2015-01-23 22:52:07 +00:00
|
|
|
/*
|
2016-02-11 19:48:58 +00:00
|
|
|
* Copyright (c) 2014-present, Facebook, Inc.
|
2015-01-23 22:52:07 +00:00
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <iostream>
|
|
|
|
|
|
|
|
|
|
#include <boost/property_tree/ptree.hpp>
|
2016-01-21 08:23:05 +00:00
|
|
|
|
2015-01-23 22:52:07 +00:00
|
|
|
#include <gtest/gtest.h>
|
|
|
|
|
|
|
|
|
|
#include <osquery/core.h>
|
2015-09-07 18:09:06 +00:00
|
|
|
#include <osquery/distributed.h>
|
2015-09-16 17:36:34 +00:00
|
|
|
#include <osquery/enroll.h>
|
2015-01-23 22:52:07 +00:00
|
|
|
#include <osquery/sql.h>
|
|
|
|
|
|
2016-09-02 22:04:03 +00:00
|
|
|
#include "osquery/core/json.h"
|
2015-02-23 05:56:52 +00:00
|
|
|
#include "osquery/sql/sqlite_util.h"
|
2016-11-03 00:08:44 +00:00
|
|
|
#include "osquery/tests/test_additional_util.h"
|
2016-09-02 22:04:03 +00:00
|
|
|
#include "osquery/tests/test_util.h"
|
2015-01-23 22:52:07 +00:00
|
|
|
|
2017-08-07 23:34:44 +00:00
|
|
|
#include <rapidjson/prettywriter.h>
|
|
|
|
|
|
|
|
|
|
// distributed.cpp for why this is undefed
|
|
|
|
|
#undef GetObject
|
|
|
|
|
|
2015-01-23 22:52:07 +00:00
|
|
|
namespace pt = boost::property_tree;
|
|
|
|
|
|
2015-09-16 17:36:34 +00:00
|
|
|
DECLARE_string(distributed_tls_read_endpoint);
|
|
|
|
|
DECLARE_string(distributed_tls_write_endpoint);
|
|
|
|
|
|
2015-01-23 22:52:07 +00:00
|
|
|
namespace osquery {
|
|
|
|
|
|
2015-09-16 17:36:34 +00:00
|
|
|
class DistributedTests : public testing::Test {
|
|
|
|
|
protected:
|
|
|
|
|
void SetUp() {
|
2015-09-07 18:09:06 +00:00
|
|
|
TLSServerRunner::start();
|
2016-01-21 08:23:05 +00:00
|
|
|
TLSServerRunner::setClientConfig();
|
2015-09-16 17:36:34 +00:00
|
|
|
clearNodeKey();
|
|
|
|
|
|
|
|
|
|
distributed_tls_read_endpoint_ =
|
|
|
|
|
Flag::getValue("distributed_tls_read_endpoint");
|
|
|
|
|
Flag::updateValue("distributed_tls_read_endpoint", "/distributed_read");
|
|
|
|
|
|
|
|
|
|
distributed_tls_write_endpoint_ =
|
|
|
|
|
Flag::getValue("distributed_tls_write_endpoint");
|
|
|
|
|
Flag::updateValue("distributed_tls_write_endpoint", "/distributed_write");
|
2015-01-23 22:52:07 +00:00
|
|
|
|
2017-01-07 20:21:35 +00:00
|
|
|
Registry::get().setActive("distributed", "tls");
|
2015-09-07 18:09:06 +00:00
|
|
|
}
|
2015-01-23 22:52:07 +00:00
|
|
|
|
2015-09-16 17:36:34 +00:00
|
|
|
void TearDown() {
|
|
|
|
|
TLSServerRunner::stop();
|
2016-01-21 08:23:05 +00:00
|
|
|
TLSServerRunner::unsetClientConfig();
|
2015-09-16 17:36:34 +00:00
|
|
|
clearNodeKey();
|
2016-01-21 08:23:05 +00:00
|
|
|
|
2015-09-16 17:36:34 +00:00
|
|
|
Flag::updateValue("distributed_tls_read_endpoint",
|
|
|
|
|
distributed_tls_read_endpoint_);
|
|
|
|
|
Flag::updateValue("distributed_tls_write_endpoint",
|
|
|
|
|
distributed_tls_write_endpoint_);
|
2015-09-07 18:09:06 +00:00
|
|
|
}
|
2015-01-23 22:52:07 +00:00
|
|
|
|
2016-01-21 08:23:05 +00:00
|
|
|
protected:
|
2015-09-16 17:36:34 +00:00
|
|
|
std::string distributed_tls_read_endpoint_;
|
|
|
|
|
std::string distributed_tls_write_endpoint_;
|
2015-09-07 18:09:06 +00:00
|
|
|
};
|
2015-01-23 22:52:07 +00:00
|
|
|
