-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend the fields of curl_certificate table #6176
Extend the fields of curl_certificate table #6176
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR!
Also remember to check the formatting with make format_check
, the Linux builds will fail if the code is not formatted correctly.
658e82d
to
1560623
Compare
Looks good, sorry for the follow up, but I think we can drop the “ssl_” prefix to the column names, thoughts? |
Thanks, Teddy for the review. I will fix the field name changes. |
d0e21a5
to
ff177f8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for bearing with me on the nitpicks. I have a final round then we can merge ASAP!
} | ||
|
||
static std::string signature(X509* cert) { | ||
X509_ALGOR* algo; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
= nullptr
specs/curl_certificate.table
Outdated
Column("info_access", TEXT, "Authority Information Access"), | ||
Column("subject_info_access", TEXT, "Subject Information Access"), | ||
Column("policy_mappings", TEXT, "Policy Mappings"), | ||
Column("certificate_has_expired", INTEGER, "Boolean value if certificate expired"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mind updating the description to 1 if the certificate has expired, otherwise 0
} | ||
|
||
Status getTLSCertificate(std::string hostname, QueryData& results) { | ||
Status getTLSCertificate(std::string hostname, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like this hostname
should be passed by const reference const std::string& hostname
. Do you mind making this change while you're improving the table in this PR?
auto length = bio_buf->length; | ||
if (bio_buf->data[length - 1] == '\n' || | ||
bio_buf->data[length - 1] == '\r') { | ||
bio_buf->data[length - 1] = (char)0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not \0
;
} | ||
|
||
if (bio_buf->data[length] == '\n' || bio_buf->data[length] == '\r') { | ||
bio_buf->data[length] = (char)0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not \0
;
Add certificate in pem format to table Add new extension to the table Add algorithm signature to the table Add condition to dump certificate fix leaking bio_out
fixup! change the field names
ff177f8
to
80fa8c1
Compare
@theopolis thanks for the review! |
@theopolis thanks! |
… to master * commit '8c13dd6bd206f2909a4baea5bcfbc91d5e3f502b': (159 commits) release: updating changelog for 4.3.0 release (osquery#6387) Build hvci_status table with CMake (osquery#6378) Change calls to debug log to verbose (osquery#6369) iokit: Fix race when accessing port_ (osquery#6380) Check extensions are registered with osquery core (osquery#6374) First steps to remove the Buck build system (osquery#6361) Return error detaching table, only use primary database (osquery#6373) Copy the parent environment when launching worker Change process table log errors to info and fix typo (osquery#6370) Ensure the extension uuid is never 0 (osquery#6377) Remove errors when converting empty numeric rows (osquery#6371) Do not force a specific path to install osquery on Windows (osquery#6379) Fix readFile API doing blocking I/O with a non-blocking handle (osquery#6368) magic: Check return from magic_file (osquery#6363) macos: Use -1 for missing ppid in process_events (osquery#6339) Update OpenSSL to version 1.1.1f and fix build (osquery#6359) Simplify how third party libraries formula work (osquery#6303) Add socket_events table for socket auditing in MacOS (osquery#6028) Extend the fields of curl_certificate table (osquery#6176) add status column to deb_packages table (osquery#6341) ...
The additional columns in the
curl_certificate
table include the version number, signature algorithm, x509v3 extensions, and the certificate in PEM format. The certificate can be dumped by setting thedump_certificate
configuration.An example output: