Skip to content

Remove yara schema subdirectory #8461

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
directionless merged 4 commits into from
Dec 28, 2024
Merged

Remove yara schema subdirectory #8461

directionless merged 4 commits into from
Dec 28, 2024

Conversation

@zwass
Copy link
Member

@zwass zwass commented Oct 28, 2024
edited
Loading

  • Fix erroneous documentation that shows yara_events available on Windows
  • Move schema files to appropriate locations
  • Eliminate yara subdirectory within schema

@zwass
Remove Windows from generated schema for yara_events
6238022 
Windows is erroneously output for the yara_events table even though there is not actually support for yara_events on Windows.
@zwass zwass added the bug label Oct 28, 2024
@zwass zwass requested review from a team as code owners October 28, 2024 23:51
directionless
directionless previously approved these changes Oct 29, 2024
View reviewed changes
tools/codegen/genwebsitejson.py Outdated
Comment on lines 62 to 63
if path.endswith("yara_events.table"):
return ["darwin", "linux"]
Copy link
Member

@directionless directionless Oct 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we move the spec? Could add a yara/posix. Approved, anyway you'd like to handle it

Copy link
Member

@Smjert Smjert Oct 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should just remove the special cases and actually move the .table in the existing linux, posix etc (depending on where it has to go). This would go under posix.
yara, utility and sleuthkit seem to be the only remaining special cases

Copy link
Member Author

@zwass zwass Oct 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree actually. I don't see much benefit of the special case directories. If they aren't important to the build process in some way then that would be my preference.

Copy link
Member

@Smjert Smjert Oct 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree actually. I don't see much benefit of the special case directories. If they aren't important to the build process in some way then that would be my preference.

No they aren't. I guess previously it was preferred to give priority to what the table spec was for.

@Smjert Smjert mentioned this pull request Oct 29, 2024
Open
directionless
directionless previously approved these changes Nov 5, 2024
View reviewed changes
specs/CMakeLists.txt Outdated
"windows/security_profile_info.table:windows"
"windows/windows_search.table:windows"
"yara/yara_events.table:linux,macos"
"yara/yara.table:linux,macos,windows"
Copy link
Member

@directionless directionless Nov 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we also want to move yara.table?

Copy link
Member Author

@zwass zwass Dec 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I'm working on this now.

@zwass zwass changed the title Remove Windows from generated schema for yara_events Remove yara schema subdirectory Dec 24, 2024
@zwass
Copy link
Member Author

zwass commented Dec 24, 2024

@directionless @Smjert I added some additional changes to eliminate the yara subdirectory entirely from within specs. This allows a couple of other things to be simplified.

@directionless directionless merged commit fc0e398 into osquery:master Dec 28, 2024
22 checks passed
@zwass zwass deleted the windows-remove-yara-events branch December 31, 2024 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Smjert Smjert Smjert left review comments

@directionless directionless directionless approved these changes

Assignees

No one assigned

Labels

bug build

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zwass @Smjert @directionless