-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add missing validation to fix last
table
#6147
Conversation
@joaogodinho thanks for this PR, looks good! Please fix that small issue with commas and remember to sign the CLA. |
|
Hi @directionless, the tests failure is related to the containers not populating the I've discussed this with Stefano on the code-review channel on slack. As soon as I have the code, I'll also update the first comment to reflect the choices and what was discussed. |
The unit test idea looks good, but it does have an important downside, which is that the integration test will never test the conditions on the CI, because the system file won't have records in it. Unfortunately since the implementation of a table is with free functions and we cannot change the parameters of the generate functions that sqlite has to call, the only possible alternative I see is to use a global variable in the table code, which stores the path to the file the table has to parse. In theory we could have the CI use a custom wtmp file, put in the system path, but this might not always work when a user launches tests locally. |
Correct, this won't test the table itself in any CI that's run inside a container. I've spent a good time trying to find a way for the test to call the wtmp lib directly to some tmp file, but I couldn't implement one that wouldn't had multiple |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct, this won't test the table itself in any CI that's run inside a container.
I've spent a good time trying to find a way for the test to call the wtmp lib directly to some tmp file, but I couldn't implement one that wouldn't had multiple
#ifdef
due the different OSes, which would in the end limit the tests as well, because in Apple and FreeBSD (ifsetutxdb
is not available) we can't set which wtmp file to parse. If we wanted to be pedantic about the tests, we'd still need to have a test for when we can read from the file, and one for when we can't.
Unfortunately I don't think that running them outside a container would change anything, because the VM it's run on it's destroyed after each pipeline run, so it would most likely not have any record in it.
My request was due to the fact that we rely on tests not failing in the CI, beyond manual review, to decide if a PR can be merged, or if there are regressions.
A test that never really run on the CI is a tad less useful.
Though I understand that the current situation is not ideal, we should have another structure for implementing table code; so thanks for trying!
Lets keep this structure, but please address my comment below.
The MacOS VM does (check here), but it's the only one, since Linux is using containers.
I agree, unfortunately I don't have the resources right now to learn more about C++ and OSQuery structure itself.
I will, I also have a minor fix for the test that I probably discard accidentally. 🙏 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Last round :).
Also remember to format the code with make format
from the build folder before committing.
Co-Authored-By: Stefano Bonicatti <smjert@gmail.com>
Co-Authored-By: Stefano Bonicatti <smjert@gmail.com>
Co-Authored-By: Stefano Bonicatti <smjert@gmail.com>
Co-Authored-By: Stefano Bonicatti <smjert@gmail.com>
ping @Smjert 😃 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Sorry for the delay.
A validation was added to the
genLastAccess
function (#5274) which would filter for login events only (USER_PROCESS
). This change breaks the intent of thelast
table, which should show logins and logouts.This PR updates extracts the
last
implementation to its own function, which is OS independent, enabling tests to be made to the implementation, as well as adding a test for the content (if existing) of thelast
table.The reasoning for the validation in the first place is to remove information unrelated to user login/logout (check
man wtmp
for more info).