2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
2015-02-03 05:21:36 +00:00
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
2014-12-18 18:50:47 +00:00
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-12-03 04:36:46 +00:00
|
|
|
|
|
|
|
|
#pragma once
|
|
|
|
|
|
2015-11-20 19:03:57 +00:00
|
|
|
#include <deque>
|
|
|
|
|
|
2015-01-12 18:02:44 +00:00
|
|
|
#include <osquery/tables.h>
|
2014-12-03 04:36:46 +00:00
|
|
|
|
2015-11-01 09:12:48 +00:00
|
|
|
#include "osquery/core/conversions.h"
|
2015-02-03 05:21:36 +00:00
|
|
|
#include "osquery/sql/sqlite_util.h"
|
|
|
|
|
|
2014-12-03 04:36:46 +00:00
|
|
|
namespace osquery {
|
|
|
|
|
|
2015-11-20 19:03:57 +00:00
|
|
|
/**
|
|
|
|
|
* @brief osquery virtual table connection.
|
|
|
|
|
*
|
|
|
|
|
* This object is the SQLite database's virtual table context.
|
|
|
|
|
* When the virtual table is created/connected the name and columns are
|
|
|
|
|
* retrieved via the TablePlugin call API. The details are kept in this context
|
|
|
|
|
* so column parsing and row walking does not require additional Registry calls.
|
|
|
|
|
*
|
|
|
|
|
* When tables are accessed as the result of an SQL statement a QueryContext is
|
|
|
|
|
* created to represent metadata that can be used by the virtual table
|
|
|
|
|
* implementation code. Thus the code that generates rows can choose to emit
|
|
|
|
|
* additional data, restrict based on constraints, or potentially yield from
|
|
|
|
|
* a cache or choose not to generate certain columns.
|
|
|
|
|
*/
|
|
|
|
|
struct VirtualTableContent {
|
|
|
|
|
/// Friendly name for the table.
|
|
|
|
|
TableName name;
|
|
|
|
|
/// Table column structure, retrieved once via the TablePlugin call API.
|
|
|
|
|
TableColumns columns;
|
|
|
|
|
/// Transient set of virtual table access constraints.
|
|
|
|
|
std::deque<ConstraintSet> constraints;
|
|
|
|
|
/// Index into the list of constraints.
|
|
|
|
|
sqlite3_vtab_cursor *constraints_cursor{nullptr};
|
|
|
|
|
size_t constraints_index{0};
|
|
|
|
|
/// Last term successfully parsed by xBestIndex.
|
|
|
|
|
int current_term{-1};
|
|
|
|
|
};
|
|
|
|
|
|
2014-12-03 16:29:36 +00:00
|
|
|
/**
|
|
|
|
|
* @brief osquery cursor object.
|
|
|
|
|
*
|
|
|
|
|
* Only used in the SQLite virtual table module methods.
|
|
|
|
|
*/
|
2015-01-30 18:44:25 +00:00
|
|
|
struct BaseCursor {
|
2014-12-03 04:36:46 +00:00
|
|
|
/// SQLite virtual table cursor.
|
|
|
|
|
sqlite3_vtab_cursor base;
|
2015-11-20 19:03:57 +00:00
|
|
|
/// Table data generated from last access.
|
2015-08-17 23:58:54 +00:00
|
|
|
QueryData data;
|
2015-11-20 19:03:57 +00:00
|
|
|
/// Current cursor position.
|
|
|
|
|
size_t row{0};
|
|
|
|
|
/// Total number of rows.
|
|
|
|
|
size_t n{0};
|
2015-01-30 18:44:25 +00:00
|
|
|
};
|
|
|
|
|
|
2014-12-03 16:29:36 +00:00
|
|
|
/**
|
|
|
|
|
* @brief osquery virtual table object
|
|
|
|
|
*
|
|
|
|
|
* Only used in the SQLite virtual table module methods.
|
|
|
|
|
* This adds each table plugin class to the state tracking in SQLite.
|
|
|
|
|
*/
|
2015-01-30 18:44:25 +00:00
|
|
|
struct VirtualTable {
|
2014-12-03 04:36:46 +00:00
|
|
|
sqlite3_vtab base;
|
2015-11-20 19:03:57 +00:00
|
|
|
VirtualTableContent *content{nullptr};
|
2014-12-03 04:36:46 +00:00
|
|
|
};
|
|
|
|
|
|
2015-02-23 05:56:52 +00:00
|
|
|
/// Attach a table plugin name to an in-memory SQLite database.
|
|
|
|
|
Status attachTableInternal(const std::string &name,
|
|
|
|
|
const std::string &statement,
|
|
|
|
|
sqlite3 *db);
|
2015-02-03 05:21:36 +00:00
|
|
|
|
2015-02-23 05:56:52 +00:00
|
|
|
/// Detach (drop) a table.
|
|
|
|
|
Status detachTableInternal(const std::string &name, sqlite3 *db);
|
|
|
|
|
|
|
|
|
|
/// Attach all table plugins to an in-memory SQLite database.
|
2014-12-03 04:36:46 +00:00
|
|
|
void attachVirtualTables(sqlite3 *db);
|
|
|
|
|
}
|