|
2016-03-05 17:29:51 +00:00
|
|
|
TEST_F(DistributedTests, test_serialize_distributed_query_request) {
|
|
|
|
|
DistributedQueryRequest r;
|
|
|
|
|
r.query = "foo";
|
|
|
|
|
r.id = "bar";
|
|
|
|
|
|
2017-08-07 23:34:44 +00:00
|
|
|
rapidjson::Document d(rapidjson::kObjectType);
|
|
|
|
|
auto s = serializeDistributedQueryRequest(r, d);
|
2016-03-05 17:29:51 +00:00
|
|
|
EXPECT_TRUE(s.ok());
|
2017-08-07 23:34:44 +00:00
|
|
|
EXPECT_TRUE(d.HasMember("query") && d["query"].IsString());
|
|
|
|
|
EXPECT_TRUE(d.HasMember("id") && d["id"].IsString());
|
|
|
|
|
if (d.HasMember("query")) {
|
|
|
|
|
EXPECT_EQ(std::string(d["query"].GetString()), "foo");
|
|
|
|
|
}
|
|
|
|
|
if (d.HasMember("id")) {
|
|
|
|
|
EXPECT_EQ(std::string(d["id"].GetString()), "bar");
|
|
|
|
|
}
|
2016-03-05 17:29:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(DistributedTests, test_deserialize_distributed_query_request) {
|
2017-08-07 23:34:44 +00:00
|
|
|
rapidjson::Document d(rapidjson::kObjectType);
|
|
|
|
|
d.AddMember(rapidjson::Value("query", d.GetAllocator()).Move(),
|
|
|
|
|
rapidjson::Value("foo", d.GetAllocator()),
|
|
|
|
|
d.GetAllocator());
|
|
|
|
|
|
|
|
|
|
d.AddMember(rapidjson::Value("id", d.GetAllocator()).Move(),
|
|
|
|
|
rapidjson::Value("bar", d.GetAllocator()).Move(),
|
|
|
|
|
d.GetAllocator());
|
2016-03-05 17:29:51 +00:00
|
|
|
|
|
|
|
|
DistributedQueryRequest r;
|
2017-08-07 23:34:44 +00:00
|
|
|
auto s = deserializeDistributedQueryRequest(d, r);
|
2016-03-05 17:29:51 +00:00
|
|
|
EXPECT_TRUE(s.ok());
|
|
|
|
|
EXPECT_EQ(r.query, "foo");
|
|
|
|
|
EXPECT_EQ(r.id, "bar");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(DistributedTests, test_deserialize_distributed_query_request_json) {
|
|
|
|
|
auto json =
|
|
|
|
|
"{"
|
|
|
|
|
" \"query\": \"foo\","
|
|
|
|
|
" \"id\": \"bar\""
|
|
|
|
|
"}";
|
|
|
|
|
|
|
|
|
|
DistributedQueryRequest r;
|
|
|
|
|
auto s = deserializeDistributedQueryRequestJSON(json, r);
|
|
|
|
|
EXPECT_TRUE(s.ok());
|
|
|
|
|
EXPECT_EQ(r.query, "foo");
|
|
|
|
|
EXPECT_EQ(r.id, "bar");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(DistributedTests, test_serialize_distributed_query_result) {
|
|
|
|
|
DistributedQueryResult r;
|
|
|
|
|
r.request.query = "foo";
|
|
|
|
|
r.request.id = "bar";
|
|
|
|
|
|
|
|
|
|
Row r1;
|
|
|
|
|
r1["foo"] = "bar";
|
|
|
|
|
r.results = {r1};
|
2017-08-07 23:34:44 +00:00
|
|
|
r.columns = {"foo"};
|
|
|
|
|
rapidjson::Document d(rapidjson::kObjectType);
|
|
|
|
|
auto s = serializeDistributedQueryResult(r, d);
|
2016-03-05 17:29:51 +00:00
|
|
|
EXPECT_TRUE(s.ok());
|
2017-08-07 23:34:44 +00:00
|
|
|
EXPECT_TRUE(d.IsObject());
|
|
|
|
|
EXPECT_EQ(d["request"]["query"], "foo");
|
|
|
|
|
EXPECT_EQ(d["request"]["id"], "bar");
|
|
|
|
|
EXPECT_TRUE(d["results"].IsArray());
|
|
|
|
|
for (const auto& q : d["results"].GetArray()) {
|
|
|
|
|
for (const auto& row : q.GetObject()) {
|
|
|
|
|
EXPECT_EQ(row.name, "foo");
|
|
|
|
|
EXPECT_EQ(q[row.name], "bar");
|
2016-03-05 17:29:51 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(DistributedTests, test_deserialize_distributed_query_result) {
