/osquery/tables/networking/tests/networking_tables_tests.cpp

https://github.com/HeroicCybersecurity/osquery · C++ · 79 lines · 52 code · 15 blank · 12 comment · 5 complexity · c190995f6f4abcfb357021650ab69a72 MD5 · raw file 

    

  1. /**
    2. 

  2.  *  Copyright (c) 2014-present, Facebook, Inc.
    3. 

  3.  *  All rights reserved.
    4. 

  4.  *
    5. 

  5.  *  This source code is licensed under both the Apache 2.0 license (found in the
    6. 

  6.  *  LICENSE file in the root directory of this source tree) and the GPLv2 (found
    7. 

  7.  *  in the COPYING file in the root directory of this source tree).
    8. 

  8.  *  You may select, at your option, one of the above-listed licenses.
    9. 

  9.  */
    10. 

  10. 

  11. #include <gtest/gtest.h>
    12. 

  12. 

  13. #include <osquery/logger.h>
    14. 

  14. #include <osquery/sql.h>
    15. 

  15. 

  16. #include "osquery/tests/test_additional_util.h"
    17. 

  17. #include "osquery/tests/test_util.h"
    18. 

  18. 

  19. namespace osquery {
    20. 

  20. namespace tables {
    21. 

  21. 

  22. QueryData parseEtcHostsContent(const std::string& content);
    23. 

  23. QueryData parseEtcProtocolsContent(const std::string& content);
    24. 

  24. 

  25. class NetworkingTablesTests : public testing::Test {};
    26. 

  26. 

  27. TEST_F(NetworkingTablesTests, test_parse_etc_hosts_content) {
    28. 

  28.   EXPECT_EQ(parseEtcHostsContent(getEtcHostsContent()),
    29. 

  29.             getEtcHostsExpectedResults());
    30. 

  30. }
    31. 

  31. 

  32. TEST_F(NetworkingTablesTests, test_parse_etc_protocols_content) {
    33. 

  33.   EXPECT_EQ(parseEtcProtocolsContent(getEtcProtocolsContent()),
    34. 

  34.             getEtcProtocolsExpectedResults());
    35. 

  35. }
    36. 

  36. 

  37. TEST_F(NetworkingTablesTests, test_listening_ports) {
    38. 

  38.   auto& server = TLSServerRunner::instance();
    39. 

  39.   server.start();
    40. 

  40.   auto results = SQL::selectAllFrom("listening_ports");
    41. 

  41. 

  42.   // Expect to find a process PID for the server.
    43. 

  43.   std::string pid;
    44. 

  44.   for (const auto& row : results) {
    45. 

  45.     // We are not interested in rows without ports (i.e. UNIX sockets)
    46. 

  46.     const auto& listening_port = row.at("port");
    47. 

  47.     if (listening_port.empty()) {
    48. 

  48.       continue;
    49. 

  49.     }
    50. 

  50. 

  51.     if (listening_port == server.port()) {
    52. 

  52.       const auto& process_id = row.at("pid");
    53. 

  53.       if (process_id.empty()) {
    54. 

  54.         VLOG(1) << "Failed to acquire the process id";
    55. 

  55.         break;
    56. 

  56.       }
    57. 

  57. 

  58.       pid = process_id;
    59. 

  59.       break;
    60. 

  60.     }
    61. 

  61.   }
    62. 

  62. 

  63.   EXPECT_GT(pid.size(), 0U);
    64. 

  64.   EXPECT_NE(pid, "-1");
    65. 

  65.   server.stop();
    66. 

  66. }
    67. 

  67. 

  68. TEST_F(NetworkingTablesTests, test_address_details_join) {
    69. 

  69.   // Expect that we can join interface addresses with details
    70. 

  70.   auto query =
    71. 

  71.       "select * from interface_details id, interface_addresses ia "
    72. 

  72.       "on ia.interface = id.interface "
    73. 

  73.       "where ia.address = '127.0.0.1';";
    74. 

  74. 

  75.   auto results = SQL(query);
    76. 

  76.   EXPECT_GT(results.rows().size(), 0U);
    77. 

  77. }
    78. 

  78. } // namespace tables
    79. 

  79. } // namespace osquery
    80.