def ReadFlowResults(self, client_id, flow_id, offset, count, with_tag=None, with_type=None, with_substring=None): """Reads flow results of a given flow using given query options.""" results = sorted([ x.Copy() for x in self.flow_results.get((client_id, flow_id), []) ], key=lambda r: r.timestamp) # This is done in order to pass the tests that try to deserialize # value of an unrecognized type. for r in results: if utils.GetName( r.payload.__class__) not in rdfvalue.RDFValue.classes: r.payload = rdf_objects.SerializedValueOfUnrecognizedType( type_name=utils.GetName(r.payload.__class__), value=r.payload.SerializeToString()) if with_tag is not None: results = [i for i in results if i.tag == with_tag] if with_type is not None: results = [ i for i in results if utils.GetName(i.payload.__class__) == with_type ] if with_substring is not None: encoded_substring = with_substring.encode("utf8") results = [ i for i in results if encoded_substring in i.payload.SerializeToString() ] return results[offset:offset + count]
def ReadHuntResults(self, hunt_id, offset, count, with_tag=None, with_type=None, with_substring=None, with_timestamp=None, cursor=None): """Reads hunt results of a given hunt using given query options.""" hunt_id_int = db_utils.HuntIDToInt(hunt_id) query = ("SELECT client_id, flow_id, hunt_id, payload, type, " "UNIX_TIMESTAMP(timestamp), tag " "FROM flow_results " "FORCE INDEX(flow_results_hunt_id_flow_id_timestamp) " "WHERE hunt_id = %s ") args = [hunt_id_int] if with_tag: query += "AND tag = %s " args.append(with_tag) if with_type: query += "AND type = %s " args.append(with_type) if with_substring: query += "AND payload LIKE %s " args.append("%" + db_utils.EscapeWildcards(with_substring) + "%") if with_timestamp: query += "AND timestamp = FROM_UNIXTIME(%s) " args.append(mysql_utils.RDFDatetimeToTimestamp(with_timestamp)) query += "ORDER BY timestamp ASC LIMIT %s OFFSET %s" args.append(count) args.append(offset) cursor.execute(query, args) ret = [] for ( client_id_int, flow_id_int, hunt_id_int, serialized_payload, payload_type, timestamp, tag, ) in cursor.fetchall(): if payload_type in rdfvalue.RDFValue.classes: payload = rdfvalue.RDFValue.classes[ payload_type].FromSerializedBytes(serialized_payload) else: payload = rdf_objects.SerializedValueOfUnrecognizedType( type_name=payload_type, value=serialized_payload) result = rdf_flow_objects.FlowResult( client_id=db_utils.IntToClientID(client_id_int), flow_id=db_utils.IntToFlowID(flow_id_int), hunt_id=hunt_id, payload=payload, timestamp=mysql_utils.TimestampToRDFDatetime(timestamp)) if tag is not None: result.tag = tag ret.append(result) return ret