Documentation ¶
Index ¶
- type CallFunc
- type CloseFunc
- type ExtensionManager
- type ExtensionManagerClient
- func (c *ExtensionManagerClient) Call(registry, item string, request osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error)
- func (c *ExtensionManagerClient) Close()
- func (c *ExtensionManagerClient) Extensions() (osquery.InternalExtensionList, error)
- func (c *ExtensionManagerClient) GetQueryColumns(sql string) (*osquery.ExtensionResponse, error)
- func (c *ExtensionManagerClient) Options() (osquery.InternalOptionList, error)
- func (c *ExtensionManagerClient) Ping() (*osquery.ExtensionStatus, error)
- func (c *ExtensionManagerClient) Query(sql string) (*osquery.ExtensionResponse, error)
- func (c *ExtensionManagerClient) QueryRow(sql string) (map[string]string, error)
- func (c *ExtensionManagerClient) QueryRows(sql string) ([]map[string]string, error)
- func (c *ExtensionManagerClient) RegisterExtension(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error)
- type ExtensionManagerServer
- func (s *ExtensionManagerServer) Call(ctx context.Context, registry string, item string, ...) (*osquery.ExtensionResponse, error)
- func (s *ExtensionManagerServer) Ping(ctx context.Context) (*osquery.ExtensionStatus, error)
- func (s *ExtensionManagerServer) RegisterPlugin(plugins ...OsqueryPlugin)
- func (s *ExtensionManagerServer) Run() error
- func (s *ExtensionManagerServer) Shutdown(ctx context.Context) error
- func (s *ExtensionManagerServer) Start() error
- type ExtensionsFunc
- type GetQueryColumnsFunc
- type MockExtensionManager
- func (m *MockExtensionManager) Call(registry string, item string, req osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error)
- func (m *MockExtensionManager) Close()
- func (m *MockExtensionManager) Extensions() (osquery.InternalExtensionList, error)
- func (m *MockExtensionManager) GetQueryColumns(sql string) (*osquery.ExtensionResponse, error)
- func (m *MockExtensionManager) Options() (osquery.InternalOptionList, error)
- func (m *MockExtensionManager) Ping() (*osquery.ExtensionStatus, error)
- func (m *MockExtensionManager) Query(sql string) (*osquery.ExtensionResponse, error)
- func (m *MockExtensionManager) RegisterExtension(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error)
- type OptionsFunc
- type OsqueryPlugin
- type PingFunc
- type QueryFunc
- type RegisterExtensionFunc
- type ServerOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CallFunc ¶
type CallFunc func(registry string, item string, req osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error)
type ExtensionManager ¶
type ExtensionManager interface { Close() Ping() (*osquery.ExtensionStatus, error) Call(registry, item string, req osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error) Extensions() (osquery.InternalExtensionList, error) RegisterExtension(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error) Options() (osquery.InternalOptionList, error) Query(sql string) (*osquery.ExtensionResponse, error) GetQueryColumns(sql string) (*osquery.ExtensionResponse, error) }
type ExtensionManagerClient ¶
type ExtensionManagerClient struct { Client osquery.ExtensionManager // contains filtered or unexported fields }
ExtensionManagerClient is a wrapper for the osquery Thrift extensions API.
func NewClient ¶
func NewClient(path string, timeout time.Duration) (*ExtensionManagerClient, error)
NewClient creates a new client communicating to osquery over the socket at the provided path. If resolving the address or connecting to the socket fails, this function will error.
func (*ExtensionManagerClient) Call ¶
func (c *ExtensionManagerClient) Call(registry, item string, request osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error)
Call requests a call to an extension (or core) registry plugin.
func (*ExtensionManagerClient) Close ¶
func (c *ExtensionManagerClient) Close()
Close should be called to close the transport when use of the client is completed.
func (*ExtensionManagerClient) Extensions ¶
func (c *ExtensionManagerClient) Extensions() (osquery.InternalExtensionList, error)
Extensions requests the list of active registered extensions.
func (*ExtensionManagerClient) GetQueryColumns ¶
func (c *ExtensionManagerClient) GetQueryColumns(sql string) (*osquery.ExtensionResponse, error)
GetQueryColumns requests the columns returned by the parsed query.
func (*ExtensionManagerClient) Options ¶
func (c *ExtensionManagerClient) Options() (osquery.InternalOptionList, error)
Options requests the list of bootstrap or configuration options.
func (*ExtensionManagerClient) Ping ¶
func (c *ExtensionManagerClient) Ping() (*osquery.ExtensionStatus, error)
Ping requests metadata from the extension manager.
func (*ExtensionManagerClient) Query ¶
func (c *ExtensionManagerClient) Query(sql string) (*osquery.ExtensionResponse, error)
Query requests a query to be run and returns the extension response. Consider using the QueryRow or QueryRows helpers for a more friendly interface.
func (*ExtensionManagerClient) QueryRow ¶
func (c *ExtensionManagerClient) QueryRow(sql string) (map[string]string, error)
QueryRow behaves similarly to QueryRows, but it returns an error if the query does not return exactly one row.
func (*ExtensionManagerClient) QueryRows ¶
func (c *ExtensionManagerClient) QueryRows(sql string) ([]map[string]string, error)
QueryRows is a helper that executes the requested query and returns the results. It handles checking both the transport level errors and the osquery internal errors by returning a normal Go error type.
func (*ExtensionManagerClient) RegisterExtension ¶
func (c *ExtensionManagerClient) RegisterExtension(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error)
RegisterExtension registers the extension plugins with the osquery process.
type ExtensionManagerServer ¶
type ExtensionManagerServer struct {
// contains filtered or unexported fields
}
ExtensionManagerServer is an implementation of the full ExtensionManager API. Plugins can register with an extension manager, which handles the communication with the osquery process.
func NewExtensionManagerServer ¶
func NewExtensionManagerServer(name string, sockPath string, opts ...ServerOption) (*ExtensionManagerServer, error)
NewExtensionManagerServer creates a new extension management server communicating with osquery over the socket at the provided path. If resolving the address or connecting to the socket fails, this function will error.
func (*ExtensionManagerServer) Call ¶
func (s *ExtensionManagerServer) Call(ctx context.Context, registry string, item string, request osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error)
Call routes a call from the osquery process to the appropriate registered plugin.
func (*ExtensionManagerServer) Ping ¶
func (s *ExtensionManagerServer) Ping(ctx context.Context) (*osquery.ExtensionStatus, error)
Ping implements the basic health check.
func (*ExtensionManagerServer) RegisterPlugin ¶
func (s *ExtensionManagerServer) RegisterPlugin(plugins ...OsqueryPlugin)
RegisterPlugin adds one or more OsqueryPlugins to this extension manager.
func (*ExtensionManagerServer) Run ¶
func (s *ExtensionManagerServer) Run() error
Run starts the extension manager and runs until osquery calls for a shutdown or the osquery instance goes away.
func (*ExtensionManagerServer) Shutdown ¶
func (s *ExtensionManagerServer) Shutdown(ctx context.Context) error
Shutdown stops the server and closes the listening socket.
func (*ExtensionManagerServer) Start ¶
func (s *ExtensionManagerServer) Start() error
Start registers the extension plugins and begins listening on a unix socket for requests from the osquery process. All plugins should be registered with RegisterPlugin() before calling Start().
type ExtensionsFunc ¶
type ExtensionsFunc func() (osquery.InternalExtensionList, error)
type GetQueryColumnsFunc ¶
type GetQueryColumnsFunc func(sql string) (*osquery.ExtensionResponse, error)
type MockExtensionManager ¶
type MockExtensionManager struct { CloseFunc CloseFunc CloseFuncInvoked bool PingFunc PingFunc PingFuncInvoked bool CallFunc CallFunc CallFuncInvoked bool ExtensionsFunc ExtensionsFunc ExtensionsFuncInvoked bool RegisterExtensionFunc RegisterExtensionFunc RegisterExtensionFuncInvoked bool OptionsFunc OptionsFunc OptionsFuncInvoked bool QueryFunc QueryFunc QueryFuncInvoked bool GetQueryColumnsFunc GetQueryColumnsFunc GetQueryColumnsFuncInvoked bool }
func (*MockExtensionManager) Call ¶
func (m *MockExtensionManager) Call(registry string, item string, req osquery.ExtensionPluginRequest) (*osquery.ExtensionResponse, error)
func (*MockExtensionManager) Close ¶
func (m *MockExtensionManager) Close()
func (*MockExtensionManager) Extensions ¶
func (m *MockExtensionManager) Extensions() (osquery.InternalExtensionList, error)
func (*MockExtensionManager) GetQueryColumns ¶
func (m *MockExtensionManager) GetQueryColumns(sql string) (*osquery.ExtensionResponse, error)
func (*MockExtensionManager) Options ¶
func (m *MockExtensionManager) Options() (osquery.InternalOptionList, error)
func (*MockExtensionManager) Ping ¶
func (m *MockExtensionManager) Ping() (*osquery.ExtensionStatus, error)
func (*MockExtensionManager) Query ¶
func (m *MockExtensionManager) Query(sql string) (*osquery.ExtensionResponse, error)
func (*MockExtensionManager) RegisterExtension ¶
func (m *MockExtensionManager) RegisterExtension(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error)
type OptionsFunc ¶
type OptionsFunc func() (osquery.InternalOptionList, error)
type OsqueryPlugin ¶
type OsqueryPlugin interface { // Name is the name used to refer to the plugin (eg. the name of the // table the plugin implements). Name() string // RegistryName is which "registry" the plugin should be added to. // Valid names are ["config", "logger", "table"]. RegistryName() string // Routes returns the detailed information about the interface exposed // by the plugin. See the example plugins for samples. Routes() osquery.ExtensionPluginResponse // Ping implements a health check for the plugin. If the plugin is in a // healthy state, StatusOK should be returned. Ping() osquery.ExtensionStatus // Call requests the plugin to perform its defined behavior, returning // a response containing the result. Call(context.Context, osquery.ExtensionPluginRequest) osquery.ExtensionResponse // Shutdown alerts the plugin to stop. Shutdown() }
type PingFunc ¶
type PingFunc func() (*osquery.ExtensionStatus, error)
type RegisterExtensionFunc ¶
type RegisterExtensionFunc func(info *osquery.InternalExtensionInfo, registry osquery.ExtensionRegistry) (*osquery.ExtensionStatus, error)
type ServerOption ¶
type ServerOption func(*ExtensionManagerServer)
func ServerPingInterval ¶
func ServerPingInterval(interval time.Duration) ServerOption
func ServerTimeout ¶
func ServerTimeout(timeout time.Duration) ServerOption
Directories ¶
Path | Synopsis |
---|---|
examples
|
|
gen
|
|
plugin
|
|
config
Package config creates an osquery configuration plugin.
|
Package config creates an osquery configuration plugin. |
distributed
Package distributed creates an osquery distributed query plugin.
|
Package distributed creates an osquery distributed query plugin. |
logger
Package logger creates an osquery logging plugin.
|
Package logger creates an osquery logging plugin. |
table
Package table creates an osquery table plugin.
|
Package table creates an osquery table plugin. |
Package transport provides Thrift TTransport and TServerTransport implementations for use on mac/linux (TSocket/TServerSocket) and Windows (custom named pipe implementation).
|
Package transport provides Thrift TTransport and TServerTransport implementations for use on mac/linux (TSocket/TServerSocket) and Windows (custom named pipe implementation). |