valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 09:58:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,938 Commits 2 Branches 109 Tags 25 MiB
ea766bcd3a
Commit Graph

3005 Commits

Author SHA1 Message Date
George Guliashvili
a31d7582f4 Fix rocksdb crash 
Configuration of OptimizeForSmallDb was crashing osquery. To be more specific ColumnFamilyOptions::OptimizeForSmallDb part was doing it.
 2018-12-07 16:00:46 +00:00
George Guliashvili
a32ed7c45d Fix random port problem 
random port was not really random. Seed was never set so it was generating the same port.
 2018-12-07 16:00:46 +00:00
Marek Cirkos
6a64e353e9 Refactor battery table and return some information even if advanced information is missing 2018-12-07 16:00:46 +00:00
Filipe Manco
bf4c0a3117 Move iptables querying to a C based proxy 
The iptables uapi kernel headers are incompatible with C++. To avoid
depending on modified kernel headers query iptables from a C based
proxy. This is a temporary solution until the problem is fixed on
upstream Linux.
 2018-12-07 16:00:36 +00:00
packetzero
5188ce5288 update aws-sdk-cpp 1.4.55 on windows (#5255) 2018-10-29 21:24:29 +00:00
Nick Anderson
0314871908
bug: explicitly set safe permissions on osquery dbs (#5229) 2018-09-18 22:51:29 -07:00
Michael McGrew
e6302379fd Add per process performance data to windows processes table (#5224) 2018-09-18 20:59:35 -07:00
James Jerger
b8d7243aa9 Add InstallDate to os_version for Windows (#5226) 2018-09-14 16:07:37 -07:00
Giorgi Guliashvili
7bac8cb7f6
remove old boost bug supprot (#5221) 2018-09-14 23:51:44 +01:00
Nick Anderson
bf93fcf2f9
database: changing default path of the database for pathing uniformity (#4832) 2018-09-14 11:36:24 -07:00
James Jerger
e10b243ecf Add NTDomain Table for Windows (#5152) 2018-09-14 11:25:49 -07:00
Max Kareta
61d415c6bc
added database migration class (#5112) 2018-09-14 20:58:03 +03:00
Adrien Schildknecht
bdf504f6b6 tables: netmask should be an integer (#5217) 2018-09-14 16:13:37 +01:00
Alessandro Gario
52805dca44 chrome_extensions: Use the translation dictionary with case insensitive keys (#5215) 2018-09-14 16:06:31 +01:00
Giorgi Guliashvili
53a48d8fb4
posix profiling (#5187) 2018-09-14 16:04:28 +01:00
Giorgi Guliashvili
70806ae4fc
numeric_monitoring recursive sync record (#5204) 2018-09-14 12:17:24 +01:00
Alexander
dcd653ce33
Create helper functions to get CPU cores info on linux (#5209) 
Helper functions to get CPU cores info exposed via sysfs on linux.
I need this information to use kprobes in osquery on linux.
 2018-09-14 11:32:25 +01:00
Alexander
8ab08ed6c0
Prepare the filesystem directories in initialisation routine (#5207) 
Create directory for the database only if database is switched on and do not fail on unsuccessful creation, just write down a message to log.
 2018-09-14 11:19:07 +01:00
Alexander
9b3e14789b
Non throwing directory creation function. (#5206) 
Directory creation function to osquery/filesystem.h

Status was used as a return value, as far as all function in this file operate with Status not Expected. Let's move from Status to Expected in another PR.
 2018-09-12 11:48:11 +01:00
Alessandro Gario
e2f1a11d75 Add a 'permission' field to the chrome_extensions table (#5193) 2018-09-12 01:03:36 +01:00
Giorgi Guliashvili
9bfd3f4a2d boost throwing is_directory bug (#5208) 2018-09-11 16:54:37 -07:00
yying
6e9f23a0e2 Add ReleaseDate to table for platform_info queries on Windows (#5182) 2018-09-10 17:05:44 -07:00
Adrien Schildknecht
0b686c4834 Add interface_ipv6 table (#4903) 2018-09-10 05:50:03 +02:00
Adrien Schildknecht
07961f314c [Table sanity check] routes & arp_cache (#5189) 2018-09-10 05:47:52 +02:00
Alexander
2ddd10b3df
Remove the rest of the safeStrto* function from conversion.h (#5190) 
Remove the rest of the safeStrto* function from conversion.h
Used tryTo<> from PR #4676 instead
 2018-09-07 15:48:15 +01:00
Alexander
b44110aaaa
Expected::takeOr have to accept rvalue as an argument (#5191) 
Fix up checking the type for argument in template definition.
Fixes: #5190
 2018-09-07 14:59:10 +01:00
Giorgi Guliashvili
ceb3e6896d
dispatcher static destructor (#5192) 2018-09-07 14:47:46 +01:00
Alexander
0f0440fa61
Removing potentially risky method getOr(T const&) from Expected (#5174) 
Too dangerous, because it is so easy to create a dangling reference (to local object for instance) with it.

