Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5452
As suggested in another diff, this diff updates the language we use to describe the osquery licensing terms. We are changing all instances of
//This source code is licensed as defined on the LICENSE file found in the root directory of this source tree.//
to
//This source code is licensed in accordance with the terms specified in the LICENSE file found in the root directory of this source tree.//
We accomplish this with a codemod:
$ codemod -md xplat/osquery/oss --extensions cpp,h,in,py,sh,mm,ps1 "(.\s+)This source code is licensed as defined on the LICENSE file found in the(.*)root directory of this source tree\." "\1This source code is licensed in accordance with the terms specified in\2the LICENSE file found in the root directory of this source tree."
Reviewed By: fmanco
Differential Revision: D14131290
fbshipit-source-id: 52c90da342263e2a80f5a678ecd760c19cf7513e
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5451
This diff adds a Facebook copyright header to the bzl files used in osquery. Ultimately we want to update the files in `tools/build_defs/oss/osquery/`, but those are generated files. This diff updates the source files which we use to generate those files.
Reviewed By: fmanco
Differential Revision: D14131483
fbshipit-source-id: 2230dc382c26530ccd0909882fe6193ee7c674fb
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5445
This diff adds a Facebook copyright header to files in the osquery open source repository which:
* Facebook owns
* Do not currently have a Facebook copyright header
Reviewed By: marekcirkos
Differential Revision: D14122845
fbshipit-source-id: 5a0fea10189ec4ec893f7a036911fd51de0e01ae
Summary: Removing flag which was declared but never used. enable_monitor
Reviewed By: marekcirkos
Differential Revision: D13958265
fbshipit-source-id: 3a812330950b101abdbd83ada4afd5b262cabd26
Summary:
This diff adds Xcode support for osquery.
Part of this diff will be reverted in future after adding prebuilt library and platform deps support to buck.
To use it you need to build osquery in debug mode and then run buck with following flags:
--config osquery.xcode=true --config project.ide=xcode
Reviewed By: SAlexandru
Differential Revision: D13903315
fbshipit-source-id: 4d131964d7a61236f25d917dc060a2f3c3d782bc
Summary: before this diff we were using -O flag, which equals to -O2, and our debug builds were optimized, which make debug much harder
Reviewed By: fmanco
Differential Revision: D13956134
fbshipit-source-id: b358d8fd68c8f5d51ae6d4c2033e7ec3afdd50d2
Summary:
Not every environment requires all tables, this diff introduce flag that allows you mark table as foreign. New option should be used in conjunction with target filer.
Example:
> buck build ... --config osquery.target_ignore_list="smart" --config osquery.spec_ignore_list="smart/smart_drive_info.table" -- -S
Reviewed By: fmanco
Differential Revision: D13942107
fbshipit-source-id: fb34d6b7a296f69f6b95bf17bfd19cee31b34dec
Summary:
Not every environment require all osquery feature, with this diff you can specify targets that you want to ignore, together with all sub tree of deps. To use this you need to specify new osquery config like:
[osquery]
target_ignore_list="kafka_producer"
Or from command line:
--config osquery.target_ignore_list="kafka_producer"
This also includes killswitch that force buck to build all targets. This is needed when you have local buckcofig with ignore list and want to build all without modifying config.
--config osquery.force_build_all=true
Reviewed By: fmanco
Differential Revision: D13941689
fbshipit-source-id: 3c4e1b4cda4d74f33fb914ba2c3a17df4710d5d3
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5405
this should find where VS is installed and set the buck flags properly.
Have tested on my VM and the paths are ok. This only works for 2017 and newer (hopefully)
I'm not sure how future proof this is, Microsoft usually changes directory structures randomly.
Reviewed By: muffins
Differential Revision: D13762391
fbshipit-source-id: 894e6a6d5888e13ab646ca9cb4a0d604bcf53ee5
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5385
Left shift with >= 31 steps was done to integer type. Using unisgned long long(1ULL) instead of the int (1).
Reviewed By: fmanco
Differential Revision: D13751355
fbshipit-source-id: 4564b33e2d26a0cb459ee86d180c0af492fa1f43
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5383
It is better supported and also allows us to generate Xcode project
Reviewed By: akindyakov
Differential Revision: D13761638
fbshipit-source-id: 4a1cec6106f5e427e23a85ccee9760579ec4d597
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5375
LICENSE is now defined in a single file on the root of the project, update the
header to contain that information.
