I've got a small issue that I'd like to put a PR up for... I've got a fix working locally but would like to chat in here first to see if I'm on the right track (also hi, I'm new to osquery and not a cpp programmer, so be aware 🙂 ). The issue: file carve table gets broken when running in debug because a type assertion fails in the json tree construction A solution: change the loading code in carves.cpp to switch on type

diff --git a/osquery/tables/forensic/carves.cpp b/osquery/tables/forensic/carves.cpp
index 1fcdb25af..80929ad13 100644
--- a/osquery/tables/forensic/carves.cpp
+++ b/osquery/tables/forensic/carves.cpp
@@ -53,8 +53,10 @@ void enumerateCarves(QueryData& results, const std::string& new_guid) {
       r["time"] = INTEGER(tree.doc()["time"].GetUint64());
     }

-    if (tree.doc().HasMember("size")) {
+    if (tree.doc().HasMember("size") && tree.doc()["size"].IsInt()) {
       r["size"] = INTEGER(tree.doc()["size"].GetInt());
+    } else if (tree.doc().HasMember("size") && tree.doc()["size"].IsString()) {
+      r["size"] = INTEGER(tree.doc()["size"].GetString());
     }

     stringToRow("sha256", r, tree);

From reading more of the codebase and the database code it seems like there's some friction where the update functions only take strings and then it seems its up to casts elsewhere in the codebase to turn them into the right types