Home / osquery / osquery
Repository Analysis

osquery/osquery

SQL powered operating system instrumentation, monitoring, and analytics.

2.0 Likely human-written View on GitHub
2.0
Adjusted Score
2.0
Raw Score
100%
Time Factor
2026-05-12
Last Push
23,278
Stars
C++
Language
272,831
Lines of Code
1827
Files
524
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 14LOW 510

Pattern Findings

524 matches across 9 categories. Click a row to expand file-level details.

Over-Commented Block428 hits · 428 pts
SeverityFileLineSnippet
LOWosquery/tables/networking/curl_certificate.cpp21#include <openssl/x509.h>
LOWosquery/tables/networking/posix/interfaces.cpp21#include <linux/ethtool.h>
LOWosquery/tables/yara/yara_events.cpp21#include <osquery/events/darwin/fsevents.h>
LOWosquery/tables/yara/yara.cpp21
LOWosquery/tables/yara/yara.cpp501 }
LOWosquery/tables/system/hash.cpp21
LOWosquery/tables/system/ssh_keys.cpp21#include <osquery/worker/logging/glog/glog_logger.h>
LOWosquery/tables/system/posix/ulimit_info.cpp41#endif
LOWosquery/tables/system/posix/augeas.cpp201 // Strategy for handling augeas
LOWosquery/tables/system/tests/system_tables_tests.cpp21#include <osquery/core/tables.h>
LOWosquery/tables/system/linux/processes.cpp21#include <boost/algorithm/string/trim.hpp>
LOWosquery/tables/system/linux/secureboot.cpp21// Linux has 2 places efivars can be accessed:
LOWosquery/tables/system/linux/md_tables.cpp201#endif
LOWosquery/tables/system/linux/rpm_packages.cpp21#include <osquery/core/tables.h>
LOWosquery/tables/system/linux/model_specific_register.cpp21#define MSR_FILENAME_BUFFER_SIZE 32
LOWosquery/tables/system/linux/secureboot_certificates.cpp21#include <cstdint>
LOWosquery/tables/system/linux/apt_sources.cpp1/**
LOWosquery/tables/system/darwin/sysctl_utils.cpp21namespace osquery {
LOWosquery/tables/system/darwin/smbios_tables.cpp21#include <boost/algorithm/string.hpp>
LOWosquery/tables/system/darwin/signature.mm21#include <osquery/logger/logger.h>
LOWosquery/tables/system/darwin/homebrew_packages.cpp181std::string getMetadataFileForCask(const std::string& path) {
LOWosquery/tables/system/darwin/certificates.mm121
LOWosquery/tables/system/darwin/firewall.h21
LOWosquery/tables/system/darwin/firewall.h41// - 'logging_option': Quote from https://support.apple.com/en-jo/121011: "The
LOWosquery/tables/system/windows/processes.cpp21#include <iomanip>
LOWosquery/tables/system/windows/objects.cpp21namespace osquery {
LOWosquery/tables/system/windows/objects.cpp41// rest of osquery
LOWosquery/tables/system/windows/objects.cpp61
LOWosquery/tables/system/windows/objects.cpp141 // services session id. this means we expect the object name to be a
LOWosquery/tables/system/windows/windows_crashes.cpp21#include <DbgEng.h>
LOWosquery/tables/system/windows/programs.cpp141
LOWosquery/tables/system/windows/registry.cpp21#include <boost/algorithm/string.hpp>
LOWosquery/tables/system/windows/windows_search.cpp21#include <sstream>
LOWosquery/tables/system/windows/process_open_handles.cpp921 if (!FLAGS_allow_handle_threads) {
LOWosquery/tables/applications/jetbrains_plugins.cpp221// Sorts the files heuristically to load the plugin jar containing plugin.xml
LOWosquery/tables/applications/jetbrains_plugins.cpp341 // plugin_directory Example:
LOWosquery/tables/applications/posix/docker.cpp21
LOWosquery/tables/applications/darwin/browser_plugins.cpp41/// Safari App Extensions root directory
LOWosquery/tables/events/linux/process_file_events.cpp641 // The rename/renameat/renameat2 syscalls all receive either four
LOWosquery/tables/events/windows/ntfs_journal_events.cpp41 // when we encounter them? Does NTFS recycle FRNs? Does it matter in terms of
LOWosquery/tables/utility/osquery.cpp1/**
LOWosquery/experimental/experiments/CMakeLists.txt1# Copyright (c) 2014-present, The osquery authors
LOWosquery/core/flags.h201#define SHELL_FLAG(t, n, v, d) OSQUERY_FLAG(t, n, v, d, 1, 0, 0, 0)
LOWosquery/core/system.cpp21#include <uuid/uuid.h>
LOWosquery/core/system.cpp41
LOWosquery/core/init.cpp21#include <WbemIdl.h>
LOWosquery/core/init.cpp41#include <osquery/events/events.h>
LOWosquery/core/watcher.cpp21
LOWosquery/core/windows/ntapi.h21#define STATUS_UNSUCCESSFUL 0xC0000001L
LOWosquery/core/windows/ntapi.h41#define STATUS_INTEGER_OVERFLOW 0xC0000095L
LOWosquery/core/windows/ntapi.h61#ifndef ObjectNameInformation
LOWosquery/logger/logger.cpp21#include <boost/noncopyable.hpp>
LOWosquery/config/config.cpp21#include <osquery/config/config.h>
LOWosquery/config/tests/config_tests.cpp21
LOWosquery/dispatcher/scheduler.cpp21#include <osquery/core/flags.h>
LOWosquery/utils/attribute.h21#endif
LOWosquery/utils/config/default_paths.h21#pragma once
LOWosquery/utils/config/default_paths.h41#define OSQUERY_PIDFILE "/var/run/"
LOWosquery/utils/info/platform_type.h41#endif
LOWosquery/utils/macros/macros.h21#define STR_EX(x) x
368 more matches not shown…
Unused Imports32 hits · 32 pts
SeverityFileLineSnippet
LOW…ci/scripts/cve/validate_manifest_libraries_versions.py10
LOW…s/ci/scripts/cve/third_party_libraries_cves_scanner.py21
LOWtools/tests/winexpect.py18
LOWtools/tests/winexpect.py25
LOWtools/tests/winexpect.py28
LOWtools/tests/test_http_server.py25
LOWtools/tests/test_extensions.py10
LOWtools/tests/test_extensions.py11
LOWtools/tests/test_extensions.py12
LOWtools/tests/test_extensions.py13
LOWtools/tests/test_extensions.py14
LOWtools/tests/test_extensions.py15
LOWtools/tests/test_extensions.py17
LOWtools/tests/test_osqueryd.py13
LOWtools/tests/test_osqueryd.py14
LOWtools/tests/test_osqueryd.py16
LOWtools/tests/test_additional.py10
LOWtools/tests/test_additional.py11
LOWtools/tests/test_additional.py12
LOWtools/tests/test_base.py104
LOWtools/tests/test_osqueryi.py11
LOWtools/tests/test_osqueryi.py12
LOWtools/tests/test_osqueryi.py14
LOWtools/tests/test_example_queries.py10
LOWtools/tests/test_example_queries.py12
LOWtools/tests/test_example_queries.py13
LOWtools/tests/test_example_queries.py14
LOWtools/codegen/genapi.py19
LOWtools/codegen/genapi.py20
LOWtools/codegen/genwebsitejson.py29
LOWtools/codegen/genwebsitejson.py32
LOWtools/deployment/getfiles.py12
Excessive Try-Catch Wrapping21 hits · 28 pts
SeverityFileLineSnippet
LOWtools/cmake/downloader.py23 except Exception as e:
MEDIUM…s/ci/scripts/cve/third_party_libraries_cves_scanner.py37 print("Error: " + message, file=sys.stderr)
LOW…s/ci/scripts/cve/third_party_libraries_cves_scanner.py93 except Exception as e:
MEDIUM…s/ci/scripts/cve/third_party_libraries_cves_scanner.py95 print(f"Error searching CVE for library {library_name}: {e}. Retrying")
LOW…s/ci/scripts/cve/third_party_libraries_cves_scanner.py412 except Exception as e:
MEDIUMtools/ci/scripts/cve/osquery/manifest_api.py46 print("Error: " + message, file=sys.stderr)
LOWtools/tests/winexpect.py64 except Exception as e:
LOWtools/tests/utils.py56 except Exception:
LOWtools/tests/utils.py80 except Exception as e:
LOWtools/tests/utils.py119 except Exception as e:
MEDIUMtools/tests/utils.py222 print("Error: %s" % err.decode("utf-8"))
LOWtools/tests/test_base.py255 except Exception as e:
LOWtools/tests/test_base.py265 except Exception as e:
LOWtools/tests/test_base.py451 except Exception as e:
LOWtools/tests/test_base.py502 except Exception as e:
LOWtools/tests/test_base.py650 except Exception as e:
LOWtools/tests/test_base.py691 except Exception as e:
