Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Table generation context is passed as double-encoded JSON #77

Closed
nickovs opened this issue Feb 5, 2021 · 1 comment
Closed

Table generation context is passed as double-encoded JSON #77

nickovs opened this issue Feb 5, 2021 · 1 comment

Comments

@nickovs
Copy link
Contributor

nickovs commented Feb 5, 2021

The context passed to table plugins' generate() methods is a JSON encoding of a JSON encoding of the data that the plugin actually cares about. If you want to access the actual context data structure then you need to use something like:

context = json.loads(json.loads(context))

While this issue has been in the code for at least six years, it's pretty clear from the source that this was not the original intention and is in fact a bug. Lines 41-43 of table_plugin.py read:

            ctx = {}
            if "context" in context:
                ctx = json.dumps(context["context"])

The underlying Thrift call context includes the table generation context as a string which contains the JSON-encoded details. The original author sets up a dictionary to pass to the generation function, then checks to see if a context was provided and, if present, replaces this with the JSON string encoding of the already-encoded context. It would make vastly more sense, and also be vastly more convenient for the user, to decode the context string value into another dictionary instead and thus for this to read:

                ctx = json.loads(context["context"])

This is almost certainly what the author intended and the current state is a typo. Hopefully this can still be fixed.
nickovs added a commit to nickovs/osquery-python that referenced this issue Feb 5, 2021
@nickovs
Fix for double-JSON-encoding of table generation contexts (osquery#77)
6c674dc
@nickovs nickovs mentioned this issue Feb 5, 2021
Merged
theopolis pushed a commit that referenced this issue Feb 6, 2021
@nickovs
Fix for double-JSON-encoding of table generation contexts (#77) (#78)
586c79f
@nickovs
Copy link
Contributor Author

nickovs commented Feb 6, 2021

@theopolis Thanks for merging the fix!

@nickovs nickovs closed this as completed Feb 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nickovs