Summary:
This fixes a regression introduced in D13586036 .
The tailer downstream sometimes determines type by trying to parse the string as an int. We want this to consistently fail to do so when the value is in fact a float.
Reviewed By: SAlexandru
Differential Revision: D14161125
fbshipit-source-id: 8e2bb9c59559a5774813a7c7777257742f885c35
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5452
As suggested in another diff, this diff updates the language we use to describe the osquery licensing terms. We are changing all instances of
//This source code is licensed as defined on the LICENSE file found in the root directory of this source tree.//
to
//This source code is licensed in accordance with the terms specified in the LICENSE file found in the root directory of this source tree.//
We accomplish this with a codemod:
$ codemod -md xplat/osquery/oss --extensions cpp,h,in,py,sh,mm,ps1 "(.\s+)This source code is licensed as defined on the LICENSE file found in the(.*)root directory of this source tree\." "\1This source code is licensed in accordance with the terms specified in\2the LICENSE file found in the root directory of this source tree."
Reviewed By: fmanco
Differential Revision: D14131290
fbshipit-source-id: 52c90da342263e2a80f5a678ecd760c19cf7513e
Summary:
Initial steps to separate plugins from the rest of osquery. On the long run separating plugins will provide more build flexibility such that we can have configurable builds that include only the bits and pieces we actually need per deployment. Reducing the attack surface, possibility of supply chain attacks, binary size, etc.
Move config and config_parser plugins
Reviewed By: marekcirkos
Differential Revision: D14119102
fbshipit-source-id: 0bc956398b3829c6f1013b38ebba2f0fc1071a93
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5408
Move out c++ enums to std::string conversion function from
osquery/utils/error.h to separate module. To be able to use it somewhere else.
Reviewed By: guliashvili
Differential Revision: D13896772
fbshipit-source-id: 0a9f6327d5b2f115ce688446a67677879411eb1f
Summary: before this diff osqueryd was relying on linker order to use right main function, since gtest also contains main function
Reviewed By: guliashvili
Differential Revision: D13897622
fbshipit-source-id: d260b7496f513c7052f4db87c8e7ff9300493671
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5398
The file moved to a different location.
Reviewed By: marekcirkos
Differential Revision: D13817331
fbshipit-source-id: 6bd3947894daa712edae84b71502af997947b9b0
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5373
I made wrapper for the syscall perf_event_open to isolate syscall code definition and use `Expected<>` as a return value.
Reviewed By: mkareta
Differential Revision: D13622565
fbshipit-source-id: 616080a64376d4b042629513ad715b1d2458b8a2
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5375
LICENSE is now defined in a single file on the root of the project, update the
header to contain that information.
**Project LICENSE did not change.**
Reviewed By: akindyakov
Differential Revision: D13750575
fbshipit-source-id: 1e608a81b260b8395f9d008fc67f463160c1fc2b
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5370
Handler to enable event with certain type, get an id of the event and make sure it will be disables afterwards.
Part of a linux `syscalls` tracing system, blueprint: [#5218](https://github.com/facebook/osquery/issues/5218)
Reviewed By: mkareta
Differential Revision: D13621388
fbshipit-source-id: 8adfbe3cc1d87f70538851c5036eae51c93bede8
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5354
eBPF system call osquery wrapper with Expected as a return value and function to check if functionality is supported by current kernel.
Blueprint: [#5218](https://github.com/facebook/osquery/issues/5218)
Reviewed By: mkareta
Differential Revision: D13607442
fbshipit-source-id: 58be84a86aba3fe5e33ca5ab15418976fd36107c
Summary:
While running `misspell` on a different codebase. I happened to notice that some misspellings in the osquery code base. So, I fixed them
Pull Request resolved: https://github.com/facebook/osquery/pull/5256
Reviewed By: guliashvili
Differential Revision: D13670897
Pulled By: fmanco
fbshipit-source-id: 5d33d858284955c376e8c3980acdf366d4edf3d3
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5342
This sort of enumeration is required to pass posix system errors with `Expected<>`
Reviewed By: mkareta, fmanco
Differential Revision: D13608306
fbshipit-source-id: 0b787b12fac915f097dc310b616df507772da455
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5343
Just a parser for the semantic version in string. I gonna use it later to parse kernel version from the `int uname()` result.
Reviewed By: guliashvili
Differential Revision: D13607313
fbshipit-source-id: d6d01fe220f242d3811406dcd63d609feb0d6688
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5346
Let's define win32 api version only inside of buck files, but not in cpp header
Reviewed By: guliashvili
Differential Revision: D13635704
fbshipit-source-id: cd978661ed6f733950363c2ac261811045263ed2
Summary: Some tools does not support virtual headers namespaces and expect header path to match actual file path from project root. This diff will fix few namespaces in utils library
Reviewed By: guliashvili
Differential Revision: D13552878
fbshipit-source-id: 2a06f73550c69777bf73be73abdde297fe580583
Summary:
On C++17 `NODISCARD` maps to a `[[nodiscard]]` attribute, which must
appear at the start of the function signature.
Reviewed By: j-calvert, guliashvili
Differential Revision: D13627821
fbshipit-source-id: d308650cf0188141a4942f528b7ec91825a0c318
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5331
Let's use attributes to prevent such mistakes (see previous diff in the stack)
Reviewed By: guliashvili
Differential Revision: D13504146
fbshipit-source-id: 7cab2dd345599b036fa2a27bf682f2a159fd1c08
Summary:
Manual port of https://github.com/facebook/osquery/pull/5153 to the new build system.
New methods to allow adding larger numeric types.
Reviewed By: guliashvili
Differential Revision: D13422612
fbshipit-source-id: 6b503553f05139351f803ea6fcc5c825e62c35ea
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5318
This is most likely broken and is causing problems with some toolchains (e.g. clang on Ubuntu xenial).
Reviewed By: guliashvili
Differential Revision: D13415457
fbshipit-source-id: b4aa686913d3cfe6bb26089b0525144fae7cc928
Summary: These missing includes make the build fail with some toolchains.
Reviewed By: guliashvili
Differential Revision: D13414926
fbshipit-source-id: b9a7992e37751da81ec1f5a9055703bc1e3cc4bc
