2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
2015-01-22 21:57:14 +00:00
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
2014-12-18 18:50:47 +00:00
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-12-03 04:36:46 +00:00
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/logger.h>
|
2015-01-12 18:02:44 +00:00
|
|
|
|
2015-02-03 05:21:36 +00:00
|
|
|
#include "osquery/sql/virtual_table.h"
|
2014-12-03 04:36:46 +00:00
|
|
|
|
|
|
|
|
namespace osquery {
|
|
|
|
|
namespace tables {
|
|
|
|
|
|
2014-12-03 05:02:50 +00:00
|
|
|
int xOpen(sqlite3_vtab *pVTab, sqlite3_vtab_cursor **ppCursor) {
|
|
|
|
|
int rc = SQLITE_NOMEM;
|
2015-08-17 23:58:54 +00:00
|
|
|
BaseCursor *pCur = new BaseCursor;
|
2014-12-03 05:02:50 +00:00
|
|
|
|
|
|
|
|
if (pCur) {
|
2015-01-30 18:44:25 +00:00
|
|
|
memset(pCur, 0, sizeof(BaseCursor));
|
2014-12-03 05:02:50 +00:00
|
|
|
*ppCursor = (sqlite3_vtab_cursor *)pCur;
|
|
|
|
|
rc = SQLITE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int xClose(sqlite3_vtab_cursor *cur) {
|
2015-01-30 18:44:25 +00:00
|
|
|
BaseCursor *pCur = (BaseCursor *)cur;
|
2014-12-03 05:02:50 +00:00
|
|
|
|
|
|
|
|
delete pCur;
|
|
|
|
|
return SQLITE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-03 16:29:36 +00:00
|
|
|
int xEof(sqlite3_vtab_cursor *cur) {
|
2015-01-30 18:44:25 +00:00
|
|
|
BaseCursor *pCur = (BaseCursor *)cur;
|
|
|
|
|
auto *pVtab = (VirtualTable *)cur->pVtab;
|
2015-08-17 23:58:54 +00:00
|
|
|
|
|
|
|
|
if (pCur->row >= pVtab->content->n) {
|
|
|
|
|
// If the requested row exceeds the size of the row set then all rows
|
|
|
|
|
// have been visited, clear the data container.
|
2015-08-18 08:35:10 +00:00
|
|
|
QueryData().swap(pVtab->content->data);
|
2015-08-17 23:58:54 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2014-12-03 16:29:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int xDestroy(sqlite3_vtab *p) {
|
2015-01-30 18:44:25 +00:00
|
|
|
auto *pVtab = (VirtualTable *)p;
|
|
|
|
|
delete pVtab->content;
|
2014-12-03 16:29:36 +00:00
|
|
|
delete pVtab;
|
|
|
|
|
return SQLITE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-03 05:02:50 +00:00
|
|
|
int xNext(sqlite3_vtab_cursor *cur) {
|
2015-01-30 18:44:25 +00:00
|
|
|
BaseCursor *pCur = (BaseCursor *)cur;
|
2014-12-03 05:02:50 +00:00
|
|
|
pCur->row++;
|
|
|
|
|
return SQLITE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int xRowid(sqlite3_vtab_cursor *cur, sqlite_int64 *pRowid) {
|
2015-08-17 23:58:54 +00:00
|
|
|
const BaseCursor *pCur = (BaseCursor *)cur;
|
2014-12-03 05:02:50 +00:00
|
|
|
*pRowid = pCur->row;
|
|
|
|
|
return SQLITE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-30 18:44:25 +00:00
|
|
|
int xCreate(sqlite3 *db,
|
|
|
|
|
void *pAux,
|
|
|
|
|
int argc,
|
|
|
|
|
const char *const *argv,
|
|
|
|
|
sqlite3_vtab **ppVtab,
|
|
|
|
|
char **pzErr) {
|
|
|
|
|
auto *pVtab = new VirtualTable;
|
|
|
|
|
|
|
|
|
|
if (!pVtab || argc == 0 || argv[0] == nullptr) {
|
2015-11-01 05:20:23 +00:00
|
|
|
delete pVtab;
|
|
|
|
|
return SQLITE_NOMEM;
|
2015-01-30 18:44:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(pVtab, 0, sizeof(VirtualTable));
|
|
|
|
|
pVtab->content = new VirtualTableContent;
|
|
|
|
|
|
|
|
|
|
PluginResponse response;
|
|
|
|
|
pVtab->content->name = std::string(argv[0]);
|
2015-02-23 05:56:52 +00:00
|
|
|
|
|
|
|
|
// Get the table column information.
