def Handle(self, args, token=None): hunt_urn = args.hunt_id.ToURN() hunt = aff4.FACTORY.Open( hunt_urn, aff4_type=implementation.GRRHunt, token=token) hunt_api_object = ApiHunt().InitFromAff4Object(hunt) description = ( "Files downloaded by hunt %s (%s, '%s') created by user %s " "on %s" % (hunt_api_object.name, hunt_api_object.urn.Basename(), hunt_api_object.description, hunt_api_object.creator, hunt_api_object.created)) collection = implementation.GRRHunt.ResultCollectionForHID(hunt_urn) target_file_prefix = "hunt_" + hunt.urn.Basename().replace(":", "_") if args.archive_format == args.ArchiveFormat.ZIP: archive_format = api_call_handler_utils.CollectionArchiveGenerator.ZIP file_extension = ".zip" elif args.archive_format == args.ArchiveFormat.TAR_GZ: archive_format = api_call_handler_utils.CollectionArchiveGenerator.TAR_GZ file_extension = ".tar.gz" else: raise ValueError("Unknown archive format: %s" % args.archive_format) generator = api_call_handler_utils.CollectionArchiveGenerator( prefix=target_file_prefix, description=description, archive_format=archive_format) content_generator = self._WrapContentGenerator( generator, collection, args, token=token) return api_call_handler_base.ApiBinaryStream( target_file_prefix + file_extension, content_generator=content_generator)
def FakeDownloadHandle(unused_self, args, token=None): _ = token # Avoid unused variable linter warnings. aff4_path = args.client_id.ToClientURN().Add(args.file_path) age = args.timestamp or aff4.NEWEST_TIME downloaded_files.append((aff4_path, age)) return api_call_handler_base.ApiBinaryStream( filename=aff4_path.Basename(), content_generator=xrange(42))
def Handle(self, args, token=None): if not args.hunt_id: raise ValueError("hunt_id can't be None") if not args.client_id: raise ValueError("client_id can't be None") if not args.vfs_path: raise ValueError("vfs_path can't be None") if not args.timestamp: raise ValueError("timestamp can't be None") api_vfs.ValidateVfsPath(args.vfs_path) results = implementation.GRRHunt.ResultCollectionForHID( args.hunt_id.ToURN()) expected_aff4_path = args.client_id.ToClientURN().Add(args.vfs_path) # TODO(user): should after_timestamp be strictly less than the desired # timestamp. timestamp = rdfvalue.RDFDatetime(int(args.timestamp) - 1) # If the entry corresponding to a given path is not found within # MAX_RECORDS_TO_CHECK from a given timestamp, we report a 404. for _, item in results.Scan( after_timestamp=timestamp.AsMicrosecondsSinceEpoch(), max_records=self.MAX_RECORDS_TO_CHECK): try: # Do not pass the client id we got from the caller. This will # get filled automatically from the hunt results and we check # later that the aff4_path we get is the same as the one that # was requested. aff4_path = export.CollectionItemToAff4Path(item, client_id=None) except export.ItemNotExportableError: continue if aff4_path != expected_aff4_path: continue try: aff4_stream = aff4.FACTORY.Open( aff4_path, aff4_type=aff4.AFF4Stream, token=token) if not aff4_stream.GetContentAge(): break return api_call_handler_base.ApiBinaryStream( "%s_%s" % (args.client_id, utils.SmartStr(aff4_path.Basename())), content_generator=self._GenerateFile(aff4_stream), content_length=len(aff4_stream)) except aff4.InstantiationError: break raise HuntFileNotFoundError( "File %s with timestamp %s and client %s " "wasn't found among the results of hunt %s" % (utils.SmartStr(args.vfs_path), utils.SmartStr(args.timestamp), utils.SmartStr(args.client_id), utils.SmartStr(args.hunt_id)))
def Handle(self, args, token=None): ValidateVfsPath(args.file_path) folder_urn = args.client_id.ToClientURN().Add(args.file_path) items = ApiGetVfsTimelineHandler.GetTimelineItems(folder_urn, token=token) return api_call_handler_base.ApiBinaryStream( "%s_%s_timeline" % (args.client_id, utils.SmartStr(folder_urn.Basename())), content_generator=self._GenerateExport(items))
def Handle(self, args, token=None): root_urn = _GetSignedBlobsRoots()[args.type] binary_urn = root_urn.Add(args.path) file_obj = aff4.FACTORY.Open( binary_urn, aff4_type=aff4.AFF4Stream, token=token) return api_call_handler_base.ApiBinaryStream( filename=file_obj.urn.Basename(), content_generator=self._GenerateStreamContent(file_obj), content_length=file_obj.size)
