valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Blacklist is now on by default

Browse Source
This commit is contained in:
Teddy Reed 2014-11-10 13:30:24 -08:00
parent 177229ead1
commit 8b1af689db
3 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
osquery/CMakeLists.txt
View File

@ -179,7 +179,7 @@ foreach(TABLE_FILE ${TABLE_FILES})
STRING(REPLACE ".table" ".cpp" TABLE_FILE_GEN ${TABLE_FILE_GEN})
ADD_CUSTOM_COMMAND(
OUTPUT ${TABLE_FILE_GEN}
COMMAND python ${CMAKE_SOURCE_DIR}/tools/gentable.py ${TABLE_FILE} ${TABLE_FILE_GEN} $ENV{USE_BLACKLIST}
COMMAND python ${CMAKE_SOURCE_DIR}/tools/gentable.py ${TABLE_FILE} ${TABLE_FILE_GEN} $ENV{DISABLE_BLACKLIST}
DEPENDS ${TABLE_FILE} ${CMAKE_SOURCE_DIR}/tools/gentable.py ${CMAKE_SOURCE_DIR}/osquery/tables/specs/blacklist
WORKING_DIRECTORY "${CMAKE_SOURCE_DIR}"
)

6
tools/gentable.py
View File

@ -233,7 +233,7 @@ REGISTER_TABLE(
def usage():
""" print program usage """
print("Usage: %s <spec.table> <file.cpp> [use_blacklist]" % sys.argv[0])
print("Usage: %s <spec.table> <file.cpp> [disable_blacklist]" % sys.argv[0])
def to_camel_case(snake_case):
""" convert a snake_case string to camelCase """
@ -404,12 +404,12 @@ def main(argc, argv):
output = argv[2]
# Adding a 3rd parameter will enable the blacklist
use_blacklist = argc > 3
disable_blacklist = argc > 3
with open(filename, "rU") as file_handle:
tree = ast.parse(file_handle.read())
exec(compile(tree, "<string>", "exec"))
if use_blacklist and is_blacklisted(filename, table.table_name):
if not disable_blacklist and is_blacklisted(filename, table.table_name):
table.blacklist(output)
else:
table.generate(output)

4
tools/profile.py
View File

@ -174,7 +174,7 @@ def run_query(shell, query, timeout=0, count=1):
try:
stats = get_stats(p, step)
percents.append(stats["utilization"])
except psutil.AccessDenied:
except psutil.AccessDenied as e:
break
delay += step
if timeout > 0 and delay >= timeout + 2:
@ -211,6 +211,8 @@ def summary(results, display=False):
for key in RANGES:
if key == "colors":
continue
if key not in result:
continue
summary_result[key] = rank(result[key], RANGES[key])
if display:
print ("%s:" % name, end=" ")