Mark timed out exports in the GUI (Velocidex#3315)

This makes it clear when the export has timed out. Also includes some bugfixes. Fixes: Velocidex#3313 Velocidex#3277 Velocidex#3267 Velocidex#3275
bvhuntcontent · Feb 29, 2024 · 29c797f · 29c797f
1 parent 95c1e07
commit 29c797f
Show file tree

Hide file tree

Showing 38 changed files with 472 additions and 215 deletions.
diff --git a/accessors/process/process_address_space_darwin_nocgo.go b/accessors/process/process_address_space_darwin_nocgo.go
@@ -0,0 +1,19 @@
+//go:build darwin && !cgo
+// +build darwin,!cgo
+
+package process
+
+import (
+	"errors"
+
+	"www.velocidex.com/golang/velociraptor/accessors"
+)
+
+var (
+	notSupportedError = errors.New("ProcessAccessor: This binary is not build with cgo support. Process access not enabled.")
+)
+
+func (self *ProcessAccessor) OpenWithOSPath(
+	path *accessors.OSPath) (accessors.ReadSeekCloser, error) {
+	return nil, notSupportedError
+}
diff --git a/api/hunts.go b/api/hunts.go
@@ -407,7 +407,8 @@ func (self *ApiServer) GetHunt(
 
 	result, pres := hunt_dispatcher.GetHunt(ctx, in.HuntId)
 	if !pres {
-		return nil, InvalidStatus("Hunt not found")
+		return nil, Status(self.verbose,
+			fmt.Errorf("%w: %v", services.HuntNotFoundError, in.HuntId))
 	}
 
 	return result, nil

diff --git a/api/proto/flows.pb.go b/api/proto/flows.pb.go
diff --git a/api/proto/flows.proto b/api/proto/flows.proto
@@ -34,13 +34,15 @@ message ContainerStats {
     repeated string components = 7;
 
     string type = 10;
+
+    string error = 11;
 }
 
 message AvailableDownloadFile {
     string name = 1;
     string path = 5;
 
-    // Deprecated thiese are now stored in the stats.
+    // Deprecated things are now stored in the stats.
     string type = 6;
     bool complete = 2;
     uint64 size = 3;

diff --git a/artifacts/definitions/Linux/Detection/Yara/Process.yaml b/artifacts/definitions/Linux/Detection/Yara/Process.yaml
@@ -17,6 +17,9 @@ description: |
   Note: the Yara scan will stop after one hit. Multi-string rules will also only
   show one string in returned rows.
 
+aliases:
+- MacOS.Detection.Yara.Process
+
 type: CLIENT
 parameters:
   - name: ProcessRegex
@@ -56,7 +59,7 @@ parameters:
 
 sources:
   - precondition:
-      SELECT OS From info() where OS = 'linux'
+      SELECT OS From info() where OS = 'linux' OR OS = 'darwin'
 
     query: |
       -- check which Yara to use

diff --git a/artifacts/testdata/server/testcases/users.out.yaml b/artifacts/testdata/server/testcases/users.out.yaml
@@ -167,7 +167,7 @@ SELECT whoami() FROM scope()[
  }
 ]SELECT * FROM test_read_logs() WHERE Log =~ "User not found" AND NOT Log =~ "SELECT"[
  {
-  "Log": "Velociraptor: user_grant: User not found\n"
+  "Log": "Velociraptor: user_grant: User not found: TestUserNotThere\n"
  }
 ]SELECT *, name+org_id AS Key FROM gui_users(all_orgs=TRUE) WHERE name =~ "TestUserNotThere" ORDER BY Key[]SELECT user_create( user="VelociraptorServer", password="hunter2", roles=["investigator"]) FROM scope()[
  {

diff --git a/config/proto/config.pb.go b/config/proto/config.pb.go
diff --git a/datastore/filebased.go b/datastore/filebased.go
@@ -73,8 +73,9 @@ type FileBaseDataStore struct {
 	err error
 }
 
-/* Gets a protobuf encoded struct from the data store.  Objects are
-   addressed by the urn (URNs are typically managed by a path manager)
+/*
+Gets a protobuf encoded struct from the data store.  Objects are
+addressed by the urn (URNs are typically managed by a path manager)
 */
 func (self *FileBaseDataStore) GetSubject(
 	config_obj *config_proto.Config,

diff --git a/datastore/utils.go b/datastore/utils.go
@@ -137,3 +137,28 @@ func GetImplementationName(
 
 	return config_obj.Datastore.Implementation, nil
 }
+
+type Flusher interface {
+	Flush()
+}
+
+func FlushDatastore(config_obj *config_proto.Config) error {
+	var wg sync.WaitGroup
+	defer wg.Wait()
+
+	db, err := GetDB(config_obj)
+	if err != nil {
+		return err
+	}
+
+	flusher, ok := db.(Flusher)
+	if ok {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			flusher.Flush()
+		}()
+	}
+
+	return nil
+}
diff --git a/file_store/utils.go b/file_store/utils.go
@@ -0,0 +1,31 @@
+package file_store
+
+import (
+	"sync"
+
+	config_proto "www.velocidex.com/golang/velociraptor/config/proto"
+	"www.velocidex.com/golang/velociraptor/file_store/api"
+)
+
+// Flush all the filestores if needed. Not all filestore
+// implementations need to be flushed, so this function will retun
+// immediately if not required. If the filestore does need to be
+// flushed this operation may be expensive so it should only be done
+// when it is important to have data immediately visible.
+func FlushFilestore(config_obj *config_proto.Config) error {
+	var wg sync.WaitGroup
+	defer wg.Wait()
+
+	file_store_factory := GetFileStore(config_obj)
+	flusher, ok := file_store_factory.(api.Flusher)
+
+	if ok {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			flusher.Flush()
+		}()
+	}
+
+	return nil
+}
diff --git a/gui/velociraptor/src/components/flows/client-flows-view.jsx b/gui/velociraptor/src/components/flows/client-flows-view.jsx
@@ -30,7 +30,7 @@ class ClientFlowsView extends React.Component {
         let flow_id = this.props.match && this.props.match.params &&
             this.props.match.params.flow_id;
 
-        if(flow_id) {
+        if(flow_id && flow_id !== "new") {
             let client_id = this.props.match && this.props.match.params &&
                 this.props.match.params.client_id;
 

diff --git a/gui/velociraptor/src/components/flows/flow-overview.jsx b/gui/velociraptor/src/components/flows/flow-overview.jsx
@@ -75,7 +75,7 @@ export default class FlowOverview extends React.Component {
         let flow_id = this.props.flow.session_id;
         let client_id = this.props.flow.client_id;
 
-        if (_.isUndefined(flow_id) || _.isUndefined(client_id)) {
+        if (_.isUndefined(flow_id) || _.isUndefined(client_id) || flow_id === 'new') {
             return;
         }