本文整理汇总了C++中Row::at方法的典型用法代码示例。如果您正苦于以下问题:C++ Row::at方法的具体用法?C++ Row::at怎么用?C++ Row::at使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Row的用法示例。
在下文中一共展示了Row::at方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: Callback
Status ProcessEventSubscriber::Callback(const ECRef& ec, const SCRef& sc) {
// Check and set the valid state change.
// If this is an unacceptable change reset the state and clear row data.
if (ec->fields.count("success") && ec->fields.at("success") == "no") {
return Status(0, "OK");
}
if (!validAuditState(ec->type, state_).ok()) {
state_ = STATE_SYSCALL;
Row().swap(row_);
return Status(0, "OK");
}
// Fill in row fields based on the event state.
updateAuditRow(ec, row_);
// Only add the event if finished (aka a PATH event was emitted).
if (state_ == STATE_SYSCALL) {
// If the EXECVE state was not used, decode the cmdline value.
if (row_.at("cmdline_size").size() == 0) {
// This allows at most 1 decode call per potentially-encoded item.
row_["cmdline"] = decodeAuditValue(row_.at("cmdline"));
row_["cmdline_size"] = "1";
}
add(row_, getUnixTime());
Row().swap(row_);
}
return Status(0, "OK");
}示例2: generateRow
std::string generateRow(const Row& r,
const std::map<std::string, size_t>& lengths,
const std::vector<std::string>& order) {
std::string out;
for (const auto& column : order) {
size_t size = 0;
// Print a terminator for the previous value or lhs, followed by spaces.
out += kToken + ' ';
if (r.count(column) == 0 || lengths.count(column) == 0) {
size = column.size() - utf8StringSize(FLAGS_nullvalue);
out += FLAGS_nullvalue;
} else {
int buffer_size =
static_cast<int>(lengths.at(column) - utf8StringSize(r.at(column)));
if (buffer_size >= 0) {
size = static_cast<size_t>(buffer_size);
out += r.at(column);
}
}
out += std::string(size + 1, ' ');
}
if (out.size() > 0) {
// Only append if a row was added.
out += kToken + "\n";
}
return out;
}示例3: updateAuditRow
inline void updateAuditRow(const AuditEventContextRef& ec, Row& r) {
const auto& fields = ec->fields;
if (ec->type == AUDIT_SYSCALL) {
r["pid"] = (fields.count("pid")) ? fields.at("pid") : "0";
r["parent"] = fields.count("ppid") ? fields.at("ppid") : "0";
r["uid"] = fields.count("uid") ? fields.at("uid") : "0";
r["euid"] = fields.count("euid") ? fields.at("euid") : "0";
r["gid"] = fields.count("gid") ? fields.at("gid") : "0";
r["egid"] = fields.count("egid") ? fields.at("euid") : "0";
r["path"] = (fields.count("exe")) ? decodeAuditValue(fields.at("exe")) : "";
// This should get overwritten during the EXECVE state.
r["cmdline"] = (fields.count("comm")) ? fields.at("comm") : "";
// Do not record a cmdline size. If the final state is reached and no 'argc'
// has been filled in then the EXECVE state was not used.
r["cmdline_size"] = "";
r["overflows"] = "";
r["env_size"] = "0";
r["env_count"] = "0";
r["env"] = "";
}
if (ec->type == AUDIT_EXECVE) {
// Reset the temporary storage from the SYSCALL state.
r["cmdline"] = "";
for (const auto& arg : fields) {
if (arg.first == "argc") {
continue;
}
// Amalgamate all the "arg*" fields.
if (r.at("cmdline").size() > 0) {
r["cmdline"] += " ";
}
r["cmdline"] += decodeAuditValue(arg.second);
}
// There may be a better way to calculate actual size from audit.
// Then an overflow could be calculated/determined based on actual/expected.
r["cmdline_size"] = std::to_string(r.at("cmdline").size());
}
if (ec->type == AUDIT_PATH) {
r["mode"] = (fields.count("mode")) ? fields.at("mode") : "";
r["owner_uid"] = fields.count("ouid") ? fields.at("ouid") : "0";
r["owner_gid"] = fields.count("ogid") ? fields.at("ogid") : "0";
auto qd = SQL::selectAllFrom("file", "path", EQUALS, r.at("path"));
if (qd.size() == 1) {
r["ctime"] = qd.front().at("ctime");
r["atime"] = qd.front().at("atime");
r["mtime"] = qd.front().at("mtime");
r["btime"] = "0";
}
// Uptime is helpful for execution-based events.
r["uptime"] = std::to_string(tables::getUptime());
}
}示例4: generateRow
std::string generateRow(const Row& r,
const std::map<std::string, int>& lengths,
const std::vector<std::string>& order) {
std::ostringstream row;
row << "|";
for (const auto& each : order) {
row << " ";
try {
row << r.at(each);
for (int i = 0; i < (lengths.at(each) - r.at(each).size() + 1); ++i) {
row << " ";
}
} catch (const std::out_of_range& e) {
LOG(ERROR) << "printing the faulty row";
for (const auto& foo : r) {
LOG(ERROR) << foo.first << " => " << foo.second;
}
LOG(ERROR) << "Error retreiving the \"" << each
<< "\" key in generateRow: " << e.what();
}
row << "|";
}
row << "\n";
return row.str();
}示例5: Callback
Status YARAEventSubscriber::Callback(const FileEventContextRef& ec,
const void* user_data) {
if (user_data == nullptr) {
return Status(1, "No YARA category string provided");
}
if (ec->action != "UPDATED" && ec->action != "CREATED") {
return Status(1, "Invalid action");
}
Row r;
r["action"] = ec->action;
r["target_path"] = ec->path;
r["category"] = *(std::string*)user_data;
// Only FSEvents transactions updates (inotify is a no-op).
r["transaction_id"] = INTEGER(ec->transaction_id);
// These are default values, to be updated in YARACallback.
r["count"] = INTEGER(0);
r["matches"] = std::string("");
r["strings"] = std::string("");
r["tags"] = std::string("");
ConfigDataInstance config;
const auto& parser = config.getParser("yara");
if (parser == nullptr)
return Status(1, "ConfigParser unknown.");
const auto& yaraParser = std::static_pointer_cast<YARAConfigParserPlugin>(parser);
auto rules = yaraParser->rules();
// Use the category as a lookup into the yara file_paths. The value will be
// a list of signature groups to scan with.
auto category = r.at("category");
const auto& yara_config = config.getParsedData("yara");
const auto& yara_paths = yara_config.get_child("file_paths");
const auto& sig_groups = yara_paths.find(category);
for (const auto& rule : sig_groups->second) {
const std::string group = rule.second.data();
int result = yr_rules_scan_file(rules[group],
ec->path.c_str(),
SCAN_FLAGS_FAST_MODE,
YARACallback,
(void*)&r,
0);
if (result != ERROR_SUCCESS) {
return Status(1, "YARA error: " + std::to_string(result));
}
}
if (ec->action != "" && r.at("matches").size() > 0) {
add(r, ec->time);
}
return Status(0, "OK");
}示例6: genBrowserPlugin
void genBrowserPlugin(const std::string& uid,
const std::string& path,
QueryData& results,
bool is_disabled = false) {
Row r;
pt::ptree tree;
r["uid"] = uid;
auto info_path = path + "/Contents/Info.plist";
// Ensure that what we're processing is actually a plug-in.
if (!pathExists(info_path)) {
return;
}
if (osquery::parsePlist(info_path, tree).ok()) {
// Plugin did not include an Info.plist, or it was invalid
for (const auto& it : kBrowserPluginKeys) {
r[it.second] = tree.get(it.first, "");
// Convert bool-types to an integer.
jsonBoolAsInt(r[it.second]);
}
}
if (r.count("native") == 0 || r.at("native").size() == 0) {
// The default case for native execution is false.
r["native"] = "0";
}
r["path"] = path;
r["disabled"] = (is_disabled) ? "1" : "0";
results.push_back(std::move(r));
}示例7: expireCheck
void EventSubscriberPlugin::expireCheck(bool cleanup) {
auto data_key = "data." + dbNamespace();
auto eid_key = "eid." + dbNamespace();
// Min key will be the last surviving key.
size_t min_key = 0;
{
auto limit = getEventsMax();
std::vector<std::string> keys;
scanDatabaseKeys(kEvents, keys, data_key);
if (keys.size() <= limit) {
return;
}
// There is an overflow of events buffered for this subscriber.
LOG(WARNING) << "Expiring events for subscriber: " << getName()
<< " (limit " << limit << ")";
VLOG(1) << "Subscriber events " << getName() << " exceeded limit " << limit
<< " by: " << keys.size() - limit;
// Inspect the N-FLAGS_events_max -th event's value and expire before the
// time within the content.
std::string last_key;
getDatabaseValue(kEvents, eid_key, last_key);
// The EID is the next-index.
// EID - events_max is the most last-recent event to keep.
min_key = boost::lexical_cast<size_t>(last_key) - getEventsMax();
if (cleanup) {
// Scan each of the keys in keys, if their ID portion is < min_key.
// Nix them, this requires lots of conversions, use with care.
for (const auto& key : keys) {
if (std::stoul(key.substr(key.rfind('.') + 1)) < min_key) {
deleteDatabaseValue(kEvents, key);
}
}
}
}
// Convert the key index into a time using the content.