It was discussed in terms of PR #4833
 2018-09-07 11:49:47 +01:00
Allan Liu
5457ef0ea9 tables: add pci_class_id and pci_subclass_id to pci_devices (#5183) 2018-09-06 01:05:11 +01:00
Allan Liu
37ae0ef4d5 tables: augment pci_devices table on linux with pci_subclass (#5175) 2018-09-05 20:20:27 +01:00
Giorgi Guliashvili
bf95191e5c
total number of queries sent numeric_monitor (#5172) 2018-09-04 16:30:37 +01:00
Alessandro Gario
6c59b6df38 intel_me_info/Windows: Fix the buffer size for the GetFirmwareVersion command (#5111) 2018-09-04 14:50:56 +01:00
Giorgi Guliashvili
f903ec02bc
monitor number of times osquery starts (#5171) 2018-09-04 14:05:11 +01:00
Giorgi Guliashvili
2cfaf8aa94
numeric monitoring aggregation types (#5169) 2018-09-04 13:49:04 +01:00
Giorgi Guliashvili
87a8260a5e
integration test helper NonNegativeOrErrorInt (#5150) 2018-09-04 13:48:12 +01:00
Giorgi Guliashvili
c301e361ca
executing query monitor under killswitch (#5170) 2018-09-03 18:02:40 +01:00
Giorgi Guliashvili
1a7e241483
[Table sanity check] kernel_info (#5140) 2018-08-31 20:21:41 +01:00
Alexander
5835484027
[Table sanity check] Integration test for the registry table (#5155) 
Fixes: #5034
 2018-08-31 17:45:04 +01:00
Giorgi Guliashvili
9fa67def23
allow numeric_monitoring flush for non testing purposes (#5156) 2018-08-31 17:38:32 +01:00
Giorgi Guliashvili
120e061c64
[Table sanity check] process_open_files (#5145) 2018-08-31 17:37:30 +01:00
Alexander
c23cc190ae
[Table sanity check] Integration test for the 'apt_sources' table (#5157) 2018-08-31 17:32:51 +01:00
Alexander
ba08abb982
[Table sanity check] Integration test for the known_hosts table (#5130) 
Fixes: #4879
 2018-08-31 16:07:38 +01:00
Alexander
11c38ad99d
[Table sanity check] sanity check for the table interface_details (#5143) 2018-08-31 15:14:29 +01:00
Alexander
5db628b7e8
Make more talkative in terms of unexpected columns (#5149) 2018-08-31 14:50:49 +01:00
Alexander
dad4507725
[Table sanity check] Integration test for the table (#5147) 2018-08-31 14:49:51 +01:00
Alexander
831becc7d2
[Table sanity check] sanity check for the table logged_in_users (#5144) 2018-08-31 14:48:53 +01:00
Alexander
2b24cf22de
[Table sanity check] sanity check for the table interface_addresses (#5142) 2018-08-31 14:28:26 +01:00
Giorgi Guliashvili
29550c0ecc
[Table sanity check] memory_map (#5146) 2018-08-31 12:15:59 +01:00
Giorgi Guliashvili
e01149d51e
[Table sanity check] programs (#5141) 2018-08-31 10:41:59 +01:00
Filipe Manco
fe5c7d990c
[Table sanity check] sanboxes (#5137) 2018-08-31 10:40:00 +01:00
Giorgi Guliashvili
b5e1cdc81a
[Table sanity check] user_group (#5128) 2018-08-31 10:25:21 +01:00
Mathieu Martin
c7803fdefd Fix typo. It's Comma, not Coma :-) (#5151) 2018-08-30 21:42:13 +01:00
