Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added airport table, added cased to data flatten to handle []map[string]interface{} #814

Merged
merged 17 commits into from
Apr 20, 2022
Merged

added airport table, added cased to data flatten to handle []map[string]interface{} #814

merged 17 commits into from
Apr 20, 2022

Conversation

James-Pickett
Copy link
Contributor

  • added airport table
  • added case to data flatten to handle []map[string]interface{}
  • unit tests

example outputs:

[*]osquery> select * from kolide_airport_util where option = 'scan';
+----------------------------------+--------+-------------------------------+-----------------------------------------------+-------+--------+
| fullkey                          | parent | key                           | value                                         | query | option |
+----------------------------------+--------+-------------------------------+-----------------------------------------------+-------+--------+
| 0/SSID                           | 0      | SSID                          | foo                                           | *     | scan   |
| 0/BSSID                          | 0      | BSSID                         | a0:a0:a0:a0:a0:a0                             | *     | scan   |
| 0/RSSI                           | 0      | RSSI                          | -94                                           | *     | scan   |
| 0/CHANNEL                        | 0      | CHANNEL                       | 44                                            | *     | scan   |
| 0/HT                             | 0      | HT                            | Y                                             | *     | scan   |
| 0/CC                             | 0      | CC                            | ZZ                                            | *     | scan   |
| 0/SECURITY (auth/unicast/group)  | 0      | SECURITY (auth/unicast/group) | RSN(802.1x/AES/AES)                           | *     | scan   |
| 1/SSID                           | 1      | SSID                          | bar                                           | *     | scan   |
| 1/BSSID                          | 1      | BSSID                         | a0:a0:a0:a0:a0:a0                             | *     | scan   |
| 1/RSSI                           | 1      | RSSI                          | -90                                           | *     | scan   |
| 1/CHANNEL                        | 1      | CHANNEL                       | 1                                             | *     | scan   |
| 1/HT                             | 1      | HT                            | Y                                             | *     | scan   |
| 1/CC                             | 1      | CC                            | XX                                            | *     | scan   |
| 1/SECURITY (auth/unicast/group)  | 1      | SECURITY (auth/unicast/group) | RSN(PSK/AES/AES)                              | *     | scan   |
+----------------------------------+--------+-------------------------------+-----------------------------------------------+-------+--------+

[*]osquery> select * from kolide_airport_util where option = 'scan' and query = '/RSSI';
+---------+--------+------+-------+-------+--------+
| fullkey | parent | key  | value | query | option |
+---------+--------+------+-------+-------+--------+
| 0/RSSI  | 0      | RSSI | -91   | /RSSI | scan   |
| 1/RSSI  | 1      | RSSI | -90   | /RSSI | scan   |
+---------+--------+------+-------+-------+--------+

[*]osquery> select * from kolide_airport_util where option = 'getinfo';
+-------------------+--------+-----------------+-------------------+-------+---------+
| fullkey           | parent | key             | value             | query | option  |
+-------------------+--------+-----------------+-------------------+-------+---------+
| 0/agrExtRSSI      | 0      | agrExtRSSI      | 0                 | *     | getinfo |
| 0/agrExtNoise     | 0      | agrExtNoise     | 0                 | *     | getinfo |
| 0/lastAssocStatus | 0      | lastAssocStatus | 0                 | *     | getinfo |
| 0/link auth       | 0      | link auth       | abcdfega          | *     | getinfo |
| 0/BSSID           | 0      | BSSID           | a0:a0:a0:a0:a0:a0 | *     | getinfo |
| 0/state           | 0      | state           | running           | *     | getinfo |
| 0/op mode         | 0      | op mode         | station           | *     | getinfo |
| 0/lastTxRate      | 0      | lastTxRate      | 195               | *     | getinfo |
| 0/SSID            | 0      | SSID            | foo               | *     | getinfo |
| 0/MCS             | 0      | MCS             | 7                 | *     | getinfo |
| 0/NSS             | 0      | NSS             | 2                 | *     | getinfo |
| 0/agrCtlNoise     | 0      | agrCtlNoise     | -94               | *     | getinfo |
| 0/maxRate         | 0      | maxRate         | 217               | *     | getinfo |
| 0/guardInterval   | 0      | guardInterval   | 800               | *     | getinfo |
| 0/channel         | 0      | channel         | 2                 | *     | getinfo |
| 0/agrCtlRSSI      | 0      | agrCtlRSSI      | -54               | *     | getinfo |
| 0/802.11 auth     | 0      | 802.11 auth     | abcd              | *     | getinfo |
+-------------------+--------+-----------------+-------------------+-------+---------+

[*]osquery> select * from kolide_airport_util where option = 'getinfo' and query = '/NSS';
+---------+--------+-----+-------+-------+---------+
| fullkey | parent | key | value | query | option  |
+---------+--------+-----+-------+-------+---------+
| 0/NSS   | 0      | NSS | 2     | /NSS  | getinfo |
+---------+--------+-----+-------+-------+---------+

directionless
directionless reviewed Apr 14, 2022
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks expectedly hairy. Nice. Let's walk through it tomorrow?

directionless
directionless reviewed Apr 18, 2022
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't quite wrapped my head around the tests. Generally, I think the end-to-end tests are good, but in this case, there's enough complexity in the string parsers I'd want unit tests for those.

It's an interesting general question -- a lot of our tables use the general exec-parse-return data pattern, I suspect we want some coherent test approach.

directionless
directionless previously approved these changes Apr 20, 2022
View reviewed changes
Copy link
Contributor

@directionless directionless left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd take this as is, though there are some test nits if you wanted to loop back to them

@James-Pickett James-Pickett merged commit 9bd4145 into kolide:master Apr 20, 2022
@James-Pickett James-Pickett deleted the airport_table branch April 20, 2022 17:27
@directionless directionless mentioned this pull request Aug 10, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@directionless directionless directionless approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@James-Pickett @directionless