From c8ea62056b024609c8a63273ee69c2129ff583fc Mon Sep 17 00:00:00 2001 From: Facebook Community Bot Date: Tue, 9 Apr 2019 03:14:32 -0700 Subject: [PATCH 01/16] OSS Automated Fix: Addition of Code of Conduct (#63) --- CODE_OF_CONDUCT.md | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 CODE_OF_CONDUCT.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..ac27d8a --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,2 @@ +# Code of Conduct +Facebook has adopted a Code of Conduct that we expect project participants to adhere to. Please [read the full text](https://code.fb.com/codeofconduct) so that you can understand what actions will and will not be tolerated. \ No newline at end of file From 445c22f371567ea12ce95c91fc552e2e3ccf5ecb Mon Sep 17 00:00:00 2001 From: Teddy Reed Date: Tue, 6 Aug 2019 19:19:23 -0400 Subject: [PATCH 02/16] travis: Remove python 3.3 and 3.4 and add 3.7 (#68) --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index bd90f21..980dbe1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,9 +5,8 @@ cache: - $HOME/.cache/pip python: - 2.7 - - 3.3 - - 3.4 - 3.6 + - 3.7 - pypy - pypy3 install: From 5f9696f5d3f13179bebcb2d6d744025a3c3ab354 Mon Sep 17 00:00:00 2001 From: Teddy Reed Date: Tue, 6 Aug 2019 20:06:58 -0400 Subject: [PATCH 03/16] management: Fix socket fd leak (#67) Additionally, bump the version to 3.0.6. --- osquery/__init__.py | 2 +- osquery/management.py | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/osquery/__init__.py b/osquery/__init__.py index 20f7a34..58c52b4 100644 --- a/osquery/__init__.py +++ b/osquery/__init__.py @@ -4,7 +4,7 @@ """ __title__ = "osquery" -__version__ = "3.0.5" +__version__ = "3.0.6" __author__ = "osquery developers" __license__ = "BSD" __copyright__ = "Copyright 2015 Facebook" diff --git a/osquery/management.py b/osquery/management.py index c621558..3fabdd1 100644 --- a/osquery/management.py +++ b/osquery/management.py @@ -71,7 +71,6 @@ def __init__(self, path=None): self.path = LINUX_BINARY_PATH else: self.path = path - self._socket = tempfile.mkstemp(prefix="pyosqsock") # Disable logging for the thrift module (can be loud). logging.getLogger('thrift').addHandler(logging.NullHandler()) @@ -88,9 +87,16 @@ def __init__(self, path=None): def __del__(self): if self.connection is not None: self.connection.close() + self.connection = None if self.instance is not None: self.instance.kill() self.instance.wait() + self.instance = None + + # On macOS and Linux mkstemp opens a descriptor. + if self._socket is not None and self._socket[0] is not None: + os.close(self._socket[0]) + self._socket = None def open(self, timeout=2, interval=0.01): """ From 3ea4f8cb002d0372aff7dfc2711b050d320bf06b Mon Sep 17 00:00:00 2001 From: Teddy Reed Date: Wed, 7 Aug 2019 10:53:35 -0400 Subject: [PATCH 04/16] setup: Add long_description_content_type (#69) To check this passes tests use: python setup.py sdist twine check dist/ --- .travis.yml | 3 +++ setup.py | 1 + 2 files changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index 980dbe1..6d2df37 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,9 @@ python: - pypy3 install: - pip install -r requirements.txt + - pip install twine readme_renderer script: - python setup.py build - python setup.py test + - python setup.py sdist + - twine check dist/* diff --git a/setup.py b/setup.py index dcfb742..a35687b 100755 --- a/setup.py +++ b/setup.py @@ -78,6 +78,7 @@ def run(self): version=VERSION, description="Osquery Python API", long_description=README, + long_description_content_type="text/markdown", author=AUTHOR, author_email="osquery@fb.com", url="https://osquery.io", From 8621cb712cf09c7e46654fc5dca87597e2c0d259 Mon Sep 17 00:00:00 2001 From: Jarry Shaw Date: Fri, 16 Aug 2019 08:42:53 +0800 Subject: [PATCH 05/16] Add pywin32 for Windows platform (#70) --- setup.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/setup.py b/setup.py index a35687b..5a74549 100755 --- a/setup.py +++ b/setup.py @@ -92,6 +92,9 @@ def run(self): "argparse>=1.1", "future", ], + extras_require={ + ':sys_platform == "win32"': ['pywin32'], + }, test_suite="tests", cmdclass={ "generate": GenerateThriftCommand, From 5210198b7cfa2e65556fcf5e6ba49240d47105bd Mon Sep 17 00:00:00 2001 From: Eoin Miller Date: Sat, 16 Nov 2019 19:36:18 -0500 Subject: [PATCH 06/16] WINDOWS_BINARY_PATH Update (#71) --- osquery/management.