Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for column options #77

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Support for column options #77

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d06543a
Support for column options WIP
directionless Nov 6, 2019
5d43f55
fix bitmask
directionless Nov 6, 2019
77596a3
functional arguments for all the things
directionless Nov 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 69 additions & 31 deletions plugin/table/table.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func (t *Plugin) Routes() osquery.ExtensionPluginResponse {
"id": "column",
"name": col.Name,
"type": string(col.Type),
"op": "0",
"op": strconv.FormatUint(uint64(col.Options), 10),
})
}
return routes
Expand Down Expand Up @@ -103,58 +103,96 @@ func (t *Plugin) Ping() osquery.ExtensionStatus {

func (t *Plugin) Shutdown() {}

// ColumnType is a strongly typed representation of the data type string for a
// column definition. The named constants should be used.
type ColumnType string

// The following column types are defined in osquery tables.h.
const (
directionless marked this conversation as resolved.
Show resolved Hide resolved
ColumnTypeText ColumnType = "TEXT"
ColumnTypeInteger = "INTEGER"
ColumnTypeBigInt = "BIGINT"
ColumnTypeDouble = "DOUBLE"
)

// ColumnOption are the osquery column options. These are defined by
// https://github.com/osquery/osquery/blob/master/osquery/core/sql/column.h#L37
type ColumnOptions uint8

// From https://github.com/osquery/osquery/blob/master/osquery/core/sql/column.h#L37
const (
ColumnOptionDefault ColumnOptions = 0
ColumnOptionIndex = 1
ColumnOptionRequired = 2
ColumnOptionAdditional = 4
ColumnOptionOptimized = 8
ColumnOptionHidden = 16
)

// ColumnDefinition defines the relevant information for a column in a table
// plugin. Both values are mandatory. Prefer using the *Column helpers to
// create ColumnDefinition structs.
type ColumnDefinition struct {
Name string
Type ColumnType
Name string
Type ColumnType
Options ColumnOptions // bitmask. See https://github.com/osquery/osquery/blob/master/osquery/core/sql/column.h#L37
Description string
}

// TextColumn is a helper for defining columns containing strings.
func TextColumn(name string) ColumnDefinition {
return ColumnDefinition{
func newColumn(name string, ctype ColumnType, opts ...ColumnOpt) ColumnDefinition {
cd := ColumnDefinition{
Name: name,
Type: ColumnTypeText,
Type: ctype,
}

for _, opt := range opts {
opt(&cd)
}

return cd

}

// TextColumn is a helper for defining columns containing strings.
func TextColumn(name string, opts ...ColumnOpt) ColumnDefinition {
return newColumn(name, ColumnTypeText, opts...)
}

// IntegerColumn is a helper for defining columns containing integers.
func IntegerColumn(name string) ColumnDefinition {
return ColumnDefinition{
Name: name,
Type: ColumnTypeInteger,
}
func IntegerColumn(name string, opts ...ColumnOpt) ColumnDefinition {
return newColumn(name, ColumnTypeInteger, opts...)
}

// BigIntColumn is a helper for defining columns containing big integers.
func BigIntColumn(name string) ColumnDefinition {
return ColumnDefinition{
Name: name,
Type: ColumnTypeBigInt,
}
func BigIntColumn(name string, opts ...ColumnOpt) ColumnDefinition {
return newColumn(name, ColumnTypeBigInt, opts...)
}

// DoubleColumn is a helper for defining columns containing floating point
// values.
func DoubleColumn(name string) ColumnDefinition {
return ColumnDefinition{
Name: name,
Type: ColumnTypeDouble,
func DoubleColumn(name string, opts ...ColumnOpt) ColumnDefinition {
return newColumn(name, ColumnTypeDouble, opts...)
}

func IndexColumn() ColumnOpt { return SetColumnOption(ColumnOptionIndex) }
func RequiredColumn() ColumnOpt { return SetColumnOption(ColumnOptionRequired) }
func AdditionalColumn() ColumnOpt { return SetColumnOption(ColumnOptionAdditional) }
func OptimizedColumn() ColumnOpt { return SetColumnOption(ColumnOptionOptimized) }
func HiddenColumn() ColumnOpt { return SetColumnOption(ColumnOptionHidden) }

func SetColumnOption(flag ColumnOptions) ColumnOpt {
directionless marked this conversation as resolved.
Show resolved Hide resolved
return func(cd *ColumnDefinition) {
cd.Options = cd.Options | flag
}
}

// ColumnType is a strongly typed representation of the data type string for a
// column definition. The named constants should be used.
type ColumnType string
func ColumnDescription(d string) ColumnOpt {
return func(cd *ColumnDefinition) {
cd.Description = d
}
}

// The following column types are defined in osquery tables.h.
const (
ColumnTypeText ColumnType = "TEXT"
ColumnTypeInteger = "INTEGER"
ColumnTypeBigInt = "BIGINT"
ColumnTypeDouble = "DOUBLE"
)
type ColumnOpt func(*ColumnDefinition)

// QueryContext contains the constraints from the WHERE clause of the query,
// that can optionally be used to optimize the table generation. Note that the
Expand Down