Adding process_open_pipes table

[scoders-tob]

This table lists a process' open named and anonymous pipes with endpoints resolved.
Example output:

osquery> select * from process_open_pipes limit 20;
+------+-----+------+-------+-----------+-------------+------------+--------------+
| pid  | fd  | mode | inode | type      | partner_pid | partner_fd | partner_mode |
+------+-----+------+-------+-----------+-------------+------------+--------------+
| 1    | 220 | rw   | 407   | named     |             |            |              |
| 1    | 221 | rw   | 408   | named     |             |            |              |
| 1    | 225 | rw   | 380   | named     |             |            |              |
| 1    | 250 | r    | 19564 | anonymous |             |            |              |
| 1057 | 21  | r    | 559   | named     | 1060        | 9          | w            |
| 1057 | 22  | r    | 1035  | named     | 1259        | 8          | w            |
| 1057 | 23  | r    | 1032  | named     | 1266        | 12         | w            |
| 1057 | 25  | r    | 1016  | named     | 1107        | 20         | w            |
| 1057 | 33  | r    | 1192  | named     | 3185        | 14         | w            |
| 1057 | 34  | r    | 1109  | named     | 1367        | 7          | w            |
| 1057 | 35  | r    | 1202  | named     | 1630        | 21         | w            |
| 1057 | 36  | r    | 1204  | named     | 3185        | 31         | w            |
| 1057 | 37  | r    | 1208  | named     | 1618        | 19         | w            |
| 1057 | 38  | r    | 1213  | named     | 3132        | 20         | w            |
| 1057 | 42  | r    | 1122  | named     | 2988        | 41         | w            |
| 1057 | 48  | r    | 1099  | named     | 1618        | 14         | w            |
| 1057 | 52  | r    | 965   | named     | 2036        | 13         | w            |
| 1058 | 6   | r    | 28513 | anonymous | 1058        | 7          | w            |
| 1058 | 7   | w    | 28513 | anonymous | 1058        | 6          | r            |
| 1058 | 8   | r    | 28515 | anonymous | 1058        | 9          | w            |
+------+-----+------+-------+-----------+-------------+------------+--------------+

[theopolis]

A few notes throughout:

• Please use explicit {} around new scopes to help prevent future mistakes.
• In some places we should use C++11 patterns instead of C, no raw pointers or C arrays.
• Logging does not need ending newlines and we should only use DLOG or LOG, not perror or printf.
• Check if we need to update BUCK as well.
• Should we add optimization to the implementation to be able to handle pid = N?

[Smjert]

Sorry if I'm intruding, but a couple of comments on the review:

1. C++11 smart pointers intention is to substitute owning raw pointers, not any raw pointer. If the pointer points to a resource that is held by a smart pointer, which is the intention here, that's fine.
   Which is also why this in the works: https://en.cppreference.com/w/cpp/experimental/observer_ptr
   Nonetheless nullability might not be desired here.

2. const references cannot be stored into a vector because vector elements must be assignable. Maybe std::reference_wrapper?

[scoders-tob]

Thanks guys for your reviews. I've made the suggested changes.

[scoders-tob]

Regarding optimization to handle pid = N, this won't be useful because all processes need to be traversed regardless to resolve pipe partners

[theopolis]

Thanks for the iteration here! Do you mind taking another pass at the testing code? I left a few comments but there might be more that can be improved.

[scoders-tob]

Thanks @theopolis. Will do.

[scoders-tob]

Done!

[theopolis]

Looking good, thanks for the updates! I promise this is my last round of nitpicks 💃

Also curious if @Smjert can take another look?

[scoders-tob]

:)
Done!

[Smjert]

Please also keep the same naming convention we have for function in the test case.

[scoders-tob]

Thanks @Smjert! Done.

[scoders-tob]

@theopolis All changes have been made to this as per reviews. If it looks good to you, could you please approve/merge this?

outdated

[scoders-tob]

Thanks!