forked from Velocidex/velociraptor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreport.go
89 lines (71 loc) · 2.48 KB
/
report.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// +build server_vql
package main
import (
"log"
"os"
"github.com/Velocidex/ordereddict"
kingpin "gopkg.in/alecthomas/kingpin.v2"
"www.velocidex.com/golang/velociraptor/services"
vql_subsystem "www.velocidex.com/golang/velociraptor/vql"
"www.velocidex.com/golang/velociraptor/vql/server/downloads"
)
var (
report_command = app.Command("report", "Generate a report.")
report_command_flow = report_command.Command("flow", "Report on a collection")
report_command_flow_report = report_command_flow.Flag(
"artifact", "An artifact that contains a report to generate (default Reporting.Default).").
Default("Reporting.Default").String()
report_command_flow_client = report_command_flow.Arg(
"client_id", "The client id to generate the report for.").
Required().String()
report_command_flow_flow_id = report_command_flow.Arg(
"flow_id", "The flow id to generate the report for.").
Required().String()
report_command_flow_output = report_command_flow.Arg(
"output", "A path to an output file to write on.").
String()
)
func doFlowReport() {
config_obj, err := APIConfigLoader.WithNullLoader().LoadAndValidate()
kingpin.FatalIfError(err, "Load Config ")
sm, err := startEssentialServices(config_obj)
kingpin.FatalIfError(err, "Starting services.")
defer sm.Close()
builder := services.ScopeBuilder{
Config: config_obj,
Logger: log.New(&LogWriter{config_obj}, "", 0),
Env: ordereddict.NewDict().
Set("ClientId", *report_command_flow_client).
Set("FlowId", *report_command_flow_flow_id),
ACLManager: vql_subsystem.NewRoleACLManager("administrator"),
}
manager, err := services.GetRepositoryManager()
kingpin.FatalIfError(err, "GetRepositoryManager")
scope := manager.BuildScope(builder)
defer scope.Close()
writer := os.Stdout
if *report_command_flow_output != "" {
writer, err = os.OpenFile(
*report_command_flow_output,
os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
kingpin.FatalIfError(err, "Unable to open output file")
defer writer.Close()
}
repository, err := getRepository(config_obj)
kingpin.FatalIfError(err, "Repository")
err = downloads.WriteFlowReport(config_obj, scope, repository,
writer, *report_command_flow_flow_id,
*report_command_flow_client, *report_command_flow_report)
kingpin.FatalIfError(err, "Generating report")
}
func init() {
command_handlers = append(command_handlers, func(command string) bool {
switch command {
case report_command_flow.FullCommand():
doFlowReport()
default:
return false
}
return true
})
}