valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

killswitch: Remove killswitch code (#5949)

Browse Source 
This was determined to be the wrong approach to adding simple
killswitches. The intent was to quickly flip on/off features. It was
not widely adopted due to the dependencies killswitching has.

A different approach is to implement the same functions with something
simple like filesystem flags.
This commit is contained in:
Teddy Reed 2019-10-29 19:14:35 -04:00 committed by GitHub
parent b47e34936c
commit 04896c85cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 29 additions and 1270 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
osquery/CMakeLists.txt
View File

@ -11,7 +11,6 @@ function(osqueryMain)
add_subdirectory("sql")
add_subdirectory("sdk")
add_subdirectory("numeric_monitoring")
add_subdirectory("killswitch")
add_subdirectory("registry")
add_subdirectory("logger")
add_subdirectory("distributed")

19
osquery/config/config.cpp
View File

@ -23,7 +23,6 @@
#include <osquery/flagalias.h>
#include <osquery/flags.h>
#include <osquery/hashing/hashing.h>
#include <osquery/killswitch.h>
#include <osquery/logger.h>
#include <osquery/packs.h>
#include <osquery/registry.h>
@ -476,19 +475,15 @@ Status Config::refresh() {
}
loaded_ = true;
if (Killswitch::get().isConfigBackupEnabled()) {
if (FLAGS_config_enable_backup && is_first_time_refresh.exchange(false)) {
const auto result = restoreConfigBackup();
if (!result) {
return Status::failure(result.getError().getMessage());
} else {
update(*result);
}
if (FLAGS_config_enable_backup && is_first_time_refresh.exchange(false)) {
LOG(INFO) << "Backing up configuration";
const auto result = restoreConfigBackup();
if (!result) {
return Status::failure(result.getError().getMessage());
} else {
update(*result);
}
} else {
LOG(INFO) << "Config backup is disabled by the killswitch";
}
return status;
} else if (getRefresh() != FLAGS_config_refresh) {
VLOG(1) << "Normal configuration delay restored";

2
osquery/config/tests/BUCK
View File

@ -25,7 +25,6 @@ osquery_cxx_test(
osquery_target("osquery/extensions:extensions"),
osquery_target("osquery/extensions:impl_thrift"),
osquery_target("osquery/filesystem:mock_file_structure"),
osquery_target("osquery/killswitch:killswitch"),
osquery_target("osquery/registry:registry"),
osquery_target("osquery/remote/enroll:tls_enroll"),
osquery_target("osquery/utils/system:time"),
@ -54,7 +53,6 @@ osquery_cxx_test(
osquery_target("osquery/extensions:extensions"),
osquery_target("osquery/extensions:impl_thrift"),
osquery_target("osquery/filesystem:mock_file_structure"),
osquery_target("osquery/killswitch:killswitch"),
osquery_target("osquery/registry:registry"),
osquery_target("osquery/remote/enroll:tls_enroll"),
osquery_target("osquery/utils/system:time"),

2
osquery/config/tests/CMakeLists.txt
View File

@ -38,7 +38,6 @@ function(generateOsqueryConfigTestsTest)
osquery_extensions
osquery_extensions_implthrift
osquery_filesystem_mockfilestructure
osquery_killswitch
osquery_registry
osquery_remote_enroll_tlsenroll
osquery_utils_system_time
@ -63,7 +62,6 @@ function(generateOsqueryConfigTestsPacksTest)
osquery_extensions
osquery_extensions_implthrift
osquery_filesystem_mockfilestructure
osquery_killswitch
osquery_registry
osquery_remote_enroll_tlsenroll
osquery_utils_system_time

10
osquery/core/init.cpp
View File

@ -41,7 +41,6 @@
#include <osquery/extensions.h>
#include <osquery/filesystem/filesystem.h>
#include <osquery/flags.h>
#include <osquery/killswitch.h>
#include <osquery/numeric_monitoring.h>
#include <osquery/process/process.h>
#include <osquery/registry.h>
@ -182,7 +181,6 @@ DECLARE_string(config_plugin);
DECLARE_string(logger_plugin);
DECLARE_string(numeric_monitoring_plugins);
DECLARE_string(distributed_plugin);
DECLARE_string(killswitch_plugin);
DECLARE_bool(config_check);
DECLARE_bool(config_dump);
DECLARE_bool(database_dump);
@ -191,7 +189,6 @@ DECLARE_bool(disable_distributed);
DECLARE_bool(disable_database);
DECLARE_bool(disable_events);
DECLARE_bool(disable_logging);
DECLARE_bool(enable_killswitch);
DECLARE_bool(enable_numeric_monitoring);
CLI_FLAG(bool, S, false, "Run as a shell process");
@ -707,18 +704,11 @@ void Initializer::start() const {
initActivePlugin("distributed", FLAGS_distributed_plugin);
}
if (FLAGS_enable_killswitch) {
initActivePlugin("killswitch", FLAGS_killswitch_plugin);
}
if (FLAGS_enable_numeric_monitoring) {
initActivePlugin(monitoring::registryName(),
FLAGS_numeric_monitoring_plugins);
}
if (Killswitch::get().isAppStartMonitorEnabled()) {
monitoring::record("osquery.start", 1, monitoring::PreAggregationType::Sum);
}
// Start event threads.
osquery::attachEvents();
EventFactory::delay();

1
osquery/dispatcher/scheduler.cpp
View File

@ -17,7 +17,6 @@
#include <osquery/data_logger.h>
#include <osquery/database.h>
#include <osquery/flags.h>
#include <osquery/killswitch.h>
#include <osquery/numeric_monitoring.h>
#include <osquery/process/process.h>
#include <osquery/profiler/code_profiler.h>

77
osquery/include/osquery/killswitch.h
View File

@ -1,77 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under both the Apache 2.0 license (found in
* the LICENSE file in the root directory of this source tree) and the GPLv2
* may select, at your option, one of the above-listed licenses.
*/
#pragma once
#include <string>
#include <boost/core/noncopyable.hpp>
#include <gtest/gtest_prod.h>
#include <osquery/core.h>
#include <osquery/utils/expected/expected.h>
#include <osquery/utils/status/status.h>
namespace osquery {
class Killswitch : private boost::noncopyable {
public:
static const char* killswitch_;
static const char* action_;
static const char* isEnabled_;
static const char* key_;
static const char* refresh_;
private:
Killswitch();
public:
virtual ~Killswitch();
// Author: @guliashvili
// Creation Time: 5/09/2018
bool isPosixProfilingEnabled();
// Author: @guliashvili
// Creation Time: 4/09/2018
bool isTotalQueryCounterMonitorEnabled();
// Author: @guliashvili
// Creation Time: 3/09/2018
bool isAppStartMonitorEnabled();
// Author: @guliashvili
// Creation Time: 3/09/2018
bool isWindowsProfilingEnabled();
// Author: @guliashvili
// Creation Time: 24/08/2018
bool isConfigBackupEnabled();
static Killswitch& get() {
static Killswitch killswitch;
return killswitch;
}
Status refresh();
private:
bool isNewCodeEnabled(const std::string& key);
enum class IsEnabledError {
CallFailed = 1,
IncorrectResponseFormat = 2,
IncorrectValue = 3
};
Expected<bool, Killswitch::IsEnabledError> isEnabled(const std::string& key);
FRIEND_TEST(KillswitchTests, test_killswitch_plugin);
};
} // namespace osquery

