Non-static event type and name IDs

2024-11-07 18:08:53 +00:00 · 2014-12-14 18:03:41 -08:00 · 2014-12-14 18:03:41 -08:00 · c1e37b73fb
commit c1e37b73fb
parent d2a93cf8c1
5 changed files with 35 additions and 39 deletions
--- a/include/osquery/events.h
+++ b/include/osquery/events.h
@ -15,6 +15,7 @@
 #include <osquery/database.h>
 #include <osquery/registry.h>
 #include <osquery/status.h>
+#include <osquery/tables.h>

 namespace osquery {

@ -82,6 +83,12 @@ typedef std::map<EventPublisherID, EventPublisherRef> EventPublisherMap;
 /// The set of search-time binned lookup tables.
 extern const std::vector<size_t> kEventTimeLists;

+#define DECLARE_PUBLISHER(TYPE) \
+ public: EventPublisherID type() { return TYPE; }
+
+#define DECLARE_SUBSCRIBER(NAME) \
+ public: EventPublisherID name() { return NAME; }
+
 /**
 * @brief Required getter and namespace helper methods for EventSubscriber%s.
 *
@ -696,10 +703,7 @@ class EventSubscriberCore {
   *
   * @return The query-time table data, retrieved from a backing store.
   */
-  static QueryData genTable(osquery::tables::QueryContext& context)
-      __attribute__((used)) {
-    return get(0, 0);
-  }
+  QueryData genTable(tables::QueryContext& context) __attribute__((used));

 protected:
  /// Backing storage indexing namespace definition methods.
@ -769,8 +773,8 @@ class EventSubscriber: public EventSubscriberCore {
  }

  EventPublisherID type() {
-    const auto& pub = new PUB();
-    auto type = pub->type();
+    auto pub = new PUB();
+    EventPublisherID type = pub->type();
    delete pub;
    return type;
  }
--- a/osquery/events/events.cpp
+++ b/osquery/events/events.cpp
@ -370,6 +370,10 @@ Status EventSubscriberCore::add(const Row& r, EventTime time) {
  return status;
 }

+QueryData EventSubscriberCore::genTable(tables::QueryContext& context) {
+  return get(0, 0);
+}
+
 void EventFactory::delay() {
  auto& ef = EventFactory::getInstance();
  for (const auto& eventtype : EventFactory::getInstance().event_pubs_) {
--- a/osquery/events/events_database_tests.cpp
+++ b/osquery/events/events_database_tests.cpp
@ -24,11 +24,11 @@ class EventsDatabaseTests : public ::testing::Test {

 class FakeEventPublisher
    : public EventPublisher<SubscriptionContext, EventContext> {
- public:
-  EventPublisherID type() { return "FakePublisher"; }
+  DECLARE_PUBLISHER("FakePublisher");
 };

 class FakeEventSubscriber : public EventSubscriber<FakeEventPublisher> {
+  DECLARE_SUBSCRIBER("FakeSubscriber");
 public:
  /// Add a fake event at time t
  Status testAdd(int t) {
@ -36,28 +36,8 @@ class FakeEventSubscriber : public EventSubscriber<FakeEventPublisher> {
    r["testing"] = "hello from space";
    return add(r, t);
  }
-
-  EventSubscriberID name() { return "FakeSubscriber"; }
 };

-/**
-#define DECLARE_EVENTSUBSCRIBER(NAME, TYPE)                         \
- public:                                                            \
-  static std::shared_ptr<NAME> getInstance() {                      \
-    static auto q = std::shared_ptr<NAME>(new NAME());              \
-    return q;                                                       \
-  }                                                                 \
-  static QueryData genTable(osquery::tables::QueryContext& context) \
-      __attribute__((used)) {                                       \
-    return getInstance()->get(0, 0);                                \
-  }                                                                 \
-                                                                    \
- private:                                                           \
-  EventPublisherID name() const { return #NAME; }                   \
-  EventPublisherID type() const { return #TYPE; }                   \
-  NAME() {}
-*/
-
 TEST_F(EventsDatabaseTests, test_event_sub) {
  auto sub = std::make_shared<FakeEventSubscriber>();
  EXPECT_EQ(sub->type(), "FakePublisher");
--- a/osquery/events/events_tests.cpp
+++ b/osquery/events/events_tests.cpp
@ -31,19 +31,17 @@ typedef std::shared_ptr<FakeEventContext> FakeEventContextRef;
 // Now a publisher with a type.
 class FakeEventPublisher
    : public EventPublisher<FakeSubscriptionContext, FakeEventContext> {
- public:
-  EventPublisherID type() { return "Fake"; }
+  DECLARE_PUBLISHER("FakePublisher");
 };

