osquery-1/osquery/tables/utility/time.cpp

/*
 *  Copyright (c) 2014-present, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree. An additional grant
 *  of patent rights can be found in the PATENTS file in the same directory.
 *
 */

#include <ctime>

#include <boost/algorithm/string/trim.hpp>

#include <osquery/core.h>
#include <osquery/flags.h>
#include <osquery/tables.h>

namespace osquery {

DECLARE_bool(utc);

namespace tables {

QueryData genTime(QueryContext& context) {
  Row r;
  // Request UNIX time (a wrapper around std::time).
  auto local_time = std::time(nullptr);
  auto osquery_time = getUnixTime();
  auto osquery_timestamp = getAsciiTime();

  // The concept of 'now' is configurable.
  struct tm* gmt = std::gmtime(&local_time);
  struct tm* now = (FLAGS_utc) ? gmt : std::localtime(&local_time);

  char weekday[10] = {0};
  strftime(weekday, sizeof(weekday), "%A", now);

  char timezone[5] = {0};
  strftime(timezone, sizeof(timezone), "%Z", now);

  char iso_8601[21] = {0};
  strftime(iso_8601, sizeof(iso_8601), "%FT%TZ", gmt);

  r["weekday"] = TEXT(weekday);
  r["year"] = INTEGER(now->tm_year + 1900);
  r["month"] = INTEGER(now->tm_mon + 1);
  r["day"] = INTEGER(now->tm_mday);
  r["hour"] = INTEGER(now->tm_hour);
  r["minutes"] = INTEGER(now->tm_min);
  r["seconds"] = INTEGER(now->tm_sec);
  r["timezone"] = TEXT(timezone);
  r["unix_time"] = INTEGER(osquery_time);
  r["local_time"] = INTEGER(local_time);
  r["timestamp"] = TEXT(osquery_timestamp);
  r["iso_8601"] = TEXT(iso_8601);

  QueryData results;
  results.push_back(r);
  return results;
}
}
}
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`/*`
[osquery] Update copyright headers to new format. 2016-02-11 19:48:58 +00:00			`* Copyright (c) 2014-present, Facebook, Inc.`
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD-style license found in the`
Removing trailing whitespace 2015-05-12 06:31:13 +00:00			`* LICENSE file in the root directory of this source tree. An additional grant`
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*`
			`*/`
new time virtual table. it's pretty useful to have a light weight table that doesn't leak at all which returns data that's always changing. 2014-08-29 06:15:45 +00:00
			`#include <ctime>`
Introduce --utc flag to convert all calendar UNIX times to UTC (#2064) Beginning in version 1.8.0 all time uses will converge on an osquery-provided getUnixTime() API call that returns, by default, UNIX time integers converted to UTC/GMT. The 'time' table will respond with the parsed time for the configuration. If the timezone is not UTC then osquery is using localtime. This configuration option will affect the 'unix_time' response in the 'time' table. Because of this configurable-effect the table is extended to include 'local_time' which is always the system local UNIX time. 2016-05-03 20:00:31 +00:00
Add date information to time table The fix also includes the time in ISO 8601 format as well as the format returned by C++'s asctime(). See #1297. 2015-07-07 07:00:50 +00:00			`#include <boost/algorithm/string/trim.hpp>`
new time virtual table. it's pretty useful to have a light weight table that doesn't leak at all which returns data that's always changing. 2014-08-29 06:15:45 +00:00
Introduce --utc flag to convert all calendar UNIX times to UTC (#2064) Beginning in version 1.8.0 all time uses will converge on an osquery-provided getUnixTime() API call that returns, by default, UNIX time integers converted to UTC/GMT. The 'time' table will respond with the parsed time for the configuration. If the timezone is not UTC then osquery is using localtime. This configuration option will affect the 'unix_time' response in the 'time' table. Because of this configurable-effect the table is extended to include 'local_time' which is always the system local UNIX time. 2016-05-03 20:00:31 +00:00			`#include <osquery/core.h>`
			`#include <osquery/flags.h>`
Codemod to improve include search paths 2014-12-03 23:14:02 +00:00			`#include <osquery/tables.h>`
new time virtual table. it's pretty useful to have a light weight table that doesn't leak at all which returns data that's always changing. 2014-08-29 06:15:45 +00:00
			`namespace osquery {`
Introduce --utc flag to convert all calendar UNIX times to UTC (#2064) Beginning in version 1.8.0 all time uses will converge on an osquery-provided getUnixTime() API call that returns, by default, UNIX time integers converted to UTC/GMT. The 'time' table will respond with the parsed time for the configuration. If the timezone is not UTC then osquery is using localtime. This configuration option will affect the 'unix_time' response in the 'time' table. Because of this configurable-effect the table is extended to include 'local_time' which is always the system local UNIX time. 2016-05-03 20:00:31 +00:00
			`DECLARE_bool(utc);`

new time virtual table. it's pretty useful to have a light weight table that doesn't leak at all which returns data that's always changing. 2014-08-29 06:15:45 +00:00			`namespace tables {`

