osquery-1/osquery/tables/networking/etc_hosts.cpp

// Copyright 2004-present Facebook. All Rights Reserved.

#include "osquery/tables/networking/etc_hosts.h"

#include <vector>
#include <string>

#include <boost/algorithm/string/join.hpp>
#include <boost/algorithm/string/predicate.hpp>

#include <glog/logging.h>

#include "osquery/core.h"
#include "osquery/filesystem.h"

using namespace osquery::core;
using namespace osquery::db;
using namespace osquery::fs;

namespace osquery { namespace tables {

QueryData genEtcHosts() {
  std::string content;
  auto s = readFile("/etc/hosts", content);
  if (s.ok()) {
    return parseEtcHostsContent(content);
  } else {
    LOG(ERROR) << "Error reading /etc/hosts: " << s.toString();
    return {};
  }
}

QueryData parseEtcHostsContent(const std::string& content) {
  QueryData results;

  for (const auto& i : split(content, "\n")) {
    auto line = split(i);
    if (line.size() == 0 || boost::starts_with(line[0], "#")) {
      continue;
    }
    Row r;
    r["address"] = line[0];
    if (line.size() > 1) {
      std::vector<std::string> hostnames;
      for (int i = 1; i < line.size(); ++i) {
        hostnames.push_back(line[i]);
      }
      r["hostnames"] = boost::algorithm::join(hostnames, " ");
    }
    results.push_back(r);
  }

  return results;
}

}}
virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00			`// Copyright 2004-present Facebook. All Rights Reserved.`

moving networking vtables into their own dir 2014-08-06 01:10:18 +00:00			`#include "osquery/tables/networking/etc_hosts.h"`
virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00
			`#include <vector>`
			`#include <string>`

zwass' comment on etc_host table 2014-08-06 22:55:46 +00:00			`#include <boost/algorithm/string/join.hpp>`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00			`#include <boost/algorithm/string/predicate.hpp>`

			`#include <glog/logging.h>`

			`#include "osquery/core.h"`
			`#include "osquery/filesystem.h"`

			`using namespace osquery::core;`
virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00			`using namespace osquery::db;`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00			`using namespace osquery::fs;`
virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00
			`namespace osquery { namespace tables {`

			`QueryData genEtcHosts() {`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00			`std::string content;`
			`auto s = readFile("/etc/hosts", content);`
			`if (s.ok()) {`
			`return parseEtcHostsContent(content);`
			`} else {`
			`LOG(ERROR) << "Error reading /etc/hosts: " << s.toString();`
			`return {};`
			`}`
virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00			`}`

			`QueryData parseEtcHostsContent(const std::string& content) {`
			`QueryData results;`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00
bug fixes 2014-08-04 23:08:49 +00:00			`for (const auto& i : split(content, "\n")) {`
			`auto line = split(i);`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00			`if (line.size() == 0 \|\| boost::starts_with(line[0], "#")) {`
			`continue;`
			`}`
			`Row r;`
			`r["address"] = line[0];`
bug fixes 2014-08-04 23:08:49 +00:00			`if (line.size() > 1) {`
			`std::vector<std::string> hostnames;`
			`for (int i = 1; i < line.size(); ++i) {`
			`hostnames.push_back(line[i]);`
			`}`
zwass' comment on etc_host table 2014-08-06 22:55:46 +00:00			`r["hostnames"] = boost::algorithm::join(hostnames, " ");`
bug fixes 2014-08-04 23:08:49 +00:00			`}`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00			`results.push_back(r);`
			`}`
virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00
			`return results;`
			`}`

			`}}`