From 97a5e46a3f4a8238255bd222dc921616aa95e468 Mon Sep 17 00:00:00 2001 From: Sangwan Kwon Date: Mon, 27 Apr 2020 15:39:52 +0900 Subject: [PATCH] Remove unused TCs Signed-off-by: Sangwan Kwon --- src/osquery/CMakeLists.txt | 3 +- src/osquery/core/CMakeLists.txt | 5 +- src/osquery/core/sql/query_performance.cpp | 9 - src/osquery/core/sql/query_performance.h | 38 --- src/osquery/core/tests/query_tests.cpp | 1 - src/osquery/include/osquery/enroll.h | 103 -------- src/osquery/include/osquery/hash.h | 111 -------- src/osquery/main/tests.cpp | 19 -- src/osquery/sql/CMakeLists.txt | 4 - src/osquery/sql/sqlite_encoding.cpp | 103 -------- src/osquery/sql/sqlite_filesystem.cpp | 211 --------------- src/osquery/sql/sqlite_math.cpp | 246 ------------------ src/osquery/sql/sqlite_string.cpp | 179 ------------- src/osquery/sql/sqlite_util.cpp | 8 - src/osquery/sql/tests/sql.cpp | 48 ---- src/osquery/sql/tests/sqlite_util_tests.cpp | 269 -------------------- src/osquery/sql/tests/virtual_table.cpp | 67 ----- src/osquery/tables/tizen/tests/policy.cpp | 10 +- src/osquery/tests/CMakeLists.txt | 15 -- src/osquery/tests/test_util.cpp | 103 -------- src/osquery/tests/test_util.h | 67 ----- 21 files changed, 7 insertions(+), 1612 deletions(-) delete mode 100644 src/osquery/core/sql/query_performance.cpp delete mode 100644 src/osquery/core/sql/query_performance.h delete mode 100644 src/osquery/include/osquery/enroll.h delete mode 100644 src/osquery/include/osquery/hash.h delete mode 100644 src/osquery/main/tests.cpp delete mode 100644 src/osquery/sql/sqlite_encoding.cpp delete mode 100644 src/osquery/sql/sqlite_filesystem.cpp delete mode 100644 src/osquery/sql/sqlite_math.cpp delete mode 100644 src/osquery/sql/sqlite_string.cpp delete mode 100644 src/osquery/tests/CMakeLists.txt delete mode 100644 src/osquery/tests/test_util.cpp delete mode 100644 src/osquery/tests/test_util.h diff --git a/src/osquery/CMakeLists.txt b/src/osquery/CMakeLists.txt index a7a9008..21f58db 100644 --- a/src/osquery/CMakeLists.txt +++ b/src/osquery/CMakeLists.txt @@ -43,7 +43,6 @@ ADD_SUBDIRECTORY(core) ADD_SUBDIRECTORY(registry) ADD_SUBDIRECTORY(sql) ADD_SUBDIRECTORY(tables) -ADD_SUBDIRECTORY(tests) ADD_SUBDIRECTORY(utils) ADD_LIBRARY(${TARGET_OSQUERY_LIB} @@ -59,7 +58,7 @@ ENDIF(DEFINED GBS_BUILD) SET_TARGET_PROPERTIES(${TARGET_OSQUERY_LIB} PROPERTIES OUTPUT_NAME ${TARGET_OSQUERY_LIB}) -ADD_EXECUTABLE(${TARGET_OSQUERY_TEST} main/tests.cpp +ADD_EXECUTABLE(${TARGET_OSQUERY_TEST} ../vist/main/tests.cpp ${${TARGET_OSQUERY_LIB}_TESTS}) TARGET_LINK_WHOLE(${TARGET_OSQUERY_TEST} ${TARGET_OSQUERY_LIB}) TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_TEST} gtest) diff --git a/src/osquery/core/CMakeLists.txt b/src/osquery/core/CMakeLists.txt index 13e5a86..7df85b8 100644 --- a/src/osquery/core/CMakeLists.txt +++ b/src/osquery/core/CMakeLists.txt @@ -19,12 +19,9 @@ ADD_OSQUERY_LIBRARY(osquery_core tables.cpp sql/column.cpp sql/diff_results.cpp sql/query_data.cpp - sql/query_performance.cpp sql/row.cpp sql/scheduled_query.cpp sql/table_rows.cpp) FILE(GLOB OSQUERY_CORE_TESTS "tests/*.cpp") -FILE(GLOB OSQUERY_CORE_POSIX_TESTS "tests/posix/*.cpp") -ADD_OSQUERY_TEST(${OSQUERY_SQL_TESTS} - ${OSQUERY_CORE_POSIX_TESTS}) +ADD_OSQUERY_TEST(${OSQUERY_SQL_TESTS}) diff --git a/src/osquery/core/sql/query_performance.cpp b/src/osquery/core/sql/query_performance.cpp deleted file mode 100644 index 97a607e..0000000 --- a/src/osquery/core/sql/query_performance.cpp +++ /dev/null @@ -1,9 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include "query_performance.h" diff --git a/src/osquery/core/sql/query_performance.h b/src/osquery/core/sql/query_performance.h deleted file mode 100644 index d675d0e..0000000 --- a/src/osquery/core/sql/query_performance.h +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -#include - -namespace osquery { - -/** - * @brief performance statistics about a query - */ -struct QueryPerformance { - /// Number of executions. - size_t executions{0}; - - /// Last UNIX time in seconds the query was executed successfully. - size_t last_executed{0}; - - /// Total wall time taken - unsigned long long int wall_time{0}; - - /// Total user time (cycles) - unsigned long long int user_time{0}; - - /// Total system time (cycles) - unsigned long long int system_time{0}; - - /// Average memory differentials. This should be near 0. - unsigned long long int average_memory{0}; -}; - -} // namespace osquery diff --git a/src/osquery/core/tests/query_tests.cpp b/src/osquery/core/tests/query_tests.cpp index bb5d174..1c9c110 100644 --- a/src/osquery/core/tests/query_tests.cpp +++ b/src/osquery/core/tests/query_tests.cpp @@ -16,7 +16,6 @@ #include #include -#include namespace osquery { diff --git a/src/osquery/include/osquery/enroll.h b/src/osquery/include/osquery/enroll.h deleted file mode 100644 index 32fb70e..0000000 --- a/src/osquery/include/osquery/enroll.h +++ /dev/null @@ -1,103 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -#include -#include - -#include -#include - -namespace osquery { - -/** - * @brief These tables populate the "host_details" content. - * - * Enrollment plugins should send 'default' host details to enroll request - * endpoints. This allows the enrollment service to identify the new node. - */ -extern const std::set kEnrollHostDetails; - -/** - * @brief Superclass for enroll plugins. - * - * Config and Logger plugins may use some remote API. In most cases an - * authentication and authorization step is needed. Enroll plugins are an - * easy wrapper-type facility that other osquery plugin types can choose to - * implement. - * - * An enrollment is useful when a "backend" config or logger facility requires - * a node or shared secret. The plugins that support this "backend" will - * request authentication secrets through their well-known enrollment plugin. - * - * Enrollment plugins and authentication models are complicated. It is best - * to use a "suite" of plugins that implement an enroll, config, and log flow. - * Please see the osquery wiki for more details on Enrollment. - */ -class EnrollPlugin : public Plugin { - public: - /// The EnrollPlugin PluginRequest action router. - Status call(const PluginRequest& request, PluginResponse& response); - - protected: - /** - * @brief Perform enrollment on the request of a config/logger. - * - * The single 