Change logger_mode flag to be actually interpreted as an octal #7273
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The logger_mode flag was actually interpreted as decimal format number, not octal. Now the flag is actually a string and is expected to represent an octal number. A validation function has been added to prevent invalid permission modes and the flag itself is expected to be given at osquery startup only, not changed during the execution.
The test is present (it's what it's making the CI fail) and I forgot to update it (since it still passes the mode as an integer in decimal format). tryTo is not considering a failure when it's not converting the whole string to a number, because the underlying standard function stops at the first non digit number, and since python transforms 0754 -> "0o754", you always get 0. |
Co-authored-by: seph <seph@kolide.co>
|
I wasn't sure if there should be a c++ test for Code seems fine to me. I'll give one of the c++ folks a chance to review, though I think we can do this by 5.0 |
theopolis
approved these changes
Aug 20, 2021
aikuchin
pushed a commit
to aikuchin/osquery
that referenced
this pull request
Jul 11, 2023
…1 to master * commit 'f72b7c5510b8cd78c9d0450cbd1f31903681caa5': (53 commits) Add `TimeoutStopSec` to systemd unit files (osquery#7190) Prevent osquery from killing itself when the --force flag is used (osquery#7295) Linux: Support AF_PACKET sockets. (osquery#7282) libs: update openssl to 1.1.1l (osquery#7293) Correct macOS installed app bundle path in osqueryctl and doc (osquery#7289) macos path fix in launchd plist (osquery#7288) Update osquery installed artifacts default paths in code (osquery#7285) Update osquery installed artifacts paths in the documentation (osquery#7286) Update packaging SHA (osquery#7279) Change to the `disk_encryption` table to support QueryContext (osquery#7209) Add feature to skip denylist for event-based queries (osquery#7158) Support pid_with_namespace in more tables (osquery#7132) audit: socket_events improvements (osquery#7269) [linux][packaging] Update packaging paths (osquery#7271) Change logger_mode flag to be actually interpreted as an octal (osquery#7273) Update `uptime` table descrption (osquery#7270) [macOS][packaging] Create an app bundle along with other package_data (osquery#7263) Add case sensitive pragma to the pragma/actions authorizer allow list (osquery#7267) Fix audit rule removal upon osquery exit (osquery#7221) Fix osquery_info build_platform column value on Linux (osquery#7254) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The logger_mode flag was actually interpreted as decimal format number,
not octal.
Now the flag is actually a string and is expected to represent an octal
number.
A validation function has been added to prevent invalid permission modes and
the flag itself is expected to be given at osquery startup only,
not changed during the execution.
This supersedes #7193