diff --git a/osquery/config.h b/osquery/config.h index 23024069..f9f5fdd4 100644 --- a/osquery/config.h +++ b/osquery/config.h @@ -10,7 +10,7 @@ #include #include -#include "osquery/core/status.h" +#include "osquery/status.h" namespace osquery { namespace config { @@ -73,7 +73,7 @@ private: // genConfig() is a symbol that is satisfied by the config plugin that gets // compiled with osquery - static osquery::core::Status genConfig(OsqueryConfig& conf); + static osquery::Status genConfig(OsqueryConfig& conf); private: // cfg_ is the private member that stores the raw osquery config data in a // native format diff --git a/osquery/config/config.cpp b/osquery/config/config.cpp index b608a8d7..334c58b9 100644 --- a/osquery/config/config.cpp +++ b/osquery/config/config.cpp @@ -16,9 +16,9 @@ #include #include -#include "osquery/core/status.h" +#include "osquery/status.h" -using osquery::core::Status; +using osquery::Status; namespace pt = boost::property_tree; diff --git a/osquery/config/config_tests.cpp b/osquery/config/config_tests.cpp index a5ecc5f4..458e6e0c 100644 --- a/osquery/config/config_tests.cpp +++ b/osquery/config/config_tests.cpp @@ -6,11 +6,11 @@ #include #include "osquery/core.h" -#include "osquery/core/status.h" +#include "osquery/status.h" #include "osquery/registry.h" namespace core = osquery::core; -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace config { diff --git a/osquery/config/plugin.h b/osquery/config/plugin.h index 06c0df5a..675a6ab2 100644 --- a/osquery/config/plugin.h +++ b/osquery/config/plugin.h @@ -7,14 +7,14 @@ #include #include "osquery/registry.h" -#include "osquery/core/status.h" +#include "osquery/status.h" namespace osquery { namespace config { class ConfigPlugin { public: - virtual std::pair genConfig() { - return std::make_pair(osquery::core::Status(1, "Not implemented"), ""); + virtual std::pair genConfig() { + return std::make_pair(osquery::Status(1, "Not implemented"), ""); } virtual ~ConfigPlugin() {} protected: @@ -33,4 +33,4 @@ DECLARE_REGISTRY( #define REGISTER_CONFIG_PLUGIN(name, decorator) \ REGISTER(ConfigPlugins, name, decorator) -#endif +#endif /* OSQUERY_CONFIG_PLUGIN_H */ diff --git a/osquery/config/plugins/facebook/configerator.cpp b/osquery/config/plugins/facebook/configerator.cpp index cb67f3b0..1e473333 100644 --- a/osquery/config/plugins/facebook/configerator.cpp +++ b/osquery/config/plugins/facebook/configerator.cpp @@ -12,7 +12,7 @@ #include "configerator/distribution/api/api.h" #include "configerator/structs/osquery/gen-cpp/osquery_types.h" -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace config { @@ -20,7 +20,7 @@ class ConfigeratorConfigPlugin : public ConfigPlugin { public: ConfigeratorConfigPlugin() {}; - std::pair genConfig() { + std::pair genConfig() { facebook::configerator::ConfigeratorApi api; std::string content; api.getConfig("osquery/osquery", &content); diff --git a/osquery/config/plugins/filesystem.cpp b/osquery/config/plugins/filesystem.cpp index 4334b79a..7e891edf 100644 --- a/osquery/config/plugins/filesystem.cpp +++ b/osquery/config/plugins/filesystem.cpp @@ -14,7 +14,7 @@ #include namespace fs = boost::filesystem; -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace config { @@ -28,7 +28,7 @@ class FilesystemConfigPlugin : public ConfigPlugin { public: FilesystemConfigPlugin() {}; - std::pair genConfig() { + std::pair genConfig() { std::string config; if (!fs::exists(FLAGS_config_path)) { return std::make_pair( diff --git a/osquery/core.h b/osquery/core.h index dd821f79..46c650ce 100644 --- a/osquery/core.h +++ b/osquery/core.h @@ -11,10 +11,6 @@ namespace osquery { namespace core { -// the callback for populating a std::vector set of results. "argument" -// should be a non-const reference to a std::vector -int callback(void *argument, int argc, char *argv[], char *column[]); - // aggregateQuery accepts a const reference to an std::string and returns a // resultset of type QueryData. osquery::db::QueryData @@ -22,8 +18,9 @@ aggregateQuery(const std::string& q, int& error_return); osquery::db::QueryData aggregateQuery(const std::string& q, int& error_return, sqlite3* db); -// Return a fully configured sqlite3 