Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix typing issue with CFNumber conversion #6273

Merged
merged 1 commit into from
Feb 27, 2020
Merged

Fix typing issue with CFNumber conversion #6273

merged 1 commit into from
Feb 27, 2020

Conversation

FritzX6
Copy link
Contributor

@FritzX6 FritzX6 commented Feb 25, 2020

What is the purpose of this PR?

As I began testing the newly merged mdls table, I came across some results that did not match my expectations (and also did not match the standard CLI mdls output).

For example:

➜  mdls /Users/fritz-imac/Pictures/summer-2019-onward-card/_DSC8054.JPG

kMDItemFocalLength                 = 28
kMDItemFocalLength35mm             = 28
kMDItemFNumber                     = 2.8

vs.

osquery> SELECT key, value, mdls.valuetype FROM mdfind, mdls USING(path) WHERE query = "kMDItemFSName == '_DSC8054.JPG'" AND key IN ('kMDItemFNumber', 'kMDItemFocalLength', 'kMDItemFocalLength35mm');
+------------------------+------------+-----------+
| key                    | value      | valuetype |
+------------------------+------------+-----------+
| kMDItemFocalLength     | 1105199104 | CFNumber  |
| kMDItemFocalLength35mm | 28         | CFNumber  |
| kMDItemFNumber         | 1717986918 | CFNumber  |
+------------------------+------------+-----------+

How was this fixed?

With @terracatta's assistance, we were able to track the bug down to the CFNumber utility and add the missing type conversions to it.

How does this affect the previously broken output?

Post-fix osquery results:

osquery> SELECT key, value, mdls.valuetype FROM mdfind, mdls USING(path) WHERE query = "kMDItemFSName == '_DSC8054.JPG'" AND key IN ('kMDItemFNumber', 'kMDItemFocalLength', 'kMDItemFocalLength35mm');
+------------------------+--------------------+-----------+
| key                    | value              | valuetype |
+------------------------+--------------------+-----------+
| kMDItemFocalLength     | 28                 | CFNumber  |
| kMDItemFocalLength35mm | 28                 | CFNumber  |
| kMDItemFNumber         | 2.7999999999999998 | CFNumber  |
+------------------------+--------------------+-----------+

As we can see the numbers returned are now correct.

It might be suggested that we apply ROUND logic to the values (eg. 2.79999999998 = 2.8) but I would avoid this route as some returned values will have that level of significance (eg. GPS Lat & Long values: kMDItemLongitude = -71.12597783333334)

@directionless directionless merged commit d727e6b into osquery:master Feb 27, 2020
@FritzX6 FritzX6 deleted the fritz_fix_mdls branch February 27, 2020 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theopolis theopolis theopolis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@FritzX6 @theopolis @directionless