-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix stringFromCFData #8287
base: master
Are you sure you want to change the base?
Fix stringFromCFData #8287
Conversation
First commit was the wrong version. This is correct.
This doesn't seem quite right. I built this and did a test:
With osquery 5.11.0:
Notably, |
I'm doing some testing and this seems to work well on initial testing:
Here's the output I get
I'm going to work on a new PR that implements this and a unit test. |
Ah, but now I notice that the issue seems to be that you are looking for a hex encoding of binary data, while osquery is looking for a UTF8 string? |
Sorry for all the chatter. I've now looked at the osquery implementation and it seems to try to provide printable characters as their original and unprintable as hex encoded. Wondering what a good compromise is here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not clear what the "right" behavior is, but I don't think we can proceed with these changes that turn the path
column of kernel_info
from human-readable to not.
@zwass Sorry, unable to reproduce.
Even when I run with sudo. |
I'm on Sonoma 14.3 with an Intel processor. I don't know if the difference might be the OS version or perhaps you are on Apple Silicon? |
@zwass Indeed I am on an apple silicon M1. |
I am building a binary for OSX that reports the details of devices that are physically connected to the Mac.
I used your implementation of stringFromCFData in order to convert the "USB device signature" which is of type Data (bytes) into a string. However I saw that the output is a random unrelated string.
I created my own implementation and called both implementations one after the other in order to compare results:
Here are the results, screenshotted from my XCode debugging session:
On the left is an ioRegistryExplorer window showing the device "USB device signature", on the right are the results strings.
As you can see the current OSquery implementation is getting it wrong both times.
I even created a unit test locally in order to double check. This time I used a C-style byte array, as this is what "Data" really is.
As you can see the current implementation gets it wring again.