valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,405 Commits 2 Branches 109 Tags 25 MiB
428094ef72
Commit Graph

4405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Anderson
428094ef72 bug: correctly check windows event log channels for firing (#4550) 2018-06-13 21:40:50 +01:00
Filipe Manco
366141fda2
Catch exceptions by ref on windows processes (#4541) 2018-06-13 21:06:38 +01:00
Filipe Manco
98ccbcc250
Remove /dev/null monitoring from fsevents (#4549) 2018-06-13 20:33:32 +01:00
Alexandru Stefanica
674efda216 Fix autoloaded extension processes outliving the main process (#4359) 2018-06-13 20:33:02 +01:00
Filipe Manco
08300c13e8 Git pre-commit hook handle already formatted files (#4539) 2018-06-13 17:28:17 +01:00
Filipe Manco
b512f4be6d
ATCPlugin fix ctor initialization order (#4540) 2018-06-13 17:17:28 +01:00
Alessandro Gario
ea95870bc8 AuditdNetlink: Only start the netlink services once (#4535) 2018-06-13 14:57:57 +01:00
Filipe Manco
bb57c489de
Removed extra empty line at top of file (#4543) 2018-06-13 14:51:44 +01:00
Filipe Manco
92dbd15a89
Fix comment typos (#4542) 2018-06-13 14:51:27 +01:00
Filipe Manco
98f00bea4f
SQL::selectFrom() pass columns as ref (#4544) 2018-06-13 14:32:10 +01:00
Filipe Manco
0a08620b65
Move process namespaces to separate table (#4534) 2018-06-13 14:28:16 +01:00
Alexander
d22146beac Fix up flaky fileops_tests (#4529) 2018-06-13 10:18:27 +01:00
Alessandro Gario
b64dbb0f53 auditdnetlink: Do not reset the handle when poll() returns EINTR (#4531) 2018-06-13 10:06:53 +01:00
Nick Anderson
6ff5aded99
bug: correctly check for failed process open (#4532) 2018-06-12 14:56:22 -04:00
Giorgi Guliashvili
698846fda4
base64 encoding and decoding optimized (#4507) 
base64 encoding and decoding optimized
 2018-06-12 18:37:04 +01:00
Giorgi Guliashvili
5e9332aea4
bug split(string,string,size_t) (#4515) 
split(string,string,size_t) contained bug, it was joining on every delimiter, which would result to unusual outcome. However, test could not detect this problem as delim.size() was 1. It turned out, that this split is not used anywhere having delim.size() > 1, so completely fixing bug by changing signature of the method to split(string,char,size_t)
 2018-06-12 18:34:09 +01:00
Mitchell Grenier
46e38e1c4a
Add decode back to cmdline pieces (#4521) 2018-06-12 10:30:54 -07:00
Alexander
343971caae
Do not continue FileOpsTests.* after file opening faulure (#4530) 
Without ASSERT_* tests try to work with invalid file pointer - it doesn't make any sense
 2018-06-12 18:20:08 +01:00
Filipe Manco
adedd50c9a
Registry: don't call external code holding lock (#4528) 2018-06-12 15:55:51 +01:00
Teddy Reed
e1676c9ef5 Make macOS signatures table architecture aware (#4525) 2018-06-11 14:03:57 -07:00
M Amin
bdd2c47551 build: Update provisioning and build scripts to VS2017 (as per #4151) (#4496) 2018-06-08 21:05:40 -07:00
Nick Anderson
e860e8e794
[Fix 4488] Ensure that corrupted DB entries are processed gracefully (#4508) 2018-06-08 20:56:16 -07:00
Filipe Manco
0f66afff6e Set parent to -1 on process_events (#4511) 2018-06-08 15:15:54 -07:00
Babatunde Micheal Okutubo
ffe025e0a3 tables: Report process limits on darwin and linux (#4219) 2018-06-08 10:53:17 -07:00
Alexander
4c2925743e If config update call from extension failed, do not go further (#4517) 2018-06-08 10:15:46 -07:00
Filipe Manco
94c9142ec6
Make gentable.py ignore non *.in template files (#4512) 2018-06-07 19:28:13 -07:00
Filipe Manco
516b0147f0 Move process_event's status to extended schema (#4509) 2018-06-07 16:12:15 -07:00
Max Kareta
0885f86e38
added git clang format pre-commit hook (#4510) 2018-06-07 16:05:46 -07:00
Jason Meller
8456b34993 Add battery virtual table for Darwin (#4168) 2018-06-07 09:47:45 -07:00
Giorgi Guliashvili
6188729295
get rid of unnecessary string conversion (#4506) 
* get rid of unnecessary string conversion