 class AnotherFakeEventPublisher
    : public EventPublisher<FakeSubscriptionContext, FakeEventContext> {
- public:
-  EventPublisherID type() { return "AnotherFake"; }
+  DECLARE_PUBLISHER("AnotherFakePublisher");
 };

 TEST_F(EventsTests, test_event_pub) {
  auto pub = std::make_shared<FakeEventPublisher>();
-  EXPECT_EQ(pub->type(), "Fake");
+  EXPECT_EQ(pub->type(), "FakePublisher");

  // Test type names.
  auto pub_sub = pub->createSubscriptionContext();
@ -70,6 +68,15 @@ TEST_F(EventsTests, test_register_event_pub) {
  EXPECT_TRUE(status.ok());
 }

+TEST_F(EventsTests, test_event_pub_types) {
+  auto pub = std::make_shared<FakeEventPublisher>();
+  EXPECT_EQ(pub->type(), "FakePublisher");
+
+  EventFactory::registerEventPublisher(pub);
+  auto pub2 = EventFactory::getEventPublisher("FakePublisher");
+  EXPECT_EQ(pub->type(), pub2->type());
+}
+
 TEST_F(EventsTests, test_create_event_pub) {
  auto status = EventFactory::registerEventPublisher<BasicEventPublisher>();
  EXPECT_TRUE(status.ok());
@ -84,7 +91,7 @@ TEST_F(EventsTests, test_create_subscription) {
  // Make sure a subscription cannot be added for a non-existent event type.
  // Note: It normally would not make sense to create a blank subscription.
  auto subscription = Subscription::create();
-  auto status = EventFactory::addSubscription("Fake", subscription);
+  auto status = EventFactory::addSubscription("FakePublisher", subscription);
  EXPECT_FALSE(status.ok());

  // In this case we can still add a blank subscription to an existing event
@ -114,8 +121,8 @@ struct TestSubscriptionContext : public SubscriptionContext {

 class TestEventPublisher
    : public EventPublisher<TestSubscriptionContext, EventContext> {
+  DECLARE_PUBLISHER("TestPublisher");
 public:
-  EventPublisherID type() { return "Test"; }
  Status setUp() {
    smallest_ever_ += 1;
    return Status(0, "OK");
@ -175,7 +182,7 @@ TEST_F(EventsTests, test_custom_subscription) {
  sc->smallest = -1;

  // Step 3, add the subscription to the event type
-  status = EventFactory::addSubscription("Test", sc);
+  status = EventFactory::addSubscription("TestPublisher", sc);
  EXPECT_TRUE(status.ok());
  EXPECT_EQ(pub->numSubscriptions(), 1);

@ -191,7 +198,7 @@ TEST_F(EventsTests, test_tear_down) {
  // Make sure set up incremented the test value.
  EXPECT_EQ(pub->getTestValue(), 1);

-  status = EventFactory::deregisterEventPublisher("Test");
+  status = EventFactory::deregisterEventPublisher("TestPublisher");
  EXPECT_TRUE(status.ok());

  // Make sure tear down inremented the test value.
--- a/osquery/tables/templates/default.cpp.in
+++ b/osquery/tables/templates/default.cpp.in
@ -15,7 +15,7 @@ osquery::QueryData {{function}}(QueryContext& request);
 {% else %}
 class {{class_name}} {
 public:
-  static osquery::QueryData {{function}}(QueryContext& request);
+  osquery::QueryData {{function}}(QueryContext& request);
 };
 {% endif %}\

@ -31,7 +31,8 @@ public:

  QueryData generate(QueryContext& request) {
 {% if class_name != "" %}\
-    return osquery::tables::{{class_name}}::{{function}}(request);
+    auto subscriber = std::make_shared<{{class_name}}>();
+    return subscriber->{{function}}(request);
 {% else %}\
    return osquery::tables::{{function}}(request);
 {% endif %}\