valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 18:08:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,676 Commits 2 Branches 109 Tags 25 MiB
dd66ce2a93
Commit Graph

106 Commits

Author SHA1 Message Date
Mitchell Grenier
21395f7cb5 Add base64 encode and decoding functions (#3312) 2017-05-24 09:38:10 -07:00
Teddy Reed
e8c39c5572 hashing: Add sha1, sha256, md5 functions (#3267) 2017-05-09 23:55:49 -07:00
Teddy Reed
b3ee6c9a8d tables: Fix table metadata when constraints are used (#3151) 2017-04-12 21:48:28 -07:00
Teddy Reed
69bb69fd6d events: Inspect schedule and improve tests (#3087) 2017-03-20 22:03:09 -07:00
Teddy Reed
3a5aca9c94 Add getQueryTables to inspect tables scanned (#3056) 2017-03-15 18:48:01 -07:00
Teddy Reed
1e71f4aab8 Introduce generator/yield-style virtual tables (#3060) 2017-03-15 18:46:42 -07:00
Teddy Reed
5604a7a99b freebsd: Rollup of build and source fixes (#3022) 2017-02-26 18:25:49 -08:00
Teddy Reed
0de5d3c381 external: Enable external applications through make external (#3023) 2017-02-26 17:38:01 -08:00
Teddy Reed
d1d21cda78 darwin: Use boost shared_mutex for OS X (#3003) 2017-02-15 14:17:40 -08:00
Teddy Reed
691aefe1f8 sql: Reorder SQLite manager mutex locking (#2965) 2017-02-03 22:58:09 -08:00
Teddy Reed
58ed5cc628 Introduce scheduler reload feature (#2917) 2017-01-25 17:48:33 -08:00
lambda-conjecture
721dd1ed62 Fix column order and repeated columns in distributed query (#2926) 2017-01-20 22:52:47 -08:00
Teddy Reed
f9599d60d0 Move Mutex to shared_timed_mutex and add ReadLock (#2915) 2017-01-15 02:16:40 -08:00
Teddy Reed
0e9733f94c Simplify Registry and plugin concepts (#2887) 2017-01-07 12:21:35 -08:00
Teddy Reed
cefaf0cc59 [#2809] Emit verbose warning on column collisions (#2810) 2016-11-30 14:06:19 -08:00
Teddy Reed
59f0bad67c Additional compiler checks, including shadow (#2486) 2016-11-06 01:17:04 -08:00
Teddy Reed
8fc8134d17 Allow TableOptions::Additional to influence cost (#2694) 
This also allows LIKE for OS X's preferences table.
 2016-10-29 23:19:54 -07:00
Teddy Reed
b814fd54dc [Fix #2674] Add SQLite prepare lock to shell_exec (#2677) 2016-10-24 08:25:38 -07:00
Teddy Reed
f0ed918087 [Fix #2644] Check constraint requiremens regardless of expression (#2654) 2016-10-20 09:47:19 -07:00
Teddy Reed
0b1713423c [Fix #1690] Use INDEX options in constraint cost evaluation (#2593) 2016-10-05 15:44:21 -07:00
Nick Anderson
71bd3b6416 Adding gates to non-implemented windows tests (#2563) 2016-09-28 17:15:24 -07:00
Seshu Pasam
0f555c010d Use special base value of '0' that can handle values starting with 0x (#2505) 2016-09-22 13:32:45 -07:00
Teddy Reed
71fff517e5 Add warning for event-based table without events (#2449) 2016-09-08 15:44:32 -07:00
Teddy Reed
81d8a4aa68 Emit warnings for improper 'osquery' table usage (#2432) 2016-09-02 19:13:37 -07:00
yying
84e6a3401a Reducing compiler warnings and fails on warn in VS (#2433) 2016-09-02 15:04:03 -07:00
Teddy Reed
65dd56e113 Introduce table 'attributes' (#2431) 2016-08-31 15:32:20 -07:00
Teddy Reed
a2017f68f1 Add clang-format rules from 3.6 (#2360) 2016-08-15 01:33:17 -07:00
artemdinaburg
e6fbde820e Windows Daemon/Shell: Make osquery code more Windows-friendly (#2188) 2016-07-01 14:56:07 -07:00
Teddy Reed
662b1483d5 Remove unused variable in virtual_table (#2210) 2016-06-30 18:41:43 -07:00
Nick Anderson
cf30388705 Moved test_utils to it's own directory out of core. Updated references (#2154) 2016-06-09 10:49:26 -07:00
Teddy Reed
91b34010df Allow table specs to use multiple row indexes (#2146) 2016-06-07 17:13:48 -07:00
Teddy Reed
763f4e9437 Use SQLite 3.14.0 to support LIKE and EQUALS (#2137) 
This commit bumps the third-party SQLite to the 3.14.0 pre-release (18:59).
With 3.14.0 the LIKE and EQUALS constraint operators may be mixed within a
query. Previously these would fail to produce a valid set.