32
osquery/killswitch/BUCK
View File

@ -1,32 +0,0 @@
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed as defined on the LICENSE file found in the
# root directory of this source tree.
load("//tools/build_defs/oss/osquery:cxx.bzl", "osquery_cxx_library")
load("//tools/build_defs/oss/osquery:native.bzl", "osquery_target")
load("//tools/build_defs/oss/osquery:third_party.bzl", "osquery_tp_target")
osquery_cxx_library(
name = "killswitch",
srcs = [
"killswitch.cpp",
"killswitch_plugin.cpp",
"killswitch_refreshable_plugin.cpp",
],
header_namespace = "osquery/killswitch",
exported_headers = [
"killswitch_plugin.h",
"killswitch_refreshable_plugin.h",
],
link_whole = True,
tests = [
osquery_target("osquery/killswitch/tests:killswitch_tests"),
],
visibility = ["PUBLIC"],
deps = [
osquery_target("osquery/core:core"),
osquery_tp_target("googletest", "gtest_headers"),
],
)

46
osquery/killswitch/CMakeLists.txt
View File

@ -1,46 +0,0 @@
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
function(osqueryKillswitchMain)
if(OSQUERY_BUILD_TESTS)
add_subdirectory("tests")
endif()
generateOsqueryKillswitch()
endfunction()
function(generateOsqueryKillswitch)
add_osquery_library(osquery_killswitch EXCLUDE_FROM_ALL
killswitch.cpp
killswitch_plugin.cpp
killswitch_refreshable_plugin.cpp
)
enableLinkWholeArchive(osquery_killswitch)
target_link_libraries(osquery_killswitch PUBLIC
osquery_cxx_settings
osquery_core
thirdparty_googletest_headers
)
set(public_header_files
killswitch_plugin.h
killswitch_refreshable_plugin.h
)
generateIncludeNamespace(osquery_killswitch "osquery/killswitch" "FILE_ONLY" ${public_header_files})
add_test(NAME osquery_killswitch_tests-test COMMAND osquery_killswitch_tests-test)
set_tests_properties(
osquery_killswitch_tests-test
PROPERTIES ENVIRONMENT "TEST_CONF_FILES_DIR=${TEST_CONFIGS_DIR}"
)
endfunction()
osqueryKillswitchMain()

106
osquery/killswitch/killswitch.cpp
View File

@ -1,106 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#include <string>
#include <osquery/flags.h>
#include <osquery/killswitch.h>
#include <osquery/logger.h>
#include <osquery/registry_factory.h>
namespace osquery {
const char* Killswitch::killswitch_ = "killswitch";
const char* Killswitch::action_ = "action";
const char* Killswitch::isEnabled_ = "isEnabled";
const char* Killswitch::key_ = "key";
const char* Killswitch::refresh_ = "refresh";
FLAG(bool, enable_killswitch, false, "Enable killswitch plugin");
FLAG(string,
killswitch_plugin,
"killswitch_filesystem",
"Killswitch plugin name.");
Killswitch::Killswitch() {}
Killswitch::~Killswitch() = default;
bool Killswitch::isPosixProfilingEnabled() {
return isNewCodeEnabled("posixProfilingSwitch");
}
bool Killswitch::isTotalQueryCounterMonitorEnabled() {
return isNewCodeEnabled("totalQueryCounterMonitorSwitch");
}
bool Killswitch::isAppStartMonitorEnabled() {
return isNewCodeEnabled("appStartMonitorSwitch");
}
bool Killswitch::isWindowsProfilingEnabled() {
return isNewCodeEnabled("windowsProfilingSwitch");
}
bool Killswitch::isConfigBackupEnabled() {
return isNewCodeEnabled("configBackupSwitch");
}
bool Killswitch::isNewCodeEnabled(const std::string& key) {
auto result = isEnabled(key);
if (result) {
return *result;
} else {
VLOG(1) << result.getError().getMessage();
return true;
}
}
Expected<bool, Killswitch::IsEnabledError> Killswitch::isEnabled(
const std::string& key) {
PluginResponse response;
auto status = Registry::call(
Killswitch::killswitch_,
{{Killswitch::action_, Killswitch::isEnabled_}, {Killswitch::key_, key}},
response);
if (!status.ok()) {
return createError(Killswitch::IsEnabledError::CallFailed)
<< status.getMessage();
}
if (response.size() != 1) {
return createError(Killswitch::IsEnabledError::IncorrectResponseFormat)
<< "Response size should be 1 but is "
<< std::to_string(response.size());
}
const auto& response_map = response[0];
const auto& is_enabled_item = response_map.find(Killswitch::isEnabled_);
if (is_enabled_item == response_map.end()) {
return createError(Killswitch::IsEnabledError::IncorrectResponseFormat)
<< "isEnabled key missing in response of the action: isEnabled";
}
const auto& is_enabled_value = is_enabled_item->second;
if (is_enabled_value == "1") {
return true;
} else if (is_enabled_value == "0") {
return false;
} else {
return createError(Killswitch::IsEnabledError::IncorrectValue)
<< "Unknown isEnabled value " << is_enabled_value;
}
}
Status Killswitch::refresh() {
PluginResponse response;
auto status = Registry::call(Killswitch::killswitch_,
{{Killswitch::action_, Killswitch::refresh_}},
response);
return status;
}
} // namespace osquery

