本文整理汇总了C++中QueryData::push_back方法的典型用法代码示例。如果您正苦于以下问题:C++ QueryData::push_back方法的具体用法?C++ QueryData::push_back怎么用?C++ QueryData::push_back使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类QueryData的用法示例。
在下文中一共展示了QueryData::push_back方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: parseALFExceptionsTree
QueryData parseALFExceptionsTree(const pt::ptree& tree) {
QueryData results;
if (tree.count("exceptions") == 0) {
return {};
}
auto exceptions_tree = tree.get_child("exceptions");
for (const auto& it : exceptions_tree) {
Row r;
r["path"] = it.second.get("path", "");
r["state"] = INTEGER(it.second.get("state", -1));
results.push_back(r);
}
auto applications_tree = tree.get_child("applications");
for (const auto& it : applications_tree) {
Row r;
if (it.second.get("alias", "").length() > 0) {
std::string path;
auto alias_data = it.second.get<std::string>("alias", "");
if (pathFromPlistAliasData(alias_data, path).ok()) {
r["path"] = path;
r["state"] = INTEGER(it.second.get("state", -1));
results.push_back(r);
}
}
}
return results;
}示例2: genOsqueryExtensions
QueryData genOsqueryExtensions(QueryContext& context) {
QueryData results;
ExtensionList extensions;
if (getExtensions(extensions).ok()) {
for (const auto& extension : extensions) {
Row r;
r["uuid"] = TEXT(extension.first);
r["name"] = extension.second.name;
r["version"] = extension.second.version;
r["sdk_version"] = extension.second.sdk_version;
r["path"] = getExtensionSocket(extension.first);
r["type"] = (extension.first == 0) ? "core" : "extension";
results.push_back(r);
}
}
const auto& modules = RegistryFactory::getModules();
for (const auto& module : modules) {
Row r;
r["uuid"] = TEXT(module.first);
r["name"] = module.second.name;
r["version"] = module.second.version;
r["sdk_version"] = module.second.sdk_version;
r["path"] = module.second.path;
r["type"] = "module";
results.push_back(r);
}
return results;
}示例3: genSocketDescriptor
void genSocketDescriptor(int pid, int descriptor, QueryData& results) {
struct socket_fdinfo si;
if (proc_pidfdinfo(pid,
descriptor,
PROC_PIDFDSOCKETINFO,
&si,
PROC_PIDFDSOCKETINFO_SIZE) <= 0) {
return;
}
if (si.psi.soi_family == AF_INET || si.psi.soi_family == AF_INET6) {
Row r;
r["pid"] = INTEGER(pid);
r["fd"] = BIGINT(descriptor);
r["socket"] = BIGINT(si.psi.soi_so);
r["path"] = "";
// Darwin/OSX SOCKINFO_TCP is not IPPROTO_TCP
if (si.psi.soi_kind == SOCKINFO_TCP) {
r["protocol"] = INTEGER(6);
} else {
r["protocol"] = INTEGER(17);
}
// Darwin/OSX AF_INET6 == 30
if (si.psi.soi_family == AF_INET) {
r["family"] = INTEGER(2);
} else {
r["family"] = INTEGER(10);
}
parseNetworkSocket(si, r);
results.push_back(r);
} else if (si.psi.soi_family == AF_UNIX) {
Row r;
r["pid"] = INTEGER(pid);
r["socket"] = INTEGER(descriptor);
r["family"] = "0";
r["protocol"] = "0";
r["local_address"] = "";
r["local_port"] = "0";
r["remote_address"] = "";
r["remote_port"] = "0";
if ((char*)si.psi.soi_proto.pri_un.unsi_addr.ua_sun.sun_path != nullptr) {
r["path"] = si.psi.soi_proto.pri_un.unsi_addr.ua_sun.sun_path;
} else {
r["path"] = "";
}
results.push_back(r);
} else if (si.psi.soi_family == AF_APPLETALK) {
// AF_APPLETALK = 17
} else if (si.psi.soi_family == AF_NATM) {
// AF_NATM = 32
} else {
// Unsupported socket type.