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/osquery/management.py b/osquery/management.py index 3fabdd1..e93eccd 100644 --- a/osquery/management.py +++ b/osquery/management.py @@ -42,11 +42,13 @@ def emit(self, record): # We bootleg our own version of Windows pipe coms from osquery.TPipe import TPipe from osquery.TPipe import TPipeServer + if os.path.exists(os.environ["PROGRAMDATA"] + "\\osquery\\osqueryd\\osqueryd.exe"): + WINDOWS_BINARY_PATH = os.environ["PROGRAMDATA"] + "\\osquery\\osqueryd\\osqueryd.exe" + if os.path.exists(os.environ["PROGRAMW6432"] + "\\osquery\\osqueryd\\osqueryd.exe"): + WINDOWS_BINARY_PATH = os.environ["PROGRAMW6432"] + "\\osquery\\osqueryd\\osqueryd.exe" DARWIN_BINARY_PATH = "/usr/local/bin/osqueryd" LINUX_BINARY_PATH = "/usr/bin/osqueryd" -WINDOWS_BINARY_PATH = "C:\\ProgramData\\osquery\\osqueryd\\osqueryd.exe" - class SpawnInstance(object): """Spawn a standalone osquery instance""" From c69cea3243911c6be9e0bb57192c413006f19bc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=ABss?= Date: Fri, 20 Nov 2020 03:34:34 +0100 Subject: [PATCH 07/16] Remove dangling temporary file (#76) --- osquery/management.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/osquery/management.py b/osquery/management.py index e93eccd..a0adc00 100644 --- a/osquery/management.py +++ b/osquery/management.py @@ -98,6 +98,14 @@ def __del__(self): # On macOS and Linux mkstemp opens a descriptor. if self._socket is not None and self._socket[0] is not None: os.close(self._socket[0]) + + # Remove the dangling temporary file from mkstemp if it still exists + if os.path.exists(self._socket[1]): + try: + os.unlink(self._socket[1]) + except OSError: + logging.warning("Failed to remove socket descriptor: %s", self._socket[1]) + self._socket = None def open(self, timeout=2, interval=0.01): From ca8fa1ba4758142322e19090943495dd94f7f287 Mon Sep 17 00:00:00 2001 From: prasanthbazz <56705455+prasanthbazz@users.noreply.github.com> Date: Fri, 20 Nov 2020 08:06:11 +0530 Subject: [PATCH 08/16] Update README to use correct Windows pipe path (#73) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d4ceb86..c4e895b 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ if __name__ == "__main__": # For an installed and running system osqueryd, this is: # Linux and macOS: /var/osquery/osquery.em # FreeBSD: /var/run/osquery.em - # Windows: \\.pipe\osquery.em + # Windows: \\.\pipe\osquery.em instance = osquery.ExtensionClient('/home/you/.osquery/osqueryd.sock') instance.open() # This may raise an exception From 586c79f640af18a4c6fff1df04aaeea52b40c94b Mon Sep 17 00:00:00 2001 From: Nicko van Someren Date: Fri, 5 Feb 2021 19:34:16 -0700 Subject: [PATCH 09/16] Fix for double-JSON-encoding of table generation contexts (#77) (#78) --- osquery/table_plugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/osquery/table_plugin.py b/osquery/table_plugin.py index 79b3d16..9046aa6 100644 --- a/osquery/table_plugin.py +++ b/osquery/table_plugin.py @@ -39,7 +39,7 @@ def call(self, context): if context["action"] == "generate": ctx = {} if "context" in context: - ctx = json.dumps(context["context"]) + ctx = json.loads(context["context"]) rows = self.generate(ctx) for i, row in enumerate(rows): for key, value in row.items(): From 451045efbba4429676bb71285633429fea4bf85c Mon Sep 17 00:00:00 2001 From: Brendan McDevitt Date: Tue, 12 Apr 2022 13:22:34 -0500 Subject: [PATCH 10/16] 'fix the warnings from 'is not 0' to '!= 0' in management.py (#82) --- osquery/management.