106
osquery/killswitch/killswitch_plugin.cpp
View File

@ -1,106 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#include <chrono>
#include <string>
#include <osquery/flags.h>
#include <osquery/killswitch/killswitch_plugin.h>
#include <osquery/registry_factory.h>
namespace osquery {
CREATE_REGISTRY(KillswitchPlugin, Killswitch::killswitch_);
Expected<std::unordered_map<std::string, bool>,
KillswitchPlugin::ParseMapJSONError>
KillswitchPlugin::parseMapJSON(const std::string& content) {
std::unordered_map<std::string, bool> result;
auto doc = JSON::newObject();
if (!doc.fromString(content) || !doc.doc().IsObject()) {
return createError(
KillswitchPlugin::ParseMapJSONError::UnknownParsingProblem)
<< "Error parsing the killswitch JSON. Content : " << content;
}
const auto table = doc.doc().FindMember("table");
if (table == doc.doc().MemberEnd()) {
return createError(KillswitchPlugin::ParseMapJSONError::MissingKey)
<< "Killswitch key table containing map was not found";
}
if (!table->value.IsObject()) {
return createError(KillswitchPlugin::ParseMapJSONError::IncorrectValueType)
<< "Killswitch table value is not an object";
}
for (const auto& keyValue : table->value.GetObject()) {
if (!keyValue.name.IsString()) {
return createError(KillswitchPlugin::ParseMapJSONError::IncorrectKeyType)
<< "Killswitch config key was not string";
}
auto key = keyValue.name.GetString();
if (!keyValue.value.IsBool()) {
return createError(
KillswitchPlugin::ParseMapJSONError::IncorrectValueType)
<< "At Killswitch config key: " << key << " value was not bool";
}
bool value = keyValue.value.GetBool();
result[key] = value;
}
return result;
}
Status KillswitchPlugin::call(const PluginRequest& request,
PluginResponse& response) {
auto action = request.find(Killswitch::action_);
if (action == request.end()) {
return Status(1, "Killswitch plugins require an action");
}
if (action->second == Killswitch::isEnabled_) {
auto key = request.find(Killswitch::key_);
if (key == request.end()) {
return Status(1, "isEnabled action requires key");
}
auto result = isEnabled(key->second);
if (result) {
response.push_back({{Killswitch::isEnabled_, std::to_string(*result)}});
return Status::success();
} else {
return Status::failure(result.getError().getMessage());
}
}
return Status(1, "Could not find appropriate action mapping");
}
void KillswitchPlugin::setCache(
const std::unordered_map<std::string, bool>& killswitchMap) {
WriteLock wlock(mutex_);
killswitchMap_ = killswitchMap;
}
void KillswitchPlugin::addCacheEntry(const std::string& key, bool value) {
WriteLock wlock(mutex_);
killswitchMap_[key] = value;
}
Expected<bool, KillswitchPlugin::IsEnabledError> KillswitchPlugin::isEnabled(
const std::string& key) {
ReadLock rlock(mutex_);
if (killswitchMap_.find(key) != killswitchMap_.end()) {
return killswitchMap_[key];
} else {
return createError(KillswitchPlugin::IsEnabledError::NoKeyFound)
<< "Could not find key " << key;
}
}
} // namespace osquery

58
osquery/killswitch/killswitch_plugin.h
View File

@ -1,58 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#pragma once
#include <string>
#include <unordered_map>
#include <gtest/gtest_prod.h>
#include <osquery/core.h>
#include <osquery/killswitch.h>
#include <osquery/plugins/plugin.h>
#include <osquery/query.h>
#include <osquery/utils/expected/expected.h>
#include <osquery/utils/mutex.h>
namespace osquery {
/**
* @brief Interface class for killswitch plugins.
*/
class KillswitchPlugin : public Plugin {
public:
/// Main entrypoint for killswitch plugin requests
virtual Status call(const PluginRequest& request,
PluginResponse& response) override;
protected:
void addCacheEntry(const std::string& key, bool value);
void setCache(const std::unordered_map<std::string, bool>& killswitchMap);
enum class ParseMapJSONError {
IncorrectKeyType = 1,
IncorrectValueType = 2,
UnknownParsingProblem = 3,
MissingKey = 4
};
static Expected<std::unordered_map<std::string, bool>, ParseMapJSONError>
parseMapJSON(const std::string& content);
private:
enum class IsEnabledError { NoKeyFound = 1 };
Expected<bool, IsEnabledError> isEnabled(const std::string& key);
std::unordered_map<std::string, bool> killswitchMap_;
mutable Mutex mutex_;
private:
FRIEND_TEST(KillswitchTests, test_killswitch_plugin);
FRIEND_TEST(KillswitchFilesystemTests,
test_killswitch_filesystem_plugin_legit);
};
} // namespace osquery

69
osquery/killswitch/killswitch_refreshable_plugin.cpp
View File

@ -1,69 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#include <chrono>
#include <osquery/dispatcher.h>
#include <osquery/flags.h>
#include <osquery/killswitch.h>
#include <osquery/killswitch/killswitch_refreshable_plugin.h>
namespace osquery {
FLAG(uint32,
killswitch_refresh_rate,
10,
"Refresh rate of killswitch in seconds");
namespace {
class KillswitchRefresher : public InternalRunnable {
public:
explicit KillswitchRefresher(std::chrono::seconds update_interval)
: InternalRunnable("KillswitchRefreshRunner"),
update_interval_(update_interval) {}
/// A simple wait/interruptible lock.
void start() override {
while (!interrupted()) {
pause(std::chrono::milliseconds(update_interval_));
osquery::Killswitch::get().refresh();
}
}
private:
const std::chrono::seconds update_interval_;
};
} // namespace
Status KillswitchRefreshablePlugin::setUp() {
if (FLAGS_killswitch_refresh_rate > 0) {
Dispatcher::addService(std::make_shared<KillswitchRefresher>(
std::chrono::seconds(FLAGS_killswitch_refresh_rate)));
}
return Status::success();
}
Status KillswitchRefreshablePlugin::call(const PluginRequest& request,
PluginResponse& response) {
auto action = request.find(Killswitch::action_);
if (action == request.end()) {
return Status::failure("Config plugins require an action");
}
if (action->second == Killswitch::refresh_) {
auto result = refresh();
if (result) {
return Status::success();
} else {
return Status::failure(result.getError().getMessage());
}
} else {
return KillswitchPlugin::call(request, response);
}
}
} // namespace osquery

32
osquery/killswitch/killswitch_refreshable_plugin.h
View File

@ -1,32 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#pragma once
#include <osquery/utils/expected/expected.h>
#include "osquery/killswitch/killswitch_plugin.h"
namespace osquery {
/**
* @brief Interface class for killswitch plugins.
*/
class KillswitchRefreshablePlugin : public KillswitchPlugin {
public:
Status setUp() override;
/// Main entrypoint for killswitch plugin requests
virtual Status call(const PluginRequest& request,
PluginResponse& response) override;
protected:
enum class RefreshError { NoContentReached = 1, ParsingError = 2 };
virtual ExpectedSuccess<RefreshError> refresh() = 0;
};
} // namespace osquery

