Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
y
yossarian
10/04/2019, 6:42 PMi’d appreciate 👀 on https://github.com/osquery/osquery/pull/5371; it’s been through a few review passes over the last few months but could use some official acceptance review 🙂
p
packetzero
10/04/2019, 6:57 PMThis is impressive. Lots of code here. My personal preference is to put functionality into it's own library (could be header-only), with dedicated unit tests. Then the osquery changes are mainly glue that maps virtual tables to external library functionality (event publishers and subscribers). The plus being that it's easier to test standalone, and easier to port as osquery build structures change. Either way, nice work on this. I'll try to take a preliminary look .
❤️ 1
s
seph
10/04/2019, 7:17 PMWithout reading the code, 💯 with @packetzero
t
theopolis
10/04/2019, 7:49 PMI advocate having the code in osquery directly so it can benefit from optimizations and static/dynamic tests we apply.
s
seph
10/04/2019, 8:05 PMCould be a library in the osquery source code. As compared to the table functions.
✔️ 1
t
theopolis
10/04/2019, 9:31 PMah, I misunderstood, I agree