As part of the support, each virtual table should choose to bypass rowid-based
deduplication using the new "WITHOUT ROWID" create table epilog. This will
be appended to the schema if the table defines a PRIMARY KEY using index=True.
 2016-06-06 09:36:53 -07:00
Teddy Reed
05882d717c Add basic string split and inet_aton functions (#2124) 
The three new SQLite functions:
- split: Splits a column using a set of tokens and a selected index.
- regex_split: Similar to split but with a regex instead of tokens.
- inet_aton: Returns the IPv4 decimal value for a string-formatted address.
 2016-05-29 02:06:02 -07:00
Teddy Reed
37544138b5 Add basic math extension functions (#2123) 2016-05-28 17:46:24 -07:00
Teddy Reed
c4acfe89e5 Introduce table aliases (#2104) 2016-05-19 09:40:43 -07:00
Teddy Reed
b28c4d8d0f Introduce table options (#2101) 
Table options includes a change to the Registry::call API for TablePlugins.
When requesting route information or the 'columns' action, a new 'op' key is included.
 2016-05-18 12:23:52 -07:00
Teddy Reed
947799d28e Introduce within-query caching (#2077) 
This adds a new optimization feature that allows expensive tables to cache
their results between JOINs. Consider JOINing a list of open sockets, for each
process, then requesting to hash each process path. This query may hash
the same path multiple times.

Within-query caching allows the hash table to respond with the previous
result of the hash request as long as the requested computation was the result
of a single query. Subsequent queries will perform subsequent hashing.
 2016-05-09 10:32:33 -07:00
Teddy Reed
192953bcd3 [Fix #2030] Add generate_foreign and --enable_foreign (#2034) 2016-04-11 09:33:45 -07:00
Teddy Reed
ebb0ab30ce Fix shell's --profile switch 2016-03-20 16:05:13 -07:00
Teddy Reed
26c8b5640f Fix various lint issues 2016-03-09 19:55:39 -08:00
Teddy Reed
a6c147700f Allow NULL values, stop using -1 as int/double invalid values 2016-03-09 18:24:17 -08:00
Teddy Reed
afd17f8134 1. Reorganize RocksDB database handle into a plugin 
2. Introduce a SQLite-based database plugin
3. Refactor database usage to include local 'fast-calls'
4. Introduce an 'ephemeral' database plugin for testing (like a mock)
 2016-03-06 20:40:16 -08:00
Teddy Reed
ee1182f526 Add high level join tests for processes, file, and hash 2016-03-03 18:47:55 -08:00
Teddy Reed
489a5e839c [Fix #1874] Update SQLite to 3.12.0 2016-03-02 10:12:41 -08:00
Teddy Reed
b21c2ed943 [#1816] Refactor DB instance management 2016-02-25 19:07:52 -08:00
Teddy Reed
897b2225b1 Add fstests and reduce SQLite scope 2016-02-23 17:09:02 -08:00
Teddy Reed
9a54af29ce Bump sqlite to 3.11.0 2016-02-21 22:40:37 -08:00
Baraa Hamodi
21c2237eca [osquery] Update copyright headers to new format. 2016-02-11 11:48:58 -08:00
Teddy Reed
cf22d4c60e Fix -A/.all contention via do_meta_command 2016-02-06 19:20:25 -08:00
Teddy Reed
7f37304c77 Refactor dispatcher shutdown logic 2016-02-05 01:29:42 -08:00