mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-06 17:45:22 +00:00
da4bfd4762
Created mdls table which mimics the functionality of the mdls command in macOS. Table allows osquery to retrieve key/value pairs from spotlight metadata.
14 lines
499 B
Plaintext
14 lines
499 B
Plaintext
table_name("mdls")
|
|
description("Query file metadata in the Spotlight database.")
|
|
schema([
|
|
Column("path", TEXT, "Path of the file", required=True),
|
|
Column("key", TEXT, "Name of the metadata key"),
|
|
Column("value", TEXT, "Value stored in the metadata key"),
|
|
Column("valuetype", TEXT, "CoreFoundation type of data stored in value", hidden=True),
|
|
])
|
|
implementation("mdls@genMdlsResults")
|
|
fuzz_paths([])
|
|
examples([
|
|
"select * from mdls where path = '/Users/testuser/Desktop/testfile';"
|
|
])
|