}
}示例4: genSIPConfig
QueryData genSIPConfig(QueryContext& context) {
auto os_version = SQL::selectAllFrom("os_version");
if (os_version.size() != 1) {
VLOG(1) << "Could not determine OS version";
return {};
}
// bail out if running on OS X < 10.11
if (os_version.front().at("major") == "10" &&
std::stoi(os_version.front().at("minor")) < 11) {
VLOG(1) << "Not running on OS X 10.11 or higher";
return {};
}
QueryData results;
#if !defined(DARWIN_10_9)
// check if weakly linked symbols exist
if (csr_get_active_config == nullptr || csr_check == nullptr) {
return {};
}
csr_config_t config = 0;
csr_get_active_config(&config);
csr_config_t valid_allowed_flags = 0;
for (const auto& kv : kRootlessConfigFlags) {
valid_allowed_flags |= kv.second;
}
Row r;
r["config_flag"] = "sip";
if (config == 0) {
// SIP is enabled (default)
r["enabled"] = INTEGER(1);
r["enabled_nvram"] = INTEGER(1);
} else if ((config | valid_allowed_flags) == valid_allowed_flags) {
// mark SIP as NOT enabled (i.e. disabled) if
// any of the valid_allowed_flags is set
r["enabled"] = INTEGER(0);
r["enabled_nvram"] = INTEGER(0);
}
results.push_back(r);
uint32_t nvram_config = 0;
auto nvram_status = genCsrConfigFromNvram(nvram_config);
for (const auto& kv : kRootlessConfigFlags) {
r["config_flag"] = kv.first;
// csr_check returns zero if the config flag is allowed
r["enabled"] = (csr_check(kv.second) == 0) ? INTEGER(1) : INTEGER(0);
if (nvram_status.ok()) {
r["enabled_nvram"] = (nvram_config & kv.second) ? INTEGER(1) : INTEGER(0);
}
results.push_back(r);
}
#endif
return results;
}示例5: getTestDBExpectedResults
QueryData getTestDBExpectedResults() {
QueryData d;
Row row1;
row1["username"] = "mike";
row1["age"] = "23";
d.push_back(row1);
Row row2;
row2["username"] = "matt";
row2["age"] = "24";
d.push_back(row2);
return d;
}示例6: genADConfig
void genADConfig(const std::string& path, QueryData& results) {
auto config = SQL::selectAllFrom("preferences", "path", EQUALS, path);
if (config.size() == 0) {
// Fail if the file could not be plist-parsed.
return;
}
// Walk through module options quickly to find the trust domain.
// The file name and domain will be included in every row.
auto name = config[0].at("domain");
std::string domain;
for (const auto& row : config) {
if (row.at("subkey") == "ActiveDirectory/trust domain") {
domain = row.at("value");
break;
}
}
// Iterate again with the domain known, searching for options.
for (const auto& row : config) {
Row r;
r["domain"] = domain;
r["name"] = name;
// Get references to common columns.
const auto& key = row.at("key");
const auto& subkey = row.at("subkey");
if (key == "trustoptions" ||
key == "trustkerberosprincipal" ||
key == "trustaccount" ||
key == "trusttype") {
r["option"] = key;
r["value"] = row.at("value");
results.push_back(r);
} else if (key == "options") {
// The options key has a single subkey with the option name.
r["option"] = subkey;
r["value"] = row.at("value");
results.push_back(r);
} else if (key == "module options") {
// Module options may contain 'managed client template', skip those.
if (subkey.find("managed client template") != std::string::npos) {
continue;
}
// Skip the "ActiveDirectory/" preamble.
r["option"] = subkey.substr(16);
r["value"] = row.at("value");
results.push_back(r);
}
}
}示例7: genOsqueryEvents
QueryData genOsqueryEvents(QueryContext& context) {
QueryData results;
auto publishers = EventFactory::publisherTypes();
for (const auto& publisher : publishers) {
Row r;
r["name"] = publisher;
r["publisher"] = publisher;
r["type"] = "publisher";
auto pubref = EventFactory::getEventPublisher(publisher);
if (pubref != nullptr) {
r["subscriptions"] = INTEGER(pubref->numSubscriptions());
r["events"] = INTEGER(pubref->numEvents());
r["restarts"] = INTEGER(pubref->restartCount());
r["active"] = (pubref->hasStarted() && !pubref->isEnding()) ? "1" : "0";
} else {
r["subscriptions"] = "0";
r["events"] = "0";
r["restarts"] = "0";
r["active"] = "-1";
}
results.push_back(r);
}
auto subscribers = EventFactory::subscriberNames();
for (const auto& subscriber : subscribers) {
Row r;
r["name"] = subscriber;
r["type"] = "subscriber";
// Subscribers will never 'restart'.
