fleet/orbit/pkg/table/authdb/authdb_darwin.go

//go:build darwin
// +build darwin

package authdb

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"os/exec"

	"github.com/osquery/osquery-go/plugin/table"
	"howett.net/plist"
)

// Columns is the schema of the table.
func Columns() []table.ColumnDefinition {
	return []table.ColumnDefinition{
		table.TextColumn("right_name"), // required
		table.TextColumn("json_result"),
	}
}

// Generate is called to return the results for the table at query time.
// Constraints for generating can be retrieved from the queryContext.
func Generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
	rightName := ""
	if constraints, ok := queryContext.Constraints["right_name"]; ok {
		for _, constraint := range constraints.Constraints {
			if constraint.Operator == table.OperatorEquals {
				rightName = constraint.Expression
			}
		}
	}
	if rightName == "" {
		return nil, errors.New("missing right_name")
	}

	cmd := exec.Command("/usr/bin/security", "authorizationdb", "read", rightName)
	out, err := cmd.Output()
	if err != nil {
		return nil, fmt.Errorf("generate failed: %w", err)
	}

	result, err := parseAuthDBReadOutput(out)
	if err != nil {
		return nil, fmt.Errorf("parse authorizationdb read output: %w", err)
	}

	jsonResult, err := json.Marshal(result)
	if err != nil {
		return nil, fmt.Errorf("marshal json result: %w", err)
	}

	return []map[string]string{{
		"right_name":  rightName,
		"json_result": string(jsonResult),
	}}, nil
}

func parseAuthDBReadOutput(out []byte) (map[string]interface{}, error) {
	var m map[string]interface{}
	if _, err := plist.Unmarshal(out, &m); err != nil {
		return nil, err
	}
	return m, nil
}
Add CIS check for 5.7 (#9748) #9260 - [X] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md)~ - ~[ ] Documented any permissions changes~ - ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements)~ - ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features.~ - [X] Added/updated tests - [X] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [X] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - ~[ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)).~ 2023-02-08 15:30:55 +00:00			`//go:build darwin`
			`// +build darwin`

			`package authdb`

			`import (`
			`"context"`
			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"os/exec"`

			`"github.com/osquery/osquery-go/plugin/table"`
			`"howett.net/plist"`
			`)`

			`// Columns is the schema of the table.`
			`func Columns() []table.ColumnDefinition {`
			`return []table.ColumnDefinition{`
			`table.TextColumn("right_name"), // required`
			`table.TextColumn("json_result"),`
			`}`
			`}`

			`// Generate is called to return the results for the table at query time.`
			`// Constraints for generating can be retrieved from the queryContext.`
			`func Generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {`
			`rightName := ""`
			`if constraints, ok := queryContext.Constraints["right_name"]; ok {`
			`for _, constraint := range constraints.Constraints {`
			`if constraint.Operator == table.OperatorEquals {`
			`rightName = constraint.Expression`
			`}`
			`}`
			`}`
			`if rightName == "" {`
			`return nil, errors.New("missing right_name")`
			`}`

			`cmd := exec.Command("/usr/bin/security", "authorizationdb", "read", rightName)`
			`out, err := cmd.Output()`
			`if err != nil {`
			`return nil, fmt.Errorf("generate failed: %w", err)`
			`}`

			`result, err := parseAuthDBReadOutput(out)`
			`if err != nil {`
			`return nil, fmt.Errorf("parse authorizationdb read output: %w", err)`
			`}`

			`jsonResult, err := json.Marshal(result)`
			`if err != nil {`
			`return nil, fmt.Errorf("marshal json result: %w", err)`
			`}`

			`return []map[string]string{{`
			`"right_name": rightName,`
			`"json_result": string(jsonResult),`
			`}}, nil`
			`}`

			`func parseAuthDBReadOutput(out []byte) (map[string]interface{}, error) {`
			`var m map[string]interface{}`
			`if _, err := plist.Unmarshal(out, &m); err != nil {`
			`return nil, err`
			`}`
			`return m, nil`
			`}`