Multiple flags are moved from FLAG to CLI_FLAG due to the way they are
implemented/used in code. If they were FLAG(s), meaning if they were
also configurable via configuration at runtime, the new values would
still be ignored.
These are:
- logger_tls_endpoint
- logger_tls_period
- logger_tls_max
The flag logger_tls_max has been renamed to logger_tls_max_linesize and
an alias is added for compatibility.
A new flag is added, logger_tls_max_lines, to expose a previously
hardcoded value of 1024 for the maximum number of log lines to send
every period.
When a thread different from the main requests a shutdown
through Initializer::requestShutdown, it should not call
waitForShutdown; there's no reason to wait, moreover the function
doesn't only wait, but also actually stops other components and then
finally calls exit().
Since the main thread is already inside the waitForShutdown call
waiting on Dispatcher::joinServices or inside the shutdown() callable
on Windows, having a secondary thread do
the same work potentially at the same time is wrong.
Moreover calling exit() from a secondary thread is most of the time
incorrect.
The waitForShutdown function has been renamed to waitThenShutdown
to better represent what it's actually doing.
On macOS it is possible to have interfaces that have no netmask
set, for example:
| utun1 | 100.xx.xx.xx | | | 100.xx.xx.xx | unknown |
This causes the interfaces test to fail. This change allows the
mask field to be blank and the test to pass on systems with this
type of interface configured.
The sockaddr for this interface has an ifa_netmask with sa_family
set to zero (AF_UNSPEC) which causes getnameinfo(3) to fail.
ifconfig does return a netmask for this interface but it's not
clear if the value is at all meaningful.
Right now, there is no way to tell what platform osquery is running on. We have `os_version.platform` and `os_version.platform_like`, but they are highly inconsistent, and require a lot of custom parsing to use. We should expose the underlying platform bitmask.
This adds the `platform_mask` to the `osquery_info` table.
This replaces https://github.com/osquery/osquery/pull/5488
There is a memory leak when a SQL statement is evaluated and returns an
error while stepping. An example includes returning sqlite3_result_error
from regexStringMatchFunc. The root cause is not finalizing a prepared
statement.
This commit creates a new osquery/main/harnesses directory and moves fuzz-config there.
It removes OSQUERY_FUZZ for a new option OSQUERY_ENABLE_FUZZER_SANITIZERS
It creates a new option OSQUERY_ENABLE_ADDRESS_SANITIZER
The following behaviors are intended:
OSQUERY_BUILD_TESTS=ON will build the fuzzing harness. This configuration is not
intended for fuzzing purposes. OSQUERY_ENABLE_FUZZER_SANITIZERS=ON will also build
the fuzzing harness. However if this variable is true, it also requires
OSQUERY_ENABLE_ADDRESS_SANITIZER=ON and either CMAKE_BUILD_TYPE=Release or
RelWithDebInfo This configuration is actually intended for fuzzing.
CMake utility functions(generateOsqueryExtensionGroup,addOsqueryExtensioni{Ex},
addOsqueryModule) to add extensions.
Updates the boost library submodules needed for extensions build.
Use cache variable(OSQUERY_EXTENSION_GROUP_NAME) for the grouping of extensions
and fix the linkage with osquery interface library.
Instead of moving a patched submodule from source to build directory,
we copy it and then hard reset the submodule to its original HEAD.
Minor message change when a library fails to be imported.
When requesting kSecClassIdentity items from the keychain sometimes
invalid items are returned. These cause errSecInvalidItemRef to
be returned from SecKeychainItemCopyAttributesAndData and result
in an empty row in the table. Catch the error and avoid returning
empty rows.
* Fix packaging regression on Windows
Component variables should be set only for Linux and macOS,
otherwise on Windows the internal WiX IDs change and the
WiX fragment patch won't work.
Cleanup the version patch component, since WiX doesn't support
version components that are not digits.
* Add the rpm package to the CI Dockerfile, to test rpm packaging
* Fix TGZ generation on other platforms
* Add dpkg-dev and file packages to the CI Dockerfile
They are needed for creating DEB debug packages.
* Add a packaging steps to the CI
Set TGZ as a default packaging system when one cannot detected.
Fix generatePackageTarget indentation.
PR osquery/osquery#5464 makes it impossible to call plugins
which are only registered in the core, as its happening with osquery/osquery#5839.
What happens when this is working is that the filesystem plugin is not present
in the extension registry, so when Registry::call tries to search for a plugin
that provides the "config" feature, it won't find one and the resulting plugin name,
and later item_name, will be empty.
This results in the RegistryInterface::call reroute the call to the core,
through Thrift, which will end up in the plugin correctly answering.
During the first configuration, the git command is searched
when submodules are initialized and it's then saved into a cache variable.
If though we delete the build folder and run configure again,
the submodules won't be initialized again, so the git command
won't be cached and visible to CMake.
Therefore we need to search for it each time.
Cleanup dead/deprecated code.
This enables a component install for DEB (only). This is required in
CMake version 3.17.0 (planned) and lower to produce a debuginfo version.
One side-effect is we have to gate the stripping for DEB.
- Reorder `add_library(osquery_thirdparty_extra_c_settings INTERFACE)`
for consistency
- Use correct target link library in osquery_thirdparty_extra_*_settings
Since normally the tests are run on a more complete VM or physical host,
we create fake empty packages to install so that
the test DebPackages.test_sanity doesn't fail.