34
osquery/killswitch/tests/BUCK
View File

@ -1,34 +0,0 @@
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed as defined on the LICENSE file found in the
# root directory of this source tree.
load("//tools/build_defs/oss/osquery:cxx.bzl", "osquery_cxx_test")
load("//tools/build_defs/oss/osquery:native.bzl", "osquery_target")
osquery_cxx_test(
name = "killswitch_tests",
srcs = [
"killswitch_tests.cpp",
],
env = {
"TEST_CONF_FILES_DIR": "$(location {})".format(
osquery_target("tools/tests:conf_files"),
),
},
visibility = ["PUBLIC"],
deps = [
osquery_target("osquery/config/tests:test_utils"),
osquery_target("osquery/database:database"),
osquery_target("osquery/events:events"),
osquery_target("osquery/extensions:extensions"),
osquery_target("osquery/extensions:impl_thrift"),
osquery_target("osquery/remote/enroll:tls_enroll"),
osquery_target("osquery/utils/conversions:conversions"),
osquery_target("osquery/utils/info:info"),
osquery_target("plugins/config:tls_config"),
osquery_target("plugins/database:ephemeral"),
osquery_target("tests:helper"),
],
)

32
osquery/killswitch/tests/CMakeLists.txt
View File

@ -1,32 +0,0 @@
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
function(osqueryKillswitchTestsMain)
generateOsqueryKillswitchTestsTest()
endfunction()
function(generateOsqueryKillswitchTestsTest)
add_osquery_executable(osquery_killswitch_tests-test killswitch_tests.cpp)
target_link_libraries(osquery_killswitch_tests-test PRIVATE
osquery_cxx_settings
osquery_config_tests_testutils
osquery_database
osquery_events
osquery_extensions
osquery_extensions_implthrift
osquery_remote_enroll_tlsenroll
osquery_utils_conversions
osquery_utils_info
plugins_config_tlsconfig
plugins_database_ephemeral
tests_helper
osquery_tools_tests_conffiles
thirdparty_googletest
)
endfunction()
osqueryKillswitchTestsMain()

125
osquery/killswitch/tests/killswitch_tests.cpp
View File

@ -1,125 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#include <gtest/gtest.h>
#include <osquery/core.h>
#include <osquery/flags.h>
#include <osquery/killswitch.h>
#include <osquery/killswitch/killswitch_plugin.h>
#include <osquery/registry.h>
#include <osquery/system.h>
namespace osquery {
DECLARE_uint32(killswitch_refresh_rate);
class KillswitchTests : public testing::Test {
public:
void SetUp() override {
Initializer::platformSetup();
registryAndPluginInit();
}
};
TEST_F(KillswitchTests, test_killswitch_plugin) {
auto& rf = RegistryFactory::get();
auto plugin = std::make_shared<KillswitchPlugin>();
rf.registry(Killswitch::killswitch_)->add("test", plugin);
EXPECT_TRUE(rf.setActive(Killswitch::killswitch_, "test").ok());
{
PluginResponse response;
auto status = Registry::call(Killswitch::killswitch_,
{{Killswitch::action_, Killswitch::isEnabled_},
{Killswitch::key_, "testSwitch"}},
response);
EXPECT_FALSE(status.ok());
}
{
PluginResponse response;
auto status = Registry::call(
Killswitch::killswitch_, {{Killswitch::key_, "testSwitch"}}, response);
EXPECT_FALSE(status.ok());
}
{
PluginResponse response;
auto status = Registry::call(Killswitch::killswitch_,
{{Killswitch::action_, "testSwitch"}},
response);
EXPECT_FALSE(status.ok());
}
plugin->addCacheEntry("testSwitch", true);
{
auto result = plugin->isEnabled("testSwitch");
EXPECT_TRUE(result);
EXPECT_TRUE(*result);
EXPECT_TRUE(Killswitch::get().isNewCodeEnabled("testSwitch"));
}
{
PluginResponse response;
auto status = Registry::call(Killswitch::killswitch_,
{{Killswitch::action_, Killswitch::isEnabled_},
{Killswitch::key_, "testSwitch"}},
response);
EXPECT_TRUE(status.ok());
EXPECT_EQ(response[0][Killswitch::isEnabled_], std::string("1"));
auto result = Killswitch::get().isEnabled("testSwitch");
EXPECT_TRUE(result);
EXPECT_TRUE(*result);
EXPECT_TRUE(Killswitch::get().isNewCodeEnabled("testSwitch"));
}
plugin->addCacheEntry("testSwitch", false);
{
auto result = plugin->isEnabled("testSwitch");
EXPECT_TRUE(result);
EXPECT_FALSE(*result);
EXPECT_FALSE(Killswitch::get().isNewCodeEnabled("testSwitch"));
}
{
PluginResponse response;
auto status = Registry::call(Killswitch::killswitch_,
{{Killswitch::action_, Killswitch::isEnabled_},
{Killswitch::key_, "testSwitch"}},
response);
EXPECT_TRUE(status.ok());
EXPECT_EQ(response[0][Killswitch::isEnabled_], std::string("0"));
auto result = Killswitch::get().isEnabled("testSwitch");
EXPECT_TRUE(result);
EXPECT_FALSE(*result);
EXPECT_FALSE(Killswitch::get().isNewCodeEnabled("testSwitch"));
}
plugin->setCache(std::unordered_map<std::string, bool>());
{
PluginResponse response;
auto status = Registry::call(Killswitch::killswitch_,
{{Killswitch::action_, Killswitch::isEnabled_},
{Killswitch::key_, "testSwitch"}},
response);
EXPECT_FALSE(status.ok());
EXPECT_EQ(response.size(), 0);
auto result = Killswitch::get().isEnabled("testSwitch");
EXPECT_FALSE(result);
EXPECT_TRUE(Killswitch::get().isNewCodeEnabled("testSwitch"));
}
EXPECT_FALSE(Killswitch::get().refresh());
rf.registry(Killswitch::killswitch_)->remove("test");
}
} // namespace osquery

1
osquery/logger/BUCK
View File

@ -21,7 +21,6 @@ osquery_cxx_library(
osquery_target("osquery/core/plugins:plugins"),
osquery_target("osquery/database:database"),
osquery_target("osquery/filesystem:osquery_filesystem"),
osquery_target("osquery/killswitch:killswitch"),
osquery_target("osquery/numeric_monitoring:numeric_monitoring"),
osquery_target("osquery/registry:registry"),
osquery_target("osquery/utils/conversions:conversions"),

