RubyGems - winevt_c - Versions diffs - 0.5.1 → 0.6.0 - Mend

winevt_c 0.5.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/.clang-format +5 -0
data/README.md +2 -2
data/example/rate_limit.rb +14 -0
data/ext/winevt/extconf.rb +2 -2
data/ext/winevt/winevt_bookmark.c +44 -39
data/ext/winevt/winevt_c.h +42 -26
data/ext/winevt/winevt_channel.c +43 -29
data/ext/winevt/winevt_query.c +140 -92
data/ext/winevt/winevt_subscribe.c +214 -89
data/ext/winevt/winevt_utils.cpp +540 -335
data/lib/winevt/version.rb +1 -1
data/winevt_c.gemspec +1 -1
metadata +5 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75744148e9ca94521748b06833b718e340adff8024aa2d2c95560561b2f78067
-  data.tar.gz: c9ccac540fa71ee98862084e765d93ef99e82e0da8ffa539bad5fe01ade3206b
+  metadata.gz: 12f9385269dcef7feb299a038947855285d7ffb76d8d331941dfa2d30f56fdb4
+  data.tar.gz: f122b6172ae73587a3a518d79d25a7a64daa735a552fb998cfd5f9e2a5fddc07
 SHA512:
-  metadata.gz: c3fa73323e1d79dc1336c8d9d0984f9a00e0f683b38e4fcbd9ffc46c101a6e5727bf542210c59171e997c9fea0662b8b1078a9f7b44748c933623b47de5693c2
-  data.tar.gz: 2e32151fa6b178f98c7c6f97e28e5cbcdd83050bb738cade7cf85f23ba6faf6b8dd09c81c8d51a7460428dff57345fd922aab405b4756b2311632badca8abd2a
+  metadata.gz: 92d91fafb48fe5a4cc63ad82a9eca050cac7e2db38538347f6a9c247b5218604360a155233d1f37c38ce9967ca6af46f150fedb0d77c261e201fb99a675c0996
+  data.tar.gz: 5fcc3b81d00788d63380692942fe29822fe6a53d058463ce7848409310abb242a187dfb24414c5cdfc17943d6b57f027a9e1ddbeb2ae03c7eee2594215080eb1

data/.clang-format ADDED Viewed

@@ -0,0 +1,5 @@
+BasedOnStyle: Mozilla
+ColumnLimit: 90
+BinPackParameters: true
+BinPackArguments: false
+AllowShortCaseLabelsOnASingleLine: false

data/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # winevt_c
-[![Build status](https://ci.appveyor.com/api/projects/status/hr3phv8ihvgc68oj/branch/master?svg=true)](https://ci.appveyor.com/project/cosmo0920/winevt-c/branch/master)
+[![Build status](https://ci.appveyor.com/api/projects/status/o5771b3cb6x3acq0/branch/master?svg=true)](https://ci.appveyor.com/project/cosmo0920/winevt-c-6145k/branch/master)
 ## Prerequisites
@@ -35,4 +35,4 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/cosmo0920/winevt_c.
+Bug reports and pull requests are welcome on GitHub at https://github.com/fluent-plugins-nursery/winevt_c.

data/example/rate_limit.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require 'winevt'
+@subscribe = Winevt::EventLog::Subscribe.new
+@subscribe.tail = true
+@subscribe.rate_limit = 80
+@subscribe.subscribe(
+  "Application", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]"
+)
+while true do
+  @subscribe.each do |eventlog, message, string_inserts|
+    puts ({eventlog: eventlog, data: message})
+  end
+  sleep(0.1)
+end

data/ext/winevt/extconf.rb CHANGED Viewed

@@ -16,8 +16,8 @@ have_library("advapi32")
 have_library("ole32")
 $LDFLAGS << " -lwevtapi -ladvapi32 -lole32"
-$CFLAGS << " -std=c99 -fPIC -fms-extensions "
-$CXXFLAGS << " -std=c++11 -fPIC -fms-extensions "
+$CFLAGS << " -Wall -std=c99 -fPIC -fms-extensions "
+$CXXFLAGS << " -Wall -std=c++11 -fPIC -fms-extensions "
 # $CFLAGS << " -g -O0 -ggdb"
 # $CXXFLAGS << " -g -O0 -ggdb"

