Process plugins - Introduce OSQuery process plugin

Author: Zainullin Damir

src/plugins/process/osquery/CMakeLists.txt

@@ -3,15 +3,28 @@ project(ipfixprobe-process-osquery VERSION 1.0.0 DESCRIPTION "ipfixprobe-process
 add_library(ipfixprobe-process-osquery MODULE
 	src/osquery.cpp
 	src/osquery.hpp
+	src/osqueryContext.hpp
+	src/osqueryFields.hpp
+	src/osqueryRequestManager.hpp
+	src/osqueryRequestManager.cpp
+	src/fileDescriptor.hpp
+	src/fileDescriptor.cpp
+	src/osqueryStateHandler.hpp
+	src/process.cpp
+	src/process.hpp
 )
 
 set_target_properties(ipfixprobe-process-osquery PROPERTIES
 	CXX_VISIBILITY_PRESET hidden
 	VISIBILITY_INLINES_HIDDEN YES
 )
 
-target_include_directories(ipfixprobe-process-osquery PRIVATE
+target_include_directories(ipfixprobe-process-osquery PRIVATE 
 	${CMAKE_SOURCE_DIR}/include/
+	${CMAKE_SOURCE_DIR}/include/ipfixprobe/processPlugin
+	${CMAKE_SOURCE_DIR}/include/ipfixprobe/pluginFactory
+	${CMAKE_SOURCE_DIR}/src/plugins/process/common
+	${adaptmon_SOURCE_DIR}/lib/include/public/
 )
 
 if(ENABLE_NEMEA)

src/plugins/process/osquery/README.md

@@ -0,0 +1,40 @@
+# OSQuery Plugin
+
+Plugin for querying operating system about the flows.
+
+## Features
+
+- Uses osqueryi to query the operating system and exports relevant information.
+
+## Output Fields
+
+| Field Name                 | Data Type  | Description                               |
+| -------------------------- | ---------- | ----------------------------------------- |
+| `OSQUERY_PROGRAM_NAME`     | `string`   | Name of the program generating the flow.  |
+| `OSQUERY_USERNAME`         | `string`   | Username of the user running the program. |
+| `OSQUERY_OS_NAME`          | `string`   | Operating system name.                    |
+| `OSQUERY_OS_MAJOR`         | `uint16_t` | Operating system major version.           |
+| `OSQUERY_OS_MINOR`         | `uint16_t` | Operating system minor version.           |
+| `OSQUERY_OS_BUILD`         | `string`   | Operating system build.                   |
+| `OSQUERY_OS_PLATFORM`      | `string`   | Operating system platform.                |
+| `OSQUERY_OS_PLATFORM_LIKE` | `string`   | Windows/Linux/Darwin.                     |
+| `OSQUERY_OS_ARCH`          | `string`   | Operating system architecture.            |
+| `OSQUERY_KERNEL_VERSION`   | `string`   | Operating system kernel version.          |
+| `OSQUERY_SYSTEM_HOSTNAME`  | `string`   | System hostname.                          |
+
+## Usage
+
+### YAML Configuration
+
+Add the plugin to your ipfixprobe YAML configuration:
+
+```yaml
+process_plugins:
+  - osquery
+```
+
+### CLI Usage
+
+You can also enable the plugin directly from the command line:
+
+`ipfixprobe -p osquery ...`

