Added org report in root org dashboard (Velocidex#2098)

When dashboards allow override we still need to store the assets in the base artifact name
simiaoxiaoseng · Sep 20, 2022 · de20717 · de20717
1 parent 81aeb30
commit de20717
Show file tree

Hide file tree

Showing 25 changed files with 952 additions and 208 deletions.
diff --git a/.wwhrd.yml b/.wwhrd.yml
@@ -5,12 +5,14 @@ blacklist:
 whitelist:
   - Apache-2.0
   - BSD-2-Clause
+  - BSD-2-Clause-Views
   - BSD-3-Clause
   - MIT
   - NewBSD
   - FreeBSD
   - ISC
   - MPL-2.0
+  - LGPL-3.0
 
 exceptions:
   # Really MIT

diff --git a/api/authenticators/google.go b/api/authenticators/google.go
@@ -292,6 +292,12 @@ func authenticateUserHandle(
 			Picture: claims.Picture,
 		}
 
+		// NOTE: This context is NOT the same context that is received
+		// by the API handlers. This context sits on the incoming side
+		// of the GRPC gateway. We stuff our data into the
+		// GRPC_USER_CONTEXT of the context and the code will convert
+		// this value into a GRPC metadata.
+
 		// Must use json encoding because grpc can not handle
 		// binary data in metadata.
 		serialized, _ := json.Marshal(user_info)

diff --git a/api/reports.go b/api/reports.go
@@ -10,29 +10,43 @@ import (
 	config_proto "www.velocidex.com/golang/velociraptor/config/proto"
 	"www.velocidex.com/golang/velociraptor/constants"
 	"www.velocidex.com/golang/velociraptor/json"
+	"www.velocidex.com/golang/velociraptor/paths"
 	"www.velocidex.com/golang/velociraptor/reporting"
 	"www.velocidex.com/golang/velociraptor/services"
 	vql_subsystem "www.velocidex.com/golang/velociraptor/vql"
 )
 
+// Reports are used for various dashboards. They are almost like a
+// notebook (but historically predate it).
+// TODO: Think about consolidating reports and notebooks
 func getReport(ctx context.Context,
 	config_obj *config_proto.Config,
 	acl_manager vql_subsystem.ACLManager,
 	repository services.Repository,
 	in *api_proto.GetReportRequest) (
 	*api_proto.GetReportResponse, error) {
 
+	// Dashboards receive their own notebook ID in a predictable
+	// location.
+	bare_artifact_name := strings.TrimPrefix(in.Artifact,
+		constants.ARTIFACT_CUSTOM_NAME_PREFIX)
+
+	notebook_cell_path_manager := paths.NewNotebookPathManager(
+		"Dashboard." + bare_artifact_name).Cell(bare_artifact_name)
+
 	template_engine, err := reporting.NewGuiTemplateEngine(
 		config_obj, ctx, nil, /* default scope */
-		acl_manager, repository, nil, in.Artifact)
+		acl_manager, repository,
+		notebook_cell_path_manager,
+		in.Artifact)
 	if err != nil {
 		if strings.HasPrefix(in.Artifact,
 			constants.ARTIFACT_CUSTOM_NAME_PREFIX) {
 			template_engine, err = reporting.NewGuiTemplateEngine(
 				config_obj, ctx, nil, /* default scope */
-				acl_manager, repository, nil,
-				strings.TrimPrefix(in.Artifact,
-					constants.ARTIFACT_CUSTOM_NAME_PREFIX))
+				acl_manager, repository,
+				notebook_cell_path_manager,
+				bare_artifact_name)
 		}
 		if err != nil {
 			return nil, err

diff --git a/artifacts/definitions/Server/Monitor/Health.yaml b/artifacts/definitions/Server/Monitor/Health.yaml
@@ -63,6 +63,19 @@ reports:
             </span>
       </span>
 