data/ext/winevt/winevt_bookmark.c CHANGED Viewed

@@ -1,18 +1,21 @@
 #include <winevt_c.h>
-static void bookmark_free(void *ptr);
-static const rb_data_type_t rb_winevt_bookmark_type = {
-  "winevt/bookmark", {
-    0, bookmark_free, 0,
-  }, NULL, NULL,
-  RUBY_TYPED_FREE_IMMEDIATELY
-};
+static void bookmark_free(void* ptr);
+static const rb_data_type_t rb_winevt_bookmark_type = { "winevt/bookmark",
+                                                        {
+                                                          0,
+                                                          bookmark_free,
+                                                          0,
+                                                        },
+                                                        NULL,
+                                                        NULL,
+                                                        RUBY_TYPED_FREE_IMMEDIATELY };
 static void
-bookmark_free(void *ptr)
+bookmark_free(void* ptr)
 {
-  struct WinevtBookmark *winevtBookmark = (struct WinevtBookmark *)ptr;
+  struct WinevtBookmark* winevtBookmark = (struct WinevtBookmark*)ptr;
   if (winevtBookmark->bookmark)
     EvtClose(winevtBookmark->bookmark);
@@ -23,23 +26,22 @@ static VALUE
 rb_winevt_bookmark_alloc(VALUE klass)
 {
   VALUE obj;
-  struct WinevtBookmark *winevtBookmark;
-  obj = TypedData_Make_Struct(klass,
-                              struct WinevtBookmark,
-                              &rb_winevt_bookmark_type,
-                              winevtBookmark);
+  struct WinevtBookmark* winevtBookmark;
+  obj = TypedData_Make_Struct(
+    klass, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
   return obj;
 }
 static VALUE
-rb_winevt_bookmark_initialize(int argc, VALUE *argv, VALUE self)
+rb_winevt_bookmark_initialize(int argc, VALUE* argv, VALUE self)
 {
   PWSTR bookmarkXml;
   VALUE wbookmarkXmlBuf;
   DWORD len;
-  struct WinevtBookmark *winevtBookmark;
+  struct WinevtBookmark* winevtBookmark;
-  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
+  TypedData_Get_Struct(
+    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
   if (argc == 0) {
     winevtBookmark->bookmark = EvtCreateBookmark(NULL);
@@ -49,9 +51,15 @@ rb_winevt_bookmark_initialize(int argc, VALUE *argv, VALUE self)
     Check_Type(rb_bookmarkXml, T_STRING);
     // bookmarkXml : To wide char
-    len = MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), NULL, 0);
-    bookmarkXml = ALLOCV_N(WCHAR, wbookmarkXmlBuf, len+1);
-    MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), bookmarkXml, len);
+    len = MultiByteToWideChar(
+      CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), NULL, 0);
+    bookmarkXml = ALLOCV_N(WCHAR, wbookmarkXmlBuf, len + 1);
+    MultiByteToWideChar(CP_UTF8,
+                        0,
+                        RSTRING_PTR(rb_bookmarkXml),
+                        RSTRING_LEN(rb_bookmarkXml),
+                        bookmarkXml,
+                        len);
     bookmarkXml[len] = L'\0';
     winevtBookmark->bookmark = EvtCreateBookmark(bookmarkXml);
     ALLOCV_END(wbookmarkXmlBuf);
@@ -63,37 +71,34 @@ rb_winevt_bookmark_initialize(int argc, VALUE *argv, VALUE self)
 static VALUE
 rb_winevt_bookmark_update(VALUE self, VALUE event)
 {
-  struct WinevtQuery *winevtQuery;
-  struct WinevtBookmark *winevtBookmark;
+  struct WinevtQuery* winevtQuery;
+  struct WinevtBookmark* winevtBookmark;
   winevtQuery = EventQuery(event);
-  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
-  if(EvtUpdateBookmark(winevtBookmark->bookmark, winevtQuery->event))
-    return Qtrue;
+  TypedData_Get_Struct(
+    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
-  return Qfalse;
+  for (int i = 0; i < winevtQuery->count; i++) {
+    if (!EvtUpdateBookmark(winevtBookmark->bookmark, winevtQuery->hEvents[i]))
+      return Qfalse;
+  }
+  return Qtrue;
 }
 static VALUE
 rb_winevt_bookmark_render(VALUE self)
 {
-  WCHAR* wResult;
-  struct WinevtBookmark *winevtBookmark;
-  VALUE utf8str;
-  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
-  wResult = render_event(winevtBookmark->bookmark, EvtRenderBookmark);
-  utf8str = wstr_to_rb_str(CP_UTF8, wResult, -1);
+  struct WinevtBookmark* winevtBookmark;
-  if (wResult != NULL)
-    free(wResult);
+  TypedData_Get_Struct(
+    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
-  return utf8str;
+  return render_to_rb_str(winevtBookmark->bookmark, EvtRenderBookmark);
 }
-void Init_winevt_bookmark(VALUE rb_cEventLog)
+void
+Init_winevt_bookmark(VALUE rb_cEventLog)
 {
   rb_cBookmark = rb_define_class_under(rb_cEventLog, "Bookmark", rb_cObject);

