Status Query::addNewResults(const QueryData& current_qd, DiffResults& dr, bool calculate_diff, DBHandleRef db) { // Get the rows from the last run of this query name. QueryData previous_qd; auto status = getPreviousQueryResults(previous_qd); // Sanitize all non-ASCII characters from the query data values. QueryData escaped_current_qd; escapeQueryData(current_qd, escaped_current_qd); // Calculate the differential between previous and current query results. if (calculate_diff) { dr = diff(previous_qd, escaped_current_qd); } // Replace the "previous" query data with the current. std::string json; status = serializeQueryDataJSON(escaped_current_qd, json); if (!status.ok()) { return status; } status = db->Put(kQueries, name_, json); if (!status.ok()) { return status; } return Status(0, "OK"); }
osquery::Status Query::addNewResults(const osquery::QueryData& qd, osquery::DiffResults& dr, bool calculate_diff, int unix_time, std::shared_ptr<DBHandle> db) { HistoricalQueryResults hQR; auto hqr_status = getHistoricalQueryResults(hQR, db); if (!hqr_status.ok() && hqr_status.toString() != kQueryNameNotFoundError) { return hqr_status; } QueryData escaped_qd; // remove all non-ascii characters from the string escapeQueryData(qd, escaped_qd); if (calculate_diff) { dr = diff(hQR.mostRecentResults.second, escaped_qd); } hQR.mostRecentResults.first = unix_time; hQR.mostRecentResults.second = escaped_qd; std::string json; auto serialize_status = serializeHistoricalQueryResultsJSON(hQR, json); if (!serialize_status.ok()) { return serialize_status; } auto put_status = db->Put(kQueries, name_, json); if (!put_status.ok()) { return put_status; } return Status(0, "OK"); }