Alexander
723f077c3b
Add quotes for the key and value in assertion messages (#5148) 2018-08-30 18:15:51 +01:00
Giorgi Guliashvili
566dd75671
[Table sanity check] file (#5126) 2018-08-30 18:15:29 +01:00
Alexander
e901bb35e8
Fix up wrong integer types from validating values from the tables (#5133) 2018-08-30 10:56:08 +01:00
Filipe Manco
7214331832
[Table sanity check] time (#5123) 2018-08-30 10:44:37 +01:00
Filipe Manco
40a770025c
[Table sanity check] process_events (#5132) 2018-08-30 10:02:45 +01:00
Filipe Manco
873c6555d0
[Table sanity check] os_version (#5124) 2018-08-30 09:39:43 +01:00
Teddy Reed
7a2bc0bc28
virtual tables: Handle SQLite3 BLOB_TYPE (#5118) 2018-08-29 21:40:33 -04:00
Giorgi Guliashvili
637d301853
validate rows assert debugging (#5125) 2018-08-29 20:16:00 +01:00
Alexander
f7b5447871
Use just std::function for custom validator in table integration tests (#5129) 2018-08-29 18:48:49 +01:00
Alexander
80bfdf914c
[Table sanity check] Integration tests for deb_packages (#5120) 
[Table sanity check] Integration tests for deb_packages
 2018-08-29 18:04:15 +01:00
Max Kareta
85d78c768e
[Table sanity check] crontab (#5127) 2018-08-29 16:16:23 +01:00
Alexander
7ed337d008
[Table sanity check] Integration test for the linux kernel modules table (#5121) 2018-08-29 15:13:38 +01:00
Max Kareta
ba1a933b90
[Table sanity check] system info (#5119) 2018-08-29 12:53:38 +01:00
Filipe Manco
59925a2706
[Table sanity check] hash (#5122) 2018-08-29 12:42:19 +01:00
Giorgi Guliashvili
a06af88b18
simplify logger initilization (#5078) 2018-08-29 00:21:59 +01:00
Giorgi Guliashvili
d5ccbd1813
treat warnings as error only in the osquery core (#5113) 2018-08-28 17:22:06 +01:00
Alessandro Gario
3082b7cb87 socket_events: Use local_port/local_address for bind() (#5098) 2018-08-28 15:52:36 +01:00
Alexander
6a460f22c7
RAII based scope guard class (#4980) 
To be sure that resources are always released/removed/closed/verified/stoped
in face of multiple return statements from the function.
 2018-08-28 12:32:02 +01:00
Alexander
dcfe83a0aa
Helper functions tryTake, tryTakeCopy to lookup in key-value tables (#4833) 
There are a lot of lookups in the maps the osquery code. Most of them are verbose and not-optimal with check if such key exists in the table before get access. Some of them consists error e.g.:
```c++
    r["uid"] = row.count("uuid") > 0 ? row.at("uid") : "";
```
Introduced code will help to avoid the most of such problems.
 2018-08-28 12:31:10 +01:00
Jibola
e05be701ed Expand "opaque" values in system_controls table (#5082) 2018-08-28 11:52:06 +01:00
Alexander
ae09a6e95b
Fix up debug build for InMemoryDatabaseTest (#5086) 
Fix up debug build for InMemoryDatabaseTest

