2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
2015-05-12 06:31:13 +00:00
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
2014-12-18 18:50:47 +00:00
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-11-23 20:17:38 +00:00
|
|
|
|
2014-11-25 20:30:29 +00:00
|
|
|
#include <boost/filesystem.hpp>
|
|
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/filesystem.h>
|
2015-01-20 22:05:01 +00:00
|
|
|
#include <osquery/hash.h>
|
|
|
|
|
#include <osquery/tables.h>
|
2014-11-23 20:17:38 +00:00
|
|
|
|
2015-02-12 23:36:27 +00:00
|
|
|
namespace fs = boost::filesystem;
|
|
|
|
|
|
2014-11-23 20:17:38 +00:00
|
|
|
namespace osquery {
|
|
|
|
|
namespace tables {
|
|
|
|
|
|
2015-02-12 23:36:27 +00:00
|
|
|
void genHashForFile(const std::string& path,
|
|
|
|
|
const std::string& dir,
|
|
|
|
|
QueryData& results) {
|
|
|
|
|
// Must provide the path, filename, directory separate from boost path->string
|
|
|
|
|
// helpers to match any explicit (query-parsed) predicate constraints.
|
|
|
|
|
Row r;
|
|
|
|
|
r["path"] = path;
|
|
|
|
|
r["directory"] = dir;
|
|
|
|
|
r["md5"] = osquery::hashFromFile(HASH_TYPE_MD5, path);
|
|
|
|
|
r["sha1"] = osquery::hashFromFile(HASH_TYPE_SHA1, path);
|
|
|
|
|
r["sha256"] = osquery::hashFromFile(HASH_TYPE_SHA256, path);
|
|
|
|
|
results.push_back(r);
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-26 00:28:10 +00:00
|
|
|
QueryData genHash(QueryContext& context) {
|
2014-11-23 20:17:38 +00:00
|
|
|
QueryData results;
|
2015-11-20 21:32:56 +00:00
|
|
|
boost::system::error_code ec;
|
2014-11-25 20:30:29 +00:00
|
|
|
|
2015-07-09 05:37:35 +00:00
|
|
|
// The query must provide a predicate with constraints including path or
|
2015-02-12 23:36:27 +00:00
|
|
|
// directory. We search for the parsed predicate constraints with the equals
|
|
|
|
|
// operator.
|
2014-11-26 00:28:10 +00:00
|
|
|
auto paths = context.constraints["path"].getAll(EQUALS);
|
2014-11-25 20:30:29 +00:00
|
|
|
for (const auto& path_string : paths) {
|
2014-11-30 05:55:14 +00:00
|
|
|
boost::filesystem::path path = path_string;
|
2015-11-20 21:32:56 +00:00
|
|
|
if (!boost::filesystem::is_regular_file(path, ec)) {
|
2014-11-30 05:55:14 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
2015-01-20 22:05:01 +00:00
|
|
|
|
2015-02-12 23:36:27 +00:00
|
|
|
genHashForFile(path_string, path.parent_path().string(), results);
|
2014-11-25 20:30:29 +00:00
|
|
|
}
|
|
|
|
|
|
2015-02-12 23:36:27 +00:00
|
|
|
// Now loop through constraints using the directory column constraint.
|
2014-11-26 00:28:10 +00:00
|
|
|
auto directories = context.constraints["directory"].getAll(EQUALS);
|
2014-11-25 20:30:29 +00:00
|
|
|
for (const auto& directory_string : directories) {
|
|
|
|
|
boost::filesystem::path directory = directory_string;
|
2015-11-20 21:32:56 +00:00
|
|
|
if (!boost::filesystem::is_directory(directory, ec)) {
|
2014-11-25 20:30:29 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Iterate over the directory and generate a hash for each regular file.
|
|
|
|
|
boost::filesystem::directory_iterator begin(directory), end;
|
|
|
|
|
for (; begin != end; ++begin) {
|
2015-11-20 21:32:56 +00:00
|
|
|
if (boost::filesystem::is_regular_file(begin->path(), ec)) {
|
2015-02-12 23:36:27 +00:00
|
|
|
genHashForFile(begin->path().string(), directory_string, results);
|
2014-11-25 20:30:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-11-23 20:17:38 +00:00
|
|
|
|
|
|
|
|
return results;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
