Status serializeQueryLogItemAsEvents(const QueryLogItem& item, JSON& doc) { auto temp_doc = JSON::newObject(); if (!item.results.added.empty() || !item.results.removed.empty()) { auto status = serializeDiffResults( item.results, item.columns, temp_doc, temp_doc.doc()); if (!status.ok()) { return status; } } else if (!item.snapshot_results.empty()) { auto arr = doc.getArray(); auto status = serializeQueryData(item.snapshot_results, {}, temp_doc, arr); if (!status.ok()) { return status; } temp_doc.add("snapshot", arr); } else { // This error case may also be represented in serializeQueryLogItem. return Status(1, "No differential or snapshot results"); } for (auto& action : temp_doc.doc().GetObject()) { for (auto& row : action.value.GetArray()) { auto obj = doc.getObject(); serializeEvent(item, row, doc, obj); doc.addCopy("action", action.name.GetString(), obj); doc.push(obj); } } return Status(); }
TEST_F(ResultsTests, test_serialize_diff_results) { auto results = getSerializedDiffResults(); pt::ptree tree; auto s = serializeDiffResults(results.second, tree); EXPECT_TRUE(s.ok()); EXPECT_EQ(s.toString(), "OK"); EXPECT_EQ(results.first, tree); }
Status serializeDiffResultsJSON(const DiffResults& d, std::string& json) { auto doc = JSON::newObject(); ColumnNames cols; auto status = serializeDiffResults(d, cols, doc, doc.doc()); if (!status.ok()) { return status; } return doc.toString(json); }
Status serializeDiffResultsJSON(const DiffResults& d, std::string& json) { try { pt::ptree tree; auto s = serializeDiffResults(d, tree); if (!s.ok()) { return s; } std::ostringstream ss; pt::write_json(ss, tree, false); json = ss.str(); } catch (const std::exception& e) { return Status(1, e.what()); } return Status(0, "OK"); }
Status serializeQueryLogItemAsEvents(const QueryLogItem& i, pt::ptree& tree) { pt::ptree diff_results; auto status = serializeDiffResults(i.results, diff_results); if (!status.ok()) { return status; } for (auto& action : diff_results) { for (auto& row : action.second) { pt::ptree event; serializeEvent(i, row.second, event); event.put<std::string>("action", action.first); tree.push_back(std::make_pair("", event)); } } return Status(0, "OK"); }
Status serializeDiffResultsJSON(const DiffResults& d, std::string& json) { pt::ptree tree; auto status = serializeDiffResults(d, tree); if (!status.ok()) { return status; } std::ostringstream output; try { pt::write_json(output, tree, false); } catch (const pt::json_parser::json_parser_error& e) { // The content could not be represented as JSON. return Status(1, e.what()); } json = output.str(); return Status(0, "OK"); }
Status serializeScheduledQueryLogItem(const ScheduledQueryLogItem& i, boost::property_tree::ptree& tree) { try { pt::ptree diffResults; auto diff_results_status = serializeDiffResults(i.diffResults, diffResults); if (!diff_results_status.ok()) { return diff_results_status; } tree.add_child("diffResults", diffResults); tree.put<std::string>("name", i.name); tree.put<std::string>("hostname", i.hostname); tree.put<std::string>("calendarTime", i.calendarTime); tree.put<int>("unixTime", i.unixTime); } catch (const std::exception& e) { return Status(1, e.what()); } return Status(0, "OK"); }
Status serializeQueryLogItem(const QueryLogItem& item, pt::ptree& tree) { pt::ptree results_tree; if (item.results.added.size() > 0 || item.results.removed.size() > 0) { auto status = serializeDiffResults(item.results, results_tree); if (!status.ok()) { return status; } tree.add_child("diffResults", results_tree); } else { auto status = serializeQueryData(item.snapshot_results, results_tree); if (!status.ok()) { return status; } tree.add_child("snapshot", results_tree); tree.put<std::string>("action", "snapshot"); } addLegacyFieldsAndDecorations(item, tree); return Status(0, "OK"); }
Status serializeQueryLogItemAsEvents(const QueryLogItem& i, pt::ptree& tree) { pt::ptree diff_results; // Note, snapshot query results will bypass the "AsEvents" call, even when // log_result_events is set. This is because the schedule will call an // explicit ::logSnapshotQuery, which does not check for the result_events // configuration. auto status = serializeDiffResults(i.results, diff_results); if (!status.ok()) { return status; } for (auto& action : diff_results) { for (auto& row : action.second) { pt::ptree event; serializeEvent(i, row.second, event); event.put<std::string>("action", action.first); tree.push_back(std::make_pair("", event)); } } return Status(0, "OK"); }
Status serializeQueryLogItem(const QueryLogItem& i, pt::ptree& tree) { pt::ptree results_tree; if (i.results.added.size() > 0 || i.results.removed.size() > 0) { auto status = serializeDiffResults(i.results, results_tree); if (!status.ok()) { return status; } tree.add_child("diffResults", results_tree); } else { auto status = serializeQueryData(i.snapshot_results, results_tree); if (!status.ok()) { return status; } tree.add_child("snapshot", results_tree); } tree.put<std::string>("name", i.name); tree.put<std::string>("hostIdentifier", i.identifier); tree.put<std::string>("calendarTime", i.calendar_time); tree.put<int>("unixTime", i.time); return Status(0, "OK"); }
Status serializeScheduledQueryLogItemAsEvents( const ScheduledQueryLogItem& item, boost::property_tree::ptree& tree) { try { pt::ptree diff_results; auto status = serializeDiffResults(item.diffResults, diff_results); if (!status.ok()) { return status; } for (auto& i : diff_results) { for (auto& j : i.second) { pt::ptree event; serializeEvent(item, j.second, event); event.put<std::string>("action", i.first); tree.push_back(std::make_pair("", event)); } } } catch (const std::exception& e) { return Status(1, e.what()); } return Status(0, "OK"); }
Status serializeQueryLogItem(const QueryLogItem& item, JSON& doc) { if (item.results.added.size() > 0 || item.results.removed.size() > 0) { auto obj = doc.getObject(); auto status = serializeDiffResults(item.results, item.columns, doc, obj); if (!status.ok()) { return status; } doc.add("diffResults", obj); } else { auto arr = doc.getArray(); auto status = serializeQueryData(item.snapshot_results, item.columns, doc, arr); if (!status.ok()) { return status; } doc.add("snapshot", arr); doc.addRef("action", "snapshot"); } addLegacyFieldsAndDecorations(item, doc, doc.doc()); return Status(); }