From 4bcd98db3f1d5107ba8e0fbfe05c3c04e449887f Mon Sep 17 00:00:00 2001 From: Mike Cohen Date: Tue, 28 Jul 2020 16:07:40 +1000 Subject: [PATCH] Implement timeout on report generation in the GUI. (#514) This prevents the gui from being overloaded by expensive reports. Backport Generic.Utils.FetchBinary to older clients. --- api/csrf.go | 10 + api/notebooks.go | 4 +- .../Generic/Utils/FetchBinary.yaml | 38 +-- .../definitions/Server/Monitor/Health.yaml | 3 + .../definitions/Windows/Search/Yara.yaml | 51 ++++ artifacts/proto/artifact.pb.go | 241 +++++++++--------- artifacts/proto/artifact.proto | 3 + .../testdata/server/testcases/js.in.yaml | 3 - .../testdata/server/testcases/js.out.yaml | 5 - artifacts/testdata/windows/test.config.yaml | 4 +- config/proto/config.pb.go | 4 +- crypto/resolver.go | 2 +- flows/foreman.go | 2 +- glob/glob.go | 3 +- go.mod | 2 +- go.sum | 2 + magefile.go | 1 + reporting/gui.go | 12 +- reporting/html.go | 5 +- reporting/report.go | 12 +- server/server_test.go | 8 +- services/client_monitoring.go | 2 +- vql/tools/js.go | 2 +- vql/windows/dns/doc.go | 2 + vql/windows/filesystems/ntfs_windows.go | 9 +- 25 files changed, 265 insertions(+), 165 deletions(-) create mode 100644 artifacts/definitions/Windows/Search/Yara.yaml delete mode 100644 artifacts/testdata/server/testcases/js.in.yaml delete mode 100644 artifacts/testdata/server/testcases/js.out.yaml diff --git a/api/csrf.go b/api/csrf.go index 383b8ba514a..4359edbceab 100644 --- a/api/csrf.go +++ b/api/csrf.go @@ -3,15 +3,25 @@ package api import ( "crypto/sha256" "net/http" + "os" "github.com/gorilla/csrf" config_proto "www.velocidex.com/golang/velociraptor/config/proto" + "www.velocidex.com/golang/velociraptor/logging" ) // Wrap only a single handler with csrf protection. func csrfProtect(config_obj *config_proto.Config, parent http.Handler) http.Handler { + // We may need to disabled CSRF for benchmarking tests. + disable_csrf, pres := os.LookupEnv("VELOCIRAPTOR_DISABLE_CSRF") + if pres && disable_csrf == "1" { + logger := logging.GetLogger(config_obj, &logging.GUIComponent) + logger.Info("Disabling CSRF protection because environment VELOCIRAPTOR_DISABLE_CSRF is set") + return parent + } + // Derive a CSRF key from the hash of the server's public key. hasher := sha256.New() hasher.Write([]byte(config_obj.Frontend.PrivateKey)) diff --git a/api/notebooks.go b/api/notebooks.go index 4da50991320..441214de2be 100644 --- a/api/notebooks.go +++ b/api/notebooks.go @@ -20,6 +20,7 @@ import ( "www.velocidex.com/golang/velociraptor/acls" api_proto "www.velocidex.com/golang/velociraptor/api/proto" "www.velocidex.com/golang/velociraptor/artifacts" + artifacts_proto "www.velocidex.com/golang/velociraptor/artifacts/proto" config_proto "www.velocidex.com/golang/velociraptor/config/proto" "www.velocidex.com/golang/velociraptor/datastore" file_store "www.velocidex.com/golang/velociraptor/file_store" @@ -841,7 +842,8 @@ func updateCellContents( switch cell_type { case "Markdown", "Artifact": - output, err = tmpl.Execute(input) + output, err = tmpl.Execute( + &artifacts_proto.Report{Template: input}) if err != nil { return nil, err } diff --git a/artifacts/definitions/Generic/Utils/FetchBinary.yaml b/artifacts/definitions/Generic/Utils/FetchBinary.yaml index 578a95fd464..caaa3aae300 100644 --- a/artifacts/definitions/Generic/Utils/FetchBinary.yaml +++ b/artifacts/definitions/Generic/Utils/FetchBinary.yaml @@ -29,8 +29,12 @@ parameters: sources: - query: | + -- The following VQL is particularly ancient because it is + -- running on the client and it needs to be compatibile with + -- clients at least back to 0.3.9 + LET info_cache <= SELECT * FROM info() - LET inventory_item <= inventory_get(tool=ToolName) + LET inventory_item <= SELECT inventory_get(tool=ToolName) AS Item FROM scope() LET args <= SELECT * FROM switch( // Try to get info from the ToolInfo parameter. @@ -46,9 +50,9 @@ sources: FROM scope() WHERE ToolFilename}, // Failing this - try to get it from the inventory service directly. - c={SELECT get(field="Tool_" + ToolName + "_HASH", item=inventory_item) AS ToolHash, - get(field="Tool_" + ToolName + "_FILENAME", item=inventory_item) AS ToolFilename, - get(field="Tool_" + ToolName + "_URL", item=inventory_item) AS ToolURL + c={SELECT get(field="Tool_" + ToolName + "_HASH", item=(inventory_item[0]).Item) AS ToolHash, + get(field="Tool_" + ToolName + "_FILENAME", item=(inventory_item[0]).Item) AS ToolFilename, + get(field="Tool_" + ToolName + "_URL", item=(inventory_item[0]).Item) AS ToolURL FROM scope() WHERE ToolFilename} ) @@ -60,23 +64,23 @@ sources: ) // Where we should save the file. - LET ToolPath <= path_join(components=[binpath[0].Path, args[0].ToolFilename]) + LET ToolPath <= SELECT path_join(components=[(binpath[0]).Path, (args[0]).ToolFilename]) AS Path FROM scope() // Download the file from the binary URL and store in the local // binary cache. LET download = SELECT * FROM if(condition=log( - message="URL for " + args[0].ToolFilename + - " is at " + args[0].ToolURL + " and has hash of " + args[0].ToolHash) - AND binpath AND args[0].ToolHash AND args[0].ToolURL, + message="URL for " + (args[0]).ToolFilename + + " is at " + (args[0]).ToolURL + " and has hash of " + (args[0]).ToolHash) + AND binpath AND (args[0]).ToolHash AND (args[0]).ToolURL, then={ SELECT hash(path=Content) as Hash, - args[0].ToolFilename AS Name, + (args[0]).ToolFilename AS Name, "Downloaded" AS DownloadStatus, - copy(filename=Content, dest=ToolPath) AS FullPath - FROM http_client(url=args[0].ToolURL, tempfile_extension=".exe", remove_last=TRUE) + copy(filename=Content, dest=(ToolPath[0]).Path) AS FullPath + FROM http_client(url=(args[0]).ToolURL, tempfile_extension=".exe") WHERE log(message=format(format="downloaded hash of %v: %v, expected %v", args=[ - Content, Hash.SHA256, args[0].ToolHash])) - AND Hash.SHA256 = args[0].ToolHash + Content, Hash.SHA256, (args[0]).ToolHash])) + AND Hash.SHA256 = (args[0]).ToolHash }, else={ SELECT * FROM scope() WHERE NOT log(message="No valid setup - is tool " + ToolName + @@ -87,10 +91,10 @@ sources: // the hash. LET existing = SELECT FullPath, hash(path=FullPath) AS Hash, Name, "Cached" AS DownloadStatus - FROM stat(filename=ToolPath) - WHERE Hash.SHA256 = args[0].ToolHash AND log( + FROM stat(filename=(ToolPath[0]).Path) + WHERE Hash.SHA256 = (args[0]).ToolHash AND log( message=format(format="hash of %v: %v, expected %v", args=[ - FullPath, Hash.SHA256, args[0].ToolHash])) + FullPath, Hash.SHA256, (args[0]).ToolHash])) // Find the required_tool either in the local cache or // download it (and put it in the cache for next time). If we @@ -101,7 +105,7 @@ sources: b={ SELECT rand(range=atoi(string=SleepDuration)) AS timeout FROM scope() - WHERE args AND args[0].ToolURL AND + WHERE args AND (args[0]).ToolURL AND log(message=format(format='Sleeping %v Seconds', args=[timeout])) AND sleep(time=timeout) AND FALSE }, diff --git a/artifacts/definitions/Server/Monitor/Health.yaml b/artifacts/definitions/Server/Monitor/Health.yaml index 50b5b48f435..834335c4a7c 100644 --- a/artifacts/definitions/Server/Monitor/Health.yaml +++ b/artifacts/definitions/Server/Monitor/Health.yaml @@ -14,6 +14,9 @@ sources: reports: - type: SERVER_EVENT + # Only allow the report to run for 10 seconds - this is plenty for + # the GUI. + timeout: 10 parameters: - name: Sample default: "4" diff --git a/artifacts/definitions/Windows/Search/Yara.yaml b/artifacts/definitions/Windows/Search/Yara.yaml new file mode 100644 index 00000000000..8d1c1b88076 --- /dev/null +++ b/artifacts/definitions/Windows/Search/Yara.yaml @@ -0,0 +1,51 @@ +name: Windows.Search.Yara +description: | + Searches for a specific malicious file or set of files by a Yara rule. + + You will need to upload your yara file using: + + ``` + velociraptor tools upload --name YaraRules my_yara_file.yara + ``` + +tools: + - name: YaraRules + +parameters: + - name: nameRegex + description: Only file names that match this regular expression will be scanned. + default: "(exe|txt|dll|php)$" + +precondition: + SELECT * FROM info() WHERE OS =~ "windows" + +sources: + - query: | + LET yara_rules <= SELECT read_file(filename=FullPath) AS Rule + FROM Artifact.Generic.Utils.FetchBinary(ToolName="YaraRules") + + LET fileList = SELECT FullPath + FROM parse_mft( + accessor="ntfs", + filename="C:\\$MFT") + WHERE InUse + AND FileName =~ nameRegex + AND NOT FullPath =~ "WinSXS" + + -- These files are typically short - only report a single hit. + LET search = SELECT Rule, String.Offset AS HitOffset, + str(str=String.Data) AS HitContext, + FileName, + File.Size AS Size, + File.ModTime AS ModTime + FROM yara( + rules=yara_rules[0].Rule, key="A", + files="C:/" + FullPath) + LIMIT 1 + + -- Only do something when yara rules are available. + SELECT * FROM if(condition=yara_rules, + then={ + SELECT *, upload(file=FileName) AS Upload + FROM foreach(row=fileList, query=search) + }) diff --git a/artifacts/proto/artifact.pb.go b/artifacts/proto/artifact.pb.go index 0ab5c56e3fe..099afd4fbea 100644 --- a/artifacts/proto/artifact.pb.go +++ b/artifacts/proto/artifact.pb.go @@ -601,7 +601,9 @@ func (m *ArtifactSource) GetPostProcess() []string { type Report struct { // Each report type will be handled differently. Read about the // different types in reporting.go - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + // If specified we only allow the report to take this long. + Timeout uint64 `protobuf:"varint,4,opt,name=timeout,proto3" json:"timeout,omitempty"` Template string `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` Parameters []*ArtifactParameter `protobuf:"bytes,3,rep,name=parameters,proto3" json:"parameters,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` @@ -641,6 +643,13 @@ func (m *Report) GetType() string { return "" } +func (m *Report) GetTimeout() uint64 { + if m != nil { + return m.Timeout + } + return 0 +} + func (m *Report) GetTemplate() string { if m != nil { return m.Template @@ -857,119 +866,119 @@ func init() { } var fileDescriptor_a1932e98ed811590 = []byte{ - // 1815 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0x41, 0x6f, 0x1c, 0x49, - 0xf5, 0x57, 0xdb, 0x19, 0x7b, 0x5c, 0x8e, 0x9d, 0xfd, 0xd7, 0xe6, 0x1f, 0x9a, 0x1c, 0x96, 0xb7, - 0x13, 0x2d, 0x38, 0xe0, 0xb4, 0xc5, 0x66, 0xa3, 0x04, 0xb3, 0x42, 0xcc, 0x24, 0x66, 0xd7, 0x91, - 0xe3, 0x71, 0xda, 0x56, 0xa2, 0xcd, 0xc5, 0x2a, 0x77, 0xbf, 0x99, 0x2e, 0x52, 0x53, 0xd5, 0xa9, - 0xaa, 0xf6, 0x78, 0xb8, 0x70, 0x40, 0x42, 0x5c, 0x56, 0x42, 0x20, 0x0e, 0x20, 0x3e, 0x00, 0x37, - 0xe0, 0x03, 0x70, 0xe3, 0x33, 0x20, 0xc1, 0x69, 0x81, 0xaf, 0xc1, 0x01, 0x55, 0x75, 0xf7, 0x74, - 0x8f, 0x1d, 0x40, 0x1c, 0x38, 0x4d, 0x57, 0xf5, 0xab, 0xf7, 0x7e, 0xef, 0xbd, 0xdf, 0xfb, 0x75, - 0x0d, 0xd9, 0x64, 0xda, 0xf2, 0x11, 0x4b, 0x6c, 0x94, 0x6b, 0x65, 0x15, 0xed, 0xf8, 0x9f, 0xdb, - 0x37, 0xfd, 0xcf, 0x8e, 0xc1, 0x09, 0x93, 0x96, 0x27, 0xe5, 0xcb, 0xde, 0x6f, 0x02, 0x72, 0xed, - 0x44, 0x29, 0x41, 0x29, 0xb9, 0x26, 0xd9, 0x04, 0xc3, 0x00, 0x82, 0xad, 0xb5, 0xd8, 0x3f, 0xd3, - 0x77, 0xc8, 0x72, 0xa1, 0x45, 0xb8, 0xe4, 0xb7, 0xdc, 0x23, 0xbd, 0x43, 0x36, 0x0c, 0xea, 0x73, - 0x3c, 0x15, 0x2a, 0x61, 0x42, 0xcc, 0xc2, 0x65, 0x08, 0xb6, 0xba, 0xf1, 0x75, 0xbf, 0x79, 0x50, - 0xee, 0xd1, 0x0f, 0xc8, 0xe6, 0x88, 0x0b, 0x34, 0x56, 0x69, 0x3c, 0xcd, 0x99, 0xcd, 0xc2, 0x6b, - 0xde, 0xc3, 0xc6, 0x7c, 0xf7, 0x88, 0xd9, 0x8c, 0xde, 0x26, 0x5d, 0xb7, 0xe1, 0xa3, 0x76, 0xbc, - 0xc1, 0x7c, 0xed, 0xd0, 0x64, 0xcc, 0x64, 0xe1, 0x4a, 0x89, 0xc6, 0x3d, 0xf7, 0x9e, 0x92, 0x75, - 0x9b, 0x71, 0x9d, 0x9e, 0xe6, 0x4c, 0xdb, 0x19, 0x7d, 0x9f, 0x74, 0xac, 0x52, 0xc2, 0x84, 0x01, - 0x2c, 0x6f, 0xad, 0x7f, 0xb8, 0x5e, 0x26, 0x14, 0xb9, 0x64, 0xe2, 0xf2, 0x0d, 0x0d, 0xc9, 0xea, - 0x39, 0x6a, 0xc3, 0x95, 0xf4, 0x39, 0x5c, 0x8b, 0xeb, 0x65, 0xef, 0x8b, 0x80, 0xdc, 0xf8, 0x1e, - 0x47, 0x91, 0x3e, 0x41, 0x93, 0x68, 0x9e, 0x5b, 0xa5, 0x5d, 0x6e, 0x23, 0xcd, 0x51, 0xa6, 0x62, - 0x76, 0xda, 0x2a, 0xc5, 0xf5, 0x7a, 0xf3, 0xb0, 0x02, 0xe6, 0xdf, 0x2d, 0xb5, 0xca, 0x74, 0x9b, - 0x74, 0x35, 0xe6, 0xc8, 0x2c, 0xa6, 0x55, 0x3d, 0xe6, 0x6b, 0x67, 0x6f, 0x67, 0x39, 0x56, 0x15, - 0xf0, 0xcf, 0xae, 0xac, 0xa9, 0x4a, 0xaa, 0x9c, 0xdd, 0x23, 0xbd, 0x45, 0x56, 0x04, 0x3b, 0x43, - 0x61, 0xc2, 0x15, 0x58, 0xde, 0x5a, 0x8b, 0xab, 0x95, 0x4b, 0x20, 0xc5, 0x11, 0x2b, 0x84, 0x0d, - 0x57, 0xbd, 0x75, 0xbd, 0xa4, 0x40, 0xd6, 0xd3, 0x0a, 0xba, 0x4b, 0xaf, 0xeb, 0xdf, 0xb6, 0xb7, - 0x7a, 0x0f, 0xc8, 0xda, 0x9e, 0x2c, 0x26, 0x2f, 0x98, 0x28, 0x90, 0xde, 0x24, 0x9d, 0x73, 0xf7, - 0xe0, 0x73, 0xea, 0xc4, 0xe5, 0xe2, 0x6d, 0xc9, 0xf4, 0xfe, 0xba, 0x44, 0x36, 0x4f, 0x66, 0x39, - 0xb6, 0x0a, 0x53, 0xe1, 0x0d, 0x1a, 0xbc, 0x97, 0xa2, 0xaf, 0x5d, 0x89, 0x4e, 0x23, 0xb2, 0x32, - 0x72, 0xf5, 0x35, 0xe1, 0x92, 0x6f, 0xcf, 0xad, 0xaa, 0x3d, 0x97, 0x8a, 0x1e, 0x57, 0x56, 0x73, - 0x28, 0xcb, 0xad, 0xba, 0x5e, 0x69, 0xc8, 0xea, 0xdb, 0x1b, 0xf2, 0x9a, 0xcb, 0xb4, 0x2e, 0xb0, - 0x7b, 0x76, 0xd9, 0x2a, 0x89, 0x6a, 0xe4, 0x4b, 0xdc, 0x8d, 0xcb, 0x05, 0x1d, 0x36, 0xc5, 0xf4, - 0xb4, 0x1a, 0x3c, 0xf8, 0xdb, 0x3f, 0xfe, 0xfe, 0xc7, 0x60, 0x87, 0xde, 0x3b, 0xc9, 0x10, 0xbe, - 0x6f, 0x94, 0x04, 0x94, 0x89, 0x4a, 0x31, 0x85, 0xca, 0x0e, 0x7c, 0x99, 0x60, 0xa4, 0x34, 0xd8, - 0x8c, 0x1b, 0x70, 0xdd, 0x8b, 0x9a, 0x1e, 0x3c, 0x24, 0x9b, 0x4c, 0x08, 0x35, 0xc5, 0xf4, 0xd4, - 0x1b, 0x9a, 0xb0, 0xeb, 0x73, 0x7d, 0xa7, 0xca, 0x75, 0x5e, 0xfe, 0x78, 0xa3, 0xb2, 0xf3, 0x2b, - 0xd3, 0xfb, 0x88, 0x74, 0x5c, 0x89, 0x0d, 0xfd, 0x06, 0xe9, 0x70, 0x8b, 0x93, 0x9a, 0xc3, 0xff, - 0x5f, 0x73, 0x78, 0xa1, 0xfe, 0x71, 0x69, 0xd3, 0xfb, 0xe5, 0x32, 0xf9, 0xbf, 0x7e, 0x35, 0xda, - 0x47, 0x4c, 0xb3, 0x09, 0x5a, 0xd4, 0x6f, 0x9d, 0xdb, 0x16, 0x6d, 0x96, 0xfe, 0x2d, 0x6d, 0x96, - 0xaf, 0x36, 0xee, 0x6d, 0x84, 0x0d, 0xc9, 0x6a, 0x92, 0x29, 0x9e, 0x60, 0xcd, 0xcf, 0x7a, 0x79, - 0xb5, 0x45, 0x9d, 0xab, 0x2d, 0xda, 0xfd, 0x22, 0xf8, 0x8b, 0x2b, 0xf4, 0x9f, 0x03, 0xf2, 0xa7, - 0xa0, 0x4e, 0xc0, 0xc0, 0x84, 0xcd, 0x80, 0x25, 0x09, 0xe6, 0x16, 0xf2, 0x3a, 0x1b, 0x03, 0xd3, - 0x8c, 0x27, 0x19, 0x30, 0x8d, 0xc0, 0x52, 0xd7, 0x09, 0xab, 0xc0, 0x66, 0x08, 0x26, 0x51, 0x39, - 0x42, 0xae, 0xb9, 0x6b, 0x85, 0x02, 0xbc, 0xc0, 0xa4, 0x70, 0x70, 0x23, 0x38, 0x1c, 0x9e, 0xec, - 0xed, 0x02, 0x13, 0xa2, 0xed, 0xc5, 0x9d, 0x37, 0x56, 0x73, 0x39, 0x36, 0x70, 0x0f, 0xf8, 0x08, - 0x66, 0xaa, 0x00, 0x89, 0x98, 0x82, 0x51, 0x13, 0xb4, 0x19, 0x97, 0x63, 0x40, 0x61, 0xd0, 0xfb, - 0x7e, 0x53, 0xa0, 0x9e, 0x41, 0xc2, 0x24, 0x14, 0x32, 0x67, 0xc9, 0x6b, 0xc0, 0x68, 0x1c, 0xc1, - 0x48, 0xab, 0x09, 0x3c, 0x3d, 0x1e, 0x1e, 0x42, 0x61, 0x9c, 0xb9, 0xb3, 0x74, 0xcb, 0x23, 0xa6, - 0x0d, 0x6e, 0xdd, 0x85, 0x17, 0xcf, 0x0f, 0x60, 0x54, 0xc8, 0xc4, 0xa3, 0xe8, 0xfd, 0x64, 0x85, - 0x6c, 0xd6, 0xa9, 0x1d, 0xab, 0x42, 0x27, 0x48, 0x7f, 0x1b, 0xb4, 0x29, 0x3d, 0xf8, 0x55, 0xe0, - 0xd9, 0xf6, 0xf3, 0x80, 0xfe, 0x34, 0x70, 0x7c, 0x73, 0xaf, 0x40, 0x8d, 0x4a, 0x62, 0xd5, 0x8a, - 0x0d, 0xc6, 0x9f, 0x8d, 0x60, 0x7f, 0x04, 0x52, 0x59, 0x30, 0x68, 0x61, 0x8a, 0x50, 0x54, 0x48, - 0xcd, 0xfc, 0x0c, 0x36, 0x47, 0xb8, 0x35, 0x28, 0x46, 0x11, 0x9c, 0xb4, 0x37, 0x13, 0x35, 0xc9, - 0xb9, 0x40, 0x0d, 0x53, 0x2e, 0x04, 0x8c, 0x51, 0xa2, 0x66, 0x16, 0x81, 0x55, 0xc9, 0x4e, 0xb9, - 0xcd, 0xca, 0xc8, 0x0e, 0x46, 0x54, 0xd1, 0xe6, 0xf3, 0x60, 0x91, 0x1d, 0x9e, 0x02, 0x83, 0xd7, - 0x1e, 0x37, 0xd2, 0xa4, 0x0f, 0xad, 0x97, 0x55, 0x79, 0x9b, 0xd9, 0xa8, 0x91, 0x1f, 0x2a, 0x8b, - 0xc0, 0xad, 0xaf, 0xe7, 0x19, 0x02, 0x97, 0x16, 0x75, 0xae, 0x84, 0x13, 0xc3, 0x32, 0xac, 0xb2, - 0x19, 0xea, 0x06, 0x69, 0xcb, 0xa7, 0x89, 0x16, 0xa9, 0x98, 0x91, 0xeb, 0xb9, 0xc6, 0x44, 0xc9, - 0x94, 0x7b, 0x3c, 0x9e, 0xe2, 0x83, 0x27, 0x1e, 0xcf, 0x77, 0xe8, 0xc7, 0x7d, 0xdf, 0x03, 0xbc, - 0xc8, 0x35, 0x1a, 0x27, 0xea, 0x8e, 0x18, 0x67, 0x08, 0xe8, 0x66, 0xd1, 0x87, 0x9b, 0xd3, 0xa5, - 0xee, 0x60, 0x03, 0x33, 0x5e, 0xf0, 0x4c, 0x3f, 0x22, 0x1d, 0x5f, 0x98, 0x4a, 0x18, 0xde, 0xf3, - 0x21, 0x42, 0x7a, 0xab, 0x0f, 0x93, 0x42, 0x58, 0x7e, 0x4f, 0x70, 0x89, 0x3e, 0x9a, 0xb7, 0x8a, - 0x4b, 0x63, 0x6a, 0xc9, 0xaa, 0x7b, 0xe0, 0x58, 0x8a, 0xdc, 0xda, 0xe0, 0x95, 0x3f, 0x77, 0x42, - 0xe3, 0xe7, 0xe5, 0x36, 0xd8, 0x8c, 0xd9, 0xb2, 0x05, 0xba, 0x90, 0xc0, 0x25, 0x28, 0x9d, 0xa2, - 0x8e, 0x60, 0x28, 0xc5, 0x0c, 0x54, 0x61, 0xf3, 0xc2, 0x96, 0x44, 0x73, 0x1d, 0x15, 0xcc, 0xd8, - 0x79, 0x7f, 0x84, 0x70, 0xb9, 0x24, 0x4a, 0x08, 0x4c, 0x2c, 0xa6, 0x51, 0x5c, 0x87, 0xa2, 0x86, - 0x5c, 0xcf, 0x95, 0xb1, 0xa7, 0xb9, 0x56, 0x09, 0x1a, 0x13, 0x76, 0x7c, 0xe8, 0x23, 0x1f, 0xfa, - 0x29, 0xfd, 0xb4, 0x0f, 0x82, 0x1b, 0xeb, 0x58, 0xf2, 0xe6, 0x0a, 0x88, 0x33, 0xf4, 0x38, 0xd4, - 0x39, 0x6a, 0x1f, 0x51, 0xa3, 0x29, 0x84, 0x35, 0xbe, 0x89, 0xce, 0x27, 0x54, 0x3e, 0xb9, 0x1c, - 0x47, 0xf1, 0xba, 0xdb, 0x39, 0x2a, 0x37, 0x76, 0xef, 0xfa, 0x09, 0xbe, 0x43, 0xde, 0x7f, 0x99, - 0xa1, 0xc6, 0x45, 0x02, 0x8e, 0xd1, 0x1a, 0xc7, 0x42, 0x48, 0x99, 0x65, 0x51, 0xef, 0x0f, 0x4b, - 0x64, 0x25, 0xc6, 0x5c, 0x69, 0x4b, 0x9f, 0x55, 0x5a, 0x52, 0x36, 0xee, 0x5b, 0x1e, 0xe2, 0x7d, - 0xfa, 0x4d, 0x27, 0x6f, 0x0e, 0xa0, 0xf6, 0x56, 0xbb, 0xf0, 0x6c, 0x78, 0xb8, 0x7f, 0x32, 0x8c, - 0xf7, 0x0f, 0x3f, 0x39, 0x7d, 0xd2, 0xdf, 0x3f, 0xf8, 0x6c, 0x1b, 0x8e, 0x86, 0xc7, 0x27, 0xa7, - 0x47, 0xf1, 0xf0, 0xf1, 0xde, 0xf1, 0xf1, 0xfe, 0xe1, 0x27, 0x95, 0x0c, 0xdd, 0x26, 0x5d, 0x8b, - 0x93, 0xdc, 0x71, 0xa9, 0xd2, 0xb5, 0xf9, 0x9a, 0x3e, 0x22, 0xa4, 0x99, 0xff, 0x70, 0xd9, 0xcb, - 0x69, 0x58, 0xc9, 0xe9, 0x15, 0xd1, 0x8c, 0x5b, 0xb6, 0xbb, 0x9f, 0x97, 0xea, 0xf4, 0xe3, 0x80, - 0xfc, 0x28, 0xe8, 0x57, 0x98, 0x80, 0x9b, 0xf9, 0xd0, 0xa4, 0x4d, 0x87, 0xaa, 0x8e, 0x5d, 0x9e, - 0xc0, 0xa6, 0x4b, 0x6e, 0x08, 0x35, 0xd6, 0xdc, 0xf7, 0xdc, 0xc9, 0x05, 0xd6, 0x4e, 0x5d, 0x12, - 0x6d, 0xbf, 0x29, 0xe6, 0x28, 0x53, 0x47, 0x4d, 0x25, 0x21, 0x51, 0xd2, 0xe2, 0x85, 0x8d, 0x7a, - 0xbf, 0x23, 0xa4, 0x5b, 0x23, 0xa6, 0xbf, 0x0f, 0xda, 0xf2, 0x3e, 0xf8, 0x75, 0x29, 0x22, 0xbf, - 0x08, 0xe8, 0xcf, 0x2e, 0x89, 0x48, 0x03, 0x27, 0x82, 0xe3, 0x4c, 0x15, 0x22, 0x75, 0x08, 0x0a, - 0xc9, 0xdf, 0x14, 0x08, 0x4c, 0xa6, 0x5e, 0x6e, 0x5d, 0x0c, 0xc6, 0x25, 0xa4, 0xca, 0x9a, 0x08, - 0xfa, 0x4e, 0x57, 0x46, 0x85, 0x00, 0x93, 0x64, 0x38, 0x41, 0x97, 0xb3, 0x9b, 0x20, 0x8d, 0xec, - 0x35, 0x24, 0xcc, 0xe2, 0x58, 0x79, 0xfa, 0xf8, 0xa1, 0x4d, 0x95, 0x2d, 0x65, 0xf1, 0x80, 0xcb, - 0xe2, 0x22, 0x1a, 0x68, 0x35, 0x35, 0xa8, 0x4d, 0xf4, 0x38, 0xd3, 0x6a, 0x82, 0x9f, 0x72, 0x77, - 0xab, 0x9b, 0x55, 0x32, 0xf2, 0x7c, 0x51, 0x45, 0x7c, 0xa7, 0x06, 0x3b, 0x1e, 0xf8, 0x5d, 0xfa, - 0xb5, 0x97, 0x8e, 0x8d, 0x8b, 0x02, 0x66, 0xc0, 0xea, 0x99, 0x9f, 0x50, 0x55, 0xd7, 0xf2, 0x92, - 0x12, 0x3c, 0x24, 0x2b, 0xac, 0xb0, 0x99, 0xd2, 0xe1, 0x75, 0xef, 0xed, 0x2b, 0xde, 0xdb, 0x97, - 0xe9, 0x97, 0xfa, 0x7e, 0xf7, 0x4a, 0x09, 0xe2, 0xca, 0x9c, 0x3e, 0x21, 0x6b, 0x1a, 0x47, 0xa8, - 0x51, 0x26, 0x58, 0x4d, 0xca, 0x57, 0xfd, 0x59, 0xa0, 0xef, 0xb9, 0x66, 0x57, 0xaf, 0x1a, 0x19, - 0x6b, 0x5c, 0x34, 0x07, 0xa9, 0x21, 0x37, 0x35, 0xbe, 0x29, 0xb8, 0xc6, 0xf4, 0x34, 0x47, 0x3d, - 0xe1, 0x5e, 0x6f, 0x4c, 0xb8, 0xe1, 0x1d, 0x7e, 0xd7, 0x3b, 0xdc, 0xa5, 0x8f, 0x9a, 0xd1, 0xab, - 0xad, 0xa1, 0x65, 0xdd, 0xca, 0xee, 0x72, 0xa8, 0x77, 0x6b, 0xfb, 0xa3, 0xc6, 0xbc, 0xb9, 0xdf, - 0xde, 0xf8, 0x97, 0xf7, 0xdb, 0xcb, 0x02, 0xd9, 0xfd, 0x9f, 0x09, 0xa4, 0xf8, 0x6f, 0xc6, 0x6b, - 0xf0, 0xa1, 0x47, 0xb0, 0x4d, 0xbf, 0x7e, 0xd4, 0x7c, 0x92, 0xcb, 0xd8, 0xb9, 0x56, 0xe7, 0xbc, - 0xf5, 0x5d, 0x6f, 0x6a, 0xd0, 0xf2, 0x4f, 0x87, 0x95, 0x6e, 0x10, 0x9f, 0xcf, 0xb7, 0xbd, 0xb7, - 0x07, 0xf4, 0xbe, 0x63, 0xbc, 0xad, 0xb4, 0x63, 0xfe, 0xe1, 0x8e, 0xe0, 0x71, 0x39, 0x6d, 0x87, - 0xc3, 0xf8, 0x59, 0xff, 0x60, 0x1b, 0xf6, 0x5e, 0xec, 0x1d, 0x9e, 0x6c, 0xc3, 0xf1, 0x5e, 0xfc, - 0x62, 0x2f, 0xae, 0x94, 0xe3, 0x15, 0x59, 0x2d, 0xf3, 0x32, 0xe1, 0xb5, 0x85, 0x9b, 0xd6, 0xe2, - 0x37, 0x7b, 0x70, 0xd7, 0x87, 0xba, 0x43, 0xff, 0xb3, 0xcc, 0xc5, 0xb5, 0x43, 0xfa, 0x92, 0x74, - 0xb9, 0x4c, 0x44, 0x91, 0xa2, 0x09, 0xd7, 0x3c, 0x21, 0xe6, 0x80, 0x1b, 0x42, 0x2c, 0x7e, 0xf4, - 0x7c, 0x35, 0x26, 0xa8, 0xc7, 0x4e, 0x52, 0x74, 0x55, 0x72, 0x3f, 0x68, 0x51, 0x3c, 0x77, 0x46, - 0x27, 0x64, 0xb5, 0x14, 0x0e, 0x13, 0xae, 0x7b, 0xd0, 0x1b, 0x15, 0xe8, 0x52, 0x5d, 0xdb, 0x7d, - 0x6e, 0x78, 0xe7, 0xed, 0x9d, 0xfb, 0x5c, 0x59, 0x94, 0x96, 0xbb, 0x3f, 0x64, 0x0b, 0xda, 0x7e, - 0x99, 0x7b, 0x75, 0x0c, 0xfa, 0x88, 0x2c, 0x6b, 0x36, 0x2d, 0xef, 0xd8, 0xcd, 0x90, 0xb8, 0x9a, - 0x6b, 0x36, 0x85, 0xcf, 0xfa, 0xcf, 0x0e, 0xae, 0x5c, 0x57, 0xa2, 0xd8, 0x1d, 0xd9, 0xfd, 0xa1, - 0x17, 0xd0, 0x19, 0x99, 0xf6, 0x65, 0x53, 0xae, 0xa9, 0x66, 0xb9, 0x01, 0xd6, 0x7c, 0x35, 0xdd, - 0xe7, 0x4f, 0x63, 0x61, 0xd8, 0x99, 0xc0, 0x6d, 0x48, 0x55, 0x52, 0x4c, 0x50, 0xfa, 0x5b, 0x01, - 0x9b, 0x45, 0xcd, 0xb5, 0xd0, 0x5f, 0xfd, 0x84, 0x00, 0x76, 0xa6, 0x8a, 0xb9, 0xb4, 0x56, 0xec, - 0x74, 0xd7, 0x39, 0x77, 0x2d, 0x62, 0x92, 0x89, 0xd9, 0x0f, 0xaa, 0x5b, 0xd9, 0x24, 0xea, 0x7d, - 0x4c, 0xde, 0xad, 0x1d, 0x34, 0xd7, 0x66, 0x43, 0x3f, 0x58, 0xbc, 0x5d, 0xdf, 0xb8, 0xd4, 0xf3, - 0xea, 0x5e, 0x3d, 0x78, 0xf8, 0xea, 0xc1, 0x74, 0x3a, 0x8d, 0xce, 0x51, 0xa8, 0x84, 0xa7, 0x78, - 0x11, 0x25, 0x6a, 0xb2, 0x33, 0x56, 0x82, 0xc9, 0xf1, 0x4e, 0xb9, 0xa9, 0x99, 0x73, 0xb8, 0x33, - 0x6f, 0xdf, 0x8e, 0x77, 0x74, 0xb6, 0xe2, 0x7f, 0xee, 0xff, 0x33, 0x00, 0x00, 0xff, 0xff, 0xfd, - 0x5d, 0xe4, 0xc9, 0x71, 0x0f, 0x00, 0x00, + // 1822 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0x4d, 0x6f, 0x1c, 0x49, + 0xf9, 0x57, 0xdb, 0x1e, 0xbf, 0x94, 0x5f, 0xb2, 0xff, 0xda, 0xfc, 0x43, 0x93, 0xc3, 0xf2, 0xec, + 0x44, 0x0b, 0x0e, 0x38, 0x6d, 0xb1, 0xd9, 0x28, 0xc1, 0xac, 0x10, 0x33, 0x89, 0xd9, 0x75, 0xe4, + 0x78, 0x9c, 0xb6, 0x95, 0x68, 0x73, 0xb1, 0xca, 0xdd, 0xcf, 0x4c, 0x17, 0xa9, 0xae, 0xea, 0x54, + 0x55, 0x7b, 0x3c, 0x5c, 0x38, 0x20, 0x21, 0x2e, 0x2b, 0x21, 0x10, 0x07, 0x10, 0x1f, 0x80, 0x1b, + 0xf0, 0x1d, 0xf8, 0x0c, 0x20, 0x38, 0x2d, 0xf0, 0x35, 0x38, 0xa0, 0xaa, 0xee, 0x9e, 0x9e, 0xb1, + 0x03, 0x88, 0x03, 0xa7, 0xa9, 0xaa, 0x7e, 0xea, 0x79, 0xfd, 0x3d, 0xbf, 0x7a, 0x86, 0x6c, 0x31, + 0x6d, 0xf9, 0x90, 0x25, 0x36, 0x2a, 0xb4, 0xb2, 0x8a, 0x76, 0xfc, 0xcf, 0xed, 0x9b, 0xfe, 0x67, + 0xd7, 0x60, 0xce, 0xa4, 0xe5, 0x49, 0xf5, 0xb1, 0xfb, 0x9b, 0x80, 0x2c, 0x9d, 0x2a, 0x25, 0x28, + 0x25, 0x4b, 0x92, 0xe5, 0x18, 0x06, 0x10, 0x6c, 0xaf, 0xc5, 0x7e, 0x4d, 0xdf, 0x21, 0x8b, 0xa5, + 0x16, 0xe1, 0x82, 0x3f, 0x72, 0x4b, 0x7a, 0x87, 0x6c, 0x1a, 0xd4, 0x17, 0x78, 0x26, 0x54, 0xc2, + 0x84, 0x98, 0x84, 0x8b, 0x10, 0x6c, 0xaf, 0xc6, 0x1b, 0xfe, 0xf0, 0xb0, 0x3a, 0xa3, 0x1f, 0x90, + 0xad, 0x21, 0x17, 0x68, 0xac, 0xd2, 0x78, 0x56, 0x30, 0x9b, 0x85, 0x4b, 0x5e, 0xc3, 0xe6, 0xf4, + 0xf4, 0x98, 0xd9, 0x8c, 0xde, 0x26, 0xab, 0xee, 0xc0, 0x5b, 0xed, 0x78, 0x81, 0xe9, 0xde, 0x79, + 0x93, 0x31, 0x93, 0x85, 0xcb, 0x95, 0x37, 0x6e, 0xdd, 0x7d, 0x4a, 0xd6, 0x6d, 0xc6, 0x75, 0x7a, + 0x56, 0x30, 0x6d, 0x27, 0xf4, 0x7d, 0xd2, 0xb1, 0x4a, 0x09, 0x13, 0x06, 0xb0, 0xb8, 0xbd, 0xfe, + 0xe1, 0x7a, 0x15, 0x50, 0xe4, 0x82, 0x89, 0xab, 0x2f, 0x34, 0x24, 0x2b, 0x17, 0xa8, 0x0d, 0x57, + 0xd2, 0xc7, 0xb0, 0x14, 0x37, 0xdb, 0xee, 0x17, 0x01, 0xb9, 0xf1, 0x3d, 0x8e, 0x22, 0x7d, 0x82, + 0x26, 0xd1, 0xbc, 0xb0, 0x4a, 0xbb, 0xd8, 0x86, 0x9a, 0xa3, 0x4c, 0xc5, 0xe4, 0x6c, 0x26, 0x15, + 0x1b, 0xcd, 0xe1, 0x51, 0xed, 0x98, 0xff, 0xb6, 0x30, 0x93, 0xa6, 0xdb, 0x64, 0x55, 0x63, 0x81, + 0xcc, 0x62, 0x5a, 0xe7, 0x63, 0xba, 0x77, 0xf2, 0x76, 0x52, 0x60, 0x9d, 0x01, 0xbf, 0x76, 0x69, + 0x4d, 0x55, 0x52, 0xc7, 0xec, 0x96, 0xf4, 0x16, 0x59, 0x16, 0xec, 0x1c, 0x85, 0x09, 0x97, 0x61, + 0x71, 0x7b, 0x2d, 0xae, 0x77, 0x2e, 0x80, 0x14, 0x87, 0xac, 0x14, 0x36, 0x5c, 0xf1, 0xd2, 0xcd, + 0x96, 0x02, 0x59, 0x4f, 0x6b, 0xd7, 0x5d, 0x78, 0xab, 0xfe, 0xeb, 0xec, 0x51, 0xf7, 0x01, 0x59, + 0xdb, 0x97, 0x65, 0xfe, 0x82, 0x89, 0x12, 0xe9, 0x4d, 0xd2, 0xb9, 0x70, 0x0b, 0x1f, 0x53, 0x27, + 0xae, 0x36, 0x6f, 0x0b, 0xa6, 0xfb, 0xd7, 0x05, 0xb2, 0x75, 0x3a, 0x29, 0x70, 0x26, 0x31, 0xb5, + 0xbf, 0x41, 0xeb, 0xef, 0x15, 0xeb, 0x6b, 0xd7, 0xac, 0xd3, 0x88, 0x2c, 0x0f, 0x5d, 0x7e, 0x4d, + 0xb8, 0xe0, 0xcb, 0x73, 0xab, 0x2e, 0xcf, 0x95, 0xa4, 0xc7, 0xb5, 0xd4, 0xd4, 0x95, 0xc5, 0x99, + 0xbc, 0x5e, 0x2b, 0xc8, 0xca, 0xdb, 0x0b, 0xf2, 0x9a, 0xcb, 0xb4, 0x49, 0xb0, 0x5b, 0xbb, 0x68, + 0x95, 0x44, 0x35, 0xf4, 0x29, 0x5e, 0x8d, 0xab, 0x0d, 0x1d, 0xb4, 0xc9, 0xf4, 0xb0, 0xea, 0x3f, + 0xf8, 0xdb, 0x3f, 0xfe, 0xfe, 0x87, 0x60, 0x97, 0xde, 0x3b, 0xcd, 0x10, 0xbe, 0x6f, 0x94, 0x04, + 0x94, 0x89, 0x4a, 0x31, 0x85, 0x5a, 0x0e, 0x7c, 0x9a, 0x60, 0xa8, 0x34, 0xd8, 0x8c, 0x1b, 0x70, + 0xd5, 0x8b, 0xda, 0x1a, 0x3c, 0x24, 0x5b, 0x4c, 0x08, 0x35, 0xc6, 0xf4, 0xcc, 0x0b, 0x9a, 0x70, + 0xd5, 0xc7, 0xfa, 0x4e, 0x1d, 0xeb, 0x34, 0xfd, 0xf1, 0x66, 0x2d, 0xe7, 0x77, 0xa6, 0xfb, 0x11, + 0xe9, 0xb8, 0x14, 0x1b, 0xfa, 0x0d, 0xd2, 0xe1, 0x16, 0xf3, 0x06, 0xc3, 0xff, 0xdf, 0x60, 0x78, + 0x2e, 0xff, 0x71, 0x25, 0xd3, 0xfd, 0xe5, 0x22, 0xf9, 0xbf, 0x5e, 0xdd, 0xda, 0xc7, 0x4c, 0xb3, + 0x1c, 0x2d, 0xea, 0xb7, 0xf6, 0xed, 0x0c, 0x6c, 0x16, 0xfe, 0x2d, 0x6c, 0x16, 0xaf, 0x17, 0xee, + 0x6d, 0x80, 0x0d, 0xc9, 0x4a, 0x92, 0x29, 0x9e, 0x60, 0x83, 0xcf, 0x66, 0x7b, 0xbd, 0x44, 0x9d, + 0xeb, 0x25, 0xda, 0xfb, 0x22, 0xf8, 0x8b, 0x4b, 0xf4, 0x9f, 0x03, 0xf2, 0xc7, 0xa0, 0x09, 0xc0, + 0x40, 0xce, 0x26, 0xc0, 0x92, 0x04, 0x0b, 0x0b, 0x45, 0x13, 0x8d, 0x81, 0x71, 0xc6, 0x93, 0x0c, + 0x98, 0x46, 0x60, 0xa9, 0xab, 0x84, 0x55, 0x60, 0x33, 0x04, 0x93, 0xa8, 0x02, 0xa1, 0xd0, 0xdc, + 0x95, 0x42, 0x01, 0x5e, 0x62, 0x52, 0x3a, 0x77, 0x23, 0x38, 0x1a, 0x9c, 0xee, 0xef, 0x01, 0x13, + 0x62, 0x56, 0x8b, 0xbb, 0x6f, 0xac, 0xe6, 0x72, 0x64, 0xe0, 0x1e, 0xf0, 0x21, 0x4c, 0x54, 0x09, + 0x12, 0x31, 0x05, 0xa3, 0x72, 0xb4, 0x19, 0x97, 0x23, 0x40, 0x61, 0xd0, 0xeb, 0x7e, 0x53, 0xa2, + 0x9e, 0x40, 0xc2, 0x24, 0x94, 0xb2, 0x60, 0xc9, 0x6b, 0xc0, 0x68, 0x14, 0xc1, 0x50, 0xab, 0x1c, + 0x9e, 0x9e, 0x0c, 0x8e, 0xa0, 0x34, 0x4e, 0xdc, 0x49, 0xba, 0xed, 0x31, 0xd3, 0x06, 0xb7, 0xef, + 0xc2, 0x8b, 0xe7, 0x87, 0x30, 0x2c, 0x65, 0xe2, 0xbd, 0xe8, 0xfe, 0x64, 0x99, 0x6c, 0x35, 0xa1, + 0x9d, 0xa8, 0x52, 0x27, 0x48, 0x7f, 0x1b, 0xcc, 0x42, 0xba, 0xff, 0xab, 0xc0, 0xa3, 0xed, 0xe7, + 0x01, 0xfd, 0x69, 0xe0, 0xf0, 0xe6, 0x3e, 0x81, 0x1a, 0x56, 0xc0, 0x6a, 0x18, 0x1b, 0x8c, 0xbf, + 0x1b, 0xc1, 0xc1, 0x10, 0xa4, 0xb2, 0x60, 0xd0, 0xc2, 0x18, 0xa1, 0xac, 0x3d, 0x35, 0xd3, 0x3b, + 0xd8, 0x5e, 0xe1, 0xd6, 0xa0, 0x18, 0x46, 0x70, 0x3a, 0x7b, 0x98, 0xa8, 0xbc, 0xe0, 0x02, 0x35, + 0x8c, 0xb9, 0x10, 0x30, 0x42, 0x89, 0x9a, 0x59, 0x04, 0x56, 0x07, 0x3b, 0xe6, 0x36, 0xab, 0x2c, + 0x3b, 0x37, 0xa2, 0x1a, 0x36, 0x9f, 0x07, 0xf3, 0xe8, 0xf0, 0x10, 0xe8, 0xbf, 0xf6, 0x7e, 0x23, + 0x4d, 0x7a, 0x30, 0xf3, 0xb1, 0x4e, 0x6f, 0xdb, 0x1b, 0x8d, 0xe7, 0x47, 0xca, 0x22, 0x70, 0xeb, + 0xf3, 0x79, 0x8e, 0xc0, 0xa5, 0x45, 0x5d, 0x28, 0xe1, 0xc8, 0xb0, 0x32, 0xab, 0x6c, 0x86, 0xba, + 0xf5, 0x74, 0x46, 0xa7, 0x89, 0xe6, 0xa1, 0x98, 0x91, 0x8d, 0x42, 0x63, 0xa2, 0x64, 0xca, 0xbd, + 0x3f, 0x1e, 0xe2, 0xfd, 0x27, 0xde, 0x9f, 0xef, 0xd0, 0x8f, 0x7b, 0xbe, 0x06, 0x78, 0x59, 0x68, + 0x34, 0x8e, 0xd4, 0x1d, 0x30, 0xce, 0x11, 0xd0, 0xf5, 0xa2, 0x37, 0x37, 0x85, 0x4b, 0x53, 0xc1, + 0xd6, 0xcd, 0x78, 0x4e, 0x33, 0xfd, 0x88, 0x74, 0x7c, 0x62, 0x6a, 0x62, 0x78, 0xcf, 0x9b, 0x08, + 0xe9, 0xad, 0x1e, 0xe4, 0xa5, 0xb0, 0xfc, 0x9e, 0xe0, 0x12, 0xbd, 0x35, 0x2f, 0x15, 0x57, 0xc2, + 0xd4, 0x92, 0x15, 0xb7, 0xe0, 0x58, 0x91, 0xdc, 0x5a, 0xff, 0x95, 0xbf, 0x77, 0x4a, 0xe3, 0xe7, + 0xd5, 0x31, 0xd8, 0x8c, 0xd9, 0xaa, 0x04, 0xba, 0x94, 0xc0, 0x25, 0x28, 0x9d, 0xa2, 0x8e, 0x60, + 0x20, 0xc5, 0x04, 0x54, 0x69, 0x8b, 0xd2, 0x56, 0x40, 0x73, 0x15, 0x15, 0xcc, 0xd8, 0x69, 0x7d, + 0x84, 0x70, 0xb1, 0x24, 0x4a, 0x08, 0x4c, 0x2c, 0xa6, 0x51, 0xdc, 0x98, 0xa2, 0x86, 0x6c, 0x14, + 0xca, 0xd8, 0xb3, 0x42, 0xab, 0x04, 0x8d, 0x09, 0x3b, 0xde, 0xf4, 0xb1, 0x37, 0xfd, 0x94, 0x7e, + 0xda, 0x03, 0xc1, 0x8d, 0x75, 0x28, 0x79, 0x73, 0xcd, 0x89, 0x73, 0xf4, 0x7e, 0xa8, 0x0b, 0xd4, + 0xde, 0xa2, 0x46, 0x53, 0x0a, 0x6b, 0x7c, 0x11, 0x9d, 0x4e, 0xa8, 0x75, 0x72, 0x39, 0x8a, 0xe2, + 0x75, 0x77, 0x72, 0x5c, 0x1d, 0xec, 0xdd, 0xf5, 0x1d, 0x7c, 0x87, 0xbc, 0xff, 0x32, 0x43, 0x8d, + 0xf3, 0x00, 0x1c, 0xa1, 0x35, 0x0e, 0x85, 0x90, 0x32, 0xcb, 0xa2, 0xee, 0x9f, 0x16, 0xc8, 0x72, + 0x8c, 0x85, 0xd2, 0x96, 0x3e, 0xab, 0xb9, 0xa4, 0x2a, 0xdc, 0xb7, 0xbc, 0x8b, 0xf7, 0xe9, 0x37, + 0x1d, 0xbd, 0x39, 0x07, 0xb5, 0x97, 0xda, 0x83, 0x67, 0x83, 0xa3, 0x83, 0xd3, 0x41, 0x7c, 0x70, + 0xf4, 0xc9, 0xd9, 0x93, 0xde, 0xc1, 0xe1, 0x67, 0x3b, 0x70, 0x3c, 0x38, 0x39, 0x3d, 0x3b, 0x8e, + 0x07, 0x8f, 0xf7, 0x4f, 0x4e, 0x0e, 0x8e, 0x3e, 0x69, 0x69, 0xc8, 0xf2, 0x1c, 0x55, 0x69, 0x3d, + 0x34, 0x97, 0xe2, 0x66, 0xeb, 0x5e, 0x60, 0x8b, 0x79, 0xe1, 0x50, 0x56, 0x33, 0xde, 0x74, 0x4f, + 0x1f, 0x11, 0xd2, 0x32, 0x43, 0xb8, 0xe8, 0x89, 0x36, 0xac, 0x89, 0xf6, 0x1a, 0x9d, 0xc6, 0x33, + 0xb2, 0x7b, 0x9f, 0x57, 0xbc, 0xf5, 0xe3, 0x80, 0xfc, 0x28, 0xe8, 0xd5, 0xde, 0x02, 0x37, 0xd3, + 0x76, 0x4a, 0xdb, 0xda, 0xd5, 0xb5, 0xbc, 0xda, 0x9b, 0x6d, 0xfd, 0x5c, 0x7b, 0x6a, 0x6c, 0xba, + 0xc2, 0xa3, 0xaa, 0x10, 0xd8, 0x28, 0x75, 0xe1, 0xcd, 0xea, 0x4d, 0xb1, 0x40, 0x99, 0x3a, 0xd0, + 0x2a, 0x09, 0x89, 0x92, 0x16, 0x2f, 0x6d, 0xd4, 0xfd, 0x1d, 0x21, 0xab, 0x8d, 0xc7, 0xf4, 0xf7, + 0xc1, 0x2c, 0xf1, 0xf7, 0x7f, 0x5d, 0xd1, 0xcb, 0x2f, 0x02, 0xfa, 0xb3, 0x2b, 0xf4, 0xd2, 0xba, + 0x13, 0xc1, 0x49, 0xa6, 0x4a, 0x91, 0x3a, 0x0f, 0x4a, 0xc9, 0xdf, 0x94, 0x08, 0x4c, 0xa6, 0x9e, + 0x88, 0x9d, 0x0d, 0xc6, 0x25, 0xa4, 0xca, 0x9a, 0x08, 0x7a, 0x8e, 0x71, 0x86, 0xa5, 0x00, 0x93, + 0x64, 0x98, 0xa3, 0x8b, 0xd9, 0xf5, 0x96, 0x46, 0xf6, 0x1a, 0x12, 0x66, 0x71, 0xa4, 0x3c, 0xb0, + 0x7c, 0x3b, 0xa7, 0xca, 0x56, 0x84, 0x79, 0xc8, 0x65, 0x79, 0x19, 0xf5, 0xb5, 0x1a, 0x1b, 0xd4, + 0x26, 0x7a, 0x9c, 0x69, 0x95, 0xe3, 0xa7, 0xdc, 0xcd, 0x7b, 0x93, 0x9a, 0x60, 0x9e, 0xcf, 0xf3, + 0x8b, 0xaf, 0x54, 0x7f, 0xd7, 0x3b, 0x7e, 0x97, 0x7e, 0xed, 0xa5, 0xc3, 0xe9, 0x3c, 0xb5, 0x19, + 0xb0, 0x7a, 0xe2, 0x7b, 0x57, 0x35, 0xb9, 0xbc, 0xc2, 0x11, 0x0f, 0xc9, 0x32, 0x2b, 0x6d, 0xa6, + 0x74, 0xb8, 0xe1, 0xb5, 0x7d, 0xc5, 0x6b, 0xfb, 0x32, 0xfd, 0x52, 0xcf, 0x9f, 0x5e, 0x4b, 0x41, + 0x5c, 0x8b, 0xd3, 0x27, 0x64, 0x4d, 0xe3, 0x10, 0x35, 0xca, 0x04, 0xeb, 0x1e, 0xfa, 0xaa, 0xbf, + 0x0b, 0xf4, 0x3d, 0x57, 0xec, 0xfa, 0x53, 0x4b, 0x70, 0xad, 0x8a, 0xf6, 0x22, 0x35, 0xe4, 0xa6, + 0xc6, 0x37, 0x25, 0xd7, 0x98, 0x9e, 0x15, 0xa8, 0x73, 0xee, 0x99, 0xc8, 0x84, 0x9b, 0x5e, 0xe1, + 0x77, 0xbd, 0xc2, 0x3d, 0xfa, 0xa8, 0x6d, 0xca, 0x46, 0x1a, 0x66, 0xa4, 0x67, 0xa2, 0xbb, 0x6a, + 0xea, 0xdd, 0x46, 0xfe, 0xb8, 0x15, 0x6f, 0x27, 0xdf, 0x1b, 0xff, 0x72, 0xf2, 0xbd, 0x4a, 0x9d, + 0xab, 0xff, 0x33, 0xea, 0x14, 0xff, 0x4d, 0x7b, 0xf5, 0x3f, 0xf4, 0x1e, 0xec, 0xd0, 0xaf, 0x1f, + 0xb7, 0x8f, 0x75, 0x65, 0xbb, 0xd0, 0xea, 0x82, 0xcf, 0xbc, 0xf8, 0x6d, 0x0e, 0x66, 0xf4, 0xd3, + 0x41, 0xcd, 0x28, 0xc4, 0xc7, 0xf3, 0x6d, 0xaf, 0xed, 0x01, 0xbd, 0xef, 0x10, 0x6f, 0x6b, 0x56, + 0x99, 0x3e, 0xe9, 0x11, 0x3c, 0xae, 0xba, 0xed, 0x68, 0x10, 0x3f, 0xeb, 0x1d, 0xee, 0xc0, 0xfe, + 0x8b, 0xfd, 0xa3, 0xd3, 0x1d, 0x38, 0xd9, 0x8f, 0x5f, 0xec, 0xc7, 0x35, 0xa7, 0xbc, 0x22, 0x2b, + 0x55, 0x5c, 0x26, 0x5c, 0x9a, 0x9b, 0xc1, 0xe6, 0x5f, 0xf3, 0xfe, 0x5d, 0x6f, 0xea, 0x0e, 0xfd, + 0xcf, 0x04, 0x18, 0x37, 0x0a, 0xe9, 0x4b, 0xb2, 0xca, 0x65, 0x22, 0xca, 0x14, 0x4d, 0xb8, 0xe6, + 0x01, 0x31, 0x75, 0xb8, 0x05, 0xc4, 0xfc, 0x73, 0xe8, 0xb3, 0x91, 0xa3, 0x1e, 0x39, 0x4a, 0xd1, + 0x75, 0xca, 0x7d, 0xa3, 0x45, 0xf1, 0x54, 0x19, 0xcd, 0xc9, 0x4a, 0x45, 0x1c, 0x26, 0x5c, 0xf7, + 0x4e, 0x6f, 0xd6, 0x4e, 0x57, 0xbc, 0x3b, 0x5b, 0xe7, 0x16, 0x77, 0x5e, 0xde, 0xa9, 0x2f, 0x94, + 0x45, 0x69, 0xb9, 0xfb, 0xab, 0x36, 0xc7, 0xfa, 0x57, 0xb1, 0xd7, 0xd8, 0xa0, 0x8f, 0xc8, 0xa2, + 0x66, 0xe3, 0x6a, 0xfa, 0x6e, 0x9b, 0xc4, 0xe5, 0x5c, 0xb3, 0x31, 0x7c, 0xd6, 0x7b, 0x76, 0x78, + 0x6d, 0x90, 0x89, 0x62, 0x77, 0x65, 0xef, 0x87, 0x9e, 0x40, 0x27, 0x64, 0xdc, 0x93, 0x6d, 0xba, + 0xc6, 0x9a, 0x15, 0x06, 0x58, 0xfb, 0x9e, 0xba, 0x87, 0x51, 0x63, 0x69, 0xd8, 0xb9, 0xc0, 0x1d, + 0x48, 0x55, 0x52, 0xe6, 0x28, 0xfd, 0xbc, 0xc0, 0x26, 0x51, 0x3b, 0x30, 0xfa, 0xa1, 0x50, 0x08, + 0x60, 0xe7, 0xaa, 0x9c, 0x52, 0x6b, 0x8d, 0x4e, 0x37, 0xe8, 0xb9, 0x81, 0x89, 0x49, 0x26, 0x26, + 0x3f, 0xa8, 0xe7, 0xb5, 0x3c, 0xea, 0x7e, 0x4c, 0xde, 0x6d, 0x14, 0xb4, 0x03, 0xb5, 0xa1, 0x1f, + 0xcc, 0xcf, 0xdd, 0x37, 0xae, 0xd4, 0xbc, 0x9e, 0xb8, 0xfb, 0x0f, 0x5f, 0x3d, 0x18, 0x8f, 0xc7, + 0xd1, 0x05, 0x0a, 0x95, 0xf0, 0x14, 0x2f, 0xa3, 0x44, 0xe5, 0xbb, 0x23, 0x25, 0x98, 0x1c, 0xed, + 0x56, 0x87, 0x9a, 0x39, 0x85, 0xbb, 0xd3, 0xf2, 0xed, 0x7a, 0x45, 0xe7, 0xcb, 0xfe, 0xe7, 0xfe, + 0x3f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x16, 0xe1, 0x46, 0xfa, 0x8b, 0x0f, 0x00, 0x00, } diff --git a/artifacts/proto/artifact.proto b/artifacts/proto/artifact.proto index 6ef3e97faa2..169ce0b2fe3 100644 --- a/artifacts/proto/artifact.proto +++ b/artifacts/proto/artifact.proto @@ -139,6 +139,9 @@ message Report { description: "Type of report: MONITORING_DAILY, POST_PROCESSING" }]; + // If specified we only allow the report to take this long. + uint64 timeout = 4; + string template = 2; repeated ArtifactParameter parameters = 3; diff --git a/artifacts/testdata/server/testcases/js.in.yaml b/artifacts/testdata/server/testcases/js.in.yaml deleted file mode 100644 index 0416cf98c25..00000000000 --- a/artifacts/testdata/server/testcases/js.in.yaml +++ /dev/null @@ -1,3 +0,0 @@ -Queries: - - LET _ <= SELECT js(js='function foo(x, y) { return (1+x+y) }') FROM scope() - - SELECT js_call(func='foo', args=[5, 6]) FROM scope() diff --git a/artifacts/testdata/server/testcases/js.out.yaml b/artifacts/testdata/server/testcases/js.out.yaml deleted file mode 100644 index 55f9fbd2e98..00000000000 --- a/artifacts/testdata/server/testcases/js.out.yaml +++ /dev/null @@ -1,5 +0,0 @@ -LET _ <= SELECT js(js='function foo(x, y) { return (1+x+y) }') FROM scope()[]SELECT js_call(func='foo', args=[5, 6]) FROM scope()[ - { - "js_call(func='foo', args= [5, 6])": 12 - } -] \ No newline at end of file diff --git a/artifacts/testdata/windows/test.config.yaml b/artifacts/testdata/windows/test.config.yaml index 8b2b406c4c1..910c74dcbee 100644 --- a/artifacts/testdata/windows/test.config.yaml +++ b/artifacts/testdata/windows/test.config.yaml @@ -140,5 +140,5 @@ Frontend: Datastore: implementation: FileBaseDataStore - filestore_directory: d:/a/velociraptor/velociraptor/artifacts/testdata/server - location: d:/a/velociraptor/velociraptor/artifacts/testdata/server + filestore_directory: ./artifacts/testdata/server + location: ./artifacts/testdata/server diff --git a/config/proto/config.pb.go b/config/proto/config.pb.go index dc202814d2b..5d5b85375db 100644 --- a/config/proto/config.pb.go +++ b/config/proto/config.pb.go @@ -837,7 +837,9 @@ type GUIConfig struct { BindAddress string `protobuf:"bytes,1,opt,name=bind_address,json=bindAddress,proto3" json:"bind_address,omitempty"` BindPort uint32 `protobuf:"varint,2,opt,name=bind_port,json=bindPort,proto3" json:"bind_port,omitempty"` // Allows the GUI to start with no encryption - **WARNING** This - // only makes sense if you have TLS proxy in front. + // only makes sense if you have TLS proxy in front. In fact the + // GUI **will not work** without a TLS proxy because the csrf + // cookie is set to secure only. UsePlainHttp bool `protobuf:"varint,20,opt,name=use_plain_http,json=usePlainHttp,proto3" json:"use_plain_http,omitempty"` GwCertificate string `protobuf:"bytes,10,opt,name=gw_certificate,json=gwCertificate,proto3" json:"gw_certificate,omitempty"` GwPrivateKey string `protobuf:"bytes,11,opt,name=gw_private_key,json=gwPrivateKey,proto3" json:"gw_private_key,omitempty"` diff --git a/crypto/resolver.go b/crypto/resolver.go index 88fbb6df040..efede7bb9aa 100644 --- a/crypto/resolver.go +++ b/crypto/resolver.go @@ -136,6 +136,6 @@ func (self *serverPublicKeyResolver) Clear() {} func NewServerPublicKeyResolver(config_obj *config_proto.Config) publicKeyResolver { return &serverPublicKeyResolver{ config_obj: config_obj, - cache: cache.NewLRUCache(1000), + cache: cache.NewLRUCache(config_obj.Frontend.ExpectedClients), } } diff --git a/flows/foreman.go b/flows/foreman.go index 1c533e6ec89..4c2c729bb93 100644 --- a/flows/foreman.go +++ b/flows/foreman.go @@ -62,7 +62,7 @@ func ForemanProcessMessage( } // Update the client's event tables. - if foreman_checkin.LastEventTableVersion < services.GetClientEventsVersion() { + if foreman_checkin.LastEventTableVersion < services.GetClientEventsVersion(client_id) { err := QueueMessageForClient( config_obj, client_id, services.GetClientUpdateEventTableMessage()) diff --git a/glob/glob.go b/glob/glob.go index b680630d8d6..1b7d7553bc7 100644 --- a/glob/glob.go +++ b/glob/glob.go @@ -270,7 +270,8 @@ func (self Globber) ExpandWithContext( files, err := accessor.ReadDir(root) if err != nil { logging.GetLogger(config_obj, &logging.GenericComponent). - Debug("Globber.ExpandWithContext: %v", err) + Debug("Globber.ExpandWithContext: %v while processing %v", + err, root) return } diff --git a/go.mod b/go.mod index 62cff3942f1..3b70d162ec6 100644 --- a/go.mod +++ b/go.mod @@ -118,7 +118,7 @@ require ( www.velocidex.com/golang/go-prefetch v0.0.0-20200722101157-37e4751dd5ca www.velocidex.com/golang/oleparse v0.0.0-20190327031422-34195d413196 www.velocidex.com/golang/regparser v0.0.0-20190625082115-b02dc43c2500 - www.velocidex.com/golang/vfilter v0.0.0-20200726131813-04a09f274e56 + www.velocidex.com/golang/vfilter v0.0.0-20200727140534-62d8796e5b00 www.velocidex.com/golang/vtypes v0.0.0-20180924145839-b0d509f8925b ) diff --git a/go.sum b/go.sum index f426e873f9c..fd47952aad1 100644 --- a/go.sum +++ b/go.sum @@ -596,5 +596,7 @@ www.velocidex.com/golang/vfilter v0.0.0-20200724144634-a3d13a0c4357 h1:59puivp9x www.velocidex.com/golang/vfilter v0.0.0-20200724144634-a3d13a0c4357/go.mod h1:mABF6rGkfq9qwvo2SppBxYonhnd8OPSA6rxzzl75A4Y= www.velocidex.com/golang/vfilter v0.0.0-20200726131813-04a09f274e56 h1:q9SqOM9bdniaST9F9HuiPN9SEAboZ8U74pCOKuq0d9s= www.velocidex.com/golang/vfilter v0.0.0-20200726131813-04a09f274e56/go.mod h1:mABF6rGkfq9qwvo2SppBxYonhnd8OPSA6rxzzl75A4Y= +www.velocidex.com/golang/vfilter v0.0.0-20200727140534-62d8796e5b00 h1:MuI/soPYh7ZyAfQr1JyMkv4392XFrmrNjCaHWQi0Exg= +www.velocidex.com/golang/vfilter v0.0.0-20200727140534-62d8796e5b00/go.mod h1:mABF6rGkfq9qwvo2SppBxYonhnd8OPSA6rxzzl75A4Y= www.velocidex.com/golang/vtypes v0.0.0-20180924145839-b0d509f8925b h1:z5v5o1dhtzaxvlWm6qSTYZ4OTr56Ol2JpM1Y5Wu9zQE= www.velocidex.com/golang/vtypes v0.0.0-20180924145839-b0d509f8925b/go.mod h1:tXxIx8UJuI81Hoxcv0DTq2a1Pi1H6l1uCf4dhqUSUkw= diff --git a/magefile.go b/magefile.go index 03b9826cec3..56a104ea939 100644 --- a/magefile.go +++ b/magefile.go @@ -164,6 +164,7 @@ func Auto() error { func AutoDev() error { return Builder{goos: runtime.GOOS, arch: runtime.GOARCH, + extra_tags: " yara ", filename: "velociraptor", extra_flags: []string{"-race"}}.Run() } diff --git a/reporting/gui.go b/reporting/gui.go index 4010a053a82..e14b2af2ce9 100644 --- a/reporting/gui.go +++ b/reporting/gui.go @@ -11,6 +11,7 @@ import ( "strings" "sync" "text/template" + "time" "github.com/Depado/bfchroma" "github.com/Masterminds/sprig" @@ -22,6 +23,7 @@ import ( blackfriday "github.com/russross/blackfriday/v2" actions_proto "www.velocidex.com/golang/velociraptor/actions/proto" "www.velocidex.com/golang/velociraptor/artifacts" + artifacts_proto "www.velocidex.com/golang/velociraptor/artifacts/proto" config_proto "www.velocidex.com/golang/velociraptor/config/proto" "www.velocidex.com/golang/velociraptor/file_store" "www.velocidex.com/golang/velociraptor/result_sets" @@ -262,7 +264,15 @@ func (self *GuiTemplateEngine) Timeline(values ...interface{}) string { } } -func (self *GuiTemplateEngine) Execute(template_string string) (string, error) { +func (self *GuiTemplateEngine) Execute(report *artifacts_proto.Report) (string, error) { + template_string := report.Template + + // Hard limit for report generation can be specified in the + // definition. + if report.Timeout > 0 { + self.ctx, _ = context.WithTimeout(self.ctx, time.Second*time.Duration(report.Timeout)) + } + tmpl, err := self.tmpl.Parse(SanitizeGoTemplates(template_string)) if err != nil { return "", err diff --git a/reporting/html.go b/reporting/html.go index 0dbd9d6b7ce..51669ec35be 100644 --- a/reporting/html.go +++ b/reporting/html.go @@ -19,6 +19,7 @@ import ( blackfriday "github.com/russross/blackfriday/v2" actions_proto "www.velocidex.com/golang/velociraptor/actions/proto" "www.velocidex.com/golang/velociraptor/artifacts" + artifacts_proto "www.velocidex.com/golang/velociraptor/artifacts/proto" config_proto "www.velocidex.com/golang/velociraptor/config/proto" vql_subsystem "www.velocidex.com/golang/velociraptor/vql" "www.velocidex.com/golang/vfilter" @@ -138,8 +139,8 @@ func (self *HTMLTemplateEngine) RenderRaw( return buffer.String(), nil } -func (self *HTMLTemplateEngine) Execute(template_string string) (string, error) { - tmpl, err := self.tmpl.Parse(SanitizeGoTemplates(template_string)) +func (self *HTMLTemplateEngine) Execute(report *artifacts_proto.Report) (string, error) { + tmpl, err := self.tmpl.Parse(SanitizeGoTemplates(report.Template)) if err != nil { return "", err } diff --git a/reporting/report.go b/reporting/report.go index a1c70c33f9e..2537d449e6c 100644 --- a/reporting/report.go +++ b/reporting/report.go @@ -17,7 +17,7 @@ import ( // An expander is presented to the go templates to implement template // operations. type TemplateEngine interface { - Execute(template_string string) (string, error) + Execute(report *artifacts_proto.Report) (string, error) SetEnv(key string, value interface{}) GetArtifact() *artifacts_proto.Artifact Close() @@ -131,7 +131,7 @@ func GenerateMonitoringDailyReport(template_engine TemplateEngine, "client_event", "monitoring_daily", }) { - value, err := template_engine.Execute(report.Template) + value, err := template_engine.Execute(report) if err != nil { return "", err } @@ -157,7 +157,7 @@ func GenerateArtifactDescriptionReport( template_engine.SetEnv("artifact", artifact) for _, report := range getArtifactReports( template_artifact, []string{"internal"}) { - return template_engine.Execute(report.Template) + return template_engine.Execute(report) } } @@ -228,7 +228,7 @@ func GenerateServerMonitoringReport( template_engine.SetEnv(param.Name, param.Default) } - value, err := template_engine.Execute(report.Template) + value, err := template_engine.Execute(report) if err != nil { return "", err } @@ -261,7 +261,7 @@ func GenerateClientReport(template_engine TemplateEngine, template_engine.SetEnv(param.Name, param.Default) } - value, err := template_engine.Execute(report.Template) + value, err := template_engine.Execute(report) if err != nil { return "", err } @@ -292,7 +292,7 @@ func GenerateHuntReport(template_engine TemplateEngine, template_engine.SetEnv(param.Name, param.Default) } - value, err := template_engine.Execute(report.Template) + value, err := template_engine.Execute(report) if err != nil { return "", err } diff --git a/server/server_test.go b/server/server_test.go index acc0cd52499..05ee838c2da 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -164,7 +164,7 @@ func (self *ServerTestSuite) TestClientEventTable() { // Wait for the service to fully come up. time.Sleep(time.Second) - old_version := services.GetClientEventsVersion() + old_version := services.GetClientEventsVersion(self.client_id) err = services.UpdateClientEventTable(self.config_obj, new_table) _, err = services.StartHuntDispatcher(ctx, wg, self.config_obj) @@ -173,12 +173,12 @@ func (self *ServerTestSuite) TestClientEventTable() { // Wait up to 10 sec, for the journaling service to pass the // message along and update the client events table. for i := 0; i < 100; i++ { - if old_version != services.GetClientEventsVersion() { + if old_version != services.GetClientEventsVersion(self.client_id) { break } time.Sleep(100 * time.Millisecond) } - assert.NotEqual(t, old_version, services.GetClientEventsVersion()) + assert.NotEqual(t, old_version, services.GetClientEventsVersion(self.client_id)) // Send a foreman checkin message from client with old event // table version. @@ -203,7 +203,7 @@ func (self *ServerTestSuite) TestClientEventTable() { assert.NotNil(t, tasks[0].UpdateEventTable) assert.Equal(t, tasks[0].UpdateEventTable.Version, - services.GetClientEventsVersion()) + services.GetClientEventsVersion(self.client_id)) } // Create a new hunt. Client sends a ForemanCheckin message with diff --git a/services/client_monitoring.go b/services/client_monitoring.go index 212d181165e..f17f101333e 100644 --- a/services/client_monitoring.go +++ b/services/client_monitoring.go @@ -41,7 +41,7 @@ type ClientEventTable struct { job *crypto_proto.GrrMessage } -func GetClientEventsVersion() uint64 { +func GetClientEventsVersion(client_id string) uint64 { return atomic.LoadUint64(&gEventTable.version) } diff --git a/vql/tools/js.go b/vql/tools/js.go index fba60cd72a9..587aa33dd53 100644 --- a/vql/tools/js.go +++ b/vql/tools/js.go @@ -1,4 +1,4 @@ -//+build extras +//+build extras,disable package tools diff --git a/vql/windows/dns/doc.go b/vql/windows/dns/doc.go index 1ffe03d57b3..6b5e7c88020 100644 --- a/vql/windows/dns/doc.go +++ b/vql/windows/dns/doc.go @@ -1 +1,3 @@ +// +build windows + package dns diff --git a/vql/windows/filesystems/ntfs_windows.go b/vql/windows/filesystems/ntfs_windows.go index 1cabbd1c634..8ef725330df 100644 --- a/vql/windows/filesystems/ntfs_windows.go +++ b/vql/windows/filesystems/ntfs_windows.go @@ -23,7 +23,6 @@ package filesystems import ( - "errors" "fmt" "io" "os" @@ -34,6 +33,7 @@ import ( "time" "github.com/Velocidex/ordereddict" + errors "github.com/pkg/errors" ntfs "www.velocidex.com/golang/go-ntfs/parser" "www.velocidex.com/golang/velociraptor/glob" "www.velocidex.com/golang/velociraptor/json" @@ -205,6 +205,13 @@ func (self *NTFSFileSystemAccessor) getNTFSContext(device string) ( return nil, err } + // Try to read a bit to detect permission errors right here. + buf := make([]byte, 1) + _, err = reader.ReadAt(buf, 0) + if err != nil { + return nil, errors.Wrap(err, "Unable to read raw device - do you have permissions?") + } + ntfs_ctx, err := ntfs.GetNTFSContext(reader, 0) if err != nil { return nil, err