database object -sqlite3* createDB(); +// initOsquery sets up various aspects of osquery execution state. it should +// be called in an executable's main() function +void initOsquery(int argc, char *argv[]); }} diff --git a/osquery/core/CmakeLists.txt b/osquery/core/CmakeLists.txt index ea976e3c..f5ce75d0 100644 --- a/osquery/core/CmakeLists.txt +++ b/osquery/core/CmakeLists.txt @@ -1,7 +1,9 @@ ADD_LIBRARY(osquery_core + init_osquery.cpp sqlite_util.cpp test_util.cpp ) +TARGET_LINK_LIBRARIES(osquery_core gflags) TARGET_LINK_LIBRARIES(osquery_core glog) TARGET_LINK_LIBRARIES(osquery_core gtest) TARGET_LINK_LIBRARIES(osquery_core osquery_database) diff --git a/osquery/core/init_osquery.cpp b/osquery/core/init_osquery.cpp new file mode 100644 index 00000000..ad312069 --- /dev/null +++ b/osquery/core/init_osquery.cpp @@ -0,0 +1,28 @@ +// Copyright 2004-present Facebook. All Rights Reserved. + +#include "osquery/core.h" + +#include +#include + +#include "osquery/registry.h" + +namespace osquery { namespace core { + +void initOsquery(int argc, char *argv[]) { + // you can access this message later via google::ProgramUsage() + google::SetUsageMessage( + "\n" + " OSQuery - operating system instrumentation framework\n" + "\n" + " Arguments\n" + "\n" + " -help Show complete help text\n" + "\n" + ); + google::ParseCommandLineFlags(&argc, &argv, true); + google::InitGoogleLogging(argv[0]); + osquery::InitRegistry::get().run(); +} + +}} diff --git a/osquery/core/md5.h b/osquery/core/md5.h index 24803829..454ae334 100644 --- a/osquery/core/md5.h +++ b/osquery/core/md5.h @@ -1,5 +1,5 @@ -#ifndef MD5_H -#define MD5_H +#ifndef OSQUERY_CORE_MD5_H +#define OSQUERY_CORE_MD5_H // Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All // rights reserved. @@ -365,4 +365,4 @@ public: }} -#endif +#endif /* OSQUERY_CORE_MD5_H */ diff --git a/osquery/core/sqlite_util.cpp b/osquery/core/sqlite_util.cpp index c7e1e248..f3af7894 100644 --- a/osquery/core/sqlite_util.cpp +++ b/osquery/core/sqlite_util.cpp @@ -1,6 +1,7 @@ // Copyright 2004-present Facebook. All Rights Reserved. #include "osquery/core.h" +#include "osquery/core/sqlite_util.h" #include "osquery/database.h" #include "osquery/sqlite3.h" #include "osquery/tables/base.h" @@ -32,7 +33,7 @@ QueryData aggregateQuery(const std::string& q, int& error_return, sqlite3* db) { QueryData d; char *err = nullptr; - sqlite3_exec(db, q.c_str(), callback, &d, &err); + sqlite3_exec(db, q.c_str(), query_data_callback, &d, &err); if (err != nullptr) { LOG(ERROR) << "Error launching query: " << err; error_return = 1; @@ -44,9 +45,10 @@ aggregateQuery(const std::string& q, int& error_return, sqlite3* db) { return d; } -int callback(void* argument, int argc, char *argv[], char *column[]) { +int query_data_callback( + void* argument, int argc, char *argv[], char *column[]) { if (argument == nullptr) { - LOG(ERROR) << "callback received nullptr as data argument"; + LOG(ERROR) << "query_data_callback received nullptr as data argument"; return SQLITE_MISUSE; } QueryData *qData = (QueryData*)argument; diff --git a/osquery/core/sqlite_util.h b/osquery/core/sqlite_util.h new file mode 100644 index 00000000..c5bc9689 --- /dev/null +++ b/osquery/core/sqlite_util.h @@ -0,0 +1,23 @@ +// Copyright 2004-present Facebook. All Rights Reserved. + +#ifndef OSQUERY_CORE_SQLITE_UTIL_H +#define OSQUERY_CORE_SQLITE_UTIL_H + +#include +#include + +#include "osquery/database.h" +#include "osquery/sqlite3.h" + +namespace osquery { namespace core { + +// the callback for populating a std::vector set of results. "argument" +// should be a non-const reference to a std::vector +int query_data_callback(void *argument, int argc, char *argv[], char *column[]); + +// Return a fully configured sqlite3 database object +sqlite3* createDB(); + +}} + +#endif /* OSQUERY_CORE_SQLITE_UTIL_H */ diff --git a/osquery/core/sqlite_util_tests.cpp b/osquery/core/sqlite_util_tests.cpp index ed78611f..9f51135f 100644 --- a/osquery/core/sqlite_util_tests.cpp +++ b/osquery/core/sqlite_util_tests.cpp @@ -7,6 +7,7 @@ #include #include +#include "osquery/core/sqlite_util.h" #include "osquery/core/test_util.h" using namespace osquery::core; @@ -23,7 +24,7 @@ TEST_F(SQLiteUtilTests, test_simple_query_execution) { TEST_F(SQLiteUtilTests, test_passing_callback_no_data_param) { char *err = nullptr; - sqlite3_exec(createTestDB(), kTestQuery.c_str(), callback, nullptr, &err); + sqlite3_exec(createTestDB(), kTestQuery.c_str(), query_data_callback, nullptr, &err); EXPECT_TRUE(err != nullptr); if (err != nullptr) { sqlite3_free(err); diff --git a/osquery/core/status_tests.cpp b/osquery/core/status_tests.cpp index cc67c52d..d799270c 100644 --- a/osquery/core/status_tests.cpp +++ b/osquery/core/status_tests.cpp @@ -1,10 +1,10 @@ // Copyright 2004-present Facebook. All Rights Reserved. -#include "osquery/core/status.h" +#include "osquery/status.h" #include -namespace osquery { namespace core { +namespace osquery { class StatusTests : public testing::Test {}; @@ -26,7 +26,7 @@ TEST_F(StatusTests, test_to_string) { EXPECT_EQ(s.toString(), "foobar"); } -}} +} int main(int argc, char* argv[]) { testing::InitGoogleTest(&argc, argv); diff --git a/osquery/core/test_util.cpp b/osquery/core/test_util.cpp index 7b53734b..bded036c 100644 --- a/osquery/core/test_util.cpp +++ b/osquery/core/test_util.cpp @@ -9,6 +9,8 @@ #include +#include "osquery/core/sqlite_util.h" + using namespace osquery::db; namespace pt = boost::property_tree; diff --git a/osquery/database.h b/osquery/database.h index f1cca7c3..13224595 100644 --- a/osquery/database.h +++ b/osquery/database.h @@ -3,7 +3,6 @@ #ifndef OSQUERY_DATABASE_H #define OSQUERY_DATABASE_H -#include "osquery/core/status.h" #include "osquery/database/db_handle.h" #include "osquery/database/query.h" #include "osquery/database/results.h" diff --git a/osquery/database/db_handle.cpp b/osquery/database/db_handle.cpp index bcafddc0..49f1da9a 100644 --- a/osquery/database/db_handle.cpp +++ b/osquery/database/db_handle.cpp @@ -10,9 +10,9 @@ #include #include -#include "osquery/core/status.h" +#include "osquery/status.h" -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace db { @@ -119,7 +119,7 @@ std::shared_ptr DBHandle::getInstance( // getters and setters ///////////////////////////////////////////////////////////////////////////// -osquery::core::Status DBHandle::getStatus() { +osquery::Status DBHandle::getStatus() { return Status(status_.code(), status_.ToString()); } @@ -154,7 +154,7 @@ void DBHandle::endTransaction() { // Data manipulation methods ///////////////////////////////////////////////////////////////////////////// -osquery::core::Status DBHandle::Get( +osquery::Status DBHandle::Get( const std::string& domain, const std::string& key, std::string& value){ @@ -167,7 +167,7 @@ osquery::core::Status DBHandle::Get( return Status(s.code(), s.ToString()); } -osquery::core::Status DBHandle::Put( +osquery::Status DBHandle::Put( const std::string& domain, const std::string& key, const std::string& value) { @@ -180,7 +180,7 @@ osquery::core::Status DBHandle::Put( return Status(s.code(), s.ToString()); } -osquery::core::Status DBHandle::Delete( +osquery::Status DBHandle::Delete( const std::string& domain, const std::string& key) { auto s = getDB()->Delete( @@ -191,7 +191,7 @@ osquery::core::Status DBHandle::Delete( return Status(s.code(), s.ToString()); } -osquery::core::Status DBHandle::Scan( +osquery::Status DBHandle::Scan( const std::string& domain, std::vector& results) { auto it = getDB()->NewIterator( diff --git a/osquery/database/db_handle.h b/osquery/database/db_handle.h index 17e141e6..d90e3124 100644 --- a/osquery/database/db_handle.h +++ b/osquery/database/db_handle.h @@ -7,10 +7,10 @@ #include #include -#include "gtest/gtest_prod.h" +#include #include -#include "osquery/core/status.h" +#include "osquery/status.h" namespace osquery { namespace db { @@ -49,7 +49,7 @@ public: ///////////////////////////////////////////////////////////////////////////// // getStatus() returns the status_ property - osquery::core::Status getStatus(); + osquery::Status getStatus(); // getDB() is a helper that's used to get access to db_ rocksdb::DB* getDB(); @@ -68,27 +68,27 @@ public: ///////////////////////////////////////////////////////////////////////////// // Get a "key" from "domain" and store it's content in "value" - osquery::core::Status