osquery-1/osquery/tests/test_util.h

/*
 *  Copyright (c) 2014-present, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree. An additional grant
 *  of patent rights can be found in the PATENTS file in the same directory.
 *
 */

#pragma once

#include <string>
#include <utility>
#include <vector>

#include <boost/noncopyable.hpp>
#include <boost/property_tree/ptree.hpp>

#include <osquery/config.h>
#include <osquery/core.h>
#include <osquery/database.h>
#include <osquery/filesystem.h>

#include "osquery/core/process.h"

namespace pt = boost::property_tree;

namespace osquery {
/// Init function for tests and benchmarks.
void initTesting();

/// Cleanup/stop function for tests and benchmarks.
void shutdownTesting();

/// Any SQL-dependent tests should use kTestQuery for a pre-populated example.
const std::string kTestQuery = "SELECT * FROM test_table";

/// Tests can be run from within the source or build directory.
/// The test initializer will attempt to discovery the current working path.
extern std::string kTestDataPath;

/// Tests should limit intermediate input/output to a working directory.
/// Config data, logging results, and intermediate database/caching usage.
extern std::string kTestWorkingDirectory;

/// A fake directory tree should be used for filesystem iterator testing.
const std::string kFakeDirectoryName = "fstree";
extern std::string kFakeDirectory;

// Get an example generate config with one static source name to JSON content.
std::map<std::string, std::string> getTestConfigMap();

pt::ptree getExamplePacksConfig();
pt::ptree getUnrestrictedPack();
pt::ptree getRestrictedPack();
pt::ptree getPackWithDiscovery();
pt::ptree getPackWithValidDiscovery();
pt::ptree getPackWithFakeVersion();

ScheduledQuery getOsqueryScheduledQuery();

// getTestDBExpectedResults returns the results of kTestQuery of the table that
// initially gets returned from createTestDB()
QueryData getTestDBExpectedResults();

// Starting with the dataset returned by createTestDB(), getTestDBResultStream
// returns a vector of std::pair's where pair.first is the query that would
// need to be performed on the dataset to make the results be pair.second
std::vector<std::pair<std::string, QueryData> > getTestDBResultStream();

// getSerializedRow() return an std::pair where pair->first is a string which
// should serialize to pair->second. pair->second should deserialize
// to pair->first
std::pair<pt::ptree, Row> getSerializedRow();

// getSerializedQueryData() return an std::pair where pair->first is a string
// which should serialize to pair->second. pair->second should
// deserialize to pair->first
std::pair<pt::ptree, QueryData> getSerializedQueryData();
std::pair<std::string, QueryData> getSerializedQueryDataJSON();

// getSerializedDiffResults() return an std::pair where pair->first is a string
// which should serialize to pair->second. pair->second should
// deserialize to pair->first
std::pair<pt::ptree, DiffResults> getSerializedDiffResults();
std::pair<std::string, DiffResults> getSerializedDiffResultsJSON();

// getSerializedQueryLogItem() return an std::pair where pair->first
// is a string which should serialize to pair->second. pair->second
// should deserialize to pair->first
std::pair<pt::ptree, QueryLogItem> getSerializedQueryLogItem();
std::pair<std::string, QueryLogItem> getSerializedQueryLogItemJSON();

// generate content for a PEM-encoded certificate
std::string getCACertificateContent();

// generate the content that would be found in an /etc/hosts file
std::string getEtcHostsContent();

// generate the content that would be found in an /etc/protocols file
std::string getEtcProtocolsContent();

// generate the expected data that getEtcHostsContent() should parse into
QueryData getEtcHostsExpectedResults();

// generate the expected data that getEtcProtocolsContent() should parse into
QueryData getEtcProtocolsExpectedResults();

// the three items that you need to test osquery::splitString
struct SplitStringTestData {
  std::string test_string;
  std::string delim;
  std::vector<std::string> test_vector;
};

// generate a set of test data to test osquery::splitString
std::vector<SplitStringTestData> generateSplitStringTestData();

// generate a small directory structure for testing
void createMockFileStructure();

// remove the small directory structure used for testing
void tearDownMockFileStructure();

class TLSServerRunner : private boost::noncopyable {
 public:
  /// Create a singleton TLS server runner.
  static TLSServerRunner& instance() {
    static TLSServerRunner instance;
    return instance;
  }

