param json [output] the output JSON string.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeRowJSON(const Row& r, std::string& json);
-
-/**
- * @brief Serialize a RowTyped object into a JSON string.
- *
- * @param r the Row to serialize.
- * @param json [output] the output JSON string.
- * @param asNumeric true iff numeric values are serialized as such
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeRowJSON(const RowTyped& r, std::string& json, bool asNumeric);
-
-/**
- * @brief Deserialize a Row object from JSON object.
- *
- * @param obj the input JSON value (should be an object).
- * @param r [output] the output Row structure.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status deserializeRow(const rapidjson::Value& obj, Row& r);
-
-/**
- * @brief Deserialize a RowTyped object from JSON object.
- *
- * @param obj the input JSON value (should be an object).
- * @param r [output] the output Row structure.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status deserializeRow(const rapidjson::Value& obj, RowTyped& r);
-
-/**
- * @brief Deserialize a Row object from a JSON string.
- *
- * @param json the input JSON string.
- * @param r [output] the output Row structure.
- *
- * @return Status indicating the success or failure of the operation
- */
-Status deserializeRowJSON(const std::string& json, Row& r);
-
-/**
- * @brief Deserialize a RowTyped object from a JSON string.
- *
- * @param json the input JSON string.
- * @param r [output] the output Row structure.
- *
- * @return Status indicating the success or failure of the operation
- */
-Status deserializeRowJSON(const std::string& json, RowTyped& r);
-
} // namespace osquery
#include "row.h"
+#include <osquery/utils/status/status.h>
+
#include <sqlite3.h>
+#include <vector>
+
namespace osquery {
class TableRow;
using TableRowHolder = std::unique_ptr<TableRow>;
+using TableRows = std::vector<TableRowHolder>;
/**
* Interface for accessing a table row. Implementations may be backed by
sqlite3_vtab* pVtab,
int col) = 0;
/**
- * Serialize this row as key,value pairs into the given JSON object.
- */
- virtual Status serialize(JSON& doc, rapidjson::Value& obj) const = 0;
-
- /**
* Clone this row.
*/
virtual TableRowHolder clone() const = 0;
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#include "table_rows.h"
-
-namespace rj = rapidjson;
-
-namespace osquery {
-
-Status serializeTableRows(const TableRows& rows, JSON& doc, rj::Document& arr) {
- for (const auto& r : rows) {
- auto row_obj = doc.getObject();
- auto status = r->serialize(doc, row_obj);
- if (!status.ok()) {
- return status;
- }
- doc.push(row_obj, arr);
- }
- return Status::success();
-}
-
-Status serializeTableRowsJSON(const TableRows& rows, std::string& json) {
- auto doc = JSON::newArray();
-
- auto status = serializeTableRows(rows, doc, doc.doc());
- if (!status.ok()) {
- return status;
- }
- return doc.toString(json);
-}
-
-} // namespace osquery
+++ /dev/null
-/**
- * Copyright (c) 2014-present, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed in accordance with the terms specified in
- * the LICENSE file found in the root directory of this source tree.
- */
-
-#pragma once
-
-#include <osquery/utils/json/json.h>
-
-#include "query_data.h"
-#include "table_row.h"
-
-namespace osquery {
-
-using TableRows = std::vector<TableRowHolder>;
-
-/**
- * @brief Serialize a TableRows object into a JSON array.
- *
- * @param rows the TableRows to serialize.
- * @param doc the managed JSON document.
- * @param arr [output] the output JSON array.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeTableRows(const TableRows& rows,
- JSON& doc,
- rapidjson::Document& arr);
-
-/**
- * @brief Serialize a TableRows object into a JSON string.
- *
- * @param rows the TableRows to serialize.
- * @param json [output] the output JSON string.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeTableRowsJSON(const TableRows& rows, std::string& json);
-
-/// Inverse of serializeTableRows, convert JSON to TableRows.
-Status deserializeTableRows(const rapidjson::Value& arr, TableRows& rows);
-
-/// Inverse of serializeTableRowsJSON, convert a JSON string to TableRows.
-Status deserializeTableRowsJSON(const std::string& json, TableRows& rows);
-
-} // namespace osquery
#include <osquery/core.h>
#include <osquery/core/sql/diff_results.h>
#include <osquery/core/sql/scheduled_query.h>
-#include <osquery/utils/json/json.h>
namespace osquery {
};
/**
- * @brief Serialize a QueryLogItem object into a JSON document.
- *
- * @param item the QueryLogItem to serialize.
- * @param doc [output] the output JSON document (object type).
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeQueryLogItem(const QueryLogItem& item, JSON& doc);
-
-/**
- * @brief Serialize a QueryLogItem object into a JSON string.
- *
- * @param item the QueryLogItem to serialize.
- * @param json [output] the output JSON string.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status serializeQueryLogItemJSON(const QueryLogItem& item, std::string& json);
-
-/**
- * @brief Serialize a QueryLogItem object into a JSON document containing
- * events, a list of actions.
- *
- * @param item the QueryLogItem to serialize
- * @param json [output] the output JSON document.
- *
- * @return Status indicating the success or failure of the operation
- */
-Status serializeQueryLogItemAsEvents(const QueryLogItem& item, JSON& json);
-
-/**
- * @brief Serialize a QueryLogItem object into a JSON string of events,
- * a list of actions.