1
osquery/logger/CMakeLists.txt
View File

@ -39,7 +39,6 @@ function(generateOsqueryLoggerDatalogger)
osquery_core_plugins
osquery_database
osquery_filesystem
osquery_killswitch
osquery_numericmonitoring
osquery_registry
osquery_utils_conversions

9
osquery/logger/logger.cpp
View File

@ -23,7 +23,6 @@
#include <osquery/extensions.h>
#include <osquery/filesystem/filesystem.h>
#include <osquery/flags.h>
#include <osquery/killswitch.h>
#include <osquery/numeric_monitoring.h>
#include <osquery/plugins/logger.h>
#include <osquery/registry_factory.h>
@ -81,6 +80,8 @@ HIDDEN_FLAG(bool,
false,
"Always send status logs synchronously");
DECLARE_bool(enable_numeric_monitoring);
/**
* @brief Logger plugin registry.
*
@ -409,7 +410,7 @@ Status logQueryLogItem(const QueryLogItem& results,
return Status::success();
}
if (Killswitch::get().isTotalQueryCounterMonitorEnabled()) {
if (FLAGS_enable_numeric_monitoring) {
monitoring::record(
kTotalQueryCounterMonitorPath, 1, monitoring::PreAggregationType::Sum);
}
@ -438,7 +439,7 @@ Status logSnapshotQuery(const QueryLogItem& item) {
return Status::success();
}
if (Killswitch::get().isTotalQueryCounterMonitorEnabled()) {
if (FLAGS_enable_numeric_monitoring) {
monitoring::record(
kTotalQueryCounterMonitorPath, 1, monitoring::PreAggregationType::Sum);
}
@ -545,4 +546,4 @@ void systemLog(const std::string& line) {
syslog(LOG_NOTICE, "%s", line.c_str());
#endif
}
}
} // namespace osquery

3
osquery/main/BUCK
View File

@ -74,7 +74,6 @@ osquery_cxx_library(
osquery_target("osquery/experimental/tracing:syscalls_tracing"),
osquery_target("osquery/extensions:extensions"),
osquery_target("osquery/extensions:impl_thrift"),
osquery_target("osquery/killswitch:killswitch"),
osquery_target("osquery/logger:data_logger"),
osquery_target("osquery/process:process"),
osquery_target("osquery/numeric_monitoring:numeric_monitoring"),
@ -94,8 +93,6 @@ osquery_cxx_library(
osquery_target("plugins/logger:stdout"),
osquery_target("plugins/logger:syslog"),
osquery_target("plugins/logger:tls_logger"),
osquery_target("plugins/killswitch:killswitch_filesystem"),
osquery_target("plugins/killswitch:killswitch_tls"),
osquery_target("plugins/numeric_monitoring:numeric_monitoring_filesystem"),
osquery_target("plugins/remote/enroll:tls_enroll_plugin"),
osquery_target("specs:tables"),

3
osquery/main/CMakeLists.txt
View File

@ -45,7 +45,6 @@ function(generateOsqueryMain)
osquery_experimental_tracing_syscallstracing
osquery_extensions
osquery_extensions_implthrift
osquery_killswitch
osquery_logger_datalogger
osquery_process
osquery_numericmonitoring
@ -65,8 +64,6 @@ function(generateOsqueryMain)
plugins_logger_stdout
plugins_logger_syslog
plugins_logger_tlslogger
plugins_killswitch_killswitchfilesystem
plugins_killswitch_killswitchtls
plugins_numericmonitoring_filesystem
plugins_remote_enroll_tlsenrollplugin
specs_tables

3
osquery/main/harnesses/CMakeLists.txt
View File

@ -31,7 +31,6 @@ function(generateOsqueryFuzzHarnesses)
osquery_experimental_tracing_syscallstracing
osquery_extensions
osquery_extensions_implthrift
osquery_killswitch
osquery_logger_datalogger
osquery_process
osquery_numericmonitoring
@ -51,8 +50,6 @@ function(generateOsqueryFuzzHarnesses)
plugins_logger_stdout
plugins_logger_syslog
plugins_logger_tlslogger
plugins_killswitch_killswitchfilesystem
plugins_killswitch_killswitchtls
plugins_numericmonitoring_filesystem
plugins_remote_enroll_tlsenrollplugin
specs_tables

24
osquery/profiler/posix/code_profiler.cpp
View File

@ -23,7 +23,6 @@
#include <boost/format.hpp>
#include <boost/io/detail/quoted_manip.hpp>
#include <osquery/killswitch.h>
#include <osquery/logger.h>
#include <osquery/numeric_monitoring.h>
#include <osquery/profiler/code_profiler.h>
@ -152,21 +151,18 @@ CodeProfiler::CodeProfiler(const std::initializer_list<std::string>& names)
: names_(names), code_profiler_data_(new CodeProfilerData()) {}
CodeProfiler::~CodeProfiler() {
if (Killswitch::get().isPosixProfilingEnabled()) {
CodeProfilerData code_profiler_data_end;
CodeProfilerData code_profiler_data_end;
auto rusage_start = code_profiler_data_->takeRusageData();
if (!rusage_start) {
LOG(ERROR) << "rusage_start error: "
<< rusage_start.getError().getMessage();
auto rusage_start = code_profiler_data_->takeRusageData();
if (!rusage_start) {
LOG(ERROR) << "rusage_start error: "
<< rusage_start.getError().getMessage();
} else {
auto rusage_end = code_profiler_data_end.takeRusageData();
if (!rusage_end) {
LOG(ERROR) << "rusage_end error: " << rusage_end.getError().getMessage();
} else {
auto rusage_end = code_profiler_data_end.takeRusageData();
if (!rusage_end) {
LOG(ERROR) << "rusage_end error: "
<< rusage_end.getError().getMessage();
} else {
recordRusageStatDifference(names_, *rusage_start, *rusage_end);
}
recordRusageStatDifference(names_, *rusage_start, *rusage_end);
}
const auto query_duration =

