QueryData genBrowserPlugins(QueryContext& context) {
QueryData results;
std::vector<std::string> bundles;
// The caller is not requesting a JOIN against users.
// This is "special" logic for user data-based tables since there is a concept
// of system-available browser extensions.
if (context.constraints["uid"].notExistsOrMatches("0")) {
std::vector<std::string> bundles;
if (listDirectoriesInDirectory(kBrowserPluginsPath, bundles).ok()) {
for (const auto& dir : bundles) {
genBrowserPlugin("0", dir, results);
}
}
}
// Iterate over each user
auto users = usersFromContext(context);
for (const auto& row : users) {
if (row.count("uid") > 0 && row.count("directory") > 0) {
std::vector<std::string> bundles;
auto dir = fs::path(row.at("directory")) / kBrowserPluginsPath;
if (listDirectoriesInDirectory(dir, bundles).ok()) {
for (const auto& dir : bundles) {
genBrowserPlugin(row.at("uid"), dir, results);
}
}
}
}
return results;
}
QueryData genBrowserPlugins(QueryContext& context) {
QueryData results;
std::vector<std::string> bundles;
// Lambda to walk through each browser plugin and process the plist file.
auto enum_browser_plugins = [&results](const fs::path& path,
const std::string& uid) {
std::vector<std::string> bundles;
if (listDirectoriesInDirectory(path, bundles).ok()) {
for (const auto& dir : bundles) {
genBrowserPlugin(uid, dir, results, false);
}
}
// Check if the plugin is the 'Disabled' folder.
std::vector<std::string> disabled_bundles;
auto dis_path = path / "Disabled Plug-Ins";
if (listDirectoriesInDirectory(dis_path, disabled_bundles).ok()) {
for (const auto& disabled_dir : disabled_bundles) {
genBrowserPlugin(uid, disabled_dir, results, true);
}
}
};
// The caller is not requesting a JOIN against users. This is "special" logic
// for user data-based tables since there is a concept of system-available
// browser extensions.
if (context.constraints["uid"].notExistsOrMatches("0")) {
enum_browser_plugins(kBrowserPluginsPath, "0");
}
// Iterate over each user
auto users = usersFromContext(context);
for (const auto& row : users) {
if (row.count("uid") > 0 && row.count("directory") > 0) {
auto dir = fs::path(row.at("directory")) / kBrowserPluginsPath;
enum_browser_plugins(dir, row.at("uid"));
}
}
return results;
}
QueryData genBrowserPlugins(QueryContext& context) {
QueryData results;
std::vector<std::string> bundles;
if (listDirectoriesInDirectory(kBrowserPluginsPath, bundles).ok()) {
for (const auto& dir : bundles) {
genBrowserPlugin(dir, results);
}
}
auto homes = osquery::getHomeDirectories();
for (const auto& home : homes) {
bundles.clear();
if (listDirectoriesInDirectory(home / kBrowserPluginsPath, bundles).ok()) {
for (const auto& dir : bundles) {
genBrowserPlugin(dir, results);
}
}
}
return results;
}
