--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+
+/**
+ * @file groups.h
+ * @brief The scheme of groups (sync with osquery/tables/spec/groups.table)
+ */
+
+
+#pragma once
+
+#include <string>
+
+struct Groups {
+ unsigned long long int gid; /// Unsigned int64 group ID
+ long long int gid_signed; /// A signed int64 version of gid
+ std::string groupname; /// Canonical local group name
+};
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+
+/**
+ * @file memory-map.h
+ * @brief The scheme of memory map (sync with osquery/tables/spec/linux/memory_map.table)
+ */
+
+
+#pragma once
+
+#include <string>
+
+struct MemoryMap {
+ int region; /// Region index
+ std::string type; /// Textual description
+ std::string start; /// Start address of memory region
+ std::string end; /// End address of memory region
+};
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+
+/**
+ * @file uses.h
+ * @brief The scheme of uses (sync with osquery/tables/spec/users.table)
+ */
+
+
+#pragma once
+
+#include <string>
+
+struct Users {
+ unsigned long long int uid; /// User ID
+ unsigned long long int gid; /// Group ID (unsigned)
+ long long int uid_signed; /// User ID as int64 signed
+ long long int gid_signed; /// Group ID as int64 signed
+ std::string username; /// User name
+ std::string description; /// Optional user description
+ std::string directory; /// User's home directory
+ std::string shell; /// User's configured default shell
+};
#include <schema/time.h>
#include <schema/processes.h>
+#include <schema/users.h>
+#include <schema/groups.h>
+#include <schema/memory-map.h>
#include <osquery/logger.h>
make_column("start_time", &Processes::start_time),
make_column("parent", &Processes::parent));
-
-auto db = make_database("db", time, processes);
+auto users = make_table("users",
+ make_column("uid", &Users::uid),
+ make_column("gid", &Users::gid),
+ make_column("uid_signed", &Users::uid_signed),
+ make_column("gid_signed", &Users::gid_signed),
+ make_column("username", &Users::username),
+ make_column("description", &Users::description),
+ make_column("directory", &Users::directory),
+ make_column("shell", &Users::shell));
+
+auto groups = make_table("groups",
+ make_column("gid", &Groups::gid),
+ make_column("gid_signed", &Groups::gid_signed),
+ make_column("groupname", &Groups::groupname));
+
+auto memoryMap = make_table("memory_map",
+ make_column("region", &MemoryMap::region),
+ make_column("type", &MemoryMap::type),
+ make_column("start", &MemoryMap::start),
+ make_column("end", &MemoryMap::end));
+
+auto db = make_database("db", time, processes, users, groups, memoryMap);
} // anonymous namespace
template std::string Property<Processes>::at(std::string Processes::*) const;
template std::string Property<Processes>::operator[](std::string Processes::*) const;
+template class Property<Users>;
+template class Properties<Users>;
+template long long int Property<Users>::at(long long int Users::*) const;
+template long long int Property<Users>::operator[](long long int Users::*) const;
+template unsigned long long int Property<Users>::at(unsigned long long int Users::*) const;
+template unsigned long long int Property<Users>::operator[](unsigned long long int Users::*) const;
+template std::string Property<Users>::at(std::string Users::*) const;
+template std::string Property<Users>::operator[](std::string Users::*) const;
+
+template class Property<Groups>;
+template class Properties<Groups>;
+template long long int Property<Groups>::at(long long int Groups::*) const;
+template long long int Property<Groups>::operator[](long long int Groups::*) const;
+template unsigned long long int Property<Groups>::at(unsigned long long int Groups::*) const;
+template unsigned long long int Property<Groups>::operator[](unsigned long long int Groups::*) const;
+template std::string Property<Groups>::at(std::string Groups::*) const;
+template std::string Property<Groups>::operator[](std::string Groups::*) const;
+
+template class Property<MemoryMap>;
+template class Properties<MemoryMap>;
+template int Property<MemoryMap>::at(int MemoryMap::*) const;
+template int Property<MemoryMap>::operator[](int MemoryMap::*) const;
+template std::string Property<MemoryMap>::at(std::string MemoryMap::*) const;
+template std::string Property<MemoryMap>::operator[](std::string MemoryMap::*) const;
+
} // namespace osquery
#include <schema/time.h>
#include <schema/processes.h>
+#include <schema/users.h>
+#include <schema/groups.h>
+#include <schema/memory-map.h>
using namespace osquery;
EXPECT_NE(result.seconds, -1);
}
-TEST_F(PropertyTests, properties) {
+TEST_F(PropertyTests, propertiesProcesses) {
Processes result = {
-1, /// pid
"", /// name
VLOG(1) << "\t start_time: " << result.start_time;
VLOG(1) << "\t parent: " << result.parent;
}
+}
+
+TEST_F(PropertyTests, propertiesUsers) {
+ Properties<Users> users;
+ for(const auto& user : users) {
+ VLOG(1) << "[Test] User table:";
+ VLOG(1) << "\t uid: " << user[&Users::uid];
+ VLOG(1) << "\t gid: " << user[&Users::gid];
+ VLOG(1) << "\t uid_signed: " << user[&Users::uid_signed];
+ VLOG(1) << "\t gid_signed: " << user[&Users::gid_signed];
+ VLOG(1) << "\t username: " << user[&Users::username];
+ VLOG(1) << "\t description: " << user[&Users::description];
+ VLOG(1) << "\t directory: " << user[&Users::directory];
+ VLOG(1) << "\t shell: " << user[&Users::shell];
+ }
+}
-// EXPECT_NE(result.hour, -1);
+TEST_F(PropertyTests, propertiesGroups) {
+ Properties<Groups> groups;
+ for(const auto& group : groups) {
+ VLOG(1) << "[Test] Group table:";
+ VLOG(1) << "\t gid: " << group[&Groups::gid];
+ VLOG(1) << "\t gid_signed: " << group[&Groups::gid_signed];
+ VLOG(1) << "\t groupname: " << group[&Groups::groupname];
+ }
+}
+
+TEST_F(PropertyTests, propertiesMemoryMap) {
+ Properties<MemoryMap> memoryMap;
+ for(const auto& mm : memoryMap) {
+ VLOG(1) << "[Test] memory_map table:";
+ VLOG(1) << "\t region: " << mm[&MemoryMap::region];
+ VLOG(1) << "\t type: " << mm[&MemoryMap::type];
+ VLOG(1) << "\t start: " << mm[&MemoryMap::start];
+ VLOG(1) << "\t end: " << mm[&MemoryMap::end];
+ }
}
projects / platform / core / security / vist.git / commitdiff