"Fossies" - the Fresh Open Source Software Archive

Member "osquery-4.3.0/osquery/tables/system/darwin/asl_utils.h" (14 Apr 2020, 1983 Bytes) of package /linux/misc/osquery-4.3.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "asl_utils.h" see the Fossies "Dox" file reference documentation.

    1 /**
    2  *  Copyright (c) 2014-present, Facebook, Inc.
    3  *  All rights reserved.
    4  *
    5  *  This source code is licensed in accordance with the terms specified in
    6  *  the LICENSE file found in the root directory of this source tree.
    7  */
    8 
    9 #pragma once
   10 
   11 #include <string>
   12 
   13 #include <asl.h>
   14 
   15 #include <osquery/logger.h>
   16 #include <osquery/tables.h>
   17 
   18 #ifndef ASL_API_VERSION
   19 #define OLD_ASL_API
   20 #endif
   21 
   22 namespace osquery {
   23 namespace tables {
   24 
   25 #ifdef OLD_ASL_API
   26 inline void asl_release(aslmsg msg) { asl_free(msg); }
   27 
   28 inline void asl_release(aslresponse resp) { aslresponse_free(resp); }
   29 
   30 inline aslmsg asl_next(aslresponse resp) { return aslresponse_next(resp); }
   31 #endif
   32 
   33 /**
   34  * @brief Add a new operation to the query.
   35  *
   36  * All of the operations are logically ANDed when performing the query.
   37  *
   38  * @param query The query on which to add the operation
   39  * @param key Key to match on
   40  * @param value Value that should match for the key and operation.
   41  * @param op The (osquery) operator to use. Will be converted to the equivalent
   42  * ASL operator.
   43  * @param col_type Type of the column that this operation is performed on.
   44  */
   45 void addQueryOp(aslmsg& query,
   46                 const std::string& key,
   47                 const std::string& value,
   48                 ConstraintOperator op,
   49                 ColumnType col_type);
   50 
   51 /**
   52  * @brief Create an ASL query object from the QueryContext.
   53  *
   54  * @param context QueryContext used to form the query.
   55  *
   56  * @return An ASL query object corresponding to the context.
   57  */
   58 aslmsg createAslQuery(const QueryContext& context);
   59 
   60 /**
   61  * @brief Read a row of ASL data into an osquery Row.
   62  *
   63  * @param row The ASL row to read data from.
   64  * @param r The osquery Row to write data into.
   65  */
   66 void readAslRow(aslmsg row, Row& r);
   67 
   68 /**
   69  * @brief Convert a LIKE format string into a regex
   70  *
   71  * @param like_str The LIKE style string to convert
   72  *
   73  * @return A regex corresponding to the input LIKE string
   74  */
   75 std::string convertLikeRegex(const std::string& like_str);
   76 }
   77 }