QueryData genALFServices(QueryContext& context) {
pt::ptree tree;
auto s = genALFTreeFromFilesystem(tree);
if (!s.ok()) {
return {};
}
return parseALFServicesTree(tree);
}
TEST_F(FirewallTests, test_parse_alf_services_tree) {
pt::ptree tree = getALFTree();
auto results = parseALFServicesTree(tree);
osquery::QueryData expected = {
{
{"service", "Apple Remote Desktop"},
{"process", "AppleVNCServer"},
{"state", "0"},
},
{
{"service", "FTP"}, {"process", "ftpd"}, {"state", "0"},
},
{
{"service", "ODSAgent"}, {"process", "ODSAgent"}, {"state", "0"},
},
{
{"service", "File Sharing"},
{"process", "AppleFileServer"},
{"state", "0"},
},
{
{"service", "Web Sharing"}, {"process", "httpd"}, {"state", "0"},
},
{
{"service", "Printer Sharing"}, {"process", "cupsd"}, {"state", "0"},
},
{
{"service", "Remote Apple Events"},
{"process", "AEServer"},
{"state", "0"},
},
{
{"service", "SSH"}, {"process", "sshd-keygen-wrapper"}, {"state", "0"},
},
{
{"service", "Samba Sharing"}, {"process", "smbd"}, {"state", "0"},
},
};
EXPECT_EQ(results, expected);
}