  /// Set associated flags for testing client TLS usage.
  static void setClientConfig();

  /// Unset or restore associated flags for testing client TLS usage.
  static void unsetClientConfig();

  /// TCP port accessor.
  static const std::string& port() { return instance().port_; }

  /// Start the server if it hasn't started already.
  static void start();

  /// Stop the service when the process exits.
  static void stop();

 private:
  /// Current server PID.
  pid_t server_{0};

  /// Current server TLS port.
  std::string port_;

 private:
  std::string tls_hostname_;
  std::string enroll_tls_endpoint_;
  std::string tls_server_certs_;
  std::string enroll_secret_path_;
};
}
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`/*`
[osquery] Update copyright headers to new format. 2016-02-11 19:48:58 +00:00			`* Copyright (c) 2014-present, Facebook, Inc.`
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`* All rights reserved.`
			`*`
			`* This source code is licensed under the BSD-style license found in the`
Adding tests to the prototocols table 2015-04-23 00:49:27 +00:00			`* LICENSE file in the root directory of this source tree. An additional grant`
Updating the license comment to be the correct open source header As per t5494224, all of the license headers in osquery needed to be updated to reflect the correct open source header style. 2014-12-18 18:50:47 +00:00			`* of patent rights can be found in the PATENTS file in the same directory.`
			`*`
			`*/`
Initial commit 2014-07-31 00:35:19 +00:00
using '#pragma once' instead of '#ifndef HEADER' let's start using #pragma once for our headers. it's less lines of code, clang supports it, headers become more movable, etc. it's all around a better plan. 2014-09-10 01:54:53 +00:00			`#pragma once`
Initial commit 2014-07-31 00:35:19 +00:00
			`#include <string>`
			`#include <utility>`
			`#include <vector>`

Distributed queries client-side 2015-09-07 18:09:06 +00:00			`#include <boost/noncopyable.hpp>`
Initial commit 2014-07-31 00:35:19 +00:00			`#include <boost/property_tree/ptree.hpp>`

Codemod to improve include search paths 2014-12-03 23:14:02 +00:00			`#include <osquery/config.h>`
			`#include <osquery/core.h>`
			`#include <osquery/database.h>`
			`#include <osquery/filesystem.h>`
Initial commit 2014-07-31 00:35:19 +00:00
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00			`#include "osquery/core/process.h"`

Allow snapshot scheduled items 2015-04-27 21:57:04 +00:00			`namespace pt = boost::property_tree;`

Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`namespace osquery {`
Added benchmarking targets. 2015-07-23 23:42:46 +00:00			`/// Init function for tests and benchmarks.`
			`void initTesting();`
Initial commit 2014-07-31 00:35:19 +00:00
Add 'hidden' flags to customize TLS plugins 2015-07-29 06:08:15 +00:00			`/// Cleanup/stop function for tests and benchmarks.`
1. Reorganize RocksDB database handle into a plugin 2. Introduce a SQLite-based database plugin 3. Refactor database usage to include local 'fast-calls' 4. Introduce an 'ephemeral' database plugin for testing (like a mock) 2016-03-05 17:29:51 +00:00			`void shutdownTesting();`
Add 'hidden' flags to customize TLS plugins 2015-07-29 06:08:15 +00:00
Towards safer and shuffled unittests 2015-04-29 19:36:24 +00:00			`/// Any SQL-dependent tests should use kTestQuery for a pre-populated example.`
			`const std::string kTestQuery = "SELECT * FROM test_table";`

Add 'hidden' flags to customize TLS plugins 2015-07-29 06:08:15 +00:00			`/// Tests can be run from within the source or build directory.`
			`/// The test initializer will attempt to discovery the current working path.`
Allow unit tests execs from project root 2015-05-23 19:40:36 +00:00			`extern std::string kTestDataPath;`
Towards safer and shuffled unittests 2015-04-29 19:36:24 +00:00
			`/// Tests should limit intermediate input/output to a working directory.`
			`/// Config data, logging results, and intermediate database/caching usage.`
Add 'hidden' flags to customize TLS plugins 2015-07-29 06:08:15 +00:00			`extern std::string kTestWorkingDirectory;`
Towards safer and shuffled unittests 2015-04-29 19:36:24 +00:00
			`/// A fake directory tree should be used for filesystem iterator testing.`
Added kernel process events table. 2015-06-30 21:20:04 +00:00			`const std::string kFakeDirectoryName = "fstree";`
			`extern std::string kFakeDirectory;`
All changes addressed 2015-02-14 00:52:11 +00:00
Add persistent splays 2015-11-02 18:33:20 +00:00			`// Get an example generate config with one static source name to JSON content.`
			`std::map<std::string, std::string> getTestConfigMap();`

