Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add platform_mask #5898

Merged
merged 4 commits into from
Oct 23, 2019
Merged

Add platform_mask #5898

merged 4 commits into from
Oct 23, 2019

Conversation

directionless
Copy link
Member

@directionless directionless commented Oct 18, 2019
edited
Loading

Right now, there is no way to tell what platform osquery is running on. We have os_version.platform and os_version.platform_like, but they are highly inconsistent, and require a lot of custom parsing to use. We should expose the underlying platform bitmask.

This adds the platform_mask to the osquery_info table.

This replaces #5488 Contrasting the approaches, I think the I like #5488 more. Exposing the booleans is a better API. This is useful, and better than status quo, but it means we're committing to not changing the bitmask fields

@directionless
Add platform_mask
daef7fa 
Right now, there is no way to tell what platform osquery is running on. We have `os_version.platform` and `os_version.platform_like`, but they are highly inconsistent, and require a lot of custom parsing to use. We should expose the underlying platform bitmask.

This adds the `platform_mask` to the `osquery_info` table.

This replaces osquery#5488
muffins
muffins approved these changes Oct 23, 2019
View reviewed changes
Copy link
Contributor

@muffins muffins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm overall, just one question about visibility of the values.

specs/utility/osquery_info.table
@@ -11,7 +11,8 @@ schema([
Column("build_platform", TEXT, "osquery toolkit build platform"),
Column("build_distro", TEXT, "osquery toolkit platform distribution name (os version)"),
Column("start_time", INTEGER, "UNIX time in seconds when the process started"),
Column("watcher", INTEGER, "Process (or thread/handle) ID of optional watcher process")
Column("watcher", INTEGER, "Process (or thread/handle) ID of optional watcher process"),
Column("platform_mask", INTEGER, "The osquery platform bitmask"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this idea, but aside from searching the code base it might not be entirely obvious what the numeric values map to. Is there somewhere we can document the potential values of this bitmask and then link it in this Column description?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good question.

I tend to prefer self documenting, but that becomes way too verbose.

I'm leery of making docs, we already have a lot, I think they'll skew. What it we linked to the source code from here?

@theopolis theopolis merged commit 3e1dd14 into osquery:master Oct 23, 2019
@directionless directionless deleted the seph/platformtype-v2 branch July 1, 2021 01:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muffins muffins muffins approved these changes

Assignees
No one assigned
Labels
virtual tables
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@directionless @muffins @theopolis