osquery-1/osquery/sql/sqlite_operations.cpp

/**
 *  Copyright (c) 2014-present, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under both the Apache 2.0 license (found in the
 *  LICENSE file in the root directory of this source tree) and the GPLv2 (found
 *  in the COPYING file in the root directory of this source tree).
 *  You may select, at your option, one of the above-listed licenses.
 */

#include <set>
#include <string>

#include <osquery/carver/carver.h>
#include <osquery/flags.h>
#include <osquery/logger.h>
#include <osquery/utils/conversions/split.h>
#include <osquery/utils/mutex.h>

#include <sqlite3.h>

namespace osquery {

/// Global set of requested carve paths.
static std::set<std::string> kFunctionCarvePaths;

/// Mutex to protect access to carve paths.
Mutex kFunctionCarveMutex;

DECLARE_bool(carver_disable_function);

static void addCarveFile(sqlite3_context* ctx, int argc, sqlite3_value** argv) {
  if (argc == 0) {
    return;
  }

  if (SQLITE_NULL == sqlite3_value_type(argv[0])) {
    sqlite3_result_null(ctx);
    return;
  }

  WriteLock lock(kFunctionCarveMutex);
  std::string path((const char*)sqlite3_value_text(argv[0]));
  kFunctionCarvePaths.insert(path);

  sqlite3_result_text(
      ctx, path.c_str(), static_cast<int>(path.size()), SQLITE_TRANSIENT);
}

static void executeCarve(sqlite3_context* ctx) {
  WriteLock lock(kFunctionCarveMutex);
  if (!FLAGS_carver_disable_function) {
    carvePaths(kFunctionCarvePaths);
  } else {
    LOG(WARNING) << "Carver as a function is disabled";
  }
  kFunctionCarvePaths.clear();
  sqlite3_result_text(ctx, "Carve Started", 13, SQLITE_TRANSIENT);
}

void registerOperationExtensions(sqlite3* db) {
  sqlite3_create_function(db,
                          "carve",
                          1,
                          SQLITE_UTF8,
                          nullptr,
                          nullptr,
                          addCarveFile,
                          executeCarve);
}
} // namespace osquery
license: Change license to Apache 2.0 and GPLv2 (#4007) 2017-12-19 00:04:06 +00:00			`/**`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00			`* Copyright (c) 2014-present, Facebook, Inc.`
			`* All rights reserved.`
			`*`
license: Change license to Apache 2.0 and GPLv2 (#4007) 2017-12-19 00:04:06 +00:00			`* This source code is licensed under both the Apache 2.0 license (found in the`
			`* LICENSE file in the root directory of this source tree) and the GPLv2 (found`
			`* in the COPYING file in the root directory of this source tree).`
			`* You may select, at your option, one of the above-listed licenses.`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00			`*/`

			`#include <set>`
			`#include <string>`

Move build system to BUCK fbshipit-source-id: 8ffef5e6a393ac67ce56dcb74845402e43d964a0 2018-09-21 18:54:31 +00:00			`#include <osquery/carver/carver.h>`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00			`#include <osquery/flags.h>`
			`#include <osquery/logger.h>`
Move build system to BUCK fbshipit-source-id: 8ffef5e6a393ac67ce56dcb74845402e43d964a0 2018-09-21 18:54:31 +00:00			`#include <osquery/utils/conversions/split.h>`
			`#include <osquery/utils/mutex.h>`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00
			`#include <sqlite3.h>`

			`namespace osquery {`

sqlite: Remove the explicit copy and add mutex to function carve (#3404) 2017-06-14 00:27:00 +00:00			`/// Global set of requested carve paths.`
			`static std::set<std::string> kFunctionCarvePaths;`

			`/// Mutex to protect access to carve paths.`
			`Mutex kFunctionCarveMutex;`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00
			`DECLARE_bool(carver_disable_function);`

			`static void addCarveFile(sqlite3_context* ctx, int argc, sqlite3_value** argv) {`
			`if (argc == 0) {`
			`return;`
			`}`

			`if (SQLITE_NULL == sqlite3_value_type(argv[0])) {`
			`sqlite3_result_null(ctx);`
			`return;`
			`}`

sqlite: Remove the explicit copy and add mutex to function carve (#3404) 2017-06-14 00:27:00 +00:00			`WriteLock lock(kFunctionCarveMutex);`
			`std::string path((const char*)sqlite3_value_text(argv[0]));`
			`kFunctionCarvePaths.insert(path);`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00
			`sqlite3_result_text(`
			`ctx, path.c_str(), static_cast<int>(path.size()), SQLITE_TRANSIENT);`
			`}`

			`static void executeCarve(sqlite3_context* ctx) {`
sqlite: Remove the explicit copy and add mutex to function carve (#3404) 2017-06-14 00:27:00 +00:00			`WriteLock lock(kFunctionCarveMutex);`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00			`if (!FLAGS_carver_disable_function) {`
sqlite: Remove the explicit copy and add mutex to function carve (#3404) 2017-06-14 00:27:00 +00:00			`carvePaths(kFunctionCarvePaths);`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00			`} else {`
sqlite: Remove the explicit copy and add mutex to function carve (#3404) 2017-06-14 00:27:00 +00:00			`LOG(WARNING) << "Carver as a function is disabled";`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00			`}`
sqlite: Remove the explicit copy and add mutex to function carve (#3404) 2017-06-14 00:27:00 +00:00			`kFunctionCarvePaths.clear();`
Add an sql function for carving paths (#3317) 2017-05-26 18:19:43 +00:00			`sqlite3_result_text(ctx, "Carve Started", 13, SQLITE_TRANSIENT);`
			`}`

			`void registerOperationExtensions(sqlite3* db) {`
			`sqlite3_create_function(db,`
			`"carve",`
			`1,`
			`SQLITE_UTF8,`
			`nullptr,`
			`nullptr,`
			`addCarveFile,`
			`executeCarve);`
			`}`
Added custom path functions (#4265) 2018-05-24 11:26:43 +00:00			`} // namespace osquery`