17
osquery/profiler/windows/code_profiler.cpp
View File

@ -10,7 +10,6 @@
#include <boost/format.hpp>
#include <osquery/killswitch.h>
#include <osquery/numeric_monitoring.h>
#include <osquery/profiler/code_profiler.h>
@ -26,8 +25,8 @@ void record(const std::vector<std::string>& names,
monitoring::PreAggregationType::None);
}
}
} // namespace
class CodeProfiler::CodeProfilerData {
public:
CodeProfilerData() : wall_time_(std::chrono::steady_clock::now()) {}
@ -44,15 +43,13 @@ CodeProfiler::CodeProfiler(const std::initializer_list<std::string>& names)
: names_(names), code_profiler_data_(new CodeProfilerData()) {}
CodeProfiler::~CodeProfiler() {
if (Killswitch::get().isWindowsProfilingEnabled()) {
CodeProfilerData code_profiler_data_end;
CodeProfilerData code_profiler_data_end;
const auto query_duration =
std::chrono::duration_cast<std::chrono::milliseconds>(
code_profiler_data_end.getWallTime() -
code_profiler_data_->getWallTime());
const auto query_duration =
std::chrono::duration_cast<std::chrono::milliseconds>(
code_profiler_data_end.getWallTime() -
code_profiler_data_->getWallTime());
record(names_, ".time.wall.millis", query_duration.count());
}
record(names_, ".time.wall.millis", query_duration.count());
}
} // namespace osquery

1
osquery/remote/enroll/BUCK
View File

@ -64,7 +64,6 @@ osquery_cxx_test(
osquery_target("osquery/utils/info:info"),
osquery_target("plugins/config:tls_config"),
osquery_target("plugins/database:ephemeral"),
osquery_target("plugins/killswitch:killswitch_filesystem"),
osquery_target("tests:helper"),
],
)

1
osquery/remote/enroll/CMakeLists.txt
View File

@ -73,7 +73,6 @@ function(generateOsqueryRemoteenrolltestsTest)
osquery_utils_info
plugins_config_tlsconfig
plugins_database_ephemeral
plugins_killswitch_killswitchfilesystem
tests_helper
thirdparty_googletest
osquery_tools_tests_testfiles

2
osquery/remote/tests/BUCK
View File

@ -28,7 +28,6 @@ osquery_cxx_library(
osquery_target("osquery/utils/info:info"),
osquery_target("plugins/config:tls_config"),
osquery_target("plugins/database:ephemeral"),
osquery_target("plugins/killswitch:killswitch_filesystem"),
osquery_target("tests:helper"),
],
)
@ -51,7 +50,6 @@ osquery_cxx_test(
osquery_target("osquery/utils/info:info"),
osquery_target("plugins/config:tls_config"),
osquery_target("plugins/database:ephemeral"),
osquery_target("plugins/killswitch:killswitch_filesystem"),
osquery_target("tests:helper"),
],
)

2
osquery/remote/tests/CMakeLists.txt
View File

@ -30,7 +30,6 @@ function(generateOsqueryRemoteTestsRemotetestsutils)
osquery_utils_info
plugins_config_tlsconfig
plugins_database_ephemeral
plugins_killswitch_killswitchfilesystem
tests_helper
)
endfunction()
@ -51,7 +50,6 @@ function(generateOsqueryRemoteTestsRequeststestsTest)
osquery_utils_info
plugins_config_tlsconfig
plugins_database_ephemeral
plugins_killswitch_killswitchfilesystem
tests_helper
thirdparty_googletest
)

1
osquery/remote/transports/BUCK
View File

@ -54,7 +54,6 @@ osquery_cxx_test(
osquery_target("osquery/utils/info:info"),
osquery_target("plugins/config:tls_config"),
osquery_target("plugins/database:ephemeral"),
osquery_target("plugins/killswitch:killswitch_filesystem"),
osquery_target("tests:helper"),
],
)

1
osquery/remote/transports/CMakeLists.txt
View File

@ -62,7 +62,6 @@ function(generateOsqueryRemoteTransportsRemotetransportstlstestsTest)
osquery_utils_info
plugins_config_tlsconfig
plugins_database_ephemeral
plugins_killswitch_killswitchfilesystem
tests_helper
thirdparty_googletest
osquery_tools_tests_testfiles

1
osquery/sdk/BUCK
View File

@ -29,7 +29,6 @@ osquery_cxx_library(
osquery_target("osquery/events:events_registry"),
osquery_target("osquery/experimental/events_stream:events_stream_registry"),
osquery_target("osquery/extensions:extensions"),
osquery_target("osquery/killswitch:killswitch"),
osquery_target("osquery/numeric_monitoring:numeric_monitoring"),
osquery_target("osquery/remote/enroll:tls_enroll"),
osquery_target("osquery/sql:sql"),

1
osquery/sdk/CMakeLists.txt
View File

@ -23,7 +23,6 @@ function(generateOsquerySdkPluginsdk)
osquery_events_eventsregistry
osquery_experimental_eventsstream_registry
osquery_extensions
osquery_killswitch
osquery_numericmonitoring
osquery_remote_enroll_tlsenroll
osquery_sql

1
osquery/sdk/tests/registry_tests.cpp
View File

@ -37,7 +37,6 @@ auto const mandatory_registries_ = std::vector<std::string>{
"enroll",
"event_publisher",
"event_subscriber",
"killswitch",
"logger",
"numeric_monitoring",
"sql",

1
plugins/CMakeLists.txt
View File

@ -7,7 +7,6 @@
add_subdirectory("config")
add_subdirectory("database")
add_subdirectory("distributed")
add_subdirectory("killswitch")
add_subdirectory("logger")
add_subdirectory("numeric_monitoring")
add_subdirectory("remote/enroll")

46
plugins/killswitch/BUCK
View File

@ -1,46 +0,0 @@
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed as defined on the LICENSE file found in the
# root directory of this source tree.
load("//tools/build_defs/oss/osquery:cxx.bzl", "osquery_cxx_library")
load("//tools/build_defs/oss/osquery:native.bzl", "osquery_target")
osquery_cxx_library(
name = "killswitch_filesystem",
srcs = [
"killswitch_filesystem.cpp",
],
header_namespace = "osquery/killswitch/plugins",
exported_headers = [
"killswitch_filesystem.h",
],
link_whole = True,
tests = [
osquery_target("plugins/killswitch/tests:killswitch_filesystem_plugin_tests"),
],
visibility = ["PUBLIC"],
deps = [
osquery_target("osquery/killswitch:killswitch"),
osquery_target("osquery/utils/config:utils_config"),
],
)
osquery_cxx_library(
name = "killswitch_tls",
srcs = [
"killswitch_tls.cpp",
],
header_namespace = "osquery/killswitch/plugins",
exported_headers = [
"killswitch_tls.h",
],
link_whole = True,
visibility = ["PUBLIC"],
deps = [
osquery_target("osquery/killswitch:killswitch"),
osquery_target("osquery/remote:utility"),
osquery_target("osquery/remote/serializers:serializer_json"),
],
)