|
2015-01-31 08:25:51 +00:00
|
|
|
auto status = Registry::call(
|
2015-02-23 05:56:52 +00:00
|
|
|
"table", pVtab->content->name, {{"action", "columns"}}, response);
|
2015-01-31 01:52:14 +00:00
|
|
|
if (!status.ok() || response.size() == 0) {
|
2015-11-01 05:20:23 +00:00
|
|
|
delete pVtab->content;
|
|
|
|
|
delete pVtab;
|
|
|
|
|
return SQLITE_ERROR;
|
2015-01-31 01:52:14 +00:00
|
|
|
}
|
|
|
|
|
|
2015-02-23 05:56:52 +00:00
|
|
|
auto statement =
|
|
|
|
|
"CREATE TABLE " + pVtab->content->name + columnDefinition(response);
|
|
|
|
|
int rc = sqlite3_declare_vtab(db, statement.c_str());
|
2015-11-01 05:20:23 +00:00
|
|
|
if (rc != SQLITE_OK || !status.ok() || response.size() == 0) {
|
|
|
|
|
delete pVtab->content;
|
|
|
|
|
delete pVtab;
|
|
|
|
|
return (rc != SQLITE_OK) ? rc : SQLITE_ERROR;
|
2015-01-31 01:52:14 +00:00
|
|
|
}
|
|
|
|
|
|
2015-01-30 18:44:25 +00:00
|
|
|
for (const auto &column : response) {
|
|
|
|
|
pVtab->content->columns.push_back(
|
2015-11-09 09:19:45 +00:00
|
|
|
std::make_pair(column.at("name"), columnTypeName(column.at("type"))));
|
2015-01-30 18:44:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*ppVtab = (sqlite3_vtab *)pVtab;
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int xColumn(sqlite3_vtab_cursor *cur, sqlite3_context *ctx, int col) {
|
2015-08-17 23:58:54 +00:00
|
|
|
const BaseCursor *pCur = (BaseCursor *)cur;
|
|
|
|
|
const auto *pVtab = (VirtualTable *)cur->pVtab;
|
2015-01-30 18:44:25 +00:00
|
|
|
|
2015-11-01 05:20:23 +00:00
|
|
|
if (col >= static_cast<int>(pVtab->content->columns.size())) {
|
2015-08-17 23:58:54 +00:00
|
|
|
// Requested column index greater than column set size.
|
2015-01-30 18:44:25 +00:00
|
|
|
return SQLITE_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-16 16:04:33 +00:00
|
|
|
const auto &column_name = pVtab->content->columns[col].first;
|
|
|
|
|
const auto &type = pVtab->content->columns[col].second;
|
2015-08-17 23:58:54 +00:00
|
|
|
if (pCur->row >= pVtab->content->data.size()) {
|
|
|
|
|
// Request row index greater than row set size.
|
2015-01-30 18:44:25 +00:00
|
|
|
return SQLITE_ERROR;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-09 05:37:35 +00:00
|
|
|
// Attempt to cast each xFilter-populated row/column to the SQLite type.
