Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

file: Add Shortcut metadata parsing on Windows #8143

Merged
merged 6 commits into from
Nov 28, 2023
Merged

file: Add Shortcut metadata parsing on Windows #8143

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2126355
file: Add Shortcut metadata parsing on Windows
Smjert Sep 8, 2023
a40a5a0
Remove dependency from unicode PR
Smjert Nov 1, 2023
8056745
Doc fixes
Smjert Nov 21, 2023
ecd100a
review: Resolve leaks
Smjert Nov 22, 2023
97de777
review: Be more explicit with names
Smjert Nov 22, 2023
fd17a6c
Remove unused code
Smjert Nov 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
file: Add Shortcut metadata parsing on Windows 
- Add 6 new columns to the file table on Windows,
  to display Shortcut metadata (.lnk files),
  and specifically the shortcut_target_path,
  shortcut_target_type, shortcut_target_location,
  shortcut_start_in, shortcut_run, shortcut_comment
  columns.

- Fix a small bug in the file integration test, where a comma was forgotten,
  and instead of creating and testing querying two files, the concatentation
  of both was tested

- Added logic to the integration test to create shortcuts to the created files,
  and test their content.

- Fix the expandConstraints function so that it can be const,
  since it's not supposed to modify the context.
  • Loading branch information
@Smjert
Smjert committed Nov 1, 2023
commit 21263558fbd771d09af0357813d6f83fe329ef88
12 changes: 9 additions & 3 deletions osquery/core/tables.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -561,14 +561,20 @@ Status QueryContext::expandConstraints(
ConstraintOperator op,
std::set<std::string>& output,
std::function<Status(const std::string& constraint,
std::set<std::string>& output)> predicate) {
for (const auto& constraint : constraints[column].getAll(op)) {
std::set<std::string>& output)> predicate) const {
auto constraint_it = constraints.find(column);

if (constraint_it == constraints.end()) {
return Status::success();
}

for (const auto& constraint : constraint_it->second.getAll(op)) {
auto status = predicate(constraint, output);
if (!status) {
return status;
}
}
return Status(0);
return Status::success();
}

Status deserializeQueryContextJSON(const JSON& json_helper,
Expand Down
2 changes: 1 addition & 1 deletion osquery/core/tables.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -567,7 +567,7 @@ struct QueryContext {
ConstraintOperator op,
std::set<std::string>& output,
std::function<Status(const std::string& constraint,
std::set<std::string>& output)> predicate);
std::set<std::string>& output)> predicate) const;

/// Check if the given column is used by the query
bool isColumnUsed(const std::string& colName) const;
Expand Down
Loading