Status Query::addNewResults(const QueryData& current_qd,
DiffResults& dr,
bool calculate_diff,
DBHandleRef db) {
// Get the rows from the last run of this query name.
QueryData previous_qd;
auto status = getPreviousQueryResults(previous_qd);
// Sanitize all non-ASCII characters from the query data values.
QueryData escaped_current_qd;
escapeQueryData(current_qd, escaped_current_qd);
// Calculate the differential between previous and current query results.
if (calculate_diff) {
dr = diff(previous_qd, escaped_current_qd);
}
// Replace the "previous" query data with the current.
std::string json;
status = serializeQueryDataJSON(escaped_current_qd, json);
if (!status.ok()) {
return status;
}
status = db->Put(kQueries, name_, json);
if (!status.ok()) {
return status;
}
return Status(0, "OK");
}
osquery::Status Query::addNewResults(const osquery::QueryData& qd,
osquery::DiffResults& dr,
bool calculate_diff,
int unix_time,
std::shared_ptr<DBHandle> db) {
HistoricalQueryResults hQR;
auto hqr_status = getHistoricalQueryResults(hQR, db);
if (!hqr_status.ok() && hqr_status.toString() != kQueryNameNotFoundError) {
return hqr_status;
}
QueryData escaped_qd;
// remove all non-ascii characters from the string
escapeQueryData(qd, escaped_qd);
if (calculate_diff) {
dr = diff(hQR.mostRecentResults.second, escaped_qd);
}
hQR.mostRecentResults.first = unix_time;
hQR.mostRecentResults.second = escaped_qd;
std::string json;
auto serialize_status = serializeHistoricalQueryResultsJSON(hQR, json);
if (!serialize_status.ok()) {
return serialize_status;
}
auto put_status = db->Put(kQueries, name_, json);
if (!put_status.ok()) {
return put_status;
}
return Status(0, "OK");
}
