osquery-1/osquery/tables/system/linux/pci_devices.cpp

/*
 *  Copyright (c) 2014-present, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree. An additional grant
 *  of patent rights can be found in the PATENTS file in the same directory.
 *
 */

#include <boost/algorithm/string/split.hpp>
#include <boost/algorithm/string/trim.hpp>

#include <osquery/core.h>
#include <osquery/logger.h>
#include <osquery/tables.h>

#include "osquery/events/linux/udev.h"

namespace osquery {
namespace tables {

const std::string kPCIKeySlot = "PCI_SLOT_NAME";
const std::string kPCIKeyClass = "ID_PCI_CLASS_FROM_DATABASE";
const std::string kPCIKeyVendor = "ID_VENDOR_FROM_DATABASE";
const std::string kPCIKeyModel = "ID_MODEL_FROM_DATABASE";
const std::string kPCIKeyID = "PCI_ID";
const std::string kPCIKeyDriver = "DRIVER";

QueryData genPCIDevices(QueryContext &context) {
  QueryData results;

  auto udev_handle = udev_new();
  if (udev_handle == nullptr) {
    VLOG(1) << "Could not get udev handle";
    return results;
  }

  // Perform enumeration/search.
  auto enumerate = udev_enumerate_new(udev_handle);
  udev_enumerate_add_match_subsystem(enumerate, "pci");
  udev_enumerate_scan_devices(enumerate);

  // Get list entries and iterate over entries.
  struct udev_list_entry *device_entries, *entry;
  device_entries = udev_enumerate_get_list_entry(enumerate);

  udev_list_entry_foreach(entry, device_entries) {
    const char *path = udev_list_entry_get_name(entry);
    auto device = udev_device_new_from_syspath(udev_handle, path);

    Row r;
    r["pci_slot"] = UdevEventPublisher::getValue(device, kPCIKeySlot);
    r["pci_class"] = UdevEventPublisher::getValue(device, kPCIKeyClass);
    r["driver"] = UdevEventPublisher::getValue(device, kPCIKeyDriver);
    r["vendor"] = UdevEventPublisher::getValue(device, kPCIKeyVendor);
    r["model"] = UdevEventPublisher::getValue(device, kPCIKeyModel);

    // VENDOR:MODEL ID is in the form of HHHH:HHHH.
    std::vector<std::string> ids;
    auto device_id = UdevEventPublisher::getValue(device, kPCIKeyID);
    boost::split(ids, device_id, boost::is_any_of(":"));
    if (ids.size() == 2) {
      r["vendor_id"] = ids[0];
      r["model_id"] = ids[1];
    }

    // Set invalid vendor/model IDs to 0.
    if (r["vendor_id"].size() == 0) {
      r["vendor_id"] = "0";
    }

    if (r["model_id"].size() == 0) {
      r["model_id"] = "0";
    }

    results.push_back(r);
    udev_device_unref(device);
  }

  // Drop references to udev structs.
  udev_enumerate_unref(enumerate);
  udev_unref(udev_handle);

  return results;
}
}
}
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`/*`
[osquery] Update copyright headers to new format. 2016-02-11 19:48:58 +00:00			`* Copyright (c) 2014-present, Facebook, Inc.`
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD-style license found in the`
Removing trailing whitespace 2015-05-12 06:31:13 +00:00			`* LICENSE file in the root directory of this source tree. An additional grant`
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*`
			`*/`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
PCI/USB parity 2014-12-10 22:51:43 +00:00			`#include <boost/algorithm/string/split.hpp>`
			`#include <boost/algorithm/string/trim.hpp>`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
Codemod to improve include search paths 2014-12-03 23:14:02 +00:00			`#include <osquery/core.h>`
			`#include <osquery/logger.h>`
			`#include <osquery/tables.h>`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
PCI/USB parity 2014-12-10 22:51:43 +00:00			`#include "osquery/events/linux/udev.h"`

