From 41bcea5d2ddefa4f05ee294f9784b442e837d5bd Mon Sep 17 00:00:00 2001 From: Michael Cohen Date: Sun, 2 Jun 2019 14:18:45 +0000 Subject: [PATCH] Created a new GUI for Artifact View. User dashboards are now time limited to last 1 day, 2 days and 1 week. --- api/api.go | 19 +- api/artifacts.go | 173 +++++-------- api/download.go | 36 +-- api/oauth.go | 35 ++- api/proto/artifacts.pb.go | 224 +++++++++-------- api/proto/artifacts.proto | 26 +- api/reports.go | 27 +- api/vfs.go | 14 -- artifacts/artifacts.go | 11 +- artifacts/definitions/Demo/Plugins/Fifo.yaml | 12 +- .../Generic/Applications/Office/Keywords.yaml | 9 +- .../Generic/Forensic/Carving/URLs.yaml | 33 +++ .../Network/ExternalIpAddress.yaml | 3 +- .../Analysis/Triage/PowershellConsole.yaml | 14 +- .../Server/Internal/ArtifactDescription.yaml | 36 +++ .../definitions/Server/Monitor/Health.yaml | 18 +- .../Server/Monitor/VeloMetrics.yaml | 6 +- .../definitions/Triage/Collection/Upload.yaml | 6 +- .../Windows/Detection/ProcessMemory.yaml | 9 +- .../Windows/Detection/PsexecService.yaml | 9 +- .../Windows/Detection/Thumbdrives/List.yaml | 34 ++- .../Detection/Thumbdrives/OfficeKeywords.yaml | 19 +- .../Detection/Thumbdrives/OfficeMacros.yaml | 17 +- .../Windows/Detection/WMIProcessCreation.yaml | 3 +- .../definitions/Windows/EventLogs/DHCP.yaml | 6 +- .../Events/FailedLogBeforeSuccess.yaml | 3 +- .../definitions/Windows/Forensics/Bam.yaml | 6 +- .../Windows/Packs/Persistence.yaml | 8 +- .../Windows/Persistence/Debug.yaml | 6 +- .../Persistence/PermanentWMIEvents.yaml | 18 +- .../definitions/Windows/Registry/NTUser.yaml | 38 +++ .../Registry/Sysinternals/Eulacheck.yaml | 3 +- .../Windows/Search/FileFinder.yaml | 9 +- .../definitions/Windows/Sys/StartupItems.yaml | 3 +- artifacts/definitions/Windows/Sys/Users.yaml | 3 +- .../definitions/Windows/System/Pslist.yaml | 3 +- .../Windows/Triage/Collectors/Amcache.yaml | 2 - .../Windows/Triage/Collectors/BCD.yaml | 5 +- .../Windows/Triage/Collectors/Chrome.yaml | 5 +- .../Windows/Triage/Collectors/Edge.yaml | 5 +- .../Windows/Triage/Collectors/EventLogs.yaml | 5 +- .../Triage/Collectors/EventTraceLogs.yaml | 5 +- .../Collectors/EvidenceOfExecution.yaml | 8 +- .../Windows/Triage/Collectors/Firefox.yaml | 5 +- .../Triage/Collectors/InternetExplorer.yaml | 5 +- .../Windows/Triage/Collectors/Jabber.yaml | 5 +- .../Windows/Triage/Collectors/LnkFiles.yaml | 3 +- .../Triage/Collectors/NTFSMetadata.yaml | 3 +- .../Windows/Triage/Collectors/OutlookPST.yaml | 5 +- .../Collectors/PowershellConsoleLogs.yaml | 5 +- .../Windows/Triage/Collectors/RecycleBin.yaml | 4 +- .../Triage/Collectors/RegistryHives.yaml | 5 +- .../Windows/Triage/Collectors/SRUM.yaml | 5 +- .../Triage/Collectors/ScheduledTasks.yaml | 5 +- .../Windows/Triage/Collectors/Skype.yaml | 5 +- .../Triage/Collectors/StartupInfo.yaml | 5 +- .../Windows/Triage/Collectors/TeraCopy.yaml | 5 +- .../Windows/Triage/Collectors/ThumbDB.yaml | 5 +- .../Triage/Collectors/USBDeviceLogs.yaml | 5 +- .../Windows/Triage/Collectors/WBEM.yaml | 5 +- .../Triage/Collectors/WindowsFirewall.yaml | 5 +- .../Triage/Collectors/WindowsIndex.yaml | 5 +- .../Windows/Triage/ProcessMemory.yaml | 6 +- .../Windows/Triage/WebBrowsers.yaml | 5 +- artifacts/proto/artifact.pb.go | 235 +++++++++--------- artifacts/proto/artifact.proto | 2 + bin/report.go | 10 +- constants/constants.go | 3 +- gui/static/Gulpfile.js | 1 + .../artifact/add_artifact.html | 2 +- .../artifact/add_client_monitoring.html | 2 +- .../artifact/add_server_monitoring.html | 2 +- .../artifact/artifact-viewer-directive.js | 145 +++++++++++ .../artifact/artifact-viewer.html | 91 +++++++ .../angular-components/artifact/artifact.js | 22 +- .../artifact/artifacts-list-form-directive.js | 227 ----------------- .../artifact/artifacts-list-form.html | 122 --------- .../artifact/artifacts-list-form.scss | 5 - .../artifacts-parameters-form-directive.js | 57 ----- .../artifact/artifacts-params-form.html | 30 --- .../artifact/client-event.html | 27 +- .../artifact/del_artifact.html | 16 ++ .../artifact/server-artifact.html | 17 +- .../file-download-view-directive.js | 194 --------------- .../file-download-view.html | 23 -- .../virtual-file-system.js | 3 - .../angular-components/config/config.js | 4 - .../config/server-files-directive.js | 102 -------- .../config/server-files.html | 30 --- .../flow/new_artifact_collection-directive.js | 2 +- .../flow/new_artifact_collection.html | 2 + .../forms/semantic-value-form.html | 6 - .../hunt/hunt-inspector.html | 7 + .../hunt/hunt-report-directive.js | 62 +++++ .../angular-components/hunt/hunt-report.html | 11 + gui/static/angular-components/hunt/hunt.js | 3 + .../hunt/new-hunt-wizard/form.html | 2 + .../angular-components/routing/routing.js | 15 +- .../angular-components/sidebar/navigator.html | 4 +- .../user/user-dashboard-directive.js | 32 ++- .../user/user-dashboard.html | 29 +++ .../user-desktop-notifications-directive.js | 1 + gui/static/css/base.scss | 36 ++- gui/static/images/update_table.svg | 1 + reporting/gui.go | 8 +- reporting/report.go | 48 +++- reporting/text_expander.go | 5 +- server/comms.go | 47 ++-- vql/server/labels.go | 1 + vql/server/monitoring.go | 2 +- 110 files changed, 1238 insertions(+), 1493 deletions(-) create mode 100644 artifacts/definitions/Generic/Forensic/Carving/URLs.yaml create mode 100644 artifacts/definitions/Server/Internal/ArtifactDescription.yaml create mode 100644 artifacts/definitions/Windows/Registry/NTUser.yaml create mode 100644 gui/static/angular-components/artifact/artifact-viewer-directive.js create mode 100644 gui/static/angular-components/artifact/artifact-viewer.html delete mode 100644 gui/static/angular-components/artifact/artifacts-list-form-directive.js delete mode 100644 gui/static/angular-components/artifact/artifacts-list-form.html delete mode 100644 gui/static/angular-components/artifact/artifacts-list-form.scss delete mode 100644 gui/static/angular-components/artifact/artifacts-parameters-form-directive.js delete mode 100644 gui/static/angular-components/artifact/artifacts-params-form.html create mode 100644 gui/static/angular-components/artifact/del_artifact.html delete mode 100644 gui/static/angular-components/client/virtual-file-system/file-download-view-directive.js delete mode 100644 gui/static/angular-components/client/virtual-file-system/file-download-view.html delete mode 100644 gui/static/angular-components/config/server-files-directive.js delete mode 100644 gui/static/angular-components/config/server-files.html create mode 100644 gui/static/angular-components/hunt/hunt-report-directive.js create mode 100644 gui/static/angular-components/hunt/hunt-report.html create mode 100644 gui/static/images/update_table.svg diff --git a/api/api.go b/api/api.go index 88243c28ff3..20ed79b6a1f 100644 --- a/api/api.go +++ b/api/api.go @@ -524,7 +524,7 @@ func (self *ApiServer) GetArtifactFile( in *api_proto.GetArtifactRequest) ( *api_proto.GetArtifactResponse, error) { - artifact, err := getArtifactFile(self.config, in.VfsPath) + artifact, err := getArtifactFile(self.config, in.Name) if err != nil { return nil, err } @@ -553,20 +553,21 @@ func (self *ApiServer) SetArtifactFile( } } - logging.GetLogger(self.config, &logging.Audit). - WithFields(logrus.Fields{ - "user": user_name, - "artifact_file": in.VfsPath, - "details": fmt.Sprintf("%v", in.Artifact), - }).Info("SetArtifactFile") - - err := setArtifactFile(self.config, in.Artifact) + definition, err := setArtifactFile(self.config, in) if err != nil { return &api_proto.APIResponse{ Error: true, ErrorMessage: fmt.Sprintf("%v", err), }, nil } + + logging.GetLogger(self.config, &logging.Audit). + WithFields(logrus.Fields{ + "user": user_name, + "artifact": definition.Name, + "details": fmt.Sprintf("%v", in.Artifact), + }).Info("SetArtifactFile") + return &api_proto.APIResponse{}, nil } diff --git a/api/artifacts.go b/api/artifacts.go index 04f54c0985d..5346cdee45a 100644 --- a/api/artifacts.go +++ b/api/artifacts.go @@ -18,24 +18,21 @@ package api import ( - "encoding/json" + "errors" "path" "regexp" - "sort" "strings" context "golang.org/x/net/context" - actions_proto "www.velocidex.com/golang/velociraptor/actions/proto" api_proto "www.velocidex.com/golang/velociraptor/api/proto" "www.velocidex.com/golang/velociraptor/artifacts" artifacts_proto "www.velocidex.com/golang/velociraptor/artifacts/proto" "www.velocidex.com/golang/velociraptor/constants" file_store "www.velocidex.com/golang/velociraptor/file_store" - "www.velocidex.com/golang/velociraptor/utils" ) const ( - default_artifact = `name: Artifact.Name.In.Category + default_artifact = `name: Custom.Artifact.Name description: | This is the human readable description of the artifact. @@ -51,8 +48,7 @@ sources: SELECT OS From info() where OS = 'windows' queries: - - | - SELECT * FROM scope() + - SELECT * FROM scope() # Reports can be MONITORING_DAILY, CLIENT, SERVER_EVENT @@ -66,147 +62,94 @@ reports: func getArtifactFile( config_obj *api_proto.Config, - vfs_path string) (string, error) { + name string) (string, error) { - vfs_path = path.Clean(vfs_path) - if vfs_path == "" || !strings.HasSuffix(vfs_path, ".yaml") { - return default_artifact, nil + repository, err := artifacts.GetGlobalRepository(config_obj) + if err != nil { + return "", err } - fd, err := getFileForVFSPath(config_obj, "", vfs_path) - if err == nil { - defer fd.Close() + artifact, pres := repository.Get(name) + if !pres { + return default_artifact, nil + } - artifact := make([]byte, 1024*10) - n, err := fd.Read(artifact) - if err == nil { - return string(artifact[:n]), nil + // This is hacky but necessary since we can not reserialize + // the artifact - the yaml library is unable to properly round + // trip the raw yaml. + if !strings.HasPrefix(artifact.Name, "Custom.") { + regex, err := regexp.Compile( + "(?s)(?m)^name:\\s*" + artifact.Name + "$") + if err != nil { + return default_artifact, err } - return "", err + + result := regex.ReplaceAllString( + artifact.Raw, "name: Custom."+artifact.Name) + return result, nil } - return default_artifact, nil + return artifact.Raw, nil } -func setArtifactFile(config_obj *api_proto.Config, artifact string) error { +func setArtifactFile(config_obj *api_proto.Config, + in *api_proto.SetArtifactRequest) ( + *artifacts_proto.Artifact, error) { + // First ensure that the artifact is correct. tmp_repository := artifacts.NewRepository() - artifact_definition, err := tmp_repository.LoadYaml(artifact, true /* validate */) + artifact_definition, err := tmp_repository.LoadYaml( + in.Artifact, true /* validate */) if err != nil { - return err + return nil, err } - vfs_path := path.Join(constants.ARTIFACT_DEFINITION, - artifacts.NameToPath(artifact_definition.Name)) - - // Now write it into the filestore. - file_store_factory := file_store.GetFileStore(config_obj) - fd, err := file_store_factory.WriteFile(vfs_path) - if err != nil { - return err + if !strings.HasPrefix(artifact_definition.Name, "Custom.") { + return nil, errors.New( + "Modified or custom artifacts must start with 'Custom'") } - defer fd.Close() - - // We want to completely replace the content of the file. - fd.Truncate(0) - _, err = fd.Write([]byte(artifact)) - if err != nil { - return err - } + file_store_factory := file_store.GetFileStore(config_obj) + vfs_path := path.Join(constants.ARTIFACT_DEFINITION_PREFIX, + artifacts.NameToPath(artifact_definition.Name)) // Load the new artifact into the global repo so it is // immediately available. global_repository, err := artifacts.GetGlobalRepository(config_obj) - if err != nil { - return err - } - // Artifact is already valid - no need to revalidate it again. - _, err = global_repository.LoadYaml(artifact, false /* validate */) - return err -} - -func renderBuiltinArtifacts( - config_obj *api_proto.Config, - vfs_path string) (*actions_proto.VQLResponse, error) { - repository, err := artifacts.GetGlobalRepository(config_obj) if err != nil { return nil, err } - directories := []string{} - matching_artifacts := []*artifacts_proto.Artifact{} - artifact_path := path.Join("/", strings.TrimPrefix( - vfs_path, constants.BUILTIN_ARTIFACT_DEFINITION)) + switch in.Op { - // Make sure there is a trailing / so prefix match below - // matches full directory names. - if !strings.HasSuffix(artifact_path, "/") { - artifact_path += "/" - } + case api_proto.SetArtifactRequest_DELETE: + global_repository.Del(artifact_definition.Name) + err = file_store_factory.Delete(vfs_path) + return artifact_definition, err - for _, artifact_obj := range repository.Data { - artifact_obj_path := artifacts.NameToPath(artifact_obj.Name) - if !strings.HasPrefix(artifact_obj_path, artifact_path) { - continue + case api_proto.SetArtifactRequest_SET: + // Now write it into the filestore. + fd, err := file_store_factory.WriteFile(vfs_path) + if err != nil { + return nil, err } + defer fd.Close() - components := []string{} - for _, item := range strings.Split( - strings.TrimPrefix(artifact_obj_path, artifact_path), "/") { - if item != "" { - components = append(components, item) - } - } + // We want to completely replace the content of the file. + fd.Truncate(0) - if len(components) > 1 && !utils.InString(&directories, components[0]) { - directories = append(directories, components[0]) - } else if len(components) == 1 { - matching_artifacts = append(matching_artifacts, artifact_obj) + _, err = fd.Write([]byte(in.Artifact)) + if err != nil { + return nil, err } - } - - sort.Strings(directories) - - var rows []*FileInfoRow - for _, dirname := range directories { - rows = append(rows, &FileInfoRow{ - Name: dirname, - Mode: "dr-xr-xr-x", - }) - } - - for _, artifact_obj := range matching_artifacts { - artifact_obj_path := artifacts.NameToPath(artifact_obj.Name) - rows = append(rows, &FileInfoRow{ - Name: path.Base(artifact_obj_path), - Mode: "-r--r--r--", - Size: int64(len(artifact_obj.Raw)), - Download: &DownloadInfo{ - VfsPath: path.Join( - vfs_path, path.Base(artifact_obj_path)), - Size: int64(len(artifact_obj.Raw)), - }, - }) - } - encoded_rows, err := json.MarshalIndent(rows, "", " ") - if err != nil { - return nil, err + // Load the artifact into the currently running repository. + // Artifact is already valid - no need to revalidate it again. + _, err = global_repository.LoadYaml(in.Artifact, false /* validate */) + return artifact_definition, err } - return &actions_proto.VQLResponse{ - Columns: []string{ - "Download", "Name", "Size", "Mode", "Timestamp", - }, - Response: string(encoded_rows), - Types: []*actions_proto.VQLTypeMap{ - &actions_proto.VQLTypeMap{ - Column: "Download", - Type: "Download", - }, - }, - }, nil + return nil, errors.New("Unknown op") } func searchArtifact( diff --git a/api/download.go b/api/download.go index 46a9c40d2fc..b32b14a5f83 100644 --- a/api/download.go +++ b/api/download.go @@ -33,13 +33,10 @@ import ( errors "github.com/pkg/errors" "github.com/sirupsen/logrus" api_proto "www.velocidex.com/golang/velociraptor/api/proto" - "www.velocidex.com/golang/velociraptor/artifacts" - "www.velocidex.com/golang/velociraptor/constants" "www.velocidex.com/golang/velociraptor/file_store" "www.velocidex.com/golang/velociraptor/file_store/csv" "www.velocidex.com/golang/velociraptor/flows" "www.velocidex.com/golang/velociraptor/logging" - "www.velocidex.com/golang/velociraptor/utils" "www.velocidex.com/golang/vfilter" ) @@ -325,28 +322,6 @@ type vfsFileDownloadRequest struct { Encoding string `schema:"encoding"` } -func openBuiltInArtifact(config_obj *api_proto.Config, vfs_path string) ( - file_store.ReadSeekCloser, error) { - repository, err := artifacts.GetGlobalRepository(config_obj) - if err != nil { - return nil, err - } - - artifact_path := path.Join("/", strings.TrimPrefix( - vfs_path, constants.BUILTIN_ARTIFACT_DEFINITION)) - - for _, artifact_obj := range repository.Data { - artifact_obj_path := artifacts.NameToPath(artifact_obj.Name) - if artifact_obj_path == artifact_path { - return utils.DataReadSeekCloser{ - strings.NewReader(artifact_obj.Raw), - }, nil - } - } - - return nil, errors.New("not found") -} - func filestorePathForVFSPath( config_obj *api_proto.Config, client_id string, @@ -364,10 +339,7 @@ func filestorePathForVFSPath( // These VFS directories are mapped directly to the root of // the filestore regardless of the client id. - if strings.HasPrefix( - vfs_path, constants.ARTIFACT_DEFINITION) || - strings.HasPrefix(vfs_path, "/exported_files/") || - strings.HasPrefix(vfs_path, "/server_artifacts/") || + if strings.HasPrefix(vfs_path, "/server_artifacts/") || strings.HasPrefix(vfs_path, "/hunts/") { return vfs_path } @@ -385,12 +357,6 @@ func getFileForVFSPath( file_store.ReadSeekCloser, error) { vfs_path = path.Clean(vfs_path) - if strings.HasPrefix(vfs_path, - constants.BUILTIN_ARTIFACT_DEFINITION) { - return openBuiltInArtifact(config_obj, vfs_path) - - } - filestore_path := filestorePathForVFSPath(config_obj, client_id, vfs_path) return file_store.GetFileStore(config_obj).ReadFile(filestore_path) } diff --git a/api/oauth.go b/api/oauth.go index c0fee14bf22..8bb8d00267b 100644 --- a/api/oauth.go +++ b/api/oauth.go @@ -25,7 +25,6 @@ import ( "fmt" "io" "io/ioutil" - "log" "net/http" "time" @@ -63,13 +62,17 @@ func oauthGoogleLogin(config_obj *api_proto.Config) http.Handler { } // Create oauthState cookie - oauthState := generateStateOauthCookie(w) - u := googleOauthConfig.AuthCodeURL(oauthState) + oauthState, err := r.Cookie("oauthstate") + if err != nil { + oauthState = generateStateOauthCookie(w) + } + + u := googleOauthConfig.AuthCodeURL(oauthState.Value) http.Redirect(w, r, u, http.StatusTemporaryRedirect) }) } -func generateStateOauthCookie(w http.ResponseWriter) string { +func generateStateOauthCookie(w http.ResponseWriter) *http.Cookie { var expiration = time.Now().Add(365 * 24 * time.Hour) b := make([]byte, 16) @@ -78,7 +81,7 @@ func generateStateOauthCookie(w http.ResponseWriter) string { cookie := http.Cookie{Name: "oauthstate", Value: state, Expires: expiration} http.SetCookie(w, &cookie) - return state + return &cookie } func oauthGoogleCallback(config_obj *api_proto.Config) http.Handler { @@ -87,14 +90,18 @@ func oauthGoogleCallback(config_obj *api_proto.Config) http.Handler { oauthState, _ := r.Cookie("oauthstate") if r.FormValue("state") != oauthState.Value { - log.Println("invalid oauth google state") + logging.GetLogger(config_obj, &logging.GUIComponent). + Error("invalid oauth google state") http.Redirect(w, r, "/", http.StatusTemporaryRedirect) return } data, err := getUserDataFromGoogle(config_obj, r.FormValue("code")) if err != nil { - log.Println(err.Error()) + logging.GetLogger(config_obj, &logging.GUIComponent). + WithFields(logrus.Fields{ + "err": err, + }).Error("getUserDataFromGoogle") http.Redirect(w, r, "/", http.StatusTemporaryRedirect) return } @@ -102,7 +109,10 @@ func oauthGoogleCallback(config_obj *api_proto.Config) http.Handler { user_info := &api_proto.VelociraptorUser{} err = json.Unmarshal(data, &user_info) if err != nil { - log.Println(err.Error()) + logging.GetLogger(config_obj, &logging.GUIComponent). + WithFields(logrus.Fields{ + "err": err, + }).Error("getUserDataFromGoogle") http.Redirect(w, r, "/", http.StatusTemporaryRedirect) return } @@ -120,7 +130,10 @@ func oauthGoogleCallback(config_obj *api_proto.Config) http.Handler { tokenString, err := token.SignedString( []byte(config_obj.Frontend.PrivateKey)) if err != nil { - log.Println(err.Error()) + logging.GetLogger(config_obj, &logging.GUIComponent). + WithFields(logrus.Fields{ + "err": err, + }).Error("getUserDataFromGoogle") http.Redirect(w, r, "/", http.StatusTemporaryRedirect) return } @@ -229,6 +242,8 @@ func authenticateOAUTHCookie( user_record, err := users.GetUser(config_obj, username) if err != nil || user_record.Name != username { w.Header().Set("Content-Type", "text/html; charset=utf-8") + w.WriteHeader(http.StatusUnauthorized) + fmt.Fprintf(w, ` Authorization failed. You are not registered on this system as %v. @@ -240,7 +255,7 @@ to log in again: `, username) - http.Error(w, "", http.StatusUnauthorized) + logging.GetLogger(config_obj, &logging.Audit). WithFields(logrus.Fields{ "user": username, diff --git a/api/proto/artifacts.pb.go b/api/proto/artifacts.pb.go index 7faede718bf..fc9946e2f69 100644 --- a/api/proto/artifacts.pb.go +++ b/api/proto/artifacts.pb.go @@ -6,7 +6,8 @@ package proto import proto "github.com/golang/protobuf/proto" import fmt "fmt" import math "math" -import proto1 "www.velocidex.com/golang/velociraptor/actions/proto" +import _ "www.velocidex.com/golang/velociraptor/actions/proto" +import proto1 "www.velocidex.com/golang/velociraptor/artifacts/proto" import _ "www.velocidex.com/golang/velociraptor/proto" // Reference imports to suppress errors if they are not otherwise used. @@ -20,6 +21,29 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package +type SetArtifactRequest_Operation int32 + +const ( + SetArtifactRequest_SET SetArtifactRequest_Operation = 0 + SetArtifactRequest_DELETE SetArtifactRequest_Operation = 1 +) + +var SetArtifactRequest_Operation_name = map[int32]string{ + 0: "SET", + 1: "DELETE", +} +var SetArtifactRequest_Operation_value = map[string]int32{ + "SET": 0, + "DELETE": 1, +} + +func (x SetArtifactRequest_Operation) String() string { + return proto.EnumName(SetArtifactRequest_Operation_name, int32(x)) +} +func (SetArtifactRequest_Operation) EnumDescriptor() ([]byte, []int) { + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{3, 0} +} + type GetArtifactsRequest struct { // Deprecated IncludeEventArtifacts bool `protobuf:"varint,1,opt,name=include_event_artifacts,json=includeEventArtifacts,proto3" json:"include_event_artifacts,omitempty"` @@ -37,7 +61,7 @@ func (m *GetArtifactsRequest) Reset() { *m = GetArtifactsRequest{} } func (m *GetArtifactsRequest) String() string { return proto.CompactTextString(m) } func (*GetArtifactsRequest) ProtoMessage() {} func (*GetArtifactsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{0} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{0} } func (m *GetArtifactsRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_GetArtifactsRequest.Unmarshal(m, b) @@ -101,7 +125,10 @@ func (m *GetArtifactsRequest) GetNames() []string { type GetArtifactRequest struct { // Deprecated. - VfsPath string `protobuf:"bytes,1,opt,name=vfs_path,json=vfsPath,proto3" json:"vfs_path,omitempty"` + // string vfs_path = 1 [(sem_type) = { + // description: "The vfs path relative to the artifacts definition store." + // }]; + Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -111,7 +138,7 @@ func (m *GetArtifactRequest) Reset() { *m = GetArtifactRequest{} } func (m *GetArtifactRequest) String() string { return proto.CompactTextString(m) } func (*GetArtifactRequest) ProtoMessage() {} func (*GetArtifactRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{1} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{1} } func (m *GetArtifactRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_GetArtifactRequest.Unmarshal(m, b) @@ -131,9 +158,9 @@ func (m *GetArtifactRequest) XXX_DiscardUnknown() { var xxx_messageInfo_GetArtifactRequest proto.InternalMessageInfo -func (m *GetArtifactRequest) GetVfsPath() string { +func (m *GetArtifactRequest) GetName() string { if m != nil { - return m.VfsPath + return m.Name } return "" } @@ -149,7 +176,7 @@ func (m *GetArtifactResponse) Reset() { *m = GetArtifactResponse{} } func (m *GetArtifactResponse) String() string { return proto.CompactTextString(m) } func (*GetArtifactResponse) ProtoMessage() {} func (*GetArtifactResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{2} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{2} } func (m *GetArtifactResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_GetArtifactResponse.Unmarshal(m, b) @@ -177,18 +204,18 @@ func (m *GetArtifactResponse) GetArtifact() string { } type SetArtifactRequest struct { - VfsPath string `protobuf:"bytes,1,opt,name=vfs_path,json=vfsPath,proto3" json:"vfs_path,omitempty"` - Artifact string `protobuf:"bytes,2,opt,name=artifact,proto3" json:"artifact,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Artifact string `protobuf:"bytes,2,opt,name=artifact,proto3" json:"artifact,omitempty"` + Op SetArtifactRequest_Operation `protobuf:"varint,3,opt,name=op,proto3,enum=proto.SetArtifactRequest_Operation" json:"op,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *SetArtifactRequest) Reset() { *m = SetArtifactRequest{} } func (m *SetArtifactRequest) String() string { return proto.CompactTextString(m) } func (*SetArtifactRequest) ProtoMessage() {} func (*SetArtifactRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{3} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{3} } func (m *SetArtifactRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_SetArtifactRequest.Unmarshal(m, b) @@ -208,18 +235,18 @@ func (m *SetArtifactRequest) XXX_DiscardUnknown() { var xxx_messageInfo_SetArtifactRequest proto.InternalMessageInfo -func (m *SetArtifactRequest) GetVfsPath() string { +func (m *SetArtifactRequest) GetArtifact() string { if m != nil { - return m.VfsPath + return m.Artifact } return "" } -func (m *SetArtifactRequest) GetArtifact() string { +func (m *SetArtifactRequest) GetOp() SetArtifactRequest_Operation { if m != nil { - return m.Artifact + return m.Op } - return "" + return SetArtifactRequest_SET } type APIResponse struct { @@ -234,7 +261,7 @@ func (m *APIResponse) Reset() { *m = APIResponse{} } func (m *APIResponse) String() string { return proto.CompactTextString(m) } func (*APIResponse) ProtoMessage() {} func (*APIResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{4} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{4} } func (m *APIResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_APIResponse.Unmarshal(m, b) @@ -279,18 +306,18 @@ type GetReportRequest struct { StartTime uint64 `protobuf:"varint,8,opt,name=start_time,json=startTime,proto3" json:"start_time,omitempty"` EndTime uint64 `protobuf:"varint,9,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"` // Parameters for CLIENT - FlowId string `protobuf:"bytes,7,opt,name=flow_id,json=flowId,proto3" json:"flow_id,omitempty"` - Parameters []*proto1.VQLEnv `protobuf:"bytes,4,rep,name=parameters,proto3" json:"parameters,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + FlowId string `protobuf:"bytes,7,opt,name=flow_id,json=flowId,proto3" json:"flow_id,omitempty"` + Parameters []*proto1.ArtifactParameter `protobuf:"bytes,4,rep,name=parameters,proto3" json:"parameters,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *GetReportRequest) Reset() { *m = GetReportRequest{} } func (m *GetReportRequest) String() string { return proto.CompactTextString(m) } func (*GetReportRequest) ProtoMessage() {} func (*GetReportRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{5} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{5} } func (m *GetReportRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_GetReportRequest.Unmarshal(m, b) @@ -366,7 +393,7 @@ func (m *GetReportRequest) GetFlowId() string { return "" } -func (m *GetReportRequest) GetParameters() []*proto1.VQLEnv { +func (m *GetReportRequest) GetParameters() []*proto1.ArtifactParameter { if m != nil { return m.Parameters } @@ -390,7 +417,7 @@ func (m *GetReportResponse) Reset() { *m = GetReportResponse{} } func (m *GetReportResponse) String() string { return proto.CompactTextString(m) } func (*GetReportResponse) ProtoMessage() {} func (*GetReportResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{6} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{6} } func (m *GetReportResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_GetReportResponse.Unmarshal(m, b) @@ -442,7 +469,7 @@ func (m *ArtifactCompressionDict) Reset() { *m = ArtifactCompressionDict func (m *ArtifactCompressionDict) String() string { return proto.CompactTextString(m) } func (*ArtifactCompressionDict) ProtoMessage() {} func (*ArtifactCompressionDict) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{7} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{7} } func (m *ArtifactCompressionDict) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ArtifactCompressionDict.Unmarshal(m, b) @@ -473,7 +500,7 @@ func (m *ListAvailableEventResultsRequest) Reset() { *m = ListAvailableE func (m *ListAvailableEventResultsRequest) String() string { return proto.CompactTextString(m) } func (*ListAvailableEventResultsRequest) ProtoMessage() {} func (*ListAvailableEventResultsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{8} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{8} } func (m *ListAvailableEventResultsRequest) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ListAvailableEventResultsRequest.Unmarshal(m, b) @@ -512,7 +539,7 @@ func (m *AvailableEvent) Reset() { *m = AvailableEvent{} } func (m *AvailableEvent) String() string { return proto.CompactTextString(m) } func (*AvailableEvent) ProtoMessage() {} func (*AvailableEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{9} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{9} } func (m *AvailableEvent) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_AvailableEvent.Unmarshal(m, b) @@ -557,7 +584,7 @@ func (m *ListAvailableEventResultsResponse) Reset() { *m = ListAvailable func (m *ListAvailableEventResultsResponse) String() string { return proto.CompactTextString(m) } func (*ListAvailableEventResultsResponse) ProtoMessage() {} func (*ListAvailableEventResultsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_artifacts_473c0b5cbda7b8e2, []int{10} + return fileDescriptor_artifacts_e5dab1b49bc39116, []int{10} } func (m *ListAvailableEventResultsResponse) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ListAvailableEventResultsResponse.Unmarshal(m, b) @@ -596,70 +623,73 @@ func init() { proto.RegisterType((*ListAvailableEventResultsRequest)(nil), "proto.ListAvailableEventResultsRequest") proto.RegisterType((*AvailableEvent)(nil), "proto.AvailableEvent") proto.RegisterType((*ListAvailableEventResultsResponse)(nil), "proto.ListAvailableEventResultsResponse") -} - -func init() { proto.RegisterFile("artifacts.proto", fileDescriptor_artifacts_473c0b5cbda7b8e2) } - -var fileDescriptor_artifacts_473c0b5cbda7b8e2 = []byte{ - // 946 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xdd, 0x6e, 0xdc, 0x44, - 0x14, 0x96, 0xb3, 0xd9, 0xbf, 0x09, 0xa5, 0xed, 0xa0, 0x12, 0x37, 0x94, 0x32, 0x18, 0x04, 0x5b, - 0x84, 0xbc, 0xfc, 0x48, 0x50, 0x45, 0x80, 0xd8, 0x25, 0x21, 0x5a, 0x91, 0x26, 0xc5, 0x5d, 0x21, - 0xa1, 0x5e, 0x58, 0x13, 0xfb, 0x78, 0x77, 0x84, 0x3d, 0xe3, 0xcc, 0xcc, 0x7a, 0x9b, 0x6b, 0x6e, - 0x78, 0x10, 0x6e, 0xb9, 0xe6, 0x05, 0x78, 0x05, 0x5e, 0x00, 0x5e, 0x83, 0x0b, 0x34, 0x33, 0xf6, - 0xc6, 0x0b, 0x12, 0xaa, 0xb8, 0xe8, 0x55, 0x66, 0xcf, 0x77, 0xbe, 0x6f, 0x8e, 0xcf, 0xf9, 0xce, - 0x04, 0xdd, 0xa4, 0x52, 0xb3, 0x8c, 0x26, 0x5a, 0x85, 0xa5, 0x14, 0x5a, 0xe0, 0xae, 0xfd, 0x73, - 0x70, 0xb8, 0x5e, 0xaf, 0xc3, 0x0a, 0x72, 0x91, 0xb0, 0x14, 0x9e, 0x85, 0x89, 0x28, 0xc6, 0x0b, - 0x91, 0x53, 0xbe, 0x18, 0xbb, 0xa0, 0xa4, 0xa5, 0x16, 0x72, 0x6c, 0x93, 0xc7, 0x0a, 0x0a, 0xca, - 0x35, 0x4b, 0x9c, 0xc4, 0xc1, 0xe7, 0xcf, 0xc7, 0xa5, 0x89, 0x66, 0x82, 0xab, 0x5a, 0xa3, 0xba, - 0xcc, 0x1d, 0x3d, 0xf8, 0x79, 0x07, 0xbd, 0x72, 0x02, 0x7a, 0xd2, 0x14, 0x16, 0xc1, 0xe5, 0x0a, - 0x94, 0xc6, 0x9f, 0xa0, 0x7d, 0xc6, 0x93, 0x7c, 0x95, 0x42, 0x0c, 0x15, 0x70, 0x1d, 0x6f, 0x4a, - 0xf7, 0x3d, 0xe2, 0x8d, 0x06, 0xd1, 0x9d, 0x1a, 0x3e, 0x36, 0xe8, 0x86, 0x8e, 0x1f, 0x22, 0xbf, - 0xe1, 0x29, 0x90, 0x15, 0xc8, 0x16, 0x71, 0xc7, 0x12, 0x5f, 0xad, 0xf1, 0x27, 0x16, 0xbe, 0x66, - 0xbe, 0x81, 0xf6, 0x14, 0x50, 0x99, 0x2c, 0x63, 0x0d, 0xb2, 0xf0, 0x3b, 0xc4, 0x1b, 0x0d, 0x23, - 0xe4, 0x42, 0x73, 0x90, 0x05, 0x7e, 0x0f, 0xdd, 0xe6, 0xab, 0xe2, 0x02, 0x64, 0x2c, 0xb2, 0x58, - 0x82, 0x5a, 0xe5, 0x5a, 0xf9, 0xbb, 0xc4, 0x1b, 0xed, 0x46, 0x37, 0x1d, 0x70, 0x9e, 0x45, 0x2e, - 0x8c, 0x31, 0xda, 0xd5, 0x57, 0x25, 0xf8, 0x5d, 0xab, 0x62, 0xcf, 0xf8, 0x10, 0x75, 0x39, 0x2d, - 0x40, 0xf9, 0x3d, 0xd2, 0x19, 0x0d, 0xa7, 0x6f, 0xff, 0xf1, 0xd7, 0x9f, 0xbf, 0x79, 0xf7, 0xf1, - 0xbd, 0x09, 0xc9, 0x99, 0xd2, 0x44, 0x64, 0x64, 0x53, 0x2a, 0xd1, 0x82, 0x64, 0xa0, 0x93, 0x65, - 0xe4, 0x28, 0xc1, 0x25, 0xc2, 0xad, 0x2e, 0x35, 0x4d, 0x7a, 0x8a, 0x06, 0x55, 0xa6, 0xe2, 0x92, - 0xea, 0xa5, 0xed, 0xca, 0x70, 0xfa, 0xa5, 0x15, 0x3d, 0xc4, 0x0f, 0xe7, 0x4b, 0x20, 0x55, 0xa6, - 0x88, 0xc1, 0x88, 0x84, 0x9c, 0x6a, 0x56, 0x81, 0x91, 0xd5, 0x4b, 0x68, 0xdd, 0x93, 0x42, 0xc6, - 0x38, 0x33, 0xa3, 0x21, 0x4a, 0x0b, 0x09, 0x61, 0xd4, 0xaf, 0x32, 0xf5, 0x98, 0xea, 0x65, 0xf0, - 0x74, 0x6b, 0x30, 0x11, 0xa8, 0x52, 0x70, 0x05, 0xf8, 0x08, 0x0d, 0x1a, 0x7a, 0x7d, 0xe7, 0xc8, - 0xde, 0x19, 0x60, 0x32, 0x6f, 0x49, 0x93, 0x94, 0x6a, 0xfa, 0x3e, 0x11, 0x92, 0x50, 0x73, 0x09, - 0x5d, 0xe5, 0x3a, 0x8c, 0x36, 0xcc, 0xe0, 0x57, 0x0f, 0xe1, 0x27, 0x2f, 0xf6, 0x83, 0xb6, 0x2a, - 0xdf, 0xf9, 0xdf, 0x95, 0x3f, 0x43, 0x7b, 0x93, 0xc7, 0xb3, 0x56, 0x3b, 0xba, 0x20, 0xa5, 0x90, - 0xce, 0x95, 0xd3, 0xd0, 0x2a, 0x8e, 0xf0, 0x3b, 0x13, 0x4e, 0x6c, 0x9c, 0x88, 0x24, 0x59, 0x49, - 0x48, 0x89, 0x02, 0xad, 0x19, 0x5f, 0x6c, 0x95, 0x1b, 0x46, 0x8e, 0x8c, 0xdf, 0x42, 0x37, 0xec, - 0x21, 0x2e, 0x40, 0x29, 0xba, 0x00, 0x57, 0x5f, 0xf4, 0x92, 0x0d, 0x3e, 0x72, 0xb1, 0xe0, 0xf7, - 0x0e, 0xba, 0x75, 0x02, 0x3a, 0x82, 0x52, 0xc8, 0x4d, 0xc7, 0x9e, 0x77, 0x1c, 0x99, 0x90, 0x64, - 0xbd, 0x64, 0xc9, 0x92, 0xac, 0x81, 0x48, 0x27, 0xb1, 0x61, 0xe2, 0x6f, 0x6a, 0xbb, 0xba, 0xb6, - 0x7c, 0x6a, 0x15, 0x3e, 0xc4, 0x63, 0xa3, 0xe0, 0x72, 0x89, 0x81, 0x0d, 0x95, 0x03, 0xa4, 0x64, - 0x04, 0xe1, 0x22, 0x24, 0x8f, 0xce, 0xcf, 0x66, 0xf3, 0xf3, 0x68, 0x76, 0x76, 0x12, 0x1f, 0x4d, - 0x66, 0xa7, 0xdf, 0x3f, 0xa8, 0x7d, 0xfe, 0x01, 0xea, 0x65, 0x42, 0x16, 0x54, 0xbb, 0x1d, 0x9a, - 0xfa, 0x56, 0x0e, 0xe3, 0x5b, 0x5f, 0xdb, 0x28, 0xb1, 0xe4, 0xa5, 0x2e, 0xf2, 0xa8, 0xce, 0xc3, - 0xaf, 0xa1, 0x61, 0x92, 0x33, 0xb3, 0xe5, 0x2c, 0xad, 0x57, 0x66, 0xe0, 0x02, 0xb3, 0x14, 0xdf, - 0x45, 0x83, 0x94, 0x5e, 0xc5, 0x66, 0x0f, 0xfc, 0x9e, 0xc5, 0xfa, 0x29, 0xbd, 0x3a, 0xa3, 0x05, - 0xe0, 0xd7, 0x11, 0x52, 0x9a, 0x4a, 0x1d, 0x6b, 0x56, 0x80, 0x3f, 0xb0, 0xab, 0x38, 0xb4, 0x91, - 0x39, 0x2b, 0xc0, 0x30, 0x81, 0xa7, 0x0e, 0x1c, 0x5a, 0xb0, 0x0f, 0x3c, 0xb5, 0xd0, 0x3e, 0xea, - 0x67, 0xb9, 0x58, 0x9b, 0xfb, 0xfa, 0x56, 0xb3, 0x67, 0x7e, 0xce, 0x52, 0x7c, 0x89, 0x50, 0x49, - 0x25, 0x2d, 0x40, 0x83, 0x34, 0xdb, 0xdd, 0x19, 0xed, 0x7d, 0x74, 0xc3, 0xbd, 0x55, 0xe1, 0x77, - 0xdf, 0x9e, 0x1e, 0xf3, 0x6a, 0x3a, 0xb5, 0xdf, 0xf3, 0x19, 0x3e, 0x74, 0x93, 0x20, 0xd7, 0xf9, - 0xa1, 0xe9, 0xb9, 0x02, 0x92, 0x42, 0x09, 0x3c, 0x25, 0x82, 0xdb, 0x69, 0xdb, 0xd6, 0x89, 0xcc, - 0x9e, 0x5d, 0x37, 0xc3, 0xa8, 0x75, 0x49, 0xf0, 0xa3, 0x87, 0x6e, 0xb7, 0xe6, 0x5a, 0x1b, 0x0b, - 0xa3, 0x5d, 0x63, 0x44, 0x37, 0xd4, 0xc8, 0x9e, 0xf1, 0x01, 0x1a, 0x68, 0x28, 0xca, 0x9c, 0xea, - 0xc6, 0x21, 0x9b, 0xdf, 0xf8, 0x0b, 0x34, 0xa8, 0xcd, 0xa3, 0xfc, 0x8e, 0x7d, 0x60, 0x02, 0x5b, - 0xe7, 0x3d, 0x7c, 0x70, 0xec, 0x8c, 0x28, 0xc9, 0x9a, 0x4a, 0x6e, 0x3c, 0xd8, 0x24, 0x86, 0xd1, - 0x86, 0x13, 0xdc, 0x45, 0xfb, 0xcd, 0x36, 0x7e, 0x25, 0x8a, 0x52, 0x82, 0x52, 0x4c, 0xf0, 0x23, - 0x96, 0xe8, 0xe0, 0x17, 0x0f, 0x91, 0x53, 0xa6, 0xf4, 0xa4, 0xa2, 0x2c, 0xa7, 0x17, 0xb9, 0x7b, - 0x73, 0xeb, 0xa7, 0xae, 0x31, 0xe2, 0x4f, 0x5e, 0x7b, 0x88, 0xce, 0x8a, 0x3f, 0xd8, 0x0a, 0x00, - 0x27, 0xc6, 0x48, 0x0e, 0x24, 0xb3, 0x23, 0x63, 0x23, 0xfb, 0xe2, 0xd9, 0x55, 0x68, 0x34, 0x49, - 0x21, 0x38, 0xd3, 0x42, 0x9a, 0xfa, 0x72, 0xb1, 0x50, 0x21, 0x99, 0x65, 0x04, 0x8a, 0x52, 0x5f, - 0x6d, 0xe5, 0xbb, 0x47, 0xfd, 0x5d, 0xf5, 0xaf, 0xf4, 0x6b, 0xc7, 0x04, 0xa7, 0xe8, 0xe5, 0xed, - 0x52, 0x4d, 0xe3, 0xb6, 0xb7, 0xa4, 0xe5, 0xfd, 0xfb, 0x08, 0x19, 0x87, 0x28, 0x4d, 0x8b, 0xd2, - 0xfc, 0x8f, 0xe8, 0x8c, 0xba, 0x51, 0x2b, 0x12, 0x9c, 0xa1, 0x37, 0xff, 0xe3, 0xe3, 0xeb, 0x69, - 0x3d, 0x40, 0xbb, 0xa6, 0x0a, 0xdf, 0xb3, 0x86, 0xb9, 0x53, 0x1b, 0xe6, 0x1f, 0x1c, 0x9b, 0x72, - 0xd1, 0xb3, 0xd8, 0xc7, 0x7f, 0x07, 0x00, 0x00, 0xff, 0xff, 0x62, 0x03, 0x3b, 0xf4, 0x8d, 0x07, - 0x00, 0x00, + proto.RegisterEnum("proto.SetArtifactRequest_Operation", SetArtifactRequest_Operation_name, SetArtifactRequest_Operation_value) +} + +func init() { proto.RegisterFile("artifacts.proto", fileDescriptor_artifacts_e5dab1b49bc39116) } + +var fileDescriptor_artifacts_e5dab1b49bc39116 = []byte{ + // 990 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x55, 0xcd, 0x8e, 0xe3, 0x44, + 0x10, 0xc6, 0x93, 0x4c, 0x26, 0xe9, 0x85, 0xdd, 0xd9, 0x86, 0x65, 0xbc, 0x61, 0x7f, 0x1a, 0x2f, + 0x3f, 0x59, 0x84, 0x1c, 0x58, 0x24, 0x40, 0x23, 0x7e, 0x94, 0x90, 0x30, 0x8a, 0x98, 0x9d, 0x59, + 0x79, 0x22, 0x21, 0xe0, 0x10, 0xf5, 0xd8, 0xe5, 0xc4, 0xc2, 0x76, 0x7b, 0xbb, 0x3b, 0xc9, 0x8e, + 0xc4, 0x8d, 0x0b, 0x0f, 0xc2, 0x95, 0xb7, 0xe0, 0x21, 0x38, 0x22, 0x78, 0x0d, 0x0e, 0xa8, 0xab, + 0xed, 0x8c, 0xa3, 0x41, 0xab, 0x15, 0xa7, 0xb4, 0xab, 0xea, 0xfb, 0xaa, 0xba, 0xea, 0xab, 0x0e, + 0xb9, 0xc1, 0xa5, 0x4e, 0x62, 0x1e, 0x6a, 0xe5, 0x17, 0x52, 0x68, 0x41, 0x77, 0xf1, 0xa7, 0x7b, + 0xb8, 0x5e, 0xaf, 0xfd, 0x15, 0xa4, 0x22, 0x4c, 0x22, 0x78, 0xe6, 0x87, 0x22, 0xeb, 0xcf, 0x45, + 0xca, 0xf3, 0x79, 0xdf, 0x1a, 0x25, 0x2f, 0xb4, 0x90, 0x7d, 0x0c, 0xee, 0x2b, 0xc8, 0x78, 0xae, + 0x93, 0xd0, 0x52, 0x74, 0x3f, 0x7f, 0x31, 0x2c, 0x0f, 0x75, 0x22, 0x72, 0x55, 0x72, 0xac, 0x9e, + 0xa6, 0x25, 0x7c, 0xf4, 0x82, 0xf0, 0xaa, 0xf0, 0x92, 0xa0, 0xfa, 0xb6, 0x2c, 0xde, 0xaf, 0x3b, + 0xe4, 0xd5, 0x23, 0xd0, 0x83, 0x2a, 0x2a, 0x80, 0xa7, 0x4b, 0x50, 0x9a, 0x7e, 0x4c, 0x0e, 0x92, + 0x3c, 0x4c, 0x97, 0x11, 0xcc, 0x60, 0x05, 0xb9, 0x9e, 0x6d, 0x78, 0x5c, 0x87, 0x39, 0xbd, 0x76, + 0x70, 0xab, 0x74, 0x8f, 0x8d, 0x77, 0x03, 0xa7, 0x9f, 0x12, 0xb7, 0xc2, 0x29, 0x90, 0x2b, 0x90, + 0x35, 0xe0, 0x0e, 0x02, 0x5f, 0x2f, 0xfd, 0x67, 0xe8, 0xbe, 0x44, 0xde, 0x27, 0xd7, 0x14, 0x70, + 0x19, 0x2e, 0x66, 0x1a, 0x64, 0xe6, 0x36, 0x98, 0xd3, 0xeb, 0x04, 0xc4, 0x9a, 0xa6, 0x20, 0x33, + 0xfa, 0x1e, 0xb9, 0x99, 0x2f, 0xb3, 0x73, 0x90, 0x33, 0x11, 0xcf, 0x24, 0xa8, 0x65, 0xaa, 0x95, + 0xdb, 0x64, 0x4e, 0xaf, 0x19, 0xdc, 0xb0, 0x8e, 0xd3, 0x38, 0xb0, 0x66, 0x4a, 0x49, 0x53, 0x5f, + 0x14, 0xe0, 0xee, 0x22, 0x0b, 0x9e, 0xe9, 0x21, 0xd9, 0xcd, 0x79, 0x06, 0xca, 0x6d, 0xb1, 0x46, + 0xaf, 0x33, 0x7c, 0xeb, 0xaf, 0x7f, 0xfe, 0xfe, 0xdd, 0xb9, 0x47, 0xef, 0x0c, 0x58, 0x9a, 0x28, + 0xcd, 0x44, 0xcc, 0x36, 0xa5, 0x32, 0x2d, 0x58, 0x0c, 0x3a, 0x5c, 0x04, 0x16, 0xe2, 0x8d, 0x08, + 0xad, 0x75, 0xa9, 0x6a, 0x92, 0x4f, 0x9a, 0xc6, 0x8d, 0x17, 0xeb, 0x0c, 0xbb, 0x48, 0xf8, 0x1a, + 0xa5, 0xd3, 0x05, 0x6c, 0xa8, 0x98, 0x09, 0xf0, 0x03, 0x8c, 0xf3, 0x7e, 0xd8, 0xea, 0x75, 0x00, + 0xaa, 0x10, 0xb9, 0x02, 0x3a, 0x22, 0xed, 0x2a, 0x1c, 0x9b, 0xdb, 0x19, 0xf6, 0x90, 0xca, 0xa3, + 0x6c, 0x8b, 0x2a, 0xe2, 0x9a, 0xbf, 0xcf, 0x84, 0x64, 0x9c, 0x45, 0x10, 0xf3, 0x65, 0xaa, 0xfd, + 0x60, 0x83, 0xf4, 0xfe, 0x70, 0x08, 0x3d, 0xbb, 0x5a, 0x63, 0x9d, 0x7c, 0xe7, 0xff, 0x92, 0xd3, + 0xef, 0xc9, 0x8e, 0x28, 0x70, 0x26, 0xd7, 0x1f, 0x3d, 0xb0, 0xd2, 0xf1, 0xaf, 0x26, 0xf3, 0x4f, + 0x0b, 0x90, 0xdc, 0xc8, 0x75, 0xf8, 0x36, 0x26, 0xb9, 0x4f, 0xef, 0x7e, 0xbb, 0xe0, 0xda, 0xb4, + 0x33, 0x12, 0x6c, 0x9d, 0xe8, 0x05, 0xd3, 0xb5, 0xa4, 0x5f, 0x06, 0x3b, 0xa2, 0xf0, 0x18, 0xe9, + 0x6c, 0x70, 0x74, 0x8f, 0x34, 0xce, 0xc6, 0xd3, 0xfd, 0x97, 0x28, 0x21, 0xad, 0xd1, 0xf8, 0x78, + 0x3c, 0x1d, 0xef, 0x3b, 0xde, 0x33, 0x72, 0x6d, 0xf0, 0x64, 0x52, 0xeb, 0xd7, 0x2e, 0x48, 0x29, + 0xa4, 0x55, 0xe2, 0xd0, 0xc7, 0x54, 0x3d, 0xfa, 0xce, 0x20, 0x67, 0x68, 0x67, 0x22, 0x0c, 0x97, + 0x12, 0x22, 0xa6, 0x40, 0xeb, 0x24, 0x9f, 0x6f, 0xe5, 0xf4, 0x03, 0x0b, 0xa6, 0x0f, 0xc8, 0x2b, + 0x78, 0x98, 0x65, 0xa0, 0x14, 0x9f, 0x97, 0x53, 0x0c, 0x5e, 0x46, 0xe3, 0x63, 0x6b, 0xf3, 0xfe, + 0x6c, 0x90, 0xfd, 0x23, 0xd0, 0x01, 0x14, 0x42, 0xfe, 0x67, 0x4b, 0x9f, 0x37, 0xaf, 0x58, 0x48, + 0xb6, 0x5e, 0x24, 0xe1, 0x82, 0xad, 0x81, 0x49, 0x4b, 0x71, 0xd9, 0xd2, 0x6f, 0x4a, 0x89, 0xda, + 0xa1, 0x7c, 0x82, 0x0c, 0x1f, 0xd2, 0xbe, 0x61, 0xb0, 0xb1, 0xcc, 0xb8, 0x0d, 0x34, 0x07, 0x88, + 0x58, 0x0f, 0xfc, 0xb9, 0xcf, 0x1e, 0x9f, 0x9e, 0x4c, 0xa6, 0xa7, 0xc1, 0xe4, 0xe4, 0x68, 0x36, + 0x1a, 0x4c, 0x8e, 0xbf, 0x7b, 0x58, 0x6a, 0xfb, 0x03, 0xd2, 0x8a, 0x85, 0xcc, 0xb8, 0xb6, 0x7b, + 0x33, 0x74, 0x91, 0x8e, 0xd2, 0xfd, 0xaf, 0xd1, 0xca, 0x10, 0xbc, 0xd0, 0x59, 0x1a, 0x94, 0x71, + 0xf4, 0x0d, 0xd2, 0x09, 0xd3, 0xc4, 0x6c, 0x76, 0x12, 0x95, 0x6b, 0xd2, 0xb6, 0x86, 0x49, 0x44, + 0x6f, 0x93, 0x76, 0xc4, 0x2f, 0x66, 0x28, 0xee, 0x16, 0xfa, 0xf6, 0x22, 0x7e, 0x71, 0xc2, 0x33, + 0xa0, 0x77, 0x09, 0x51, 0x9a, 0x4b, 0x3d, 0xd3, 0x49, 0x06, 0x6e, 0x1b, 0xd7, 0xaf, 0x83, 0x96, + 0x69, 0x92, 0x81, 0x41, 0x42, 0x1e, 0x59, 0x67, 0x07, 0x9d, 0x7b, 0x90, 0x47, 0xe8, 0x3a, 0x20, + 0x7b, 0x71, 0x2a, 0xd6, 0x26, 0xdf, 0x1e, 0x72, 0xb6, 0xcc, 0xe7, 0x24, 0xa2, 0x3f, 0x11, 0x52, + 0x70, 0xc9, 0x33, 0xd0, 0x20, 0xcd, 0x46, 0x37, 0x7a, 0xd7, 0x1e, 0xb9, 0xa5, 0xc8, 0x2a, 0x85, + 0x3d, 0xa9, 0x02, 0x86, 0x43, 0xbc, 0xda, 0x67, 0xf4, 0xd0, 0x0e, 0x85, 0x5d, 0x42, 0x7d, 0xd3, + 0x7e, 0x05, 0x2c, 0x82, 0x02, 0xf2, 0x88, 0x89, 0x1c, 0x07, 0x8f, 0x5d, 0x14, 0x31, 0x9e, 0x6d, + 0x63, 0xfd, 0xa0, 0x96, 0xcf, 0xfb, 0xd9, 0x21, 0x37, 0x6b, 0x23, 0x2e, 0x35, 0x46, 0x49, 0xd3, + 0x6c, 0x84, 0x9d, 0x6f, 0x80, 0x67, 0xda, 0x25, 0x6d, 0x0d, 0x59, 0x91, 0x72, 0x5d, 0x89, 0x65, + 0xf3, 0x4d, 0xbf, 0x20, 0xed, 0x52, 0x47, 0xca, 0x6d, 0xe0, 0xfb, 0xe2, 0x61, 0x9d, 0x77, 0x68, + 0x77, 0x6c, 0x35, 0x29, 0xd9, 0x9a, 0xcb, 0xdc, 0xc8, 0xb1, 0x0a, 0xf4, 0x83, 0x0d, 0xc6, 0xbb, + 0x4d, 0x0e, 0xaa, 0xab, 0x7e, 0x25, 0xb2, 0x42, 0x82, 0x52, 0x89, 0xc8, 0x47, 0x49, 0xa8, 0xbd, + 0xdf, 0x1c, 0xc2, 0x8e, 0x13, 0xa5, 0x07, 0x2b, 0x9e, 0xa4, 0xfc, 0x3c, 0xb5, 0x4f, 0x6e, 0xf9, + 0xd2, 0x55, 0x9a, 0xfc, 0xc5, 0xa9, 0xcf, 0xd3, 0xaa, 0xf2, 0x47, 0xac, 0x00, 0x68, 0x68, 0x34, + 0x65, 0x9d, 0x6c, 0x32, 0x32, 0x8a, 0xc2, 0x07, 0x0f, 0xb7, 0xa2, 0xe2, 0x64, 0x99, 0xc8, 0x13, + 0x2d, 0xa4, 0xa9, 0x2f, 0x15, 0x73, 0xe5, 0xb3, 0x49, 0xcc, 0x20, 0x2b, 0xf4, 0xc5, 0x56, 0xbc, + 0x7d, 0xd3, 0xdf, 0x55, 0x57, 0xc2, 0x2f, 0xc5, 0xe3, 0x1d, 0x93, 0xeb, 0xdb, 0xa5, 0x9a, 0xc6, + 0x6d, 0x2f, 0x4c, 0x6d, 0x0d, 0xee, 0x11, 0x62, 0xc4, 0xa2, 0x34, 0xcf, 0x0a, 0xf3, 0x17, 0xd1, + 0xe8, 0xed, 0x06, 0x35, 0x8b, 0x77, 0x42, 0xde, 0x7c, 0xce, 0xe5, 0xcb, 0x69, 0x3d, 0x24, 0x4d, + 0x53, 0x85, 0xeb, 0xa0, 0x76, 0x6e, 0x55, 0xda, 0xd9, 0xc6, 0x60, 0xc8, 0x79, 0x0b, 0x7d, 0x1f, + 0xfd, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x66, 0x4f, 0xfb, 0x3b, 0xd2, 0x07, 0x00, 0x00, } diff --git a/api/proto/artifacts.proto b/api/proto/artifacts.proto index 28d6a34eb28..2e5ed85d170 100644 --- a/api/proto/artifacts.proto +++ b/api/proto/artifacts.proto @@ -3,6 +3,7 @@ syntax = "proto3"; import "www.velocidex.com/golang/velociraptor/proto/semantic.proto"; import "www.velocidex.com/golang/velociraptor/actions/proto/vql.proto"; +import "www.velocidex.com/golang/velociraptor/artifacts/proto/artifact.proto"; package proto; @@ -23,8 +24,11 @@ message GetArtifactsRequest { message GetArtifactRequest { // Deprecated. - string vfs_path = 1 [(sem_type) = { - description: "The vfs path relative to the artifacts definition store." + // string vfs_path = 1 [(sem_type) = { + // description: "The vfs path relative to the artifacts definition store." + // }]; + string name = 2 [(sem_type) = { + description: "The artifact name." }]; } @@ -36,13 +40,23 @@ message GetArtifactResponse { message SetArtifactRequest { - string vfs_path = 1 [(sem_type) = { - description: "The vfs path relative to the artifacts definition store." - }]; + // Deprecated + // string vfs_path = 1 [(sem_type) = { + // description: "The vfs path relative to the artifacts definition store." + // }]; string artifact = 2 [(sem_type) = { description: "The artifact data, or a default.", }]; + + enum Operation { + SET = 0; + DELETE = 1; + } + + Operation op = 3 [(sem_type) = { + description: "What to do with the artifact?", + }]; } message APIResponse { @@ -78,7 +92,7 @@ message GetReportRequest { // Parameters for CLIENT string flow_id = 7; - repeated VQLEnv parameters = 4 [(sem_type) = { + repeated ArtifactParameter parameters = 4 [(sem_type) = { description: "Report parameters. These depend on the type of the report." }]; } diff --git a/api/reports.go b/api/reports.go index c2f12bbd8db..a601f51d720 100644 --- a/api/reports.go +++ b/api/reports.go @@ -13,13 +13,8 @@ func getReport(ctx context.Context, config_obj *api_proto.Config, in *api_proto.GetReportRequest) ( *api_proto.GetReportResponse, error) { - params := make(map[string]string) - for _, env := range in.Parameters { - params[env.Key] = env.Value - } - template_engine, err := reporting.NewGuiTemplateEngine( - config_obj, ctx, in.Artifact, params) + config_obj, ctx, in.Artifact) if err != nil { return nil, err } @@ -36,29 +31,29 @@ func getReport(ctx context.Context, case "CLIENT": template_data, err = reporting.GenerateClientReport( template_engine, in.ClientId, in.FlowId) - if err != nil { - return nil, err - } // Server event artifacts run on the server. Typically they // post process client event streams. case "SERVER_EVENT": template_data, err = reporting. GenerateServerMonitoringReport( - template_engine, in.StartTime, in.EndTime) - if err != nil { - return nil, err - } + template_engine, + in.StartTime, in.EndTime, + in.Parameters) // A MONITORING_DAILY report is a report generated // over a single day of a monitoring artifact case "MONITORING_DAILY", "CLIENT_EVENT": template_data, err = reporting.GenerateMonitoringDailyReport( template_engine, in.ClientId, in.StartTime, in.EndTime) - if err != nil { - return nil, err - } + case "ARTIFACT_DESCRIPTION": + template_data, err = reporting.GenerateArtifactDescriptionReport( + template_engine, config_obj) + } + + if err != nil { + return nil, err } encoded_data, err := json.Marshal(template_engine.Data) diff --git a/api/vfs.go b/api/vfs.go index 2f66160f0d3..6e6c405fd40 100644 --- a/api/vfs.go +++ b/api/vfs.go @@ -37,7 +37,6 @@ import ( context "golang.org/x/net/context" actions_proto "www.velocidex.com/golang/velociraptor/actions/proto" api_proto "www.velocidex.com/golang/velociraptor/api/proto" - "www.velocidex.com/golang/velociraptor/constants" datastore "www.velocidex.com/golang/velociraptor/datastore" file_store "www.velocidex.com/golang/velociraptor/file_store" flows_proto "www.velocidex.com/golang/velociraptor/flows/proto" @@ -266,19 +265,6 @@ func vfsListDirectory( return renderRootVFS(client_id), nil } - if vfs_path == "/artifact_definitions" { - return &actions_proto.VQLResponse{ - Response: ` - [ - {"Mode": "drwxrwxrwx", "Name": "builtin"}, - {"Mode": "drwxrwxrwx", "Name": "custom"} - ]`, - }, nil - } - if strings.HasPrefix(vfs_path, constants.BUILTIN_ARTIFACT_DEFINITION) { - return renderBuiltinArtifacts(config_obj, vfs_path) - } - prefix, ok := getVFSPathPrefix(vfs_path, client_id) if ok { return renderFileStore(config_obj, prefix, vfs_path) diff --git a/artifacts/artifacts.go b/artifacts/artifacts.go index 293b82f8fac..9c883b67e5b 100644 --- a/artifacts/artifacts.go +++ b/artifacts/artifacts.go @@ -95,7 +95,7 @@ func (self *Repository) LoadYaml(data string, validate bool) ( for _, report := range artifact.Reports { report.Type = strings.ToLower(report.Type) switch report.Type { - case "monitoring_daily", "server_event", "client": + case "monitoring_daily", "server_event", "client", "internal": continue default: return nil, errors.New(fmt.Sprintf("Invalid report type %s", @@ -145,6 +145,10 @@ func (self *Repository) Get(name string) (*artifacts_proto.Artifact, bool) { return res, pres } +func (self *Repository) Del(name string) { + delete(self.Data, name) +} + func (self *Repository) GetByPathPrefix(path string) []*artifacts_proto.Artifact { name := strings.Replace(path, "/", ".", -1) @@ -424,8 +428,8 @@ func GetGlobalRepository(config_obj *api_proto.Config) (*Repository, error) { return global_repository, nil } + logger := logging.GetLogger(config_obj, &logging.FrontendComponent) global_repository = NewRepository() - for _, function := range init_registry { err := function(config_obj) if err != nil { @@ -433,7 +437,6 @@ func GetGlobalRepository(config_obj *api_proto.Config) (*Repository, error) { } } - logger := logging.GetLogger(config_obj, &logging.FrontendComponent) if config_obj.Frontend.ArtifactsPath != "" { count, err := global_repository.LoadDirectory( config_obj.Frontend.ArtifactsPath) @@ -458,7 +461,7 @@ func GetGlobalRepository(config_obj *api_proto.Config) (*Repository, error) { // Load artifacts from the custom file store. file_store_factory := file_store.GetFileStore(config_obj) - err := file_store_factory.Walk(constants.ARTIFACT_DEFINITION, + err := file_store_factory.Walk(constants.ARTIFACT_DEFINITION_PREFIX, func(path string, info os.FileInfo, err error) error { if err == nil && strings.HasSuffix(path, ".yaml") { fd, err := file_store_factory.ReadFile(path) diff --git a/artifacts/definitions/Demo/Plugins/Fifo.yaml b/artifacts/definitions/Demo/Plugins/Fifo.yaml index d727e607704..1eb6b39ff1b 100644 --- a/artifacts/definitions/Demo/Plugins/Fifo.yaml +++ b/artifacts/definitions/Demo/Plugins/Fifo.yaml @@ -52,21 +52,25 @@ type: CLIENT_EVENT sources: - queries: # This query simulates failed logon attempts. - - LET failed_logon = SELECT Unix as FailedTime from clock(period=1) + - | + LET failed_logon = SELECT Unix as FailedTime from clock(period=1) # This is the fifo which holds the last 5 failed logon attempts # within the last hour. - - LET last_5_events = SELECT FailedTime + - | + LET last_5_events = SELECT FailedTime FROM fifo(query=failed_logon, max_rows=5, max_age=3600) # We need to get it started collecting data immediately by # materializing the cache contents. Otherwise the fifo wont # start until it is first called (i.e. the first successful # login and we will miss the failed events before hand). - - LET foo <= SELECT * FROM last_5_events + - | + LET foo <= SELECT * FROM last_5_events # This simulates successful logon - we assume every 3 seonds. - - LET success_logon = SELECT Unix as SuccessTime from clock(period=3) + - | + LET success_logon = SELECT Unix as SuccessTime from clock(period=3) # For each successful logon, query the last failed logon # attempts from the fifo(). We also count the total number of diff --git a/artifacts/definitions/Generic/Applications/Office/Keywords.yaml b/artifacts/definitions/Generic/Applications/Office/Keywords.yaml index 5dc5a8a439a..fa22ea33815 100644 --- a/artifacts/definitions/Generic/Applications/Office/Keywords.yaml +++ b/artifacts/definitions/Generic/Applications/Office/Keywords.yaml @@ -40,13 +40,15 @@ parameters: sources: - queries: - - LET office_docs = SELECT FullPath AS OfficePath, + - | + LET office_docs = SELECT FullPath AS OfficePath, timestamp(epoch=Mtime.Sec) as OfficeMtime, Size as OfficeSize FROM glob(globs=searchGlob + documentGlobs) # A list of zip members inside the doc that have some content. - - LET document_parts = SELECT OfficePath, + - | + LET document_parts = SELECT OfficePath, FullPath AS ZipMemberPath FROM glob(globs=url( scheme="file", path=OfficePath, fragment="/**").String, @@ -54,7 +56,8 @@ sources: WHERE not IsDir and Size > 0 # For each document, scan all its parts for the keyword. - - SELECT OfficePath, + - | + SELECT OfficePath, OfficeMtime, OfficeSize, File.ModTime as InternalMtime, diff --git a/artifacts/definitions/Generic/Forensic/Carving/URLs.yaml b/artifacts/definitions/Generic/Forensic/Carving/URLs.yaml new file mode 100644 index 00000000000..b1e8f04a823 --- /dev/null +++ b/artifacts/definitions/Generic/Forensic/Carving/URLs.yaml @@ -0,0 +1,33 @@ +name: Generic.Forensic.Carving.URLs +description: | + Carve URLs from files located in a glob. Note that we do not parse + any files - we simply carve anything that looks like a URL. + + +parameters: + - name: UrlGlob + default: | + ["C:/Documents and Settings/*/Local Settings/Application Data/Google/Chrome/User Data/**", + "C:/Users/*/AppData/Local/Google/Chrome/User Data/**", + "C:/Documents and Settings/*/Local Settings/History/**", + "C:/Documents and Settings/*/Local Settings/Temporary Internet Files/**", + "C:/Users/*/AppData/Local/Microsoft/Windows/WebCache/**", + "C:/Users/*/AppData/Local/Microsoft/Windows/INetCache/**", + "C:/Users/*/AppData/Local/Microsoft/Windows/INetCookies/**", + "C:/Users/*/AppData/Roaming/Mozilla/Firefox/Profiles/**", + "C:/Documents and Settings/*/Application Data/Mozilla/Firefox/Profiles/**" + ] + +sources: + - queries: + - | + LET matching = SELECT FullPath FROM glob( + globs=parse_json_array(data=UrlGlob)) + - | + SELECT FullPath, URL FROM foreach( + row=matching, + query={ + SELECT FullPath, + URL FROM parse_records_with_regex(file=FullPath, + regex="(?Phttps?:\\/\\/[\\w\\.-]+[\\/\\w \\.-]*)") + }) diff --git a/artifacts/definitions/Network/ExternalIpAddress.yaml b/artifacts/definitions/Network/ExternalIpAddress.yaml index f46af4f04e4..0418d108dc5 100644 --- a/artifacts/definitions/Network/ExternalIpAddress.yaml +++ b/artifacts/definitions/Network/ExternalIpAddress.yaml @@ -7,4 +7,5 @@ parameters: sources: - precondition: SELECT * from info() queries: - - SELECT Content as IP from http_client(url=externalUrl) + - | + SELECT Content as IP from http_client(url=externalUrl) diff --git a/artifacts/definitions/Server/Analysis/Triage/PowershellConsole.yaml b/artifacts/definitions/Server/Analysis/Triage/PowershellConsole.yaml index 4cad3db6280..9e8850645f3 100644 --- a/artifacts/definitions/Server/Analysis/Triage/PowershellConsole.yaml +++ b/artifacts/definitions/Server/Analysis/Triage/PowershellConsole.yaml @@ -18,15 +18,19 @@ precondition: sources: - queries: - - LET files = SELECT ClientId, - file_store(path=Flow.FlowContext.uploaded_files) as LogFiles + - | + LET files = SELECT ClientId, + file_store(path=Flow.FlowContext.uploaded_files) as LogFiles FROM hunt_results( - hunt_id=huntId, artifact='Windows.Triage.Collectors.PowershellConsoleLogs') + hunt_id=huntId, + artifact='Windows.Triage.Collectors.PowershellConsoleLogs') # A lookup between client id and FQDN - - LET clients <= SELECT ClientId, os_info.fqdn AS FQDN from clients() + - | + LET clients <= SELECT ClientId, os_info.fqdn AS FQDN from clients() - - SELECT * FROM foreach( + - | + SELECT * FROM foreach( row=files, query={ SELECT ClientId, { diff --git a/artifacts/definitions/Server/Internal/ArtifactDescription.yaml b/artifacts/definitions/Server/Internal/ArtifactDescription.yaml new file mode 100644 index 00000000000..3b4ca8fc0cb --- /dev/null +++ b/artifacts/definitions/Server/Internal/ArtifactDescription.yaml @@ -0,0 +1,36 @@ +name: Server.Internal.ArtifactDescription + +reports: + - type: INTERNAL + template: | + {{ $artifact := Scope "artifact" }} + + ## {{ $artifact.Name }} + + #### Type: {{ $artifact.Type }} + + {{ $artifact.Description }} + + {{ if $artifact.Parameters }} + + ### Parameters + + + + + {{ range $item := $artifact.Parameters }} + + {{ end }} +
NameDefault
{{ $item.Name }}
{{ $item.Default }}
+ + {{ end }} + + {{ range $source := $artifact.Sources }} + + ### Source {{ $source.Name }} + ```sql + {{ range $query := $source.Queries -}} + {{- $query -}} + {{ end }} + ``` + {{ end }} diff --git a/artifacts/definitions/Server/Monitor/Health.yaml b/artifacts/definitions/Server/Monitor/Health.yaml index 7d24ca0b915..255f56c3307 100644 --- a/artifacts/definitions/Server/Monitor/Health.yaml +++ b/artifacts/definitions/Server/Monitor/Health.yaml @@ -13,12 +13,14 @@ parameters: sources: - name: Prometheus queries: - - LET metrics_url <= SELECT format(format='http://%s:%d/metrics', args=[ + - | + LET metrics_url <= SELECT format(format='http://%s:%d/metrics', args=[ server_config.Monitoring.bind_address, server_config.Monitoring.bind_port]) as URL FROM scope() - - SELECT int(int=rate(x=process_cpu_seconds_total, y=Timestamp) * 100) As CPUPercent, + - | + SELECT int(int=rate(x=process_cpu_seconds_total, y=Timestamp) * 100) As CPUPercent, process_resident_memory_bytes / 1000000 AS MemoryUse, process_cpu_seconds_total, client_comms_current_connections, @@ -35,26 +37,30 @@ sources: reports: - type: SERVER_EVENT + parameters: + - name: Sample + default: "4" + template: | {{ define "CPU" }} SELECT * FROM sample( - n=4, + n=atoi(string=Sample), query={ SELECT _ts as Timestamp, CPUPercent, MemoryUse - FROM source(source="Prometheus", start_time=now() - 36000) + FROM source(source="Prometheus") }) {{ end }} {{ define "CurrentConnections" }} SELECT * FROM sample( - n=4, + n=atoi(string=Sample), query={ SELECT _ts as Timestamp, client_comms_current_connections, client_comms_concurrency - FROM source(source="Prometheus", start_time=now() - 36000) + FROM source(source="Prometheus") }) {{ end }} diff --git a/artifacts/definitions/Server/Monitor/VeloMetrics.yaml b/artifacts/definitions/Server/Monitor/VeloMetrics.yaml index e05bf738635..ece2dbc9ec9 100644 --- a/artifacts/definitions/Server/Monitor/VeloMetrics.yaml +++ b/artifacts/definitions/Server/Monitor/VeloMetrics.yaml @@ -8,7 +8,8 @@ parameters: sources: - queries: - - LET stats = SELECT parse_string_with_regex(string=Content, + - | + LET stats = SELECT parse_string_with_regex(string=Content, regex=[ 'process_resident_memory_bytes (?P[^\\s]+)', 'client_comms_concurrency (?P[^\\s]+)', @@ -21,7 +22,8 @@ sources: ]) AS Stat FROM http_client(url=MetricsURL, chunk=50000) - - SELECT now() AS Timestamp, + - | + SELECT now() AS Timestamp, parse_float(string=Stat.process_resident_memory_bytes) AS process_resident_memory_bytes, parse_float(string=Stat.client_comms_concurrency) diff --git a/artifacts/definitions/Triage/Collection/Upload.yaml b/artifacts/definitions/Triage/Collection/Upload.yaml index 1bcd63c2292..8c8c5d5a31f 100644 --- a/artifacts/definitions/Triage/Collection/Upload.yaml +++ b/artifacts/definitions/Triage/Collection/Upload.yaml @@ -12,14 +12,16 @@ parameters: sources: - queries: - - LET results = SELECT FullPath, Size, + - | + LET results = SELECT FullPath, Size, timestamp(epoch=Mtime.Sec) As Modifed, type AS Type, { SELECT * FROM upload(files=FullPath, accessor=accessor) } AS FileDetails FROM glob(globs=path, accessor=accessor) WHERE NOT IsDir - - SELECT FullPath, Size, Modifed, Type, + - | + SELECT FullPath, Size, Modifed, Type, FileDetails.Path AS ZipPath, FileDetails.Md5 as Md5, FileDetails.Sha256 as SHA256 diff --git a/artifacts/definitions/Windows/Detection/ProcessMemory.yaml b/artifacts/definitions/Windows/Detection/ProcessMemory.yaml index 18066de9d3c..61628249972 100644 --- a/artifacts/definitions/Windows/Detection/ProcessMemory.yaml +++ b/artifacts/definitions/Windows/Detection/ProcessMemory.yaml @@ -21,18 +21,21 @@ parameters: sources: - queries: - - LET processes = SELECT Name as ProcessName, CommandLine, Pid + - | + LET processes = SELECT Name as ProcessName, CommandLine, Pid FROM pslist() WHERE Name =~ processRegex - - LET hits = SELECT * FROM foreach( + - | + LET hits = SELECT * FROM foreach( row=processes, query={ SELECT ProcessName, CommandLine, Pid, Strings.Offset as Offsets FROM proc_yara(rules=yaraRule, pid=Pid) }) - - SELECT * FROM foreach( + - | + SELECT * FROM foreach( row=hits, query={ SELECT ProcessName, CommandLine, Pid, Offsets, FullPath, diff --git a/artifacts/definitions/Windows/Detection/PsexecService.yaml b/artifacts/definitions/Windows/Detection/PsexecService.yaml index 67e55cf71f8..7d5e4c24ae4 100644 --- a/artifacts/definitions/Windows/Detection/PsexecService.yaml +++ b/artifacts/definitions/Windows/Detection/PsexecService.yaml @@ -22,12 +22,14 @@ parameters: sources: - queries: - - LET file_scan = SELECT File, Rule, Strings, now() AS Timestamp, + - | + LET file_scan = SELECT File, Rule, Strings, now() AS Timestamp, Name, ServiceType FROM yara(rules=yaraRule, files=PathName) WHERE Rule - - LET service_creation = SELECT Parse.TargetInstance.Name AS Name, + - | + LET service_creation = SELECT Parse.TargetInstance.Name AS Name, Parse.TargetInstance.PathName As PathName, Parse.TargetInstance.ServiceType As ServiceType FROM wmi_events( @@ -35,6 +37,7 @@ sources: wait=5000000, namespace="ROOT/CIMV2") - - SELECT * FROM foreach( + - | + SELECT * FROM foreach( row=service_creation, query=file_scan) diff --git a/artifacts/definitions/Windows/Detection/Thumbdrives/List.yaml b/artifacts/definitions/Windows/Detection/Thumbdrives/List.yaml index a7d503aaf46..68a53a5d8fb 100644 --- a/artifacts/definitions/Windows/Detection/Thumbdrives/List.yaml +++ b/artifacts/definitions/Windows/Detection/Thumbdrives/List.yaml @@ -23,15 +23,27 @@ parameters: sources: - queries: - - LET removable_disks = SELECT Name AS Drive, atoi(string=Data.Size) AS Size + - | + LET removable_disks = SELECT Name AS Drive, + atoi(string=Data.Size) AS Size FROM glob(globs="/*", accessor="file") - WHERE Data.Description =~ "Removable" AND Size < atoi(string=maxDriveSize) - - - LET file_listing = SELECT FullPath, timestamp(epoch=Mtime.Sec) As Modified, Size - FROM glob(globs=Drive+"\\**", accessor="file") LIMIT 1000 - - - SELECT * FROM diff( - query={ SELECT * FROM foreach(row=removable_disks, query=file_listing) }, - key="FullPath", - period=10) - WHERE Diff = "added" + WHERE Data.Description =~ "Removable" AND + Size < atoi(string=maxDriveSize) + + - | + LET file_listing = SELECT FullPath, + timestamp(epoch=Mtime.Sec) As Modified, + Size + FROM glob(globs=Drive+"\\**", accessor="file") + LIMIT 1000 + + - | + SELECT * FROM diff( + query={ + SELECT * FROM foreach( + row=removable_disks, + query=file_listing) + }, + key="FullPath", + period=10) + WHERE Diff = "added" diff --git a/artifacts/definitions/Windows/Detection/Thumbdrives/OfficeKeywords.yaml b/artifacts/definitions/Windows/Detection/Thumbdrives/OfficeKeywords.yaml index bf59f52906d..b1232f50dea 100644 --- a/artifacts/definitions/Windows/Detection/Thumbdrives/OfficeKeywords.yaml +++ b/artifacts/definitions/Windows/Detection/Thumbdrives/OfficeKeywords.yaml @@ -31,12 +31,13 @@ parameters: sources: - queries: - - SELECT * FROM foreach( - row = { - SELECT * FROM Artifact.Windows.Detection.Thumbdrives.List() - WHERE FullPath =~ officeExtensions - }, - query = { - SELECT * FROM Artifact.Generic.Applications.Office.Keywords( - yaraRule=yaraRule, searchGlob=FullPath, documentGlobs="") - }) + - | + SELECT * FROM foreach( + row = { + SELECT * FROM Artifact.Windows.Detection.Thumbdrives.List() + WHERE FullPath =~ officeExtensions + }, + query = { + SELECT * FROM Artifact.Generic.Applications.Office.Keywords( + yaraRule=yaraRule, searchGlob=FullPath, documentGlobs="") + }) diff --git a/artifacts/definitions/Windows/Detection/Thumbdrives/OfficeMacros.yaml b/artifacts/definitions/Windows/Detection/Thumbdrives/OfficeMacros.yaml index 59ba2fc4bab..01f4d552148 100644 --- a/artifacts/definitions/Windows/Detection/Thumbdrives/OfficeMacros.yaml +++ b/artifacts/definitions/Windows/Detection/Thumbdrives/OfficeMacros.yaml @@ -19,11 +19,12 @@ parameters: sources: - queries: - - SELECT * FROM foreach( - row = { - SELECT * FROM Artifact.Windows.Detection.Thumbdrives.List() - WHERE FullPath =~ officeExtensions - }, - query = { - SELECT * from olevba(file=FullPath) - }) + - | + SELECT * FROM foreach( + row = { + SELECT * FROM Artifact.Windows.Detection.Thumbdrives.List() + WHERE FullPath =~ officeExtensions + }, + query = { + SELECT * from olevba(file=FullPath) + }) diff --git a/artifacts/definitions/Windows/Detection/WMIProcessCreation.yaml b/artifacts/definitions/Windows/Detection/WMIProcessCreation.yaml index 9173ed0e024..5a40ae7cad4 100644 --- a/artifacts/definitions/Windows/Detection/WMIProcessCreation.yaml +++ b/artifacts/definitions/Windows/Detection/WMIProcessCreation.yaml @@ -14,7 +14,8 @@ type: CLIENT_EVENT sources: - queries: - - SELECT Parse from wmi_events( + - | + SELECT Parse from wmi_events( query="SELECT * FROM MSFT_WmiProvider_ExecMethodAsyncEvent_Pre WHERE ObjectPath=\"Win32_Process\" AND MethodName=\"Create\"", namespace="ROOT/CIMV2", wait=50000000) diff --git a/artifacts/definitions/Windows/EventLogs/DHCP.yaml b/artifacts/definitions/Windows/EventLogs/DHCP.yaml index efa5421a188..9ea08a8026c 100644 --- a/artifacts/definitions/Windows/EventLogs/DHCP.yaml +++ b/artifacts/definitions/Windows/EventLogs/DHCP.yaml @@ -38,7 +38,8 @@ parameters: sources: - name: RejectedDHCP queries: - - LET files = SELECT * FROM glob( + - | + LET files = SELECT * FROM glob( globs=eventDirGlob + adminLog, accessor=accessor) - | @@ -59,7 +60,8 @@ sources: - name: AssignedDHCP queries: - - LET files = SELECT * FROM glob( + - | + LET files = SELECT * FROM glob( globs=eventDirGlob + operationalLog, accessor=accessor) - | diff --git a/artifacts/definitions/Windows/Events/FailedLogBeforeSuccess.yaml b/artifacts/definitions/Windows/Events/FailedLogBeforeSuccess.yaml index 986594146f0..ef0eb6d0a1e 100644 --- a/artifacts/definitions/Windows/Events/FailedLogBeforeSuccess.yaml +++ b/artifacts/definitions/Windows/Events/FailedLogBeforeSuccess.yaml @@ -51,7 +51,8 @@ sources: max_age=atoi(string=failedLogonTimeWindow)) # Force the fifo to materialize. - - LET foo <= SELECT * FROM last_5_events + - | + LET foo <= SELECT * FROM last_5_events - | LET success_logon = SELECT EventData as SuccessEventData, diff --git a/artifacts/definitions/Windows/Forensics/Bam.yaml b/artifacts/definitions/Windows/Forensics/Bam.yaml index decdd590e9c..ebeb85133f3 100644 --- a/artifacts/definitions/Windows/Forensics/Bam.yaml +++ b/artifacts/definitions/Windows/Forensics/Bam.yaml @@ -18,8 +18,10 @@ sources: - precondition: SELECT OS from info() where OS = "windows" queries: - - LET users <= SELECT Name, UUID FROM Artifact.Windows.Sys.Users() - - SELECT basename(path=dirname(path=FullPath)) as SID, { + - | + LET users <= SELECT Name, UUID FROM Artifact.Windows.Sys.Users() + - | + SELECT basename(path=dirname(path=FullPath)) as SID, { SELECT Name FROM users WHERE UUID = basename(path=dirname(path=FullPath)) } As UserName, Name as Binary, diff --git a/artifacts/definitions/Windows/Packs/Persistence.yaml b/artifacts/definitions/Windows/Packs/Persistence.yaml index 376ccab0d13..9f886d51123 100644 --- a/artifacts/definitions/Windows/Packs/Persistence.yaml +++ b/artifacts/definitions/Windows/Packs/Persistence.yaml @@ -11,14 +11,16 @@ sources: {{ DocFrom "Windows.Persistence.PermanentWMIEvents" }} queries: - - SELECT * FROM Artifact.Windows.Persistence.PermanentWMIEvents() + - | + SELECT * FROM Artifact.Windows.Persistence.PermanentWMIEvents() - name: Startup Items description: | {{ DocFrom "Windows.Sys.StartupItems" }} queries: - - SELECT * FROM Artifact.Windows.Sys.StartupItems() + - | + SELECT * FROM Artifact.Windows.Sys.StartupItems() - name: Debug Bootstraping description: | @@ -28,7 +30,5 @@ sources: program will also launch the program listed under the Debugger column. - {{ Query "SELECT Program, Debugger FROM Rows" }} - queries: - SELECT * FROM Artifact.Windows.Persistence.Debug() diff --git a/artifacts/definitions/Windows/Persistence/Debug.yaml b/artifacts/definitions/Windows/Persistence/Debug.yaml index d0fb7a5bfbf..40cffab6080 100644 --- a/artifacts/definitions/Windows/Persistence/Debug.yaml +++ b/artifacts/definitions/Windows/Persistence/Debug.yaml @@ -15,7 +15,9 @@ parameters: sources: - queries: - - SELECT Key.Name AS Program, + - | + SELECT Key.Name AS Program, Key.FullPath as Key, - Debugger FROM read_reg_key(globs=imageFileExecutionOptions) + Debugger FROM read_reg_key( + globs=imageFileExecutionOptions) WHERE Debugger diff --git a/artifacts/definitions/Windows/Persistence/PermanentWMIEvents.yaml b/artifacts/definitions/Windows/Persistence/PermanentWMIEvents.yaml index dcae383f1a2..f658fbe7006 100644 --- a/artifacts/definitions/Windows/Persistence/PermanentWMIEvents.yaml +++ b/artifacts/definitions/Windows/Persistence/PermanentWMIEvents.yaml @@ -26,17 +26,17 @@ sources: namespace=namespace) - | SELECT { - SELECT * FROM wmi( - query="SELECT * FROM " + Consumer.Type, - namespace=if(condition=Consumer.namespace, + SELECT * FROM wmi( + query="SELECT * FROM " + Consumer.Type, + namespace=if(condition=Consumer.namespace, then=Consumer.namespace, else=namespace)) WHERE Name = Consumer.Name - } AS ConsumerDetails, - { - SELECT * FROM wmi( - query="SELECT * FROM " + Filter.Type, - namespace=if(condition=Filter.namespace, + } AS ConsumerDetails, + { + SELECT * FROM wmi( + query="SELECT * FROM " + Filter.Type, + namespace=if(condition=Filter.namespace, then=Filter.namespace, else=namespace)) WHERE Name = Filter.Name - } AS FilterDetails + } AS FilterDetails FROM FilterToConsumerBinding diff --git a/artifacts/definitions/Windows/Registry/NTUser.yaml b/artifacts/definitions/Windows/Registry/NTUser.yaml new file mode 100644 index 00000000000..1382bae4f28 --- /dev/null +++ b/artifacts/definitions/Windows/Registry/NTUser.yaml @@ -0,0 +1,38 @@ +name: Windows.Registry.NTUser +description: | + This artifact searches for keys or values within the user's + NTUser.dat registry hives. + + When a user logs into a windows machine the system creates their own + "profile" which consists of a registry hive mapped into the + HKEY_USERS hive. This hive file is locked as long as the user is + logged in. If the user is not logged in, the file is not mapped at + all. + + This artifact bypasses the locking mechanism by parsing the raw NTFS + filesystem to recover the registry hives. We then parse the registry + hives to search for the glob provided. + + This artifact is designed to be reused by other artifacts that need + to access user data. + +parameters: + - name: KeyGlob + default: Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\** + - name: UserHomes + default: C:\Users\*\NTUSER.DAT + +sources: + - queries: + - | + SELECT * FROM foreach( + row={ + SELECT FullPath FROM glob(globs=UserHomes) + }, + query={ + SELECT FullPath, Data, Mtime.Sec AS Mtime FROM glob( + globs=url(scheme="ntfs", + path=FullPath, + fragment=KeyGlob).String, + accessor="raw_reg") + }) diff --git a/artifacts/definitions/Windows/Registry/Sysinternals/Eulacheck.yaml b/artifacts/definitions/Windows/Registry/Sysinternals/Eulacheck.yaml index d099785b1d0..799b16c05b2 100644 --- a/artifacts/definitions/Windows/Registry/Sysinternals/Eulacheck.yaml +++ b/artifacts/definitions/Windows/Registry/Sysinternals/Eulacheck.yaml @@ -17,7 +17,8 @@ sources: SELECT OS From info() where OS = 'windows' queries: - - LET users <= SELECT Name, UUID FROM Artifact.Windows.Sys.Users() + - | + LET users <= SELECT Name, UUID FROM Artifact.Windows.Sys.Users() - | SELECT Key.Name as ProgramName, Key.FullPath as Key, diff --git a/artifacts/definitions/Windows/Search/FileFinder.yaml b/artifacts/definitions/Windows/Search/FileFinder.yaml index d27bef58e77..2b7babbdc29 100644 --- a/artifacts/definitions/Windows/Search/FileFinder.yaml +++ b/artifacts/definitions/Windows/Search/FileFinder.yaml @@ -55,7 +55,8 @@ parameters: sources: - queries: - - LET ntfs_search = SELECT FullPath, + - | + LET ntfs_search = SELECT FullPath, Sys.mft as Inode, Mode.String AS Mode, Size, timestamp(epoch=Atime.Sec) AS Atime, @@ -67,7 +68,8 @@ sources: then=hash(path=FullPath, accessor="ntfs")) AS Hash FROM glob(globs=SearchFilesGlob, accessor="ntfs") - - LET file_search = SELECT FullPath, + - | + LET file_search = SELECT FullPath, Sys.mft as Inode, Mode.String AS Mode, Size, timestamp(epoch=Atime.Sec) AS Atime, @@ -79,7 +81,8 @@ sources: then=hash(path=FullPath, accessor="file")) AS Hash FROM glob(globs=SearchFilesGlob, accessor="file") - - SELECT * FROM if( + - | + SELECT * FROM if( condition=(Use_Raw_NTFS = "Y"), then=ntfs_search, else=file_search) diff --git a/artifacts/definitions/Windows/Sys/StartupItems.yaml b/artifacts/definitions/Windows/Sys/StartupItems.yaml index 13b66e4b1d4..fd1b409367f 100644 --- a/artifacts/definitions/Windows/Sys/StartupItems.yaml +++ b/artifacts/definitions/Windows/Sys/StartupItems.yaml @@ -63,6 +63,7 @@ sources: FROM read_file(filenames=FullPath) }) - - SELECT * from chain( + - | + SELECT * from chain( first=registry_runners, second=file_runners) diff --git a/artifacts/definitions/Windows/Sys/Users.yaml b/artifacts/definitions/Windows/Sys/Users.yaml index 599113f81a4..cbf60a20b1a 100644 --- a/artifacts/definitions/Windows/Sys/Users.yaml +++ b/artifacts/definitions/Windows/Sys/Users.yaml @@ -29,7 +29,8 @@ sources: } as Directory, User_sid as UUID, 0 AS Mtime, "local" AS Type FROM users() - - LET local_users_with_mtime = SELECT Uid, Gid, Name, Description, + - | + LET local_users_with_mtime = SELECT Uid, Gid, Name, Description, Directory, UUID, { SELECT Mtime.Sec FROM stat(filename=expand(path=Directory)) } As Mtime, Type diff --git a/artifacts/definitions/Windows/System/Pslist.yaml b/artifacts/definitions/Windows/System/Pslist.yaml index 0d0d9021a76..2fc1821cdd9 100644 --- a/artifacts/definitions/Windows/System/Pslist.yaml +++ b/artifacts/definitions/Windows/System/Pslist.yaml @@ -8,7 +8,8 @@ parameters: sources: - queries: - - SELECT Pid, Ppid, Name, CommandLine, Exe, + - | + SELECT Pid, Ppid, Name, CommandLine, Exe, hash(path=Exe) as Hash, authenticode(filename=Exe) AS Authenticode, Username, WorkingSetSize diff --git a/artifacts/definitions/Windows/Triage/Collectors/Amcache.yaml b/artifacts/definitions/Windows/Triage/Collectors/Amcache.yaml index 35f4f93a2c7..fdb48e7542f 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/Amcache.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/Amcache.yaml @@ -1,6 +1,4 @@ name: Windows.Triage.Collectors.Amcache -description: | - {{ Query "SELECT * FROM Rows" }} precondition: SELECT OS From info() where OS = 'windows' diff --git a/artifacts/definitions/Windows/Triage/Collectors/BCD.yaml b/artifacts/definitions/Windows/Triage/Collectors/BCD.yaml index 93db6743730..cd18075bc4a 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/BCD.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/BCD.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.BCD description: | Boot Configuration Files. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="BCD", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/Chrome.yaml b/artifacts/definitions/Windows/Triage/Collectors/Chrome.yaml index c660dfd3626..cd013f95b60 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/Chrome.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/Chrome.yaml @@ -2,8 +2,6 @@ name: Windows.Triage.Collectors.Chrome description: | Collect Chrome related artifacts. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' parameters: @@ -13,7 +11,8 @@ parameters: sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Chrome bookmarks", path=split(string=baseLocations, sep=",") + "Bookmarks*") diff --git a/artifacts/definitions/Windows/Triage/Collectors/Edge.yaml b/artifacts/definitions/Windows/Triage/Collectors/Edge.yaml index dd147e1e3e8..0b048ba712d 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/Edge.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/Edge.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.Edge description: | Collect Edge related artifacts. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Edge folder", path="C:\\Users\\*\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_*\\**") diff --git a/artifacts/definitions/Windows/Triage/Collectors/EventLogs.yaml b/artifacts/definitions/Windows/Triage/Collectors/EventLogs.yaml index a9d942490a6..b0276f908e7 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/EventLogs.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/EventLogs.yaml @@ -2,8 +2,6 @@ name: Windows.Triage.Collectors.EventLogs description: | Collect event log files. - {{ Query "SELECT * FROM Rows" }} - parameters: - name: EventLogGlobs default: C:\Windows\system32\config\*.evt,C:\Windows\system32\winevt\logs\*.evtx @@ -12,6 +10,7 @@ precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM Artifact.Triage.Collection.Upload( + - | + SELECT * FROM Artifact.Triage.Collection.Upload( type="EventLogs", path=split(string=EventLogGlobs, sep=",")) diff --git a/artifacts/definitions/Windows/Triage/Collectors/EventTraceLogs.yaml b/artifacts/definitions/Windows/Triage/Collectors/EventTraceLogs.yaml index 73cc2797dfb..17dc81066ef 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/EventTraceLogs.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/EventTraceLogs.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.EventTraceLogs description: | Collect event trace log files. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="WDI Trace Logs", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/EvidenceOfExecution.yaml b/artifacts/definitions/Windows/Triage/Collectors/EvidenceOfExecution.yaml index ae6243e6111..480224989c7 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/EvidenceOfExecution.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/EvidenceOfExecution.yaml @@ -1,15 +1,11 @@ name: Windows.Triage.Collectors.EvidenceOfExecution -description: | - {{ Query "SELECT * FROM Rows" }} - -includes: - - Windows.Triage.Collectors.Amcache precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Prefetch", path="C:\\Windows\\prefetch\\*.pf") diff --git a/artifacts/definitions/Windows/Triage/Collectors/Firefox.yaml b/artifacts/definitions/Windows/Triage/Collectors/Firefox.yaml index 62378648835..be3b0625cd5 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/Firefox.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/Firefox.yaml @@ -2,8 +2,6 @@ name: Windows.Triage.Collectors.Firefox description: | Collect Firefox related artifacts. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' parameters: @@ -13,7 +11,8 @@ parameters: sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Places", path=split(string=baseLocations, sep=",") + "places.sqlite*") diff --git a/artifacts/definitions/Windows/Triage/Collectors/InternetExplorer.yaml b/artifacts/definitions/Windows/Triage/Collectors/InternetExplorer.yaml index a3e6aadd131..ac21211288c 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/InternetExplorer.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/InternetExplorer.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.InternetExplorer description: | Collect Firefox related artifacts. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Index.dat History", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/Jabber.yaml b/artifacts/definitions/Windows/Triage/Collectors/Jabber.yaml index d3c3ace2e96..8e800022b27 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/Jabber.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/Jabber.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.Jabber description: | Jabber. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Cisco Jabber Database", accessor="ntfs", diff --git a/artifacts/definitions/Windows/Triage/Collectors/LnkFiles.yaml b/artifacts/definitions/Windows/Triage/Collectors/LnkFiles.yaml index 8357dbb6e85..e40790581f6 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/LnkFiles.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/LnkFiles.yaml @@ -8,7 +8,8 @@ precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Lnk files from Recent", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/NTFSMetadata.yaml b/artifacts/definitions/Windows/Triage/Collectors/NTFSMetadata.yaml index 0bfb6d5562a..0554126b754 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/NTFSMetadata.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/NTFSMetadata.yaml @@ -7,7 +7,8 @@ precondition: SELECT OS From info() where OS = 'windows' sources: - name: NTFS Metadata Files queries: - - SELECT * FROM Artifact.Triage.Collection.Upload( + - | + SELECT * FROM Artifact.Triage.Collection.Upload( type="NTFS Metadata Files", accessor="ntfs", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/OutlookPST.yaml b/artifacts/definitions/Windows/Triage/Collectors/OutlookPST.yaml index 2bf0aeb9864..3323d4eef14 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/OutlookPST.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/OutlookPST.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.OutlookPST description: | Outlook PST and OST files. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="PST", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/PowershellConsoleLogs.yaml b/artifacts/definitions/Windows/Triage/Collectors/PowershellConsoleLogs.yaml index c65cf185109..d75ef73bce4 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/PowershellConsoleLogs.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/PowershellConsoleLogs.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.PowershellConsoleLogs description: | PowerShell Console Log File. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="PowerShell Console Log", path="C:\\users\\*\\Appdata\\Roaming\\Microsoft\\Windows\\PowerShell\\PSReadline\\ConsoleHost_history.txt") diff --git a/artifacts/definitions/Windows/Triage/Collectors/RecycleBin.yaml b/artifacts/definitions/Windows/Triage/Collectors/RecycleBin.yaml index 12b4fa78df2..31eda0f6685 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/RecycleBin.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/RecycleBin.yaml @@ -2,13 +2,13 @@ name: Windows.Triage.Collectors.RecycleBin description: | Collect contents of Recycle Bin. - {{ Query "SELECT * FROM Rows" }} precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Recycle.Bin", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/RegistryHives.yaml b/artifacts/definitions/Windows/Triage/Collectors/RegistryHives.yaml index 7e6ae6f06a0..543a1111b80 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/RegistryHives.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/RegistryHives.yaml @@ -2,15 +2,14 @@ name: Windows.Triage.Collectors.RegistryHives description: | System and user related Registry hives. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' reference: - https://github.com/EricZimmerman/KapeFiles sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="ntuser.dat registry hive", accessor="ntfs", diff --git a/artifacts/definitions/Windows/Triage/Collectors/SRUM.yaml b/artifacts/definitions/Windows/Triage/Collectors/SRUM.yaml index 0b959fbc61a..bdb3b93525b 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/SRUM.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/SRUM.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.SRUM description: | System Resource Usage Monitor (SRUM) Data. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="SRUM", path="C:\\Windows\\System32\\SRU\\**") diff --git a/artifacts/definitions/Windows/Triage/Collectors/ScheduledTasks.yaml b/artifacts/definitions/Windows/Triage/Collectors/ScheduledTasks.yaml index 06bcb9f5c84..0284e1e920a 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/ScheduledTasks.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/ScheduledTasks.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.ScheduledTasks description: | Scheduled tasks (*.job and XML). - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="at .job", path="C:\\Windows\\Tasks\\*.job") diff --git a/artifacts/definitions/Windows/Triage/Collectors/Skype.yaml b/artifacts/definitions/Windows/Triage/Collectors/Skype.yaml index 0d2440c906c..3817f206ae6 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/Skype.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/Skype.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.Skype description: | Skype. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="main.db", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/StartupInfo.yaml b/artifacts/definitions/Windows/Triage/Collectors/StartupInfo.yaml index fdca6891c44..8743c9b93ec 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/StartupInfo.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/StartupInfo.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.StartupInfo description: | StartupInfo XML Files. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="StartupInfo XML Files", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/TeraCopy.yaml b/artifacts/definitions/Windows/Triage/Collectors/TeraCopy.yaml index 3de5f55b3d7..b61d4ddcdb4 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/TeraCopy.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/TeraCopy.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.TeraCopy description: | TeraCopy log history. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="TeraCopy", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/ThumbDB.yaml b/artifacts/definitions/Windows/Triage/Collectors/ThumbDB.yaml index 05e7744bbf8..fac79192ada 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/ThumbDB.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/ThumbDB.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.ThumbDB description: | Thumbcache DB. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Thumbcache DB", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/USBDeviceLogs.yaml b/artifacts/definitions/Windows/Triage/Collectors/USBDeviceLogs.yaml index c80214581e8..a9a27ca4210 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/USBDeviceLogs.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/USBDeviceLogs.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.USBDeviceLogs description: | USB devices log files. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Setupapi.log", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/WBEM.yaml b/artifacts/definitions/Windows/Triage/Collectors/WBEM.yaml index c424279f7f8..8fa8b6cdab4 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/WBEM.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/WBEM.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.WBEM description: | Web-Based Enterprise Management (WBEM). - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="WBEM", path=[ diff --git a/artifacts/definitions/Windows/Triage/Collectors/WindowsFirewall.yaml b/artifacts/definitions/Windows/Triage/Collectors/WindowsFirewall.yaml index 08421798dfb..eb326424289 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/WindowsFirewall.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/WindowsFirewall.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.WindowsFirewall description: | Windows Firewall Logs. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="Windows Firewall Logs", path="C:\\Windows\\System32\\LogFiles\\Firewall\\pfirewall.*") diff --git a/artifacts/definitions/Windows/Triage/Collectors/WindowsIndex.yaml b/artifacts/definitions/Windows/Triage/Collectors/WindowsIndex.yaml index ebf1fc3a141..b6c388cb035 100644 --- a/artifacts/definitions/Windows/Triage/Collectors/WindowsIndex.yaml +++ b/artifacts/definitions/Windows/Triage/Collectors/WindowsIndex.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.Collectors.WindowsIndex description: | Windows Index Search. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Triage.Collection.Upload( type="WindowsIndexSearch", path="C:\\programdata\\microsoft\\search\\data\\applications\\windows\\Windows.edb") diff --git a/artifacts/definitions/Windows/Triage/ProcessMemory.yaml b/artifacts/definitions/Windows/Triage/ProcessMemory.yaml index 7c54ce0508f..ff5bd224253 100644 --- a/artifacts/definitions/Windows/Triage/ProcessMemory.yaml +++ b/artifacts/definitions/Windows/Triage/ProcessMemory.yaml @@ -10,11 +10,13 @@ parameters: sources: - queries: - - LET processes = SELECT Name as ProcessName, CommandLine, Pid + - | + LET processes = SELECT Name as ProcessName, CommandLine, Pid FROM pslist() WHERE Name =~ processRegex - - SELECT * FROM foreach( + - | + SELECT * FROM foreach( row=processes, query={ SELECT ProcessName, CommandLine, Pid, FullPath, diff --git a/artifacts/definitions/Windows/Triage/WebBrowsers.yaml b/artifacts/definitions/Windows/Triage/WebBrowsers.yaml index 17912cb3d9b..2047371640e 100644 --- a/artifacts/definitions/Windows/Triage/WebBrowsers.yaml +++ b/artifacts/definitions/Windows/Triage/WebBrowsers.yaml @@ -2,13 +2,12 @@ name: Windows.Triage.WebBrowsers description: | A high level artifact for selecting all browser related artifacts. - {{ Query "SELECT * FROM Rows" }} - precondition: SELECT OS From info() where OS = 'windows' sources: - queries: - - SELECT * FROM chain( + - | + SELECT * FROM chain( a1={ SELECT * FROM Artifact.Windows.Triage.Collectors.Chrome() }, a2={ SELECT * FROM Artifact.Windows.Triage.Collectors.Firefox() }, a3={ SELECT * FROM Artifact.Windows.Triage.Collectors.Edge() }, diff --git a/artifacts/proto/artifact.pb.go b/artifacts/proto/artifact.pb.go index c251b120029..b5013f1fd03 100644 --- a/artifacts/proto/artifact.pb.go +++ b/artifacts/proto/artifact.pb.go @@ -38,7 +38,7 @@ func (m *FieldDescriptor) Reset() { *m = FieldDescriptor{} } func (m *FieldDescriptor) String() string { return proto.CompactTextString(m) } func (*FieldDescriptor) ProtoMessage() {} func (*FieldDescriptor) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{0} + return fileDescriptor_artifact_a7133b7180202821, []int{0} } func (m *FieldDescriptor) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_FieldDescriptor.Unmarshal(m, b) @@ -126,7 +126,7 @@ func (m *EnumValue) Reset() { *m = EnumValue{} } func (m *EnumValue) String() string { return proto.CompactTextString(m) } func (*EnumValue) ProtoMessage() {} func (*EnumValue) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{1} + return fileDescriptor_artifact_a7133b7180202821, []int{1} } func (m *EnumValue) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_EnumValue.Unmarshal(m, b) @@ -184,7 +184,7 @@ func (m *TypeDescriptor) Reset() { *m = TypeDescriptor{} } func (m *TypeDescriptor) String() string { return proto.CompactTextString(m) } func (*TypeDescriptor) ProtoMessage() {} func (*TypeDescriptor) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{2} + return fileDescriptor_artifact_a7133b7180202821, []int{2} } func (m *TypeDescriptor) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_TypeDescriptor.Unmarshal(m, b) @@ -278,7 +278,7 @@ func (m *Types) Reset() { *m = Types{} } func (m *Types) String() string { return proto.CompactTextString(m) } func (*Types) ProtoMessage() {} func (*Types) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{3} + return fileDescriptor_artifact_a7133b7180202821, []int{3} } func (m *Types) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Types.Unmarshal(m, b) @@ -320,7 +320,7 @@ func (m *ArtifactParameter) Reset() { *m = ArtifactParameter{} } func (m *ArtifactParameter) String() string { return proto.CompactTextString(m) } func (*ArtifactParameter) ProtoMessage() {} func (*ArtifactParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{4} + return fileDescriptor_artifact_a7133b7180202821, []int{4} } func (m *ArtifactParameter) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ArtifactParameter.Unmarshal(m, b) @@ -389,7 +389,7 @@ func (m *ArtifactSource) Reset() { *m = ArtifactSource{} } func (m *ArtifactSource) String() string { return proto.CompactTextString(m) } func (*ArtifactSource) ProtoMessage() {} func (*ArtifactSource) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{5} + return fileDescriptor_artifact_a7133b7180202821, []int{5} } func (m *ArtifactSource) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ArtifactSource.Unmarshal(m, b) @@ -440,18 +440,19 @@ func (m *ArtifactSource) GetQueries() []string { type Report struct { // Each report type will be handled differently. Read about the // different types in reporting.go - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - Template string `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + Template string `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` + Parameters []*ArtifactParameter `protobuf:"bytes,3,rep,name=parameters,proto3" json:"parameters,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *Report) Reset() { *m = Report{} } func (m *Report) String() string { return proto.CompactTextString(m) } func (*Report) ProtoMessage() {} func (*Report) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{6} + return fileDescriptor_artifact_a7133b7180202821, []int{6} } func (m *Report) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Report.Unmarshal(m, b) @@ -485,6 +486,13 @@ func (m *Report) GetTemplate() string { return "" } +func (m *Report) GetParameters() []*ArtifactParameter { + if m != nil { + return m.Parameters + } + return nil +} + type Artifact struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"` @@ -509,7 +517,7 @@ func (m *Artifact) Reset() { *m = Artifact{} } func (m *Artifact) String() string { return proto.CompactTextString(m) } func (*Artifact) ProtoMessage() {} func (*Artifact) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{7} + return fileDescriptor_artifact_a7133b7180202821, []int{7} } func (m *Artifact) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Artifact.Unmarshal(m, b) @@ -610,7 +618,7 @@ func (m *ArtifactDescriptors) Reset() { *m = ArtifactDescriptors{} } func (m *ArtifactDescriptors) String() string { return proto.CompactTextString(m) } func (*ArtifactDescriptors) ProtoMessage() {} func (*ArtifactDescriptors) Descriptor() ([]byte, []int) { - return fileDescriptor_artifact_c04559f32a0dc4b9, []int{8} + return fileDescriptor_artifact_a7133b7180202821, []int{8} } func (m *ArtifactDescriptors) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_ArtifactDescriptors.Unmarshal(m, b) @@ -649,103 +657,104 @@ func init() { proto.RegisterType((*ArtifactDescriptors)(nil), "proto.ArtifactDescriptors") } -func init() { proto.RegisterFile("artifact.proto", fileDescriptor_artifact_c04559f32a0dc4b9) } - -var fileDescriptor_artifact_c04559f32a0dc4b9 = []byte{ - // 1517 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x5f, 0x6f, 0x1b, 0x4b, - 0x15, 0xd7, 0xc6, 0xf9, 0xe3, 0x4c, 0x6f, 0x73, 0x2f, 0x03, 0x5c, 0xad, 0xfa, 0x80, 0x0e, 0xae, - 0x80, 0x04, 0x72, 0x37, 0xe2, 0x96, 0x0a, 0x08, 0x15, 0x92, 0xdd, 0x84, 0x12, 0x94, 0xd8, 0xe9, - 0xc6, 0x4a, 0xd5, 0xbe, 0x44, 0x93, 0xdd, 0x63, 0x7b, 0xc8, 0xec, 0xcc, 0x76, 0x66, 0xb6, 0x8e, - 0x79, 0xe1, 0xa1, 0x12, 0x6f, 0x95, 0x10, 0x88, 0x17, 0xc4, 0x77, 0x40, 0x7c, 0x07, 0x3e, 0x03, - 0x12, 0x48, 0x88, 0x02, 0x5f, 0x03, 0x09, 0x34, 0xb3, 0xbb, 0x5e, 0x3b, 0xae, 0xe0, 0x89, 0x27, - 0x7b, 0x66, 0xcf, 0x9c, 0xf3, 0x3b, 0xbf, 0xf3, 0x3b, 0x67, 0x86, 0xec, 0x30, 0x6d, 0xf9, 0x88, - 0x25, 0x36, 0xca, 0xb5, 0xb2, 0x8a, 0x6e, 0xf8, 0x9f, 0x07, 0x87, 0xd3, 0xe9, 0x34, 0x7a, 0x83, - 0x42, 0x25, 0x3c, 0xc5, 0xdb, 0x28, 0x51, 0xd9, 0xc1, 0x58, 0x09, 0x26, 0xc7, 0x07, 0xe5, 0xa6, - 0x66, 0xb9, 0x55, 0xfa, 0xc0, 0x1b, 0x1f, 0x18, 0xcc, 0x98, 0xb4, 0x3c, 0x29, 0x5d, 0x74, 0xde, - 0x07, 0xe4, 0xe3, 0x1f, 0x71, 0x14, 0xe9, 0x11, 0x9a, 0x44, 0x73, 0x67, 0x48, 0x1f, 0x92, 0xfb, - 0x23, 0xcd, 0x51, 0xa6, 0x62, 0x76, 0x25, 0x59, 0x86, 0x61, 0x00, 0xc1, 0xee, 0x76, 0xfc, 0x51, - 0xbd, 0xd9, 0x67, 0x19, 0x52, 0x4a, 0xd6, 0xfd, 0xb7, 0x35, 0xff, 0xcd, 0xff, 0xa7, 0x0f, 0x48, - 0x5b, 0x63, 0x8e, 0xcc, 0x62, 0x1a, 0xb6, 0x20, 0xd8, 0x6d, 0xc7, 0xf3, 0xb5, 0xb3, 0xb7, 0xb3, - 0x1c, 0xc3, 0xf5, 0xd2, 0xde, 0xfd, 0xa7, 0x9f, 0x90, 0x56, 0xaa, 0x92, 0x70, 0xc3, 0x6f, 0xb9, - 0xbf, 0xf4, 0x53, 0xb2, 0x29, 0xd8, 0x35, 0x0a, 0x13, 0x6e, 0x42, 0x6b, 0x77, 0x3b, 0xae, 0x56, - 0x34, 0x24, 0x5b, 0x29, 0x8e, 0x58, 0x21, 0x6c, 0xb8, 0xe5, 0xad, 0xeb, 0x25, 0x05, 0x72, 0x2f, - 0xad, 0xa0, 0x73, 0x25, 0xc3, 0xb6, 0xff, 0xba, 0xb8, 0xd5, 0x79, 0x4c, 0xb6, 0x8f, 0x65, 0x91, - 0x5d, 0x32, 0x51, 0x20, 0xfd, 0x12, 0xd9, 0x78, 0xe3, 0xfe, 0xf8, 0x9c, 0x36, 0xe2, 0x72, 0xf1, - 0xa1, 0x64, 0x3a, 0x7f, 0x5f, 0x23, 0x3b, 0xc3, 0x59, 0x8e, 0x0b, 0xc4, 0x54, 0x78, 0x83, 0x06, - 0xef, 0x9d, 0xe8, 0xdb, 0x2b, 0xd1, 0x69, 0x44, 0x36, 0x47, 0x8e, 0x5f, 0x13, 0xae, 0x41, 0x6b, - 0xf7, 0xde, 0xe7, 0x9f, 0x96, 0xc4, 0x47, 0x77, 0x48, 0x8f, 0x2b, 0xab, 0x39, 0x94, 0xd6, 0x02, - 0xaf, 0x2b, 0x05, 0xd9, 0xfa, 0x70, 0x41, 0x6e, 0xb8, 0x4c, 0x6b, 0x82, 0xdd, 0x7f, 0x97, 0xad, - 0x92, 0xa8, 0x46, 0x9e, 0xe2, 0x76, 0x5c, 0x2e, 0xe8, 0xa0, 0x21, 0x73, 0xd3, 0x19, 0xf7, 0x1e, - 0xff, 0xe3, 0x5f, 0xff, 0xfc, 0x63, 0x70, 0x40, 0x3f, 0x1b, 0x4e, 0x10, 0x7e, 0x6a, 0x94, 0x04, - 0x94, 0x89, 0x4a, 0x31, 0x85, 0xca, 0x0e, 0x3c, 0x4d, 0x30, 0x52, 0x1a, 0xec, 0x84, 0x1b, 0x70, - 0xd5, 0x8b, 0x9a, 0x1a, 0x7c, 0x97, 0xec, 0x30, 0x21, 0xd4, 0x14, 0xd3, 0x2b, 0x6f, 0x68, 0xc2, - 0xb6, 0xcf, 0xf5, 0x93, 0x2a, 0xd7, 0x39, 0xfd, 0xf1, 0xfd, 0xca, 0xce, 0xaf, 0x4c, 0xe7, 0x3b, - 0x64, 0xc3, 0x51, 0x6c, 0xe8, 0xb7, 0xc8, 0x06, 0xb7, 0x98, 0x99, 0x30, 0xf0, 0x07, 0xbf, 0x5c, - 0x1d, 0x5c, 0xe6, 0x3f, 0x2e, 0x6d, 0x3a, 0xff, 0x5e, 0x23, 0x5f, 0xe8, 0x56, 0x9d, 0x70, 0xce, - 0x34, 0xcb, 0xd0, 0xa2, 0x9e, 0x13, 0x17, 0x2c, 0x10, 0xb7, 0x20, 0x9b, 0xb5, 0xff, 0x2a, 0x9b, - 0xd6, 0x6a, 0xe1, 0x3e, 0x24, 0xd8, 0x95, 0x42, 0x6c, 0xac, 0x16, 0xe2, 0xf0, 0x7d, 0xf0, 0x17, - 0x47, 0xe7, 0x9f, 0x03, 0xf2, 0xa7, 0xa0, 0x86, 0x69, 0x20, 0x63, 0x33, 0x60, 0x49, 0x82, 0xb9, - 0x85, 0xbc, 0xc6, 0x6c, 0x60, 0x3a, 0xe1, 0xc9, 0x04, 0x98, 0x46, 0x60, 0xa9, 0xe3, 0xdb, 0x2a, - 0xb0, 0x13, 0x04, 0x93, 0xa8, 0x1c, 0x21, 0xd7, 0xdc, 0x11, 0xae, 0x00, 0x6f, 0x31, 0x29, 0x1c, - 0xa8, 0x08, 0xfa, 0x83, 0xe1, 0xf1, 0x21, 0x30, 0x21, 0x16, 0xbd, 0xb8, 0xf3, 0xc6, 0x6a, 0x2e, - 0xc7, 0x06, 0x3e, 0x03, 0x3e, 0x82, 0x99, 0x2a, 0x40, 0x22, 0xa6, 0x60, 0x54, 0x86, 0x76, 0xc2, - 0xe5, 0x18, 0x50, 0x18, 0xf4, 0xbe, 0x5f, 0x17, 0xa8, 0x67, 0x90, 0x30, 0x09, 0x85, 0xcc, 0x59, - 0x72, 0x03, 0x18, 0x8d, 0x23, 0x18, 0x69, 0x95, 0xc1, 0x4f, 0x2e, 0x06, 0x7d, 0x28, 0x8c, 0x33, - 0x77, 0x96, 0x6e, 0x79, 0xce, 0xb4, 0xc1, 0xdd, 0x3d, 0xb8, 0x7c, 0x7e, 0x0a, 0xa3, 0x42, 0x26, - 0x1e, 0x45, 0xe7, 0xaf, 0xeb, 0x64, 0xa7, 0x4e, 0xed, 0x42, 0x15, 0x3a, 0x41, 0xfa, 0xfb, 0x60, - 0x51, 0xb8, 0xbd, 0xdf, 0x06, 0x5e, 0x53, 0xbf, 0x0e, 0xe8, 0x2f, 0x03, 0xa7, 0x2a, 0xf7, 0x09, - 0xd4, 0xa8, 0x94, 0x4f, 0x3d, 0xc6, 0xc0, 0xf8, 0xb3, 0x11, 0x9c, 0x8c, 0x40, 0x2a, 0x0b, 0x06, - 0x2d, 0x4c, 0x11, 0x8a, 0x0a, 0xa9, 0x99, 0x9f, 0xc1, 0xe6, 0x08, 0xb7, 0x06, 0xc5, 0x28, 0x82, - 0xe1, 0xe2, 0x66, 0xa2, 0xb2, 0x9c, 0x0b, 0xd4, 0x30, 0xe5, 0x42, 0xc0, 0x18, 0x25, 0x6a, 0x66, - 0x11, 0x58, 0x95, 0xec, 0x94, 0xdb, 0x49, 0x19, 0xd9, 0xc1, 0x88, 0x2a, 0x71, 0xbc, 0x0b, 0x96, - 0x35, 0xe0, 0x0b, 0xdd, 0xbb, 0xf1, 0xb8, 0x91, 0x26, 0x5d, 0x58, 0xf8, 0x58, 0xd1, 0xdb, 0x74, - 0x40, 0x8d, 0xbc, 0xaf, 0x2c, 0x02, 0xb7, 0x9e, 0xcf, 0x6b, 0x04, 0x2e, 0x2d, 0xea, 0x5c, 0x09, - 0x37, 0xf2, 0xca, 0xb0, 0xca, 0x4e, 0x50, 0x37, 0x48, 0x17, 0x7c, 0x9a, 0x68, 0x59, 0x70, 0x13, - 0xf2, 0x51, 0xae, 0x31, 0x51, 0x32, 0xe5, 0x1e, 0x8f, 0x17, 0x72, 0xef, 0xc8, 0xe3, 0xf9, 0x21, - 0x7d, 0xd2, 0xf5, 0x35, 0xc0, 0xdb, 0x5c, 0xa3, 0x31, 0x0e, 0x92, 0x55, 0x2e, 0x22, 0xba, 0x8e, - 0xf3, 0xe1, 0xe6, 0x72, 0xa9, 0x2b, 0xd8, 0xc0, 0x8c, 0x97, 0x3c, 0x53, 0x4b, 0xb6, 0x1c, 0x31, - 0x1c, 0xcb, 0xa1, 0xb4, 0xdd, 0x7b, 0xe5, 0x83, 0x0c, 0x69, 0xfc, 0xbc, 0xdc, 0x06, 0x3b, 0x61, - 0xb6, 0x24, 0x53, 0x17, 0x12, 0xb8, 0x04, 0xa5, 0x53, 0xd4, 0x11, 0x0c, 0xa4, 0x98, 0x81, 0x2a, - 0x6c, 0x5e, 0xd8, 0x52, 0x32, 0xae, 0x36, 0x82, 0x19, 0x3b, 0x67, 0x5a, 0x08, 0x87, 0x2a, 0x51, - 0x42, 0x60, 0x62, 0x31, 0x8d, 0xe2, 0x3a, 0xd4, 0xe1, 0x9e, 0x6f, 0x8b, 0x87, 0xe4, 0xab, 0x2f, - 0x26, 0xa8, 0x71, 0xb9, 0xaa, 0x63, 0xb4, 0xc6, 0x95, 0x16, 0x52, 0x66, 0x59, 0xd4, 0x79, 0xbb, - 0x46, 0x36, 0x63, 0xcc, 0x95, 0xb6, 0xf4, 0xac, 0x6a, 0xc3, 0x92, 0x8d, 0xef, 0x7b, 0xa0, 0x8f, - 0xe8, 0xb7, 0xdd, 0x64, 0x70, 0xda, 0xd0, 0xde, 0xea, 0x10, 0xce, 0x06, 0xfd, 0x93, 0xe1, 0x20, - 0x3e, 0xe9, 0x3f, 0xbb, 0x3a, 0xea, 0x9e, 0x9c, 0xbe, 0xdc, 0x87, 0xf3, 0xc1, 0xc5, 0xf0, 0xea, - 0x3c, 0x1e, 0x3c, 0x3d, 0xbe, 0xb8, 0x38, 0xe9, 0x3f, 0xab, 0x3a, 0xf8, 0x01, 0x69, 0x5b, 0xcc, - 0x72, 0x57, 0xa0, 0x6a, 0x24, 0xcc, 0xd7, 0x87, 0xef, 0xca, 0xc6, 0xfd, 0x45, 0x40, 0xde, 0x06, - 0xdd, 0xca, 0x33, 0x70, 0x33, 0xd7, 0x53, 0xda, 0xa4, 0x5c, 0x51, 0x70, 0x57, 0x9c, 0x4d, 0xda, - 0x4e, 0x9f, 0x1a, 0x6b, 0x59, 0x64, 0x85, 0xb0, 0x3c, 0x17, 0x58, 0x3b, 0x75, 0x50, 0x16, 0xfd, - 0xa6, 0x98, 0xa3, 0x4c, 0x5d, 0xd5, 0x94, 0x84, 0x44, 0x49, 0x8b, 0xb7, 0x36, 0xea, 0xfc, 0xad, - 0x4d, 0xda, 0x75, 0x97, 0xd1, 0x3f, 0x04, 0x8b, 0xf3, 0xad, 0xf7, 0xbb, 0xb2, 0xbf, 0x7e, 0x13, - 0xd0, 0x5f, 0xdd, 0xe9, 0xaf, 0x06, 0x4e, 0x04, 0x17, 0x13, 0x55, 0x88, 0xd4, 0x21, 0x28, 0x24, - 0x7f, 0x5d, 0x20, 0x30, 0x99, 0xfa, 0x49, 0xe4, 0x62, 0x30, 0x2e, 0x21, 0x55, 0xd6, 0x44, 0xd0, - 0x75, 0x2d, 0x37, 0x2a, 0x04, 0x98, 0x64, 0x82, 0x19, 0xba, 0x9c, 0x9d, 0xb8, 0x34, 0xb2, 0x1b, - 0x48, 0x98, 0xc5, 0xb1, 0xf2, 0xa2, 0xf0, 0x7a, 0x4e, 0x95, 0x2d, 0x27, 0xc6, 0x29, 0x97, 0xc5, - 0x6d, 0xd4, 0xd3, 0x6a, 0x6a, 0x50, 0x9b, 0xe8, 0xe9, 0x44, 0xab, 0x0c, 0x7f, 0xcc, 0x8d, 0x55, - 0x7a, 0x56, 0x75, 0xd8, 0xf3, 0xe5, 0x06, 0xf3, 0x7c, 0xf7, 0x0e, 0x3c, 0xf0, 0x3d, 0xfa, 0x8d, - 0x17, 0x4e, 0x63, 0xcb, 0xbd, 0x6d, 0xc0, 0xea, 0x99, 0x17, 0xaf, 0xaa, 0xb9, 0xbc, 0xd3, 0x24, - 0x47, 0x64, 0x5b, 0xe3, 0x08, 0x35, 0xca, 0xc4, 0x4d, 0x5f, 0x27, 0xde, 0xaf, 0x7b, 0x87, 0x40, - 0xbf, 0xe2, 0x6a, 0x56, 0x7d, 0x6a, 0x1a, 0x75, 0x4e, 0x46, 0xdc, 0x1c, 0x5c, 0x69, 0xb5, 0xf6, - 0xff, 0xad, 0xd5, 0x04, 0x21, 0xcd, 0xa0, 0x0e, 0x5b, 0xfe, 0x76, 0x0b, 0xab, 0xdb, 0x6d, 0xe5, - 0x0e, 0xeb, 0x7d, 0xee, 0x11, 0xec, 0xd3, 0x6f, 0x9e, 0x37, 0xc3, 0xbd, 0x8c, 0x9d, 0x6b, 0xf5, - 0x86, 0x2f, 0xdc, 0x10, 0x4d, 0x5a, 0x0b, 0xfe, 0xe9, 0xa0, 0x6a, 0x16, 0xe2, 0xf3, 0xf9, 0x81, - 0xf7, 0xf6, 0x98, 0x3e, 0x72, 0x02, 0xb1, 0x55, 0xc3, 0xcc, 0xaf, 0x80, 0x08, 0x9e, 0x96, 0xe2, - 0xec, 0x0f, 0xe2, 0xb3, 0xee, 0xe9, 0x3e, 0x1c, 0x5f, 0x1e, 0xf7, 0x87, 0xfb, 0x70, 0x71, 0x1c, - 0x5f, 0x1e, 0xc7, 0x55, 0xbb, 0xbc, 0x22, 0x5b, 0x65, 0x5e, 0x26, 0x5c, 0x5f, 0xba, 0x99, 0x97, - 0xa7, 0x7f, 0x6f, 0xcf, 0x87, 0x7a, 0x48, 0xff, 0x77, 0x6f, 0xc7, 0xb5, 0x43, 0xfa, 0x82, 0xb4, - 0xb9, 0x4c, 0x44, 0x91, 0xa2, 0x09, 0xb7, 0x7d, 0x25, 0xe7, 0x80, 0xbb, 0x20, 0xb8, 0xf1, 0xed, - 0xb5, 0x3c, 0x3e, 0x3d, 0x1b, 0x19, 0xea, 0xb1, 0xeb, 0x40, 0x5d, 0x51, 0xee, 0x75, 0x19, 0xc5, - 0x73, 0x67, 0x34, 0x23, 0x5b, 0x65, 0x9f, 0x99, 0xf0, 0x9e, 0x07, 0x7d, 0xbf, 0x02, 0x5d, 0x8e, - 0x94, 0xc5, 0x3a, 0xd7, 0x61, 0x2a, 0x7b, 0xe7, 0x3e, 0x57, 0x16, 0xa5, 0xe5, 0x4c, 0x88, 0x19, - 0xe4, 0xca, 0x58, 0x47, 0x7d, 0x82, 0xc6, 0xdc, 0x95, 0x53, 0x1d, 0x83, 0x7e, 0x8f, 0xb4, 0x34, - 0x9b, 0x96, 0x6f, 0xb2, 0x46, 0x8c, 0x8e, 0x73, 0xcd, 0xa6, 0xf0, 0xb2, 0x7b, 0x76, 0xba, 0x72, - 0xf1, 0x45, 0xb1, 0x3b, 0x72, 0xf8, 0x73, 0x3f, 0x6f, 0x66, 0x64, 0xda, 0x95, 0x0d, 0x5d, 0x53, - 0xcd, 0x72, 0x03, 0xcc, 0x4b, 0xb0, 0x1c, 0xaa, 0x5c, 0x82, 0xc6, 0xc2, 0xb0, 0x6b, 0x81, 0xfb, - 0x90, 0xaa, 0xa4, 0xc8, 0x50, 0xfa, 0xfb, 0x85, 0xcd, 0xa2, 0xe6, 0x81, 0xe1, 0x1f, 0x11, 0x42, - 0x00, 0xbb, 0x56, 0xc5, 0x7c, 0x12, 0x55, 0xea, 0x74, 0x0f, 0x03, 0x77, 0xc1, 0x32, 0xc9, 0xc4, - 0xec, 0x67, 0xd5, 0xfd, 0x9e, 0x45, 0x9d, 0x27, 0xe4, 0x8b, 0xb5, 0x83, 0xe6, 0x99, 0x65, 0xe8, - 0xd7, 0x96, 0x5f, 0x63, 0x1f, 0xdf, 0xa9, 0x79, 0xf5, 0x0e, 0xbb, 0xde, 0xf4, 0xdb, 0x8f, 0xfe, - 0x13, 0x00, 0x00, 0xff, 0xff, 0x5f, 0xbf, 0x29, 0x63, 0x97, 0x0c, 0x00, 0x00, +func init() { proto.RegisterFile("artifact.proto", fileDescriptor_artifact_a7133b7180202821) } + +var fileDescriptor_artifact_a7133b7180202821 = []byte{ + // 1528 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x41, 0x6f, 0x23, 0x49, + 0x15, 0x56, 0xc7, 0x93, 0xc4, 0xa9, 0xd9, 0xc9, 0x2e, 0x05, 0xac, 0x5a, 0x73, 0x40, 0x0f, 0x8f, + 0x80, 0x04, 0xb2, 0x1d, 0xb1, 0xc3, 0x88, 0x25, 0xac, 0x90, 0xec, 0x49, 0x58, 0x82, 0x12, 0x3b, + 0xd3, 0xb1, 0x32, 0xda, 0xbd, 0x44, 0x95, 0xee, 0x67, 0xbb, 0x48, 0x75, 0x55, 0x6f, 0x55, 0xf5, + 0x38, 0xe6, 0xc2, 0x01, 0x89, 0xdb, 0x4a, 0x08, 0xc4, 0x05, 0xf1, 0x1f, 0x10, 0x3f, 0x80, 0x1b, + 0xbf, 0x01, 0x09, 0x24, 0xc4, 0x00, 0x7f, 0x03, 0x09, 0x54, 0xd5, 0xdd, 0xee, 0x76, 0x3c, 0x02, + 0x71, 0xe0, 0x64, 0x57, 0xf5, 0xab, 0xf7, 0xbe, 0xf7, 0xbd, 0xef, 0xbd, 0x2a, 0xb2, 0xcb, 0xb4, + 0xe5, 0x13, 0x96, 0xd8, 0x28, 0xd7, 0xca, 0x2a, 0xba, 0xe9, 0x7f, 0x1e, 0x1f, 0xcd, 0xe7, 0xf3, + 0xe8, 0x15, 0x0a, 0x95, 0xf0, 0x14, 0xef, 0xa2, 0x44, 0x65, 0x87, 0x53, 0x25, 0x98, 0x9c, 0x1e, + 0x96, 0x9b, 0x9a, 0xe5, 0x56, 0xe9, 0x43, 0x6f, 0x7c, 0x68, 0x30, 0x63, 0xd2, 0xf2, 0xa4, 0x74, + 0xd1, 0x7b, 0x1d, 0x90, 0xb7, 0xbf, 0xcf, 0x51, 0xa4, 0xc7, 0x68, 0x12, 0xcd, 0x9d, 0x21, 0x7d, + 0x42, 0x1e, 0x4d, 0x34, 0x47, 0x99, 0x8a, 0xc5, 0xb5, 0x64, 0x19, 0x86, 0x01, 0x04, 0x7b, 0x3b, + 0xf1, 0x5b, 0xf5, 0xe6, 0x90, 0x65, 0x48, 0x29, 0x79, 0xe0, 0xbf, 0x6d, 0xf8, 0x6f, 0xfe, 0x3f, + 0x7d, 0x4c, 0xba, 0x1a, 0x73, 0x64, 0x16, 0xd3, 0xb0, 0x03, 0xc1, 0x5e, 0x37, 0x5e, 0xae, 0x9d, + 0xbd, 0x5d, 0xe4, 0x18, 0x3e, 0x28, 0xed, 0xdd, 0x7f, 0xfa, 0x0e, 0xe9, 0xa4, 0x2a, 0x09, 0x37, + 0xfd, 0x96, 0xfb, 0x4b, 0xdf, 0x25, 0x5b, 0x82, 0xdd, 0xa0, 0x30, 0xe1, 0x16, 0x74, 0xf6, 0x76, + 0xe2, 0x6a, 0x45, 0x43, 0xb2, 0x9d, 0xe2, 0x84, 0x15, 0xc2, 0x86, 0xdb, 0xde, 0xba, 0x5e, 0x52, + 0x20, 0x0f, 0xd3, 0x0a, 0x3a, 0x57, 0x32, 0xec, 0xfa, 0xaf, 0xed, 0xad, 0xde, 0x33, 0xb2, 0x73, + 0x22, 0x8b, 0xec, 0x8a, 0x89, 0x02, 0xe9, 0x17, 0xc8, 0xe6, 0x2b, 0xf7, 0xc7, 0xe7, 0xb4, 0x19, + 0x97, 0x8b, 0x37, 0x25, 0xd3, 0xfb, 0xdb, 0x06, 0xd9, 0x1d, 0x2f, 0x72, 0x6c, 0x11, 0x53, 0xe1, + 0x0d, 0x1a, 0xbc, 0xf7, 0xa2, 0xef, 0xac, 0x45, 0xa7, 0x11, 0xd9, 0x9a, 0x38, 0x7e, 0x4d, 0xb8, + 0x01, 0x9d, 0xbd, 0x87, 0xef, 0xbf, 0x5b, 0x12, 0x1f, 0xdd, 0x23, 0x3d, 0xae, 0xac, 0x96, 0x50, + 0x3a, 0x2d, 0x5e, 0xd7, 0x0a, 0xb2, 0xfd, 0xe6, 0x82, 0xdc, 0x72, 0x99, 0xd6, 0x04, 0xbb, 0xff, + 0x2e, 0x5b, 0x25, 0x51, 0x4d, 0x3c, 0xc5, 0xdd, 0xb8, 0x5c, 0xd0, 0x51, 0x43, 0xe6, 0x96, 0x33, + 0x1e, 0x3c, 0xfb, 0xfb, 0x3f, 0xff, 0xf1, 0x87, 0xe0, 0x90, 0xbe, 0x37, 0x9e, 0x21, 0xfc, 0xc8, + 0x28, 0x09, 0x28, 0x13, 0x95, 0x62, 0x0a, 0x95, 0x1d, 0x78, 0x9a, 0x60, 0xa2, 0x34, 0xd8, 0x19, + 0x37, 0xe0, 0xaa, 0x17, 0x35, 0x35, 0xf8, 0x36, 0xd9, 0x65, 0x42, 0xa8, 0x39, 0xa6, 0xd7, 0xde, + 0xd0, 0x84, 0x5d, 0x9f, 0xeb, 0x3b, 0x55, 0xae, 0x4b, 0xfa, 0xe3, 0x47, 0x95, 0x9d, 0x5f, 0x99, + 0xde, 0xb7, 0xc8, 0xa6, 0xa3, 0xd8, 0xd0, 0x6f, 0x90, 0x4d, 0x6e, 0x31, 0x33, 0x61, 0xe0, 0x0f, + 0x7e, 0xb1, 0x3a, 0xb8, 0xca, 0x7f, 0x5c, 0xda, 0xf4, 0xfe, 0xb5, 0x41, 0x3e, 0xd7, 0xaf, 0x3a, + 0xe1, 0x82, 0x69, 0x96, 0xa1, 0x45, 0xbd, 0x24, 0x2e, 0x68, 0x11, 0xd7, 0x92, 0xcd, 0xc6, 0x7f, + 0x94, 0x4d, 0x67, 0xbd, 0x70, 0x6f, 0x12, 0xec, 0x5a, 0x21, 0x36, 0xd7, 0x0b, 0x71, 0xf4, 0x3a, + 0xf8, 0xb3, 0xa3, 0xf3, 0x4f, 0x01, 0xf9, 0x63, 0x50, 0xc3, 0x34, 0x90, 0xb1, 0x05, 0xb0, 0x24, + 0xc1, 0xdc, 0x42, 0x5e, 0x63, 0x36, 0x30, 0x9f, 0xf1, 0x64, 0x06, 0x4c, 0x23, 0xb0, 0xd4, 0xf1, + 0x6d, 0x15, 0xd8, 0x19, 0x82, 0x49, 0x54, 0x8e, 0x90, 0x6b, 0xee, 0x08, 0x57, 0x80, 0x77, 0x98, + 0x14, 0x0e, 0x54, 0x04, 0xc3, 0xd1, 0xf8, 0xe4, 0x08, 0x98, 0x10, 0x6d, 0x2f, 0xee, 0xbc, 0xb1, + 0x9a, 0xcb, 0xa9, 0x81, 0xf7, 0x80, 0x4f, 0x60, 0xa1, 0x0a, 0x90, 0x88, 0x29, 0x18, 0x95, 0xa1, + 0x9d, 0x71, 0x39, 0x05, 0x14, 0x06, 0xbd, 0xef, 0x4f, 0x0b, 0xd4, 0x0b, 0x48, 0x98, 0x84, 0x42, + 0xe6, 0x2c, 0xb9, 0x05, 0x8c, 0xa6, 0x11, 0x4c, 0xb4, 0xca, 0xe0, 0x87, 0x97, 0xa3, 0x21, 0x14, + 0xc6, 0x99, 0x3b, 0x4b, 0xb7, 0xbc, 0x60, 0xda, 0xe0, 0xde, 0x3e, 0x5c, 0xbd, 0x38, 0x83, 0x49, + 0x21, 0x13, 0x8f, 0xa2, 0xf7, 0x97, 0x07, 0x64, 0xb7, 0x4e, 0xed, 0x52, 0x15, 0x3a, 0x41, 0xfa, + 0xdb, 0xa0, 0x2d, 0xdc, 0xc1, 0xaf, 0x03, 0xaf, 0xa9, 0x5f, 0x06, 0xf4, 0xe7, 0x81, 0x53, 0x95, + 0xfb, 0x04, 0x6a, 0x52, 0xca, 0xa7, 0x1e, 0x63, 0x60, 0xfc, 0xd9, 0x08, 0x4e, 0x27, 0x20, 0x95, + 0x05, 0x83, 0x16, 0xe6, 0x08, 0x45, 0x85, 0xd4, 0x2c, 0xcf, 0x60, 0x73, 0x84, 0x5b, 0x83, 0x62, + 0x12, 0xc1, 0xb8, 0xbd, 0x99, 0xa8, 0x2c, 0xe7, 0x02, 0x35, 0xcc, 0xb9, 0x10, 0x30, 0x45, 0x89, + 0x9a, 0x59, 0x04, 0x56, 0x25, 0x3b, 0xe7, 0x76, 0x56, 0x46, 0x76, 0x30, 0xa2, 0x4a, 0x1c, 0x9f, + 0x05, 0xab, 0x1a, 0xf0, 0x85, 0x1e, 0xdc, 0x7a, 0xdc, 0x48, 0x93, 0x3e, 0xb4, 0x3e, 0x56, 0xf4, + 0x36, 0x1d, 0x50, 0x23, 0x1f, 0x2a, 0x8b, 0xc0, 0xad, 0xe7, 0xf3, 0x06, 0x81, 0x4b, 0x8b, 0x3a, + 0x57, 0xc2, 0x8d, 0xbc, 0x32, 0xac, 0xb2, 0x33, 0xd4, 0x0d, 0xd2, 0x96, 0x4f, 0x13, 0xad, 0x0a, + 0x6e, 0x46, 0xde, 0xca, 0x35, 0x26, 0x4a, 0xa6, 0xdc, 0xe3, 0xf1, 0x42, 0x1e, 0x1c, 0x7b, 0x3c, + 0xdf, 0xa3, 0x1f, 0xf6, 0x7d, 0x0d, 0xf0, 0x2e, 0xd7, 0x68, 0x8c, 0x83, 0x64, 0x95, 0x8b, 0x88, + 0xae, 0xe3, 0x7c, 0xb8, 0xa5, 0x5c, 0xea, 0x0a, 0x36, 0x30, 0xe3, 0x15, 0xcf, 0xd4, 0x92, 0x6d, + 0x47, 0x0c, 0xc7, 0x72, 0x28, 0xed, 0x0c, 0x3e, 0xf1, 0x41, 0xc6, 0x34, 0x7e, 0x51, 0x6e, 0x83, + 0x9d, 0x31, 0x5b, 0x92, 0xa9, 0x0b, 0x09, 0x5c, 0x82, 0xd2, 0x29, 0xea, 0x08, 0x46, 0x52, 0x2c, + 0x40, 0x15, 0x36, 0x2f, 0x6c, 0x29, 0x19, 0x57, 0x1b, 0xc1, 0x8c, 0x5d, 0x32, 0x2d, 0x84, 0x43, + 0x95, 0x28, 0x21, 0x30, 0xb1, 0x98, 0x46, 0x71, 0x1d, 0xea, 0x68, 0xdf, 0xb7, 0xc5, 0x13, 0xf2, + 0xe5, 0x97, 0x33, 0xd4, 0xb8, 0x5a, 0xd5, 0x29, 0x5a, 0xe3, 0x4a, 0x0b, 0x29, 0xb3, 0x2c, 0xea, + 0xfd, 0x7e, 0x83, 0x6c, 0xc5, 0x98, 0x2b, 0x6d, 0xe9, 0x79, 0xd5, 0x86, 0x25, 0x1b, 0xdf, 0xf1, + 0x40, 0x9f, 0xd2, 0x6f, 0xba, 0xc9, 0xe0, 0xb4, 0xa1, 0xbd, 0xd5, 0x11, 0x9c, 0x8f, 0x86, 0xa7, + 0xe3, 0x51, 0x7c, 0x3a, 0xfc, 0xe8, 0xfa, 0xb8, 0x7f, 0x7a, 0xf6, 0xf1, 0x01, 0x5c, 0x8c, 0x2e, + 0xc7, 0xd7, 0x17, 0xf1, 0xe8, 0xf9, 0xc9, 0xe5, 0xe5, 0xe9, 0xf0, 0xa3, 0xaa, 0x83, 0x1f, 0x93, + 0xae, 0xc5, 0x2c, 0x77, 0x05, 0xaa, 0x46, 0xc2, 0x72, 0x4d, 0x3f, 0x20, 0xa4, 0x69, 0xaa, 0xb0, + 0xe3, 0x27, 0x51, 0x58, 0x4d, 0xa2, 0xb5, 0x79, 0x13, 0xb7, 0x6c, 0x8f, 0x3e, 0x2b, 0x5b, 0xfe, + 0x67, 0x01, 0xf9, 0x69, 0xd0, 0xaf, 0x30, 0x01, 0x37, 0x4b, 0x25, 0xa6, 0x0d, 0x59, 0x15, 0x79, + 0xf7, 0x65, 0xdd, 0x10, 0xe6, 0x94, 0xad, 0xb1, 0x16, 0x54, 0x56, 0x08, 0xcb, 0x73, 0x81, 0xb5, + 0x53, 0x97, 0x44, 0xdb, 0x6f, 0x8a, 0x39, 0xca, 0xd4, 0xd5, 0x5b, 0x49, 0x48, 0x94, 0xb4, 0x78, + 0x67, 0xa3, 0xde, 0x5f, 0xbb, 0xa4, 0x5b, 0x23, 0xa6, 0xbf, 0x0b, 0xda, 0x93, 0x71, 0xf0, 0x9b, + 0xb2, 0x33, 0x7f, 0x15, 0xd0, 0x5f, 0xdc, 0xeb, 0xcc, 0x06, 0x4e, 0x04, 0x97, 0x33, 0x55, 0x88, + 0xd4, 0x21, 0x28, 0x24, 0xff, 0xb4, 0x40, 0x60, 0x32, 0xf5, 0x33, 0xcc, 0xc5, 0x60, 0x5c, 0x42, + 0xaa, 0xac, 0x89, 0xa0, 0xef, 0x9a, 0x75, 0x52, 0x08, 0x30, 0xc9, 0x0c, 0x33, 0x74, 0x39, 0x3b, + 0x59, 0x6a, 0x64, 0xb7, 0x90, 0x30, 0x8b, 0x53, 0xe5, 0xe5, 0xe4, 0x3b, 0x21, 0x55, 0xb6, 0x9c, + 0x35, 0x67, 0x5c, 0x16, 0x77, 0xd1, 0x40, 0xab, 0xb9, 0x41, 0x6d, 0xa2, 0xe7, 0x33, 0xad, 0x32, + 0xfc, 0x01, 0x37, 0x56, 0xe9, 0x45, 0xd5, 0x9b, 0x2f, 0x56, 0x5b, 0xd3, 0x57, 0x6a, 0x70, 0xe8, + 0x81, 0xef, 0xd3, 0xaf, 0xbd, 0x74, 0xea, 0x5c, 0x9d, 0x0a, 0x06, 0xac, 0x5e, 0x78, 0xd9, 0xab, + 0x9a, 0xcb, 0x7b, 0xed, 0x75, 0x4c, 0x76, 0x34, 0x4e, 0x50, 0xa3, 0x4c, 0xdc, 0xdc, 0x76, 0xb2, + 0xff, 0xaa, 0x77, 0x08, 0xf4, 0x4b, 0xae, 0x66, 0xd5, 0xa7, 0xa6, 0xc5, 0x97, 0x64, 0xc4, 0xcd, + 0xc1, 0xb5, 0x26, 0xed, 0xfe, 0xdf, 0x9a, 0x54, 0xfc, 0x2f, 0x6a, 0x1c, 0xbc, 0xef, 0x11, 0x1c, + 0xd0, 0xaf, 0x5f, 0x34, 0xd7, 0x42, 0x19, 0x3b, 0xd7, 0xea, 0x15, 0x6f, 0xdd, 0x2d, 0x4d, 0x5a, + 0x2d, 0xff, 0x74, 0x54, 0xb5, 0x19, 0xf1, 0xf9, 0x7c, 0xd7, 0x7b, 0x7b, 0x46, 0x9f, 0x3a, 0x81, + 0xd8, 0xaa, 0xd5, 0x96, 0x97, 0x47, 0x04, 0xcf, 0x4b, 0x71, 0x0e, 0x47, 0xf1, 0x79, 0xff, 0xec, + 0x00, 0x4e, 0xae, 0x4e, 0x86, 0xe3, 0x03, 0xb8, 0x3c, 0x89, 0xaf, 0x4e, 0xe2, 0xaa, 0xd1, 0x3e, + 0x21, 0xdb, 0x65, 0x5e, 0x26, 0x7c, 0xb0, 0x72, 0xa7, 0xaf, 0xde, 0x1b, 0x83, 0x7d, 0x1f, 0xea, + 0x09, 0xfd, 0xef, 0x53, 0x21, 0xae, 0x1d, 0xd2, 0x97, 0xa4, 0xcb, 0x65, 0x22, 0x8a, 0x14, 0x4d, + 0xb8, 0xe3, 0x2b, 0xb9, 0x04, 0xdc, 0x07, 0xc1, 0x8d, 0x6f, 0xaf, 0xd5, 0xc1, 0xeb, 0xd9, 0xc8, + 0x50, 0x4f, 0x5d, 0x07, 0xea, 0x8a, 0x72, 0xaf, 0xcb, 0x28, 0x5e, 0x3a, 0xa3, 0x19, 0xd9, 0x2e, + 0xfb, 0xcc, 0x84, 0x0f, 0x3d, 0xe8, 0x47, 0x15, 0xe8, 0x72, 0x18, 0xb5, 0xeb, 0x5c, 0x87, 0xa9, + 0xec, 0x9d, 0xfb, 0x5c, 0x59, 0x94, 0x96, 0x33, 0x21, 0x16, 0x90, 0x2b, 0x63, 0x1d, 0xf5, 0x09, + 0x1a, 0x73, 0x5f, 0x4e, 0x75, 0x0c, 0xfa, 0x01, 0xe9, 0x68, 0x36, 0x2f, 0x5f, 0x73, 0x8d, 0x18, + 0x1d, 0xe7, 0x9a, 0xcd, 0xe1, 0xe3, 0xfe, 0xf9, 0xd9, 0xda, 0x95, 0x19, 0xc5, 0xee, 0xc8, 0xd1, + 0x4f, 0xfc, 0xbc, 0x59, 0x90, 0x79, 0x5f, 0x36, 0x74, 0xcd, 0x35, 0xcb, 0x0d, 0x30, 0x2f, 0xc1, + 0x72, 0x1c, 0x73, 0x09, 0x1a, 0x0b, 0xc3, 0x6e, 0x04, 0x1e, 0x40, 0xaa, 0x92, 0x22, 0x43, 0xe9, + 0x6f, 0x26, 0xb6, 0x88, 0x9a, 0xa7, 0x89, 0x7f, 0x7e, 0x08, 0x01, 0xec, 0x46, 0x15, 0xcb, 0x49, + 0x54, 0xa9, 0xd3, 0x3d, 0x29, 0xdc, 0xd5, 0xcc, 0x24, 0x13, 0x8b, 0x1f, 0x57, 0x2f, 0x83, 0x2c, + 0xea, 0x7d, 0x48, 0x3e, 0x5f, 0x3b, 0x68, 0x1e, 0x68, 0x86, 0x7e, 0x65, 0xf5, 0x1d, 0xf7, 0xf6, + 0xbd, 0x9a, 0x57, 0x2f, 0xb8, 0x9b, 0x2d, 0xbf, 0xfd, 0xf4, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, + 0xc3, 0x70, 0x98, 0xe4, 0xd1, 0x0c, 0x00, 0x00, } diff --git a/artifacts/proto/artifact.proto b/artifacts/proto/artifact.proto index 43cb073dbe4..8196ead32b8 100644 --- a/artifacts/proto/artifact.proto +++ b/artifacts/proto/artifact.proto @@ -106,6 +106,8 @@ message Report { }]; string template = 2; + + repeated ArtifactParameter parameters = 3; } message Artifact { diff --git a/bin/report.go b/bin/report.go index ddf7ec14420..6731ed4827e 100644 --- a/bin/report.go +++ b/bin/report.go @@ -5,6 +5,7 @@ import ( "time" kingpin "gopkg.in/alecthomas/kingpin.v2" + artifacts_proto "www.velocidex.com/golang/velociraptor/artifacts/proto" "www.velocidex.com/golang/velociraptor/reporting" ) @@ -34,8 +35,15 @@ func doDailyMonitoring() { getRepository(config_obj) + parameters := []*artifacts_proto.ArtifactParameter{} + for k, v := range *env_map { + parameters = append(parameters, &artifacts_proto.ArtifactParameter{ + Name: k, Default: v, + }) + } + template_engine, err := reporting.NewTextTemplateEngine( - config_obj, *report_command_daily_monitoring_artifact, *env_map) + config_obj, *report_command_daily_monitoring_artifact) kingpin.FatalIfError(err, "Generating report") ts, err := time.Parse("2006-01-02", *report_command_daily_monitoring_day_name) diff --git a/constants/constants.go b/constants/constants.go index 8df1a0dc2fc..cc920f32e3c 100644 --- a/constants/constants.go +++ b/constants/constants.go @@ -50,8 +50,7 @@ const ( FileFinderArtifactName = "System.Flow.FileFinder" // Filestore paths for artifacts must begin with this prefix. - ARTIFACT_DEFINITION = "/artifact_definitions/custom" - BUILTIN_ARTIFACT_DEFINITION = "/artifact_definitions/builtin" + ARTIFACT_DEFINITION_PREFIX = "/artifact_definitions/" // Messages to the client which we dont care about their responses. IgnoreResponseState = uint64(101) diff --git a/gui/static/Gulpfile.js b/gui/static/Gulpfile.js index a3480a7dbac..2c673ec0eaa 100644 --- a/gui/static/Gulpfile.js +++ b/gui/static/Gulpfile.js @@ -111,6 +111,7 @@ gulp.task('copy-fontawesome-fonts', function() { gulp.task('copy-third-party-resources', function() { return gulp.src([config.nodeModulesDir + '/jstree-bootstrap-theme/dist/themes/proton/*.gif', config.nodeModulesDir + '/jstree-bootstrap-theme/dist/themes/proton/*.png', + config.nodeModulesDir + '/bootstrap/dist/css/bootstrap.css.map', config.nodeModulesDir + '/bootstrap-sass/assets/fonts/bootstrap/glyphicons-halflings-regular.woff2']) .pipe(gulp.dest(config.distDir)); }); diff --git a/gui/static/angular-components/artifact/add_artifact.html b/gui/static/angular-components/artifact/add_artifact.html index 220f1fc5765..326bf4c01d9 100644 --- a/gui/static/angular-components/artifact/add_artifact.html +++ b/gui/static/angular-components/artifact/add_artifact.html @@ -19,7 +19,7 @@

Add/Modify an artifact

> - Save Artifact diff --git a/gui/static/angular-components/artifact/add_client_monitoring.html b/gui/static/angular-components/artifact/add_client_monitoring.html index 0fc11d404a4..6da666660c5 100644 --- a/gui/static/angular-components/artifact/add_client_monitoring.html +++ b/gui/static/angular-components/artifact/add_client_monitoring.html @@ -8,7 +8,7 @@

Add client monitoring artifacts.

> - Save Client Monitoring Artifacts diff --git a/gui/static/angular-components/artifact/add_server_monitoring.html b/gui/static/angular-components/artifact/add_server_monitoring.html index 4eb10b9303f..f3d77208d78 100644 --- a/gui/static/angular-components/artifact/add_server_monitoring.html +++ b/gui/static/angular-components/artifact/add_server_monitoring.html @@ -8,7 +8,7 @@

Add server monitoring.

> - Save Server Monitoring Artifacts diff --git a/gui/static/angular-components/artifact/artifact-viewer-directive.js b/gui/static/angular-components/artifact/artifact-viewer-directive.js new file mode 100644 index 00000000000..6bbef32fe05 --- /dev/null +++ b/gui/static/angular-components/artifact/artifact-viewer-directive.js @@ -0,0 +1,145 @@ +'use strict'; + +goog.module('grrUi.artifact.artifactViewerDirective'); + + +const ArtifactViewerController = function( + $scope, grrApiService, $uibModal) { + this.scope_ = $scope; + this.grrApiService_ = grrApiService; + this.uibModal_ = $uibModal; + + /** @export {Object} */ + this.descriptors = {}; + + /** @export {string} */ + this.descriptorsError; + + /** @export {Object} */ + this.selectedName; + this.isCustom = false; + + this.reportParams = {}; + + // A list of descriptors that matched the search term. + this.matchingDescriptors = []; + this.scope_.$watch('controller.search', + this.onSearchChange_.bind(this)); +}; + +ArtifactViewerController.prototype.onSearchChange_ = function() { + var self = this; + this.grrApiService_.get( + "/v1/GetArtifacts", { + search_term: self.search, + }).then( + function(response){ + self.matchingDescriptors = []; + + for(var i=0; i +
+
+
+ + + + + + +
+
+
+ + + +
+
+
+ +
+ +
+
+ Search for an artifact by typing above. +
+ + + + + + + + + + + + + + +
+ Can't fetch artifacts list:
+ {$ controller.descriptorsError $} +
+
+ {$ ::descriptor.name $} +
+
+
+
+ +
+ + +
+
diff --git a/gui/static/angular-components/artifact/artifact.js b/gui/static/angular-components/artifact/artifact.js index 2b92a59392a..e325dd2afee 100644 --- a/gui/static/angular-components/artifact/artifact.js +++ b/gui/static/angular-components/artifact/artifact.js @@ -5,8 +5,8 @@ goog.module.declareLegacyNamespace(); const {ArtifactDescriptorDirective} = goog.require('grrUi.artifact.artifactDescriptorDirective'); const {ArtifactDescriptorsService} = goog.require('grrUi.artifact.artifactDescriptorsService'); -const {ArtifactsListFormDirective} = goog.require('grrUi.artifact.artifactsListFormDirective'); -const {ArtifactsParamsFormDirective} = goog.require('grrUi.artifact.artifactsParamsFormDirective'); +const {ArtifactsViewerDirective} = goog.require('grrUi.artifact.artifactViewerDirective'); + const {LineChartDirective} = goog.require('grrUi.artifact.lineChartDirective'); const {TimelineDirective} = goog.require('grrUi.artifact.timelineDirective'); const {ReportingDirective} = goog.require('grrUi.artifact.reportingDirective'); @@ -28,10 +28,10 @@ exports.artifactModule = angular.module( exports.artifactModule.directive( ArtifactDescriptorDirective.directive_name, ArtifactDescriptorDirective); + exports.artifactModule.directive( - ArtifactsListFormDirective.directive_name, ArtifactsListFormDirective); -exports.artifactModule.directive( - ArtifactsParamsFormDirective.directive_name, ArtifactsParamsFormDirective); + ArtifactsViewerDirective.directive_name, ArtifactsViewerDirective); + exports.artifactModule.directive( LineChartDirective.directive_name, LineChartDirective); exports.artifactModule.directive( @@ -58,18 +58,6 @@ exports.artifactModule.directive( exports.artifactModule.service( ArtifactDescriptorsService.service_name, ArtifactDescriptorsService); -exports.artifactModule.run(function( - grrSemanticFormDirectivesRegistryService) { - var registry = grrSemanticFormDirectivesRegistryService; - - registry.registerDirective( - ArtifactsListFormDirective.semantic_type, ArtifactsListFormDirective); - - registry.registerDirective( - ArtifactsParamsFormDirective.semantic_type, ArtifactsParamsFormDirective); -}); - - exports.artifactModule.run(function(grrSemanticValueDirectivesRegistryService) { var registry = grrSemanticValueDirectivesRegistryService; diff --git a/gui/static/angular-components/artifact/artifacts-list-form-directive.js b/gui/static/angular-components/artifact/artifacts-list-form-directive.js deleted file mode 100644 index 5afb7906fb1..00000000000 --- a/gui/static/angular-components/artifact/artifacts-list-form-directive.js +++ /dev/null @@ -1,227 +0,0 @@ -'use strict'; - -goog.module('grrUi.artifact.artifactsListFormDirective'); -goog.module.declareLegacyNamespace(); - - - -/** - * Controller for ArtifactsListFormDirective. - * - * @constructor - * @param {!angular.Scope} $scope - * @param {!grrUi.artifact.artifactDescriptorsService.ArtifactDescriptorsService} grrArtifactDescriptorsService - * @ngInject - */ -const ArtifactsListFormController = - function($scope, grrArtifactDescriptorsService, $rootScope) { - /** @private {!angular.Scope} */ - this.scope_ = $scope; - this.rootScope_ = $rootScope; - - /** @private {!grrUi.artifact.artifactDescriptorsService.ArtifactDescriptorsService} */ - this.grrArtifactDescriptorsService_ = grrArtifactDescriptorsService; - - /** @export {Array} */ - this.descriptorsList = []; - - /** @export {Object} */ - this.descriptors; - - /** @export {string} */ - this.descriptorsError; - - /** @export {Object} */ - this.selectedName; - - /** @export {string} */ - this.search = ''; - - /** @export {Function} Bound function to be used as a filter. */ - this.searchFilterRef = this.searchFilter.bind(this); - - this.grrArtifactDescriptorsService_.listDescriptors().then( - this.onArtifactsResponse_.bind(this), - this.onArtifactsRequestFailure_.bind(this)); - - this.scope_.$watch('controller.descriptors', - this.onDescriptorsOrValueChange_.bind(this)); - - this.scope_.$watch('controller.selectedName', - this.onSelectedNameChange_.bind(this)); - - this.scope_.$watchCollection('value', - this.onDescriptorsOrValueChange_.bind(this)); - - if (angular.isUndefined(this.scope_.value)) { - this.scope_.value = {names:[]}; - } -}; - -ArtifactsListFormController.prototype.onSelectedNameChange_ = function(newValue) { - if (angular.isDefined(this.descriptors)) { - this.rootScope_["selectedArtifact"] = this.descriptors[this.selectedName]; - } -}; - - -/** - * Filters artifacts by search string (case-insenstive). - * - * @param {!Object} descriptor Artifact descriptor to check. - * @return {boolean} True if artifacts's name matches current search - * string, false otherwise. - * @export - */ -ArtifactsListFormController.prototype.searchFilter = function(descriptor) { - return !this.search || - descriptor.name - .toLowerCase().indexOf(this.search.toLowerCase()) != -1; -}; - -/** - * Handles server's response with a list of artifacts. - * - * @param {!Object} descriptors - * @private - */ -ArtifactsListFormController.prototype.onArtifactsResponse_ = function( - descriptors) { - this.descriptors = descriptors; -}; - - -/** - * Handles errors that happen when requesting list of available artifacts. - * - * @param {string} error - * @private - */ -ArtifactsListFormController.prototype.onArtifactsRequestFailure_ = function( - error) { - this.descriptorsError = error; -}; - -/** - * Adds artifact with a given name to the list of selected names and - * removes artifact descriptor with this name from selectable artifacts - * list. - * - * @param {!Object} name Typed name of the artifact to add to the selected - * list. - * @export - */ -ArtifactsListFormController.prototype.add = function(name) { - var index = -1; - for (var i = 0; i < this.scope_.value.names.length; ++i) { - if (this.scope_.value.names[i] == name) { - index = i; - break; - } - } - if (index == -1) { - this.scope_.value.names.push(name); - } -}; - -/** - * Removes given name from the list of selected artifacts names and - * adds artifact descriptor with this name back to the list of selectable - * artifacts. - * - * @param {!Object} name Typed name to be removed from the list of selected - * names. - * @export - */ -ArtifactsListFormController.prototype.remove = function(name) { - var index = -1; - for (var i = 0; i < this.scope_.value.names.length; ++i) { - if (this.scope_.value.names[i] == name) { - index = i; - break; - } - } - - if (index != -1) { - this.scope_.value.names.splice(index, 1); - } -}; - -/** - * Removes all names from the list of selected artifacts names. - * - * @export - */ -ArtifactsListFormController.prototype.clear = function() { - angular.forEach(angular.copy(this.scope_.value.names), function(name) { - this.remove(name); - }.bind(this)); -}; - -/** - * Handles either controller.descriptors or value bindings updates. - * - * This function keeps controller.descriptorsList up to date. - * controller.descriptorsList is used to show list of artifacts available for - * selection. So whenever selection list changes we have to regenerate this - * list. - * - * @private - **/ -ArtifactsListFormController.prototype.onDescriptorsOrValueChange_ = function() { - if (angular.isDefined(this.descriptors) && - angular.isDefined(this.scope_.value) && - angular.isDefined(this.scope_.value.names)) { - this.descriptorsList = []; - angular.forEach(this.descriptors, function(descriptor, name) { - var index = -1; - for (var i = 0; i < this.scope_.value.names.length; ++i) { - if (this.scope_.value.names[i] == name) { - index = i; - break; - } - } - - if (index == -1) { - this.descriptorsList.push(descriptor); - } - }.bind(this)); - } -}; - -/** - * OutputPluginDescriptorFormDirective definition. - * - * @return {angular.Directive} Directive definition object. - */ -exports.ArtifactsListFormDirective = function() { - return { - restrict: 'E', - scope: { - descriptor: '=', - value: '=' - }, - templateUrl: '/static/angular-components/artifact/' + - 'artifacts-list-form.html', - controller: ArtifactsListFormController, - controllerAs: 'controller' - }; -}; - - -/** - * Directive's name in Angular. - * - * @const - * @export - */ -exports.ArtifactsListFormDirective.directive_name = 'grrArtifactsListForm'; - - -/** - * Semantic type corresponding to this directive. - * - * @const - * @export - */ -exports.ArtifactsListFormDirective.semantic_type = 'Artifacts'; diff --git a/gui/static/angular-components/artifact/artifacts-list-form.html b/gui/static/angular-components/artifact/artifacts-list-form.html deleted file mode 100644 index 66f42d7784a..00000000000 --- a/gui/static/angular-components/artifact/artifacts-list-form.html +++ /dev/null @@ -1,122 +0,0 @@ -
- -
- -
- -
- -
- - - - - - - - - - - - - - - - - -
- - Loading artifacts... -
- Can't fetch artifacts list:
- {$ controller.descriptorsError $} -
-
- {$ ::descriptor.name $} - - - - -
-
-
- -
-
-

Selected Artifacts:

-
-
- -
-
-
- -
- - - - - - - - - - - - - - -
-
- {$ ::name $} - - - - -
-
- Use "Add" button or double-click to add artifacts to the list. -
-
- -
- - -
- -
-
-
-
- -
- -
- -
diff --git a/gui/static/angular-components/artifact/artifacts-list-form.scss b/gui/static/angular-components/artifact/artifacts-list-form.scss deleted file mode 100644 index f421c8e6ec3..00000000000 --- a/gui/static/angular-components/artifact/artifacts-list-form.scss +++ /dev/null @@ -1,5 +0,0 @@ -grr-artifacts-list-form { - div.input-group { - width: 100% !important; - } -} diff --git a/gui/static/angular-components/artifact/artifacts-parameters-form-directive.js b/gui/static/angular-components/artifact/artifacts-parameters-form-directive.js deleted file mode 100644 index ab94a44364e..00000000000 --- a/gui/static/angular-components/artifact/artifacts-parameters-form-directive.js +++ /dev/null @@ -1,57 +0,0 @@ -'use strict'; - -goog.module('grrUi.artifact.artifactsParamsFormDirective'); -goog.module.declareLegacyNamespace(); - - -/** - * Controller for ArtifactsParamsFormController. - * - * @param {!angular.Scope} $scope - * @param {!angular.Scope} $rootScope - * @constructor - * @ngInject - */ -const ArtifactsParamsFormController = function($scope, $rootScope) { - /** @private {!angular.Scope} */ - this.scope_ = $scope; -}; - -ArtifactsParamsFormController.prototype.addItem = function() { - var parameters = this.scope_["params"]; - var descriptors = this.scope_["descriptors"]; - - for (var i=0; i - -
- - -
- -
- -
-
-
- - - diff --git a/gui/static/angular-components/artifact/client-event.html b/gui/static/angular-components/artifact/client-event.html index dee940dec8a..5ade31ee3ba 100644 --- a/gui/static/angular-components/artifact/client-event.html +++ b/gui/static/angular-components/artifact/client-event.html @@ -2,16 +2,25 @@
-
- + + + +
- - -

-
- -
diff --git a/gui/static/angular-components/client/virtual-file-system/virtual-file-system.js b/gui/static/angular-components/client/virtual-file-system/virtual-file-system.js index 82150439da4..d2d6339b360 100644 --- a/gui/static/angular-components/client/virtual-file-system/virtual-file-system.js +++ b/gui/static/angular-components/client/virtual-file-system/virtual-file-system.js @@ -7,7 +7,6 @@ const {AddItemButtonDirective} = goog.require('grrUi.client.virtualFileSystem.ad const {BreadcrumbsDirective} = goog.require('grrUi.client.virtualFileSystem.breadcrumbsDirective'); const {FileContextDirective} = goog.require('grrUi.client.virtualFileSystem.fileContextDirective'); const {FileDetailsDirective} = goog.require('grrUi.client.virtualFileSystem.fileDetailsDirective'); -const {FileDownloadViewDirective} = goog.require('grrUi.client.virtualFileSystem.fileDownloadViewDirective'); const {FileHexViewDirective} = goog.require('grrUi.client.virtualFileSystem.fileHexViewDirective'); const {FileStatsViewDirective} = goog.require('grrUi.client.virtualFileSystem.fileStatsViewDirective'); const {FileTableDirective} = goog.require('grrUi.client.virtualFileSystem.fileTableDirective'); @@ -36,8 +35,6 @@ exports.virtualFileSystemModule.directive( FileContextDirective.directive_name, FileContextDirective); exports.virtualFileSystemModule.directive( FileDetailsDirective.directive_name, FileDetailsDirective); -exports.virtualFileSystemModule.directive( - FileDownloadViewDirective.directive_name, FileDownloadViewDirective); exports.virtualFileSystemModule.directive( FileHexViewDirective.directive_name, FileHexViewDirective); exports.virtualFileSystemModule.directive( diff --git a/gui/static/angular-components/config/config.js b/gui/static/angular-components/config/config.js index 2af409cc409..ada22a52d23 100644 --- a/gui/static/angular-components/config/config.js +++ b/gui/static/angular-components/config/config.js @@ -3,7 +3,6 @@ goog.module('grrUi.config.config'); goog.module.declareLegacyNamespace(); -const {ServerFilesDirective} = goog.require('grrUi.config.serverFilesDirective'); const {coreModule} = goog.require('grrUi.core.core'); @@ -12,6 +11,3 @@ const {coreModule} = goog.require('grrUi.core.core'); * Angular module for config-related UI. */ exports.configModule = angular.module('grrUi.config', [coreModule.name]); - -exports.configModule.directive( - ServerFilesDirective.directive_name, ServerFilesDirective); diff --git a/gui/static/angular-components/config/server-files-directive.js b/gui/static/angular-components/config/server-files-directive.js deleted file mode 100644 index 314b20c6d90..00000000000 --- a/gui/static/angular-components/config/server-files-directive.js +++ /dev/null @@ -1,102 +0,0 @@ -'use strict'; - -goog.module('grrUi.config.serverFilesDirective'); -goog.module.declareLegacyNamespace(); - -/** - * Controller for ServerFilesController - * - * @param {!angular.Scope} $scope - * @param {!grrUi.routing.routingService.RoutingService} grrRoutingService - * @constructor - * @ngInject - */ -const ServerFilesController = function( - $scope, grrRoutingService) { - /** @private {!angular.Scope} */ - this.scope_ = $scope; - - /** @private {!grrUi.routing.routingService.RoutingService} */ - this.grrRoutingService_ = grrRoutingService; - - /** @type {string} */ - this.selectedDirPath; - - /** @type {string} */ - this.viewMode = 'list'; - - /** @type {string} */ - this.tab = 'stats'; - - /** @type {number|undefined} */ - this.fileVersion; - - this.grrRoutingService_.uiOnParamsChanged( - this.scope_, ['path', 'version', 'mode', 'tab'], - this.onUrlRoutingParamsChanged_.bind(this)); - - this.scope_.$watchGroup(['controller.selectedDirPath', - 'controller.fileVersion', - 'controller.viewMode', - 'controller.tab'], - this.onFileContextRoutingParamsChange_.bind(this)); -}; - - - -/** - * Handles changes of the routing-related params in the URL. Updates - * file context. - * - * @param {!Array} params Changed routing params. - * @private - */ -ServerFilesController.prototype.onUrlRoutingParamsChanged_ = function(params) { - this.selectedDirPath = params[0]; - this.fileVersion = parseInt(params[1], 10) || undefined; - this.viewMode = params[2] || 'list'; - this.tab = params[3] || 'stats'; -}; - -ServerFilesController.prototype.onFileContextRoutingParamsChange_ = function() { - var params = { - path: this.selectedDirPath, - }; - if (!this.viewMode || this.viewMode == 'list') { - params['mode'] = undefined; - } else { - params['mode'] = this.viewMode; - } - - if (!this.tab || this.tab == 'stats') { - params['tab'] = undefined; - } else { - params['tab'] = this.tab; - } - - this.grrRoutingService_.go('server_files', params); -}; - - -/** - * FileViewDirective definition. - * @return {angular.Directive} Directive definition object. - */ -exports.ServerFilesDirective = function() { - return { - restrict: 'E', - scope: {}, - templateUrl: '/static/angular-components/config/server-files.html', - controller: ServerFilesController, - controllerAs: 'controller' - }; -}; - - -/** - * Name of the directive in Angular. - * - * @const - * @export - */ -exports.ServerFilesDirective.directive_name = 'grrServerFiles'; diff --git a/gui/static/angular-components/config/server-files.html b/gui/static/angular-components/config/server-files.html deleted file mode 100644 index 46ed666c735..00000000000 --- a/gui/static/angular-components/config/server-files.html +++ /dev/null @@ -1,30 +0,0 @@ - - -