Get( + osquery::Status Get( const std::string& domain, const std::string& key, std::string& value ); // Set "key" to "value" in "domain" - osquery::core::Status Put( + osquery::Status Put( const std::string& domain, const std::string& key, const std::string& value ); // Delete "key" and it's corresponding value from "domain" - osquery::core::Status Delete( + osquery::Status Delete( const std::string& domain, const std::string& key ); // List all keys in "domain" and store the results in "results" - osquery::core::Status Scan( + osquery::Status Scan( const std::string& domain, std::vector& results ); @@ -171,4 +171,4 @@ private: }} -#endif +#endif /* OSQUERY_DATABASE_DB_HANDLE_H */ diff --git a/osquery/database/db_handle_tests.cpp b/osquery/database/db_handle_tests.cpp index b1fca901..1ac7f8fa 100644 --- a/osquery/database/db_handle_tests.cpp +++ b/osquery/database/db_handle_tests.cpp @@ -8,9 +8,9 @@ #include #include -#include "osquery/core/status.h" +#include "osquery/status.h" -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace db { diff --git a/osquery/database/query.cpp b/osquery/database/query.cpp index 6ab0ec76..87fc5c28 100644 --- a/osquery/database/query.cpp +++ b/osquery/database/query.cpp @@ -4,7 +4,7 @@ #include -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace db { @@ -112,14 +112,14 @@ Query::addNewResults( return addNewResults(qd, dr, false, unix_time, db); } -osquery::core::Status Query::addNewResults( +osquery::Status Query::addNewResults( const osquery::db::QueryData& qd, osquery::db::DiffResults& dr, int unix_time) { return addNewResults(qd, dr, true, unix_time, DBHandle::getInstance()); } -osquery::core::Status Query::addNewResults( +osquery::Status Query::addNewResults( const osquery::db::QueryData& qd, osquery::db::DiffResults& dr, bool calculate_diff, @@ -153,7 +153,7 @@ osquery::core::Status Query::addNewResults( return Status(0, "OK"); } -osquery::core::Status Query::getCurrentResults(osquery::db::QueryData& qd) { +osquery::Status Query::getCurrentResults(osquery::db::QueryData& qd) { return getCurrentResults(qd, DBHandle::getInstance()); } diff --git a/osquery/database/query.h b/osquery/database/query.h index 0dfc1b08..0c0f21cb 100644 --- a/osquery/database/query.h +++ b/osquery/database/query.h @@ -7,12 +7,12 @@ #include #include -#include "gtest/gtest_prod.h" +#include #include "osquery/config.h" #include "osquery/database/db_handle.h" #include "osquery/database/results.h" -#include "osquery/core/status.h" +#include "osquery/status.h" namespace osquery { namespace db { @@ -50,9 +50,9 @@ public: // getHistoricalQueryResults() returns the entire historical query result // set for a given scheduled query public: - osquery::core::Status getHistoricalQueryResults(HistoricalQueryResults& hQR); + osquery::Status getHistoricalQueryResults(HistoricalQueryResults& hQR); private: - osquery::core::Status + osquery::Status getHistoricalQueryResults( HistoricalQueryResults& hQR, std::shared_ptr db); @@ -76,41 +76,41 @@ private: // executions. These timestamp values are used as the RocksDB sub-keys which // represent the data stored as a result of those executions. public: - osquery::core::Status getExecutions(std::deque& results); + osquery::Status getExecutions(std::deque& results); private: - osquery::core::Status + osquery::Status getExecutions(std::deque& results, std::shared_ptr db); // addNewResults adds a new result set to the local data store. If you // want the diff of the results you've just added, pass a reference to a // diffResults struct public: - osquery::core::Status addNewResults( + osquery::Status addNewResults( const osquery::db::QueryData& qd, int unix_time ); private: - osquery::core::Status + osquery::Status addNewResults( const osquery::db::QueryData& qd, int unix_time, std::shared_ptr db ); public: - osquery::core::Status addNewResults( + osquery::Status addNewResults( const osquery::db::QueryData& qd, osquery::db::DiffResults& dr, int unix_time ); private: - osquery::core::Status addNewResults( + osquery::Status addNewResults( const osquery::db::QueryData& qd, osquery::db::DiffResults& dr, bool calculate_diff, int unix_time, std::shared_ptr db ); // getCurrentResults returns the most recent result set from the database public: - osquery::core::Status getCurrentResults(osquery::db::QueryData& qd); + osquery::Status getCurrentResults(osquery::db::QueryData& qd); private: - osquery::core::Status + osquery::Status getCurrentResults(osquery::db::QueryData& qd, std::shared_ptr db); private: @@ -138,4 +138,4 @@ private: }} -#endif +#endif /* OSQUERY_DATABASE_QUERY_H */ diff --git a/osquery/database/results.cpp b/osquery/database/results.cpp index 31524c4f..97cadd57 100644 --- a/osquery/database/results.cpp +++ b/osquery/database/results.cpp @@ -17,7 +17,7 @@ #include namespace pt = boost::property_tree; -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace db { diff --git a/osquery/database/results.h b/osquery/database/results.h index f8d2ea73..7ec54305 100644 --- a/osquery/database/results.h +++ b/osquery/database/results.h @@ -10,7 +10,7 @@ #include -#include "osquery/core/status.h" +#include "osquery/status.h" namespace osquery { namespace db { @@ -25,9 +25,9 @@ typedef std::map Row; // serializeRow accepts a const reference to a row and a non-const reference to // a ptree. The contents of const Row r will be serialized into ptree tree and -// an osquery::core::Status will be returned indicating the success or failure +// an osquery::Status will be returned indicating the success or failure // of the operation. -osquery::core::Status +osquery::Status serializeRow(const Row& r, boost::property_tree::ptree& tree); ///////////////////////////////////////////////////////////////////////////// @@ -40,9 +40,9 @@ typedef std::vector QueryData; // serializeQueryData accepts a const reference to a QueryData and a non-const // reference to a ptree. The contents of const QueryData q will be serialized -// into ptree tree and an osquery::core::Status will be returned indicating the +// into ptree tree and an osquery::Status will be returned indicating the // success or failure of the operation. -osquery::core::Status +osquery::Status serializeQueryData(const QueryData& q, boost::property_tree::ptree& tree); ///////////////////////////////////////////////////////////////////////////// @@ -75,17 +75,17 @@ typedef struct DiffResults DiffResults; // serializeDiffResults accepts a const reference to a DiffResults and a // non-const reference to a ptree. The contents of const DiffResults d will be -// serialized into ptree tree and an osquery::core::Status will be returned +// serialized into ptree tree and an osquery::Status will be returned // indicating the success or failure of the operation. -osquery::core::Status +osquery::Status serializeDiffResults(const DiffResults& d, boost::property_tree::ptree& tree); // serializeDiffResultsJSON accepts a const reference to a DiffResults struct // and a non-const reference to a std::string. The contents of const // DiffResults d will be serialized into std::string json and an -// osquery::core::Status will be returned indicating the success or failure of +// osquery::Status will be returned indicating the success or failure of // the operation. -osquery::core::Status +osquery::Status serializeDiffResultsJSON( const DiffResults& d, std::string& json); @@ -137,9 +137,9 @@ typedef struct HistoricalQueryResults HistoricalQueryResults; // serializeHistoricalQueryResults accepts a const reference to a // HistoricalQueryResults struct and a non-const reference to a ptree. The // contents of const HistoricalQueryResults r will be serialized into ptree -// tree and an osquery::core::Status will be returned indicating the success or +// tree and an osquery::Status will be returned indicating the success or // failure of the operation. -osquery::core::Status +osquery::Status serializeHistoricalQueryResults( const HistoricalQueryResults& r, boost::property_tree::ptree& tree); @@ -147,9 +147,9 @@ serializeHistoricalQueryResults( // serializeHistoricalQueryResultsJSON accepts a const reference to a // HistoricalQueryResults struct and a non-const reference to a std::string. // The contents of const HistoricalQueryResults r will be serialized into -// std::string json and an osquery::core::Status will be returned indicating the +// std::string json and an osquery::Status will be returned indicating the // success or failure of the operation. -osquery::core::Status +osquery::Status serializeHistoricalQueryResultsJSON( const HistoricalQueryResults& r, std::string& json); @@ -157,9 +157,9 @@ serializeHistoricalQueryResultsJSON( // deserializeHistoricalQueryResults accepts a const reference to a ptree of a // serialized HistoricalQueryResults struct and a non-const reference to a // historicalQueryResults struct. The contents of const ptree tree will be -// serialized into HistoricalQueryResults r and an osquery::core::Status will be +// serialized into HistoricalQueryResults r and an osquery::Status will be // returned indicating the success or failure of the operation. -osquery::core::Status +osquery::Status deserializeHistoricalQueryResults( const boost::property_tree::ptree& tree, HistoricalQueryResults& r); @@ -168,9 +168,9 @@ deserializeHistoricalQueryResults( // std::string of a serialized HistoricalQueryResults struct and a non-const // reference to a HistoricalQueryResults struct. The contents of const // std::string json will be serialized into HistoricalQueryResults r and an -// osquery::core::Status will be returned indicating the success or failure of +// osquery::Status will be returned indicating the success or failure of // the operation. -osquery::core::Status +osquery::Status deserializeHistoricalQueryResultsJSON( const std::string& json, HistoricalQueryResults& r); @@ -205,12 +205,12 @@ struct ScheduledQueryLogItem { // serializeScheduledQueryLogItem accepts a const reference to a // ScheduledQueryLogItem and a non-const reference to a ptree. The contents of // const ScheduledQueryLogItem i will be serialized into ptree tree and an -// osquery::core::Status will be returned indicating the success or failure of +// osquery::Status will be returned indicating the success or failure of // the operation. -osquery::core::Status serializeScheduledQueryLogItem( +osquery::Status serializeScheduledQueryLogItem( const ScheduledQueryLogItem& i, boost::property_tree::ptree& tree); -osquery::core::Status serializeScheduledQueryLogItemJSON( +osquery::Status serializeScheduledQueryLogItemJSON( const ScheduledQueryLogItem& i, std::string& json); }} diff --git a/osquery/filesystem.h b/osquery/filesystem.h index 6d2cdc94..b7d1322e 100644 --- a/osquery/filesystem.h +++ b/osquery/filesystem.h @@ -6,16 +6,16 @@ #include #include -#include "osquery/core/status.h" +#include "osquery/status.h" namespace osquery { namespace fs { // readFile accepts a const reference to an std::string indicating the path of // the file that you'd like to read and a non-const reference to an std::string // which will be populated with the contents of the file (if all operations are -// successful). An osquery::core::Status is returned indicating the success or +// successful). An osquery::Status is returned indicating the success or // failure of the operation. -osquery::core::Status readFile(const std::string& path, std::string& content); +osquery::Status readFile(const std::string& path, std::string& content); }} diff --git a/osquery/filesystem/filesystem.cpp b/osquery/filesystem/filesystem.cpp index a79d51f0..0c3757ee 100644 --- a/osquery/filesystem/filesystem.cpp +++ b/osquery/filesystem/filesystem.cpp @@ -12,7 +12,7 @@ #include #include -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace fs { diff --git a/osquery/logger.h b/osquery/logger.h index 54006cc8..6b57527f 100644 --- a/osquery/logger.h +++ b/osquery/logger.h @@ -7,7 +7,7 @@ #include #include -#include "osquery/core/status.h" +#include "osquery/status.h" #include "osquery/database.h" namespace osquery { namespace logger { @@ -20,15 +20,15 @@ extern const std::string kDefaultLogReceiverName; // upstream receiver. If no receiver is specified, it will fail back to what // was defined via the command-line flags. If none was defined, it will fail // back to using the default log receiver. -osquery::core::Status logString(const std::string& s); -osquery::core::Status logString( +osquery::Status logString(const std::string& s); +osquery::Status logString( const std::string& s, const