2014-12-18 18:50:47 +00:00
|
|
|
/*
|
2016-02-11 19:48:58 +00:00
|
|
|
* Copyright (c) 2014-present, Facebook, Inc.
|
2014-12-18 18:50:47 +00:00
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
2015-05-12 06:31:13 +00:00
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
2014-12-18 18:50:47 +00:00
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-08-29 06:15:45 +00:00
|
|
|
|
|
|
|
|
#include <ctime>
|
2016-05-03 20:00:31 +00:00
|
|
|
|
2015-07-07 07:00:50 +00:00
|
|
|
#include <boost/algorithm/string/trim.hpp>
|
2014-08-29 06:15:45 +00:00
|
|
|
|
2016-05-03 20:00:31 +00:00
|
|
|
#include <osquery/core.h>
|
|
|
|
|
#include <osquery/flags.h>
|
2016-07-07 22:16:28 +00:00
|
|
|
#include <osquery/system.h>
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/tables.h>
|
2014-08-29 06:15:45 +00:00
|
|
|
|
|
|
|
|
namespace osquery {
|
2016-05-03 20:00:31 +00:00
|
|
|
|
|
|
|
|
DECLARE_bool(utc);
|
|
|
|
|
|
2014-08-29 06:15:45 +00:00
|
|
|
namespace tables {
|
|
|
|
|
|
2014-11-26 00:28:10 +00:00
|
|
|
QueryData genTime(QueryContext& context) {
|
2014-08-29 06:15:45 +00:00
|
|
|
Row r;
|
2016-05-03 20:00:31 +00:00
|
|
|
// Request UNIX time (a wrapper around std::time).
|
|
|
|
|
auto local_time = std::time(nullptr);
|
|
|
|
|
auto osquery_time = getUnixTime();
|
|
|
|
|
auto osquery_timestamp = getAsciiTime();
|
|
|
|
|
|
|
|
|
|
// The concept of 'now' is configurable.
|
2016-07-11 16:45:57 +00:00
|
|
|
struct tm gmt;
|
|
|
|
|
gmtime_r(&local_time, &gmt);
|
|
|
|
|
|
|
|
|
|
struct tm now;
|
|
|
|
|
if (FLAGS_utc) {
|
|
|
|
|
now = gmt;
|
|
|
|
|
} else {
|
|
|
|
|
localtime_r(&local_time, &now);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
struct tm local;
|
|
|
|
|
localtime_r(&local_time, &local);
|
2015-07-07 07:00:50 +00:00
|
|
|
|
|
|
|
|
char weekday[10] = {0};
|
2016-07-11 16:45:57 +00:00
|
|
|
strftime(weekday, sizeof(weekday), "%A", &now);
|
2015-07-07 07:00:50 +00:00
|
|
|
|
2015-11-10 23:17:49 +00:00
|
|
|
char timezone[5] = {0};
|
2016-07-11 16:45:57 +00:00
|
|
|
strftime(timezone, sizeof(timezone), "%Z", &now);
|
2015-11-10 23:17:49 +00:00
|
|
|
|
2016-05-06 06:05:51 +00:00
|
|
|
char local_timezone[5] = {0};
|
2016-07-11 16:45:57 +00:00
|
|
|
strftime(local_timezone, sizeof(local_timezone), "%Z", &local);
|
2016-05-06 06:05:51 +00:00
|
|
|
|
2015-07-07 07:00:50 +00:00
|
|
|
char iso_8601[21] = {0};
|
2016-07-11 16:45:57 +00:00
|
|
|
strftime(iso_8601, sizeof(iso_8601), "%FT%TZ", &gmt);
|
2015-07-07 07:00:50 +00:00
|
|
|
|
2016-06-28 18:07:34 +00:00
|
|
|
r["weekday"] = SQL_TEXT(weekday);
|
2016-07-11 16:45:57 +00:00
|
|
|
r["year"] = INTEGER(now.tm_year + 1900);
|
|
|
|
|
r["month"] = INTEGER(now.tm_mon + 1);
|
|
|
|
|
r["day"] = INTEGER(now.tm_mday);
|
|
|
|
|
r["hour"] = INTEGER(now.tm_hour);
|
|
|
|
|
r["minutes"] = INTEGER(now.tm_min);
|
|
|
|
|
r["seconds"] = INTEGER(now.tm_sec);
|
2016-06-28 18:07:34 +00:00
|
|
|
r["timezone"] = SQL_TEXT(timezone);
|
2016-07-25 21:46:14 +00:00
|
|
|
if (r["timezone"].empty()) {
|
|
|
|
|
r["timezone"] = "UTC";
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-03 20:00:31 +00:00
|
|
|
r["local_time"] = INTEGER(local_time);
|
2016-06-28 18:07:34 +00:00
|
|
|
r["local_timezone"] = SQL_TEXT(local_timezone);
|
2016-07-25 21:46:14 +00:00
|
|
|
if (r["local_timezone"].empty()) {
|
|
|
|
|
r["local_timezone"] = "UTC";
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-06 06:05:51 +00:00
|
|
|
r["unix_time"] = INTEGER(osquery_time);
|
2016-06-28 18:07:34 +00:00
|
|
|
r["timestamp"] = SQL_TEXT(osquery_timestamp);
|
2016-05-06 06:05:51 +00:00
|
|
|
// Date time is provided in ISO 8601 format, then duplicated in iso_8601.
|
2016-06-28 18:07:34 +00:00
|
|
|
r["datetime"] = SQL_TEXT(iso_8601);
|
|
|
|
|
r["iso_8601"] = SQL_TEXT(iso_8601);
|
2015-07-07 07:00:50 +00:00
|
|
|
|
2014-08-29 06:15:45 +00:00
|
|
|
QueryData results;
|
2015-03-06 00:57:44 +00:00
|
|
|
results.push_back(r);
|
2014-08-29 06:15:45 +00:00
|
|
|
return results;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
