github.com/Uptycs/basequery-go@v0.8.0/osquery.thrift (about) 1 // Copyright (c) 2014-present, The osquery authors 2 // 3 // This source code is licensed as defined by the LICENSE file found in the 4 // root directory of this source tree. 5 // 6 // SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only) 7 8 namespace cpp osquery.extensions 9 namespace py osquery.extensions 10 11 /// Registry operations use a registry name, plugin name, request/response. 12 typedef map<string, string> ExtensionPluginRequest 13 typedef list<map<string, string>> ExtensionPluginResponse 14 15 /// Extensions should request osquery options to set active registries and 16 /// bootstrap any config/logger plugins. 17 struct InternalOptionInfo { 18 1:string value, 19 2:string default_value, 20 3:string type, 21 } 22 23 /// Each option (CLI flag) has a unique name. 24 typedef map<string, InternalOptionInfo> InternalOptionList 25 26 /// When communicating extension metadata, use a thrift-internal structure. 27 struct InternalExtensionInfo { 28 1:string name, 29 2:string version, 30 3:string sdk_version, 31 4:string min_sdk_version, 32 } 33 34 /// Unique ID for each extension. 35 typedef i64 ExtensionRouteUUID 36 /// A map from each plugin name to its optional route information. 37 typedef map<string, ExtensionPluginResponse> ExtensionRouteTable 38 /// A map from each registry name. 39 typedef map<string, ExtensionRouteTable> ExtensionRegistry 40 /// A map from each extension's unique ID to its map of registries. 41 typedef map<ExtensionRouteUUID, InternalExtensionInfo> InternalExtensionList 42 43 enum ExtensionCode { 44 EXT_SUCCESS = 0, 45 EXT_FAILED = 1, 46 EXT_FATAL = 2, 47 } 48 49 /// Most communication uses the Status return type. 50 struct ExtensionStatus { 51 1:i32 code, 52 2:string message, 53 /// Add a thrift Status parameter identifying the request/response. 54 3:ExtensionRouteUUID uuid, 55 } 56 57 struct ExtensionResponse { 58 1:ExtensionStatus status, 59 2:ExtensionPluginResponse response, 60 } 61 62 exception ExtensionException { 63 1:i32 code, 64 2:string message, 65 3:ExtensionRouteUUID uuid, 66 } 67 68 service Extension { 69 /// Ping to/from an extension and extension manager for metadata. 70 ExtensionStatus ping(), 71 /// Call an extension (or core) registry plugin. 72 ExtensionResponse call( 73 /// The registry name (e.g., config, logger, table, etc). 74 1:string registry, 75 /// The registry item name (plugin name). 76 2:string item, 77 /// The thrift-equivalent of an osquery::PluginRequest. 78 3:ExtensionPluginRequest request), 79 /// Request that an extension shutdown (does not apply to managers). 80 void shutdown(), 81 } 82 83 /// The extension manager is run by the osquery core process. 84 service ExtensionManager extends Extension { 85 /// Return the list of active registered extensions. 86 InternalExtensionList extensions(), 87 /// Return the list of bootstrap or configuration options. 88 InternalOptionList options(), 89 /// The API endpoint used by an extension to register its plugins. 90 ExtensionStatus registerExtension( 91 1:InternalExtensionInfo info, 92 2:ExtensionRegistry registry), 93 ExtensionStatus deregisterExtension( 94 1:ExtensionRouteUUID uuid, 95 ), 96 /// Allow an extension to query using an SQL string. 97 ExtensionResponse query( 98 1:string sql, 99 ), 100 /// Allow an extension to introspect into SQL used in a parsed query. 101 ExtensionResponse getQueryColumns( 102 1:string sql, 103 ), 104 /// Stream batch of events for a events table. 105 ExtensionStatus streamEvents( 106 /// The name of the events table. 107 1:string name, 108 /// Batch of events for the event table. 109 2:ExtensionPluginResponse events, 110 ), 111 /// Return the TLS node key. 112 string getNodeKey(), 113 }