osquery-1/osquery/filesystem/linux/proc.cpp

/*
 *  Copyright (c) 2014, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree. An additional grant 
 *  of patent rights can be found in the PATENTS file in the same directory.
 *
 */

#include <exception>

#include <unistd.h>

#include <boost/regex.hpp>
#include <boost/filesystem.hpp>

#include <glog/logging.h>

#include <osquery/filesystem.h>

namespace osquery {

const std::string kLinuxProcPath = "/proc";

Status procProcesses(std::vector<std::string>& processes) {
  boost::regex process_filter("\\d+");

  // Iterate over each process-like directory in proc.
  boost::filesystem::directory_iterator it(kLinuxProcPath), end;
  try {
    for (; it != end; ++it) {
      if (boost::filesystem::is_directory(it->status())) {
        boost::smatch what;
        if (boost::regex_match(
                it->path().leaf().string(), what, process_filter)) {
          processes.push_back(it->path().leaf().string());
        }
      }
    }
  } catch (boost::filesystem::filesystem_error& e) {
    VLOG(1) << "Exception iterating Linux processes " << e.what();
    return Status(1, e.what());
  }

  return Status(0, "OK");
}

Status procDescriptors(const std::string& process,
                       std::vector<std::string>& descriptors) {
  auto descriptors_path = kLinuxProcPath + "/" + process + "/fd";
  try {
    // Access to the process' /fd may be restricted.
    boost::filesystem::directory_iterator it(descriptors_path), end;
    for (; it != end; ++it) {
      descriptors.push_back(it->path().leaf().string());
    }
  } catch (boost::filesystem::filesystem_error& e) {
    return Status(1, "Cannot access descriptors for " + process);
  }

  return Status(0, "OK");
}

Status procReadDescriptor(const std::string& process,
                          const std::string& descriptor,
                          std::string& result) {
  auto link = kLinuxProcPath + "/" + process + "/fd/" + descriptor;
  auto path_max = pathconf(link.c_str(), _PC_PATH_MAX);
  auto result_path = (char*)malloc(path_max);

  memset(result_path, 0, path_max);
  auto size = readlink(link.c_str(), result_path, path_max);
  if (size >= 0) {
    result = std::string(result_path);
  }

  free(result_path);
  if (size >= 0) {
    return Status(0, "OK");
  } else {
    return Status(1, "Could not read path");
  }
}
}
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`/*`
			`* Copyright (c) 2014, Facebook, Inc.`
			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD-style license found in the`
			`* LICENSE file in the root directory of this source tree. An additional grant`
			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*`
			`*/`
Cleanup inode table implementations and unblacklist 2014-11-19 22:53:42 +00:00
			`#include <exception>`

			`#include <unistd.h>`

			`#include <boost/regex.hpp>`
			`#include <boost/filesystem.hpp>`

			`#include <glog/logging.h>`

Codemod to improve include search paths 2014-12-03 23:14:02 +00:00			`#include <osquery/filesystem.h>`
Cleanup inode table implementations and unblacklist 2014-11-19 22:53:42 +00:00
			`namespace osquery {`

			`const std::string kLinuxProcPath = "/proc";`

			`Status procProcesses(std::vector<std::string>& processes) {`
			`boost::regex process_filter("\\d+");`

			`// Iterate over each process-like directory in proc.`
			`boost::filesystem::directory_iterator it(kLinuxProcPath), end;`
			`try {`
			`for (; it != end; ++it) {`
			`if (boost::filesystem::is_directory(it->status())) {`
			`boost::smatch what;`
			`if (boost::regex_match(`
			`it->path().leaf().string(), what, process_filter)) {`
			`processes.push_back(it->path().leaf().string());`
			`}`
			`}`
			`}`
			`} catch (boost::filesystem::filesystem_error& e) {`
			`VLOG(1) << "Exception iterating Linux processes " << e.what();`
			`return Status(1, e.what());`
			`}`

			`return Status(0, "OK");`
			`}`

			`Status procDescriptors(const std::string& process,`
			`std::vector<std::string>& descriptors) {`
			`auto descriptors_path = kLinuxProcPath + "/" + process + "/fd";`
			`try {`
			`// Access to the process' /fd may be restricted.`
			`boost::filesystem::directory_iterator it(descriptors_path), end;`
			`for (; it != end; ++it) {`
			`descriptors.push_back(it->path().leaf().string());`
			`}`
			`} catch (boost::filesystem::filesystem_error& e) {`
			`return Status(1, "Cannot access descriptors for " + process);`
			`}`

			`return Status(0, "OK");`
			`}`

			`Status procReadDescriptor(const std::string& process,`
			`const std::string& descriptor,`
			`std::string& result) {`
			`auto link = kLinuxProcPath + "/" + process + "/fd/" + descriptor;`
			`auto path_max = pathconf(link.c_str(), _PC_PATH_MAX);`
			`auto result_path = (char*)malloc(path_max);`

			`memset(result_path, 0, path_max);`
			`auto size = readlink(link.c_str(), result_path, path_max);`
			`if (size >= 0) {`
			`result = std::string(result_path);`
			`}`

			`free(result_path);`
			`if (size >= 0) {`
			`return Status(0, "OK");`
			`} else {`
			`return Status(1, "Could not read path");`
			`}`
			`}`
			`}`