Add table deb_package_files
#8657
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
| } | ||
| auto package_list = package_list_exp.take(); | ||
| for (const auto& package : package_list) { | ||
| if (has_package_constraint && allowed_packages.count(package.name) == 0) { |
There was a problem hiding this comment.
Why have has_package_constraint at all?
There was a problem hiding this comment.
Oh, I guess to differentiate between IN () and unspecified. Okay.
Might be worth a comment
There was a problem hiding this comment.
I refactored to eliminate this (and hopefully improve performance)
| if (!status.ok()) { | ||
| continue; | ||
| } | ||
| std::istringstream iss(file_content); |
There was a problem hiding this comment.
This feels weird... I think this reads the contents in (with the osquery imposed max size) and then converts it to a stream. I wonder if we should make a osquery::streamFile helper. Anyhow, I'm not sure we need to change anything in this PR, but it smells fishy
There was a problem hiding this comment.
Yeah, the reason the stringstream is created is because this is one of the clearer ways to split text up by lines (using std::getline).
osquery::streamFile could be nice for such purposes.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Pull Request Overview
This PR adds a new virtual table deb_package_files that provides information about files contained within installed DEB packages on Linux systems. It follows the same pattern as the existing rpm_package_files table.
- Implements a new table to list files from DEB packages with package name, file path, and admin directory
- Adds corresponding test coverage and table specification
- Integrates the new table into the build system
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tests/integration/tables/deb_package_files.cpp | Adds integration test for the new table |
| tests/integration/tables/CMakeLists.txt | Includes the new test file in the build |
| specs/linux/deb_package_files.table | Defines the table schema and implementation |
| specs/CMakeLists.txt | Registers the table spec for Linux builds |
| osquery/tables/system/linux/deb_packages.cpp | Implements the genDebPackageFiles function |
Comments suppressed due to low confidence (1)
osquery/tables/system/linux/deb_packages.cpp:66
- This line appears to be an unintended diff artifact showing removal of an empty line. This should be cleaned up.
} else {
deb_package_filesdeb_package_files
This is implemented following the example of
rpm_package_files. Not all of the columns from that table are available due to what is provided in the package list file.