std::vector<std::string> ZDvidVersionDag::getParentList(const std::string &uuid) const { std::vector<std::string> uuidList; if (getParentMap().count(uuid) > 0) { std::list<std::string> parentList = getParentMap().at(uuid); uuidList.insert(uuidList.begin(), parentList.begin(), parentList.end()); } return uuidList; }
bool ZDvidVersionDag::isParent( const std::string &uuid, const std::string &parentUuid) const { if (!uuid.empty() && !parentUuid.empty()) { if (getParentMap().count(uuid) > 0) { const std::list<std::string> &parentList = getParentMap().at(uuid); if (!parentList.empty()) { return std::find(parentList.begin(), parentList.end(), parentUuid) != parentList.end(); } } } return false; }
/** * Frees the memory associated with the parent map */ void fatfs_dir_buf_free(FATFS_INFO *fatfs) { tsk_take_lock(&fatfs->dir_lock); if (fatfs->inum2par != NULL) { std::map<TSK_INUM_T, TSK_INUM_T> *tmpMap = getParentMap(fatfs); delete tmpMap; fatfs->inum2par = NULL; } tsk_release_lock(&fatfs->dir_lock); }
/** * Frees the memory associated with the parent map */ void xtaffs_dir_buf_free(XTAFFS_INFO *xtaffs) { tsk_take_lock(&xtaffs->dir_lock); if (xtaffs->inum2par != NULL) { std::map<TSK_INUM_T, TSK_INUM_T> *tmpMap = getParentMap(xtaffs); delete tmpMap; xtaffs->inum2par = NULL; } tsk_release_lock(&xtaffs->dir_lock); }
/** * Adds an entry to the parent directory map. Used to make further processing * faster. * @param fatfs File system * @param par_inum Parent folder meta data address. * @param dir_inum Sub-folder meta data address. * @returns 0 */ uint8_t fatfs_dir_buf_add(FATFS_INFO * fatfs, TSK_INUM_T par_inum, TSK_INUM_T dir_inum) { tsk_take_lock(&fatfs->dir_lock); std::map<TSK_INUM_T, TSK_INUM_T> *tmpMap = getParentMap(fatfs); (*tmpMap)[dir_inum] = par_inum; tsk_release_lock(&fatfs->dir_lock); return 0; }
/** * Looks up the parent meta address for a child from the cached list. * @param fatfs File system * @param dir_inum Inode of sub-directory to look up * @param par_inum [out] Result of lookup * @returns 0 if found and 1 if not. */ static uint8_t fatfs_dir_buf_get(FATFS_INFO * fatfs, TSK_INUM_T dir_inum, TSK_INUM_T *par_inum) { uint8_t retval = 1; tsk_take_lock(&fatfs->dir_lock); std::map<TSK_INUM_T, TSK_INUM_T> *tmpMap = getParentMap(fatfs); if (tmpMap->count( dir_inum) > 0) { *par_inum = (*tmpMap)[dir_inum]; retval = 0; } tsk_release_lock(&fatfs->dir_lock); return retval; }
void ZDvidVersionDag::print() const { const std::map<std::string, std::list<std::string> > &parentMap = getParentMap(); for (std::map<std::string, std::list<std::string> >::const_iterator iter = parentMap.begin(); iter != parentMap.end(); ++iter) { const std::string &uuid = iter->first; const std::list<std::string> &parentList = iter->second; std::cout << uuid << ":"; for (std::list<std::string>::const_iterator iter = parentList.begin(); iter != parentList.end(); ++iter) { std::cout << *iter << " "; } std::cout << std::endl; } }
QueryData genProcesses(QueryContext &context) { QueryData results; auto pidlist = getProcList(context); auto parent_pid = getParentMap(pidlist); int argmax = genMaxArgs(); for (auto &pid : pidlist) { if (!context.constraints["pid"].matches<int>(pid)) { // Optimize by not searching when a pid is a constraint. continue; } Row r; r["pid"] = INTEGER(pid); r["path"] = getProcPath(pid); // OS X proc_name only returns 16 bytes, use the basename of the path. r["name"] = boost::filesystem::path(r["path"]).filename().string(); // The command line invocation including arguments. std::string cmdline = boost::algorithm::join(getProcArgs(pid, argmax), " "); boost::algorithm::trim(cmdline); r["cmdline"] = cmdline; genProcRootAndCWD(pid, r); proc_cred cred; if (getProcCred(pid, cred)) { r["uid"] = BIGINT(cred.real.uid); r["gid"] = BIGINT(cred.real.gid); r["euid"] = BIGINT(cred.effective.uid); r["egid"] = BIGINT(cred.effective.gid); } else { r["uid"] = "-1"; r["gid"] = "-1"; r["euid"] = "-1"; r["egid"] = "-1"; } // Find the parent process. const auto parent_it = parent_pid.find(pid); if (parent_it != parent_pid.end()) { r["parent"] = INTEGER(parent_it->second); } else { r["parent"] = "-1"; } // If the path of the executable that started the process is available and // the path exists on disk, set on_disk to 1. If the path is not // available, set on_disk to -1. If, and only if, the path of the // executable is available and the file does NOT exist on disk, set on_disk // to 0. r["on_disk"] = osquery::pathExists(r["path"]).toString(); // systems usage and time information struct rusage_info_v2 rusage_info_data; int rusage_status = proc_pid_rusage( pid, RUSAGE_INFO_V2, (rusage_info_t *)&rusage_info_data); // proc_pid_rusage returns -1 if it was unable to gather information if (rusage_status == 0) { // size/memory information r["wired_size"] = TEXT(rusage_info_data.ri_wired_size); r["resident_size"] = TEXT(rusage_info_data.ri_resident_size); r["phys_footprint"] = TEXT(rusage_info_data.ri_phys_footprint); // time information r["user_time"] = TEXT(rusage_info_data.ri_user_time / 1000000); r["system_time"] = TEXT(rusage_info_data.ri_system_time / 1000000); r["start_time"] = TEXT(rusage_info_data.ri_proc_start_abstime); } else { r["wired_size"] = "-1"; r["resident_size"] = "-1"; r["phys_footprint"] = "-1"; r["user_time"] = "-1"; r["system_time"] = "-1"; r["start_time"] = "-1"; } results.push_back(r); } return results; }