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/osquery/management.py b/osquery/management.py index a0adc00..74ead81 100644 --- a/osquery/management.py +++ b/osquery/management.py @@ -191,7 +191,7 @@ def start_watcher(client, interval): try: while True: status = client.extension_manager_client().ping() - if status.code is not 0: + if status.code != 0: break time.sleep(interval) except socket.error: @@ -248,7 +248,7 @@ def start_extension(name="", message=message, ) - if status.code is not 0: + if status.code != 0: raise ExtensionException( code=1, message=status.message, @@ -300,7 +300,7 @@ def deregister_extension(): message=message, ) - if status.code is not 0: + if status.code != 0: raise ExtensionException( code=1, message=status.message, From 4cbe2979b6e427786ef4bf3ae547892417e51b60 Mon Sep 17 00:00:00 2001 From: Zach Wasserman Date: Fri, 15 Apr 2022 08:55:53 -0700 Subject: [PATCH 11/16] Fix handling of exceptions when osquery goes away (#83) This resolves an issue where the extension does not shut down if osquery goes away unexpectedly (without sending a shutdown signal via Thrift). The scenario could be reliably reproduced by running `osqueryi`, connecting an extension, and then sending a `SIGKILL` to `osqueryi`. The exception thrown in the `start_watcher` function would be of type `thrift.transport.TTransport.TTransportException`, and would cause the watcher thread to exit without exiting the rest of the program. This is a possible fix for issues that users have experienced with extensions reconnecting after the Watchdog kills osquery. --- osquery/management.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/osquery/management.py b/osquery/management.py index 74ead81..891039e 100644 --- a/osquery/management.py +++ b/osquery/management.py @@ -192,12 +192,21 @@ def start_watcher(client, interval): while True: status = client.extension_manager_client().ping() if status.code != 0: + logging.error("Ping received nonzero status: %d", status) break time.sleep(interval) - except socket.error: - # The socket was torn down. - pass - os._exit(0) + + except socket.error as e: + logging.error("Ping received socket.error: %s", e) + + except TTransport.TTransportException as e: + logging.error("Ping received thrift.transport.TTransport.TTransportException: %s", e) + + except Exception as e: + logging.error("Ping received unknown exception: %s", e) + + finally: + os._exit(1) def start_extension(name="", From 3b8f9e053a30e3a60cb9b6abd4a8ae0e3ce6c34c Mon Sep 17 00:00:00 2001 From: Zach Wasserman Date: Fri, 15 Apr 2022 08:56:10 -0700 Subject: [PATCH 12/16] Update version numbers for 3.0.7 release (#84) Also update copyright notice. --- osquery/__init__.py | 6 +++--- osquery/management.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/osquery/__init__.py b/osquery/__init__.py index 58c52b4..fa9ec76 100644 --- a/osquery/__init__.py +++ b/osquery/__init__.py @@ -4,10 +4,10 @@ """ __title__ = "osquery" -__version__ = "3.0.6" -__author__ = "osquery developers" +__version__ = "3.0.7" +__author__ = "osquery authors" __license__ = "BSD" -__copyright__ = "Copyright 2015 Facebook" +__copyright__ = "Copyright 2015-present, The osquery authors" __url__ = "https://osquery.io" __all__ = [ diff --git a/osquery/management.py b/osquery/management.py index 891039e..b87de94 100644 --- a/osquery/management.py +++ b/osquery/management.py @@ -211,7 +211,7 @@ def start_watcher(client, interval): def start_extension(name="", version="0.0.0", - sdk_version="1.8.0", + sdk_version="3.0.7", min_sdk_version="1.8.0"): """Start your extension by communicating with osquery core and starting a thrift server. From 705e5b9ebeb65df05994bcba240ffb5533415daf Mon Sep 17 00:00:00 2001 From: mattf9 Date: Mon, 15 Jul 2024 21:02:27 -0400 Subject: [PATCH 13/16] remove argparse as it was moved to the python standard library as of python 3.2 and python 2.7 (#96) --- setup.py | 1 - 1 file changed, 1 deletion(-) diff --git a/setup.py b/setup.py index 5a74549..9ac5756 100755 --- a/setup.py +++ b/setup.py @@ -89,7 +89,6 @@ def run(self): ], install_requires=[ "thrift>=0.10", - "argparse>=1.1", "future", ], extras_require={ From 15c1d09857b4d513e7f5652843e741c23fa53d4f Mon Sep 17 00:00:00 2001 From: Leo Zovic Date: Mon, 22 Jul 2024 22:29:18 -0400 Subject: [PATCH 14/16] Update management.py (#92) Fix bug with windows binary path management --- osquery/management.