			`pt::ptree getExamplePacksConfig();`
			`pt::ptree getUnrestrictedPack();`
Valid bool in packs for shard/plaform/version checking 2016-02-06 01:10:35 +00:00			`pt::ptree getRestrictedPack();`
Add persistent splays 2015-11-02 18:33:20 +00:00			`pt::ptree getPackWithDiscovery();`
			`pt::ptree getPackWithValidDiscovery();`
			`pt::ptree getPackWithFakeVersion();`

Allow snapshot scheduled items 2015-04-27 21:57:04 +00:00			`ScheduledQuery getOsqueryScheduledQuery();`

Initial commit 2014-07-31 00:35:19 +00:00			`// getTestDBExpectedResults returns the results of kTestQuery of the table that`
			`// initially gets returned from createTestDB()`
Change schedule to a map, splay on config update 2015-03-22 21:58:00 +00:00			`QueryData getTestDBExpectedResults();`
Initial commit 2014-07-31 00:35:19 +00:00
			`// Starting with the dataset returned by createTestDB(), getTestDBResultStream`
			`// returns a vector of std::pair's where pair.first is the query that would`
			`// need to be performed on the dataset to make the results be pair.second`
Change schedule to a map, splay on config update 2015-03-22 21:58:00 +00:00			`std::vector<std::pair<std::string, QueryData> > getTestDBResultStream();`
Initial commit 2014-07-31 00:35:19 +00:00
			`// getSerializedRow() return an std::pair where pair->first is a string which`
Change schedule to a map, splay on config update 2015-03-22 21:58:00 +00:00			`// should serialize to pair->second. pair->second should deserialize`
Initial commit 2014-07-31 00:35:19 +00:00			`// to pair->first`
Allow snapshot scheduled items 2015-04-27 21:57:04 +00:00			`std::pair<pt::ptree, Row> getSerializedRow();`
Initial commit 2014-07-31 00:35:19 +00:00
			`// getSerializedQueryData() return an std::pair where pair->first is a string`
Change schedule to a map, splay on config update 2015-03-22 21:58:00 +00:00			`// which should serialize to pair->second. pair->second should`
Initial commit 2014-07-31 00:35:19 +00:00			`// deserialize to pair->first`
Allow snapshot scheduled items 2015-04-27 21:57:04 +00:00			`std::pair<pt::ptree, QueryData> getSerializedQueryData();`
			`std::pair<std::string, QueryData> getSerializedQueryDataJSON();`
Initial commit 2014-07-31 00:35:19 +00:00
			`// getSerializedDiffResults() return an std::pair where pair->first is a string`
Change schedule to a map, splay on config update 2015-03-22 21:58:00 +00:00			`// which should serialize to pair->second. pair->second should`
Initial commit 2014-07-31 00:35:19 +00:00			`// deserialize to pair->first`
Allow snapshot scheduled items 2015-04-27 21:57:04 +00:00			`std::pair<pt::ptree, DiffResults> getSerializedDiffResults();`
Change schedule to a map, splay on config update 2015-03-22 21:58:00 +00:00			`std::pair<std::string, DiffResults> getSerializedDiffResultsJSON();`
Initial commit 2014-07-31 00:35:19 +00:00
Allow snapshot scheduled items 2015-04-27 21:57:04 +00:00			`// getSerializedQueryLogItem() return an std::pair where pair->first`
Change schedule to a map, splay on config update 2015-03-22 21:58:00 +00:00			`// is a string which should serialize to pair->second. pair->second`
Initial commit 2014-07-31 00:35:19 +00:00			`// should deserialize to pair->first`
Allow snapshot scheduled items 2015-04-27 21:57:04 +00:00			`std::pair<pt::ptree, QueryLogItem> getSerializedQueryLogItem();`
			`std::pair<std::string, QueryLogItem> getSerializedQueryLogItemJSON();`
Initial commit 2014-07-31 00:35:19 +00:00
[vtable_cacerts] New CA certificates table. 2014-08-17 08:44:22 +00:00			`// generate content for a PEM-encoded certificate`
			`std::string getCACertificateContent();`

virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00			`// generate the content that would be found in an /etc/hosts file`
			`std::string getEtcHostsContent();`

