From 3342238d8c3bf718cfe6cad27bc4610a6a2d4801 Mon Sep 17 00:00:00 2001
From: Kyle Creyts <kyle.creyts@gmail.com>
Date: Wed, 24 Apr 2024 17:16:30 -0700
Subject: [PATCH] add tests and use ints instead of strings for numeric fields

---
 osquery/tables/system/ssh_keys.cpp             | 16 ++++++++--------
 .../system/tests/posix/ssh_keys_tests.cpp      | 18 ++++++++++++++++++
 specs/user_ssh_keys.table                      |  4 ++--
 tests/integration/tables/user_ssh_keys.cpp     | 16 +++++++++-------
 4 files changed, 37 insertions(+), 17 deletions(-)

diff --git a/osquery/tables/system/ssh_keys.cpp b/osquery/tables/system/ssh_keys.cpp
index e96054cc657..60342f00288 100644
--- a/osquery/tables/system/ssh_keys.cpp
+++ b/osquery/tables/system/ssh_keys.cpp
@@ -58,8 +58,8 @@ bool isOpenSSHKeyEncrypted(const std::string& keys_content) {
 bool parsePrivateKey(const std::string& keys_content,
                      int& key_type,
                      std::string& key_group_name,
-                     std::string& key_length,
-                     std::string& key_security_bits,
+                     int& key_length,
+                     int& key_security_bits,
                      bool& is_encrypted) {
   BIO* bio_stream = BIO_new(BIO_s_mem());
   auto const bio_stream_guard =
@@ -104,8 +104,8 @@ bool parsePrivateKey(const std::string& keys_content,
     return false;
   }
   key_type = EVP_PKEY_base_id(pkey);
-  key_length = std::to_string(EVP_PKEY_bits(pkey));
-  key_security_bits = std::to_string(EVP_PKEY_security_bits(pkey));
+  key_length = EVP_PKEY_bits(pkey);
+  key_security_bits = EVP_PKEY_security_bits(pkey);
   // openssl group names are all under 24 chars today, leave some extra room
   char groupname[32];
   size_t gname_len;
@@ -168,8 +168,8 @@ void genSSHkeyForHosts(const std::string& uid,
     }
     int key_type;
     std::string key_group_name;
-    std::string key_length;
-    std::string key_security_bits;
+    int key_length = -1;
+    int key_security_bits = -1;
     bool encrypted;
     bool parsed = parsePrivateKey(keys_content,
                                   key_type,
@@ -185,8 +185,8 @@ void genSSHkeyForHosts(const std::string& uid,
       r["encrypted"] = encrypted ? "1" : "0";
       r["key_type"] = keyTypeAsString(key_type);
       r["key_group_name"] = key_group_name;
-      r["key_length"] = key_length;
-      r["key_security_bits"] = key_security_bits;
+      r["key_length"] = INTEGER(key_length);
+      r["key_security_bits"] = INTEGER(key_security_bits);
       results.push_back(r);
     }
   }
diff --git a/osquery/tables/system/tests/posix/ssh_keys_tests.cpp b/osquery/tables/system/tests/posix/ssh_keys_tests.cpp
index 66c5f66e073..1c494b94a17 100644
--- a/osquery/tables/system/tests/posix/ssh_keys_tests.cpp
+++ b/osquery/tables/system/tests/posix/ssh_keys_tests.cpp
@@ -175,6 +175,9 @@ TEST_F(SshKeysTests, rsa_key_unencrypted) {
   EXPECT_EQ(row.at("path"), fs::canonical(filepath).native());
   EXPECT_EQ(row.at("encrypted"), "0");
   EXPECT_EQ(row.at("key_type"), "rsa");
+  EXPECT_EQ(row.at("key_group_name"), "");
+  EXPECT_EQ(row.at("key_length"), "1024");
+  EXPECT_EQ(row.at("key_security_bits"), "80");
 }
 
 TEST_F(SshKeysTests, rsa_key_encrypted) {
@@ -197,6 +200,9 @@ TEST_F(SshKeysTests, rsa_key_encrypted) {
   EXPECT_EQ(row.at("path"), fs::canonical(filepath).native());
   EXPECT_EQ(row.at("encrypted"), "1");
   EXPECT_EQ(row.at("key_type"), "");
+  EXPECT_EQ(row.at("key_group_name"), "");
+  EXPECT_EQ(row.at("key_length"), "-1");
+  EXPECT_EQ(row.at("key_security_bits"), "-1");
 }
 
 TEST_F(SshKeysTests, dsa_unencrypted) {
@@ -219,6 +225,9 @@ TEST_F(SshKeysTests, dsa_unencrypted) {
   EXPECT_EQ(row.at("path"), fs::canonical(filepath).native());
   EXPECT_EQ(row.at("encrypted"), "0");
   EXPECT_EQ(row.at("key_type"), "dsa");
+  EXPECT_EQ(row.at("key_group_name"), "");
+  EXPECT_EQ(row.at("key_length"), "1024");
+  EXPECT_EQ(row.at("key_security_bits"), "80");
 }
 