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/osquery/management.py b/osquery/management.py index b87de94..316aaa0 100644 --- a/osquery/management.py +++ b/osquery/management.py @@ -42,10 +42,12 @@ def emit(self, record): # We bootleg our own version of Windows pipe coms from osquery.TPipe import TPipe from osquery.TPipe import TPipeServer - if os.path.exists(os.environ["PROGRAMDATA"] + "\\osquery\\osqueryd\\osqueryd.exe"): - WINDOWS_BINARY_PATH = os.environ["PROGRAMDATA"] + "\\osquery\\osqueryd\\osqueryd.exe" - if os.path.exists(os.environ["PROGRAMW6432"] + "\\osquery\\osqueryd\\osqueryd.exe"): - WINDOWS_BINARY_PATH = os.environ["PROGRAMW6432"] + "\\osquery\\osqueryd\\osqueryd.exe" + PTH = os.path.join(os.environ["PROGRAMDATA"], "osquery", "osqueryd", "osqueryd.exe") + if os.path.exists(PTH): + WINDOWS_BINARY_PATH = PTH + PTH = os.path.join(os.environ["PROGRAMW6432"], "osquery", "osqueryd", "osqueryd.exe") + if os.path.exists(PTH): + WINDOWS_BINARY_PATH = PTH DARWIN_BINARY_PATH = "/usr/local/bin/osqueryd" LINUX_BINARY_PATH = "/usr/bin/osqueryd" From 75236436723c838fdaf64468938d8c50d31a3547 Mon Sep 17 00:00:00 2001 From: seph Date: Tue, 23 Jul 2024 23:07:53 -0400 Subject: [PATCH 15/16] Testing (#98) --- .github/workflows/release.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..383d5dd --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,33 @@ +name: Upload Python Package to PyPI when a Release is Created + +on: + workflow_dispatch: + release: + types: [created] + +jobs: + build_and_test: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: + - ubuntu-20.04 + - macos-12 + - windows-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.x" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install setuptools wheel + - name: build + run: | + python -m build + - name: package + run: | + python setup.py sdist bdist_wheel From 214016774444b371d1756743c0e51be4ef62f816 Mon Sep 17 00:00:00 2001 From: seph Date: Tue, 23 Jul 2024 23:45:38 -0400 Subject: [PATCH 16/16] Released via GitHub Actions (#99) --- .github/workflows/release.yml | 34 ++++++++++++++++++++++++++++++---- README.md | 7 +++++++ osquery/__init__.py | 2 +- setup.cfg | 2 +- 4 files changed, 39 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 383d5dd..f733832 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,8 +12,8 @@ jobs: fail-fast: false matrix: os: - - ubuntu-20.04 - - macos-12 + - ubuntu-24.04 + - macos-latest - windows-latest steps: - uses: actions/checkout@v4 @@ -24,10 +24,36 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install setuptools wheel + pip install setuptools wheel build - name: build + run: | + python setup.py build + - name: package run: | python -m build + publish: + needs: build_and_test + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/p/osquery + permissions: + id-token: write + steps: + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.x" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install setuptools wheel build + - name: build + run: | + python setup.py build - name: package run: | - python setup.py sdist bdist_wheel + python -m build + - name: Publish package distributions to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/README.md b/README.md index c4e895b..62290b0 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,13 @@ python setup.py install See [CONTRIBUTING.md](https://github.com/osquery/osquery-python/blob/master/CONTRIBUTING.md) and the [osquery wiki](https://osquery.readthedocs.org) for development information. +### How To Release + +1. Pick a version number +2. Update `osquery/__init__.py` to match +3. Use the GitHub release +4. Make sure the GitHub Action ran + ### Vulnerabilities Facebook has a [bug bounty](https://www.facebook.com/whitehat/) program that includes osquery. If you find a security vulnerability in osquery, please submit it via the process outlined on that page and do not file a public issue. For more information on finding vulnerabilities in osquery, see a recent blog post about [bug-hunting osquery](https://www.facebook.com/notes/facebook-bug-bounty/bug-hunting-osquery/954850014529225). diff --git a/osquery/__init__.py b/osquery/__init__.py index fa9ec76..280298b 100644 --- a/osquery/__init__.py +++ b/osquery/__init__.py @@ -4,7 +4,7 @@ """ __title__ = "osquery" -__version__ = "3.0.7" +__version__ = "3.1.1" __author__ = "osquery authors" __license__ = "BSD" __copyright__ = "Copyright 2015-present, The osquery authors" diff --git a/setup.cfg b/setup.cfg index 87cb642..94f4887 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,5 +1,5 @@ [metadata] -description-file = README.rst +description_file = README.rst [bdist_wheel] universal=1