data/ext/winevt/winevt_c.h CHANGED Viewed

@@ -5,67 +5,83 @@
 #include <ruby/encoding.h>
 #ifdef __GNUC__
-# include <w32api.h>
-# define MINIMUM_WINDOWS_VERSION WindowsVista
-#else /* __GNUC__ */
-# define MINIMUM_WINDOWS_VERSION 0x0600 /* Vista */
-#endif /* __GNUC__ */
+#include <w32api.h>
+#define MINIMUM_WINDOWS_VERSION WindowsVista
+#else                                  /* __GNUC__ */
+#define MINIMUM_WINDOWS_VERSION 0x0600 /* Vista */
+#endif                                 /* __GNUC__ */
 #ifdef _WIN32_WINNT
-#  undef _WIN32_WINNT
+#undef _WIN32_WINNT
 #endif /* WIN32_WINNT */
 #define _WIN32_WINNT MINIMUM_WINDOWS_VERSION
+#include <time.h>
 #include <winevt.h>
-#define EventQuery(object) ((struct WinevtQuery *)DATA_PTR(object))
-#define EventBookMark(object) ((struct WinevtBookmark *)DATA_PTR(object))
-#define EventChannel(object) ((struct WinevtChannel *)DATA_PTR(object))
+#define EventQuery(object) ((struct WinevtQuery*)DATA_PTR(object))
+#define EventBookMark(object) ((struct WinevtBookmark*)DATA_PTR(object))
+#define EventChannel(object) ((struct WinevtChannel*)DATA_PTR(object))
 #ifdef __cplusplus
 extern "C" {
 #endif /* __cplusplus */
-char* wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen);
-void free_allocated_mbstr(const char* str);
-VALUE wstr_to_rb_str(UINT cp, const WCHAR *wstr, int clen);
-WCHAR* render_event(EVT_HANDLE handle, DWORD flags);
+VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
+VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
 WCHAR* get_description(EVT_HANDLE handle);
 VALUE get_values(EVT_HANDLE handle);
+VALUE render_system_event(EVT_HANDLE handle);
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
 VALUE rb_cQuery;
+VALUE rb_cFlag;
 VALUE rb_cChannel;
 VALUE rb_cBookmark;
 VALUE rb_cSubscribe;
 VALUE rb_eWinevtQueryError;
-struct WinevtChannel {
+struct WinevtChannel
+{
   EVT_HANDLE channels;
 };
-struct WinevtBookmark {
+struct WinevtBookmark
+{
   EVT_HANDLE bookmark;
-  ULONG      count;
+  ULONG count;
 };
-struct WinevtQuery {
+#define QUERY_ARRAY_SIZE 10
+struct WinevtQuery
+{
   EVT_HANDLE query;
-  EVT_HANDLE event;
-  ULONG      count;
-  LONG       offset;
-  LONG       timeout;
+  EVT_HANDLE hEvents[QUERY_ARRAY_SIZE];
+  ULONG count;
+  LONG offset;
+  LONG timeout;
+  BOOL renderAsXML;
 };
-struct WinevtSubscribe {
-  HANDLE     signalEvent;
+#define SUBSCRIBE_ARRAY_SIZE 10
+#define SUBSCRIBE_RATE_INFINITE -1
+struct WinevtSubscribe
+{
+  HANDLE signalEvent;
   EVT_HANDLE subscription;
   EVT_HANDLE bookmark;
-  EVT_HANDLE event;
-  DWORD      flags;
-  BOOL       tailing;
+  EVT_HANDLE hEvents[SUBSCRIBE_ARRAY_SIZE];
+  DWORD count;
+  DWORD flags;
+  BOOL tailing;
+  DWORD rateLimit;
+  time_t lastTime;
+  DWORD currentRate;
+  BOOL renderAsXML;
 };
 void Init_winevt_query(VALUE rb_cEventLog);

data/ext/winevt/winevt_channel.c CHANGED Viewed

@@ -1,18 +1,21 @@
 #include <winevt_c.h>
-static void channel_free(void *ptr);
-static const rb_data_type_t rb_winevt_channel_type = {
-  "winevt/channel", {
-    0, channel_free, 0,
-  }, NULL, NULL,
-  RUBY_TYPED_FREE_IMMEDIATELY
-};
+static void channel_free(void* ptr);
+static const rb_data_type_t rb_winevt_channel_type = { "winevt/channel",
+                                                       {
+                                                         0,
+                                                         channel_free,
+                                                         0,
+                                                       },
+                                                       NULL,
+                                                       NULL,
+                                                       RUBY_TYPED_FREE_IMMEDIATELY };
 static void
-channel_free(void *ptr)
+channel_free(void* ptr)
 {
-  struct WinevtChannel *winevtChannel = (struct WinevtChannel *)ptr;
+  struct WinevtChannel* winevtChannel = (struct WinevtChannel*)ptr;
   if (winevtChannel->channels)
     EvtClose(winevtChannel->channels);
@@ -23,11 +26,9 @@ static VALUE
 rb_winevt_channel_alloc(VALUE klass)
 {
   VALUE obj;
-  struct WinevtChannel *winevtChannel;
-  obj = TypedData_Make_Struct(klass,
-                              struct WinevtChannel,
-                              &rb_winevt_channel_type,
-                              winevtChannel);
+  struct WinevtChannel* winevtChannel;
+  obj = TypedData_Make_Struct(
+    klass, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
   return obj;
 }
@@ -41,10 +42,9 @@ static VALUE
 rb_winevt_channel_each(VALUE self)
 {
   EVT_HANDLE hChannels;
-  struct WinevtChannel *winevtChannel;
+  struct WinevtChannel* winevtChannel;
   char errBuf[256];
   LPWSTR buffer = NULL;
-  LPWSTR temp = NULL;
   DWORD bufferSize = 0;
   DWORD bufferUsed = 0;
   DWORD status = ERROR_SUCCESS;
@@ -52,14 +52,19 @@ rb_winevt_channel_each(VALUE self)
   RETURN_ENUMERATOR(self, 0, 0);
-  TypedData_Get_Struct(self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
   hChannels = EvtOpenChannelEnum(NULL, 0);
   if (hChannels) {
     winevtChannel->channels = hChannels;
   } else {
-    _snprintf_s(errBuf, 256, _TRUNCATE, "Failed to enumerate channels with %s\n", GetLastError());
+    _snprintf_s(errBuf,
+                _countof(errBuf),
+                _TRUNCATE,
+                "Failed to enumerate channels with %lu\n",
+                GetLastError());
     rb_raise(rb_eRuntimeError, errBuf);
   }
@@ -71,40 +76,49 @@ rb_winevt_channel_each(VALUE self)
         break;
       } else if (ERROR_INSUFFICIENT_BUFFER == status) {
         bufferSize = bufferUsed;
-        temp = (LPWSTR)malloc(bufferSize * sizeof(WCHAR));
-        if (temp) {
-          buffer = temp;
-          temp = NULL;
+        buffer = (LPWSTR)malloc(bufferSize * sizeof(WCHAR));
+        if (buffer) {
           continue;
         } else {
           free(buffer);
           EvtClose(winevtChannel->channels);
-          status = ERROR_OUTOFMEMORY;
+          winevtChannel->channels = NULL;
           rb_raise(rb_eRuntimeError, "realloc failed");
         }
       } else {
         free(buffer);
         EvtClose(winevtChannel->channels);
-        _snprintf_s(errBuf, 256, _TRUNCATE, "EvtNextChannelPath failed with %lu.\n", status);
+        winevtChannel->channels = NULL;
+        _snprintf_s(errBuf,
+                    _countof(errBuf),
+                    _TRUNCATE,
+                    "EvtNextChannelPath failed with %lu.\n",
+                    status);
         rb_raise(rb_eRuntimeError, errBuf);
       }
     }
     utf8str = wstr_to_rb_str(CP_UTF8, buffer, -1);
+    free(buffer);
+    buffer = NULL;
+    bufferSize = 0;
     rb_yield(utf8str);
   }
-  if (winevtChannel->channels)
+  if (winevtChannel->channels) {
     EvtClose(winevtChannel->channels);
+    winevtChannel->channels = NULL;
+  }
-  if (buffer)
-    free(buffer);
+  free(buffer);
   return Qnil;
 }
-void Init_winevt_channel(VALUE rb_cEventLog)
+void
+Init_winevt_channel(VALUE rb_cEventLog)
 {
   rb_cChannel = rb_define_class_under(rb_cEventLog, "Channel", rb_cObject);
   rb_define_alloc_func(rb_cChannel, rb_winevt_channel_alloc);