2014-07-31 00:35:19 +00:00
|
|
|
// Copyright 2004-present Facebook. All Rights Reserved.
|
|
|
|
|
2014-09-10 01:54:53 +00:00
|
|
|
#pragma once
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
#include <string>
|
|
|
|
#include <utility>
|
|
|
|
#include <vector>
|
|
|
|
|
|
|
|
#include <boost/property_tree/ptree.hpp>
|
|
|
|
|
2014-08-12 00:37:49 +00:00
|
|
|
#include <sqlite3.h>
|
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/config.h>
|
|
|
|
#include <osquery/core.h>
|
|
|
|
#include <osquery/database.h>
|
|
|
|
#include <osquery/filesystem.h>
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
namespace osquery {
|
|
|
|
namespace core {
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
// kTestQuery is a test query that can be executed against the database
|
|
|
|
// returned from createTestDB() to result in the dataset returned from
|
|
|
|
// getTestDBExpectedResults()
|
|
|
|
extern const std::string kTestQuery;
|
|
|
|
|
|
|
|
// createTestDB instantiates a sqlite3 struct and populates it with some test
|
|
|
|
// data
|
|
|
|
sqlite3* createTestDB();
|
|
|
|
|
|
|
|
// getTestDBExpectedResults returns the results of kTestQuery of the table that
|
|
|
|
// initially gets returned from createTestDB()
|
2014-09-21 21:27:09 +00:00
|
|
|
osquery::QueryData getTestDBExpectedResults();
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
// Starting with the dataset returned by createTestDB(), getTestDBResultStream
|
|
|
|
// returns a vector of std::pair's where pair.first is the query that would
|
|
|
|
// need to be performed on the dataset to make the results be pair.second
|
2014-10-28 00:39:34 +00:00
|
|
|
std::vector<std::pair<std::string, osquery::QueryData> >
|
|
|
|
getTestDBResultStream();
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
// getOsqueryScheduledQuery returns a test scheduled query which would normally
|
|
|
|
// be returned via the config
|
2014-09-15 18:09:33 +00:00
|
|
|
osquery::OsqueryScheduledQuery getOsqueryScheduledQuery();
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
// getSerializedRow() return an std::pair where pair->first is a string which
|
|
|
|
// should serialize to pair->second. Obviously, pair->second should deserialize
|
|
|
|
// to pair->first
|
2014-09-21 21:27:09 +00:00
|
|
|
std::pair<boost::property_tree::ptree, osquery::Row> getSerializedRow();
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
// getSerializedQueryData() return an std::pair where pair->first is a string
|
|
|
|
// which should serialize to pair->second. Obviously, pair->second should
|
|
|
|
// deserialize to pair->first
|
2014-09-21 21:27:09 +00:00
|
|
|
std::pair<boost::property_tree::ptree, osquery::QueryData>
|
2014-07-31 00:35:19 +00:00
|
|
|
getSerializedQueryData();
|
|
|
|
|
|
|
|
// getSerializedDiffResults() return an std::pair where pair->first is a string
|
|
|
|
// which should serialize to pair->second. Obviously, pair->second should
|
|
|
|
// deserialize to pair->first
|
2014-09-21 21:27:09 +00:00
|
|
|
std::pair<boost::property_tree::ptree, osquery::DiffResults>
|
2014-07-31 00:35:19 +00:00
|
|
|
getSerializedDiffResults();
|
|
|
|
|
2014-09-21 21:27:09 +00:00
|
|
|
std::pair<std::string, osquery::DiffResults> getSerializedDiffResultsJSON();
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
// getSerializedHistoricalQueryResults() return an std::pair where pair->first
|
|
|
|
// is a string which should serialize to pair->second. Obviously, pair->second
|
|
|
|
// should deserialize to pair->first
|
2014-09-21 21:27:09 +00:00
|
|
|
std::pair<boost::property_tree::ptree, osquery::HistoricalQueryResults>
|
2014-07-31 00:35:19 +00:00
|
|
|
getSerializedHistoricalQueryResults();
|
|
|
|
|
2014-09-21 21:27:09 +00:00
|
|
|
std::pair<std::string, osquery::HistoricalQueryResults>
|
2014-07-31 00:35:19 +00:00
|
|
|
getSerializedHistoricalQueryResultsJSON();
|
|
|
|
|
|
|
|
// getSerializedScheduledQueryLogItem() return an std::pair where pair->first
|
|
|
|
// is a string which should serialize to pair->second. Obviously, pair->second
|
|
|
|
// should deserialize to pair->first
|
2014-09-21 21:27:09 +00:00
|
|
|
std::pair<boost::property_tree::ptree, osquery::ScheduledQueryLogItem>
|
2014-07-31 00:35:19 +00:00
|
|
|
getSerializedScheduledQueryLogItem();
|
|
|
|
|
2014-09-21 21:27:09 +00:00
|
|
|
std::pair<std::string, osquery::ScheduledQueryLogItem>
|
2014-07-31 00:35:19 +00:00
|
|
|
getSerializedScheduledQueryLogItemJSON();
|
|
|
|
|
2014-08-17 08:44:22 +00:00
|
|
|
// generate content for a PEM-encoded certificate
|
|
|
|
std::string getCACertificateContent();
|
|
|
|
|
2014-08-02 03:46:22 +00:00
|
|
|
// generate the content that would be found in an /etc/hosts file
|
|
|
|
std::string getEtcHostsContent();
|
|
|
|
|
|
|
|
// generate the expected data that getEtcHostsContent() should parse into
|
2014-09-21 21:27:09 +00:00
|
|
|
osquery::QueryData getEtcHostsExpectedResults();
|
2014-08-02 03:46:22 +00:00
|
|
|
|
2014-08-04 21:12:06 +00:00
|
|
|
// the three items that you need to test osquery::core::splitString
|
|
|
|
struct SplitStringTestData {
|
|
|
|
std::string test_string;
|
2014-08-04 23:08:49 +00:00
|
|
|
std::string delim;
|
2014-08-04 21:12:06 +00:00
|
|
|
std::vector<std::string> test_vector;
|
|
|
|
};
|
|
|
|
|
|
|
|
// generate a set of test data to test osquery::core::splitString
|
|
|
|
std::vector<SplitStringTestData> generateSplitStringTestData();
|
2014-08-15 07:25:30 +00:00
|
|
|
}
|
|
|
|
}
|