Updating table generators to use QueryContext 2014-11-26 00:28:10 +00:00			`QueryData genTime(QueryContext& context) {`
new time virtual table. it's pretty useful to have a light weight table that doesn't leak at all which returns data that's always changing. 2014-08-29 06:15:45 +00:00			`Row r;`
Introduce --utc flag to convert all calendar UNIX times to UTC (#2064) Beginning in version 1.8.0 all time uses will converge on an osquery-provided getUnixTime() API call that returns, by default, UNIX time integers converted to UTC/GMT. The 'time' table will respond with the parsed time for the configuration. If the timezone is not UTC then osquery is using localtime. This configuration option will affect the 'unix_time' response in the 'time' table. Because of this configurable-effect the table is extended to include 'local_time' which is always the system local UNIX time. 2016-05-03 20:00:31 +00:00			`// Request UNIX time (a wrapper around std::time).`
			`auto local_time = std::time(nullptr);`
			`auto osquery_time = getUnixTime();`
			`auto osquery_timestamp = getAsciiTime();`

			`// The concept of 'now' is configurable.`
			`struct tm* gmt = std::gmtime(&local_time);`
			`struct tm* now = (FLAGS_utc) ? gmt : std::localtime(&local_time);`
Add date information to time table The fix also includes the time in ISO 8601 format as well as the format returned by C++'s asctime(). See #1297. 2015-07-07 07:00:50 +00:00
			`char weekday[10] = {0};`
			`strftime(weekday, sizeof(weekday), "%A", now);`

Add timezone field to time table 2015-11-10 23:17:49 +00:00			`char timezone[5] = {0};`
			`strftime(timezone, sizeof(timezone), "%Z", now);`

Add date information to time table The fix also includes the time in ISO 8601 format as well as the format returned by C++'s asctime(). See #1297. 2015-07-07 07:00:50 +00:00			`char iso_8601[21] = {0};`
			`strftime(iso_8601, sizeof(iso_8601), "%FT%TZ", gmt);`

			`r["weekday"] = TEXT(weekday);`
			`r["year"] = INTEGER(now->tm_year + 1900);`
			`r["month"] = INTEGER(now->tm_mon + 1);`
			`r["day"] = INTEGER(now->tm_mday);`
Use INTEGER macro. This makes the code match the example at: https://github.com/facebook/osquery/wiki/creating-a-new-table 2014-11-17 18:30:46 +00:00			`r["hour"] = INTEGER(now->tm_hour);`
			`r["minutes"] = INTEGER(now->tm_min);`
			`r["seconds"] = INTEGER(now->tm_sec);`
Add timezone field to time table 2015-11-10 23:17:49 +00:00			`r["timezone"] = TEXT(timezone);`
Introduce --utc flag to convert all calendar UNIX times to UTC (#2064) Beginning in version 1.8.0 all time uses will converge on an osquery-provided getUnixTime() API call that returns, by default, UNIX time integers converted to UTC/GMT. The 'time' table will respond with the parsed time for the configuration. If the timezone is not UTC then osquery is using localtime. This configuration option will affect the 'unix_time' response in the 'time' table. Because of this configurable-effect the table is extended to include 'local_time' which is always the system local UNIX time. 2016-05-03 20:00:31 +00:00			`r["unix_time"] = INTEGER(osquery_time);`
			`r["local_time"] = INTEGER(local_time);`
			`r["timestamp"] = TEXT(osquery_timestamp);`
Add date information to time table The fix also includes the time in ISO 8601 format as well as the format returned by C++'s asctime(). See #1297. 2015-07-07 07:00:50 +00:00			`r["iso_8601"] = TEXT(iso_8601);`

new time virtual table. it's pretty useful to have a light weight table that doesn't leak at all which returns data that's always changing. 2014-08-29 06:15:45 +00:00			`QueryData results;`
Cleaned Up Time Table 2015-03-06 00:57:44 +00:00			`results.push_back(r);`
new time virtual table. it's pretty useful to have a light weight table that doesn't leak at all which returns data that's always changing. 2014-08-29 06:15:45 +00:00			`return results;`
			`}`
			`}`
			`}`