/**
* Internal routing for this plugin type
*
* @see net.melastmohican.osquery.BasePlugin#call(java.util.Map)
*/
public override sealed ExtensionResponse call(Dictionary <string, string> request)
{
var res = new ExtensionResponse();
if (!request.ContainsKey("action"))
{
res.Status = new ExtensionStatus {
Code = 1,
Message = "Config plugins must include a request action",
Uuid = 0L
};
res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >();
return(res);
}
if (request["action"] == "genConfig")
{
res.Status = new ExtensionStatus {
Code = 0,
Message = "OK",
Uuid = 0L
};
res.Response = content();
return(res);
}
res.Status = new ExtensionStatus {
Code = 1,
Message = "Config plugin request action undefined",
Uuid = 0L
};
res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >();
return(res);
}
static void Main(string[] args)
{
Console.WriteLine("Running C# binding for osquery...");
try
{
// BasePlugin plugin = new MyTablePlugin();
// PluginManager pm = PluginManager.getInstance();
// pm.addPlugin(plugin);
// pm.startExtension("MyTablePlugin", "0.0.1", "2.2.1", "2.2.1");
ClientManager cm = new ClientManager();
cm.open();
ExtensionManager.Client client = cm.getClient();
string query = "SELECT name,description,value FROM osquery_flags;";
Console.WriteLine($"Result of '{query}'");
ExtensionResponse res = client.query(query);
foreach (var listItem in res.Response)
{
foreach (var item in listItem)
{
Console.WriteLine(item.Key + ":" + item.Value);
}
Console.WriteLine("-------------");
}
}
catch (Exception e)
{
Console.WriteLine("ERROR: " + e.Message ?? "no error data found");
}
}
public ExtensionResponse call(string registry, string item, Dictionary <string, string> request)
{
if (!registryTypes.Contains(registry))
{
var res = new ExtensionResponse
{
Status = new ExtensionStatus {
Code = 1, Message = "A registry of an unknown type was called: " + registry, Uuid = uuid.Value
},
Response = null// new ArrayList<Dictionary<string, string>>();
};
return(res);
}
return(plugins[registry][item].call(request));
}
/**
* Internal routing for this plugin type
*
* @see net.melastmohican.osquery.BasePlugin#call(java.util.Map)
*/
public override sealed ExtensionResponse call(Dictionary <string, string> request)
{
var res = new ExtensionResponse();
res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >();
if (request.ContainsKey("string"))
{
res.Status = logstring(request["string"]);
return(res);
}
else if (request.ContainsKey("snapshot"))
{
res.Status = logstring(request["snapshot"]);
return(res);
}
else if (request.ContainsKey("health"))
{
res.Status = logstring(request["health"]);
return(res);
}
else if (request.ContainsKey("init"))
{
res.Status = new ExtensionStatus {
Code = 1,
Message = "Use Glog for status logging",
Uuid = 0L
};
return(res);
}
else if (request.ContainsKey("status"))
{
res.Status = new ExtensionStatus {
Code = 1,
Message = "Use Glog for status logging",
Uuid = 0L
};
return(res);
}
res.Status = new ExtensionStatus {
Code = 1,
Message = "Logger plugin request action undefined",
Uuid = 0L
};
return(res);
}
public void Read(TProtocol iprot)
{
iprot.IncrementRecursionDepth();
try
{
TField field;
iprot.ReadStructBegin();
while (true)
{
field = iprot.ReadFieldBegin();
if (field.Type == TType.Stop)
{
break;
}
switch (field.ID)
{
case 0:
if (field.Type == TType.Struct)
{
Success = new ExtensionResponse();
Success.Read(iprot);
}
else
{
TProtocolUtil.Skip(iprot, field.Type);
}
break;
default:
TProtocolUtil.Skip(iprot, field.Type);
break;
}
iprot.ReadFieldEnd();
}
iprot.ReadStructEnd();
}
finally
{
iprot.DecrementRecursionDepth();
}
}
/**
* Internal routing for this plugin type
*
* @see net.melastmohican.osquery.BasePlugin#call(java.util.Map)
*/
public override sealed ExtensionResponse call(Dictionary <string, string> request)
{
ExtensionResponse res = new ExtensionResponse();
if (!request.ContainsKey("action"))
{
res.Status = new ExtensionStatus {
Code = 1, Message = "Table plugins must include a request action", Uuid = 0L
};
res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >();
return(res);
}
if (request["action"] == "generate")
{
res.Status = new ExtensionStatus {
Code = 0, Message = "OK", Uuid = 0L
};
res.Response = generate();
return(res);
}
else if (request["action"] == "columns")
{
res.Status = new ExtensionStatus {
Code = 0, Message = "OK", Uuid = 0L
};
res.Response = routes();
return(res);
}
res.Status = new ExtensionStatus {
Code = 1, Message = "Table plugin request action undefined", Uuid = 0L
};
res.Response = Enumerable.Empty <Dictionary <string, string> >().ToList <Dictionary <string, string> >();
return(res);
}