**Project LICENSE did not change.**
Reviewed By: akindyakov
Differential Revision: D13750575
fbshipit-source-id: 1e608a81b260b8395f9d008fc67f463160c1fc2b
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5365
Rather than having two copies of the same implementation it would be better to just bridge it's implementation
Reviewed By: akindyakov
Differential Revision: D13684438
fbshipit-source-id: 3faf5ddfcc302b6e1e59613169905497d6e98504
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5366
Rather than having two copies of the same implementation it would be better to just bridge it's implementation
Reviewed By: akindyakov, fmanco
Differential Revision: D13684437
fbshipit-source-id: 95693317c7219ea1d0e0b94f604bd61c4e3a444f
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5364
Rather than having two copies of the same implementation it would be better to just bridge it's implementation
Reviewed By: akindyakov, fmanco
Differential Revision: D13671592
fbshipit-source-id: e8f9ebbaee587e4f28f63bef3561a84559c278ab
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5363
Rather than having two copies of the same implementation it would be better to just bridge it's implementation
Reviewed By: akindyakov, fmanco
Differential Revision: D13671460
fbshipit-source-id: d1b1b1097ede178d0d645a8ef886f8cecb9e302a
Summary:
While running `misspell` on a different codebase. I happened to notice that some misspellings in the osquery code base. So, I fixed them
Pull Request resolved: https://github.com/facebook/osquery/pull/5256
Reviewed By: guliashvili
Differential Revision: D13670897
Pulled By: fmanco
fbshipit-source-id: 5d33d858284955c376e8c3980acdf366d4edf3d3
Summary:
Pull Request resolved: https://github.com/facebook/osquery/pull/5346
Let's define win32 api version only inside of buck files, but not in cpp header
Reviewed By: guliashvili
Differential Revision: D13635704
fbshipit-source-id: cd978661ed6f733950363c2ac261811045263ed2
Summary:
Continuing to march toward low-overhead, type-safe table rows, this commit
introduces the code generation for said rows. Nothing uses it yet; see the
next commit for that.
(Adapted from https://github.com/facebook/osquery/pull/5199)
Reviewed By: guliashvili
Differential Revision: D13438017
fbshipit-source-id: 959a6e092aee38d33e1c6539cbe14b85172c0135
Summary:
Continuing to march toward low-overhead, type-safe table rows, this commit
changes `TableRow` to be an interface rather than simply an alias for `Row`.
Accordingly, `DynamicTableRow` becomes an implementation of that interface
backed by a `Row`. The few remaining pieces of code that treated `TableRow`s as
`Row`s now call methods on the `TableRow` interface. Subsequent commits will
add code generation for strongly-typed table-specific implementations of
`TableRow`.
(Adapted from https://github.com/facebook/osquery/pull/5198)
Reviewed By: guliashvili
Differential Revision: D13438015
fbshipit-source-id: 61d5547e878e519c9706f94f844aab9d3e553410
Summary:
Continuing to march toward low-overhead, type-safe table rows, this commit introduces
a distinction between rows being returned from a table (`TableRows`) and as the
result of a query (`QueryData`). Right now the two are simply aliases for each other;
that will change shortly.
(Adapted from https://github.com/facebook/osquery/pull/5198)
Reviewed By: guliashvili
Differential Revision: D13438019
fbshipit-source-id: 6563fc8c372d9d6c4b05705943ddf39b42260feb
Summary:
Hand port of https://github.com/facebook/osquery/pull/5154 to the new build system
I'm moving toward generating constants for each column so that we
can do used column lookups without having to do a string set lookup,
but first I need to have the used columns information plumbed through
as a bitfield.
Once the code generation is in and all cases have been migrated to it,
I'll remove the string variants of `isColumnUsed`/`isAnyColumnUsed`.
Reviewed By: guliashvili
Differential Revision: D13423615
fbshipit-source-id: 6a2afe7dad42942610dfe0f6f55bcee4603a25af
Summary:
This is a manual port of https://github.com/facebook/osquery/pull/5216 to the new build system.
This table allows you to fetch a list of running applications on OSX. Contains PID, Bundle ID and whether or not the application is in focus. (The latter can be used to figure out what application was being used at a given moment.)
Reviewed By: guliashvili
Differential Revision: D13422150
fbshipit-source-id: 236b28d9140a9a9062fb913815d0c9f1da21c8b5
* Add LIBRARY_PATH environment variable to sync.sh so that "make sync" works as expected to find libraries
needed to link. Added 2nd parameter (libraries path) to CMakeList.txt when calling sync.sh
* Revert database CMakeLists.txt change - as was for testing
* Add indentation to sync.sh
* Fix indentation on tool/sync.sh