'enroll' plugin request action will call EnrollPlugin::enroll - * - * @return An enrollment secret or key material or identifier. - */ - virtual std::string enroll() = 0; - - /** - * @brief Populate a JSON object with host details. - * - * This will use kEnrollHostDetails to select from each table and - * construct a JSON object from the results of the first row of each. - * The input JSON object will have a key set for each table. - * - * @param host_details An output JSON object containing each table. - */ - void genHostDetails(JSON& host_details); -}; - -/** - * @brief Get a node key from the osquery RocksDB cache or perform node - * enrollment. - * - * Enrollment allows a new node to announce to an enrollment endpoint via an - * enroll plugin. While the details of authentication/authorization are up to - * the plugin implementation, the endpoint may return a "node secret". - * - * If a node_key is requested from an enroll plugin because no current key - * exists in the backing store, the result will be cached. - * - * @param enroll_plugin Name of the enroll plugin to use if no node_key set. - * @return A unique, often private, node secret key. - */ -std::string getNodeKey(const std::string& enroll_plugin); - -/** - * @brief Delete the existing node key from the persistent storage - * - * @return a Status indicating the success or failure of the operation - */ -Status clearNodeKey(); - -/** - * @brief Read the enrollment secret from disk. - * - * We suspect multiple enrollment types may require an apriori, and enterprise - * shared, secret. Use of this enroll or deployment secret is an optional choice - * made by the enroll plugin type. - * - * @return enroll_secret The trimmed content read from FLAGS_enroll_secret_path. - */ -const std::string getEnrollSecret(); -} diff --git a/src/osquery/include/osquery/hash.h b/src/osquery/include/osquery/hash.h deleted file mode 100644 index b6cc5ae..0000000 --- a/src/osquery/include/osquery/hash.h +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright (c) 2014, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed under the BSD-style license found in the - * LICENSE file in the root directory of this source tree. An additional grant - * of patent rights can be found in the PATENTS file in the same directory. - * - */ - -#include - -namespace osquery { - -/** - * @brief The supported hashing algorithms in osquery - * - * These are usually used as a constructor argument to osquery::Hash - */ -enum HashType { - HASH_TYPE_MD5 = 2, - HASH_TYPE_SHA1 = 4, - HASH_TYPE_SHA256 = 8, -}; - -/** - * @brief Hash is a general utility class for hashing content - * - * @code{.cpp} - * Hash my_hash(HASH_TYPE_SHA256); - * my_hash.update(my_buffer, my_buffer_size); - * std::cout << my_hash.digest(); - * @endcode - * - */ -class Hash { - public: - /** - * @brief Hash constructor - * - * The hash class should be initialized with one of osquery::HashType as a - * constructor argument. - * - * @param algorithm The hashing algorithm which will be used to compute the - * hash - */ - explicit Hash(HashType algorithm); - - /** - * @brief Hash destructor - */ - ~Hash(); - - /** - * @brief Update the internal context buffer with additional content - * - * This method allows you to chunk up large content so that it doesn't all - * have to be loaded into memory at the same time - * - * @param buffer The buffer to be hashed - * @param size The size of the buffer to be hashed - */ - void update(const void* buffer, size_t size); - - /** - * @brief Compute the final hash and return it's result - * - * @return The final hash value - */ - std::string digest(); - - private: - /** - * @brief Private default constructor - * - * The osquery::Hash class should only ever be instantiated with a HashType - */ - Hash(){}; - - private: - /// The hashing algorithm which is used to compute the hash - HashType algorithm_; - - /// The buffer used to maintain the context and state of the hashing - /// operations - void* ctx_; - - /// The length of the hash to be returned - size_t length_; -}; - -/** - * @brief Compute a hash digest from an already allocated buffer. - * - * @param hash_type The osquery-supported hash algorithm. - * @param buffer A caller-controlled buffer. - * @param size The length of buffer in bytes. - * @return A string (hex) representation of the hash digest. - */ -std::string hashFromBuffer(HashType hash_type, const void* buffer, size_t size); - -/** - * @brief Compute a hash digest from the file content at a path. - * - * - * @param hash_type The osquery-supported hash algorithm. - * @param path Filesystem path, the hash target. - * @return A string (hex) representation of the hash digest. - */ -std::string hashFromFile(HashType hash_type, const std::string& path); -} diff --git a/src/osquery/main/tests.cpp b/src/osquery/main/tests.cpp deleted file mode 100644 index bfe2a63..0000000 --- a/src/osquery/main/tests.cpp +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright (c) 2015, Wesley Shields - * All rights reserved. - * - * This source code is licensed under the BSD-style license found in the - * LICENSE file in the root directory of this source tree. An additional grant - * of patent rights can be found in the PATENTS file in the same directory. - * - */ - -#include -#include - -int main(int argc, char* argv[]) { - testing::InitGoogleTest(&argc, argv); - // Optionally enable Goggle Logging - // google::InitGoogleLogging(argv[0]); - return RUN_ALL_TESTS(); -} diff --git a/src/osquery/sql/CMakeLists.txt b/src/osquery/sql/CMakeLists.txt index 7e5990f..dd38368 100644 --- a/src/osquery/sql/CMakeLists.txt +++ b/src/osquery/sql/CMakeLists.txt @@ -13,12 +13,8 @@ # limitations under the License ADD_OSQUERY_LIBRARY(osquery_sql dynamic_table_row.cpp - sqlite_encoding.cpp sqlite_util.cpp sql.cpp - sqlite_filesystem.cpp - sqlite_math.cpp - sqlite_string.cpp virtual_table.cpp virtual_sqlite_table.cpp) diff --git a/src/osquery/sql/sqlite_encoding.cpp b/src/osquery/sql/sqlite_encoding.cpp deleted file mode 100644 index 161f2fe..0000000 --- a/src/osquery/sql/sqlite_encoding.cpp +++ /dev/null @@ -1,103 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include - -#include - -#include -#include - -namespace osquery { - -enum class B64Type { - B64_ENCODE_CONDITIONAL = 1, - B64_ENCODE = 2, - B64_DECODE = 3, -}; - -static