osquery-1/include/osquery/core.h

// Copyright 2004-present Facebook. All Rights Reserved.

#pragma once

#include <string>
#include <vector>

#include <sqlite3.h>

#include <boost/filesystem.hpp>

#include "osquery/database/results.h"

namespace osquery {

/**
 * @brief The version of osquery
 */
extern const std::string kVersion;
/// Use a macro for the version literal, set the kVersion symbol in the library.
#ifndef STR
#define STR_OF(x) #x
#define STR(x) STR_OF(x)
#endif
#define OSQUERY_VERSION STR(OSQUERY_BUILD_VERSION)

/**
 * @brief A helpful tool type to report when logging, print help, or debugging.
 */
enum osqueryTool {
  OSQUERY_TOOL_SHELL,
  OSQUERY_TOOL_DAEMON,
  OSQUERY_TOOL_TEST,
};

/**
 * @brief Execute a query
 *
 * This is a lower-level version of osquery::SQL. Prefer to use osquery::SQL.
 *
 * @code{.cpp}
 *   std::string q = "SELECT * FROM time;";
 *   int i = 0;
 *   auto qd = query(q, i);
 *   if (i == 0) {
 *     for (const auto& each : qd) {
 *       for (const auto& it : each) {
 *         LOG(INFO) << it.first << ": " << it.second;
 *       }
 *     }
 *   } else {
 *     LOG(ERROR) << "Error: " << i;
 *   }
 * @endcode
 *
 * @param q the query to execute
 * @param error_return an int indicating the success or failure of the query
 *
 * @return the results of the query
 */
osquery::QueryData query(const std::string& q, int& error_return);

/**
 * @brief Execute a query on a specific database
 *
 * If you need to use a different database, other than the osquery default,
 * use this method and pass along a pointer to a SQLite3 database. This is
 * useful for testing.
 *
 * @param q the query to execute
 * @param error_return an int indicating the success or failure of the query
 * @param db the SQLite3 database the execute query q against
 *
 * @return the results of the query
 */
osquery::QueryData query(const std::string& q, int& error_return, sqlite3* db);

/**
 * @brief Return a fully configured sqlite3 database object
 *
 * An osquery database is basically just a SQLite3 database with several
 * virtual tables attached. This method is the main abstraction for creating
 * SQLite3 databases within osquery.
 *
 * @return a SQLite3 database with all virtual tables attached
 */
sqlite3* createDB();

/**
 * @brief Sets up various aspects of osquery execution state.
 *
 * osquery needs a few things to happen as soon as the executable begins
 * executing. initOsquery takes care of setting up the relevant parameters.
 * initOsquery should be called in an executable's `main()` function.
 *
 * @param argc the number of elements in argv
 * @param argv the command-line arguments passed to `main()`
 */
void initOsquery(int argc, char* argv[], int tool = OSQUERY_TOOL_TEST);

/**
 * @brief Split a given string based on an optional deliminator.
 *
 * If no deliminator is supplied, the string will be split based on whitespace.
 *
 * @param s the string that you'd like to split
 * @param delim the delimiter which you'd like to split the string by
 *
 * @return a vector of strings which represent the split string that you
 * passed as the s parameter.
 */
std::vector<std::string> split(const std::string& s,
                               const std::string& delim = "\t ");

/**
 * @brief Getter for a host's current hostname
 *
 * @return a string representing the host's current hostname
 */
std::string getHostname();

/**
 * @brief generate a uuid to uniquely identify this machine
 *
 * @return uuid string to identify this machine
 */
std::string generateHostUuid();

/**
 * @brief Getter for the current time, in a human-readable format.
 *
 * @return the current date/time in the format: "Wed Sep 21 10:27:52 2011"
 */
std::string getAsciiTime();

/**
 * @brief Getter for the current unix time.
 *
 * @return an int representing the amount of seconds since the unix epoch
 */
int getUnixTime();

/**
 * @brief Return a vector of all home directories on the system
 *
 * @return a vector of strings representing the path of all home directories
 */
std::vector<boost::filesystem::path> getHomeDirectories();
}

