def Process(self, args) -> Iterator[rdf_osquery.OsqueryResult]:
if not config.CONFIG["Osquery.path"]:
raise RuntimeError(
"The `Osquery` action invoked on a client without "
"osquery path specified.")
if not os.path.exists(config.CONFIG["Osquery.path"]):
raise RuntimeError(
"The `Osquery` action invoked on a client where "
"osquery executable is not available.")
if not args.query:
raise ValueError("The `Osquery` was invoked with an empty query.")
output = Query(args)
# For syntax errors, osquery does not fail (exits with 0) but prints stuff
# to the standard error.
if output.stderr and not args.ignore_stderr_errors:
raise QueryError(output.stderr)
json_decoder = json.Decoder(object_pairs_hook=collections.OrderedDict)
table = ParseTable(json_decoder.decode(output.stdout))
table.query = args.query
for chunk in ChunkTable(table,
config.CONFIG["Osquery.max_chunk_size"]):
yield rdf_osquery.OsqueryResult(table=chunk, stderr=output.stderr)
def Process(self, args) -> Iterator[rdf_osquery.OsqueryResult]:
if not config.CONFIG["Osquery.path"]:
raise RuntimeError("The `Osquery` action invoked on a client without "
"osquery path specified.")
if not os.path.exists(config.CONFIG["Osquery.path"]):
raise RuntimeError("The `Osquery` action invoked on a client where "
"osquery executable is not available.")
if not args.query:
raise ValueError("The `Osquery` was invoked with an empty query.")
output = Query(args)
json_decoder = json.Decoder(object_pairs_hook=collections.OrderedDict)
table = ParseTable(json_decoder.decode(output))
table.query = args.query
for chunk in ChunkTable(table, config.CONFIG["Osquery.max_chunk_size"]):
yield rdf_osquery.OsqueryResult(table=chunk)