move and refresh

kolide · Feb 8, 2024 · 82b9d33 · 82b9d33
1 parent 7536b98
commit 82b9d33
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 51 deletions.
diff --git a/pkg/osquery/table/spotlight.go → ee/tables/spotlight/spotlight.go b/pkg/osquery/table/spotlight.go → ee/tables/spotlight/spotlight.go
@@ -1,55 +1,83 @@
 //go:build darwin
 // +build darwin
 
-package table
+package spotlight
 
 import (
+	"bufio"
+	"bytes"
 	"context"
 	"errors"
 	"fmt"
+	"io"
 	"strings"
 
+	"github.com/go-kit/kit/log"
+	"github.com/kolide/launcher/ee/allowedcmd"
+	"github.com/kolide/launcher/ee/tables/tablehelpers"
 	"github.com/osquery/osquery-go/plugin/table"
 )
 
+type spotlightTable struct {
+	logger log.Logger
+}
+
 /*
 Spotlight returns a macOS spotlight table
 Example Query:
 
 	SELECT uid, f.path FROM file
-	AS f JOIN spotlight ON spotlight.path = f.path
+	AS f JOIN kolide_spotlight ON spotlight.path = f.path
 	AND spotlight.query = "kMDItemKint = 'Agile Keychain'";
 */
-func Spotlight() *table.Plugin {
+func TablePlugin(logger log.Logger) *table.Plugin {
 	columns := []table.ColumnDefinition{
 		table.TextColumn("query"),
 		table.TextColumn("path"),
 	}
-	return table.NewPlugin("kolide_spotlight", columns, generateSpotlight)
+
+	t := &spotlightTable{
+		logger: logger,
+	}
+
+	return table.NewPlugin("kolide_spotlight", columns, t.generate)
 }
 
-func generateSpotlight(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
+func (t *spotlightTable) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
 	q, ok := queryContext.Constraints["query"]
 	if !ok || len(q.Constraints) == 0 {
 		return nil, errors.New("The spotlight table requires that you specify a constraint WHERE query =")
 	}
+
 	where := q.Constraints[0].Expression
 	var query []string
 	if strings.Contains(where, "-") {
 		query = strings.Split(where, " ")
 	} else {
 		query = []string{where}
 	}
-	lines, err := mdfind(query...)
+
+	out, err := tablehelpers.Exec(ctx, t.logger, 120, allowedcmd.Mdfind, query, false)
 	if err != nil {
 		return nil, fmt.Errorf("call mdfind: %w", err)
 	}
+
 	var resp []map[string]string
-	for _, line := range lines {
+
+	lr := bufio.NewReader(bytes.NewReader(out))
+	for {
+		line, _, err := lr.ReadLine()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return nil, err
+		}
 		m := make(map[string]string, 2)
 		m["query"] = where
-		m["path"] = line
+		m["path"] = string(line)
 		resp = append(resp, m)
 	}
+
 	return resp, nil
 }
diff --git a/pkg/osquery/table/mdfind_darwin.go b/pkg/osquery/table/mdfind_darwin.go
diff --git a/pkg/osquery/table/platform_tables_darwin.go b/pkg/osquery/table/platform_tables_darwin.go
@@ -24,6 +24,7 @@ import (
 	"github.com/kolide/launcher/ee/tables/osquery_user_exec_table"
 	"github.com/kolide/launcher/ee/tables/profiles"
 	"github.com/kolide/launcher/ee/tables/pwpolicy"
+	"github.com/kolide/launcher/ee/tables/spotlight"
 	"github.com/kolide/launcher/ee/tables/systemprofiler"
 	"github.com/kolide/launcher/ee/tables/zfs"
 	_ "github.com/mattn/go-sqlite3"
@@ -88,7 +89,7 @@ func platformSpecificTables(logger log.Logger, currentOsquerydBinaryPath string)
 		macos_software_update.RecommendedUpdates(logger),
 		macos_software_update.AvailableProducts(logger),
 		MachoInfo(),
-		Spotlight(),
+		spotlight.TablePlugin(logger),
 		TouchIDUserConfig(logger),
 		TouchIDSystemConfig(logger),
 		UserAvatar(logger),