/**
 * @brief Inline helper function for use with utf8StringSize
 */
template <typename _Iterator1, typename _Iterator2>
inline size_t incUtf8StringIterator(_Iterator1& it, const _Iterator2& last) {
  if (it == last)
    return 0;
  unsigned char c;
  size_t res = 1;
  for (++it; last != it; ++it, ++res) {
    c = *it;
    if (!(c & 0x80) || ((c & 0xC0) == 0xC0))
      break;
  }

  return res;
}

/**
 * @brief Get the length of a UTF-8 string
 *
 * @param str The UTF-8 string
 *
 * @return the length of the string
 */
inline size_t utf8StringSize(const std::string& str) {
  size_t res = 0;
  std::string::const_iterator it = str.begin();
  for (; it != str.end(); incUtf8StringIterator(it, str.end()))
    res++;

  return res;
}
Initial commit 2014-07-31 00:35:19 +00:00			`// Copyright 2004-present Facebook. All Rights Reserved.`

using '#pragma once' instead of '#ifndef HEADER' let's start using #pragma once for our headers. it's less lines of code, clang supports it, headers become more movable, etc. it's all around a better plan. 2014-09-10 01:54:53 +00:00			`#pragma once`
Initial commit 2014-07-31 00:35:19 +00:00
			`#include <string>`
			`#include <vector>`

moving sqlite to third-party 2014-08-12 00:37:49 +00:00			`#include <sqlite3.h>`

generic users function and some general cleanups 2014-11-04 19:39:15 +00:00			`#include <boost/filesystem.hpp>`

cleaning up some memory leak supps 2014-10-10 05:06:45 +00:00			`#include "osquery/database/results.h"`
Initial commit 2014-07-31 00:35:19 +00:00
Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`namespace osquery {`
Initial commit 2014-07-31 00:35:19 +00:00
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief The version of osquery`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
			`extern const std::string kVersion;`
Changing flag infra, reducing config testing, adding debug macro 2014-10-27 16:34:13 +00:00			`/// Use a macro for the version literal, set the kVersion symbol in the library.`
Rethinking some build improvements 2014-11-09 00:55:19 +00:00			`#ifndef STR`
Refector shell flags/versioning 2014-11-09 04:27:28 +00:00			`#define STR_OF(x) #x`
			`#define STR(x) STR_OF(x)`
Rethinking some build improvements 2014-11-09 00:55:19 +00:00			`#endif`
			`#define OSQUERY_VERSION STR(OSQUERY_BUILD_VERSION)`
comments for core.h 2014-09-15 19:23:07 +00:00
Refector shell flags/versioning 2014-11-09 04:27:28 +00:00			`/**`
			`* @brief A helpful tool type to report when logging, print help, or debugging.`
			`*/`
Remove Threads requirement, cleanup flags 2014-11-09 04:57:16 +00:00			`enum osqueryTool {`
			`OSQUERY_TOOL_SHELL,`
			`OSQUERY_TOOL_DAEMON,`
			`OSQUERY_TOOL_TEST,`
Refector shell flags/versioning 2014-11-09 04:27:28 +00:00			`};`

Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief Execute a query`
			`*`
Migrating internal usage of osquery::query to osquery::SQL 2014-09-26 07:34:56 +00:00			`* This is a lower-level version of osquery::SQL. Prefer to use osquery::SQL.`
			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @code{.cpp}`
			`* std::string q = "SELECT * FROM time;";`
			`* int i = 0;`
			`* auto qd = query(q, i);`
			`* if (i == 0) {`
			`* for (const auto& each : qd) {`
			`* for (const auto& it : each) {`
			`* LOG(INFO) << it.first << ": " << it.second;`
			`* }`
			`* }`
			`* } else {`
			`* LOG(ERROR) << "Error: " << i;`
			`* }`
			`* @endcode`
			`*`
			`* @param q the query to execute`
			`* @param error_return an int indicating the success or failure of the query`
			`*`
			`* @return the results of the query`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
Removing the osquery::db namespace 2014-09-21 21:27:09 +00:00			`osquery::QueryData query(const std::string& q, int& error_return);`
comments for core.h 2014-09-15 19:23:07 +00:00
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief Execute a query on a specific database`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* If you need to use a different database, other than the osquery default,`
			`* use this method and pass along a pointer to a SQLite3 database. This is`
			`* useful for testing.`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @param q the query to execute`
			`* @param error_return an int indicating the success or failure of the query`
			`* @param db the SQLite3 database the execute query q against`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @return the results of the query`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
Periodic clang-format 2014-09-21 21:29:28 +00:00			`osquery::QueryData query(const std::string& q, int& error_return, sqlite3* db);`
Initial commit 2014-07-31 00:35:19 +00:00
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief Return a fully configured sqlite3 database object`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* An osquery database is basically just a SQLite3 database with several`
			`* virtual tables attached. This method is the main abstraction for creating`
			`* SQLite3 databases within osquery.`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @return a SQLite3 database with all virtual tables attached`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
clang-format 2014-09-16 07:36:49 +00:00			`sqlite3* createDB();`
Doxyfile, for docs 2014-09-13 21:28:45 +00:00
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief Sets up various aspects of osquery execution state.`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* osquery needs a few things to happen as soon as the executable begins`
			`* executing. initOsquery takes care of setting up the relevant parameters.`
			* initOsquery should be called in an executable's `main()` function.
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @param argc the number of elements in argv`
			* @param argv the command-line arguments passed to `main()`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
Refector shell flags/versioning 2014-11-09 04:27:28 +00:00			`void initOsquery(int argc, char* argv[], int tool = OSQUERY_TOOL_TEST);`
Initial commit 2014-07-31 00:35:19 +00:00
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief Split a given string based on an optional deliminator.`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* If no deliminator is supplied, the string will be split based on whitespace.`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @param s the string that you'd like to split`
			`* @param delim the delimiter which you'd like to split the string by`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @return a vector of strings which represent the split string that you`
			`* passed as the s parameter.`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
clang-format 2014-09-16 07:36:49 +00:00			`std::vector<std::string> split(const std::string& s,`
			`const std::string& delim = "\t ");`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief Getter for a host's current hostname`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @return a string representing the host's current hostname`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`std::string getHostname();`

