class SchemaCls(collections.AFF4Collection.SchemaCls):
"""Schema of the network object."""
INTERFACES = aff4.Attribute("aff4:interfaces", rdf_client.Interfaces,
"Network interfaces.", "Interfaces")
CONNECTIONS = aff4.Attribute("aff4:connections",
rdf_client.Connections,
"Network Connections", "Connections")
class SchemaCls(aff4.AFF4Volume.SchemaCls):
"""Attributes specific to VFSDirectory."""
STAT = aff4.Attribute("aff4:stat", rdf_client.StatEntry,
"A StatEntry describing this file.", "stat")
PATHSPEC = aff4.Attribute(
"aff4:pathspec", rdf_paths.PathSpec,
"The pathspec used to retrieve this object from the client.",
"pathspec")
class SchemaCls(Approval.SchemaCls):
"""The Schema for the ClientAccessApproval class."""
LIFETIME = aff4.Attribute(
"aff4:approval/lifetime", rdfvalue.RDFInteger,
"The number of seconds an approval is valid for.",
default=0)
BREAK_GLASS = aff4.Attribute(
"aff4:approval/breakglass", rdfvalue.RDFDatetime,
"The date when this break glass approval will expire.")
class SchemaCls(aff4.AFF4Image.SchemaCls):
_CHUNKSIZE = aff4.Attribute("aff4:chunksize",
rdfvalue.RDFInteger,
"Total size of each chunk.",
default=32)
LAST_CHUNK = aff4.Attribute(
"aff4:lastchunk",
rdfvalue.RDFInteger,
"The highest numbered chunk in this object.",
default=-1)
class SchemaCls(aff4.AFF4Image.SchemaCls):
"""The schema for AFF4 files in the GRR VFS."""
STAT = aff4.AFF4Object.VFSDirectory.SchemaCls.STAT
CONTENT_LOCK = aff4.Attribute(
"aff4:content_lock", rdfvalue.RDFURN,
"This lock contains a URN pointing to the flow that is currently "
"updating this object.")
FINGERPRINT = aff4.Attribute("aff4:fingerprint",
rdfvalue.FingerprintResponse,
"Protodict containing arrays of hashes.")
class SchemaCls(aff4.AFF4Object.SchemaCls):
SIZE = aff4.AFF4Stream.SchemaCls.SIZE
DESCRIPTION = aff4.Attribute("aff4:description", rdfvalue.RDFString,
"This collection's description", "description")
VIEW = aff4.Attribute("aff4:rdfview",
RDFValueCollectionView,
"The list of attributes which will show up in "
"the table.",
default="")
class SchemaCls(aff4.AFF4Image.SchemaCls):
"""The schema for Blob Images."""
STAT = VFSDirectory.SchemaCls.STAT
HASHES = aff4.Attribute("aff4:hashes", HashList,
"List of hashes of each chunk in this file.")
FINALIZED = aff4.Attribute(
"aff4:finalized", rdfvalue.RDFBool,
"Once a blobimage is finalized, further writes"
" will raise exceptions.")
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""AFF4 schema for CronHuntOutputMetadata."""
NUM_PROCESSED_RESULTS = aff4.Attribute(
"aff4:num_processed_results", rdfvalue.RDFInteger,
"Number of hunt results already processed by the cron job.",
versioned=False, default=0)
OUTPUT_PLUGINS = aff4.Attribute(
"aff4:output_plugins_state", rdf_flows.FlowState,
"Pickled output plugins.", versioned=False)
class SchemaCls(aff4.AFF4Image.SchemaCls):
"""The schema for AFF4 files in the GRR VFS."""
STAT = standard.VFSDirectory.SchemaCls.STAT
CONTENT_LOCK = aff4.Attribute(
"aff4:content_lock", rdfvalue.RDFURN,
"This lock contains a URN pointing to the flow that is currently "
"updating this flow.")
PATHSPEC = aff4.Attribute(
"aff4:pathspec", rdf_paths.PathSpec,
"The pathspec used to retrieve this object from the client.")
class SchemaCls(aff4.AFF4ImageBase.SchemaCls):
PATHSPEC = VFSDirectory.SchemaCls.PATHSPEC
STAT = aff4.AFF4Object.VFSDirectory.SchemaCls.STAT
_CHUNKSIZE = aff4.Attribute("aff4:chunksize", rdfvalue.RDFInteger,
"Total size of each chunk.", default=512 * 1024)
LAST_CHUNK = aff4.Attribute("aff4:lastchunk", rdfvalue.RDFInteger,
"The highest numbered chunk in this object.",
default=-1)
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""Schema for AFF4RegexNotificationRule."""
CLIENT_PATH_REGEX = aff4.Attribute(
"aff4:change_rule/client_path_regex", rdfvalue.RDFString,
"Regex to match the urn.")
EVENT_NAME = aff4.Attribute("aff4:change_rule/event_name",
rdfvalue.RDFString,
"Event to trigger on match.")
NOTIFY_ONLY_IF_NEW = aff4.Attribute(
"aff4:change_rule/notify_only_if_new", rdfvalue.RDFInteger,
"If True (1), then notify only when "
"the file is created for the first "
"time")
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""SchemaCls."""
FILESTORE_FILETYPES = aff4.Attribute(
"aff4:stats/filestore/filetypes", stats.Graph,
"Number of files in the filestore by type")
FILESTORE_FILETYPES_SIZE = aff4.Attribute(
"aff4:stats/filestore/filetypes_size", stats.GraphFloat,
"Total filesize in GB of files in the filestore by type")
FILESTORE_FILESIZE_HISTOGRAM = aff4.Attribute(
"aff4:stats/filestore/filesize", stats.Graph,
"Filesize histogram of files in the filestore")
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""The Schema for the Approval class."""
APPROVER = aff4.Attribute("aff4:approval/approver", rdfvalue.RDFString,
"An approver for the request.", "approver")
REASON = aff4.Attribute(
"aff4:approval/reason", rdfvalue.RDFString,
"The reason for requesting access to this client.")
EMAIL_MSG_ID = aff4.Attribute(
"aff4:approval/email_msg_id", rdfvalue.RDFString,
"The email thread message ID for this"
"approval. Storing this allows for "
"conversation threading.")
class SchemaCls(FileStoreImage.SchemaCls):
"""Schema class for NSRLFile."""
# We do not need child indexes since the NSRL database is quite big.
ADD_CHILD_INDEX = False
# Make the default SIZE argument as unversioned.
SIZE = aff4.Attribute("aff4:size", rdfvalue.RDFInteger,
"The total size of available data for this stream.",
"size", default=0, versioned=False)
TYPE = aff4.Attribute("aff4:type", rdfvalue.RDFString,
"The name of the AFF4Object derived class.", "type",
versioned=False)
NSRL = aff4.Attribute("aff4:nsrl", rdf_nsrl.NSRLInformation,
versioned=False)
class SchemaCls(aff4.AFF4Image.SchemaCls):
"""The schema for Blob Images."""
STAT = aff4.AFF4Object.VFSDirectory.SchemaCls.STAT
HASHES = aff4.Attribute("aff4:hashes", rdfvalue.HashList,
"List of hashes of each chunk in this file.")
FINGERPRINT = aff4.Attribute("aff4:fingerprint",
rdfvalue.FingerprintResponse,
"Protodict containing arrays of hashes.")
FINALIZED = aff4.Attribute(
"aff4:finalized", rdfvalue.RDFBool,
"Once a blobimage is finalized, further writes"
" will raise exceptions.")
class SchemaCls(standard.VFSDirectory.SchemaCls):
STATS = aff4.Attribute(
"aff4:stats",
rdf_client.ClientStats,
"Client Stats.",
"Client stats",
creates_new_object_version=False)
class SchemaCls(VFSAnalysisFile.SchemaCls):
"""The schema for AFF4 files in the GRR VFS."""
CONTENT_LOCK = aff4.Attribute(
"aff4:content_lock", rdfvalue.RDFURN,
"This lock contains a URN pointing to the flow that is currently "
"updating this flow.")
class SchemaCls(aff4.AFF4Image.SchemaCls):
"""The schema for AFF4 files in the GRR VFS."""
STAT = standard.VFSDirectory.SchemaCls.STAT
CONTENT_LOCK = aff4.Attribute(
"aff4:content_lock", rdfvalue.RDFURN,
"This lock contains a URN pointing to the flow that is currently "
"updating this flow.")
PATHSPEC = aff4.Attribute(
"aff4:pathspec", rdfvalue.PathSpec,
"The pathspec used to retrieve this object from the client.")
FINGERPRINT = aff4.Attribute("aff4:fingerprint",
rdfvalue.FingerprintResponse,
"Protodict containing arrays of hashes.")
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""Schema for GlobalNotificationsManager."""
NOTIFICATIONS = aff4.Attribute(
"aff4:global_notification_storage/notifications",
GlobalNotificationSet,
"List of currently active notifications",
versioned=False)
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""Schema for StatsStoreProcessData."""
METRICS_METADATA = aff4.Attribute(
"aff4:stats_store_process_data/metrics_metadata",
StatsStoreMetricsMetadata,
creates_new_object_version=False,
versioned=False)
class SchemaCls(aff4.AFF4MemoryStream.SchemaCls):
"""Signed blob attributes."""
BINARY = aff4.Attribute(
"aff4:signed_blob", rdfvalue.SignedBlob,
"Signed blob proto for deployment to clients."
"This is used for signing drivers, binaries "
"and python code.")
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""Schema for GRRUser."""
PENDING_NOTIFICATIONS = aff4.Attribute(
"aff4:notification/pending", rdfvalue.NotificationList,
"The notifications pending for the user.", default="")
SHOWN_NOTIFICATIONS = aff4.Attribute(
"aff4:notifications/shown", rdfvalue.NotificationList,
"Notifications already shown to the user.", default="")
GUI_SETTINGS = aff4.Attribute(
"aff4:gui/settings", rdfvalue.GUISettings,
"GUI Settings", default="")
PASSWORD = aff4.Attribute(
"aff4:user/password", CryptedPassword,
"Encrypted Password for the user")
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""Attributes specific to VFSDirectory."""
RULES = aff4.Attribute("aff4:rules",
rdf_foreman.ForemanRules,
"The rules the foreman uses.",
versioned=False,
creates_new_object_version=False,
default=rdf_foreman.ForemanRules())
class SchemaCls(GRRSignedBlob.SchemaCls):
INSTALLATION = aff4.Attribute(
"aff4:driver/installation",
rdfvalue.DriverInstallTemplate,
"The driver installation control protobuf.",
"installation",
default=rdfvalue.DriverInstallTemplate(driver_name="pmem",
device_path=r"\\.\pmem"))
class SchemaCls(aff4.AFF4Stream.SchemaCls):
FILE_ID = aff4.Attribute("aff4:file_id", rdfvalue.RDFString,
"This string uniquely identifies a "
"file stored in the file store. Passing "
"this id to the file store grants read "
"access to the corresponding data.")
STAT = standard.VFSDirectory.SchemaCls.STAT
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""The Schema for the Approval class."""
REQUESTOR = aff4.Attribute("aff4:approval/requestor", rdfvalue.RDFString,
"Requestor of the approval.")
APPROVER = aff4.Attribute("aff4:approval/approver", rdfvalue.RDFString,
"An approver for the request.", "approver")
SUBJECT = aff4.Attribute("aff4:approval/subject", rdfvalue.RDFURN,
"Subject of the approval. I.e. the resource that "
"requires approved access.")
REASON = aff4.Attribute("aff4:approval/reason",
rdfvalue.RDFString,
"The reason for requesting access to this client.")
EMAIL_MSG_ID = aff4.Attribute("aff4:approval/email_msg_id",
rdfvalue.RDFString,
"The email thread message ID for this"
"approval. Storing this allows for "
"conversation threading.")
EMAIL_CC = aff4.Attribute("aff4:approval/email_cc", rdfvalue.RDFString,
"Comma separated list of email addresses to "
"CC on approval emails.")
NOTIFIED_USERS = aff4.Attribute("aff4:approval/notified_users",
rdfvalue.RDFString,
"Comma-separated list of GRR users "
"notified about this approval.")
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""Schema for ClientFleetStats object."""
GRRVERSION_HISTOGRAM = aff4.Attribute("aff4:stats/grrversion",
stats.GraphSeries,
"GRR version statistics for active "
"clients.")
OS_HISTOGRAM = aff4.Attribute(
"aff4:stats/os_type", stats.GraphSeries,
"Operating System statistics for active clients.")
RELEASE_HISTOGRAM = aff4.Attribute("aff4:stats/release", stats.GraphSeries,
"Release statistics for active clients.")
LAST_CONTACTED_HISTOGRAM = aff4.Attribute("aff4:stats/last_contacted",
stats.Graph,
"Last contacted time")
class SchemaCls(standard.VFSDirectory.SchemaCls):
"""Attributes of the timeseries object."""
# Total number of events here
SIZE = aff4.AFF4Stream.SchemaCls.SIZE
START = aff4.Attribute("aff4:timeline/start", rdfvalue.RDFDatetime,
"The timestamp of the first event in this series")
END = aff4.Attribute("aff4:timeline/end", rdfvalue.RDFDatetime,
"The timestamp of the last event in this series")
DESCRIPTION = aff4.Attribute("aff4:description", rdfvalue.RDFString,
"This collection's description", "description")
TIMELINE = aff4.Attribute(
"aff4:timeline/view",
TimelineView,
"The columns that will be shown in the timeline.",
default="")
class SchemaCls(aff4.AFF4Object.SchemaCls):
"""AFF4 schema for CronHuntOutputMetadata."""
NUM_PROCESSED_RESULTS = aff4.Attribute(
"aff4:num_processed_results", rdfvalue.RDFInteger,
"Number of hunt results already processed by the cron job.",
versioned=False, default=0)
COLLECTION_RAW_OFFSET = aff4.Attribute(
"aff4:collection_raw_position", rdfvalue.RDFInteger,
"Effectively, number of bytes occuppied by NUM_PROCESSED_RESULTS "
"processed results in the results collection. Used to optimize "
"results collection access and not to iterate over all previously "
"processes results all the time.",
versioned=False, default=0)
OUTPUT_PLUGINS = aff4.Attribute(
"aff4:output_plugins_state", rdfvalue.FlowState,
"Pickled output plugins.", versioned=False)
class SchemaCls(RDFValueCollection.SchemaCls):
"""Schema for PackedVersionedCollection."""
DATA = aff4.Attribute("aff4:data", rdfvalue.EmbeddedRDFValue,
"The embedded semantic value.", versioned=True)
ADDITION_JOURNAL = aff4.Attribute("aff4:addition_journal",
rdfvalue.RDFInteger,
"Journal of Add(), AddAll(), and "
"AddToCollection() operations. Every "
"element in the journal is the number of "
"items added to collection when Add*() "
"was called.", versioned=True)
COMPACTION_JOURNAL = aff4.Attribute("aff4:compaction_journal",
rdfvalue.RDFInteger,
"Journal of compactions. Every item in "
"the journal is number of elements "
"that were compacted during particular "
"compaction.")