class StructGrrMessage(rdf_structs.RDFProtoStruct):
"""A serialization agnostic GrrMessage."""
type_description = type_info.TypeDescriptorSet(
rdf_structs.ProtoString(
name="session_id",
field_number=1,
description="Every Flow has a unique session id."),
rdf_structs.ProtoUnsignedInteger(
name="request_id",
field_number=2,
description="This message is in response to this request number"),
rdf_structs.ProtoUnsignedInteger(
name="response_id",
field_number=3,
description="Responses for each request."),
rdf_structs.ProtoString(
name="name",
field_number=4,
description=("This is the name of the client action that will be "
"executed. It is set by the flow and is executed by "
"the client.")),
rdf_structs.ProtoBinary(
name="args",
field_number=5,
description="This field contains an encoded rdfvalue."),
rdf_structs.ProtoString(
name="source",
field_number=6,
description=("Client name where the message came from (This is "
"copied from the MessageList)")),
)
def _GenerateOutputClass(self, class_name, tables):
"""Generates output class with a given name for a given set of tables."""
output_class = type(utils.SmartStr(class_name),
(rdfvalue.RDFProtoStruct, ), {})
if not tables:
raise RuntimeError(
"Can't generate output class without Rekall table "
"definition.")
field_number = 1
output_class.AddDescriptor(
structs.ProtoEmbedded(name="metadata",
field_number=field_number,
nested=rdfvalue.ExportedMetadata))
field_number += 1
output_class.AddDescriptor(
structs.ProtoString(name="section_name",
field_number=field_number))
field_number += 1
output_class.AddDescriptor(
structs.ProtoString(name="text", field_number=field_number))
# All the tables are merged into one. This is done so that if plugin
# outputs multiple tables, we get all possible columns in the output
# RDFValue.
used_names = set()
for table in tables:
for column_header in table:
column_name = None
try:
column_name = column_header["cname"]
except KeyError:
pass
if not column_name:
column_name = column_header["name"]
if not column_name:
raise RuntimeError(
"Can't determine column name in table header.")
if column_name in used_names:
continue
field_number += 1
used_names.add(column_name)
output_class.AddDescriptor(
structs.ProtoString(name=column_name,
field_number=field_number))
return output_class
class UnionTest(structs.RDFProtoStruct):
union_field = "struct_flavor"
type_description = type_info.TypeDescriptorSet(
structs.ProtoEnum(
name="struct_flavor",
field_number=1,
enum_name="Type",
enum=dict(FIRST=1, SECOND=2, THIRD=3),
default=3,
description="An union enum field"),
structs.ProtoFloat(
name="first",
field_number=2,
description="A float number",
default=1.1),
structs.ProtoString(
name="second",
field_number=3,
default="string",
description="A string value"),
structs.ProtoUnsignedInteger(
name="third",
field_number=4,
default=5,
description="An integer value"),)
class SqliteTestStruct(rdf_structs.RDFProtoStruct):
"""Custom struct for testing schema generation."""
type_description = type_info.TypeDescriptorSet(
rdf_structs.ProtoString(name="string_field", field_number=1),
rdf_structs.ProtoBinary(name="bytes_field", field_number=2),
rdf_structs.ProtoUnsignedInteger(name="uint_field", field_number=3),
rdf_structs.ProtoSignedInteger(name="int_field", field_number=4),
rdf_structs.ProtoFloat(name="float_field", field_number=5),
rdf_structs.ProtoDouble(name="double_field", field_number=6),
rdf_structs.ProtoEnum(name="enum_field",
field_number=7,
enum_name="EnumField",
enum={
"FIRST": 1,
"SECOND": 2
}),
rdf_structs.ProtoBoolean(name="bool_field", field_number=8),
rdf_structs.ProtoRDFValue(name="urn_field",
field_number=9,
rdf_type="RDFURN"),
rdf_structs.ProtoRDFValue(name="time_field",
field_number=10,
rdf_type="RDFDatetime"),
rdf_structs.ProtoRDFValue(name="time_field_seconds",
field_number=11,
rdf_type="RDFDatetimeSeconds"),
rdf_structs.ProtoRDFValue(name="duration_field",
field_number=12,
rdf_type="Duration"),
rdf_structs.ProtoEmbedded(name="embedded_field",
field_number=13,
nested=TestEmbeddedStruct))
def _GenerateOutputClass(self, class_name, context_dict):
"""Generates output class with a given name for a given context."""
output_class = type(utils.SmartStr(class_name),
(rdfvalue.RDFProtoStruct, ), {})
if "t" not in context_dict:
raise RuntimeError(
"Can't generate output class without Rekall table "
"definition.")
field_number = 1
output_class.AddDescriptor(
structs.ProtoEmbedded(name="metadata",
field_number=field_number,
nested=rdfvalue.ExportedMetadata))
field_number += 1
output_class.AddDescriptor(
structs.ProtoString(name="section_name",
field_number=field_number))
field_number += 1
output_class.AddDescriptor(
structs.ProtoString(name="text", field_number=field_number))
for column_header in context_dict["t"]:
field_number += 1
column_name = None
try:
column_name = column_header["cname"]
except KeyError:
pass
if not column_name:
column_name = column_header["name"]
if not column_name:
raise RuntimeError(
"Can't determine column name in table header.")
output_class.AddDescriptor(
structs.ProtoString(name=column_name,
field_number=field_number))
return output_class
class TestStruct(structs.RDFProtoStruct):
"""A test struct object."""
type_description = type_info.TypeDescriptorSet(
structs.ProtoString(
name="foobar",
field_number=1,
default="string",
description="A string value",
labels=[structs.SemanticDescriptor.Labels.HIDDEN]),
structs.ProtoUnsignedInteger(
name="int", field_number=2, default=5,
description="An integer value"),
structs.ProtoList(
structs.ProtoString(
name="repeated",
field_number=3,
description="A repeated string value")),
# We can serialize an arbitrary RDFValue. This will be serialized into a
# binary string and parsed on demand.
structs.ProtoRDFValue(
name="urn",
field_number=6,
default=rdfvalue.RDFURN("www.google.com"),
rdf_type="RDFURN",
description="An arbitrary RDFValue field."),
structs.ProtoEnum(
name="type",
field_number=7,
enum_name="Type",
enum=dict(FIRST=1, SECOND=2, THIRD=3),
default=3,
description="An enum field"),
structs.ProtoFloat(
name="float",
field_number=8,
description="A float number",
default=1.1),)
class DynamicAnyValueTypeTest(structs.RDFProtoStruct):
"""A protobuf with dynamic types stored in AnyValue messages."""
type_description = type_info.TypeDescriptorSet(
structs.ProtoString(
name="type",
field_number=1,
# By default return the TestStruct proto.
description="A string value"),
structs.ProtoDynamicAnyValueEmbedded(
name="dynamic",
# The callback here returns the type specified by the type member.
dynamic_cb=lambda x: structs.RDFProtoStruct.classes.get(x.type),
field_number=2,
description="A dynamic value based on another field."),)
class UndefinedYet(structs.RDFProtoStruct):
type_description = type_info.TypeDescriptorSet(
structs.ProtoString(name="foobar",
field_number=1,
description="A string value"), )
class TestEmbeddedStruct(rdf_structs.RDFProtoStruct):
"""Custom struct for testing schema generation."""
type_description = type_info.TypeDescriptorSet(
rdf_structs.ProtoString(name="e_string_field", field_number=1),
rdf_structs.ProtoDouble(name="e_double_field", field_number=2))