def GenerateCSRFToken(user_id, time):
"""Generates a CSRF token based on a secret key, id and time."""
precondition.AssertType(user_id, Text)
precondition.AssertOptionalType(time, int)
time = time or rdfvalue.RDFDatetime.Now().AsMicrosecondsSinceEpoch()
secret = config.CONFIG.Get("AdminUI.csrf_secret_key", None)
if secret is None:
raise ValueError("CSRF secret not available.")
digester = hmac.new(secret.encode("ascii"), digestmod=hashlib.sha256)
digester.update(user_id.encode("ascii"))
digester.update(CSRF_DELIMITER)
digester.update(str(time).encode("ascii"))
digest = digester.digest()
token = base64.urlsafe_b64encode(b"%s%s%d" %
(digest, CSRF_DELIMITER, time))
return token.rstrip(b"=")
def RetrieveIPInfo(self, ip):
precondition.AssertOptionalType(
ip, (ipaddress.IPv4Address, ipaddress.IPv6Address))
if ip is None:
return (IPInfo.UNKNOWN, "No ip information.")
ip_str = utils.SmartStr(ip)
try:
return self.cache.Get(ip_str)
except KeyError:
pass
if ip.version == 6:
res = self.RetrieveIP6Info(ip)
else:
res = self.RetrieveIP4Info(ip)
self.cache.Put(ip_str, res)
return res
def AsIPAddr(self) -> Optional[IPAddress]:
"""Returns the IP as an `IPAddress` object (if packed bytes are defined)."""
precondition.AssertOptionalType(self.packed_bytes, bytes)
if self.packed_bytes is None:
return None
try:
if self.address_type == NetworkAddress.Family.INET:
return ipaddress.IPv4Address(self.packed_bytes)
if self.address_type == NetworkAddress.Family.INET6:
return ipaddress.IPv6Address(self.packed_bytes)
except ipaddress.AddressValueError:
hex_packed_bytes = text.Hexify(self.packed_bytes)
logging.error("AddressValueError for %s (%s)", hex_packed_bytes,
self.address_type)
raise
message = "IP address has invalid type: {}".format(self.address_type)
raise ValueError(message)
def GenerateCSRFToken(user_id, time):
"""Generates a CSRF token based on a secret key, id and time."""
precondition.AssertType(user_id, unicode)
precondition.AssertOptionalType(time, int)
time = time or rdfvalue.RDFDatetime.Now().AsMicrosecondsSinceEpoch()
secret = config.CONFIG.Get("AdminUI.csrf_secret_key", None)
# TODO(amoser): Django is deprecated. Remove this at some point.
if not secret:
secret = config.CONFIG["AdminUI.django_secret_key"]
digester = hmac.new(secret.encode("ascii"), digestmod=hashlib.sha256)
digester.update(user_id.encode("ascii"))
digester.update(CSRF_DELIMITER)
digester.update(unicode(time).encode("ascii"))
digest = digester.digest()
token = base64.urlsafe_b64encode(b"%s%s%d" %
(digest, CSRF_DELIMITER, time))
return token.rstrip(b"=")
def TempFilePath(
suffix: Text = "",
prefix: Text = "tmp",
dir: Text = None) -> Text: # pylint: disable=redefined-builtin
"""Creates a temporary file based on the environment configuration.
If no directory is specified the file will be placed in folder as specified by
the `TEST_TMPDIR` environment variable if available or fallback to
`FLAGS.test_tmpdir` if provided or just use Python's default.
If directory is specified it must be part of the default test temporary
directory.
Args:
suffix: A suffix to end the file name with.
prefix: A prefix to begin the file name with.
dir: A directory to place the file in.
Returns:
An absolute path to the created file.
Raises:
ValueError: If the specified directory is not part of the default test
temporary directory.
