osquery-1/osquery/tables/utility/hash.cpp

73 lines
2.2 KiB
C++
Raw Normal View History

/*
* Copyright (c) 2014, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
2015-05-12 06:31:13 +00:00
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
2014-11-23 20:17:38 +00:00
2014-11-25 20:30:29 +00:00
#include <boost/filesystem.hpp>
#include <osquery/filesystem.h>
2015-01-20 22:05:01 +00:00
#include <osquery/hash.h>
#include <osquery/tables.h>
2014-11-23 20:17:38 +00:00
namespace fs = boost::filesystem;
2014-11-23 20:17:38 +00:00
namespace osquery {
namespace tables {
void genHashForFile(const std::string& path,
const std::string& dir,
QueryData& results) {
// Must provide the path, filename, directory separate from boost path->string
// helpers to match any explicit (query-parsed) predicate constraints.
Row r;
r["path"] = path;
r["directory"] = dir;
r["md5"] = osquery::hashFromFile(HASH_TYPE_MD5, path);
r["sha1"] = osquery::hashFromFile(HASH_TYPE_SHA1, path);
r["sha256"] = osquery::hashFromFile(HASH_TYPE_SHA256, path);
results.push_back(r);
}
QueryData genHash(QueryContext& context) {
2014-11-23 20:17:38 +00:00
QueryData results;
2014-11-25 20:30:29 +00:00
2015-07-09 05:37:35 +00:00
// The query must provide a predicate with constraints including path or
// directory. We search for the parsed predicate constraints with the equals
// operator.
auto paths = context.constraints["path"].getAll(EQUALS);
2014-11-25 20:30:29 +00:00
for (const auto& path_string : paths) {
boost::filesystem::path path = path_string;
if (!boost::filesystem::is_regular_file(path)) {
continue;
}
2015-01-20 22:05:01 +00:00
genHashForFile(path_string, path.parent_path().string(), results);
2014-11-25 20:30:29 +00:00
}
// Now loop through constraints using the directory column constraint.
auto directories = context.constraints["directory"].getAll(EQUALS);
2014-11-25 20:30:29 +00:00
for (const auto& directory_string : directories) {
boost::filesystem::path directory = directory_string;
if (!boost::filesystem::is_directory(directory)) {
continue;
}
// Iterate over the directory and generate a hash for each regular file.
boost::filesystem::directory_iterator begin(directory), end;
for (; begin != end; ++begin) {
if (boost::filesystem::is_regular_file(begin->status())) {
genHashForFile(begin->path().string(), directory_string, results);
2014-11-25 20:30:29 +00:00
}
}
}
2014-11-23 20:17:38 +00:00
return results;
}
}
}