Added --host_identifier option Conflicts: osquery/core/system.cpp 2014-11-04 02:08:13 +00:00			`/**`
			`* @brief generate a uuid to uniquely identify this machine`
			`*`
			`* @return uuid string to identify this machine`
			`*/`
			`std::string generateHostUuid();`

Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief Getter for the current time, in a human-readable format.`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @return the current date/time in the format: "Wed Sep 21 10:27:52 2011"`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`std::string getAsciiTime();`

Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`/**`
			`* @brief Getter for the current unix time.`
comments for core.h 2014-09-15 19:23:07 +00:00			`*`
Updating the format of doxygen comment blocks 2014-09-16 07:28:23 +00:00			`* @return an int representing the amount of seconds since the unix epoch`
comments for core.h 2014-09-15 19:23:07 +00:00			`*/`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`int getUnixTime();`
generic users function and some general cleanups 2014-11-04 19:39:15 +00:00
			`/**`
			`* @brief Return a vector of all home directories on the system`
			`*`
			`* @return a vector of strings representing the path of all home directories`
			`*/`
			`std::vector<boost::filesystem::path> getHomeDirectories();`
Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`}`
implementation for #360 2014-11-12 21:51:14 +00:00
			`/**`
			`* @brief Inline helper function for use with utf8StringSize`
			`*/`
More control over logging 2014-11-13 01:13:15 +00:00			`template <typename _Iterator1, typename _Iterator2>`
implementation for #360 2014-11-12 21:51:14 +00:00			`inline size_t incUtf8StringIterator(_Iterator1& it, const _Iterator2& last) {`
More control over logging 2014-11-13 01:13:15 +00:00			`if (it == last)`
			`return 0;`
implementation for #360 2014-11-12 21:51:14 +00:00			`unsigned char c;`
			`size_t res = 1;`
More control over logging 2014-11-13 01:13:15 +00:00			`for (++it; last != it; ++it, ++res) {`
implementation for #360 2014-11-12 21:51:14 +00:00			`c = *it;`
More control over logging 2014-11-13 01:13:15 +00:00			`if (!(c & 0x80) \|\| ((c & 0xC0) == 0xC0))`
			`break;`
implementation for #360 2014-11-12 21:51:14 +00:00			`}`

			`return res;`
			`}`

			`/**`
			`* @brief Get the length of a UTF-8 string`
			`*`
			`* @param str The UTF-8 string`
			`*`
			`* @return the length of the string`
			`*/`
More control over logging 2014-11-13 01:13:15 +00:00			`inline size_t utf8StringSize(const std::string& str) {`
implementation for #360 2014-11-12 21:51:14 +00:00			`size_t res = 0;`
			`std::string::const_iterator it = str.begin();`
More control over logging 2014-11-13 01:13:15 +00:00			`for (; it != str.end(); incUtf8StringIterator(it, str.end()))`
implementation for #360 2014-11-12 21:51:14 +00:00			`res++;`

			`return res;`
			`}`