Example #1
0
    def Process(self, args) -> Iterator[rdf_osquery.OsqueryResult]:
        if not config.CONFIG["Osquery.path"]:
            raise RuntimeError(
                "The `Osquery` action invoked on a client without "
                "osquery path specified.")

        if not os.path.exists(config.CONFIG["Osquery.path"]):
            raise RuntimeError(
                "The `Osquery` action invoked on a client where "
                "osquery executable is not available.")

        if not args.query:
            raise ValueError("The `Osquery` was invoked with an empty query.")

        output = Query(args)

        # For syntax errors, osquery does not fail (exits with 0) but prints stuff
        # to the standard error.
        if output.stderr and not args.ignore_stderr_errors:
            raise QueryError(output.stderr)

        json_decoder = json.Decoder(object_pairs_hook=collections.OrderedDict)

        table = ParseTable(json_decoder.decode(output.stdout))
        table.query = args.query

        for chunk in ChunkTable(table,
                                config.CONFIG["Osquery.max_chunk_size"]):
            yield rdf_osquery.OsqueryResult(table=chunk, stderr=output.stderr)
Example #2
0
  def Process(self, args) -> Iterator[rdf_osquery.OsqueryResult]:
    if not config.CONFIG["Osquery.path"]:
      raise RuntimeError("The `Osquery` action invoked on a client without "
                         "osquery path specified.")

    if not os.path.exists(config.CONFIG["Osquery.path"]):
      raise RuntimeError("The `Osquery` action invoked on a client where "
                         "osquery executable is not available.")

    if not args.query:
      raise ValueError("The `Osquery` was invoked with an empty query.")

    output = Query(args)

    json_decoder = json.Decoder(object_pairs_hook=collections.OrderedDict)

    table = ParseTable(json_decoder.decode(output))
    table.query = args.query

    for chunk in ChunkTable(table, config.CONFIG["Osquery.max_chunk_size"]):
      yield rdf_osquery.OsqueryResult(table=chunk)