valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,765 Commits 2 Branches 109 Tags 25 MiB
b9f1e94fc8
Commit Graph

17 Commits

Author SHA1 Message Date
Jonathan Keljo
b9f1e94fc8 Prefactor: QueryData -> TableRows for virtual tables 
Summary:
Continuing to march toward low-overhead, type-safe table rows, this commit introduces
a distinction between rows being returned from a table (`TableRows`) and as the
result of a query (`QueryData`). Right now the two are simply aliases for each other;
that will change shortly.

(Adapted from https://github.com/facebook/osquery/pull/5198)

Reviewed By: guliashvili

Differential Revision: D13438019

fbshipit-source-id: 6563fc8c372d9d6c4b05705943ddf39b42260feb
 2019-01-09 13:50:15 -08:00
Jonathan Keljo
898ed37dfb Table for OSX Running and Active Applications 
Summary:
This is a manual port of https://github.com/facebook/osquery/pull/5216 to the new build system.

This table allows you to fetch a list of running applications on OSX. Contains PID, Bundle ID and whether or not the application is in focus. (The latter can be used to figure out what application was being used at a given moment.)

Reviewed By: guliashvili

Differential Revision: D13422150

fbshipit-source-id: 236b28d9140a9a9062fb913815d0c9f1da21c8b5
 2018-12-12 09:17:19 -08:00
George Guliashvili
c80bd28e5f inotify_tests buckify 
Summary: inotify_tests buckify

Reviewed By: fmanco

Differential Revision: D13399806

fbshipit-source-id: 2ea33d61c9a3f48cf3914ed2f8e60b5012e5808c
 2018-12-11 08:29:15 -08:00
George Guliashvili
059645a078 buckify fsevents test 
Summary: buckify fsevents test

Reviewed By: akindyakov

Differential Revision: D13399058

fbshipit-source-id: d8ee81aa203cc8ffc30cf53922e4a76426604c4b
 2018-12-11 08:29:15 -08:00
Alexander Kindyakov
3bbe6c511f win_timestamp column of time table is windows specific 
Reviewed By: guliashvili

Differential Revision: D13398138

fbshipit-source-id: 9c37c50d551770ba55e175dca633ba85b94b6753
 2018-12-11 03:31:18 -08:00
Alexander Kindyakov
bcf0ab8e3a interface column of routes table could be empty on windows 
Summary: also type could be [remote] as well

Reviewed By: guliashvili

Differential Revision: D13398132

fbshipit-source-id: 3cc56b612ff9984f20ad74e1a0a9d356e97b8967
 2018-12-11 03:31:18 -08:00
Alexander Kindyakov
7bceba4bdc Name column in programs table could be emtpy on windows 
Reviewed By: guliashvili

Differential Revision: D13398137

fbshipit-source-id: 4999bccfae56a6ef5eb27e5304ca32c04d22203a
 2018-12-11 03:31:18 -08:00
Alexander Kindyakov
0adb5df8b7 Fix up os_version table integration test 
Summary:
- column patch could be empty on windows
  - install_date was misstyped

Reviewed By: guliashvili

Differential Revision: D13398136

fbshipit-source-id: bf0b2fa1ecc7e51312eaa3a8d3ba42f70be6749b
 2018-12-11 03:31:18 -08:00
Alexander Kindyakov
3cda36c4d3 Fix up ntdomains table integration test for windows: most of the columns could be empty 
Reviewed By: guliashvili

Differential Revision: D13398139

fbshipit-source-id: 31ab035701927f75dd7d3e6e8005ecf2475b03ed
 2018-12-11 03:31:18 -08:00
Alexander Kindyakov
8687d8b4fa Fix up logged_in_users table integration test for windows: column pid could be -1 
Reviewed By: guliashvili

Differential Revision: D13398134

fbshipit-source-id: 39371da1c7669325eb73859859ae22b309a982d1
 2018-12-11 03:31:18 -08:00
Alexander Kindyakov
43e25c5e35 Fix up interface_details table integration test for windows: some colums could be empty on windows 
Reviewed By: guliashvili

Differential Revision: D13398135

fbshipit-source-id: d662567e19dce9d1703c86496cd7b51b38953d71
 2018-12-11 03:31:17 -08:00
Alexander Kindyakov
e8354cd9ca Fix up hash table integration test for windows: ssdeep is posix specific column 
Reviewed By: guliashvili

Differential Revision: D13398133

fbshipit-source-id: e873724e4954951924180ebe4dfa05a7a9487f96
 2018-12-11 03:31:17 -08:00
Alexander Kindyakov
00b9084397 Sort a bit out tables integration tests by target platforms 
Summary: accordint to osquery/specs/BUCK platform specification

Reviewed By: guliashvili

Differential Revision: D13398140

fbshipit-source-id: 64c44c33c39920f33c4647646f66b48e707ef5b4
 2018-12-11 03:31:17 -08:00
George Guliashvili
c58f69bba2 fix macos test 
Summary: mac address can be incomplete, lets add it in the verifier.

Reviewed By: fmanco

Differential Revision: D13377450

fbshipit-source-id: 057549d058f292fac7969adb242da2e313922c53
 2018-12-11 03:31:17 -08:00
George Guliashvili
3775b82cdb auditprocess_file_events_tests buckify 
Summary: auditprocess_file_events_tests buckify

Reviewed By: fmanco

Differential Revision: D13377453

fbshipit-source-id: 819d56b42eb55aefcb403003f0ad6fc46b481bf0
 2018-12-11 03:31:17 -08:00
George Guliashvili
e28335998a events_database_tests buckify 
Summary: events_database_tests buckify

Reviewed By: akindyakov

Differential Revision: D13377334

fbshipit-source-id: c347f05e66af2c0777857352b591b8dad83e7317
 2018-12-11 03:31:17 -08:00
George Guliashvili
971bee4441 Move build system to BUCK 
fbshipit-source-id: 8ffef5e6a393ac67ce56dcb74845402e43d964a0
 2018-12-07 16:12:35 +00:00