// The last-recent event is fetched and the corresponding time is used as
// the expiration time for the subscriber.
std::string content;
getDatabaseValue(kEvents, data_key + "." + std::to_string(min_key), content);
// Decode the value into a row structure to extract the time.
Row r;
if (!deserializeRowJSON(content, r) || r.count("time") == 0) {
return;
}
// The last time will become the implicit expiration time.
size_t last_time = boost::lexical_cast<size_t>(r.at("time"));
if (last_time > 0) {
expire_time_ = last_time;
}
// Finally, attempt an index query to trigger expirations.
// In this case the result set is not used.
getIndexes(expire_time_, 0);
}示例8: genBrowserPlugin
void genBrowserPlugin(const std::string& uid,
const std::string& path,
QueryData& results) {
Row r;
pt::ptree tree;
r["uid"] = uid;
if (osquery::parsePlist(path + "/Contents/Info.plist", tree).ok()) {
// Plugin did not include an Info.plist, or it was invalid
for (const auto& it : kBrowserPluginKeys) {
r[it.second] = tree.get(it.first, "");
// Convert bool-types to an integer.
jsonBoolAsInt(r[it.second]);
}
}
if (r.count("native") == 0 || r.at("native").size() == 0) {
// The default case for native execution is false.
r["native"] = "0";
}
r["path"] = path;
results.push_back(std::move(r));
}示例9: genFDEStatusForBSDName
void genFDEStatusForBSDName(const std::string& bsd_name,
const std::string& uuid,
QueryData& results) {
auto matching_dict =
IOBSDNameMatching(kIOMasterPortDefault, kNilOptions, bsd_name.c_str());
if (matching_dict == nullptr) {
CFRelease(matching_dict);
return;
}
auto service =
IOServiceGetMatchingService(kIOMasterPortDefault, matching_dict);
if (!service) {
IOObjectRelease(service);
return;
}
CFMutableDictionaryRef properties;
IORegistryEntryCreateCFProperties(
service, &properties, kCFAllocatorDefault, kNilOptions);
Row r;
r["name"] = kDeviceNamePrefix + bsd_name;
r["uuid"] = uuid;
auto encrypted = getIOKitProperty(properties, kCoreStorageIsEncryptedKey_);
r["encrypted"] = (encrypted.empty()) ? "0" : encrypted;
r["type"] = (r.at("encrypted") == "1") ? kEncryptionType : std::string();
results.push_back(r);
CFRelease(properties);
IOObjectRelease(service);
}示例10: genIOMediaDevice
void genIOMediaDevice(const io_service_t& device,
std::vector<std::string>& whole_devices,
QueryData& results) {
Row r;
// Get the device properties
CFMutableDictionaryRef properties;
IORegistryEntryCreateCFProperties(
device, &properties, kCFAllocatorDefault, kNilOptions);
r["uuid"] = getIOKitProperty(properties, "UUID");
r["name"] = "/dev/" + getIOKitProperty(properties, "BSD Name");
r["size"] = getIOKitProperty(properties, "Size");
auto type = getIOKitProperty(properties, "Whole");
if (type == "1") {
// The "Whole" property applies to the entire disk entry, not partitions.
whole_devices.push_back(r["name"]);
} else {
// Otherwise search the list of whole disks to find the node parent.
for (const auto& parent : whole_devices) {
if (r.at("name").find(parent) == 0) {
r["parent"] = parent;
}
}
}
// This is the IOKit name, which is the device's label.
io_name_t name;
auto kr = IORegistryEntryGetName(device, name);
if (kr == KERN_SUCCESS && (char*)name != nullptr) {
r["label"] = std::string(name);
}
// Remaining details come from the Disk Arbitration service.
DASessionRef session = DASessionCreate(kCFAllocatorDefault);
CFDictionaryRef details;
if (session != nullptr) {
auto disk = DADiskCreateFromIOMedia(kCFAllocatorDefault, session, device);
if (disk != nullptr) {
details = DADiskCopyDescription(disk);
if (details != nullptr) {
r["vendor"] =
getIOKitProperty((CFMutableDictionaryRef)details, "DADeviceVendor");
r["model"] =
getIOKitProperty((CFMutableDictionaryRef)details, "DADeviceModel");
r["type"] = getIOKitProperty((CFMutableDictionaryRef)details,
"DADeviceProtocol");
CFRelease(details);
}
CFRelease(disk);
}
CFRelease(session);
}
results.push_back(r);
CFRelease(properties);
}示例11: genControlInfo
void genControlInfo(const std::string& mib_path,
QueryData& results,
const std::map<std::string, std::string>& config) {
if (isDirectory(mib_path).ok()) {
// Iterate through the subitems and items.
std::vector<std::string> items;
if (listDirectoriesInDirectory(mib_path, items).ok()) {
for (const auto& item : items) {
genControlInfo(item, results, config);
}
}
if (listFilesInDirectory(mib_path, items).ok()) {
for (const auto& item : items) {
genControlInfo(item, results, config);
}
}
return;
}
// This is a file (leaf-control).
