i’d appreciate :eyes: on <https://github.com/osque...
# corey
yossarian
10/04/2019, 6:42 PMi’d appreciate 👀 on https://github.com/osquery/osquery/pull/5371; it’s been through a few review passes over the last few months but could use some official acceptance review 🙂
p
packetzero
10/04/2019, 6:57 PMThis is impressive. Lots of code here. My personal preference is to put functionality into it's own library (could be header-only), with dedicated unit tests. Then the osquery changes are mainly glue that maps virtual tables to external library functionality (event publishers and subscribers). The plus being that it's easier to test standalone, and easier to port as osquery build structures change. Either way, nice work on this. I'll try to take a preliminary look .
❤️ 1
s
seph
10/04/2019, 7:17 PM
Without reading the code, 💯 with @packetzero
t
theopolis
10/04/2019, 7:49 PM
I advocate having the code in osquery directly so it can benefit from optimizations and static/dynamic tests we apply.
s
seph
10/04/2019, 8:05 PM
Could be a library in the osquery source code. As compared to the table functions.
✔️ 1
t
theopolis
10/04/2019, 9:31 PM
ah, I misunderstood, I agree
2 Views