void b64SqliteValue(sqlite3_context* ctx, - int argc, - sqlite3_value** argv, - B64Type encode) { - if (argc == 0) { - return; - } - - if (SQLITE_NULL == sqlite3_value_type(argv[0])) { - sqlite3_result_null(ctx); - return; - } - - const auto* value = sqlite3_value_text(argv[0]); - auto size = static_cast(sqlite3_value_bytes(argv[0])); - - std::string input(reinterpret_cast(value), size); - std::string result; - switch (encode) { - case B64Type::B64_ENCODE_CONDITIONAL: - if (isPrintable(input)) { - result = input; - break; - } - case B64Type::B64_ENCODE: - result = base64::encode(input); - break; - case B64Type::B64_DECODE: - result = base64::decode(input); - break; - } - sqlite3_result_text( - ctx, result.c_str(), static_cast(result.size()), SQLITE_TRANSIENT); -} - -static void sqliteB64ConditionalEncFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - b64SqliteValue(context, argc, argv, B64Type::B64_ENCODE_CONDITIONAL); -} - -static void sqliteB64EncFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - b64SqliteValue(context, argc, argv, B64Type::B64_ENCODE); -} - -static void sqliteB64DecFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - b64SqliteValue(context, argc, argv, B64Type::B64_DECODE); -} - -void registerEncodingExtensions(sqlite3* db) { - sqlite3_create_function(db, - "conditional_to_base64", - 1, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - sqliteB64ConditionalEncFunc, - nullptr, - nullptr); - sqlite3_create_function(db, - "to_base64", - 1, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - sqliteB64EncFunc, - nullptr, - nullptr); - sqlite3_create_function(db, - "from_base64", - 1, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - sqliteB64DecFunc, - nullptr, - nullptr); -} -} // namespace osquery diff --git a/src/osquery/sql/sqlite_filesystem.cpp b/src/osquery/sql/sqlite_filesystem.cpp deleted file mode 100644 index 9bdd3aa..0000000 --- a/src/osquery/sql/sqlite_filesystem.cpp +++ /dev/null @@ -1,211 +0,0 @@ -/** - * Copyright (c) 2017-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include - -#include -#include - -#include - -namespace osquery { - -static boost::optional findExistingProgramPathFromCommand( - const char* path, char escape_symbol, bool allow_quoting, bool shortest) { - size_t length = strlen(path); - std::string result; - size_t pos = 0; - // Skip spaces - for (; pos < length; ++pos) { - if (!isspace(path[pos])) { - break; - } - } - std::string temp_string; - bool is_quoted = false; - bool is_escaped = false; - for (; pos < length; ++pos) { - if (is_escaped) { - temp_string += path[pos]; - is_escaped = false; - continue; - } - if (allow_quoting && path[pos] == '"') { - is_quoted = !is_quoted; - continue; - } - if (path[pos] == escape_symbol) { - is_escaped = true; - continue; - } - if (!is_quoted && isspace(path[pos])) { - // validate temp string - boost::filesystem::path test_path = temp_string; - auto status = boost::filesystem::status(test_path); - if (boost::filesystem::exists(status) && - !boost::filesystem::is_directory(status)) { - result = temp_string; - if (shortest) { - break; - } - } - } - temp_string += path[pos]; - } - if (result.length() == 0 || !shortest) { - boost::filesystem::path test_path = temp_string; - auto status = boost::filesystem::status(test_path); - if (boost::filesystem::exists(status) && - !boost::filesystem::is_directory(status)) { - result = temp_string; - } - } - return result; -} - -static boost::optional findExistingProgramPathFromCommandSqlArgs( - int argc, sqlite3_value** argv, bool shortest) { - if (argc == 0) { - return boost::none; - } - // NULLs are not allowed - for (int i = 0; i < argc; i++) { - if (SQLITE_NULL == sqlite3_value_type(argv[i])) { - return boost::none; - } - } - const char* path = reinterpret_cast(sqlite3_value_text(argv[0])); - bool allow_quoting = false; - if (argc > 1) { - allow_quoting = sqlite3_value_int(argv[1]) != 0 ? true : false; - } -#ifdef WIN32 - char escape_symbol = '^'; -#else - char escape_symbol = '\\'; -#endif - if (argc > 2) { - const char* escape_symbol_string = - reinterpret_cast(sqlite3_value_text(argv[2])); - if (escape_symbol_string == NULL || - std::strlen(escape_symbol_string) != 1) { - return boost::none; - } - escape_symbol = escape_symbol_string[0]; - } - return findExistingProgramPathFromCommand( - path, escape_symbol, allow_quoting, shortest); -} - -static void findFilePathInLaunchCommand(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - auto result = findExistingProgramPathFromCommandSqlArgs(argc, argv, true); - if (result) { - sqlite3_result_text(context, - result->c_str(), - static_cast(result->size()), - SQLITE_TRANSIENT); - } else { - sqlite3_result_error( - context, "Invalid inputs to find_binary_path_from_cmd", -1); - } -} - -static void isPathDeterministic(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - auto shortest = findExistingProgramPathFromCommandSqlArgs(argc, argv, true); - if (shortest) { - const char* path = (const char*)sqlite3_value_text(argv[0]); - if (shortest->length() == 0 || shortest->length() == strlen(path)) { - // There are 2 cases: - // 1 - empty string, all parts of path are invalid, - // so path is deterministic - // 2 - short == full, then there is only 1 valid path - sqlite3_result_int(context, 1); - return; - } else { - auto longest = - findExistingProgramPathFromCommandSqlArgs(argc, argv, false); - if (longest) { - sqlite3_result_int(context, - shortest->length() == longest->length() ? 