Row r;
r["name"] = mib_path.substr(kSystemControlPath.size());
std::replace(r["name"].begin(), r["name"].end(), '/', '.');
// No known way to convert name MIB to int array.
r["subsystem"] = osquery::split(r.at("name"), ".")[0];
if (isReadable(mib_path).ok()) {
std::string content;
readFile(mib_path, content);
boost::trim(content);
r["current_value"] = content;
}
if (config.count(r.at("name")) > 0) {
r["config_value"] = config.at(r.at("name"));
}
r["type"] = "string";
results.push_back(r);
}示例12: next
bool SelectionOperator::next() {
assert(isOpen);
while (in.next()) {
Row input = in.getOutput();
if (*(input.at(index)) == constant)
return true;
}
return false;
}示例13: recordQueryPerformance
void Config::recordQueryPerformance(const std::string& name,
size_t delay,
size_t size,
const Row& r0,
const Row& r1) {
// Grab a lock on the schedule structure and check the name.
ConfigDataInstance config;
if (config.schedule().count(name) == 0) {
// Unknown query schedule name.
return;
}
// Grab access to the non-const schedule item.
auto& query = getInstance().data_.schedule.at(name);
auto diff = strtol(r1.at("user_time").c_str(), nullptr, 10) -
strtol(r0.at("user_time").c_str(), nullptr, 10);
query.user_time += diff;
diff = strtol(r1.at("system_time").c_str(), nullptr, 10) -
strtol(r0.at("system_time").c_str(), nullptr, 10);
query.system_time += diff;
diff = strtol(r1.at("resident_size").c_str(), nullptr, 10) -
strtol(r0.at("resident_size").c_str(), nullptr, 10);
// Memory is stored as an average of BSS changes between query executions.
query.memory =
(query.memory * query.executions + diff) / (query.executions + 1);
query.wall_time += delay;
query.output_size += size;
query.executions += 1;
}示例14: addDatabaseItems
//add database items into this tree, be careful!
//input: the database items pointer p_d
//retval: bool; true--> add all of them ok
// false--> something goes wrong
bool Tree:: addDatabaseItems( const Mat<double> * p_d )
{
size_t r,c;
TreeNode * current;
Mat<double> result;
r = p_d->n_rows;
c = p_d->n_cols - 1 ;
Row< double > tmp;
for( size_t i = 0 ; i < r ; i ++ )
{
tmp = p_d->row( i );
tmp.at( c ) = 1; //the x sample needs to become this x=[x0 x1 x2 ... 1 ]
current = root;
while( (current != NULL) && ( current->isInternal() ))
{
result = tmp * (current->intL).pvector->at(0) ;
if( result.at( 0 ) > 0 )
{
current = current->intL.left;
}else
{
current = current->intL.right;
}
}
if( NULL == current )
{
cerr <<"current is null in the addDatabaseIntems()\b";
return false;
}
if( NULL == current->leafL.puivector )
{
current->leafL.puivector = new vector< unsigned int >;
}
(current->leafL).puivector->push_back( i );
}
return true;
}示例15: genFDEStatusForBSDName
void genFDEStatusForBSDName(const std::string& bsd_name,
const std::string& uuid,
QueryData& results) {
auto matching_dict =
IOBSDNameMatching(kIOMasterPortDefault, kNilOptions, bsd_name.c_str());
if (matching_dict == nullptr) {
return;
}
auto service =
IOServiceGetMatchingService(kIOMasterPortDefault, matching_dict);
if (!service) {
return;
}
CFMutableDictionaryRef properties;
if (IORegistryEntryCreateCFProperties(
service, &properties, kCFAllocatorDefault, kNilOptions) !=
KERN_SUCCESS) {
IOObjectRelease(service);
return;
}
Row r;
r["name"] = kDeviceNamePrefix + bsd_name;
r["uuid"] = uuid;
auto encrypted = getIOKitProperty(properties, kCoreStorageIsEncryptedKey_);
if (encrypted.empty()) {
r["encrypted"] = "0";
} else {
r["encrypted"] = encrypted;
id_t uid;
uuid_string_t uuid_string = {0};
if (genUid(uid, uuid_string).ok()) {
r["uid"] = BIGINT(uid);
r["user_uuid"] = TEXT(uuid_string);
}
}
r["type"] = (r.at("encrypted") == "1") ? kEncryptionType : std::string();
results.push_back(r);
CFRelease(properties);
IOObjectRelease(service);
}