|
2017-08-07 23:34:44 +00:00
|
|
|
rapidjson::Document query_result(rapidjson::kObjectType);
|
|
|
|
|
rapidjson::Document request(rapidjson::kObjectType);
|
|
|
|
|
rapidjson::Value row(rapidjson::kObjectType);
|
|
|
|
|
rapidjson::Document results(rapidjson::kArrayType);
|
|
|
|
|
|
|
|
|
|
request.AddMember(
|
|
|
|
|
rapidjson::Value("query", query_result.GetAllocator()).Move(),
|
|
|
|
|
rapidjson::Value("bar", query_result.GetAllocator()),
|
|
|
|
|
query_result.GetAllocator());
|
|
|
|
|
|
|
|
|
|
request.AddMember(rapidjson::Value("id", query_result.GetAllocator()).Move(),
|
|
|
|
|
rapidjson::Value("foo", query_result.GetAllocator()).Move(),
|
|
|
|
|
query_result.GetAllocator());
|
|
|
|
|
|
|
|
|
|
row.AddMember(rapidjson::Value("foo", query_result.GetAllocator()).Move(),
|
|
|
|
|
rapidjson::Value("bar", query_result.GetAllocator()).Move(),
|
|
|
|
|
query_result.GetAllocator());
|
|
|
|
|
|
|
|
|
|
results.PushBack(rapidjson::Value(row, request.GetAllocator()).Move(),
|
|
|
|
|
request.GetAllocator());
|
|
|
|
|
|
|
|
|
|
query_result.AddMember("request",
|
|
|
|
|
rapidjson::Value(request, query_result.GetAllocator()),
|
|
|
|
|
query_result.GetAllocator());
|
|
|
|
|
query_result.AddMember("results",
|
|
|
|
|
rapidjson::Value(results, query_result.GetAllocator()),
|
|
|
|
|
query_result.GetAllocator());
|
2016-03-05 17:29:51 +00:00
|
|
|
|
|
|
|
|
DistributedQueryResult r;
|
|
|
|
|
auto s = deserializeDistributedQueryResult(query_result, r);
|
|
|
|
|
EXPECT_EQ(r.request.id, "foo");
|
|
|
|
|
EXPECT_EQ(r.request.query, "bar");
|
|
|
|
|
EXPECT_EQ(r.results[0]["foo"], "bar");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(DistributedTests, test_deserialize_distributed_query_result_json) {
|
|
|
|
|
auto json =
|
|
|
|
|
"{"
|
|
|
|
|
" \"request\": {"
|
|
|
|
|
" \"id\": \"foo\","
|
|
|
|
|
" \"query\": \"bar\""
|
|
|
|
|
" },"
|
|
|
|
|
" \"results\": ["
|
|
|
|
|
" {"
|
|
|
|
|
" \"foo\": \"bar\""
|
|
|
|
|
" }"
|
|
|
|
|
" ]"
|
|
|
|
|
"}";
|
|
|
|
|
|
|
|
|
|
DistributedQueryResult r;
|
|
|
|
|
auto s = deserializeDistributedQueryResultJSON(json, r);
|
|
|
|
|
EXPECT_TRUE(s.ok());
|
|
|
|
|
EXPECT_EQ(r.request.id, "foo");
|
|
|
|
|
EXPECT_EQ(r.request.query, "bar");
|
|
|
|
|
EXPECT_EQ(r.results[0]["foo"], "bar");
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-07 18:09:06 +00:00
|
|
|
TEST_F(DistributedTests, test_workflow) {
|
|
|
|
|
auto dist = Distributed();
|
|
|
|
|
auto s = dist.pullUpdates();
|
|
|
|
|
EXPECT_TRUE(s.ok());
|
|
|
|
|
EXPECT_EQ(s.toString(), "OK");
|
2015-01-23 22:52:07 +00:00
|
|
|
|
2015-10-20 06:08:01 +00:00
|
|
|
EXPECT_EQ(dist.getPendingQueryCount(), 2U);
|
|
|
|
|
EXPECT_EQ(dist.results_.size(), 0U);
|
2015-09-07 18:09:06 +00:00
|
|
|
s = dist.runQueries();
|
|
|
|
|
EXPECT_TRUE(s.ok());
|
|
|
|
|
EXPECT_EQ(s.toString(), "OK");
|
2015-09-16 17:36:34 +00:00
|
|
|
|
2015-10-20 06:08:01 +00:00
|
|
|
EXPECT_EQ(dist.getPendingQueryCount(), 0U);
|
2016-03-25 18:17:48 +00:00
|
|
|
EXPECT_EQ(dist.results_.size(), 0U);
|
2015-01-23 22:52:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