|
2015-08-17 23:58:54 +00:00
|
|
|
const auto &value = pVtab->content->data[pCur->row][column_name];
|
2015-11-09 09:19:45 +00:00
|
|
|
if (type == TEXT_TYPE) {
|
2015-07-15 02:09:55 +00:00
|
|
|
sqlite3_result_text(ctx, value.c_str(), value.size(), SQLITE_STATIC);
|
2015-11-09 09:19:45 +00:00
|
|
|
} else if (type == INTEGER_TYPE) {
|
2015-11-01 09:12:48 +00:00
|
|
|
long afinite;
|
|
|
|
|
if (!safeStrtol(value, 10, afinite) || afinite < INT_MIN ||
|
|
|
|
|
afinite > INT_MAX) {
|
2015-02-11 22:27:19 +00:00
|
|
|
VLOG(1) << "Error casting " << column_name << " (" << value
|
|
|
|
|
<< ") to INTEGER";
|
2015-11-01 09:12:48 +00:00
|
|
|
afinite = -1;
|
2015-01-30 18:44:25 +00:00
|
|
|
}
|
2015-08-14 01:04:03 +00:00
|
|
|
sqlite3_result_int(ctx, (int)afinite);
|
2015-11-09 09:19:45 +00:00
|
|
|
} else if (type == BIGINT_TYPE || UNSIGNED_BIGINT_TYPE) {
|
2015-11-01 09:12:48 +00:00
|
|
|
long long afinite;
|
|
|
|
|
if (!safeStrtoll(value, 10, afinite)) {
|
2015-02-11 22:27:19 +00:00
|
|
|
VLOG(1) << "Error casting " << column_name << " (" << value
|
|
|
|
|
<< ") to BIGINT";
|
2015-11-01 09:12:48 +00:00
|
|
|
afinite = -1;
|
2015-01-30 18:44:25 +00:00
|
|
|
}
|
|
|
|
|
sqlite3_result_int64(ctx, afinite);
|
2015-11-09 09:19:45 +00:00
|
|
|
} else if (type == DOUBLE_TYPE) {
|
2015-08-14 01:04:03 +00:00
|
|
|
char *end = nullptr;
|
|
|
|
|
double afinite = strtod(value.c_str(), &end);
|
|
|
|
|
if (end == nullptr || end == value.c_str() || *end != '\0') {
|
2015-06-22 07:55:17 +00:00
|
|
|
afinite = 0;
|
2015-08-18 08:35:10 +00:00
|
|
|
VLOG(1) << "Error casting " << column_name << " (" << value
|
2015-06-22 07:55:17 +00:00
|
|
|
<< ") to DOUBLE";
|
|
|
|
|
}
|
|
|
|
|
sqlite3_result_double(ctx, afinite);
|
2015-01-30 18:44:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return SQLITE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int xBestIndex(sqlite3_vtab *tab, sqlite3_index_info *pIdxInfo) {
|
|
|
|
|
auto *pVtab = (VirtualTable *)tab;
|
2015-08-18 08:35:10 +00:00
|
|
|
ConstraintSet().swap(pVtab->content->constraints);
|
2015-01-30 18:44:25 +00:00
|
|
|
|
|
|
|
|
int expr_index = 0;
|
|
|
|
|
int cost = 0;
|
2015-11-01 05:20:23 +00:00
|
|
|
if (pIdxInfo->nConstraint > 0) {
|
|
|
|
|
for (size_t i = 0; i < static_cast<size_t>(pIdxInfo->nConstraint); ++i) {
|
|
|
|
|
if (!pIdxInfo->aConstraint[i].usable) {
|
|
|
|
|
// A higher cost less priority, prefer more usable query constraints.
|
|
|
|
|
cost += 10;
|
|
|
|
|
// TODO: OR is not usable.
