Allow artifacts help to be paged.

.gitignore

@@ -7,4 +7,5 @@ emacs.desktop
 /debian/velociraptor.debhelper.log
 *.debhelper
 ab0x.go
-output/
+output/
+.velociraptor_history.json

.wwhrd.yml

@@ -0,0 +1,10 @@
+---
+blacklist:
+  - GPL-2.0
+
+whitelist:
+  - Apache-2.0
+  - MIT
+  - NewBSD
+  - FreeBSD
+  - ISC

api/clients.go

@@ -120,11 +120,10 @@ func LabelClients(
 	case "check":
 		index_func = db.CheckIndex
 	case "set":
-		index_func = db.SetIndex
-
+		// default.
 	default:
 		return nil, errors.New(
-			"Unknown label operation. Must be set, check or remove")
+			"unknown label operation. Must be set, check or remove")
 	}
 
 	for _, label := range in.Labels {

bin/colors.go

@@ -1,3 +1,20 @@
+/*
+   Velociraptor - Hunting Evil
+   Copyright (C) 2019 Velocidex Innovations.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
 package main
 
 import (
@@ -69,7 +86,7 @@ func (self Messager) Markup(mu string) {
 
 	// Print the end bit if we need to.
 	if len(mu) > end {
-		fmt.Print(mu[end:len(mu)])
+		fmt.Print(mu[end:])
 	}
 }
 

bin/console.go

@@ -109,7 +109,7 @@ func executeSET(
 
 	set_re := regexp.MustCompile(`(?i)^\s*SET\s*([^\s]+)\s*=\s*(.+)`)
 	matches := set_re.FindStringSubmatch(t)
-	if matches != nil && len(matches) > 1 {
+	if len(matches) > 1 {
 		ConsoleLog.Info("Setting %v to %v\n", matches[1], matches[2])
 		scope.AppendVars(vfilter.NewDict().Set(matches[1], matches[2]))
 	}
@@ -140,7 +140,21 @@ func executeHelp(
 			if !pres {
 				ConsoleLog.Error("Unknown artifact %s\n", name)
 			} else {
+				pager, err := GetPager(scope)
+				if err != nil {
+					ConsoleLog.Error("Cant execute pager: %v\n", err)
+					return
+				}
+
+				if pager != nil {
+					defer pager.Close()
+
+					pager.Writer.Write([]byte(artifact.Raw + "\n"))
+					return
+				}
+
 				ConsoleLog.Markup(markupArtifact(artifact.Raw))
+				return
 			}
 
 		} else {
@@ -199,7 +213,7 @@ func renderArgs(type_desc *vfilter.TypeDescription) {
 
 		doc := ""
 		matches := re.FindStringSubmatch(desc.Tag)
-		if matches != nil && len(matches) > 0 {
+		if len(matches) > 0 {
 			doc = matches[1]
 		}
 
@@ -233,14 +247,15 @@ func executeVQL(
 	}
 
 	var out io.WriteCloser = os.Stdout
-	env_pager, pres := scope.Resolve("PAGER")
-	if pres {
-		pager_cmd, _ := env_pager.(string)
-		pager, err := NewPager(pager_cmd)
-		if err == nil {
-			defer pager.Close()
-			out = pager.Writer
-		}
+	pager, err := GetPager(scope)
+	if err != nil {
+		ConsoleLog.Error("Cant execute pager: %v\n", err)
+		return
+	}
+
+	if pager != nil {
+		out = pager.Writer
+		defer pager.Close()
 	}
 
 	switch format {
@@ -460,7 +475,7 @@ func completeLET(
 		}
 	} else if len(args) > 4 && strings.ToUpper(args[3]) == "SELECT" {
 		return completeSELECT(config_obj,
-			scope, args[3:len(args)], current_word)
+			scope, args[3:], current_word)
 	}
 
 	sort.Slice(columns, func(i, j int) bool {

bin/pager.go

@@ -1,3 +1,20 @@
+/*
+   Velociraptor - Hunting Evil
+   Copyright (C) 2019 Velocidex Innovations.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU Affero General Public License as published
+   by the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
 package main
 
 import (
@@ -7,6 +24,7 @@ import (
 	"sync"
 
 	"github.com/google/shlex"
+	vfilter "www.velocidex.com/golang/vfilter"
 )
 
 type Pager struct {
@@ -29,28 +47,33 @@ func NewPager(command string) (*Pager, error) {
 	self.Reader = r
 
 	argv, err := shlex.Split(command)
-	if err != nil {
+	if err != nil || len(argv) == 0 {
 		return nil, err
 	}
 
 	argv_args := []string{}
 	if len(argv) > 1 {
-		argv_args = argv[1:len(argv)]
+		argv_args = argv[1:]
 	}
 	self.pager = exec.Command(argv[0], argv_args...)
 	self.pager.Stdin = r
 	self.pager.Stdout = os.Stdout
 	self.pager.Stderr = os.Stderr
 	self.wg = &sync.WaitGroup{}
 
+	err = self.pager.Start()
+	if err != nil {
+		return nil, err
+	}
+
 	self.wg.Add(1)
 
 	// Run the pager
 	go func() {
 		defer self.Close()
 		defer self.wg.Done()
 
-		err := self.pager.Run()
+		err := self.pager.Wait()
 		if err != nil {
 			ConsoleLog.Error("Error launching pager: %v\n", err)
 		}
@@ -65,3 +88,17 @@ func (self *Pager) Close() {
 
 	self.wg.Wait()
 }
+
+func GetPager(scope *vfilter.Scope) (*Pager, error) {
+	env_pager, pager_pres := scope.Resolve("PAGER")
+	if pager_pres {
+		pager_cmd, _ := env_pager.(string)
+		pager, err := NewPager(pager_cmd)
+		if err == nil {
+			return pager, nil
+		} else {
+			return nil, err
+		}
+	}
+	return nil, nil
+}

staticcheck.conf

@@ -3,4 +3,10 @@ checks = ["all",
          "-ST1003",
          # at least one file in a package should have a package comment
          "-ST1000",
+
+         # should use fmt.Errorf(...) instead of errors.New(fmt.Sprintf(...))
+         "-S1028",
+
+         # the surrounding loop is unconditionally terminated
+         "-SA4004",
          ]