1 : 0); - return; - } - } - } - sqlite3_result_error(context, "Invalid inputs to is_path_deterministic", -1); -} - -static void getParentDirectory(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - if (sqlite3_value_type(argv[0]) != SQLITE_TEXT) { - sqlite3_result_error( - context, "Invalid inputs to parent_directory, TEXT was expected", -1); - return; - } - const char* path = reinterpret_cast(sqlite3_value_text(argv[0])); - if (path == nullptr) { - sqlite3_result_null(context); - return; - } - - int pos = 0; - int last_slash_pos = -1; -#if defined(OSQUERY_WINDOWS) - char directory_symbol = '\\'; -#elif defined(OSQUERY_POSIX) - char directory_symbol = '/'; -#else -#error Unsupported platform -#endif - while (path[pos] != '\0') { - if (path[pos] == directory_symbol) { - last_slash_pos = pos; - } - pos++; - } - if (last_slash_pos < 0) { - // No parent directory - sqlite3_result_null(context); - return; - } - char* result = reinterpret_cast(malloc(last_slash_pos)); - memcpy(result, path, last_slash_pos); - sqlite3_result_text(context, result, last_slash_pos, free); -} - -void registerFilesystemExtensions(sqlite3* db) { - sqlite3_create_function(db, - "is_path_deterministic", - -1, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - isPathDeterministic, - nullptr, - nullptr); - sqlite3_create_function(db, - "find_file_path_in_cmd", - -1, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - findFilePathInLaunchCommand, - nullptr, - nullptr); - sqlite3_create_function(db, - "parent_directory", - 1, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - getParentDirectory, - nullptr, - nullptr); -} -} // namespace osquery diff --git a/src/osquery/sql/sqlite_math.cpp b/src/osquery/sql/sqlite_math.cpp deleted file mode 100644 index 7e9cfe9..0000000 --- a/src/osquery/sql/sqlite_math.cpp +++ /dev/null @@ -1,246 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#ifdef WIN32 -#define _USE_MATH_DEFINES -#endif -// Include cmath here to ensure it is included after the define. -#include - -#include - -#include -#include - -#include - -#include - -#include - -namespace osquery { - -using DoubleDoubleFunction = std::function; - -/** - * Force use of the double(double) math functions without these lambda - * functions, MSVC will error because it fails to select an overload compatible - * with DoubleDoubleFunction. - */ -// clang-format off -#define SIN_FUNC [](double a)->double { return sin(a); } -#define COS_FUNC [](double a)->double { return cos(a); } -#define TAN_FUNC [](double a)->double { return tanl(a); } -#define ASIN_FUNC [](double a)->double { return asin(a); } -#define ACOS_FUNC [](double a)->double { return acos(a); } -#define ATAN_FUNC [](double a)->double { return atan(a); } -#define LOG_FUNC [](double a)->double { return log(a); } -#define LOG10_FUNC [](double a)->double { return log10(a); } -#define SQRT_FUNC [](double a)->double { return sqrt(a); } -#define EXP_FUNC [](double a)->double { return expl(a); } -#define CEIL_FUNC [](double a)->double { return ceil(a); } -#define FLOOR_FUNC [](double a)->double { return floor(a); } -// clang-format on - -/** - * @brief Call a math function that takes a double and returns a double. - */ -static void callDoubleFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv, - DoubleDoubleFunction f) { - double rVal = 0.0, val; - assert(argc == 1); - switch (sqlite3_value_type(argv[0])) { - case SQLITE_NULL: - sqlite3_result_null(context); - break; - default: - rVal = sqlite3_value_double(argv[0]); - errno = 0; - val = f(rVal); - if (errno == 0) { - sqlite3_result_double(context, val); - } else { - sqlite3_result_error(context, platformStrerr(errno).c_str(), errno); - } - break; - } -} - -static void sinFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, SIN_FUNC); -} - -static void cosFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, COS_FUNC); -} - -static void tanFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, TAN_FUNC); -} - -static void asinFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, ASIN_FUNC); -} - -static void acosFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, ACOS_FUNC); -} - -static void atanFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, ATAN_FUNC); -} - -static double cot(double x) { - return 1.0 / tan(x); -} - -static void cotFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, cot); -} - -static void logFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, LOG_FUNC); -} - -static void log10Func(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, LOG10_FUNC); -} - -static void sqrtFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, SQRT_FUNC); -} - -static void expFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, EXP_FUNC); -} - -static void powerFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - assert(argc == 2); - - if (sqlite3_value_type(argv[0]) == SQLITE_NULL || - sqlite3_value_type(argv[1]) == SQLITE_NULL) { - sqlite3_result_null(context); - } else { - double r1 = sqlite3_value_double(argv[0]); - double r2 = sqlite3_value_double(argv[1]); - errno = 0; - double val = pow(r1, r2); - if (errno == 0) { - sqlite3_result_double(context, val); - } else { - sqlite3_result_error(context, platformStrerr(errno).c_str(), errno); - } - } -} - -static void callCastedDoubleFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv, - DoubleDoubleFunction f) { - double rVal = 0.0; - assert(argc == 1); - switch (sqlite3_value_type(argv[0])) { - case SQLITE_INTEGER: { - int64_t iVal = sqlite3_value_int64(argv[0]); - sqlite3_result_int64(context, iVal); - break; - } - case SQLITE_NULL: - sqlite3_result_null(context); - break; - default: - rVal = sqlite3_value_double(argv[0]); - sqlite3_result_int64(context, (int64_t)f(rVal)); - break; - } -} - -static void ceilFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - callCastedDoubleFunc(context, argc, argv, CEIL_FUNC); -} - -static void floorFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - callCastedDoubleFunc(context, argc, argv, FLOOR_FUNC); -} - -/** Convert Degrees into Radians */ -static double deg2rad(double x) { - return x * M_PI / 180.0; -} - -/** Convert Radians into Degrees */ -static double rad2deg(double x) { - return 180.0 * x / M_PI; -} - -static void rad2degFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, rad2deg); -} - -static void deg2radFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - callDoubleFunc(context, argc, argv, deg2rad); -} - -static void piFunc(sqlite3_context* context, int argc, sqlite3_value** argv) { - sqlite3_result_double(context, M_PI); -} - -struct FuncDef { - const char* zFunctionName; - int nArg; - void (*xFunc)(sqlite3_context*, int, sqlite3_value**); -}; - -void registerMathExtensions(sqlite3* db) { - // This approach to adding non-standard Math functions was inspired by the - // somewhat deprecated/legacy work by Liam Healy from 2010 in the extension - // functions contribution. - static const struct FuncDef aFuncs[] = { - {"sqrt", 1, sqrtFunc}, - {"acos", 1, acosFunc}, - {"asin", 1, asinFunc}, - {"atan", 1, atanFunc}, - {"cos", 1, cosFunc}, - {"sin", 1, sinFunc}, - {"tan", 1, tanFunc}, - {"cot", 1, cotFunc}, - {"exp", 1, expFunc}, - {"log", 