C++ (Cpp) forensicReadFile Examples

Programming Language: C++ (Cpp)

Method/Function: forensicReadFile

Examples at hotexamples.com: 5

C++ (Cpp) forensicReadFile - 5 examples found. These are the top rated real world C++ (Cpp) examples of forensicReadFile extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: ssh_keys.cpp Project: ArchieBitcoin/osquery

void genSSHkeyForHosts(const std::string& uid,
                       const std::string& directory,
                       QueryData& results) {
  // Get list of files in directory
  boost::filesystem::path keys_dir = directory;
  keys_dir /= kSSHUserKeysDir;
  std::vector<std::string> files_list;
  auto status = listFilesInDirectory(keys_dir, files_list, false);
  if (!status.ok()) {
    return;
  }
  // Go through each file
  for (const auto& kfile : files_list) {
    std::string keys_content;
    if (!forensicReadFile(kfile, keys_content).ok()) {
      // Cannot read a specific keys file.
      continue;
    }

    if (keys_content.find("PRIVATE KEY") != std::string::npos) {
      // File is private key, create record for it
      Row r;
      r["uid"] = uid;
      r["path"] = kfile;
      r["encrypted"] = INTEGER(0);

      // Check to see if the file is encrypted
      if (keys_content.find("ENCRYPTED") != std::string::npos) {
        r["encrypted"] = INTEGER(1);
      }
      results.push_back(r);
    }
  }
}

Example #2

Show file

File: authorized_keys.cpp Project: FritzX6/osquery

void genSSHkeysForUser(const std::string& uid,
                       const std::string& gid,
                       const std::string& directory,
                       QueryData& results) {
  auto dropper = DropPrivileges::get();
  if (!dropper->dropTo(uid, gid)) {
    VLOG(1) << "Cannot drop privileges to UID " << uid;
    return;
  }

  for (const auto& kfile : kSSHAuthorizedkeys) {
    boost::filesystem::path keys_file = directory;
    keys_file /= kfile;

    std::string keys_content;
    if (!forensicReadFile(keys_file, keys_content).ok()) {
      // Cannot read a specific keys file.
      continue;
    }
    // Protocol 1 public key consist of: options, bits, exponent, modulus,
    // comment; Protocol 2 public key consist of: options, keytype,
    // base64-encoded key, comment.
    for (const auto& line : split(keys_content, "\n")) {
      if (!line.empty() && line[0] != '#') {
        Row r = {{"uid", uid}, {"key", line}, {"key_file", keys_file.string()}};
        results.push_back(r);
      }
    }
  }
}

Example #3

Show file

File: browser_utils.cpp Project: 1514louluo/osquery

void genExtension(const std::string& uid,
                  const std::string& path,
                  QueryData& results) {
  std::string json_data;
  if (!forensicReadFile(path + kManifestFile, json_data).ok()) {
    VLOG(1) << "Could not read file: " << path + kManifestFile;
    return;
  }

  // Read the extensions data into a JSON blob, then property tree.
  pt::ptree tree;
  try {
    std::stringstream json_stream;
    json_stream << json_data;
    pt::read_json(json_stream, tree);
  } catch (const pt::json_parser::json_parser_error& e) {
    VLOG(1) << "Could not parse JSON from: " << path + kManifestFile;
    return;
  }

  Row r;
  r["uid"] = uid;
  // Most of the keys are in the top-level JSON dictionary.
  for (const auto& it : kExtensionKeys) {
    r[it.second] = tree.get<std::string>(it.first, "");

    // Convert JSON bool-types to an integer.
    if (r[it.second] == "true") {
      r[it.second] = INTEGER(1);
    } else if (r[it.second] == "false") {
      r[it.second] = INTEGER(0);
    }
  }

  // Set the default persistence setting to false
  if (r.at("persistent") == "") {
    r["persistent"] = INTEGER(0);
  }

  r["identifier"] = fs::path(path).parent_path().parent_path().leaf().string();
  r["path"] = path;
  results.push_back(r);
}

Example #4

Show file

File: ssh_keys.cpp Project: FritzX6/osquery

void genSSHkeyForHosts(const std::string& uid,
                       const std::string& gid,
                       const std::string& directory,
                       QueryData& results) {
  auto dropper = DropPrivileges::get();
  if (!dropper->dropTo(uid, gid)) {
    VLOG(1) << "Cannot drop privileges to UID " << uid;
    return;
  }

  // Get list of files in directory
  boost::filesystem::path keys_dir = directory;
  keys_dir /= kSSHUserKeysDir;
  std::vector<std::string> files_list;
  auto status = listFilesInDirectory(keys_dir, files_list, false);
  if (!status.ok()) {
    return;
  }

  // Go through each file
  for (const auto& kfile : files_list) {
    std::string keys_content;
    if (!forensicReadFile(kfile, keys_content).ok()) {
      // Cannot read a specific keys file.
      continue;
    }

    if (keys_content.find("PRIVATE KEY") != std::string::npos) {
      // File is private key, create record for it
      Row r;
      r["uid"] = uid;
      r["path"] = kfile;
      r["encrypted"] =
          (keys_content.find("ENCRYPTED") != std::string::npos) ? "1" : "0";
      results.push_back(r);
    }
  }
}

Example #5

Show file

File: known_hosts.cpp Project: tburgin/osquery

void genSSHkeysForHosts(const std::string& uid,
                        const std::string& directory,
                        QueryData& results) {
  for (const auto& kfile : kSSHKnownHostskeys) {
    boost::filesystem::path keys_file = directory;
    keys_file /= kfile;

    std::string keys_content;
    if (!forensicReadFile(keys_file, keys_content).ok()) {
      // Cannot read a specific keys file.
      continue;
    }

    for (const auto& line : split(keys_content, "\n")) {
      if (!line.empty() && line[0] != '#') {
        Row r;
        r["uid"] = uid;
        r["key"] = line;
        r["key_file"] = keys_file.string();
        results.push_back(r);
      }
    }
  }
}