osquery-1/osquery/filesystem/filesystem.cpp

// Copyright 2004-present Facebook. All Rights Reserved.

#include "osquery/filesystem.h"

#include <fstream>
#include <sstream>

#include <boost/filesystem/operations.hpp>
#include <boost/filesystem/path.hpp>

#include <boost/property_tree/ptree.hpp>
#include <boost/property_tree/xml_parser.hpp>

#include <gflags/gflags.h>
#include <glog/logging.h>

using osquery::Status;

namespace pt = boost::property_tree;

namespace osquery {

Status readFile(const std::string& path, std::string& content) {
  if (!boost::filesystem::exists(path)) {
    return Status(1, "File not found");
  }

  int statusCode = 0;
  std::string statusMessage = "OK";
  char* buffer;

  std::ifstream file_h(path);
  if (file_h) {
    file_h.seekg(0, file_h.end);
    int len = file_h.tellg();
    file_h.seekg(0, file_h.beg);
    buffer = new char[len];
    file_h.read(buffer, len);
    if (!file_h) {
      statusCode = 1;
      statusMessage = "Could not read file";
      goto cleanup_buffer;
    }
    content.assign(buffer, len);
  } else {
    statusCode = 1;
    statusMessage = "Could not open file for reading";
    goto cleanup;
  }

cleanup_buffer:
  delete[] buffer;
cleanup:
  if (file_h) {
    file_h.close();
  }
  return Status(statusCode, statusMessage);
}

Status pathExists(const std::string& path) {
  if (path.length() == 0) {
    return Status(0, "-1");
  }

  // A tri-state determination of presence
  if (!boost::filesystem::exists(path)) {
    return Status(0, "0");
  }
  return Status(0, "1");
}

Status listFilesInDirectory(const std::string& path,
                            std::vector<std::string>& results) {
  try {
    if (!boost::filesystem::exists(path)) {
      return Status(1, "Directory not found");
    }

    if (!boost::filesystem::is_directory(path)) {
      return Status(1, "Supplied path is not a directory");
    }

    boost::filesystem::directory_iterator begin_iter(path);
    boost::filesystem::directory_iterator end_iter;
    for (; begin_iter != end_iter; begin_iter++) {
      results.push_back(begin_iter->path().string());
    }

    return Status(0, "OK");
  } catch (const boost::filesystem::filesystem_error& e) {
    return Status(1, e.what());
  }
}

Status parseTomcatUserConfig(
    const std::string& content,
    std::vector<std::pair<std::string, std::string>>& credentials) {
  std::stringstream ss;
  ss << content;
  pt::ptree tree;
  try {
    pt::xml_parser::read_xml(ss, tree);
  } catch (const pt::xml_parser_error& e) {
    return Status(1, e.what());
  }
  try {
    for (const auto& i : tree.get_child("tomcat-users")) {
      if (i.first == "user") {
        try {
          std::pair<std::string, std::string> user;
          user.first = i.second.get<std::string>("<xmlattr>.username");
          user.second = i.second.get<std::string>("<xmlattr>.password");
          credentials.push_back(user);
        } catch (const std::exception& e) {
          LOG(ERROR)
              << "An error occured parsing the tomcat users xml: " << e.what();
          return Status(1, e.what());
        }
      }
    }
  } catch (const std::exception& e) {
    LOG(ERROR) << "An error occured while trying to access the tomcat-users"
               << " key in the XML content: " << e.what();
    return Status(1, e.what());
  }
  return Status(0, "OK");
}
}
readFile function 2014-08-04 18:06:45 +00:00			`// Copyright 2004-present Facebook. All Rights Reserved.`

			`#include "osquery/filesystem.h"`

			`#include <fstream>`
			`#include <sstream>`

			`#include <boost/filesystem/operations.hpp>`
			`#include <boost/filesystem/path.hpp>`

Adding a function to parse the Tomcat users XML file This is apart of a bigger, better virtual table idea that @carnal0wnage had. 2014-10-01 02:49:38 +00:00			`#include <boost/property_tree/ptree.hpp>`
			`#include <boost/property_tree/xml_parser.hpp>`

readFile function 2014-08-04 18:06:45 +00:00			`#include <gflags/gflags.h>`
			`#include <glog/logging.h>`

core/status to status and header cleanup 2014-08-05 23:13:55 +00:00			`using osquery::Status;`
readFile function 2014-08-04 18:06:45 +00:00
Adding a function to parse the Tomcat users XML file This is apart of a bigger, better virtual table idea that @carnal0wnage had. 2014-10-01 02:49:38 +00:00			`namespace pt = boost::property_tree;`

Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`namespace osquery {`
readFile function 2014-08-04 18:06:45 +00:00
			`Status readFile(const std::string& path, std::string& content) {`
			`if (!boost::filesystem::exists(path)) {`
			`return Status(1, "File not found");`
			`}`

Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`int statusCode = 0;`
			`std::string statusMessage = "OK";`
			`char* buffer;`

readFile function 2014-08-04 18:06:45 +00:00			`std::ifstream file_h(path);`
			`if (file_h) {`
Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`file_h.seekg(0, file_h.end);`
			`int len = file_h.tellg();`
			`file_h.seekg(0, file_h.beg);`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`buffer = new char[len];`
Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`file_h.read(buffer, len);`
			`if (!file_h) {`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`statusCode = 1;`
			`statusMessage = "Could not read file";`
			`goto cleanup_buffer;`
Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`}`
			`content.assign(buffer, len);`
readFile function 2014-08-04 18:06:45 +00:00			`} else {`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`statusCode = 1;`
			`statusMessage = "Could not open file for reading";`
			`goto cleanup;`
readFile function 2014-08-04 18:06:45 +00:00			`}`

Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`cleanup_buffer:`
more memory leak fixed 2014-08-26 23:27:33 +00:00			`delete[] buffer;`
Adding LaunchDaemon and flagfile to the repo/package 2014-08-21 21:35:51 +00:00			`cleanup:`
			`if (file_h) {`
			`file_h.close();`
			`}`
			`return Status(statusCode, statusMessage);`
readFile function 2014-08-04 18:06:45 +00:00			`}`

[vtables] Adding cmdline, path to Linux processes 2014-09-09 17:56:48 +00:00			`Status pathExists(const std::string& path) {`
			`if (path.length() == 0) {`
			`return Status(0, "-1");`
			`}`

			`// A tri-state determination of presence`
			`if (!boost::filesystem::exists(path)) {`
			`return Status(0, "0");`
			`}`
			`return Status(0, "1");`
			`}`

listFilesInDirectory 2014-08-14 23:27:20 +00:00			`Status listFilesInDirectory(const std::string& path,`
Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`std::vector<std::string>& results) {`
listFilesInDirectory 2014-08-14 23:27:20 +00:00			`try {`
			`if (!boost::filesystem::exists(path)) {`
			`return Status(1, "Directory not found");`
			`}`

			`if (!boost::filesystem::is_directory(path)) {`
			`return Status(1, "Supplied path is not a directory");`
			`}`

			`boost::filesystem::directory_iterator begin_iter(path);`
			`boost::filesystem::directory_iterator end_iter;`
			`for (; begin_iter != end_iter; begin_iter++) {`
			`results.push_back(begin_iter->path().string());`
			`}`

			`return Status(0, "OK");`
Periodic clang-format 2014-09-21 21:29:28 +00:00			`} catch (const boost::filesystem::filesystem_error& e) {`
listFilesInDirectory 2014-08-14 23:27:20 +00:00			`return Status(1, e.what());`
			`}`
			`}`
Adding a function to parse the Tomcat users XML file This is apart of a bigger, better virtual table idea that @carnal0wnage had. 2014-10-01 02:49:38 +00:00
			`Status parseTomcatUserConfig(`
			`const std::string& content,`
			`std::vector<std::pair<std::string, std::string>>& credentials) {`
			`std::stringstream ss;`
			`ss << content;`
			`pt::ptree tree;`
			`try {`
			`pt::xml_parser::read_xml(ss, tree);`
			`} catch (const pt::xml_parser_error& e) {`
			`return Status(1, e.what());`
			`}`
			`try {`
			`for (const auto& i : tree.get_child("tomcat-users")) {`
			`if (i.first == "user") {`
			`try {`
			`std::pair<std::string, std::string> user;`
			`user.first = i.second.get<std::string>("<xmlattr>.username");`
			`user.second = i.second.get<std::string>("<xmlattr>.password");`
			`credentials.push_back(user);`
			`} catch (const std::exception& e) {`
			`LOG(ERROR)`
			`<< "An error occured parsing the tomcat users xml: " << e.what();`
			`return Status(1, e.what());`
			`}`
			`}`
			`}`
			`} catch (const std::exception& e) {`
			`LOG(ERROR) << "An error occured while trying to access the tomcat-users"`
			`<< " key in the XML content: " << e.what();`
			`return Status(1, e.what());`
			`}`
			`return Status(0, "OK");`
			`}`
Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`}`