  - add checks for return status of the operations
  - fix up check funtion for types in DB
 2018-08-28 11:22:57 +01:00
Adrien Schildknecht
d7b701cb2a Implement setThreadName() for FreeBSD (#5097) 
FreeBSD supports renaming threads with pthread_np.
The difference with Linux or Darwin is that there's no error code:
  "Because of the debugging nature of this function, all errors that may
   appear inside are silently ignored"
This isn't really a problem because thread names are meant for debugging
and osquery does not check the retun value of `setThreadName()` anyway.

Test plan:
  adrs@freebsd: procstat -t `pidof old_osqueryi`
    PID    TID COMM                TDNAME              CPU  PRI STATE   WCHAN
   7612 100059 osqueryi            -                    -1  152 sleep   ttyin
   7612 100162 osqueryi            -                    -1  152 sleep   uwait
   7612 100163 osqueryi            -                    -1  152 sleep   select
  adrs@freebsd: procstat -t `pidof osqueryi`
    PID    TID COMM                TDNAME              CPU  PRI STATE   WCHAN
   7278 100151 osqueryi            -                    -1  120 sleep   ttyin
   7278 100160 osqueryi            ExtensionWatcher     -1  120 sleep   uwait
   7278 100161 osqueryi            ExtensionRunnerCore  -1  131 sleep   select
 2018-08-28 11:11:11 +01:00
Giorgi Guliashvili
fd5b103c63
rearrange initLogger disable capabilities (#5077) 2018-08-27 17:33:10 +01:00
Max Kareta
78020a127e
added stubs for sanity checks (#5109) 2018-08-27 17:21:26 +01:00
Giorgi Guliashvili
21228c3172
put config backup feature behind killswitch (#5100) 2018-08-27 17:16:43 +01:00
Max Kareta
63fb35af74
added uptime sanity check (#5108) 2018-08-27 17:00:40 +01:00
Max Kareta
5dc0e5a7d5
added integration tests target and helper functions to tests table sanity (#5107) 2018-08-27 15:25:28 +01:00
Allan Liu
a17d6b5963 SMBIOS oem_strings table (#4849) 2018-08-22 20:02:40 -04:00
Giorgi Guliashvili
5f9552fa0e
writeTextFile optional mode argument (#5081) 2018-08-22 14:23:01 +01:00
Alexander
b6edf00892
Make error messages in Expected check different to distinguish problems (#5088) 
Make error messages in Expected check different to know for sure which check is failed.
 2018-08-22 13:26:55 +01:00
Giorgi Guliashvili
2a9a9ef666
cleanup after the primary logger concept removal (#5089) 2018-08-22 01:58:00 +01:00
Giorgi Guliashvili
81d53394fa
unused code after refactor (#5083) 2018-08-21 21:25:48 +01:00
Giorgi Guliashvili
dc3bb9ebba
remove unused force_permissions (#5080) 2018-08-21 20:58:52 +01:00
Max Kareta
cbfcd875cd
disk_encryption macOS, fix for issue #4658 (#4691) 2018-08-21 18:45:56 +01:00
Filipe Manco
d0486499ea
Log when an extension is registered or dies (#5076) 2018-08-21 10:31:20 +01:00
Giorgi Guliashvili
fa98cd5cc6
get rid of aliased flag log_result_events (#4970) 2018-08-20 20:42:40 +01:00
Giorgi Guliashvili
b30af3b6f2
remove primary logger concept (#4969) 2018-08-20 20:38:26 +01:00
Giorgi Guliashvili
77b0dbffa7
Match how logger_min_status works to doc (#4977) 2018-08-20 15:37:33 +01:00
Giorgi Guliashvili
13bdf72682
default logtostderr to true (remove logStderrOnly) (#4971) 2018-08-20 15:36:52 +01:00
Giorgi Guliashvili
5314fc6034
Match how logger_min_stderr works to doc (#4978) 2018-08-20 15:11:29 +01:00
Filipe Manco
2f50d1a13d Correct --enable_extensions_watchdog description (#5066) 2018-08-20 14:35:26 +01:00
Adrien Schildknecht
a86603e9fd route table: get the value of the MTU on Linux (#4981) 2018-08-20 14:27:37 +01:00
Giorgi Guliashvili
561fda3aa0
config backup (#4935) 2018-08-20 14:24:24 +01:00
Giorgi Guliashvili
84698b3e84
get rid of alias verbose_debug and debug (#4972) 2018-08-20 14:17:03 +01:00
Max Kareta
78ba6e0e62
rocksdb implementation part (#4912) 2018-08-20 12:49:56 +01:00
Teddy Reed
512f775c58
Remove boost SHA1 UUID dependency (#5070) 2018-08-19 21:55:00 -04:00
ryandeivert
68be4f10fa [aws] adding aws proxy support in ClientConfiguration (#4850) 2018-08-17 10:25:10 +01:00
Allan Liu
9091fd98a5 pci_devices: model and vendor information from system PCI db && add subsystem info (#4391) 2018-08-16 23:51:38 +01:00
Adrien Schildknecht
fc88135f3b route table: properly display the default IPv6 route on Linux (#4934) 2018-08-16 23:43:09 +01:00
Teddy Reed
b0815c78c7
tables: Harden SMBIOS data parsing (#4853) 2018-08-15 12:23:01 -04:00
Teddy Reed
c62ebce5c4
libfuzz: Add SMBIOS table fuzzing (#4852) 2018-08-15 12:03:03 -04:00
Allan Liu
2081cf8e02 tables: fix cpu_physical_cores and cpu_logical_cores on linux (#4848) 2018-08-14 15:30:38 +01:00
Adrien Schildknecht
ba1bde1d8f Add hopcount entry to the 'routes' table (#4900) 2018-08-14 15:29:50 +01:00
Giorgi Guliashvili
ce0592b464
fix set thread warnings (#4911) 2018-08-14 14:16:53 +01:00
Giorgi Guliashvili
82212e0de4
fix freebsd warning incorrect comparison (#4910) 2018-08-14 12:21:59 +01:00
Giorgi Guliashvili
2296fe0603
fix unused lambda captures warning (#4908) 2018-08-14 12:21:15 +01:00
Giorgi Guliashvili
79f8307d2f
fix unused lambda capture warning (#4909) 2018-08-14 12:20:38 +01:00
Giorgi Guliashvili
c50a0c4b08
ignore osx warning (#4907) 
ignore -Wdeprecated osx warning
 2018-08-14 12:19:27 +01:00
Jason Meller
1c42e21750 A missing Gatekeeper prefs file indicates it is on (#4856) 2018-08-13 11:36:00 +01:00
Giorgi Guliashvili
135bc9d1cf
clang flexible-array-extensions warnings fix (#4857) 2018-08-13 09:53:00 +01:00
Giorgi Guliashvili
cf59b05bf4
removed additional unused function signatures (#4844) 2018-08-11 20:24:21 +01:00
Alexander
f850714642
Remove safeStrtol from conversion.h (use tryTo<long> instead) (#4768) 2018-08-10 11:05:57 +01:00
Max Kareta
00ad073574
added in memory db (#4797) 2018-08-09 15:10:07 +01:00
Giorgi Guliashvili
47f07f8f06
resolve -Wwritable-strings warning (#4831) 2018-08-09 13:31:50 +01:00
narendhar15
40f1320bfa Add constness for the methods of class WmiRequest (#4807) 2018-08-09 10:16:49 +01:00
Giorgi Guliashvili
6ff3262139
regex replace (#4847) 2018-08-09 09:55:48 +01:00
Allan Liu
6e8f7eac9a tables: dmiString function param to use string index (#4845) 2018-08-09 09:54:51 +01:00
Giorgi Guliashvili
304b6f150b
linter warnings (#4846) 2018-08-08 22:33:47 +01:00
Giorgi Guliashvili
728ba00b14
missing new line (#4841) 2018-08-08 16:58:22 +01:00
Giorgi Guliashvili
0360f11938
spelling errors (#4842) 2018-08-08 16:46:32 +01:00
Filipe Manco
a841831493 Fix make sync (#4838) 2018-08-08 14:14:13 +01:00
Giorgi Guliashvili
0ce40c4ac5
remove resolvedpath class (#4805) 2018-08-08 10:32:13 +01:00
Giorgi Guliashvili
40e176b3e3
killswitch extendable config format (#4813) 2018-08-07 20:09:09 +01:00
Alexander
daf4e95948
Fix up stringFromCFString bug related to non ascii strings (#4778) 
Fix up `stringFromCFString` bug related to non ascii strings

You could see it in wifi_networks table with Chinese network name for instance.

```
osquery> select network_name from wifi_networks;
[
  {"network_name":""},
]
```

Should be something like:
```
osquery> select network_name from wifi_networks;
[
  {"network_name":"星期天"},
]
```
The problem was in function `stringFromCFString`. It was designed to work only with ascii strings, which is wrong. So, I fixed it.
 2018-08-07 18:33:50 +01:00
Jonathan Keljo
9e697be13d Introduce .types shell command (#4704) 2018-08-07 17:30:39 +01:00
Giorgi Guliashvili
bbbb286ee7
remove io_service (#4804) 2018-08-06 18:27:08 +01:00
JanEbbing
0cd8283a8a Use putBatch only for multiple puts, fix bug in setDatabaseVal (#4800) 2018-08-06 12:49:07 +01:00
Billy O'Neal
ad60c9478c Avoid warnings about implicit conversion from wchar_t -> char (#4705) 2018-08-06 11:30:16 +01:00
Alexander
69ce4d65b9
Add debug checks for wrong access of error in Expected (#4790) 
Also restructed the code around this sort of checks to beter readability
 2018-08-03 17:18:15 +01:00
Giorgi Guliashvili
5b8d80ea65
gracefully shutdown - AuditdNetlinkParser will not wait indefinitely (#4801) 2018-08-03 15:27:39 +01:00
Alessandro Gario
25e72c0e48 Audit fixes (#4714) 2018-08-03 15:18:00 +01:00
Alexander
86f5427c1b
Move out base64 decode/encode functions to separate file (#4793) 
It barely related to type conversion functions, so it is a good reason to live outside of it.
 2018-08-02 17:37:04 +01:00
Giorgi Guliashvili
4b7e211965
pauseMili to pause transform (#4796) 2018-08-02 16:57:02 +01:00
Max Kareta
abecf1da80 Added base class for new db implementation (#4789) 2018-08-02 16:47:56 +01:00
Filipe Manco
be3646672a
Add migration for audit keys (#4779) 2018-08-02 00:20:37 +01:00
Giorgi Guliashvili
cfd7bfe7fd
Killswitch TLS plugin improved interface (#4791) 2018-08-01 22:27:36 +01:00
Liyuan Bi
c44487c3c7 Add ppid and cwd field for each new created process (#4784) 2018-08-01 20:54:37 +01:00
Alexander
b68b609585
Debug only wrapper class and functions to perform some verifications (#4697) 
* Debug only wrapper class and funcions to perform some verifications only in debug build

The best way to test the code is to create a proper tests. But tests just increase a probability that everithing works correct. To put more checks to runtime means sometimes a notable performance penalty. And there is a debug build for that reason. But writing a debug only code means to put here an there ugly macro conditions. Which make a code hard to read and fix.

Function `debug_only::check` is a way to perform this kind of verification in a pure C++ style without macro magic.
If you need to have some state for this checks use class `debug_only::Var`. This is a way to have a debug data and do verifications assosiated to it.

* Add debug_only::verifyTrue for the simple boolean condition
 2018-08-01 17:02:10 +01:00
Giorgi Guliashvili
3ea36a60d0
size check after Resize dead code (#4780) 2018-07-31 15:49:11 +01:00
Giorgi Guliashvili
ac4cbbe062
pvs-studio errors and warnings fix (#4744) 2018-07-30 23:51:35 +01:00
Nick Anderson
0c642e7db8
perf: setting priority levels to background of osqueryd and children (#4770) 2018-07-30 15:30:06 -07:00
Nick Anderson
13249f0d07
performance: construct cache for windows drivers image path (#4766) 2018-07-30 14:32:58 -07:00
Alexander
894a93509a
Fix up warning about [missing-braces] in load_average.cpp (#4776) 2018-07-30 17:51:15 +01:00
Alexander
e5f279699f
method. To make checks 'if expected is not an error then...' less verbose and clear (#4774) 
Inspired by PR #4768
 2018-07-30 17:50:48 +01:00
Filipe Manco
51a4ed1d25
Improve DB migration error handling and testing (#4777) 2018-07-30 14:25:07 +01:00
Alexander
73dc6d0eeb
Fix up MdFindTests check for the number of columns in query result (#4767) 
As far as I can understand, intention was to check the number of columns in one record. But something goes wrong, or I didn't get the idea. So, let me guess it and fix.
 2018-07-30 09:26:42 +01:00
Scott Lundgren
54a9ee8f35 querying of named objects in windows across terminal services sessions. even mutexes. (#4547) 2018-07-27 15:08:51 -07:00
Jared Atkinson
8d9332e6c7 tables: Added a new table for Windows Logon Sessions (#4660) 2018-07-27 11:56:01 -07:00
Mitchell Grenier
ce768dc40c
Add cpu architectures for running processes on macOS (#4702) 2018-07-26 10:32:57 -07:00
Giorgi Guliashvili
fceae8746e
LoggerDisabler dead code (#4764) 2018-07-26 12:30:42 +01:00
Alexander
9e798eb162
Remove safeStrtoll from conversions.h and change all usecases to tryTo<> (#4754) 
Also I've used a throwning std::stoll because the tests should not be exception safety and must fail if something goes wrong.
 2018-07-26 10:57:52 +01:00
Teddy Reed
37e5c9f4b6
review: Small code review fixes (#4743) 2018-07-25 18:48:11 -04:00
Giorgi Guliashvili
2f872cb92d
Handle expect in test (#4756) 2018-07-24 17:50:30 +01:00
Alexander
ce59c72145
Profile scheduled queries using numeric monitoring plugins (#4739) 
Profile scheduled queries using numeric monitoring plugins
 2018-07-24 11:33:47 +01:00
Alexander
f2695b034c
Fix up name style for the Expected methods takeOr and getOr (#4747) 
according to the osquery c++ style guide. Until it's not too late.
 2018-07-23 22:20:04 +01:00
Giorgi Guliashvili
80bfef9f77
setThreadName boilerplate removal (#4749) 2018-07-23 19:50:35 +01:00
Mitchell Grenier
69d307b64c
Add labels for threads (#4295) 2018-07-23 11:13:43 -07:00
Giorgi Guliashvili
129d9415a3
profile implicit shutdown (#4746) 2018-07-23 16:39:45 +01:00
Alexander
68e6d77050
to<Status>(const Expected&) implementation (#4725) 
* to<Status>(Expected) implementation

