def BuildTable(self, start, end, request): """Draw table cells.""" row_count = 0 query_string = request.REQ.get("q", "") if not query_string: raise RuntimeError("A query string must be provided.") result_urns = search.SearchClients(query_string, start=start, max_results=end - start, token=request.token) result_set = aff4.FACTORY.MultiOpen(result_urns, token=request.token) self.message = "Searched for %s" % query_string for child in result_set: # Add the fd to all the columns self.AddRowFromFd(row_count + start, child) # Also update the online status. ping = child.Get(child.Schema.PING) or 0 self.columns[0].AddElement(row_count + start, long(ping)) row_count += 1 # We only show 50 hits here. return False
def BuildTable(self, start, end, request): """Draw table cells.""" row_count = 0 query_string = request.REQ.get("q", "") if not query_string: self.message = "A query string must be provided." return False try: result_urns = search.SearchClients(query_string, start=start, max_results=end - start, token=request.token) result_set = aff4.FACTORY.MultiOpen(result_urns, token=request.token) self.message = "Searched for %s" % query_string for child in result_set: # Add the fd to all the columns self.AddRowFromFd(row_count + start, child) # Also update the checkbox and online/crash status. for column in (self.columns[0], self.columns[1], self.columns[9]): column.AddElement(row_count + start, child) row_count += 1 except Exception as e: # pylint: disable=broad-except self.message = str(e) # We only show 50 hits here. return False
def testDeleteLabels(self): """Test the ability to search for clients via label.""" client_ids = self.SetupClients(2) client1 = aff4.FACTORY.Open(client_ids[0], token=self.token, mode="rw") client1.Set(client1.Schema.FQDN("lmao1.example.com")) client1.AddLabels(["label1", "label2", "label3"]) client1.Flush() results = list(search.SearchClients("label:label2", token=self.token)) self.assertEqual(len(results), 1) client1.RemoveLabels(["label2"]) client1.Close(sync=True) results = list(search.SearchClients("label:label2", token=self.token)) self.assertEqual(len(results), 0) results = list(search.SearchClients("label:label1", token=self.token)) self.assertEqual(len(results), 1)
def SearchClients(query_str, token=None, limit=1000): """Search indexes for clients. Returns list (client, hostname, os version).""" client_schema = aff4.AFF4Object.classes["VFSGRRClient"].SchemaCls results = [] result_urns = search.SearchClients(query_str, max_results=limit, token=token) result_set = aff4.FACTORY.MultiOpen(result_urns, token=token) for result in result_set: results.append((result, str(result.Get(client_schema.HOSTNAME)), str(result.Get(client_schema.OS_VERSION)), str(result.Get(client_schema.PING)))) return results
def BuildTable(self, start, end, request): """Draw table cells.""" row_count = 0 query_string = request.REQ.get("q", "") if not query_string: self.message = "A query string must be provided." return False logging.info("Processing Client Query [%s]" % query_string) try: # If the string begins with the token k, we treat the remaining tokens as # a keyword search. This is to allow people to try the keyword # functionality. # # TODO(user): Migrate fully to keyword index when it is sufficiently # tuned and tested. if query_string[:2] == "k ": keywords = shlex.split(query_string)[1:] index = aff4.FACTORY.Create(client_index.MAIN_INDEX, aff4_type="ClientIndex", mode="rw", token=request.token) result_urns = sorted(index.LookupClients(keywords), key=str)[start:end] else: result_urns = search.SearchClients(query_string, start=start, max_results=end - start, token=request.token) result_set = aff4.FACTORY.MultiOpen(result_urns, token=request.token) self.message = "Searched for %s" % query_string for child in result_set: # Add the fd to all the columns self.AddRowFromFd(row_count + start, child) # Also update the checkbox and online/crash status. for column in (self.columns[0], self.columns[1], self.columns[9]): column.AddElement(row_count + start, child) row_count += 1 except Exception as e: # pylint: disable=broad-except self.message = str(e) # We only show 50 hits here. return False
def testSearchLabels(self): """Test the ability to search for clients via label.""" client_ids = self.SetupClients(2) client1 = aff4.FACTORY.Open(client_ids[0], token=self.token, mode="rw") client2 = aff4.FACTORY.Open(client_ids[1], token=self.token, mode="rw") client1.Set(client1.Schema.FQDN("lmao1.example.com")) client2.Set(client2.Schema.FQDN("lmao2.example.com")) client1.AddLabels(["label1", "label2", "label3"]) client2.AddLabels(["label1"]) client1.Flush() client2.Flush() # Check we can search labels with or without index. results = list(search.SearchClients("label1", token=self.token)) self.assertEqual(len(results), 2) results.sort() self.assertEqual(str(results[0]), str(client1.urn)) results = list(search.SearchClients("label2", token=self.token)) self.assertEqual(str(results[0]), str(client1.urn)) self.assertEqual(len(results), 1) results = list(search.SearchClients("label", token=self.token)) self.assertEqual(len(results), 0)
def testSearch(self): """Test the ability to search for clients.""" client_ids = self.SetupClients(10) client1 = aff4.FACTORY.Open(client_ids[0], token=self.token, mode="rw") client2 = aff4.FACTORY.Open(client_ids[1], token=self.token, mode="rw") client1.Set(client1.Schema.FQDN("lmao.example.com")) client2.Set(client2.Schema.FQDN("lmao.example.com")) macs = client1.Get(client1.Schema.MAC_ADDRESS) client1.AddLabels(["label1", "label2", "label3"]) client1.Flush() client2.Flush() # Search for something indexed on two clients. results = list( search.SearchClients("lmao.example.com", token=self.token)) results.sort() self.assertEqual(results[0], client1.urn) self.assertEqual(len(results), 2) # Search for something indexed on many clients. results = list( search.SearchClients("example.com", token=self.token, max_results=4)) self.assertEqual(len(results), 4) results = list( search.SearchClients("example.com", token=self.token, max_results=1)) self.assertEqual(len(results), 1) # Check we can search mac addresses with or without index. mac_addr = str(macs).split()[0] results = list( search.SearchClients("mac:%s" % mac_addr, token=self.token)) self.assertEqual(results[0], client1.urn) self.assertEqual(len(results), 1) results = list(search.SearchClients("%s" % mac_addr, token=self.token)) self.assertEqual(results[0], client1.urn) self.assertEqual(len(results), 1) # Check we handle mac addresses in : format. mac_addr = ":".join(mac_addr[i:i + 2] for i in range(0, len(mac_addr), 2)) results = list(search.SearchClients(mac_addr.upper(), token=self.token)) self.assertEqual(len(results), 1) # Check we handle mac addresses in : format with prefix. results = list( search.SearchClients("mac:%s" % mac_addr, token=self.token)) self.assertEqual(len(results), 1)
def _CheckLabelIndex(self): """Check that label indexes are updated.""" self.assertEqual( list(search.SearchClients("label:Label2", token=self.token)), [self.client_id])