1, logFunc}, - {"log10", 1, log10Func}, - {"power", 2, powerFunc}, - {"ceil", 1, ceilFunc}, - {"floor", 1, floorFunc}, - {"degrees", 1, rad2degFunc}, - {"radians", 1, deg2radFunc}, - {"pi", 0, piFunc}, - }; - - for (size_t i = 0; i < sizeof(aFuncs) / sizeof(struct FuncDef); i++) { - sqlite3_create_function(db, - aFuncs[i].zFunctionName, - aFuncs[i].nArg, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - aFuncs[i].xFunc, - nullptr, - nullptr); - } -} -} // namespace osquery diff --git a/src/osquery/sql/sqlite_string.cpp b/src/osquery/sql/sqlite_string.cpp deleted file mode 100644 index 403c102..0000000 --- a/src/osquery/sql/sqlite_string.cpp +++ /dev/null @@ -1,179 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include - -#ifdef WIN32 -#include -#else -#include -#endif - -#include -#include -#include - -#include -#include - -#include - -#include - -namespace osquery { - -using SplitResult = std::vector; -using StringSplitFunction = std::function; - -/** - * @brief A simple SQLite column string split implementation. - * - * Split a column value using a single token and select an expected index. - * If multiple characters are given to the token parameter, each is used to - * split, similar to boost::is_any_of. - * - * Example: - * 1. SELECT ip_address from addresses; - * 192.168.0.1 - * 2. SELECT SPLIT(ip_address, ".", 1) from addresses; - * 168 - * 3. SELECT SPLIT(ip_address, ".0", 0) from addresses; - * 192 - */ -static SplitResult tokenSplit(const std::string& input, - const std::string& tokens) { - return osquery::split(input, tokens); -} - -/** - * @brief A regex SQLite column string split implementation. - * - * Split a column value using a single or multi-character token and select an - * expected index. The token input is considered a regex. - * - * Example: - * 1. SELECT ip_address from addresses; - * 192.168.0.1 - * 2. SELECT SPLIT(ip_address, "\.", 1) from addresses; - * 168 - * 3. SELECT SPLIT(ip_address, "\.0", 0) from addresses; - * 192.168 - */ -static SplitResult regexSplit(const std::string& input, - const std::string& token) { - // Split using the token as a regex to support multi-character tokens. - std::vector result; - boost::algorithm::split_regex(result, input, boost::regex(token)); - return result; -} - -static void callStringSplitFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv, - StringSplitFunction f) { - assert(argc == 3); - if (SQLITE_NULL == sqlite3_value_type(argv[0]) || - SQLITE_NULL == sqlite3_value_type(argv[1]) || - SQLITE_NULL == sqlite3_value_type(argv[2])) { - sqlite3_result_null(context); - return; - } - - // Parse and verify the split input parameters. - std::string input((char*)sqlite3_value_text(argv[0])); - std::string token((char*)sqlite3_value_text(argv[1])); - auto index = static_cast(sqlite3_value_int(argv[2])); - if (token.empty()) { - // Allow the input string to be empty. - sqlite3_result_error(context, "Invalid input to split function", -1); - return; - } - - auto result = f(input, token); - if (index >= result.size()) { - // Could emit a warning about a selected index that is out of bounds. - sqlite3_result_null(context); - return; - } - - // Yield the selected index. - const auto& selected = result[index]; - sqlite3_result_text(context, - selected.c_str(), - static_cast(selected.size()), - SQLITE_TRANSIENT); -} - -static void tokenStringSplitFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - callStringSplitFunc(context, argc, argv, tokenSplit); -} - -static void regexStringSplitFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - callStringSplitFunc(context, argc, argv, regexSplit); -} - -/** - * @brief Convert an IPv4 string address to decimal. - */ -static void ip4StringToDecimalFunc(sqlite3_context* context, - int argc, - sqlite3_value** argv) { - assert(argc == 1); - - if (SQLITE_NULL == sqlite3_value_type(argv[0])) { - sqlite3_result_null(context); - return; - } - - struct sockaddr sa; - std::string address((char*)sqlite3_value_text(argv[0])); - if (address.find(':') != std::string::npos) { - // Assume this is an IPv6 address. - sqlite3_result_null(context); - } else { - auto in4 = (struct sockaddr_in*)&sa; - if (inet_pton(AF_INET, address.c_str(), &(in4->sin_addr)) == 1) { - sqlite3_result_int64(context, ntohl(in4->sin_addr.s_addr)); - } else { - sqlite3_result_null(context); - } - } -} - -void registerStringExtensions(sqlite3* db) { - sqlite3_create_function(db, - "split", - 3, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - tokenStringSplitFunc, - nullptr, - nullptr); - sqlite3_create_function(db, - "regex_split", - 3, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - regexStringSplitFunc, - nullptr, - nullptr); - sqlite3_create_function(db, - "inet_aton", - 1, - SQLITE_UTF8 | SQLITE_DETERMINISTIC, - nullptr, - ip4StringToDecimalFunc, - nullptr, - nullptr); -} -} // namespace osquery diff --git a/src/osquery/sql/sqlite_util.cpp b/src/osquery/sql/sqlite_util.cpp index 8d65cbc..b38a839 100644 --- a/src/osquery/sql/sqlite_util.cpp +++ b/src/osquery/sql/sqlite_util.cpp @@ -264,14 +264,6 @@ static inline void openOptimized(sqlite3*& db) { settings += "PRAGMA " + setting.first + "=" + setting.second + "; "; } sqlite3_exec(db, settings.c_str(), nullptr, nullptr, nullptr); - - // Register function extensions. - registerMathExtensions(db); -#if !defined(FREEBSD) - registerStringExtensions(db); -#endif - registerFilesystemExtensions(db); - registerEncodingExtensions(db); } void SQLiteDBInstance::init() { diff --git a/src/osquery/sql/tests/sql.cpp b/src/osquery/sql/tests/sql.cpp index d8de36f..fb31540 100644 --- a/src/osquery/sql/tests/sql.cpp +++ b/src/osquery/sql/tests/sql.cpp @@ -116,52 +116,4 @@ TEST_F(SQLTests, test_sql_escape) { EXPECT_EQ(input, "The quick brown fox jumps over the lazy dog."); } -TEST_F(SQLTests, test_sql_base64_encode) { - QueryData d; - query("select to_base64('test') as test;", d); - EXPECT_EQ(d.size(), 1U); - EXPECT_EQ(d[0]["test"], "dGVzdA=="); -} - -TEST_F(SQLTests, test_sql_base64_decode) { - QueryData d; - query("select from_base64('dGVzdA==') as test;", d); - EXPECT_EQ(d.size(), 1U); - EXPECT_EQ(d[0]["test"], "test"); -} - -TEST_F(SQLTests, test_sql_base64_conditional_encode) { - QueryData d; - query("select conditional_to_base64('test') as test;", d); - EXPECT_EQ(d.size(), 1U); - EXPECT_EQ(d[0]["test"], "test"); - - QueryData