- *
- * @param i the QueryLogItem to serialize
- * @param items [output] vector of JSON output strings
- *
- * @return Status indicating the success or failure of the operation
- */
-Status serializeQueryLogItemAsEventsJSON(const QueryLogItem& i,
- std::vector<std::string>& items);
-
-/**
* @brief Interact with the historical on-disk storage for a given query.
*/
class Query {
#include <osquery/core/sql/column.h>
#include <osquery/plugins/plugin.h>
#include <osquery/query.h>
+#include <osquery/utils/json/json.h>
#include <gtest/gtest_prod.h>
-/// Allow Tables to use "tracked" deprecated OS APIs.
-#define OSQUERY_USE_DEPRECATED(expr) \
- do { \
- _Pragma("clang diagnostic push") _Pragma( \
- "clang diagnostic ignored \"-Wdeprecated-declarations\"")(expr); \
- _Pragma("clang diagnostic pop") \
- } while (0)
-
namespace osquery {
class Status;
#include <vist/logger.hpp>
#include <osquery/registry.h>
#include <osquery/utils/conversions/split.h>
-#include <osquery/utils/json/json.h>
namespace osquery {
return result;
}
-Status deserializeTableRows(const rj::Value& arr, TableRows& rows) {
- if (!arr.IsArray()) {
- return Status(1);
- }
-
- for (const auto& i : arr.GetArray()) {
- auto r = make_table_row();
- auto status = deserializeRow(i, r);
- if (!status.ok()) {
- return status;
- }
- rows.push_back(std::move(r));
- }
- return Status::success();
-}
-
-Status deserializeTableRowsJSON(const std::string& json, TableRows& rows) {
- auto doc = JSON::newArray();
- if (!doc.fromString(json) || !doc.doc().IsArray()) {
- return Status(1, "Cannot deserializing JSON");
- }
-
- return deserializeTableRows(doc.doc(), rows);
-}
-
-Status deserializeRow(const rj::Value& doc, DynamicTableRowHolder& r) {
- if (!doc.IsObject()) {
- return Status(1);
- }
-
- for (const auto& i : doc.GetObject()) {
- std::string name(i.name.GetString());
- if (!name.empty() && i.value.IsString()) {
- r[name] = i.value.GetString();
- }
- }
- return Status::success();
-}
-
int DynamicTableRow::get_rowid(sqlite_int64 default_value,
sqlite_int64* pRowid) const {
auto& current_row = this->row;
return SQLITE_OK;
}
-Status DynamicTableRow::serialize(JSON& doc, rj::Value& obj) const {
- for (const auto& i : row) {
- doc.addRef(i.first, i.second, obj);
- }
-
- return Status::success();
-}
-
TableRowHolder DynamicTableRow::clone() const {
Row new_row = row;
return TableRowHolder(new DynamicTableRow(std::move(new_row)));
#pragma once
+#include <osquery/core/sql/query_data.h>
#include <osquery/core/sql/table_row.h>
-#include <osquery/core/sql/table_rows.h>
-#include <osquery/utils/json/json.h>
namespace osquery {
}
virtual int get_rowid(sqlite_int64 default_value, sqlite_int64* pRowid) const;
virtual int get_column(sqlite3_context* ctx, sqlite3_vtab* pVtab, int col);
- virtual Status serialize(JSON& doc, rapidjson::Value& obj) const;
virtual TableRowHolder clone() const;
inline std::string& operator[](const std::string& key) {
return row[key];
/// generated code.
TableRows tableRowsFromQueryData(QueryData&& rows);
-/**
- * @brief Deserialize a DynamicTableRow object from JSON object.
- *
- * @param obj the input JSON value (should be an object).
- * @param r [output] the output DynamicTableRowHolder structure.
- *
- * @return Status indicating the success or failure of the operation.
- */
-Status deserializeRow(const rapidjson::Value& doc, DynamicTableRowHolder& r);
-
} // namespace osquery
}
};
-
-TEST_F(SQLTests, test_raw_access) {
- // Access to the table plugins (no SQL parsing required) works in both
- // extensions and core, though with limitations on available tables.
- auto results = SQL::selectAllFrom("time");
- EXPECT_EQ(results.size(), 1U);
-}
-
class TestTablePlugin : public TablePlugin {
private:
TableColumns columns() const {
EXPECT_EQ(sql.rows()[0], r);
}
-TEST_F(SQLiteUtilTests, test_simple_query_execution) {
- // Access to the internal SQL implementation is only available in core.
- auto sql = SQL("SELECT * FROM time");
- EXPECT_TRUE(sql.ok());
- EXPECT_EQ(sql.rows().size(), 1U);
-}
-
TEST_F(SQLiteUtilTests, test_sqlite_instance_manager) {
auto dbc1 = SQLiteDBManager::get();
auto dbc2 = SQLiteDBManager::get();
EXPECT_TRUE(status.ok());
}
-TEST_F(SQLiteUtilTests, test_whitespace_then_nonwhitespace_query) {
- auto dbc = getTestDBC();
- QueryDataTyped results;
- auto status = queryInternal(" ; select * from time ", results, dbc);
- EXPECT_TRUE(status.ok());
-}
-
TEST_F(SQLiteUtilTests, test_get_test_db_result_stream) {
auto dbc = getTestDBC();
auto results = getTestDBResultStream();
projects / platform / core / security / vist.git / commitdiff