MEDIUMtools/tests/test_base.py245def run(self):
MEDIUMtools/tests/test_base.py531def __del__(self):
MEDIUMtools/tests/test_base.py686def _execute(self, query):
LOWtools/codegen/genapi.py266 except Exception as e:
Hyper-Verbose Identifiers19 hits · 17 pts
SeverityFileLineSnippet
LOWtools/tests/test_release.py84 def test_linked_system_libraries(self):
LOWtools/tests/test_extensions.py28 def test_daemon_without_extensions(self):
LOWtools/tests/test_extensions.py239 def test_extensions_directory_autoload(self):
LOWtools/tests/test_extensions.py262 def test_extensions_autoload_watchdog(self):
LOWtools/tests/test_extensions.py306 def test_external_config_update(self):
LOWtools/tests/test_osqueryd.py23 def test_daemon_without_watchdog(self):
LOWtools/tests/test_osqueryd.py66 def test_daemon_with_watchdog(self):
LOWtools/tests/test_osqueryd.py118 def daemon_sigint_test_helper(self, pidfile_path):
LOWtools/tests/test_windows_service.py284 def test_install_run_stop_uninstall_windows_service(self):
LOWtools/tests/test_windows_service.py325 def test_thrash_windows_service(self):
LOWtools/tests/test_osqueryi.py39 def test_config_check_success(self):
LOWtools/tests/test_osqueryi.py75 def test_config_check_failure_invalid_path(self):
LOWtools/tests/test_osqueryi.py89 def test_config_check_failure_valid_path(self):
LOWtools/tests/test_osqueryi.py101 def test_config_check_failure_missing_plugin(self):
LOWtools/tests/test_osqueryi.py115 def test_config_check_example(self):
LOWtools/tests/test_example_queries.py23 def test_cross_platform_queries(self):
LOWtools/tests/test_example_queries.py26 def test_platform_specific_queries(self):
LOWtools/formatting/git-clang-format.py260def compute_diff_and_extract_lines(commit, files):
LOWtools/formatting/git-clang-format.py351def run_clang_format_and_save_to_tree(changed_lines, binary='clang-format',
Deep Nesting13 hits · 13 pts
SeverityFileLineSnippet
LOWtools/analysis/profile.py71
LOWtools/analysis/profile.py103
LOW…s/ci/scripts/cve/third_party_libraries_cves_scanner.py40
LOWtools/ci/scripts/cve/osquery/manifest_api.py49
LOWtools/tests/test_release.py84
LOWtools/tests/test_http_server.py183
LOWtools/tests/utils.py71
LOWtools/tests/test_base.py352
LOWtools/codegen/gentable.py455
LOWtools/codegen/gentable.py219
LOWtools/codegen/templite.py70
LOWtools/codegen/amalgamate.py21
LOWtools/formatting/git-clang-format.py57
Self-Referential Comments5 hits · 13 pts
SeverityFileLineSnippet
MEDIUMtools/tests/test_http_server.py23# Create a simple TLS/HTTP server.
MEDIUMtools/tests/test_base.py399 # Create a temporary config.
MEDIUMtools/codegen/gentable.py224 # Create a list of column options from the kwargs passed to the column.
MEDIUMtools/formatting/git-clang-format.py7# This file is distributed under the University of Illinois Open Source
MEDIUMtools/formatting/git-clang-format.py50# This file is created within the .git directory.
AI Slop Vocabulary2 hits · 6 pts
SeverityFileLineSnippet
MEDIUMosquery/tables/system/windows/drivers.cpp255 // Then, leverage the Windows APIs to get whatever remains
MEDIUMosquery/core/watcher.cpp78 // % of (User + System) CPU time worker can utilize
Redundant / Tautological Comments2 hits · 3 pts
SeverityFileLineSnippet
LOWtools/tests/test_http_server.py374 # Check if client accepts gzip encoding
LOWtools/tests/utils.py94 # Check if it is an internal pack definition
Fake / Example Data2 hits · 2 pts
SeverityFileLineSnippet
LOWtests/integration/tables/hash.cpp31 path, "Lorem ipsum dolor sit amet, consectetur adipiscing elit.")
LOWtests/integration/tables/hash.cpp31 path, "Lorem ipsum dolor sit amet, consectetur adipiscing elit.")