r["restarts"] = "0";
auto subref = EventFactory::getEventSubscriber(subscriber);
if (subref != nullptr) {
r["publisher"] = subref->getType();
r["subscriptions"] = INTEGER(subref->numSubscriptions());
r["events"] = INTEGER(subref->numEvents());
// Subscribers are always active, even if their publisher is not.
r["active"] = (subref->state() == SUBSCRIBER_RUNNING) ? "1" : "0";
} else {
r["subscriptions"] = "0";
r["events"] = "0";
r["active"] = "-1";
}
results.push_back(r);
}
return results;
}示例8: generate
QueryData generate(tables::QueryContext& ctx) {
QueryData results;
if (ctx.constraints["test_int"].existsAndMatches("1")) {
results.push_back({{"test_int", "1"}, {"test_text", "0"}});
} else {
results.push_back({{"test_int", "0"}, {"test_text", "1"}});
}
auto ints = ctx.constraints["test_int"].getAll<int>(tables::EQUALS);
for (const auto& int_match : ints) {
results.push_back({{"test_int", INTEGER(int_match)}});
}
return results;
}示例9: genXProtectMeta
QueryData genXProtectMeta(QueryContext& context) {
QueryData results;
pt::ptree tree;
auto xprotect_meta = fs::path(kXProtectPath) / "XProtect.meta.plist";
if (!osquery::pathExists(xprotect_meta).ok()) {
VLOG(1) << "XProtect.meta.plist is missing";
return results;
}
if (!osquery::parsePlist(xprotect_meta, tree).ok()) {
VLOG(1) << "Could not parse the XProtect.meta.plist";
return results;
}
for (const auto& it : tree) {
if (it.first == "JavaWebComponentVersionMinimum") {
Row r;
r["identifier"] = "java";
r["min_version"] = it.second.data();
r["type"] = "plugin";
results.push_back(std::move(r));
} else if (it.first == "ExtensionBlacklist") {
for (const auto& ext : it.second.get_child("Extensions")) {
Row r;
r["identifier"] = ext.second.get("CFBundleIdentifier", "");
r["developer_id"] = ext.second.get("Developer Identifier", "");
r["type"] = "extension";
r["min_version"] = "any";
results.push_back(std::move(r));
}
} else if (it.first == "PlugInBlacklist") {
for (const auto& cat : it.second) {
// Not sure why there's a category-like sub-dictionary, default="10".
for (const auto& plug : cat.second) {
Row r;
r["identifier"] = plug.first;
r["min_version"] = plug.second.get("MinimumPlugInBundleVersion", "");
r["type"] = "plugin";
r["developer_id"] = "";
results.push_back(std::move(r));
}
}
}
}
return std::move(results);
}示例10: generate
QueryData generate(QueryContext& ctx) {
QueryData results;
for (int i = 0; i < 1000; i++) {
results.push_back({{"test_int", "0"}, {"test_text", "hello"}});
}
return results;
}示例11: genAddressesFromAddr
void genAddressesFromAddr(const struct ifaddrs *addr, QueryData &results) {
std::string dest_address;
Row r;
r["interface"] = std::string(addr->ifa_name);
// Address and mask will appear every time.
if (addr->ifa_addr != nullptr) {
r["address"] = ipAsString(static_cast<struct sockaddr *>(addr->ifa_addr));
}
if (addr->ifa_netmask != nullptr) {
r["mask"] = ipAsString(static_cast<struct sockaddr *>(addr->ifa_netmask));
}
// The destination address is used for either a broadcast or PtP address.
