Fix python_packages and process_open_sockets

osquery · Dec 12, 2019 · ff155b7 · ff155b7
1 parent e6eb99a
commit ff155b7
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/osquery/tables/system/python_packages.cpp b/osquery/tables/system/python_packages.cpp
@@ -29,15 +29,15 @@ namespace tables {
 /// Number of fields when splitting metadata and info.
 const size_t kNumFields = 2;
 const std::set<std::string> kPythonPath = {
-    "/usr/local/lib/python2.7/dist-packages/",
-    "/usr/local/lib/python2.7/site-packages/",
-    "/usr/lib/python2.7/dist-packages/",
-    "/usr/lib/python2.7/site-packages/",
-    "/Library/Python/2.7/site-packages/",
+    "/usr/local/lib/python%/dist-packages",
+    "/usr/local/lib/python%/site-packages",
+    "/usr/lib/python%/dist-packages",
+    "/usr/lib/python%/site-packages",
+    "/Library/Python/%/site-packages",
 };
 
 const std::set<std::string> kDarwinPythonPath = {
-    "/System/Library/Frameworks/Python.framework/Versions/",
+    "/System/Library/Frameworks/Python.framework/Versions",
 };
 
 const std::string kWinPythonInstallKey =
@@ -127,7 +127,13 @@ QueryData genPythonPackages(QueryContext& context) {
       context.constraints.at("directory").exists(EQUALS)) {
     paths = context.constraints["directory"].getAll(EQUALS);
   } else {
-    paths = kPythonPath;
+    for (const auto& path : kPythonPath) {
+      std::vector<std::string> sites;
+      resolveFilePattern(path, sites);
+      for (const auto& site : sites) {
+        paths.insert(site);
+      }
+    }
   }
   for (const auto& key : paths) {
     genSiteDirectories(key, results);
@@ -148,7 +154,7 @@ QueryData genPythonPackages(QueryContext& context) {
         }
 
         auto complete = version + "lib/python" +
-                        version_path.filename().string() + "/site-packages/";
+                        version_path.filename().string() + "/site-packages";
         genSiteDirectories(complete, results);
       }
     }

diff --git a/tests/integration/tables/process_open_sockets.cpp b/tests/integration/tables/process_open_sockets.cpp
@@ -10,6 +10,7 @@
 // Spec file: specs/process_open_sockets.table
 
 #include <osquery/tests/integration/tables/helper.h>
+#include <osquery/utils/info/platform_type.h>
 
 namespace osquery {
 namespace table_tests {
@@ -36,6 +37,10 @@ TEST_F(processOpenSockets, test_sanity) {
       {"state", NormalType},
   };
 
+  if (isPlatform(PlatformType::TYPE_LINUX)) {
+    row_map["net_namespace"] = IntType;
+  }
+
   auto const data = execute_query("select * from process_open_sockets");
   ASSERT_FALSE(data.empty());
   validate_rows(data, row_map);