Add binary_path option to osquery connection schema

The osquery Python SDK's SpawnInstance() hardcodes /usr/bin/osqueryd,
so portable installs (e.g. ~/.local/bin/osqueryd) fail to connect.
Accept a binary_path option and pass it through to SpawnInstance(path=...)
when set; the field is surfaced in the connection schema for spawn mode.

Author: Maxteabag

sqlit/domains/connections/providers/osquery/adapter.py

@@ -131,8 +131,14 @@ def connect(self, config: ConnectionConfig) -> OsqueryConnection:
             instance.open()
             return OsqueryConnection(instance, is_spawned=False)
         else:
-            # Spawn embedded instance
-            instance = osquery_module.SpawnInstance()
+            # Spawn embedded instance. Accept an optional `binary_path` config
+            # option so users can point at a portable osqueryd (e.g. installed
+            # in ~/.local/bin) rather than the SDK's hardcoded /usr/bin/osqueryd.
+            binary_path = config.get_option("binary_path")
+            if binary_path:
+                instance = osquery_module.SpawnInstance(path=str(binary_path))
+            else:
+                instance = osquery_module.SpawnInstance()
             instance.open()
             return OsqueryConnection(instance, is_spawned=True)
 

sqlit/domains/connections/providers/osquery/schema.py

@@ -12,6 +12,10 @@ def _connection_mode_is_socket(v: dict) -> bool:
     return v.get("connection_mode") == "socket"
 
 
+def _connection_mode_is_spawn(v: dict) -> bool:
+    return v.get("connection_mode", "spawn") == "spawn"
+
+
 SCHEMA = ConnectionSchema(
     db_type="osquery",
     display_name="osquery",
@@ -34,6 +38,14 @@ def _connection_mode_is_socket(v: dict) -> bool:
             visible_when=_connection_mode_is_socket,
             description="Path to osqueryd extension socket",
         ),
+        SchemaField(
+            name="binary_path",
+            label="osqueryd Binary Path",
+            placeholder="/usr/bin/osqueryd",
+            required=False,
+            visible_when=_connection_mode_is_spawn,
+            description="Path to osqueryd binary. Leave blank for the platform default.",
+        ),
     ),
     supports_ssh=False,
     is_file_based=False,