* formating problem corrected
 2018-06-07 08:43:54 -07:00
Giorgi Guliashvili
521041ba86
Ephemeral native support for int (#4489) 
* Ephemeral native support for int

Ephemeral supports int without serialization.
Dump get and put pushed from database.cpp to the database plugin.
Basic support for rocksDB and sqlite

* status messages

* style and compilation problems fix

* const int& to int for database get

* const int& to int for database put

* more specific exception type of boost variant get

* eohemeral improvements

code repetition reduced
map operations reduced
error message improved
 #everything, next in the following.

* safeStrtoi implementation and use

*  code formatting

* atoi accepts base int type

* error message add to status

* compilation error and format correction
 2018-06-06 19:08:23 -07:00
Nick Anderson
49e5c2ed27
events: updating logging verbiage and off-by-one for powershell events (#4502) 2018-06-06 15:57:09 -07:00
Mitchell Grenier
6ea8ceb944
Allow ATC to ignore DB locking (#4414) 2018-06-06 12:30:31 -07:00
Giorgi Guliashvili
13a5e683f1
rocksDB simplify (#4490) 
* rocksDB simplify

unnecessary private variables moved to functions.
Find method replaced by std::find

* reverting back some changes

* code move revert
 2018-06-06 12:17:34 -07:00
Alexander
a1ba0b1371
Use just unique_ptr instead of shared in ImplExtensionClient (#4498) 
There is no intent to shared this objects
 2018-06-06 19:26:03 +01:00
Mitchell Grenier
7b60f97a71
Fix Mojave BSSIDs (#4499) 2018-06-06 09:48:54 -07:00
Scott Lundgren
18564629ac Update docs around the users table to account for Windows (#4421) (#4422) 2018-06-05 23:07:14 -07:00
M Amin
028af7c11b third-party: updated commit ref of third party submodule (#4487) 2018-06-05 21:42:03 -07:00
Daniel Roethlisberger
d326597756 MAC framework is not a supported KPI (#4484) 2018-06-04 11:04:49 -07:00
Alexander
410bd82eac Fixed up resource releasing order UB in ImplExtensionClient (#4463) 2018-06-04 10:51:50 -07:00
Alexander
e6f69e6480 Use std::vector instead of std::list for PackRef in Config implementation (#4485) 2018-06-04 09:46:54 -07:00
Alexander
a4ca8b1048
Rid off the shared_ptr using from config schedule (#4423) 
there is no reason to share this objects
 2018-06-04 10:34:32 +01:00
Nick Anderson
df5ae228dd
bug: fixes initialization of BSTR to be explicit for bios info table (#4481) 2018-06-03 20:21:46 -07:00
Nick Anderson
34b787122f
build: remove PRODUCT_MOBILE_CORE reference and pinning v140 compiler tools (#4482) 2018-06-02 23:12:09 -07:00
Nick Anderson
c7e571e5c3
docs: adding note about extensions using RJ (#4480) 2018-06-02 22:37:03 -07:00
Alessandro Gario
5006a02c27 Bundle C++ extensions into a single executable (#4335) 2018-06-03 02:04:36 +01:00
Allan Liu
566f07e76a tables: text address arg for SMBIOSParser::tables predicate (#4452) 2018-06-02 13:45:44 -07:00
Max Kareta
898b27e00e
parent directory function (#4418) 2018-06-02 20:48:26 +01:00
Allister Banks
eb080626a3 Fix older/broken links (#4473) 2018-06-02 20:47:07 +01:00
Max Kareta
93110701d8
reworked cmake file split database plugins files (#4476) 2018-06-02 20:44:58 +01:00