if (addr->ifa_dstaddr != nullptr) {
dest_address =
ipAsString(static_cast<struct sockaddr *>(addr->ifa_dstaddr));
if ((addr->ifa_flags & IFF_BROADCAST) == IFF_BROADCAST) {
r["broadcast"] = dest_address;
} else {
r["point_to_point"] = dest_address;
}
}
results.push_back(r);
}示例12: genCurl
QueryData genCurl(QueryContext& context) {
QueryData results;
auto requests = context.constraints["url"].getAll(EQUALS);
auto user_agents = context.constraints["user_agent"].getAll(EQUALS);
if (user_agents.size() > 1) {
LOG(WARNING) << "Can only accept a single user_agent";
return results;
}
// Using the like clause for urls wouldn't make sense
if (context.constraints["url"].getAll(LIKE).size()) {
LOG(WARNING) << "Using LIKE clause for url is not supported";
}
for (const auto& request : requests) {
Row r;
r["url"] = request;
r["method"] = "GET";
r["user_agent"] =
user_agents.empty() ? kOsqueryUserAgent : *(user_agents.begin());
auto status = processRequest(r);
if (!status.ok()) {
LOG(WARNING) << status.getMessage();
}
results.push_back(r);
}
return results;
}示例13: genSSHkeysForUser
void genSSHkeysForUser(const std::string& uid,
const std::string& directory,
QueryData& results) {
for (const auto& kfile : kSSHAuthorizedkeys) {
boost::filesystem::path keys_file = directory;
keys_file /= kfile;
std::string keys_content;
if (!osquery::forensicReadFile(keys_file, keys_content).ok()) {
// Cannot read a specific keys file.
continue;
}
// Protocol 1 public key consist of: options, bits, exponent, modulus,
// comment; Protocol 2 public key consist of: options, keytype,
// base64-encoded key, comment.
for (const auto& line : split(keys_content, "\n")) {
if (!line.empty() && line[0] != '#') {
Row r;
r["uid"] = uid;
r["key"] = line;
r["key_file"] = keys_file.string();
results.push_back(r);
}
}
}
}示例14: genMounts
QueryData genMounts(QueryContext& context) {
QueryData results;
struct statfs *mnt;
int mnts = 0;
int i;
char real_path[PATH_MAX];
mnts = getmntinfo(&mnt, MNT_WAIT);
if (mnts == 0) {
// Failed to get mount informaton.
return results;
}
for (i = 0; i < mnts; i++) {
Row r;
r["path"] = TEXT(mnt[i].f_mntonname);
r["device"] = TEXT(mnt[i].f_mntfromname);
r["device_alias"] = std::string(realpath(mnt[i].f_mntfromname, real_path)
? real_path
: mnt[i].f_mntfromname);
r["type"] = TEXT(mnt[i].f_fstypename);
r["flags"] = INTEGER(mnt[i].f_flags);
r["blocks"] = BIGINT(mnt[i].f_blocks);
r["blocks_free"] = BIGINT(mnt[i].f_bfree);
r["blocks_available"] = BIGINT(mnt[i].f_bavail);
r["blocks_size"] = BIGINT(mnt[i].f_bsize);
r["inodes"] = BIGINT(mnt[i].f_files);
r["inodes_free"] = BIGINT(mnt[i].f_ffree);
r["owner"] = INTEGER(mnt[i].f_owner);
results.push_back(r);
}
return results;
}示例15: genACPITable
void genACPITable(const std::string& table, QueryData& results) {
fs::path table_path = table;
// There may be "categories" of tables in the form of directories.
Status status;
if (!fs::is_regular_file(table_path)) {
std::vector<std::string> child_tables;
status = osquery::listFilesInDirectory(table_path, child_tables);
if (status.ok()) {
for (const auto& child_table : child_tables) {
genACPITable(child_table, results);
}
}
return;
}
Row r;
r["name"] = table_path.filename().string();
std::string table_content;
status = osquery::readFile(table_path, table_content);
if (!status.ok()) {
r["size"] = INTEGER(-1);
} else {
r["size"] = INTEGER(table_content.size());
r["md5"] = osquery::hashFromBuffer(
HASH_TYPE_MD5, table_content.c_str(), table_content.length());
}
results.push_back(r);
}