 TEST_F(SshKeysTests, dsa_encrypted) {
@@ -241,6 +250,9 @@ TEST_F(SshKeysTests, dsa_encrypted) {
   EXPECT_EQ(row.at("path"), fs::canonical(filepath).native());
   EXPECT_EQ(row.at("encrypted"), "1");
   EXPECT_EQ(row.at("key_type"), "");
+  EXPECT_EQ(row.at("key_group_name"), "");
+  EXPECT_EQ(row.at("key_length"), "-1");
+  EXPECT_EQ(row.at("key_security_bits"), "-1");
 }
 
 TEST_F(SshKeysTests, ed25519_unencrypted) {
@@ -263,6 +275,9 @@ TEST_F(SshKeysTests, ed25519_unencrypted) {
   EXPECT_EQ(row.at("path"), fs::canonical(filepath).native());
   EXPECT_EQ(row.at("encrypted"), "0");
   EXPECT_EQ(row.at("key_type"), "");
+  EXPECT_EQ(row.at("key_group_name"), "");
+  EXPECT_EQ(row.at("key_length"), "-1");
+  EXPECT_EQ(row.at("key_security_bits"), "-1");
 }
 
 TEST_F(SshKeysTests, ed25519_encrypted) {
@@ -285,6 +300,9 @@ TEST_F(SshKeysTests, ed25519_encrypted) {
   EXPECT_EQ(row.at("path"), fs::canonical(filepath).native());
   EXPECT_EQ(row.at("encrypted"), "1");
   EXPECT_EQ(row.at("key_type"), "");
+  EXPECT_EQ(row.at("key_group_name"), "");
+  EXPECT_EQ(row.at("key_length"), "-1");
+  EXPECT_EQ(row.at("key_security_bits"), "-1");
 }
 
 } // namespace tables
diff --git a/specs/user_ssh_keys.table b/specs/user_ssh_keys.table
index 9b6bbb33d1a..fc34904d740 100644
--- a/specs/user_ssh_keys.table
+++ b/specs/user_ssh_keys.table
@@ -7,8 +7,8 @@ schema([
     Column("encrypted", INTEGER, "1 if key is encrypted, 0 otherwise"),
     Column("key_type", TEXT, "The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string."),
     Column("key_group_name", TEXT, "The group of the private key. Supported for a subset of key_types implemented by OpenSSL"),
-    Column("key_length", INTEGER, "The cryptographic length of the cryptosystem to which the private key belongs, in bits. Definition of cryptographic length is specific to cryptosystem"),
-    Column("key_security_bits", INTEGER, "The number of security bits of the private key, bits of security as defined in NIST SP800-57"),
+    Column("key_length", INTEGER, "The cryptographic length of the cryptosystem to which the private key belongs, in bits. Definition of cryptographic length is specific to cryptosystem. -1 if unavailable"),
+    Column("key_security_bits", INTEGER, "The number of security bits of the private key, bits of security as defined in NIST SP800-57. -1 if unavailable"),
     ForeignKey(column="uid", table="users"),
 ])
 extended_schema(LINUX, [
diff --git a/tests/integration/tables/user_ssh_keys.cpp b/tests/integration/tables/user_ssh_keys.cpp
index 1870c21a367..ef2f3217158 100644
--- a/tests/integration/tables/user_ssh_keys.cpp
+++ b/tests/integration/tables/user_ssh_keys.cpp
@@ -41,19 +41,21 @@ TEST_F(userSshKeys, test_sanity) {
   // 1. Query data
   auto const data = execute_query("select * from user_ssh_keys");
   // 2. Check size before validation
-  // ASSERT_GE(data.size(), 0ul);
+  ASSERT_GE(data.size(), 0ul);
   // ASSERT_EQ(data.size(), 1ul);
   // ASSERT_EQ(data.size(), 0ul);
   // 3. Build validation map
   // See helper.h for available flags
   // Or use custom DataCheck object
-  // ValidationMap row_map = {
-  //      {"uid", IntType}
-  //      {"path", NormalType}
-  //      {"encrypted", IntType}
-  //}
+  ValidationMap row_map = {{"uid", IntType},
+                           {"path", NormalType},
+                           {"encrypted", IntType},
+                           {"key_type", NormalType},
+                           {"key_group_name", NormalType},
+                           {"key_length", IntType},
+                           {"key_security_bits", IntType}};
   // 4. Perform validation
-  // validate_rows(data, row_map);
+  validate_rows(data, row_map);
 }
 
 } // namespace table_tests