d2; - query("select conditional_to_base64('悪因悪果') as test;", d2); - EXPECT_EQ(d2.size(), 1U); - EXPECT_EQ(d2[0]["test"], "5oKq5Zug5oKq5p6c"); -} - -TEST_F(SQLTests, test_sql_md5) { - QueryData d; - query("select md5('test') as test;", d); - EXPECT_EQ(d.size(), 1U); - EXPECT_EQ(d[0]["test"], "098f6bcd4621d373cade4e832627b4f6"); -} - -TEST_F(SQLTests, test_sql_sha1) { - QueryData d; - query("select sha1('test') as test;", d); - EXPECT_EQ(d.size(), 1U); - EXPECT_EQ(d[0]["test"], "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"); -} - -TEST_F(SQLTests, test_sql_sha256) { - QueryData d; - query("select sha256('test') as test;", d); - EXPECT_EQ(d.size(), 1U); - EXPECT_EQ(d[0]["test"], - "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"); -} - } diff --git a/src/osquery/sql/tests/sqlite_util_tests.cpp b/src/osquery/sql/tests/sqlite_util_tests.cpp index f78550d..4b35b8e 100644 --- a/src/osquery/sql/tests/sqlite_util_tests.cpp +++ b/src/osquery/sql/tests/sqlite_util_tests.cpp @@ -164,273 +164,4 @@ TEST_F(SQLiteUtilTests, test_get_test_db_result_stream) { } } -TEST_F(SQLiteUtilTests, test_affected_tables) { - auto dbc = getTestDBC(); - QueryDataTyped results; - auto status = queryInternal("SELECT * FROM time", results, dbc); - - // Since the table scanned from "time", it should be recorded as affected. - EXPECT_EQ(dbc->affected_tables_.count("time"), 1U); - dbc->clearAffectedTables(); - EXPECT_EQ(dbc->affected_tables_.size(), 0U); -} - -TEST_F(SQLiteUtilTests, test_table_attributes_event_based) { - { - SQLInternal sql_internal("select * from process_events"); - EXPECT_TRUE(sql_internal.getStatus().ok()); - EXPECT_TRUE(sql_internal.eventBased()); - } - - { - SQLInternal sql_internal("select * from time"); - EXPECT_TRUE(sql_internal.getStatus().ok()); - EXPECT_FALSE(sql_internal.eventBased()); - } -} - -TEST_F(SQLiteUtilTests, test_get_query_columns) { - auto dbc = getTestDBC(); - TableColumns results; - - std::string query = "SELECT seconds, version FROM time JOIN osquery_info"; - auto status = getQueryColumnsInternal(query, results, dbc); - ASSERT_TRUE(status.ok()); - ASSERT_EQ(2U, results.size()); - EXPECT_EQ(std::make_tuple( - std::string("seconds"), INTEGER_TYPE, ColumnOptions::DEFAULT), - results[0]); - EXPECT_EQ(std::make_tuple( - std::string("version"), TEXT_TYPE, ColumnOptions::DEFAULT), - results[1]); - - query = "SELECT * FROM foo"; - status = getQueryColumnsInternal(query, results, dbc); - ASSERT_FALSE(status.ok()); -} - -TEST_F(SQLiteUtilTests, test_get_query_tables_failed) { - std::string query = - "SELECT * FROM time, osquery_info, (SELECT * FROM file) ff GROUP BY pid"; - std::vector tables; - auto status = getQueryTables(query, tables); - EXPECT_TRUE(status.ok()); - - std::vector expected = {}; - EXPECT_EQ(expected, tables); -} - -TEST_F(SQLiteUtilTests, test_get_query_tables) { - std::string query = - "SELECT * FROM time, osquery_info, (SELECT * FROM users) ff GROUP BY pid"; - std::vector tables; - auto status = getQueryTables(query, tables); - EXPECT_TRUE(status.ok()); - - std::vector expected = {"time", "osquery_info", "users"}; - EXPECT_EQ(expected, tables); -} - -TEST_F(SQLiteUtilTests, test_get_query_tables_required) { - std::string query = - "SELECT * FROM time, osquery_info, (SELECT * FROM file where path = " - "'osquery') ff GROUP BY pid"; - std::vector tables; - auto status = getQueryTables(query, tables); - EXPECT_TRUE(status.ok()); - - std::vector expected = {"time", "osquery_info", "file"}; - EXPECT_EQ(expected, tables); -} - -std::vector getTypes(const TableColumns& columns) { - std::vector types; - for (const auto& col : columns) { - types.push_back(std::get<1>(col)); - } - return types; -} - -TEST_F(SQLiteUtilTests, test_query_planner) { - using TypeList = std::vector; - - auto dbc = getTestDBC(); - TableColumns columns; - - std::string query = "select path, path from file"; - EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok()); - - query = "select path, path from file where path in ('osquery', 'noquery')"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE, TEXT_TYPE})); - - query = "select path, seconds from file, time where path LIKE 'osquery'"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE, INTEGER_TYPE})); - - query = "select path || path from file"; - EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok()); - - query = "select path || path from file where path = 'osquery'"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE})); - - query = "select seconds, path || path from file, time "; - EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok()); - - query = - "select seconds, path || path from file, time where path in ('osquery')"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({INTEGER_TYPE, TEXT_TYPE})); - - query = "select seconds, seconds from time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({INTEGER_TYPE, INTEGER_TYPE})); - - query = "select count(*) from time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({BIGINT_TYPE})); - - query = "select count(*), count(seconds), seconds from time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), - TypeList({BIGINT_TYPE, BIGINT_TYPE, INTEGER_TYPE})); - - query = "select 1, 'path', path from file"; - EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok()); - - query = "select 1, 'path', path from file where path = 'os'"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({INTEGER_TYPE, TEXT_TYPE, TEXT_TYPE})); - - query = "select weekday, day, count(*), seconds from time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), - TypeList({TEXT_TYPE, INTEGER_TYPE, BIGINT_TYPE, INTEGER_TYPE})); - - query = "select seconds + 1 from time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({BIGINT_TYPE})); - - query = "select seconds * seconds from time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({BIGINT_TYPE})); - - query = "select seconds > 1, seconds, count(seconds) from time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), - TypeList({INTEGER_TYPE, INTEGER_TYPE, BIGINT_TYPE})); - - query = - "select f1.*, seconds, f2.directory from (select path || path from file) " - "f1, file as f2, time"; - EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok()); - - query = - "select f1.