To make a transition from Status to Expected a bit easier.
For transition time there must be a lot of conversions from Expected to Status and back.
Conversion from Status to Expected is not simple, for many reasons.
Conversion from Expected to Status is trivial, but a bit verbose:
```c++
if (exp.isError()) {
  return Status::failure(
    exp.getError().getFullMessage()
  );
} else {
  return Status::success();
}
```
I'd suggest using more laconic, clear and explicit way to convert.
 2018-07-23 16:15:10 +01:00
Alexander
51eb79dc63
Ad-hoc fix up for old versions of libc++ and libstdc++ (#4718) 
There was not  implementation for es in old versions of libc++ and libstdc++. [proof](http://www.open-std.org/jtc1/sc22/wg21/docs/lwg-defects.html#2148).
 2018-07-23 15:25:57 +01:00
Giorgi Guliashvili
54e0bf3f5f
dispatcher 'leaks' (#4742) 2018-07-21 19:28:00 +01:00
Teddy Reed
919219c551
tables: Add ELF-file related virtual tables (#4708) 2018-07-21 12:21:32 -04:00
Teddy Reed
112a33ddc0
cleanup: Migrate calls to tryTo from 4683 (#4710) 2018-07-21 12:19:33 -04:00
Giorgi Guliashvili
0417ece88f fix objective c leak in plist (#4732) 2018-07-21 11:52:23 -04:00
Giorgi Guliashvili
2d5fc8df0a
udev fd check (#4736) 2018-07-20 10:55:57 +01:00
Jonathan Keljo
305b37d89d Properly format IPv6 addresses with scopes (#4464) 2018-07-20 00:43:42 +01:00
Alexander
a683d56163
Remove dead code from conversions module (#4711) 
- removed boost_to_std_shared_ptr and std_to_boost_shared_ptr as far as we don't use boost::shared_ptr in osquery anymore.
  - removed replaceAll
  - and removed useless includes
 2018-07-19 18:11:56 +01:00
Alexander
83a653f836
Add missed include <climits> for PATH_MAX (#4733) 
Related PR #4724 and #4416
 2018-07-19 17:07:14 +01:00
Alexander
42d8027320
Remove unused includes and forward declaration from core/utils.h (#4734) 2018-07-19 17:06:16 +01:00
Giorgi Guliashvili
94397d3c04
get rid of unnecessary ptree includes (#4727) 2018-07-19 10:45:40 +01:00
Giorgi Guliashvili
d4e444c999
incorrect assumption about reserve behavior (#4728) 2018-07-19 10:44:56 +01:00
Giorgi Guliashvili
386ccb5e96
disable malfunctioning new features on the fly using killswitch (#4671) 2018-07-18 22:11:19 +01:00
Filipe Manco
bd2377bc37
Revert regression introduced by #4613 (#4726) 2018-07-18 20:11:08 +01:00
James Jerger
182212330f Add socket_designation to CPU info (#4715) 2018-07-18 18:46:29 +01:00
Alexander
58810e6a33
Use tryTo instead of safeStrtoull in the code (#4716) 
and remove `safeStrtoull` from the `conversions.h`
 2018-07-18 15:30:24 +01:00
Alexander
2a2aa5b5ae
Add missed semicolumn to utils.cpp (#4717) 2018-07-17 17:44:31 +01:00
Alexander
f25987fa9c
Remove useless include of <iostream> from status.h (#4719) 2018-07-17 17:35:54 +01:00
Alessandro Gario
8fe570bed7 feature: Write support for tables implemented from extensions (#4094) 2018-07-17 09:12:09 -07:00
Alexander
95e5dc7ebb
Use pre-aggregation cache for all records flowing thru numeric monitoring system (#4690) 
PR based on #4677 , have a look on it firstly.
 2018-07-17 09:31:51 +01:00
Nate Felton
d74fa4033f Adding content_caching to sharing_preferences (#4699) 2018-07-16 12:13:14 +01:00
Rich5
352e3ff7f8 Windows file ops (#4613) 2018-07-15 14:12:46 -07:00
Giorgi Guliashvili
61b66559fa
remove old version of schedule from the codebase and tests (#4707) 2018-07-14 19:18:28 +01:00
Giorgi Guliashvili
7dd06912a8
Compression/decompression silent error (#4709) 2018-07-14 16:48:57 +01:00
Teddy Reed
fa4f63fb84
tables: Remove lexical_cast include from tables (#4683) 2018-07-14 11:42:44 -04:00
Daniel Roethlisberger
1ed050147a Support CDHash algorithms other than SHA-1 (#4679) 2018-07-13 12:00:43 -07:00
Jeremy Calvert
d6bebc8f81 Add support for getting ethernet link speeds for non-linux posix (#4675) 2018-07-13 10:09:35 -07:00
Allan Liu
8f4529d2a3 General SMART drive information virtual table (#4133) 2018-07-13 09:51:55 -04:00
Max Kareta
140f2bd72f
disk_encryption macOS, fix for issue #4479 (#4687) 2018-07-13 10:59:33 +01:00
Alexander
585e73e1e8
tryTo<> generics for string to integer conversion (#4676) 
`tryTo<>` generics for string to integer conversion