+      {{ if Query "SELECT org() FROM scope() WHERE org().name =~ 'root org' " }}
+      ## Current Orgs
+
+      {{ Query "LET ColumnTypes <= dict(ClientConfig='url') \
+                SELECT Name, OrgId, \
+                       format(format='[%s](/notebooks/Dashboards/Dashboard.%s/uploads/client.%s.config.yaml)', \
+                       args=[OrgId, ArtifactName, OrgId]) AS ClientConfig, \
+                       upload(accessor='data', file=_client_config, \
+                              name='client.'+OrgId+'.config.yaml') AS _Upload \
+                FROM orgs() " | Table }}
+
+      {{ end }}
+
       ## Disk Space
 
       {{ Query "SELECT * FROM Artifact.Generic.Client.DiskSpace()" | Table }}

diff --git a/bin/artifacts.go b/bin/artifacts.go
@@ -142,20 +142,6 @@ func getRepository(config_obj *config_proto.Config) (services.Repository, error)
 		return nil, err
 	}
 
-	// Artifacts specified with the --definitions flag take priority
-	// and can override built in artifacts
-	if *artifact_definitions_dir != "" {
-		logging.GetLogger(config_obj, &logging.ToolComponent).
-			Info("Loading artifacts from %s", *artifact_definitions_dir)
-		_, err := repository.LoadDirectory(
-			config_obj, *artifact_definitions_dir, true /* override_builtins */)
-		if err != nil {
-			logging.GetLogger(config_obj, &logging.ToolComponent).
-				Error("Artifact LoadDirectory: %v ", err)
-			return nil, err
-		}
-	}
-
 	return repository, nil
 }
 
@@ -418,6 +404,19 @@ func doArtifactList() error {
 	return nil
 }
 
+func maybeAddDefinitionsDirectory(config_obj *config_proto.Config) error {
+	if *artifact_definitions_dir != "" {
+		if config_obj.Defaults == nil {
+			config_obj.Defaults = &config_proto.Defaults{}
+		}
+
+		config_obj.Defaults.ArtifactDefinitionsDirectories = append(
+			config_obj.Defaults.ArtifactDefinitionsDirectories,
+			*artifact_definitions_dir)
+	}
+	return nil
+}
+
 func init() {
 	command_handlers = append(command_handlers, func(command string) bool {
 		switch command {

diff --git a/bin/main.go b/bin/main.go
@@ -212,5 +212,6 @@ func makeDefaultConfigLoader() *config.Loader {
 		WithOverride(*override_flag).
 		WithConfigMutator(applyMinionRole).
 		WithCustomValidator(ensureProxy).
-		WithConfigMutator(applyAnalysisTarget)
+		WithConfigMutator(applyAnalysisTarget).
+		WithConfigMutator(maybeAddDefinitionsDirectory)
 }
diff --git a/bin/pool.go b/bin/pool.go
@@ -107,6 +107,8 @@ func doPoolClient() error {
 			client_config.Client.WritebackLinux = path.Join(
 				*pool_client_writeback_dir, filename)
 
+			// Create an in memory ring buffer because the file ring
+			// buffer assumes there is only one communicator!
 			client_config.Client.WritebackWindows = client_config.Client.WritebackLinux
 			if client_config.Client.LocalBuffer != nil {
 				client_config.Client.LocalBuffer.DiskSize = 0

diff --git a/config/migration.go b/config/migration.go
@@ -49,11 +49,13 @@ func migrate_0_4_2(config_obj *config_proto.Config) {
 		if config_obj.Frontend.Hostname == "" {
 			logging.Prelog("Invalid config: New field Frontend.hostname is missing!")
 
-			for _, url := range config_obj.Client.ServerUrls {
-				re := regexp.MustCompile(`https://([^:/]+)`)
-				matches := re.FindStringSubmatch(url)
-				if len(matches) > 1 {
-					config_obj.Frontend.Hostname = matches[1]
+			if config_obj.Client != nil {
+				for _, url := range config_obj.Client.ServerUrls {
+					re := regexp.MustCompile(`https://([^:/]+)`)
+					matches := re.FindStringSubmatch(url)
+					if len(matches) > 1 {
+						config_obj.Frontend.Hostname = matches[1]
+					}
 				}
 			}