QueryData genALFExceptions(QueryContext& context) { pt::ptree tree; auto s = genALFTreeFromFilesystem(tree); if (!s.ok()) { return {}; } return parseALFExceptionsTree(tree); }
TEST_F(FirewallTests, test_parse_alf_exceptions_tree) { pt::ptree tree = getALFTree(); auto results = parseALFExceptionsTree(tree); osquery::QueryData expected = { {{"path", "/usr/libexec/configd"}, {"state", "3"}}, {{"path", "/usr/sbin/mDNSResponder"}, {"state", "3"}}, {{"path", "/usr/sbin/racoon"}, {"state", "3"}}, {{"path", "/usr/bin/nmblookup"}, {"state", "3"}}, {{"path", "/System/Library/PrivateFrameworks/Admin.framework/Versions/A/" "Resources/readconfig"}, {"state", "3"}}, }; EXPECT_EQ(results, expected); }