*, seconds, f2.directory from (select path || path from file) " - "f1, file as f2, time where path in ('query', 'query')"; - EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok()); - - query = - "select f1.*, seconds, f2.directory from (select path || path from file " - "where path = 'query') " - "f1, file as f2, time where path in ('query', 'query')"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE, INTEGER_TYPE, TEXT_TYPE})); - - query = "select CAST(seconds AS INTEGER) FROM time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({BIGINT_TYPE})); - - query = "select CAST(seconds AS TEXT) FROM time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({TEXT_TYPE})); - - query = "select CAST(seconds AS REAL) FROM time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({DOUBLE_TYPE})); - - query = "select CAST(seconds AS BOOLEAN) FROM time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({UNKNOWN_TYPE})); - - query = "select CAST(seconds AS DATETIME) FROM time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({UNKNOWN_TYPE})); - - query = "select CAST(seconds AS BLOB) FROM time"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), TypeList({BLOB_TYPE})); - - query = "select url, round_trip_time, response_code from curl"; - EXPECT_FALSE(getQueryColumnsInternal(query, columns, dbc).ok()); - - query = - "select url, round_trip_time, response_code from curl where url = " - "'https://github.com/facebook/osquery'"; - EXPECT_TRUE(getQueryColumnsInternal(query, columns, dbc).ok()); - EXPECT_EQ(getTypes(columns), - TypeList({TEXT_TYPE, BIGINT_TYPE, INTEGER_TYPE})); -} - -using TypeMap = std::map; - -// Using ColumnType enum just labeling in test_column_type_determination) -class type_picker_visitor : public boost::static_visitor { - public: - ColumnType operator()(const long long& i) const { - return INTEGER_TYPE; - } - - ColumnType operator()(const std::string& str) const { - return TEXT_TYPE; - } - - ColumnType operator()(const double& d) const { - return DOUBLE_TYPE; - } -}; - -void testTypesExpected(std::string query, TypeMap expectedTypes) { - auto dbc = getTestDBC(); - QueryDataTyped typedResults; - queryInternal(query, typedResults, dbc); - for (const auto& row : typedResults) { - for (const auto& col : row) { - if (expectedTypes.count(col.first)) { - EXPECT_EQ(boost::apply_visitor(type_picker_visitor(), col.second), - expectedTypes[col.first]) - << " These are the integer values of actual/expected ColumnType " - "(resp) of " - << col.first << " for query: " << query; - } else { - FAIL() << "Found no expected type for " << col.first - << " in test of column types for query " << query; - } - } - } -} - -TEST_F(SQLiteUtilTests, test_column_type_determination) { - // Correct identification of text and ints - testTypesExpected("select path, inode from file where path like '%'", - TypeMap({{"path", TEXT_TYPE}, {"inode", INTEGER_TYPE}})); - // Correctly treating BLOBs as text - testTypesExpected("select CAST(seconds AS BLOB) as seconds FROM time", - TypeMap({{"seconds", TEXT_TYPE}})); - // Correctly treating ints cast as double as doubles - testTypesExpected("select CAST(seconds AS DOUBLE) as seconds FROM time", - TypeMap({{"seconds", DOUBLE_TYPE}})); - // Correctly treating bools as ints - testTypesExpected("select CAST(seconds AS BOOLEAN) as seconds FROM time", - TypeMap({{"seconds", INTEGER_TYPE}})); - // Correctly recognizing values from columns declared double as double, even - // if they happen to have integer value. And also test multi-statement - // queries. - testTypesExpected( - "CREATE TABLE test_types_table (username varchar(30) primary key, age " - "double);INSERT INTO test_types_table VALUES (\"mike\", 23); SELECT age " - "from test_types_table", - TypeMap({{"age", DOUBLE_TYPE}})); -} } // namespace osquery diff --git a/src/osquery/sql/tests/virtual_table.cpp b/src/osquery/sql/tests/virtual_table.cpp index e1ba615..1c28ac3 100644 --- a/src/osquery/sql/tests/virtual_table.cpp +++ b/src/osquery/sql/tests/virtual_table.cpp @@ -200,19 +200,6 @@ TEST_F(VirtualTableTests, test_sqlite3_attach_vtable) { results[0]["sql"]); } -TEST_F(VirtualTableTests, test_sqlite3_table_joins) { - // Get a database connection. - auto dbc = SQLiteDBManager::getUnique(); - - QueryData results; - // Run a query with a join within. - std::string statement = - "SELECT p.pid FROM osquery_info oi, processes p WHERE oi.pid = p.pid"; - auto status = queryInternal(statement, results, dbc); - ASSERT_TRUE(status.ok()); - ASSERT_EQ(results.size(), 1U); -} - class pTablePlugin : public TablePlugin { private: TableColumns columns() const override { @@ -740,60 +727,6 @@ class defaultScanTablePlugin : public TablePlugin { size_t scans{0}; }; -TEST_F(VirtualTableTests, test_indexing_costs) { - // Get a database connection. - auto dbc = SQLiteDBManager::getUnique(); - auto table_registry = RegistryFactory::get().registry("table"); - - auto i = std::make_shared(); - table_registry->add("index_i", i); - attachTableInternal("index_i", i->columnDefinition(false), dbc, false); - - auto j = std::make_shared(); - table_registry->add("index_j", j); - attachTableInternal("index_j", j->columnDefinition(false), dbc, false); - - auto default_scan = std::make_shared(); - table_registry->add("default_scan", default_scan); - attachTableInternal( - "default_scan", default_scan->columnDefinition(false), dbc, false); - - QueryData results; - queryInternal( - "SELECT * from default_scan JOIN index_i using (i);", results, dbc); - dbc->clearAffectedTables(); - - // We expect index_i to optimize, meaning the constraint evaluation - // understood the marked columns and returned a low cost. - ASSERT_EQ(1U, default_scan->scans); - EXPECT_EQ(10U, i->scans); - - // Reset. - default_scan->scans = 0; - i->scans = 0; - - // The inverse should also hold, all cost evaluations will be high. - queryInternal( - "SELECT * from index_i JOIN default_scan using (i);", results, dbc); - dbc->clearAffectedTables(); - EXPECT_EQ(10U, i->scans); - EXPECT_EQ(1U, default_scan->scans); - - // Reset. - default_scan->scans = 0; - i->scans = 0; - - queryInternal( - "SELECT * from default_scan join index_i using (i) join index_j using " - "(j);", - results, - dbc); - dbc->clearAffectedTables(); - ASSERT_EQ(1U, default_scan->scans); - EXPECT_EQ(10U, i->scans); - EXPECT_EQ(10U, j->scans); -} - class colsUsedTablePlugin : public TablePlugin { private: TableColumns