2014-12-18 18:50:47 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2014, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This source code is licensed under the BSD-style license found in the
|
|
|
|
|
* LICENSE file in the root directory of this source tree. An additional grant
|
|
|
|
|
* of patent rights can be found in the PATENTS file in the same directory.
|
|
|
|
|
*
|
|
|
|
|
*/
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
#include <algorithm>
|
|
|
|
|
#include <ctime>
|
|
|
|
|
#include <deque>
|
|
|
|
|
|
2014-09-22 21:30:52 +00:00
|
|
|
#include <boost/filesystem/operations.hpp>
|
|
|
|
|
|
2014-07-31 00:35:19 +00:00
|
|
|
#include <gtest/gtest.h>
|
|
|
|
|
|
2014-12-03 23:14:02 +00:00
|
|
|
#include <osquery/database/query.h>
|
|
|
|
|
|
2014-07-31 00:35:19 +00:00
|
|
|
#include "osquery/core/test_util.h"
|
|
|
|
|
|
2014-09-30 02:06:33 +00:00
|
|
|
const std::string kTestingQueryDBPath = "/tmp/rocksdb-osquery-querytests";
|
|
|
|
|
|
2014-08-15 07:25:30 +00:00
|
|
|
namespace osquery {
|
2014-07-31 00:35:19 +00:00
|
|
|
|
2014-09-22 21:30:52 +00:00
|
|
|
class QueryTests : public testing::Test {
|
2014-09-30 02:06:33 +00:00
|
|
|
public:
|
2014-10-28 00:37:36 +00:00
|
|
|
void SetUp() { db = DBHandle::getInstanceAtPath(kTestingQueryDBPath); }
|
2014-09-22 21:35:07 +00:00
|
|
|
|
|
|
|
|
public:
|
2014-09-22 21:30:52 +00:00
|
|
|
std::shared_ptr<DBHandle> db;
|
|
|
|
|
};
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_get_column_family_name) {
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
|
|
|
|
EXPECT_EQ(cf.getQueryName(), "foobar");
|
2014-07-31 00:35:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_get_query) {
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
EXPECT_EQ(cf.getQuery(), query.query);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_get_interval) {
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
EXPECT_EQ(cf.getInterval(), query.interval);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_private_members) {
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
EXPECT_EQ(cf.query_, query);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_add_and_get_current_results) {
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
auto s = cf.addNewResults(getTestDBExpectedResults(), std::time(0), db);
|
|
|
|
|
EXPECT_TRUE(s.ok());
|
|
|
|
|
EXPECT_EQ(s.toString(), "OK");
|
|
|
|
|
for (auto result : getTestDBResultStream()) {
|
|
|
|
|
DiffResults dr;
|
|
|
|
|
HistoricalQueryResults hQR;
|
|
|
|
|
auto hqr_status = cf.getHistoricalQueryResults(hQR, db);
|
|
|
|
|
EXPECT_TRUE(hqr_status.ok());
|
|
|
|
|
EXPECT_EQ(hqr_status.toString(), "OK");
|
|
|
|
|
auto s = cf.addNewResults(result.second, dr, true, std::time(0), db);
|
|
|
|
|
EXPECT_TRUE(s.ok());
|
|
|
|
|
DiffResults expected = diff(hQR.mostRecentResults.second, result.second);
|
|
|
|
|
EXPECT_EQ(dr, expected);
|
|
|
|
|
QueryData qd;
|
|
|
|
|
cf.getCurrentResults(qd, db);
|
|
|
|
|
EXPECT_EQ(qd, result.second);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_get_historical_query_results) {
|
|
|
|
|
auto hQR = getSerializedHistoricalQueryResultsJSON();
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto put_status = db->Put(kQueries, "foobar", hQR.first);
|
2014-07-31 00:35:19 +00:00
|
|
|
EXPECT_TRUE(put_status.ok());
|
|
|
|
|
EXPECT_EQ(put_status.toString(), "OK");
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
HistoricalQueryResults from_db;
|
|
|
|
|
auto query_status = cf.getHistoricalQueryResults(from_db, db);
|
|
|
|
|
EXPECT_TRUE(query_status.ok());
|
|
|
|
|
EXPECT_EQ(query_status.toString(), "OK");
|
|
|
|
|
EXPECT_EQ(from_db, hQR.second);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_query_name_not_found_in_db) {
|
|
|
|
|
HistoricalQueryResults from_db;
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("not_a_real_query", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
auto query_status = cf.getHistoricalQueryResults(from_db, db);
|
|
|
|
|
EXPECT_FALSE(query_status.ok());
|
|
|
|
|
EXPECT_EQ(query_status.toString(), "query name not found in database");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_is_query_name_in_database) {
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
auto hQR = getSerializedHistoricalQueryResultsJSON();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto put_status = db->Put(kQueries, "foobar", hQR.first);
|
2014-07-31 00:35:19 +00:00
|
|
|
EXPECT_TRUE(put_status.ok());
|
|
|
|
|
EXPECT_EQ(put_status.toString(), "OK");
|
|
|
|
|
EXPECT_TRUE(cf.isQueryNameInDatabase(db));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_get_stored_query_names) {
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
auto hQR = getSerializedHistoricalQueryResultsJSON();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto put_status = db->Put(kQueries, "foobar", hQR.first);
|
2014-07-31 00:35:19 +00:00
|
|
|
EXPECT_TRUE(put_status.ok());
|
|
|
|
|
EXPECT_EQ(put_status.toString(), "OK");
|
|
|
|
|
auto names = cf.getStoredQueryNames(db);
|
2015-03-22 21:58:00 +00:00
|
|
|
auto in_vector = std::find(names.begin(), names.end(), "foobar");
|
2014-07-31 00:35:19 +00:00
|
|
|
EXPECT_NE(in_vector, names.end());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(QueryTests, test_get_current_results) {
|
|
|
|
|
auto hQR = getSerializedHistoricalQueryResultsJSON();
|
|
|
|
|
auto query = getOsqueryScheduledQuery();
|
2015-03-22 21:58:00 +00:00
|
|
|
auto put_status = db->Put(kQueries, "foobar", hQR.first);
|
2014-07-31 00:35:19 +00:00
|
|
|
EXPECT_TRUE(put_status.ok());
|
|
|
|
|
EXPECT_EQ(put_status.toString(), "OK");
|
2015-03-22 21:58:00 +00:00
|
|
|
auto cf = Query("foobar", query);
|
2014-07-31 00:35:19 +00:00
|
|
|
QueryData qd;
|
|
|
|
|
auto query_status = cf.getCurrentResults(qd, db);
|
|
|
|
|
EXPECT_TRUE(query_status.ok());
|
|
|
|
|
EXPECT_EQ(query_status.toString(), "OK");
|
|
|
|
|
EXPECT_EQ(qd, hQR.second.mostRecentResults.second);
|
|
|
|
|
}
|
2014-08-15 07:25:30 +00:00
|
|
|
}
|
2014-07-31 00:35:19 +00:00
|
|
|
|
|
|
|
|
int main(int argc, char* argv[]) {
|
|
|
|
|
testing::InitGoogleTest(&argc, argv);
|
2014-09-30 02:06:33 +00:00
|
|
|
int status = RUN_ALL_TESTS();
|
|
|
|
|
boost::filesystem::remove_all(kTestingQueryDBPath);
|
|
|
|
|
return status;
|
2014-07-31 00:35:19 +00:00
|
|
|
}
|
