https://github.com/osquery/osquery logo
Powered by
Title
p

poisonous97

06/10/2020, 10:07 AM
i have a extension from the osquery-python. But funtion 
generate
not return data 
#!/usr/bin/env python
import magic
import json
import osquery
from os import listdir
from os.path import isfile, join

@osquery.register_plugin
class MyTablePlugin(osquery.TablePlugin):
    def name(self):
        return "types_file"
    def columns(self):
        return [
            osquery.TableColumn(name="value", type=osquery.STRING),
            osquery.TableColumn(name="path", type=osquery.STRING),
        ]
    def get_context_list_val(self, val):
        return "" if not val else val[0]["expr"]
    def generate(self, context):
        data = map(lambda x: (x["name"], self.get_context_list_val(x['list'])),
                        json.loads(json.loads(context))["constraints"])

        path = dict(data)["path"]
        onlyfiles = [join(path, f) for f in listdir(path) if isfile(join(path, f))]
        data = []
        for file_name in onlyfiles:
            value = magic.from_file(file_name)
            row = {}
            print(str(file_name))
            row['value'] = value
            row["path"] = str(file_name)
            data.append(row)
        return data
if __name__ == "__main__":
    osquery.start_extension(name="my_awesome_extension", version="1.0.0")
s

seph

06/10/2020, 10:56 AM
How confident in you python are you? Can you tweak that generate and run it outside osquery?
3 Views
#linuxJoin Slack
Powered by