columns() const override { diff --git a/src/osquery/tables/tizen/tests/policy.cpp b/src/osquery/tables/tizen/tests/policy.cpp index 983b693..482b4a7 100644 --- a/src/osquery/tables/tizen/tests/policy.cpp +++ b/src/osquery/tables/tizen/tests/policy.cpp @@ -30,21 +30,21 @@ TEST_F(PolicyTests, get_all) { TEST_F(PolicyTests, get_admin_all) { auto admins = policy::API::Admin::GetAll(); - EXPECT_EQ(admins.size(), 0); + EXPECT_EQ(admins.size(), 1); policy::API::Admin::Enroll("testAdmin"); admins = policy::API::Admin::GetAll(); - EXPECT_EQ(admins.size(), 1); + EXPECT_EQ(admins.size(), 2); policy::API::Admin::Enroll("testAdmin1"); admins = policy::API::Admin::GetAll(); - EXPECT_EQ(admins.size(), 2); + EXPECT_EQ(admins.size(), 3); policy::API::Admin::Disenroll("testAdmin"); admins = policy::API::Admin::GetAll(); - EXPECT_EQ(admins.size(), 1); + EXPECT_EQ(admins.size(), 2); policy::API::Admin::Disenroll("testAdmin1"); admins = policy::API::Admin::GetAll(); - EXPECT_EQ(admins.size(), 0); + EXPECT_EQ(admins.size(), 1); } diff --git a/src/osquery/tests/CMakeLists.txt b/src/osquery/tests/CMakeLists.txt deleted file mode 100644 index 34a4214..0000000 --- a/src/osquery/tests/CMakeLists.txt +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License - -ADD_OSQUERY_LIBRARY(osquery_tests test_util.cpp) diff --git a/src/osquery/tests/test_util.cpp b/src/osquery/tests/test_util.cpp deleted file mode 100644 index 015e458..0000000 --- a/src/osquery/tests/test_util.cpp +++ /dev/null @@ -1,103 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#include -#include -#include -#include -#include - -#include -#include - -#include - -#include - -#include -#include -#include -#include -#include - -#include - -namespace fs = boost::filesystem; - -namespace osquery { - -/// Will be set with initTesting in test harness main. -std::string kFakeDirectory; - -/// Will be set with initTesting in test harness main. -std::string kTestWorkingDirectory; - -/// The relative path within the source repo to find test content. -std::string kTestDataPath{"../../../tools/tests/"}; - -using chrono_clock = std::chrono::high_resolution_clock; - -void initTesting() { - kTestWorkingDirectory = - (fs::temp_directory_path() / "osquery-tests").string(); - - registryAndPluginInit(); - - // Allow unit test execution from anywhere in the osquery source/build tree. - if (fs::exists("test_data/test_inline_pack.conf")) { - // If the execution occurs within the build/shared directory and shared - // is pointing to a tmp build directory. See #3414. - kTestDataPath = "test_data/"; - } else if (fs::exists("../test_data/test_inline_pack.conf")) { - // ctest executes from the osquery subdirectory. If this is a build/shared - // link then the test_data directory links to the source repo. - kTestDataPath = "../test_data/"; - } else { - while (kTestDataPath.find("tools") != 0) { - if (!fs::exists(kTestDataPath + "test_inline_pack.conf")) { - kTestDataPath = kTestDataPath.substr(3, kTestDataPath.size()); - } else { - break; - } - } - } - - // The tests will fail randomly without test data. - if (!fs::exists(kTestDataPath)) { - throw std::runtime_error("Cannot find test data path"); - } - - // Seed the random number generator, some tests generate temporary files - // ports, sockets, etc using random numbers. - std::srand(static_cast( - chrono_clock::now().time_since_epoch().count())); - - // Set safe default values for path-based flags. - // Specific unittests may edit flags temporarily. - kTestWorkingDirectory += std::to_string(1234) + "/"; - kFakeDirectory = kTestWorkingDirectory + kFakeDirectoryName; - - fs::remove_all(kTestWorkingDirectory); - fs::create_directories(kTestWorkingDirectory); -} - -void shutdownTesting() { -} - -ScheduledQuery getOsqueryScheduledQuery() { - ScheduledQuery sq( - "path_pack", - "bin", - "SELECT filename FROM fs WHERE path = '/bin' ORDER BY filename"); - - sq.interval = 5; - - return sq; -} - -} // namespace osquery diff --git a/src/osquery/tests/test_util.h b/src/osquery/tests/test_util.h deleted file mode 100644 index 78e4a4d..0000000 --- a/src/osquery/tests/test_util.h +++ /dev/null @@ -1,67 +0,0 @@ -/** - * Copyright (c) 2014-present, Facebook, Inc. - * All rights reserved. - * - * This source code is licensed in accordance with the terms specified in - * the LICENSE file found in the root directory of this source tree. - */ - -#pragma once - -#include -#include -#include - -#include - -namespace osquery { - -/// The following codes are specifically for checking whether the child worker -/// or extension process ran successfully. These values should be the values -/// captured as exit codes if all the child process checks complete without -/// deviation. -#define EXTENSION_SUCCESS_CODE 0x45 -#define WORKER_SUCCESS_CODE 0x57 - -/// The following are error codes returned by the child process. -#define ERROR_COMPARE_ARGUMENT (-1) -#define ERROR_LAUNCHER_PROCESS (-2) -#define ERROR_QUERY_PROCESS_IMAGE (-3) -#define ERROR_IMAGE_NAME_LENGTH (-4) -#define ERROR_LAUNCHER_MISMATCH (-5) - -/// Init function for tests and benchmarks. -void initTesting(); - -/// Cleanup/stop function for tests and benchmarks. -void shutdownTesting(); - -/// A fake directory tree should be used for filesystem iterator testing. -const std::string kFakeDirectoryName{"fstree"}; - -/// Tests can be run from within the source or build directory. -/// The test initializer will attempt to discovery the current working path. -extern std::string kTestDataPath; - -/// Tests should limit intermediate input/output to a working directory. -/// Config data, logging results, and intermediate database/caching usage. -extern std::string kTestWorkingDirectory; -extern std::string kFakeDirectory; - -/// Stores the path of the currently executing executable -extern std::string kProcessTestExecPath; - -/// This is the expected module name of the launcher process. -extern const char* kOsqueryTestModuleName; - -/// These are the expected arguments for our test worker process. -extern const char* kExpectedWorkerArgs[]; -extern const size_t kExpectedWorkerArgsCount; - -/// These are the expected arguments for our test extensions process. -extern const char* kExpectedExtensionArgs[]; -extern const size_t kExpectedExtensionArgsCount; - -ScheduledQuery getOsqueryScheduledQuery(); - -} // namespace osquery -- 2.34.1