The first approach to substitute all `safeStrto*` conversions to `tryTo<>` generics.

Thare are some advantages in using templates here:
  - Destination value type explicitly takes a part in call syntax.
  - You could use it other template code

Also I have removed `safeStrtoi` from the code as an example of usage.
 2018-07-12 18:03:57 +01:00
Alessandro Gario
8b864f1935 Improving audit-based table performances (#4647) 2018-07-12 10:10:52 -04:00
Alexander
d31e1bc2e7
Implement generic tryTo for string to boolean converions (#4689) 
Implement generic `tryTo` for string to boolean converions
Also use it in some obvious placed in codebase
 2018-07-12 15:07:36 +01:00
Konstantin Tsoy
ed4354c9ef Add etc/hosts.ics data to the etc_hosts table. (#4686) 2018-07-12 10:05:57 -04:00
Alexander
98fd405c31
Fixed up misspells in variable name and docstrings after #4677 (#4701) 2018-07-12 14:55:12 +01:00
Max Kareta
3c9ba5827d
fixed error when wrong directory separator was used (#4695) 2018-07-12 10:42:49 +01:00
Mitchell Grenier
978a3f82bb
Add unique pid field to the processes table on macOS (#4667) 2018-07-11 13:49:50 -07:00
Teddy Reed
04796f2687
logger: Fix logfile writes to /tmp with verbose flag (#4681) 2018-07-11 16:28:39 -04:00
Alexander
6e2c9014e7
Pre-aggregation cache implementation for numeric monitoring plugins (#4677) 
Pre-aggregation cache implementation for numeric monitoring plugins.

For the most of monitoring data some aggregations are going to be applied on the user side. To do analytics you rarely need to see all points on the graph. It means for such paths (unique keys for points subsets) particular points means not much. And to reduce a disk usage and a network traffic some pre-aggreagation could be applied on osquery side.

This PR is implementation of such pre-aggreagtion.

It based of PR #4626
 2018-07-11 18:38:12 +01:00
Vova Mishatkin
0cc9b84e4f
Add tests for file_paths_query (#4693) 2018-07-11 18:29:55 +01:00