def Handle(self, args, token=None): iop_cls = instant_output_plugin.InstantOutputPlugin plugin_cls = iop_cls.GetPluginClassByPluginName(args.plugin_name) flow_urn = args.flow_id.ResolveClientFlowURN(args.client_id, token=token) output_collection = flow.GRRFlow.TypedResultCollectionForFID(flow_urn) plugin = plugin_cls(source_urn=flow_urn, token=token) content_generator = instant_output_plugin.ApplyPluginToMultiTypeCollection( plugin, output_collection, source_urn=args.client_id.ToClientURN()) return api_call_handler_base.ApiBinaryStream( plugin.output_file_name, content_generator=content_generator)
def Handle(self, args, token=None): flow_urn = args.flow_id.ResolveClientFlowURN(args.client_id, token=token) flow_obj = aff4.FACTORY.Open(flow_urn, aff4_type=flow.GRRFlow, mode="r", token=token) flow_api_object = ApiFlow().InitFromAff4Object(flow_obj, flow_id=args.flow_id) description = ( "Files downloaded by flow %s (%s) that ran on client %s by " "user %s on %s" % (flow_api_object.name, args.flow_id, args.client_id, flow_api_object.creator, flow_api_object.started_at)) target_file_prefix = "%s_flow_%s_%s" % ( args.client_id, flow_obj.runner_args.flow_name, flow_urn.Basename().replace(":", "_")) collection = flow.GRRFlow.ResultCollectionForFID(flow_urn) if args.archive_format == args.ArchiveFormat.ZIP: archive_format = api_call_handler_utils.CollectionArchiveGenerator.ZIP file_extension = ".zip" elif args.archive_format == args.ArchiveFormat.TAR_GZ: archive_format = api_call_handler_utils.CollectionArchiveGenerator.TAR_GZ file_extension = ".tar.gz" else: raise ValueError("Unknown archive format: %s" % args.archive_format) generator = api_call_handler_utils.CollectionArchiveGenerator( prefix=target_file_prefix, description=description, archive_format=archive_format, predicate=self._BuildPredicate(args.client_id, token=token), client_id=args.client_id.ToClientURN()) content_generator = self._WrapContentGenerator(generator, collection, args, token=token) return api_call_handler_base.ApiBinaryStream( target_file_prefix + file_extension, content_generator=content_generator)
def Handle(self, args, token=None): iop_cls = instant_output_plugin.InstantOutputPlugin plugin_cls = iop_cls.GetPluginClassByPluginName(args.plugin_name) hunt_urn = args.hunt_id.ToURN() try: aff4.FACTORY.Open( hunt_urn, aff4_type=implementation.GRRHunt, mode="rw", token=token) except aff4.InstantiationError: raise HuntNotFoundError( "Hunt with id %s could not be found" % args.hunt_id) output_collection = implementation.GRRHunt.TypedResultCollectionForHID( hunt_urn) plugin = plugin_cls(source_urn=hunt_urn, token=token) return api_call_handler_base.ApiBinaryStream( plugin.output_file_name, content_generator=instant_output_plugin. ApplyPluginToMultiTypeCollection(plugin, output_collection))
def Handle(self, args, token=None): ValidateVfsPath(args.file_path) if args.timestamp: age = args.timestamp else: age = aff4.NEWEST_TIME try: file_obj = aff4.FACTORY.Open(args.client_id.ToClientURN().Add( args.file_path), aff4_type=aff4.AFF4Stream, mode="r", age=age, token=token) file_content_missing = not file_obj.GetContentAge() except aff4.InstantiationError: file_content_missing = True if file_content_missing: raise FileContentNotFoundError( "File %s with timestamp %s wasn't found on client %s" % (utils.SmartStr(args.file_path), utils.SmartStr( args.timestamp), utils.SmartStr(args.client_id))) total_size = self.GetTotalSize(file_obj) if not args.length: args.length = total_size - args.offset else: # Make sure args.length is in the allowed range. args.length = min(abs(args.length), total_size - args.offset) generator = self._GenerateFile(file_obj, args.offset, args.length) return api_call_handler_base.ApiBinaryStream( filename=file_obj.urn.Basename(), content_generator=generator, content_length=args.length)
def Handle(self, args, token=None): client_urn = args.client_id.ToClientURN() path = args.file_path if not path: start_urns = [client_urn.Add(p) for p in ROOT_FILES_WHITELIST] prefix = "vfs_" + re.sub("[^0-9a-zA-Z]", "_", utils.SmartStr(args.client_id)) else: ValidateVfsPath(args.file_path) start_urns = [client_urn.Add(args.file_path)] prefix = "vfs_" + re.sub("[^0-9a-zA-Z]", "_", start_urns[0].Path()).strip("_") if args.timestamp: age = args.timestamp else: age = aff4.NEWEST_TIME content_generator = self._GenerateContent( start_urns, prefix, age=age, token=token) return api_call_handler_base.ApiBinaryStream( prefix + ".zip", content_generator=content_generator)
def Handle(self, unused_args, token=None): return api_call_handler_base.ApiBinaryStream( "test.ext", content_generator=self._Generate(), content_length=1337)