"""
precondition.AssertType(suffix, Text)
precondition.AssertType(prefix, Text)
precondition.AssertOptionalType(dir, Text)
root = _TestTempRootPath()
if not dir:
dir = root
elif root and not os.path.commonprefix([dir, root]):
raise ValueError("path '%s' must start with '%s'" % (dir, root))
# `mkstemp` returns an open descriptor for the file. We don't care about it as
# we are only concerned with the path, but we need to close it first or else
# the file will remain open until the garbage collectors steps in.
desc, path = tempfile.mkstemp(suffix=suffix, prefix=prefix, dir=dir)
os.close(desc)
return path
def MakeStatResponse(self, tsk_file, tsk_attribute=None, append_name=None):
"""Given a TSK info object make a StatEntry.
Note that tsk uses two things to uniquely identify a data stream - the inode
object given in tsk_file and the attribute object which may correspond to an
ADS of this file for filesystems which support ADS. We store both of these
in the stat response.
Args:
tsk_file: A TSK File object for the specified inode.
tsk_attribute: A TSK Attribute object for the ADS. If None we use the main
stream.
append_name: If specified we append this name to the last element of the
pathspec.
Returns:
A StatEntry which can be used to re-open this exact VFS node.
"""
precondition.AssertOptionalType(append_name, Text)
info = tsk_file.info
response = rdf_client_fs.StatEntry()
meta = info.meta
if meta:
response.st_ino = meta.addr
for attribute in [
"mode",
"nlink",
"uid",
"gid",
"size",
"atime",
"mtime",
"ctime",
]:
try:
value = int(getattr(meta, attribute))
if value < 0:
value &= 0xFFFFFFFF
setattr(response, "st_%s" % attribute, value)
except AttributeError:
pass
if hasattr(meta, "crtime"):
value = meta.crtime
if value < 0:
value &= 0xFFFFFFFF
response.st_btime = value
name = info.name
child_pathspec = self.pathspec.Copy()
if append_name is not None:
# Append the name to the most inner pathspec
child_pathspec.last.path = utils.JoinPath(child_pathspec.last.path,
append_name)
child_pathspec.last.inode = meta.addr
if tsk_attribute is not None:
child_pathspec.last.ntfs_type = int(tsk_attribute.info.type)
child_pathspec.last.ntfs_id = int(tsk_attribute.info.id)
child_pathspec.last.stream_name = tsk_attribute.info.name
# Update the size with the attribute size.
response.st_size = tsk_attribute.info.size
default = rdf_paths.PathSpec.tsk_fs_attr_type.TSK_FS_ATTR_TYPE_DEFAULT
last = child_pathspec.last
if last.ntfs_type != default or last.ntfs_id:
# This is an ads and should be treated as a file.
# Clear all file type bits.
response.st_mode &= ~self.stat_type_mask
response.st_mode |= stat.S_IFREG
else:
child_pathspec.last.ntfs_type = None
child_pathspec.last.ntfs_id = None
child_pathspec.last.stream_name = None
if name:
# Encode the type onto the st_mode response
response.st_mode |= self.FILE_TYPE_LOOKUP.get(int(name.type), 0)
if meta:
# What if the types are different? What to do here?
response.st_mode |= self.META_TYPE_LOOKUP.get(int(meta.type), 0)
# Write the pathspec on the response.
response.pathspec = child_pathspec
return response
def testBytesIncorrect(self):
with self.assertRaises(TypeError):
precondition.AssertOptionalType("quux", bytes)
def testBytesCorrect(self):
del self # Unused.
precondition.AssertOptionalType(b"quux", bytes)
precondition.AssertOptionalType(None, bytes)
def testStringIncorrect(self):
with self.assertRaises(TypeError):
precondition.AssertOptionalType(b"foo", str)
def testStringCorrect(self):
del self # Unused.
precondition.AssertOptionalType("foo", str)
precondition.AssertOptionalType(None, str)
def testIntIncorrect(self):
with self.assertRaises(TypeError):
precondition.AssertOptionalType(13.37, int)
def testIntCorrect(self):
del self # Unused.
precondition.AssertOptionalType(1337, int)
precondition.AssertOptionalType(None, int)
