Extend the fields of curl_certificate table #6176
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
theopolis
requested changes
Jan 17, 2020
658e82d
to
1560623
Compare
|
Looks good, sorry for the follow up, but I think we can drop the “ssl_” prefix to the column names, thoughts? |
|
Thanks, Teddy for the review. I will fix the field name changes. |
d0e21a5
to
ff177f8
Compare
theopolis
requested changes
Feb 28, 2020
| } | ||
|
|
||
| static std::string signature(X509* cert) { | ||
| X509_ALGOR* algo; |
specs/curl_certificate.table
Outdated
| Column("info_access", TEXT, "Authority Information Access"), | ||
| Column("subject_info_access", TEXT, "Subject Information Access"), | ||
| Column("policy_mappings", TEXT, "Policy Mappings"), | ||
| Column("certificate_has_expired", INTEGER, "Boolean value if certificate expired"), |
There was a problem hiding this comment.
Do you mind updating the description to 1 if the certificate has expired, otherwise 0
| } | ||
|
|
||
| Status getTLSCertificate(std::string hostname, QueryData& results) { | ||
| Status getTLSCertificate(std::string hostname, |
There was a problem hiding this comment.
It looks like this hostname should be passed by const reference const std::string& hostname. Do you mind making this change while you're improving the table in this PR?
| auto length = bio_buf->length; | ||
| if (bio_buf->data[length - 1] == '\n' || | ||
| bio_buf->data[length - 1] == '\r') { | ||
| bio_buf->data[length - 1] = (char)0; |
| } | ||
|
|
||
| if (bio_buf->data[length] == '\n' || bio_buf->data[length] == '\r') { | ||
| bio_buf->data[length] = (char)0; |
Add certificate in pem format to table Add new extension to the table Add algorithm signature to the table Add condition to dump certificate fix leaking bio_out
fixup! change the field names
ff177f8
to
80fa8c1
Compare
|
@theopolis thanks for the review! |
theopolis
approved these changes
Mar 27, 2020
|
@theopolis thanks! |
aikuchin
pushed a commit
to aikuchin/osquery
that referenced
this pull request
Jul 11, 2023
… to master * commit '8c13dd6bd206f2909a4baea5bcfbc91d5e3f502b': (159 commits) release: updating changelog for 4.3.0 release (osquery#6387) Build hvci_status table with CMake (osquery#6378) Change calls to debug log to verbose (osquery#6369) iokit: Fix race when accessing port_ (osquery#6380) Check extensions are registered with osquery core (osquery#6374) First steps to remove the Buck build system (osquery#6361) Return error detaching table, only use primary database (osquery#6373) Copy the parent environment when launching worker Change process table log errors to info and fix typo (osquery#6370) Ensure the extension uuid is never 0 (osquery#6377) Remove errors when converting empty numeric rows (osquery#6371) Do not force a specific path to install osquery on Windows (osquery#6379) Fix readFile API doing blocking I/O with a non-blocking handle (osquery#6368) magic: Check return from magic_file (osquery#6363) macos: Use -1 for missing ppid in process_events (osquery#6339) Update OpenSSL to version 1.1.1f and fix build (osquery#6359) Simplify how third party libraries formula work (osquery#6303) Add socket_events table for socket auditing in MacOS (osquery#6028) Extend the fields of curl_certificate table (osquery#6176) add status column to deb_packages table (osquery#6341) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The additional columns in the
curl_certificatetable include the version number, signature algorithm, x509v3 extensions, and the certificate in PEM format. The certificate can be dumped by setting thedump_certificateconfiguration.An example output: