def file_upload(current): """Request an upload ticket for commencing file upload.""" upload_request = location.FileUploadRequest.from_json( current.request.body.getvalue()) return location.FileUploadResponse.from_keywords( url=blobstore.create_upload_url( utils.route_api("/control/file_upload_receive", upload_request=upload_request.to_json(), client_id=current.client_id), gs_bucket_name=app_identity.get_default_gcs_bucket_name( ))).to_primitive()
def upload(current, type, flow_id, part=0): collection_id = utils.new_collection_id() result = location.BlobUploadSpecs.from_keywords( url=blobstore.create_upload_url( utils.route_api("/control/upload_receive", type=type, flow_id=flow_id, collection_id=collection_id, part=part, client_id=current.client_id), gs_bucket_name=app_identity.get_default_gcs_bucket_name( ))).to_primitive() return result
def manifest(_): """Serve the installation manifest to the client.""" result = agent.Manifest.from_keywords(startup=dict( # Drop progress reports when running this flow. ticket=dict(location=location.DevNull()), actions=[ client.StartupAction.from_keywords(rekall_session=dict(live="API"), location=dict( __type__="HTTPLocation", base=utils.route_api( "control/startup"), )) ])) return result.to_primitive()
def propose_from_flows(current, flow_ids, labels, approvers, name=None): """Launch a hunt from the flows on these labels.""" hunt_id = utils.new_hunt_id() now = time.time() also_upload_files = False result = agent.Flow.from_keywords( name=name or hunt_id, flow_id=hunt_id, created_time=now, creator=utils.get_current_username(current), ticket=dict( location=dict( __type__="HTTPLocation", base=utils.route_api('/control/hunt_ticket'), path_prefix=hunt_id, )), ) db = current.db seen = set() for flow_id in flow_ids: row = db(db.flows.flow_id == flow_id).select().first() if row: for action in row.flow.actions: if action.rekall_session.get("also_upload_files"): also_upload_files = True if isinstance(action, actions.PluginAction): action = actions.PluginAction.from_keywords( plugin=action.plugin, rekall_session=action.rekall_session, collection=dict( __type__="JSONCollection", location=dict( __type__="BlobUploader", base=html.URL( c="api", f="control", args=['upload'], host=True), path_template=( "collection/%s/{part}" % hunt_id), )), args=action.args) # Dedupe identical canned actions. key = action.to_json() if key in seen: continue seen.add(key) result.actions.append(action) if also_upload_files: result.file_upload = dict( __type__="FileUploadLocation", flow_id=hunt_id, base=html.URL(c="api", f='control/file_upload', host=True)) # Add the hunt to the hunts table. db.hunts.insert( hunt_id=hunt_id, creator=result.creator, flow=result, labels=labels, state="Proposed", timestamp=now) for approver in approvers: users.send_notifications( current, approver, "HUNT_APPROVAL_REQUEST", dict( hunt_id=hunt_id, user=utils.get_current_username(current))) audit.log(current, "HuntProposal", hunt_id=hunt_id) return {}
def launch_canned_flows(current, client_id, name): db = current.db row = db(db.canned_flows.name == name).select().first() if not row: raise ValueError("There is no canned flow with name '%s'" % name) also_upload_files = False flow_id = utils.new_flow_id() for action in row.flow.actions: if action.rekall_session.get("also_upload_files"): also_upload_files = True action.collection = dict(__type__="JSONCollection", location=dict( __type__="BlobUploader", base=html.URL(c="api", f="control", args=['upload'], host=True), path_template=("collection/%s/{part}" % flow_id), )) flow = agent.Flow.from_keywords( name=name, flow_id=flow_id, created_time=time.time(), ticket=dict(location=dict( __type__="HTTPLocation", base=utils.route_api('/control/ticket'), path_prefix=flow_id, )), actions=row.flow.actions, ) if also_upload_files: flow.file_upload = dict(__type__="FileUploadLocation", flow_id=flow_id, base=html.URL(c="api", f='control/file_upload', host=True)) db.flows.insert( flow_id=flow_id, client_id=client_id, status=agent.FlowStatus.from_keywords(timestamp=time.time(), client_id=client_id, flow_id=flow_id, status="Pending"), creator=utils.get_current_username(current), flow=flow, timestamp=flow.created_time.timestamp, ) firebase.notify_client(client_id) audit.log(current, "FlowLaunchCanned", flow_id=flow_id, canned_flow=name, client_id=client_id) return {}
def launch_plugin_flow(current, client_id, rekall_session, plugin, plugin_arg): """Launch the flow on the client.""" db = current.db flow_id = utils.new_flow_id() spec = plugins.RekallAPI(current).get(plugin) if not spec: raise ValueError("Unknown plugin") # Validate both plugin args and session args. validate_plugin_args(plugin_arg, spec) validate_plugin_args(rekall_session, plugins.SessionAPI(current)) flow = agent.Flow.from_keywords( flow_id=flow_id, created_time=time.time(), ticket=dict(location=dict( __type__="HTTPLocation", base=utils.route_api('/control/ticket'), path_prefix=flow_id, )), actions=[ dict(__type__="PluginAction", plugin=plugin, args=plugin_arg, rekall_session=rekall_session, collection=dict(__type__="JSONCollection", location=dict( __type__="BlobUploader", base=html.URL(c="api", f="control", args=['upload'], host=True), path_template=("collection/%s/{part}" % flow_id), ))) ]) if rekall_session.get("also_upload_files"): flow.file_upload = dict(__type__="FileUploadLocation", flow_id=flow_id, base=html.URL(c="api", f='control/file_upload', host=True)) db.flows.insert( flow_id=flow_id, client_id=client_id, status=agent.FlowStatus.from_keywords(timestamp=time.time(), client_id=client_id, flow_id=flow_id, status="Pending"), creator=utils.get_current_username(current), flow=flow, timestamp=flow.created_time.timestamp, ) firebase.notify_client(client_id) audit.log(current, "FlowLaunchPlugin", flow_id=flow_id, plugin=plugin, client_id=client_id) return {}