Adding tests to the prototocols table 2015-04-23 00:49:27 +00:00			`// generate the content that would be found in an /etc/protocols file`
			`std::string getEtcProtocolsContent();`

virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00			`// generate the expected data that getEtcHostsContent() should parse into`
Change schedule to a map, splay on config update 2015-03-22 21:58:00 +00:00			`QueryData getEtcHostsExpectedResults();`
virtual table structure for #25, the /etc/hosts vtable 2014-08-02 03:46:22 +00:00
Adding tests to the prototocols table 2015-04-23 00:49:27 +00:00			`// generate the expected data that getEtcProtocolsContent() should parse into`
			`QueryData getEtcProtocolsExpectedResults();`

Isolate glog include and depend on libglog for #652 2015-01-21 21:36:55 +00:00			`// the three items that you need to test osquery::splitString`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00			`struct SplitStringTestData {`
			`std::string test_string;`
bug fixes 2014-08-04 23:08:49 +00:00			`std::string delim;`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00			`std::vector<std::string> test_vector;`
			`};`

Isolate glog include and depend on libglog for #652 2015-01-21 21:36:55 +00:00			`// generate a set of test data to test osquery::splitString`
implementation for /etc/hosts vtable 2014-08-04 21:12:06 +00:00			`std::vector<SplitStringTestData> generateSplitStringTestData();`
All changes addressed 2015-02-14 00:52:11 +00:00
			`// generate a small directory structure for testing`
			`void createMockFileStructure();`
Improve TLS logger performance 2016-01-21 08:23:05 +00:00
All changes addressed 2015-02-14 00:52:11 +00:00			`// remove the small directory structure used for testing`
			`void tearDownMockFileStructure();`
Distributed queries client-side 2015-09-07 18:09:06 +00:00
			`class TLSServerRunner : private boost::noncopyable {`
			`public:`
			`/// Create a singleton TLS server runner.`
			`static TLSServerRunner& instance() {`
			`static TLSServerRunner instance;`
			`return instance;`
			`}`

Improve TLS logger performance 2016-01-21 08:23:05 +00:00			`/// Set associated flags for testing client TLS usage.`
			`static void setClientConfig();`

			`/// Unset or restore associated flags for testing client TLS usage.`
			`static void unsetClientConfig();`

Distributed queries client-side 2015-09-07 18:09:06 +00:00			`/// TCP port accessor.`
			`static const std::string& port() { return instance().port_; }`
Improve TLS logger performance 2016-01-21 08:23:05 +00:00
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`/// Start the server if it hasn't started already.`
			`static void start();`
Improve TLS logger performance 2016-01-21 08:23:05 +00:00
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`/// Stop the service when the process exits.`
			`static void stop();`

			`private:`
Improve TLS logger performance 2016-01-21 08:23:05 +00:00			`/// Current server PID.`
			`pid_t server_{0};`
Distributed queries client-side 2015-09-07 18:09:06 +00:00
Improve TLS logger performance 2016-01-21 08:23:05 +00:00			`/// Current server TLS port.`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`std::string port_;`
Improve TLS logger performance 2016-01-21 08:23:05 +00:00
			`private:`
			`std::string tls_hostname_;`
			`std::string enroll_tls_endpoint_;`
			`std::string tls_server_certs_;`
			`std::string enroll_secret_path_;`
Distributed queries client-side 2015-09-07 18:09:06 +00:00			`};`
Ran clang-format across the codebase 2014-08-15 07:25:30 +00:00			`}`
Abstracted platform specific process operations into a common interface. (#2069) Added Windows support for process operations. Added unit tests for process abstraction code for POSIX and Windows. Modified CMake config files to support building the new code and unit tests. 2016-05-11 21:16:32 +00:00