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const auto &name =
|
|
|
|
|
pVtab->content->columns[pIdxInfo->aConstraint[i].iColumn].first;
|
|
|
|
|
pVtab->content->constraints.push_back(
|
|
|
|
|
std::make_pair(name, Constraint(pIdxInfo->aConstraint[i].op)));
|
|
|
|
|
pIdxInfo->aConstraintUsage[i].argvIndex = ++expr_index;
|
2014-12-03 04:36:46 +00:00
|
|
|
}
|
2015-01-30 18:44:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pIdxInfo->estimatedCost = cost;
|
|
|
|
|
return SQLITE_OK;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int xFilter(sqlite3_vtab_cursor *pVtabCursor,
|
|
|
|
|
int idxNum,
|
|
|
|
|
const char *idxStr,
|
|
|
|
|
int argc,
|
|
|
|
|
sqlite3_value **argv) {
|
|
|
|
|
BaseCursor *pCur = (BaseCursor *)pVtabCursor;
|
|
|
|
|
auto *pVtab = (VirtualTable *)pVtabCursor->pVtab;
|
|
|
|
|
|
|
|
|
|
pCur->row = 0;
|
|
|
|
|
pVtab->content->n = 0;
|
|
|
|
|
QueryContext context;
|
|
|
|
|
|
|
|
|
|
for (size_t i = 0; i < pVtab->content->columns.size(); ++i) {
|
2015-07-09 05:37:35 +00:00
|
|
|
// Set the column affinity for each optional constraint list.
|
|
|
|
|
// There is a separate list for each column name.
|
2015-01-30 18:44:25 +00:00
|
|
|
context.constraints[pVtab->content->columns[i].first].affinity =
|
|
|
|
|
pVtab->content->columns[i].second;
|
2014-12-03 04:36:46 +00:00
|
|
|
}
|
2015-01-30 18:44:25 +00:00
|
|
|
|
2015-07-09 05:37:35 +00:00
|
|
|
// Iterate over every argument to xFilter, filling in constraint values.
|
2015-11-01 05:20:23 +00:00
|
|
|
if (argc > 0) {
|
|
|
|
|
for (size_t i = 0; i < static_cast<size_t>(argc); ++i) {
|
|
|
|
|
auto expr = (const char *)sqlite3_value_text(argv[i]);
|
|
|
|
|
if (expr == nullptr) {
|
|
|
|
|
// SQLite did not expose the expression value.
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
// Set the expression from SQLite's now-populated argv.
|
|
|
|
|
pVtab->content->constraints[i].second.expr = std::string(expr);
|
|
|
|
|
// Add the constraint to the column-sorted query request map.
|
|
|
|
|
context.constraints[pVtab->content->constraints[i].first].add(
|
|
|
|
|
pVtab->content->constraints[i].second);
|
2015-04-07 08:20:05 +00:00
|
|
|
}
|
2015-01-30 18:44:25 +00:00
|
|
|
}
|
|
|
|
|
|
2015-08-17 23:58:54 +00:00
|
|
|
// Reset the virtual table contents.
|
|
|
|
|
pVtab->content->data.clear();
|
|
|
|
|
|
|
|
|
|
// Generate the row data set.
|
2015-08-03 14:56:55 +00:00
|
|
|
PluginRequest request = {{"action", "generate"}};
|
2015-01-30 18:44:25 +00:00
|
|
|
TablePlugin::setRequestFromContext(context, request);
|
2015-08-17 23:58:54 +00:00
|
|
|
Registry::call("table", pVtab->content->name, request, pVtab->content->data);
|
2015-03-18 19:01:58 +00:00
|
|
|
|
2015-08-17 23:58:54 +00:00
|
|
|
// Set the number of rows.
|
|
|
|
|
pVtab->content->n = pVtab->content->data.size();
|
2015-01-30 18:44:25 +00:00
|
|
|
|
|
|
|
|
return SQLITE_OK;
|
|
|
|
|
}
|
2015-05-20 20:27:53 +00:00
|
|
|
}
|
2015-01-30 18:44:25 +00:00
|
|
|
|
2015-02-23 05:56:52 +00:00
|
|
|
Status attachTableInternal(const std::string &name,
|
|
|
|
|
const std::string &statement,
|
|
|
|
|
sqlite3 *db) {
|
2015-04-30 08:41:01 +00:00
|
|
|
if (SQLiteDBManager::isDisabled(name)) {
|
2015-11-09 02:31:50 +00:00
|
|
|
VLOG(1) << "Table " << name << " is disabled, not attaching";
|
2015-04-30 08:41:01 +00:00
|
|
|
return Status(0, getStringForSQLiteReturnCode(0));
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-23 05:56:52 +00:00
|
|
|
// A static module structure does not need specific logic per-table.
