def Layout(self, request, response):
if self.proxy:
collection = self.proxy
else:
try:
aff4_path = self.state.get("aff4_path") or request.REQ.get(
"aff4_path")
collection = aff4.FACTORY.Open(
aff4_path,
aff4_type="RekallResponseCollection",
token=request.token)
except IOError:
return
output_directories = set()
for rekall_response in collection:
for statement in json.loads(rekall_response.json_messages):
command = statement[0]
# Metadata about currently running plugin.
if command == "m":
# Flush any old tables.
self._flush_table()
self._flush_freetext()
self.elements.append(PluginHeader(statement[1]))
# Start new Section.
elif command == "s":
self._flush_table()
self._flush_freetext()
self.elements.append(SectionHeader(**statement[1]))
# Free format statement.
elif command == "f":
self._flush_table()
format_string = statement[1]
try:
args = statement[2:]
except IndexError:
args = []
def FormatCallback(match):
arg_pos = int(match.group(1))
# It's ok to reference args[arg_pos] as FormatCallback is only
# used in the next re.sub() call and nowhere else.
arg = args[arg_pos] # pylint: disable=cell-var-from-loop
return GetRekallObjectSummary(arg)
rendered_free_text = re.sub(r"\{(\d+)(?:\:.+?\}|\})",
FormatCallback, format_string)
self.free_text.append(rendered_free_text)
# Errors reported from Rekall.
elif command == "e":
self._flush_table()
self._flush_freetext()
self.elements.append(RekallErrorRenderer(statement[1]))
# Start Table
elif command == "t":
self._flush_table()
self._flush_freetext()
# Create a new table.
self.current_table = RekallTable(statement[1])
# Add row to current table.
elif command == "r":
self._flush_freetext()
if not self.current_table:
logging.warn(
"Rekall plugin %s tried to write a "
"table row but no table was defined.",
rekall_response.plugin)
# This is pretty bad but at least we can show the data somehow.
self.free_text.append(utils.SmartStr(statement[1]))
continue
self.current_table.AddRow(statement[1])
# File that was output by rekall and extracted.
elif command == "file":
# Currently, when we render a client URN the link leads the user to
# the directory in the virtual file system, not the particular
# file. So we just render one link for each output directory.
file_urn = aff4.AFF4Object.VFSGRRClient.PathspecToURN(
rdf_paths.PathSpec(**statement[1]),
rekall_response.client_urn)
output_directories.add(rdfvalue.RDFURN(file_urn.Dirname()))
elif command == "p":
# "p" command indicates progress, we don't render it.
pass
self._flush_table()
self._flush_freetext()
for directory in output_directories:
self.elements.append(semantic.RDFURNRenderer(directory))
return super(RekallResponseCollectionRenderer,
self).Layout(request, response)
def Layout(self, request, response):
if self.proxy:
collection = self.proxy
else:
try:
aff4_path = self.state.get("aff4_path") or request.REQ.get(
"aff4_path")
collection = aff4.FACTORY.Open(
aff4_path,
aff4_type="RekallResponseCollection",
token=request.token)
except IOError:
return
output_directories = sets.Set()
for rekall_response in collection:
for statement in json.loads(rekall_response.json_messages):
if len(statement) >= 1:
object_renderer = json_renderer.JsonObjectRenderer.FromEncoded(
statement[1],
"DataExportRenderer")(renderer="DataExportRenderer")
statement = [
object_renderer.DecodeFromJsonSafe(s, {})
for s in statement
]
command = statement[0]
# Metadata about currently running plugin.
if command == "m":
# Flush any old tables.
self._flush_table()
self._flush_freetext()
self.elements.append(PluginHeader(statement[1]))
# Start new Section.
elif command == "s":
self._flush_table()
self._flush_freetext()
self.elements.append(SectionHeader(**statement[1]))
# Free format statement.
elif command == "f":
self._flush_table()
format_string = statement[1]
try:
args = statement[2:]
except IndexError:
args = []
self.free_text.append(format_string.format(*args))
# Errors reported from Rekall.
elif command == "e":
self._flush_table()
self._flush_freetext()
self.elements.append(RekallErrorRenderer(statement[1]))
# Start Table
elif command == "t":
self._flush_table()
self._flush_freetext()
# Create a new table.
self.current_table = RekallTable(statement[1])
# Add row to current table.
elif command == "r":
self._flush_freetext()
if not self.current_table:
logging.warn(
"Rekall plugin %s tried to write a "
"table row but no table was defined.",
rekall_response.plugin)
# This is pretty bad but at least we can show the data somehow.
self.free_text.append(utils.SmartStr(statement[1]))
continue
self.current_table.AddRow(statement[1])
# File that was output by rekall and extracted.
elif command == "file":
# Currently, when we render a client URN the link leads the user to
# the directory in the virtual file system, not the particular
# file. So we just render one link for each output directory.
file_urn = aff4.AFF4Object.VFSGRRClient.PathspecToURN(
rdfvalue.PathSpec(**statement[1]),
rekall_response.client_urn)
output_directories.add(rdfvalue.RDFURN(file_urn.Dirname()))
self._flush_table()
self._flush_freetext()
for directory in output_directories:
self.elements.append(semantic.RDFURNRenderer(directory))
return super(RekallResponseCollectionRenderer,
self).Layout(request, response)