https://github.com/osquery/osquery logo
Join Slack
Powered by
```+--------------+-------------------------+ | he...
# general
j
Copy code
+--------------+-------------------------+
| header       | rule_details            |
+--------------+-------------------------+
| %group1      | ALL=(ALL) NOPASSWD: ALL |
| %group2      | ALL=(ALL) NOPASSWD: ALL |
| user1        | ALL=(ALL) NOPASSWD: ALL |
| user2        | ALL=(ALL) NOPASSWD: ALL |

osquery> SELECT * FROM sudoers WHERE header LIKE '\%%';

(produces 0 results)
s
From the SQLite docs (https://sqlite.org/lang_expr.html): 
The escape character followed by a percent symbol (%), underscore (_), or a second instance of the escape character itself matches a literal percent symbol, underscore, or a single escape character, respectively.
so that should be working
z
Copy code
osquery> select '%foobar' like '\%%' escape '\';
+---------------------------------+
| '%foobar' like '\%%' escape '\' |
+---------------------------------+
| 1                               |
+---------------------------------+
osquery> select 'foobar' like '\%%' escape '\';
+--------------------------------+
| 'foobar' like '\%%' escape '\' |
+--------------------------------+
| 0                              |
+--------------------------------+
j
ah, thank you both so much for the quick reply. ESCAPE '\' worked for me. I was assuming "\%" would escape 🤦 thank you
3 Views
Open in Slack
PreviousNext
Powered by