std::string& receiver); // logScheduledQueryLogItem accepts a const reference to a // ScheduledQueryLogItem struct and logs it to a specified upstream receiver. -osquery::core::Status logScheduledQueryLogItem( +osquery::Status logScheduledQueryLogItem( const osquery::db::ScheduledQueryLogItem& item); -osquery::core::Status logScheduledQueryLogItem( +osquery::Status logScheduledQueryLogItem( const osquery::db::ScheduledQueryLogItem& item, const std::string& receiver); }} diff --git a/osquery/logger/logger.cpp b/osquery/logger/logger.cpp index ebc2074e..f2745c2c 100644 --- a/osquery/logger/logger.cpp +++ b/osquery/logger/logger.cpp @@ -9,7 +9,7 @@ #include #include -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace logger { diff --git a/osquery/logger/logger_tests.cpp b/osquery/logger/logger_tests.cpp index be7b2687..5abac989 100644 --- a/osquery/logger/logger_tests.cpp +++ b/osquery/logger/logger_tests.cpp @@ -8,7 +8,7 @@ using namespace osquery::db; using namespace osquery::logger; -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace logger { diff --git a/osquery/logger/plugin.h b/osquery/logger/plugin.h index 66fd295e..3b30513b 100644 --- a/osquery/logger/plugin.h +++ b/osquery/logger/plugin.h @@ -6,14 +6,14 @@ #include #include "osquery/registry.h" -#include "osquery/core/status.h" +#include "osquery/status.h" namespace osquery { namespace logger { class LoggerPlugin { public: - virtual osquery::core::Status logString(const std::string& s) { - return osquery::core::Status(1, "Not implemented"); + virtual osquery::Status logString(const std::string& s) { + return osquery::Status(1, "Not implemented"); } virtual ~LoggerPlugin() {} protected: @@ -32,4 +32,4 @@ DECLARE_REGISTRY( #define REGISTER_LOGGER_PLUGIN(name, decorator) \ REGISTER(LoggerPlugins, name, decorator) -#endif +#endif /* OSQUERY_LOGGER_PLUGIN_H */ diff --git a/osquery/logger/plugins/facebook/scribe.cpp b/osquery/logger/plugins/facebook/scribe.cpp index fbadb89a..e783129c 100644 --- a/osquery/logger/plugins/facebook/scribe.cpp +++ b/osquery/logger/plugins/facebook/scribe.cpp @@ -10,7 +10,7 @@ #include "scribe/client/ScribeClient.h" -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace logger { diff --git a/osquery/logger/plugins/filesystem.cpp b/osquery/logger/plugins/filesystem.cpp index 9a26797b..fe972423 100644 --- a/osquery/logger/plugins/filesystem.cpp +++ b/osquery/logger/plugins/filesystem.cpp @@ -11,7 +11,7 @@ #include #include -using osquery::core::Status; +using osquery::Status; namespace osquery { namespace logger { diff --git a/osquery/main/daemon.cpp b/osquery/main/daemon.cpp index 8515a7c1..f57ec8de 100644 --- a/osquery/main/daemon.cpp +++ b/osquery/main/daemon.cpp @@ -2,26 +2,11 @@ #include -#include -#include - -#include "osquery/registry.h" +#include "osquery/core.h" #include "osquery/scheduler.h" int main(int argc, char *argv[]) { - // you can access this message later via google::ProgramUsage() - google::SetUsageMessage( - "\n" - " OSQuery - operating system instrumentation framework\n" - "\n" - " Arguments\n" - "\n" - " -help Show complete help text\n" - "\n" - ); - google::ParseCommandLineFlags(&argc, &argv, true); - google::InitGoogleLogging(argv[0]); - osquery::InitRegistry::get().run(); + osquery::core::initOsquery(argc, argv); boost::thread scheduler_thread(osquery::scheduler::initialize); diff --git a/osquery/main/shell.cpp b/osquery/main/shell.cpp index fd3d9542..da56cbe4 100644 --- a/osquery/main/shell.cpp +++ b/osquery/main/shell.cpp @@ -1,9 +1,9 @@ // Copyright 2004-present Facebook. All Rights Reserved. +#include "osquery/core.h" #include "osquery/devtools.h" -#include "osquery/registry.h" int main(int argc, char *argv[]) { - osquery::InitRegistry::get().run(); + osquery::core::initOsquery(argc, argv); return osquery::devtools::launchIntoShell(argc, argv); } diff --git a/osquery/registry.h b/osquery/registry.h index 302da1d6..c5868528 100644 --- a/osquery/registry.h +++ b/osquery/registry.h @@ -1,7 +1,7 @@ // Copyright 2004-present Facebook. All Rights Reserved. -#ifndef OSQUERY_REGISTRY_REGISTRY_H -#define OSQUERY_REGISTRY_REGISTRY_H +#ifndef OSQUERY_REGISTRY_H +#define OSQUERY_REGISTRY_H #include #include @@ -78,4 +78,4 @@ class Registry : public std::unordered_map { }); \ } -#endif +#endif /* OSQUERY_REGISTRY_H */ diff --git a/osquery/registry/init_registry.h b/osquery/registry/init_registry.h index 4a59befc..89db8fab 100644 --- a/osquery/registry/init_registry.h +++ b/osquery/registry/init_registry.h @@ -44,4 +44,4 @@ struct RegisterInitFunc : private boost::noncopyable { } // namespace osquery -#endif +#endif /* OSQUERY_REGISTRY_INIT_REGISTRY_H */ diff --git a/osquery/registry/registry_template.h b/osquery/registry/registry_template.h index 1ba771aa..2e6d0398 100644 --- a/osquery/registry/registry_template.h +++ b/osquery/registry/registry_template.h @@ -7,6 +7,7 @@ #include #include #include + #include namespace osquery { @@ -68,4 +69,4 @@ class RegistryTemplate : private boost::noncopyable { } // namespace osquery -#endif +#endif /* OSQUERY_REGISTRY_REGISTRY_TEMPLATE_H */ diff --git a/osquery/registry/singleton.h b/osquery/registry/singleton.h index c76601b0..5bfc8a97 100644 --- a/osquery/registry/singleton.h +++ b/osquery/registry/singleton.h @@ -25,4 +25,4 @@ class Singleton : private T { } // namespace osquery -#endif +#endif /* OSQUERY_REGISTRY_SINGLETON_H */ diff --git a/osquery/core/status.h b/osquery/status.h similarity index 74% rename from osquery/core/status.h rename to osquery/status.h index 7dc29abf..276d30f6 100644 --- a/osquery/core/status.h +++ b/osquery/status.h @@ -1,11 +1,11 @@ // Copyright 2004-present Facebook. All Rights Reserved. -#ifndef OSQUERY_CORE_STATUS_H -#define OSQUERY_CORE_STATUS_H +#ifndef OSQUERY_STATUS_H +#define OSQUERY_STATUS_H #include -namespace osquery { namespace core { +namespace osquery { class Status { public: @@ -20,6 +20,6 @@ private: std::string message_; }; -}} +} -#endif /* OSQUERY_CORE_STATUS_H */ +#endif /* OSQUERY_STATUS_H */ diff --git a/osquery/tables/implementations/example.h b/osquery/tables/implementations/example.h index e8074fed..c590a495 100644 --- a/osquery/tables/implementations/example.h +++ b/osquery/tables/implementations/example.h @@ -1,7 +1,7 @@ // Copyright 2004-present Facebook. All Rights Reserved. -#ifndef TABLES_IMPLEMENTATIONS_EXAMPLE_H -#define TABLES_IMPLEMENTATIONS_EXAMPLE_H +#ifndef OSQUERY_TABLES_IMPLEMENTATIONS_EXAMPLE_H +#define OSQUERY_TABLES_IMPLEMENTATIONS_EXAMPLE_H #include "osquery/database.h" @@ -11,4 +11,4 @@ osquery::db::QueryData genExample(); }} -#endif +#endif /* OSQUERY_TABLES_IMPLEMENTATIONS_EXAMPLE_H */ diff --git a/osquery/tables/manual/filesystem.h b/osquery/tables/manual/filesystem.h index 968393c2..e066d693 100644 --- a/osquery/tables/manual/filesystem.h +++ b/osquery/tables/manual/filesystem.h @@ -1,7 +1,8 @@ // Copyright 2004-present Facebook. All Rights Reserved. -#ifndef _TABLES_FILESYSTEM_H_ -#define _TABLES_FILESYSTEM_H_ +#ifndef OSQUERY_TABLES_FILESYSTEM_H +#define OSQUERY_TABLES_FILESYSTEM_H + #include "osquery/sqlite3.h" // Make sure we can call this stuff from C++. @@ -32,4 +33,5 @@ int sqlite3_filesystem_create( #ifdef __cplusplus } // End of the 'extern "C"' block #endif -#endif /* _TABLES_FILESYSTEM_H_ */ + +#endif /* OSQUERY_TABLES_FILESYSTEM_H */ diff --git a/osquery/tables/manual/hash.h b/osquery/tables/manual/hash.h index a23ceb33..862473d8 100644 --- a/osquery/tables/manual/hash.h +++ b/osquery/tables/manual/hash.h @@ -1,7 +1,8 @@ // Copyright 2004-present Facebook. All Rights Reserved. -#ifndef TABLES_HASH_H -#define TABLES_HASH_H +#ifndef OSQUERY_TABLES_HASH_H +#define OSQUERY_TABLES_HASH_H + #include "osquery/sqlite3.h" // Make sure we can call this stuff from C++. @@ -32,4 +33,5 @@ int sqlite3_hash_create( #ifdef __cplusplus } // End of the 'extern "C"' block #endif -#endif /* TABLES_HASH_H */ + +#endif /* OSQUERY_TABLES_HASH_H */ diff --git a/osquery/tables/registry.h b/osquery/tables/registry.h index 1b3e9643..be68035d 100644 --- a/osquery/tables/registry.h +++ b/osquery/tables/registry.h @@ -5,7 +5,7 @@ #include -#include "osquery/core/status.h" +#include "osquery/status.h" #include "osquery/registry.h" #include "osquery/sqlite3.h" @@ -33,4 +33,4 @@ DECLARE_REGISTRY( #define REGISTER_TABLE(name, decorator) \ REGISTER(TablePlugins, name, decorator) -#endif +#endif /* OSQUERY_TABLES_REGISTRY_H */