added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00			`namespace osquery {`
changed comments to // from /* , char* to std::string consts, and ran clang-format on the file 2014-11-01 04:12:25 +00:00			`namespace tables {`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
PCI/USB parity 2014-12-10 22:51:43 +00:00			`const std::string kPCIKeySlot = "PCI_SLOT_NAME";`
			`const std::string kPCIKeyClass = "ID_PCI_CLASS_FROM_DATABASE";`
			`const std::string kPCIKeyVendor = "ID_VENDOR_FROM_DATABASE";`
			`const std::string kPCIKeyModel = "ID_MODEL_FROM_DATABASE";`
			`const std::string kPCIKeyID = "PCI_ID";`
			`const std::string kPCIKeyDriver = "DRIVER";`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
clang-format on feature-predicate updates 2014-11-30 05:55:14 +00:00			`QueryData genPCIDevices(QueryContext &context) {`
changed comments to // from /* , char* to std::string consts, and ran clang-format on the file 2014-11-01 04:12:25 +00:00			`QueryData results;`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
PCI/USB parity 2014-12-10 22:51:43 +00:00			`auto udev_handle = udev_new();`
			`if (udev_handle == nullptr) {`
Removing dots at the end of log entries 2015-08-28 23:50:44 +00:00			`VLOG(1) << "Could not get udev handle";`
changed comments to // from /* , char* to std::string consts, and ran clang-format on the file 2014-11-01 04:12:25 +00:00			`return results;`
			`}`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
PCI/USB parity 2014-12-10 22:51:43 +00:00			`// Perform enumeration/search.`
			`auto enumerate = udev_enumerate_new(udev_handle);`
changed comments to // from /* , char* to std::string consts, and ran clang-format on the file 2014-11-01 04:12:25 +00:00			`udev_enumerate_add_match_subsystem(enumerate, "pci");`
			`udev_enumerate_scan_devices(enumerate);`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
PCI/USB parity 2014-12-10 22:51:43 +00:00			`// Get list entries and iterate over entries.`
			`struct udev_list_entry device_entries, entry;`
			`device_entries = udev_enumerate_get_list_entry(enumerate);`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
PCI/USB parity 2014-12-10 22:51:43 +00:00			`udev_list_entry_foreach(entry, device_entries) {`
			`const char *path = udev_list_entry_get_name(entry);`
			`auto device = udev_device_new_from_syspath(udev_handle, path);`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00
changed comments to // from /* , char* to std::string consts, and ran clang-format on the file 2014-11-01 04:12:25 +00:00			`Row r;`
PCI/USB parity 2014-12-10 22:51:43 +00:00			`r["pci_slot"] = UdevEventPublisher::getValue(device, kPCIKeySlot);`
			`r["pci_class"] = UdevEventPublisher::getValue(device, kPCIKeyClass);`
			`r["driver"] = UdevEventPublisher::getValue(device, kPCIKeyDriver);`
			`r["vendor"] = UdevEventPublisher::getValue(device, kPCIKeyVendor);`
			`r["model"] = UdevEventPublisher::getValue(device, kPCIKeyModel);`

			`// VENDOR:MODEL ID is in the form of HHHH:HHHH.`
			`std::vector<std::string> ids;`
			`auto device_id = UdevEventPublisher::getValue(device, kPCIKeyID);`
			`boost::split(ids, device_id, boost::is_any_of(":"));`
			`if (ids.size() == 2) {`
			`r["vendor_id"] = ids[0];`
			`r["model_id"] = ids[1];`
Add braces 2014-11-03 22:13:49 +00:00			`}`
PCI/USB parity 2014-12-10 22:51:43 +00:00
			`// Set invalid vendor/model IDs to 0.`
			`if (r["vendor_id"].size() == 0) {`
			`r["vendor_id"] = "0";`
Add braces 2014-11-03 22:13:49 +00:00			`}`
PCI/USB parity 2014-12-10 22:51:43 +00:00
			`if (r["model_id"].size() == 0) {`
			`r["model_id"] = "0";`
Add braces 2014-11-03 22:13:49 +00:00			`}`
PCI/USB parity 2014-12-10 22:51:43 +00:00
changed comments to // from /* , char* to std::string consts, and ran clang-format on the file 2014-11-01 04:12:25 +00:00			`results.push_back(r);`
PCI/USB parity 2014-12-10 22:51:43 +00:00			`udev_device_unref(device);`
changed comments to // from /* , char* to std::string consts, and ran clang-format on the file 2014-11-01 04:12:25 +00:00			`}`
PCI/USB parity 2014-12-10 22:51:43 +00:00
			`// Drop references to udev structs.`
pci_devices: unref things after use 2014-11-03 22:48:42 +00:00			`udev_enumerate_unref(enumerate);`
PCI/USB parity 2014-12-10 22:51:43 +00:00			`udev_unref(udev_handle);`

changed comments to // from /* , char* to std::string consts, and ran clang-format on the file 2014-11-01 04:12:25 +00:00			`return results;`
			`}`
			`}`
added lspci virtual table and libudev dependencies 2014-10-31 10:00:29 +00:00			`}`