Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove errors when converting empty numeric rows #6371

Merged

Conversation

Breakwell
Copy link
Contributor

@Breakwell Breakwell commented Apr 7, 2020

Description

Osquery converts numbers in table rows without checking if the values are empty and then errors trying to convert an empty string to a numeric type.

Fix

If the row value is numeric and empty return a null value.

Testing

On Windows run

select * from process_open_sockets;

Without change:

C:\osquery_test\original>osquery.exe --verbose
I0407 13:35:27.066941 20636 init.cpp:340] osquery initialized [version=4.2.0]
I0407 13:35:27.066941 20636 extensions.cpp:349] Could not autoload extensions: Failed reading: \Program Files\osquery\extensions.load
I0407 13:35:27.066941 20636 auto_constructed_tables.cpp:93] Removing stale ATC entries
I0407 13:35:27.066941 32048 interface.cpp:268] Extension manager service starting: \\.\pipe\shell.em
Using a �[1mvirtual database�[0m. Need help, type '.help'
osquery> select * from process_open_sockets;
I0407 13:35:31.707571 20636 dynamic_table_row.cpp:123] Error casting fd () to BIGINT
I0407 13:35:31.707571 20636 dynamic_table_row.cpp:123] Error casting socket () to BIGINT
I0407 13:35:31.707571 20636 dynamic_table_row.cpp:123] Error casting fd () to BIGINT
I0407 13:35:31.707571 20636 dynamic_table_row.cpp:123] Error casting socket () to BIGINT
...

With change:

C:\osquery_test\modified>osquery.exe --verbose
I0407 13:36:00.832823 27024 init.cpp:345] osquery initialized [version=4.2.0]
I0407 13:36:00.832823 27024 extensions.cpp:376] Could not autoload extensions: Failed reading: \Program Files\osquery\extensions.load
I0407 13:36:00.864054 27024 dispatcher.cpp:78] Adding new service: ExtensionWatcher (0000020B31A55D90) to thread: 25948 (0000020B31A37180) in process 16864
I0407 13:36:00.879698 27024 dispatcher.cpp:78] Adding new service: ExtensionRunnerCore (0000020B31A5E940) to thread: 27536 (0000020B31A37200) in process 16864
I0407 13:36:00.879698 27024 auto_constructed_tables.cpp:93] Removing stale ATC entries
I0407 13:36:00.879698 27536 interface.cpp:268] Extension manager service starting: \\.\pipe\shell.em1196
Using a �[1mvirtual database�[0m. Need help, type '.help'
osquery> select * from process_open_sockets;
+-------+----+--------+--------+----------+---------------------------+-----------------+------------+-------------+------+-------------+
| pid   | fd | socket | family | protocol | local_address             | remote_address  | local_port | remote_port | path | state       |
+-------+----+--------+--------+----------+---------------------------+-----------------+------------+-------------+------+-------------+
...

@Breakwell Breakwell force-pushed the remove-errors-converting-empty-numbers branch from e4c684f to 1e98c16 Compare April 8, 2020 15:12
@theopolis theopolis merged commit b35d968 into osquery:master Apr 8, 2020
aikuchin pushed a commit to aikuchin/osquery that referenced this pull request Jul 11, 2023
… to master

* commit '8c13dd6bd206f2909a4baea5bcfbc91d5e3f502b': (159 commits)
  release: updating changelog for 4.3.0 release (osquery#6387)
  Build hvci_status table with CMake (osquery#6378)
  Change calls to debug log to verbose (osquery#6369)
  iokit: Fix race when accessing port_ (osquery#6380)
  Check extensions are registered with osquery core (osquery#6374)
  First steps to remove the Buck build system (osquery#6361)
  Return error detaching table, only use primary database (osquery#6373)
  Copy the parent environment when launching worker
  Change process table log errors to info and fix typo (osquery#6370)
  Ensure the extension uuid is never 0 (osquery#6377)
  Remove errors when converting empty numeric rows (osquery#6371)
  Do not force a specific path to install osquery on Windows (osquery#6379)
  Fix readFile API doing blocking I/O with a non-blocking handle (osquery#6368)
  magic: Check return from magic_file (osquery#6363)
  macos: Use -1 for missing ppid in process_events (osquery#6339)
  Update OpenSSL to version 1.1.1f and fix build (osquery#6359)
  Simplify how third party libraries formula work (osquery#6303)
  Add socket_events table for socket auditing in MacOS (osquery#6028)
  Extend the fields of curl_certificate table (osquery#6176)
  add status column to deb_packages table (osquery#6341)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants