/** * Internal routing for this plugin type * * @see net.melastmohican.osquery.BasePlugin#call(java.util.Map) */ public override sealed ExtensionResponse call(Dictionary <string, string> request) { var res = new ExtensionResponse(); if (!request.ContainsKey("action")) { res.Status = new ExtensionStatus { Code = 1, Message = "Config plugins must include a request action", Uuid = 0L }; res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >(); return(res); } if (request["action"] == "genConfig") { res.Status = new ExtensionStatus { Code = 0, Message = "OK", Uuid = 0L }; res.Response = content(); return(res); } res.Status = new ExtensionStatus { Code = 1, Message = "Config plugin request action undefined", Uuid = 0L }; res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >(); return(res); }
static void Main(string[] args) { Console.WriteLine("Running C# binding for osquery..."); try { // BasePlugin plugin = new MyTablePlugin(); // PluginManager pm = PluginManager.getInstance(); // pm.addPlugin(plugin); // pm.startExtension("MyTablePlugin", "0.0.1", "2.2.1", "2.2.1"); ClientManager cm = new ClientManager(); cm.open(); ExtensionManager.Client client = cm.getClient(); string query = "SELECT name,description,value FROM osquery_flags;"; Console.WriteLine($"Result of '{query}'"); ExtensionResponse res = client.query(query); foreach (var listItem in res.Response) { foreach (var item in listItem) { Console.WriteLine(item.Key + ":" + item.Value); } Console.WriteLine("-------------"); } } catch (Exception e) { Console.WriteLine("ERROR: " + e.Message ?? "no error data found"); } }
public ExtensionResponse call(string registry, string item, Dictionary <string, string> request) { if (!registryTypes.Contains(registry)) { var res = new ExtensionResponse { Status = new ExtensionStatus { Code = 1, Message = "A registry of an unknown type was called: " + registry, Uuid = uuid.Value }, Response = null// new ArrayList<Dictionary<string, string>>(); }; return(res); } return(plugins[registry][item].call(request)); }
/** * Internal routing for this plugin type * * @see net.melastmohican.osquery.BasePlugin#call(java.util.Map) */ public override sealed ExtensionResponse call(Dictionary <string, string> request) { var res = new ExtensionResponse(); res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >(); if (request.ContainsKey("string")) { res.Status = logstring(request["string"]); return(res); } else if (request.ContainsKey("snapshot")) { res.Status = logstring(request["snapshot"]); return(res); } else if (request.ContainsKey("health")) { res.Status = logstring(request["health"]); return(res); } else if (request.ContainsKey("init")) { res.Status = new ExtensionStatus { Code = 1, Message = "Use Glog for status logging", Uuid = 0L }; return(res); } else if (request.ContainsKey("status")) { res.Status = new ExtensionStatus { Code = 1, Message = "Use Glog for status logging", Uuid = 0L }; return(res); } res.Status = new ExtensionStatus { Code = 1, Message = "Logger plugin request action undefined", Uuid = 0L }; return(res); }
public void Read(TProtocol iprot) { iprot.IncrementRecursionDepth(); try { TField field; iprot.ReadStructBegin(); while (true) { field = iprot.ReadFieldBegin(); if (field.Type == TType.Stop) { break; } switch (field.ID) { case 0: if (field.Type == TType.Struct) { Success = new ExtensionResponse(); Success.Read(iprot); } else { TProtocolUtil.Skip(iprot, field.Type); } break; default: TProtocolUtil.Skip(iprot, field.Type); break; } iprot.ReadFieldEnd(); } iprot.ReadStructEnd(); } finally { iprot.DecrementRecursionDepth(); } }
/** * Internal routing for this plugin type * * @see net.melastmohican.osquery.BasePlugin#call(java.util.Map) */ public override sealed ExtensionResponse call(Dictionary <string, string> request) { ExtensionResponse res = new ExtensionResponse(); if (!request.ContainsKey("action")) { res.Status = new ExtensionStatus { Code = 1, Message = "Table plugins must include a request action", Uuid = 0L }; res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >(); return(res); } if (request["action"] == "generate") { res.Status = new ExtensionStatus { Code = 0, Message = "OK", Uuid = 0L }; res.Response = generate(); return(res); } else if (request["action"] == "columns") { res.Status = new ExtensionStatus { Code = 0, Message = "OK", Uuid = 0L }; res.Response = routes(); return(res); } res.Status = new ExtensionStatus { Code = 1, Message = "Table plugin request action undefined", Uuid = 0L }; res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >(); return(res); }