forked from Velocidex/velociraptor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathartifacts.go
85 lines (76 loc) · 2.3 KB
/
artifacts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package server
import (
"io"
"io/ioutil"
"os"
"strings"
errors "github.com/pkg/errors"
"www.velocidex.com/golang/velociraptor/artifacts"
config_proto "www.velocidex.com/golang/velociraptor/config/proto"
"www.velocidex.com/golang/velociraptor/constants"
"www.velocidex.com/golang/velociraptor/file_store"
"www.velocidex.com/golang/velociraptor/logging"
)
// Loads the global repository with artifacts from the frontend path
// and the file store.
func GetGlobalRepository(config_obj *config_proto.Config) (*artifacts.Repository, error) {
global_repository, err := artifacts.GetGlobalRepository(config_obj)
if err != nil {
return nil, err
}
logger := logging.GetLogger(config_obj, &logging.FrontendComponent)
if config_obj.Frontend.ArtifactsPath != "" {
count, err := global_repository.LoadDirectory(
config_obj.Frontend.ArtifactsPath)
switch errors.Cause(err).(type) {
// PathError is not fatal - it means we just
// cant load the directory.
case *os.PathError:
logger.Info("Unable to load artifacts from directory "+
"%s (skipping): %v",
config_obj.Frontend.ArtifactsPath, err)
case nil:
break
default:
// Other errors are fatal - they mean we cant
// parse the artifacts themselves.
return nil, err
}
logger.Info("Loaded %d artifacts from %s",
*count, config_obj.Frontend.ArtifactsPath)
}
// Load artifacts from the custom file store.
file_store_factory := file_store.GetFileStore(config_obj)
err = file_store_factory.Walk(constants.ARTIFACT_DEFINITION_PREFIX,
func(path string, info os.FileInfo, err error) error {
if err == nil && (strings.HasSuffix(path, ".yaml") ||
strings.HasSuffix(path, ".yml")) {
fd, err := file_store_factory.ReadFile(path)
if err != nil {
logger.Error(err)
return nil
}
defer fd.Close()
data, err := ioutil.ReadAll(
io.LimitReader(fd, constants.MAX_MEMORY))
if err != nil {
logger.Error(err)
return nil
}
artifact_obj, err := global_repository.LoadYaml(
string(data), false /* validate */)
if err != nil {
logger.Info("Unable to load custom "+
"artifact %s: %v", path, err)
return nil
}
artifact_obj.Raw = string(data)
logger.Info("Loaded %s", path)
}
return nil
})
if err != nil {
return nil, err
}
return global_repository, nil
}