-
- -
- -
-
- -
- -
- -
- -
- -
-
-
- - diff --git a/gui/static/angular-components/flow/new_artifact_collection-directive.js b/gui/static/angular-components/flow/new_artifact_collection-directive.js index 854835be114..0943f7cb04b 100644 --- a/gui/static/angular-components/flow/new_artifact_collection-directive.js +++ b/gui/static/angular-components/flow/new_artifact_collection-directive.js @@ -39,7 +39,7 @@ const NewArtifactCollectionController = function( this.params = {}; this.names = []; this.ops_per_second; - this.timeout; + this.timeout = 600; }; diff --git a/gui/static/angular-components/flow/new_artifact_collection.html b/gui/static/angular-components/flow/new_artifact_collection.html index fb646b74bf9..f7c3ae84248 100644 --- a/gui/static/angular-components/flow/new_artifact_collection.html +++ b/gui/static/angular-components/flow/new_artifact_collection.html @@ -10,6 +10,8 @@
Ops/Sec
+
Maximum Time
+
diff --git a/gui/static/angular-components/forms/semantic-value-form.html b/gui/static/angular-components/forms/semantic-value-form.html index 711dc483307..34fc4591968 100644 --- a/gui/static/angular-components/forms/semantic-value-form.html +++ b/gui/static/angular-components/forms/semantic-value-form.html @@ -19,12 +19,6 @@ value="controller.scope_.value" type="{$ type $}" default="default" /> - - - -
I dont know how to render {{ controller.renderer }} for type {{controller.scope_.type}} descriptors {{controller.valueDescriptor}} diff --git a/gui/static/angular-components/hunt/hunt-inspector.html b/gui/static/angular-components/hunt/hunt-inspector.html index bd8dc64e96c..de3839da4be 100644 --- a/gui/static/angular-components/hunt/hunt-inspector.html +++ b/gui/static/angular-components/hunt/hunt-inspector.html @@ -32,4 +32,11 @@
View Hunt details
+ + + + +
diff --git a/gui/static/angular-components/hunt/hunt-report-directive.js b/gui/static/angular-components/hunt/hunt-report-directive.js new file mode 100644 index 00000000000..ccce1b6ddbe --- /dev/null +++ b/gui/static/angular-components/hunt/hunt-report-directive.js @@ -0,0 +1,62 @@ +'use strict'; + +goog.module('grrUi.hunt.huntReportDirective'); + +const HuntReportController = function($scope) { + /** @private {!angular.Scope} */ + this.scope_ = $scope; + + /** @type {string} */ + this.hunt; + this.reporting_params; + this.artifactNames; + + this.scope_.$watchGroup( + ['hunt_id'], + this.onHuntChange_.bind(this)); +}; + +HuntReportController.prototype.onHuntChange_ = function( + newValues, oldValues) { + + if (angular.isDefined(this.scope_.artifactNames) && + this.scope_.artifactNames.length > 0 && + this.selectedArtifact == null) { + this.selectedArtifact = this.scope_.artifactNames[0]; + } + + this.reporting_params = { + "artifact": this.selectedArtifact, + "hunt_id": this.scope_["huntId"], + "type": "HUNT", + }; + + this.artifactNames = this.scope_["artifactNames"]; + if (!angular.isDefined(this.selectedArtifact) && + angular.isDefined(this.artifactNames) && + this.artifactNames.length > 0 ) { + this.selectedArtifact = this.artifactNames[0]; + } +}; + +exports.HuntReportDirective = function() { + return { + scope: { + hunt: '=', + huntId: '=', + }, + restrict: 'E', + templateUrl: '/static/angular-components/hunt/hunt-report.html', + controller: HuntReportController, + controllerAs: 'controller' + }; +}; + + +/** + * Directive's name in Angular. + * + * @const + * @export + */ +exports.HuntReportDirective.directive_name = 'grrHuntReport'; diff --git a/gui/static/angular-components/hunt/hunt-report.html b/gui/static/angular-components/hunt/hunt-report.html new file mode 100644 index 00000000000..879b250a39d --- /dev/null +++ b/gui/static/angular-components/hunt/hunt-report.html @@ -0,0 +1,11 @@ +Hunt Report + +
+ + +
+ +{{ hunt }} +{{ hunt_id }} diff --git a/gui/static/angular-components/hunt/hunt.js b/gui/static/angular-components/hunt/hunt.js index 1641995401c..b1d9a70aa84 100644 --- a/gui/static/angular-components/hunt/hunt.js +++ b/gui/static/angular-components/hunt/hunt.js @@ -4,6 +4,7 @@ goog.module('grrUi.hunt.hunt'); goog.module.declareLegacyNamespace(); const {HuntClientsDirective} = goog.require('grrUi.hunt.huntClientsDirective'); +const {HuntReportDirective} = goog.require('grrUi.hunt.huntReportDirective'); const {HuntInspectorDirective} = goog.require('grrUi.hunt.huntInspectorDirective'); const {HuntOverviewDirective} = goog.require('grrUi.hunt.huntOverviewDirective'); const {HuntResultsDirective} = goog.require('grrUi.hunt.huntResultsDirective'); @@ -24,6 +25,8 @@ exports.huntModule = angular.module( exports.huntModule.directive( HuntClientsDirective.directive_name, HuntClientsDirective); +exports.huntModule.directive( + HuntReportDirective.directive_name, HuntReportDirective); exports.huntModule.directive( HuntInspectorDirective.directive_name, HuntInspectorDirective); exports.huntModule.directive( diff --git a/gui/static/angular-components/hunt/new-hunt-wizard/form.html b/gui/static/angular-components/hunt/new-hunt-wizard/form.html index a5617829b4e..b97b34b44f7 100644 --- a/gui/static/angular-components/hunt/new-hunt-wizard/form.html +++ b/gui/static/angular-components/hunt/new-hunt-wizard/form.html @@ -12,6 +12,8 @@
Ops/Sec
+
Timeout
+
diff --git a/gui/static/angular-components/routing/routing.js b/gui/static/angular-components/routing/routing.js index 1da7bc7b442..1b41b9e0e92 100644 --- a/gui/static/angular-components/routing/routing.js +++ b/gui/static/angular-components/routing/routing.js @@ -49,7 +49,12 @@ exports.routingModule // Landing state. // .state('userDashboard', { - url: '/', + url: '', + template: '', + title: 'Home', + }) + .state('home', { + url: '', template: '', title: 'Home', }) @@ -80,10 +85,10 @@ exports.routingModule } } }) - .state('server_files', { - url: '/server_files/{path:pathWithUnescapedSlashes}?mode&tab', - template: '', - title: 'Server Files' + .state('view_artifacts', { + url: '/view_artifacts', + template: '', + title: 'View Artifacts' }) .state('server_artifacts', { diff --git a/gui/static/angular-components/sidebar/navigator.html b/gui/static/angular-components/sidebar/navigator.html index 01fce8915ee..da9ed27511b 100644 --- a/gui/static/angular-components/sidebar/navigator.html +++ b/gui/static/angular-components/sidebar/navigator.html @@ -24,9 +24,9 @@
    -
  • +
  • - Server Management + View Artifacts
diff --git a/gui/static/angular-components/user/user-dashboard-directive.js b/gui/static/angular-components/user/user-dashboard-directive.js index 068ace7f2b9..d1d5166d791 100644 --- a/gui/static/angular-components/user/user-dashboard-directive.js +++ b/gui/static/angular-components/user/user-dashboard-directive.js @@ -1,9 +1,6 @@ 'use strict'; goog.module('grrUi.user.userDashboardDirective'); -goog.module.declareLegacyNamespace(); - - /** * Controller for UserDashboardDirective. @@ -29,16 +26,24 @@ const UserDashboardController = function( this.params = { artifact: "Server.Monitor.Health", type: "SERVER_EVENT", - dayName: moment.utc().format("YYYY-MM-DD") }; + + this.ranges = [ + {desc: "Last Day", sec: 60*60*24, sample: 4}, + {desc: "Last 2 days", sec: 60*60*24*2, sample: 8}, + {desc: "Last Week", sec: 60*24*24*7, sample: 20}, + ]; + + this.current_range_desc; + this.setRange(this.ranges[0]); +}; + +UserDashboardController.prototype.setRange = function(args) { + this.params.start_time = moment.utc().unix() - args.sec; + this.params.sample = args.sample; + this.current_range_desc = args.desc; }; -/** - * UserDashboardDirective renders a dashboard that users see when they - * hit GRR's Admin UI home page. - * - * @return {!angular.Directive} Directive definition object. - */ exports.UserDashboardDirective = function() { return { scope: {}, @@ -49,11 +54,4 @@ exports.UserDashboardDirective = function() { }; }; - -/** - * Name of the directive in Angular. - * - * @const - * @export - */ exports.UserDashboardDirective.directive_name = 'grrUserDashboard'; diff --git a/gui/static/angular-components/user/user-dashboard.html b/gui/static/angular-components/user/user-dashboard.html index 69d81f3557e..03fb70439cf 100644 --- a/gui/static/angular-components/user/user-dashboard.html +++ b/gui/static/angular-components/user/user-dashboard.html @@ -1,3 +1,32 @@ +
+
+
+
+
+ + +
+
+
+
+
+
diff --git a/gui/static/angular-components/user/user-desktop-notifications-directive.js b/gui/static/angular-components/user/user-desktop-notifications-directive.js index 869f3cb42ee..3be648c1093 100644 --- a/gui/static/angular-components/user/user-desktop-notifications-directive.js +++ b/gui/static/angular-components/user/user-desktop-notifications-directive.js @@ -7,6 +7,7 @@ const {UserNotificationButtonDirective} = goog.require('grrUi.user.userNotificat const {annotateApiNotification, openReference} = goog.require('grrUi.user.userNotificationItemDirective'); +const Notification = null; document.addEventListener('DOMContentLoaded', function() { if(Notification && Notification.permission !== 'granted') { diff --git a/gui/static/css/base.scss b/gui/static/css/base.scss index 15562bdf451..7bde1eb9fba 100644 --- a/gui/static/css/base.scss +++ b/gui/static/css/base.scss @@ -9,7 +9,6 @@ @import 'css/mixins'; // Directive style includes -@import 'angular-components/artifact/artifacts-list-form'; @import 'angular-components/artifact/reporting'; @import 'angular-components/artifact/artifact-descriptor'; @import 'angular-components/client/host-info'; @@ -26,7 +25,6 @@ @import 'angular-components/sidebar/client-warnings'; @import 'angular-components/sidebar/navigator'; @import 'angular-components/user/user-notification-item'; -@import 'angular-components/user/user-settings-button'; // // @@ -982,8 +980,14 @@ table.grr_flot_graph { .dashboard { margin: 20px; - margin-bottom: 40px; + padding-left: 20px; + // Height of dashboard toolbar + footer + scrollbars. + padding-bottom: 70px; + margin-right: 0px; overflow-y: auto; + height: -webkit-fill-available; + height: -moz-available; + height: fill-available; } .table-loading { @@ -1098,6 +1102,17 @@ grr-client-list { background-color: $color-default-background; } +grr-client-events, grr-server-artifacts, grr-user-dashboard, grr-artifact-viewer { + overflow: hidden; +} + +.artifact-view-description { + height: -webkit-fill-available; + height: -moz-available; + height: fill-available; + overflow: auto; +} + .navicon { margin-right: 10px; font-size: 18px; @@ -1129,3 +1144,18 @@ li.active .navicon { .datepicker-toolbar input { height: 33px; } + +.hamburger { + margin-left: -10px; +} + + +div.artifact-view-table { + max-height: -webkit-fill-available; + max-height: -moz-available; + max-height: fill-available; + overflow-y: auto; + overflow-x: hidden; + border: 1px solid #dddddd; + border-top: none; +} diff --git a/gui/static/images/update_table.svg b/gui/static/images/update_table.svg new file mode 100644 index 00000000000..748874089b1 --- /dev/null +++ b/gui/static/images/update_table.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/reporting/gui.go b/reporting/gui.go index d22fcdb7c36..9f12a00749c 100644 --- a/reporting/gui.go +++ b/reporting/gui.go @@ -283,10 +283,11 @@ func (self *logWriter) Write(b []byte) (int, error) { func NewGuiTemplateEngine( config_obj *api_proto.Config, ctx context.Context, - artifact_name string, - parameters map[string]string) (*GuiTemplateEngine, error) { + artifact_name string) ( + *GuiTemplateEngine, error) { + base_engine, err := newBaseTemplateEngine( - config_obj, artifact_name, parameters) + config_obj, artifact_name) if err != nil { return nil, err } @@ -325,6 +326,7 @@ func NewBlueMondayPolicy() *bluemonday.Policy { // Required for syntax highlighting. p.AllowAttrs("class").OnElements("span") p.AllowAttrs("class").OnElements("div") + p.AllowAttrs("class").OnElements("table") return p } diff --git a/reporting/report.go b/reporting/report.go index b96d273932c..255aa1326b5 100644 --- a/reporting/report.go +++ b/reporting/report.go @@ -5,8 +5,6 @@ import ( "fmt" "strings" - // html_template "html/template" - api_proto "www.velocidex.com/golang/velociraptor/api/proto" "www.velocidex.com/golang/velociraptor/artifacts" artifacts_proto "www.velocidex.com/golang/velociraptor/artifacts/proto" @@ -112,6 +110,28 @@ func GenerateMonitoringDailyReport(template_engine TemplateEngine, return result, nil } +func GenerateArtifactDescriptionReport( + template_engine TemplateEngine, + config_obj *api_proto.Config) ( + string, error) { + artifact := template_engine.GetArtifact() + + repository, err := artifacts.GetGlobalRepository(config_obj) + if err != nil { + return "", err + } + + template_artifact, pres := repository.Get("Server.Internal.ArtifactDescription") + if pres { + template_engine.SetEnv("artifact", artifact) + for _, report := range getArtifactReports( + template_artifact, "internal") { + return template_engine.Execute(report.Template) + } + } + return "", nil +} + // Get reports from the artifact or generate a default report if it // does not exist. func getArtifactReports( @@ -148,10 +168,13 @@ func getArtifactReports( func GenerateServerMonitoringReport( template_engine TemplateEngine, - start, end uint64) (string, error) { + start, end uint64, + parameters []*artifacts_proto.ArtifactParameter) (string, error) { + template_engine.SetEnv("ReportMode", "SERVER_EVENT") template_engine.SetEnv("StartTime", int64(start)) template_engine.SetEnv("EndTime", int64(end)) + template_engine.SetEnv("EndTime", int64(end)) template_engine.SetEnv("ArtifactName", template_engine.GetArtifact().Name) result := "" @@ -161,6 +184,15 @@ func GenerateServerMonitoringReport( continue } + for _, param := range report.Parameters { + template_engine.SetEnv(param.Name, param.Default) + } + + // Override with user specified parameters. + for _, param := range parameters { + template_engine.SetEnv(param.Name, param.Default) + } + value, err := template_engine.Execute(report.Template) if err != nil { return "", err @@ -197,8 +229,8 @@ func GenerateClientReport(template_engine TemplateEngine, func newBaseTemplateEngine( config_obj *api_proto.Config, - artifact_name string, - parameters map[string]string) (*BaseTemplateEngine, error) { + artifact_name string) ( + *BaseTemplateEngine, error) { repository, err := artifacts.GetGlobalRepository(config_obj) if err != nil { return nil, err @@ -215,12 +247,6 @@ func newBaseTemplateEngine( Set("server_config", config_obj). Set(vql_subsystem.CACHE_VAR, vql_subsystem.NewScopeCache()) - if parameters != nil { - for k, v := range parameters { - env.Set(k, v) - } - } - scope := artifacts.MakeScope(repository).AppendVars(env) return &BaseTemplateEngine{ Artifact: artifact, diff --git a/reporting/text_expander.go b/reporting/text_expander.go index d442ce4b7c4..855346aecba 100644 --- a/reporting/text_expander.go +++ b/reporting/text_expander.go @@ -109,10 +109,9 @@ func (self *TextTemplateEngine) Table(values ...interface{}) string { } func NewTextTemplateEngine(config_obj *api_proto.Config, - artifact_name string, - parameters map[string]string) (*TextTemplateEngine, error) { + artifact_name string) (*TextTemplateEngine, error) { base_engine, err := newBaseTemplateEngine( - config_obj, artifact_name, parameters) + config_obj, artifact_name) if err != nil { return nil, err } diff --git a/server/comms.go b/server/comms.go index dae529e2c10..7032271cb5d 100644 --- a/server/comms.go +++ b/server/comms.go @@ -181,32 +181,41 @@ func InstallSignalHandler( // Start all the services and shut them down when we // are done. - manager, err := services.StartServices(config_obj) - if err != nil { - return - } - defer manager.Close() - - // Wait for the signal on this channel. - <-quit - logger := logging.Manager.GetLogger( config_obj, &logging.GUIComponent) - atomic.StoreInt32(&healthy, 0) - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - defer cancel() + // When we exit from here, unwind the server. + defer func() { + atomic.StoreInt32(&healthy, 0) + + // Server must shutdown in a reasonable time. + ctx, cancel := context.WithTimeout( + context.Background(), 10*time.Second) + defer cancel() - server.SetKeepAlivesEnabled(false) - logger.Info("Server is shutting down...") + server.SetKeepAlivesEnabled(false) + logger.Info("Server is shutting down...") - // Notify all the currently connected clients we need - // to shut down. - server_obj.NotificationPool.NotifyAll() - err = server.Shutdown(ctx) + // Notify all the currently connected clients we need + // to shut down. + server_obj.NotificationPool.NotifyAll() + err := server.Shutdown(ctx) + if err != nil { + logger.Error( + "Could not gracefully shutdown the server: ", + err) + } + }() + + manager, err := services.StartServices(config_obj) if err != nil { - logger.Error("Could not gracefully shutdown the server: ", err) + logger.Error("Failed starting services: ", err) + return } + defer manager.Close() + + // Wait for the signal on this channel then return. + <-quit }() atomic.StoreInt32(&healthy, 1) diff --git a/vql/server/labels.go b/vql/server/labels.go index fd982a13810..2837fd2fb46 100644 --- a/vql/server/labels.go +++ b/vql/server/labels.go @@ -59,6 +59,7 @@ func (self *AddLabels) Call(ctx context.Context, _, err = api.LabelClients(config_obj, request) if err != nil { + scope.Log("label: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/server/monitoring.go b/vql/server/monitoring.go index 0ddedc8217e..c80aa10fe42 100644 --- a/vql/server/monitoring.go +++ b/vql/server/monitoring.go @@ -164,7 +164,7 @@ type info struct { type MonitoringPluginArgs struct { ClientId []string `vfilter:"optional,field=client_id"` Artifact string `vfilter:"required,field=artifact"` - Source string `vfilter:"required,field=source"` + Source string `vfilter:"optional,field=source"` DateRegex string `vfilter:"optional,field=date_regex"` }