Ran into something that may be worth review. The inability to hash a file with md5/sha1/sha256 doesnt throw a line to stderr, but ssdeep appears to do that.

users-Mac:~ user$ sudo osqueryi 'SELECT * FROM hash WHERE path = "/private/var/db/dslocal/nodes/Default/sqlindex"' --json
W0212 16:33:37.699832 448591296 hash.cpp:195] ssdeep failed: /private/var/db/dslocal/nodes/Default/sqlindex
[
  {"directory":"/private/var/db/dslocal/nodes/Default","md5":"","path":"/private/var/db/dslocal/nodes/Default/sqlindex","sha1":"","sha256":"","ssdeep":"-1"}
]

Returning a

-1

and putting that to the ssdeep value instead of an empty string also seems out of the ordinary. https://github.com/osquery/osquery/blob/master/osquery/tables/system/hash.cpp#L194-L196

Can you open a GitHub issue for this so we can fix it. I think the columns should be consistent

Will do!