src/plugins/process/osquery/src/fileDescriptor.cpp

@@ -0,0 +1,78 @@
+/**
+ * @file
+ * @author Damir Zainullin <[email protected]>
+ * @brief This file defines the FileDescriptor base classed used as wrapper for UNIX file
+ * descriptors that manage its lifetime
+ *
+ * @copyright Copyright (c) 2024 CESNET, z.s.p.o.
+ */
+
+#include "fileDescriptor.hpp"
+
+namespace ipxp::process::osquery {
+
+FileDescriptor::operator bool() const noexcept
+{
+	return hasValue();
+};
+
+bool FileDescriptor::hasValue() const noexcept
+{
+	return m_fileDescriptor >= 0;
+};
+
+FileDescriptor::operator int() const noexcept
+{
+	return get();
+};
+
+int FileDescriptor::get() const noexcept
+{
+	return m_fileDescriptor;
+};
+
+int FileDescriptor::release()
+{
+	const auto originalValue = m_fileDescriptor;
+	m_fileDescriptor = INVALID_FILE_DESCRIPTOR;
+	return originalValue;
+}
+
+void FileDescriptor::close() const noexcept
+{
+	if (m_fileDescriptor != INVALID_FILE_DESCRIPTOR) {
+		::close(m_fileDescriptor);
+	}
+}
+
+FileDescriptor::FileDescriptor(const int fileDescriptor) noexcept
+	: m_fileDescriptor(fileDescriptor)
+{
+}
+
+FileDescriptor::FileDescriptor() noexcept
+	: m_fileDescriptor(INVALID_FILE_DESCRIPTOR)
+{
+}
+
+FileDescriptor::FileDescriptor(FileDescriptor&& other) noexcept
+{
+	std::swap(m_fileDescriptor, other.m_fileDescriptor);
+}
+
+FileDescriptor& FileDescriptor::operator=(FileDescriptor&& other) noexcept
+{
+	if (this != &other) {
+		close();
+		std::swap(m_fileDescriptor, other.m_fileDescriptor);
+	}
+
+	return *this;
+}
+
+FileDescriptor::~FileDescriptor() noexcept
+{
+	close();
+}
+
+} // namespace ipxp::process::osquery

src/plugins/process/osquery/src/fileDescriptor.hpp

@@ -0,0 +1,81 @@
+/**
+ * @file
+ * @author Damir Zainullin <[email protected]>
+ * @brief This file declares the FileDescriptor base classed used as wrapper for UNIX file
+ * descriptors that manage its lifetime
+ *
+ * @copyright Copyright (c) 2024 CESNET, z.s.p.o.
+ */
+
+#pragma once
+
+#include <string>
+
+#include <unistd.h>
+
+namespace ipxp::process::osquery {
+
+/**
+ * @brief Wrapper that owns and manages a file descriptor.
+ *
+ * It makes sure that the descriptor is closed, when the lifetime of the wrapper
+ * instance goes out of scope.
+ */
+class FileDescriptor {
+public:
+	explicit FileDescriptor() noexcept;
+
+	/**
+	 * @brief Construct wrapper with given file descriptor.
+	 * @param fileDescriptor File descriptor to take ownership
+	 */
+	explicit FileDescriptor(const int fileDescriptor) noexcept;
+
+	explicit FileDescriptor(FileDescriptor&& other) noexcept;
+
+	FileDescriptor& operator=(FileDescriptor&& other) noexcept;
+
+	virtual ~FileDescriptor() noexcept;
+
+	FileDescriptor(const FileDescriptor& other) = delete;
+
+	/** @brief Test whether the wrapper holds a valid file descriptor. */
+	operator bool() const noexcept;
+
+	/** @brief Test whether the wrapper holds a valid file descriptor.
+	 * @return True if holds valid file descriptor, false otherwise
+	 */
+	bool hasValue() const noexcept;
+
+	/**
+	 * @brief Get the managed file descriptor.
+	 * @note It may return an invalid file descriptor if it doesn't hold any.
+	 */
+	operator int() const noexcept;
+
+	/**
+	 * @brief Get the managed file descriptor.
+	 * @note It may return an invalid file descriptor if it doesn't hold any.
+	 * @return Underlying file descriptor
+	 */
+	int get() const noexcept;
+
+	/**
+	 * @brief Return the managed file descriptor and release its ownership.
+	 * @note It may return an invalid file descriptor if it doesn't hold any.
+	 * @return Underlying file descriptor
+	 */
+	int release();
+
+	/**
+	 * @brief Close the file descriptor.
+	 * @note If it doesn't hold any descriptor, no action is performed.
+	 */
+	void close() const noexcept;
+
+private:
+	constexpr static int INVALID_FILE_DESCRIPTOR = -1;
+	int m_fileDescriptor = INVALID_FILE_DESCRIPTOR;
+};
+
+} // namespace ipxp::process::osquery