QueryData genALFExplicitAuths(QueryContext& context) {
pt::ptree tree;
auto s = genALFTreeFromFilesystem(tree);
if (!s.ok()) {
return {};
}
return parseALFExplicitAuthsTree(tree);
}
TEST_F(FirewallTests, test_parse_alf_explicit_auths_tree) {
pt::ptree tree = getALFTree();
auto results = parseALFExplicitAuthsTree(tree);
osquery::QueryData expected = {
{{"process", "org.python.python.app"}},
{{"process", "com.apple.ruby"}},
{{"process", "com.apple.a2p"}},
{{"process", "com.apple.javajdk16.cmd"}},
{{"process", "com.apple.php"}},
{{"process", "com.apple.nc"}},
{{"process", "com.apple.ksh"}},
};
EXPECT_EQ(results, expected);
}
