Documentation
¶
Overview ¶
Package table creates an osquery table plugin.
Index ¶
- Constants
- type ColumnDefinition
- type ColumnType
- type Constraint
- type ConstraintList
- type GenerateFunc
- type Operator
- type Plugin
- func (t *Plugin) Call(ctx context.Context, request osquery.ExtensionPluginRequest) osquery.ExtensionResponse
- func (t *Plugin) Name() string
- func (t *Plugin) Ping() osquery.ExtensionStatus
- func (t *Plugin) RegistryName() string
- func (t *Plugin) Routes() osquery.ExtensionPluginResponse
- func (t *Plugin) Shutdown()
- type QueryContext
Constants ¶
const ( ColumnTypeText ColumnType = "TEXT" ColumnTypeInteger = "INTEGER" ColumnTypeBigInt = "BIGINT" ColumnTypeDouble = "DOUBLE" )
The following column types are defined in osquery tables.h.
const ( OperatorEquals Operator = 2 OperatorGreaterThan = 4 OperatorLessThanOrEquals = 8 OperatorLessThan = 16 OperatorGreaterThanOrEquals = 32 OperatorMatch = 64 OperatorLike = 65 OperatorGlob = 66 OperatorRegexp = 67 OperatorUnique = 1 )
The following operators are dfined in osquery tables.h.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ColumnDefinition ¶
type ColumnDefinition struct {
Name string
Type ColumnType
}
ColumnDefinition defines the relevant information for a column in a table plugin. Both values are mandatory. Prefer using the *Column helpers to create ColumnDefinition structs.
func BigIntColumn ¶
func BigIntColumn(name string) ColumnDefinition
BigIntColumn is a helper for defining columns containing big integers.
func DoubleColumn ¶
func DoubleColumn(name string) ColumnDefinition
DoubleColumn is a helper for defining columns containing floating point values.
func IntegerColumn ¶
func IntegerColumn(name string) ColumnDefinition
IntegerColumn is a helper for defining columns containing integers.
func TextColumn ¶
func TextColumn(name string) ColumnDefinition
TextColumn is a helper for defining columns containing strings.
type ColumnType ¶
type ColumnType string
ColumnType is a strongly typed representation of the data type string for a column definition. The named constants should be used.
type Constraint ¶
Constraint contains both an operator and an expression that are applied as constraints in the query.
type ConstraintList ¶
type ConstraintList struct {
Affinity ColumnType
Constraints []Constraint
}
ConstraintList contains the details of the constraints for the given column.
type GenerateFunc ¶
Generate returns the rows generated by the table. The ctx argument should be checked for cancellation if the generation performs a substantial amount of work. The queryContext argument provides the deserialized JSON query context from osquery.
type Plugin ¶
type Plugin struct {
// contains filtered or unexported fields
}
func NewPlugin ¶
func NewPlugin(name string, columns []ColumnDefinition, gen GenerateFunc) *Plugin
func (*Plugin) Call ¶
func (t *Plugin) Call(ctx context.Context, request osquery.ExtensionPluginRequest) osquery.ExtensionResponse
func (*Plugin) Ping ¶
func (t *Plugin) Ping() osquery.ExtensionStatus
func (*Plugin) RegistryName ¶
func (*Plugin) Routes ¶
func (t *Plugin) Routes() osquery.ExtensionPluginResponse
type QueryContext ¶
type QueryContext struct {
// Constraints is a map from column name to the details of the
// constraints on that column.
Constraints map[string]ConstraintList
}
QueryContext contains the constraints from the WHERE clause of the query, that can optionally be used to optimize the table generation. Note that the osquery SQLite engine will perform the filtering with these constraints, so it is not mandatory that they be used in table generation.
Source Files