|
2015-05-20 20:27:53 +00:00
|
|
|
// clang-format off
|
2015-01-30 18:44:25 +00:00
|
|
|
static sqlite3_module module = {
|
2015-05-20 20:27:53 +00:00
|
|
|
0,
|
|
|
|
|
tables::xCreate,
|
|
|
|
|
tables::xCreate,
|
|
|
|
|
tables::xBestIndex,
|
|
|
|
|
tables::xDestroy,
|
|
|
|
|
tables::xDestroy,
|
|
|
|
|
tables::xOpen,
|
|
|
|
|
tables::xClose,
|
|
|
|
|
tables::xFilter,
|
|
|
|
|
tables::xNext,
|
|
|
|
|
tables::xEof,
|
|
|
|
|
tables::xColumn,
|
|
|
|
|
tables::xRowid,
|
2015-01-30 18:44:25 +00:00
|
|
|
};
|
2015-05-20 20:27:53 +00:00
|
|
|
// clang-format on
|
2015-01-30 18:44:25 +00:00
|
|
|
|
2015-02-23 05:56:52 +00:00
|
|
|
// Note, if the clientData API is used then this will save a registry call
|
|
|
|
|
// within xCreate.
|
|
|
|
|
int rc = sqlite3_create_module(db, name.c_str(), &module, 0);
|
|
|
|
|
if (rc == SQLITE_OK || rc == SQLITE_MISUSE) {
|
|
|
|
|
auto format =
|
|
|
|
|
"CREATE VIRTUAL TABLE temp." + name + " USING " + name + statement;
|
2015-04-27 09:12:58 +00:00
|
|
|
rc = sqlite3_exec(db, format.c_str(), nullptr, nullptr, 0);
|
2015-02-23 05:56:52 +00:00
|
|
|
} else {
|
|
|
|
|
LOG(ERROR) << "Error attaching table: " << name << " (" << rc << ")";
|
2015-01-31 01:52:14 +00:00
|
|
|
}
|
2015-02-23 05:56:52 +00:00
|
|
|
return Status(rc, getStringForSQLiteReturnCode(rc));
|
|
|
|
|
}
|
2015-01-31 01:52:14 +00:00
|
|
|
|
2015-02-23 05:56:52 +00:00
|
|
|
Status detachTableInternal(const std::string &name, sqlite3 *db) {
|
|
|
|
|
auto format = "DROP TABLE IF EXISTS temp." + name;
|
2015-04-27 09:12:58 +00:00
|
|
|
int rc = sqlite3_exec(db, format.c_str(), nullptr, nullptr, 0);
|
2015-02-23 05:56:52 +00:00
|
|
|
if (rc != SQLITE_OK) {
|
|
|
|
|
LOG(ERROR) << "Error detaching table: " << name << " (" << rc << ")";
|
2015-01-30 18:44:25 +00:00
|
|
|
}
|
2015-02-23 05:56:52 +00:00
|
|
|
|
|
|
|
|
return Status(rc, getStringForSQLiteReturnCode(rc));
|
2014-12-03 04:36:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void attachVirtualTables(sqlite3 *db) {
|
2015-02-23 05:56:52 +00:00
|
|
|
PluginResponse response;
|
2015-01-31 08:25:51 +00:00
|
|
|
for (const auto &name : Registry::names("table")) {
|
2015-02-23 05:56:52 +00:00
|
|
|
// Column information is nice for virtual table create call.
|
|
|
|
|
auto status =
|
|
|
|
|
Registry::call("table", name, {{"action", "columns"}}, response);
|
|
|
|
|
if (status.ok()) {
|
|
|
|
|
auto statement = columnDefinition(response);
|
|
|
|
|
attachTableInternal(name, statement, db);
|
2014-12-03 04:36:46 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