64
plugins/killswitch/CMakeLists.txt
View File

@ -1,64 +0,0 @@
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
function(pluginsKillswitchMain)
if(OSQUERY_BUILD_TESTS)
add_subdirectory("tests")
endif()
generatePluginsKillswitchKillswitchfilesystem()
generatePluginsKillswitchTls()
endfunction()
function(generatePluginsKillswitchKillswitchfilesystem)
add_osquery_library(plugins_killswitch_killswitchfilesystem EXCLUDE_FROM_ALL
killswitch_filesystem.cpp
)
enableLinkWholeArchive(plugins_killswitch_killswitchfilesystem)
target_link_libraries(plugins_killswitch_killswitchfilesystem PUBLIC
osquery_cxx_settings
osquery_killswitch
osquery_utils_config
)
set(public_header_files
killswitch_filesystem.h
)
generateIncludeNamespace(plugins_killswitch_killswitchfilesystem "osquery/killswitch/plugins" "FILE_ONLY" ${public_header_files})
add_test(NAME plugins_killswitch_killswitchfilesystemplugintests-test COMMAND plugins_killswitch_killswitchfilesystemplugintests-test)
set_tests_properties(
plugins_killswitch_killswitchfilesystemplugintests-test
PROPERTIES ENVIRONMENT "TEST_CONF_FILES_DIR=${TEST_CONFIGS_DIR}"
)
endfunction()
function(generatePluginsKillswitchTls)
add_osquery_library(plugins_killswitch_killswitchtls EXCLUDE_FROM_ALL
killswitch_tls.cpp
)
enableLinkWholeArchive(plugins_killswitch_killswitchtls)
target_link_libraries(plugins_killswitch_killswitchtls PUBLIC
osquery_cxx_settings
osquery_killswitch
osquery_remote_utility
osquery_remote_serializers_serializerjson
)
set(public_header_files
killswitch_tls.h
)
generateIncludeNamespace(plugins_killswitch_killswitchtls "osquery/killswitch/plugins" "FILE_ONLY" ${public_header_files})
endfunction()
pluginsKillswitchMain()

62
plugins/killswitch/killswitch_filesystem.cpp
View File

@ -1,62 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#include <string>
#include <boost/filesystem/operations.hpp>
#include <osquery/filesystem/filesystem.h>
#include <osquery/flags.h>
#include <osquery/killswitch/plugins/killswitch_filesystem.h>
#include <osquery/logger.h>
#include <osquery/registry_factory.h>
#include <osquery/utils/json/json.h>
namespace errc = boost::system::errc;
namespace fs = boost::filesystem;
namespace osquery {
FLAG(string,
killswitch_config_path,
(fs::path(OSQUERY_HOME) / "killswitch.conf").make_preferred().string(),
"Path to JSON killswitch config file");
KillswitchFilesystem::KillswitchFilesystem(
const boost::filesystem::path& conf_path)
: conf_path_(conf_path) {}
KillswitchFilesystem::KillswitchFilesystem()
: KillswitchFilesystem(FLAGS_killswitch_config_path) {}
ExpectedSuccess<KillswitchRefreshablePlugin::RefreshError>
KillswitchFilesystem::refresh() {
std::string content;
boost::system::error_code ec;
if (!fs::is_regular_file(conf_path_, ec) || ec.value() != errc::success ||
!readFile(conf_path_, content).ok()) {
return createError(
KillswitchRefreshablePlugin::RefreshError::NoContentReached)
<< "Config file does not exist: " << conf_path_.string();
}
auto result = KillswitchPlugin::parseMapJSON(content);
if (result) {
setCache(*result);
return Success();
} else {
return createError(KillswitchRefreshablePlugin::RefreshError::ParsingError)
<< result.getError().getMessage();
}
}
REGISTER(KillswitchFilesystem,
Killswitch::killswitch_,
"killswitch_filesystem");
} // namespace osquery

41
plugins/killswitch/killswitch_filesystem.h
View File

@ -1,41 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#pragma once
#include <string>
#include <boost/filesystem/path.hpp>
#include <osquery/killswitch/killswitch_refreshable_plugin.h>
#include <osquery/utils/config/default_paths.h>
namespace osquery {
class KillswitchFilesystem : public KillswitchRefreshablePlugin {
public:
KillswitchFilesystem();
KillswitchFilesystem(const boost::filesystem::path& conf_path);
protected:
ExpectedSuccess<KillswitchRefreshablePlugin::RefreshError> refresh() override;
private:
const boost::filesystem::path conf_path_;
FRIEND_TEST(KillswitchFilesystemTests,
test_killswitch_filesystem_plugin_legit);
FRIEND_TEST(KillswitchFilesystemTests,
test_killswitch_filesystem_plugin_incorrect_key);
FRIEND_TEST(KillswitchFilesystemTests,
test_killswitch_filesystem_plugin_incorrect_value);
FRIEND_TEST(KillswitchFilesystemTests,
test_killswitch_filesystem_plugin_incorrect_no_table);
};
} // namespace osquery

103
plugins/killswitch/killswitch_tls.cpp
View File

@ -1,103 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
// clang-format off
// Keep it on top of all other includes to fix double include WinSock.h header file
// which is windows specific boost build problem
#include <osquery/remote/utility.h>
// clang-format on
#include <osquery/enroll.h>
#include <osquery/flags.h>
#include <osquery/killswitch/killswitch_plugin.h>
#include <osquery/killswitch/plugins/killswitch_tls.h>
#include <osquery/logger.h>
#include <osquery/registry.h>
#include <osquery/remote/serializers/json.h>
namespace osquery {
CLI_FLAG(uint64,
killswitch_tls_max_attempts,
3,
"Number of attempts to retry a TLS killswitch config request");
/// Config retrieval TLS endpoint (path) using TLS hostname.
CLI_FLAG(string,
killswitch_tls_endpoint,
"",
"TLS/HTTPS endpoint for killswitch config retrieval");
DECLARE_bool(enroll_always);
REGISTER(TLSKillswitchPlugin, Killswitch::killswitch_, "tls");
Status TLSKillswitchPlugin::setUp() {
if (FLAGS_enroll_always && !FLAGS_disable_enrollment) {
// clear any cached node key
clearNodeKey();
auto node_key = getNodeKey("tls");
if (node_key.size() == 0) {
// Could not generate a node key, continue logging to stderr.
return Status(1, "No node key, TLS config failed.");
}
}
uri_ = TLSRequestHelper::makeURI(FLAGS_killswitch_tls_endpoint);
uri_ += ((uri_.find('?') != std::string::npos) ? "&" : "?");
uri_ += "request=killswitch";
return KillswitchRefreshablePlugin::setUp();
}
ExpectedSuccess<KillswitchRefreshablePlugin::RefreshError>
TLSKillswitchPlugin::refresh() {
std::string content;
JSON params;
// The TLS node API morphs some verbs and variables.
params.add("_get", true);
auto s = TLSRequestHelper::go<JSONSerializer>(
uri_, params, content, FLAGS_killswitch_tls_max_attempts);
if (!s.ok()) {
return createError(
KillswitchRefreshablePlugin::RefreshError::NoContentReached)
<< "Could not retrieve config file from network";
}
JSON tree;
Status parse_status = tree.fromString(content);
if (!parse_status.ok()) {
return createError(KillswitchRefreshablePlugin::RefreshError::ParsingError)
<< "Could not parse JSON from TLS killswitch node API";
}
// Extract config map from json
auto it = tree.doc().FindMember("config");
if (it == tree.doc().MemberEnd()) {
return createError(KillswitchRefreshablePlugin::RefreshError::ParsingError)
<< "Killswitch member config is missing";
}
if (!it->value.IsString()) {
return createError(KillswitchRefreshablePlugin::RefreshError::ParsingError)
<< "Killswitch member config is not a string";
}
content = it->value.GetString();
auto result = KillswitchPlugin::parseMapJSON(content);
if (result) {
setCache(*result);
return Success();
} else {
return createError(KillswitchRefreshablePlugin::RefreshError::ParsingError)
<< result.getError().getMessage();
}
}
} // namespace osquery

