osquery-1/osquery/tables/applications/browser_firefox.cpp

112 lines
3.3 KiB
C++

/*
* Copyright (c) 2014, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
#include <boost/property_tree/json_parser.hpp>
#include <osquery/filesystem.h>
#include <osquery/logger.h>
#include <osquery/tables.h>
#include "osquery/tables/applications/browser_utils.h"
#include "osquery/tables/system/system_utils.h"
namespace fs = boost::filesystem;
namespace pt = boost::property_tree;
namespace osquery {
namespace tables {
/// Each home directory will include custom extensions.
#ifdef __APPLE__
#define kFirefoxPath "/Library/Application Support/Firefox/Profiles/"
#else
#define kFirefoxPath "/.mozilla/firefox/"
#endif
#define kFirefoxExtensionsFile "/extensions.json"
/// Not parsed, but may be helpful later.
#define kFirefoxAddonsFile "/addons.json"
#define kFirefoxWebappsFile "/webapps/webapps.json"
const std::map<std::string, std::string> kFirefoxAddonKeys = {
{"defaultLocale.name", "name"},
{"id", "identifier"},
{"type", "type"},
{"version", "version"},
{"defaultLocale.creator", "creator"},
{"defaultLocale.description", "description"},
{"sourceURI", "source_url"},
{"visible", "visible"},
{"active", "active"},
{"applyBackgroundUpdates", "autoupdate"},
{"hasBinaryComponents", "native"},
{"location", "location"},
{"descriptor", "path"},
};
void genFirefoxAddonsFromExtensions(const std::string& uid,
const std::string& path,
QueryData& results) {
pt::ptree tree;
if (!osquery::parseJSON(path + kFirefoxExtensionsFile, tree).ok()) {
TLOG << "Could not parse JSON from: " << path + kFirefoxExtensionsFile;
return;
}
for (const auto& addon : tree.get_child("addons")) {
Row r;
r["uid"] = uid;
// Most of the keys are in the top-level JSON dictionary.
for (const auto& it : kFirefoxAddonKeys) {
r[it.second] = addon.second.get(it.first, "");
// Convert bool-types to an integer.
jsonBoolAsInt(r[it.second]);
}
// There are several ways to disabled the addon, check each.
if (addon.second.get("softDisable", "false") == "true" ||
addon.second.get("appDisabled", "false") == "true" ||
addon.second.get("userDisabled", "false") == "true") {
r["disabled"] = INTEGER(1);
} else {
r["disabled"] = INTEGER(0);
}
results.push_back(r);
}
}
QueryData genFirefoxAddons(QueryContext& context) {
QueryData results;
// Iterate over each user
QueryData users = usersFromContext(context);
for (const auto& row : users) {
if (row.count("uid") > 0 && row.count("directory") > 0) {
// For each user, enumerate all of their Firefox profiles.
std::vector<std::string> profiles;
auto directory = fs::path(row.at("directory")) / kFirefoxPath;
if (!listDirectoriesInDirectory(directory, profiles).ok()) {
continue;
}
// Generate an addons list from their extensions JSON.
for (const auto& profile : profiles) {
genFirefoxAddonsFromExtensions(row.at("uid"), profile, results);
}
}
}
return results;
}
}
}