28
plugins/killswitch/killswitch_tls.h
View File

@ -1,28 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#pragma once
#include <osquery/killswitch/killswitch_refreshable_plugin.h>
namespace osquery {
class TLSKillswitchPlugin;
class TLSKillswitchPlugin
: public KillswitchRefreshablePlugin,
public std::enable_shared_from_this<TLSKillswitchPlugin> {
public:
Status setUp() override;
protected:
ExpectedSuccess<KillswitchRefreshablePlugin::RefreshError> refresh() override;
/// Calculate the URL once and cache the result.
std::string uri_;
};
} // namespace osquery

35
plugins/killswitch/tests/BUCK
View File

@ -1,35 +0,0 @@
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed as defined on the LICENSE file found in the
# root directory of this source tree.
load("//tools/build_defs/oss/osquery:cxx.bzl", "osquery_cxx_test")
load("//tools/build_defs/oss/osquery:native.bzl", "osquery_target")
osquery_cxx_test(
name = "killswitch_filesystem_plugin_tests",
srcs = [
"killswitch_filesystem_tests.cpp",
],
env = {
"TEST_CONF_FILES_DIR": "$(location {})".format(
osquery_target("tools/tests:conf_files"),
),
},
visibility = ["PUBLIC"],
deps = [
osquery_target("osquery/config/tests:test_utils"),
osquery_target("osquery/database:database"),
osquery_target("osquery/events:events"),
osquery_target("osquery/extensions:extensions"),
osquery_target("osquery/extensions:impl_thrift"),
osquery_target("osquery/remote/enroll:tls_enroll"),
osquery_target("osquery/utils/conversions:conversions"),
osquery_target("osquery/utils/info:info"),
osquery_target("plugins/config:tls_config"),
osquery_target("plugins/killswitch:killswitch_filesystem"),
osquery_target("plugins/database:ephemeral"),
osquery_target("tests:helper"),
],
)

33
plugins/killswitch/tests/CMakeLists.txt
View File

@ -1,33 +0,0 @@
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
function(pluginsKillswitchTestsMain)
generatePluginsKillswitchTestsKillswitchfilesystemplugintestsTest()
endfunction()
function(generatePluginsKillswitchTestsKillswitchfilesystemplugintestsTest)
add_osquery_executable(plugins_killswitch_killswitchfilesystemplugintests-test killswitch_filesystem_tests.cpp)
target_link_libraries(plugins_killswitch_killswitchfilesystemplugintests-test PRIVATE
osquery_cxx_settings
osquery_config_tests_testutils
osquery_database
osquery_events
osquery_extensions
osquery_extensions_implthrift
osquery_remote_enroll_tlsenroll
osquery_utils_conversions
osquery_utils_info
plugins_config_tlsconfig
plugins_database_ephemeral
plugins_killswitch_killswitchfilesystem
tests_helper
osquery_tools_tests_conffiles
thirdparty_googletest
)
endfunction()
pluginsKillswitchTestsMain()

62
plugins/killswitch/tests/killswitch_filesystem_tests.cpp
View File

@ -1,62 +0,0 @@
/**
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed in accordance with the terms specified in
* the LICENSE file found in the root directory of this source tree.
*/
#include <gtest/gtest.h>
#include <osquery/config/tests/test_utils.h>
#include <osquery/flags.h>
#include <osquery/registry.h>
#include <osquery/system.h>
#include "osquery/killswitch/plugins/killswitch_filesystem.h"
namespace osquery {
DECLARE_uint32(killswitch_refresh_rate);
class KillswitchFilesystemTests : public testing::Test {
public:
void SetUp() override {
Initializer::platformSetup();
registryAndPluginInit();
}
};
TEST_F(KillswitchFilesystemTests, test_killswitch_filesystem_plugin_legit) {
KillswitchFilesystem plugin(getTestConfigDirectory() / "test_killswitch.conf");
EXPECT_TRUE(plugin.refresh());
{
auto result = plugin.isEnabled("testSwitch");
ASSERT_TRUE(result);
ASSERT_TRUE(*result);
}
{
auto result = plugin.isEnabled("test2Switch");
ASSERT_TRUE(result);
ASSERT_FALSE(*result);
}
}
TEST_F(KillswitchFilesystemTests,
test_killswitch_filesystem_plugin_incorrect_key) {
KillswitchFilesystem plugin(getTestConfigDirectory() /
"test_killswitch_incorrect_key.conf");
EXPECT_FALSE(plugin.refresh());
}
TEST_F(KillswitchFilesystemTests,
test_killswitch_filesystem_plugin_incorrect_value) {
KillswitchFilesystem plugin(getTestConfigDirectory() /
"test_killswitch_incorrect_value.conf");
EXPECT_FALSE(plugin.refresh());
}
TEST_F(KillswitchFilesystemTests,
test_killswitch_filesystem_plugin_incorrect_no_table) {
KillswitchFilesystem plugin(getTestConfigDirectory() /
"test_killswitch_incorrect_value.conf");
EXPECT_FALSE(plugin.refresh());
}
} // namespace osquery