def home(): """Generates the home page view template. Returns: Template with context. """ form = HiddenNameDescriptionForm() sketches = Sketch.all_with_acl().filter( not_(Sketch.Status.status == u'deleted'), Sketch.Status.parent).order_by(Sketch.updated_at.desc()) # Only render upload button if it is configured. upload_enabled = current_app.config[u'UPLOAD_ENABLED'] # Handle form for creating a new sketch. if form.validate_on_submit(): sketch = Sketch(name=form.name.data, description=form.description.data, user=current_user) sketch.status.append(sketch.Status(user=None, status=u'new')) # Give the requesting user permissions on the new sketch. sketch.grant_permission(permission=u'read', user=current_user) sketch.grant_permission(permission=u'write', user=current_user) sketch.grant_permission(permission=u'delete', user=current_user) db_session.add(sketch) db_session.commit() return redirect(url_for(u'sketch_views.overview', sketch_id=sketch.id)) return render_template(u'home/home.html', sketches=sketches, form=form, upload_enabled=upload_enabled)
def _create_mock_event(event_id, quantity, time_diffs=None, source_attrs=None): """ Returns an instance of Event, based on the MockDataStore event_dict example. Args: event_id: Desired ID for the Event. quantity: The number of Events to be generated. time_diffs: A list of time differences between the generated Events. source_attrs: Dictionary of attributes to add to the source of the generated events. Returns: A generator of Event objects. """ if not time_diffs: time_diffs = [0] if quantity < 0: quantity = abs(quantity) # If the list of time differences is too small to be compatible # with the quantity of events, then extend the list with the last # value for as many items as necessary. if quantity - len(time_diffs) > 0: time_diffs.extend([time_diffs[len(time_diffs) - 1]] * (quantity - len(time_diffs))) # Setup for Event object initialisation ds = MockDataStore('test', 0) user = User('test_user') sketch = Sketch('test_sketch', 'description', user) label = sketch.Label(label='Test label', user=user) sketch.labels.append(label) event_timestamp = 1410895419859714 event_template = ds.get_event('test', 'test') for i in range(quantity): eventObj = _create_eventObj(ds, sketch, event_template, event_id, event_timestamp, source_attrs) yield eventObj # adding extra events after every requested event for better # simulation of real timeline data i.e. working with a larger # dataset for _ in range(100): event_timestamp += 1 event_id += 1 eventObj = _create_eventObj(ds, sketch, event_template, event_id, event_timestamp, source_attrs) yield eventObj event_timestamp += abs(time_diffs[i]) event_id += 1
def home(): """Generates the home page view template. Returns: Template with context. """ form = HiddenNameDescriptionForm() sketches = Sketch.all_with_acl().filter( not_(Sketch.Status.status == u'deleted'), Sketch.Status.parent).order_by(Sketch.updated_at.desc()) query_filter = request.args.get(u'filter', u'') query = request.args.get(u'q', u'') # Only render upload button if it is configured. upload_enabled = current_app.config[u'UPLOAD_ENABLED'] last_sketch = View.query.filter_by(user=current_user, name=u'').order_by( View.updated_at.desc()).first() if query_filter: if query_filter == u'user': sketches = sketches.filter(Sketch.user == current_user) elif query_filter == u'shared': sketches = sketches.filter(not_(Sketch.user == current_user)) # TODO: Figure out a better way to handle this. if query: if query.startswith(u'*'): query = u'' else: sketches = sketches.filter(Sketch.name.contains(query)).limit(100) # Handle form for creating a new sketch. if form.validate_on_submit(): sketch = Sketch(name=form.name.data, description=form.description.data, user=current_user) sketch.status.append(sketch.Status(user=None, status=u'new')) # Give the requesting user permissions on the new sketch. sketch.grant_permission(permission=u'read', user=current_user) sketch.grant_permission(permission=u'write', user=current_user) sketch.grant_permission(permission=u'delete', user=current_user) db_session.add(sketch) db_session.commit() return redirect(url_for(u'sketch_views.overview', sketch_id=sketch.id)) return render_template(u'home/home.html', sketches=sketches, form=form, query=query, upload_enabled=upload_enabled, last_sketch=last_sketch)
def post(self): """Handles POST request to the resource. Returns: A sketch in JSON (instance of flask.wrappers.Response) """ form = NameDescriptionForm.build(request) if form.validate_on_submit(): sketch = Sketch(name=form.name.data, description=form.description.data, user=current_user) sketch.status.append(sketch.Status(user=None, status=u'new')) # Give the requesting user permissions on the new sketch. sketch.grant_permission(permission=u'read', user=current_user) sketch.grant_permission(permission=u'write', user=current_user) sketch.grant_permission(permission=u'delete', user=current_user) db_session.add(sketch) db_session.commit() return self.to_json(sketch, status_code=HTTP_STATUS_CODE_CREATED) return abort(HTTP_STATUS_CODE_BAD_REQUEST)
def _create_sketch(self, name, user, acl=False): """Create a sketch in the database. Args: name: Name of the sketch (string) user: A user (instance of timesketch.models.user.User) acl: Boolean value to decide if ACL permissions should be set Returns: A sketch (instance of timesketch.models.sketch.Sketch) """ sketch = Sketch(name=name, description=name, user=user) if acl: for permission in [u'read', u'write', u'delete']: sketch.grant_permission(permission=permission, user=user) label = sketch.Label(label=u'Test label', user=user) status = sketch.Status(status=u'Test status', user=user) sketch.labels.append(label) sketch.status.append(status) self._commit_to_database(sketch) return sketch
def test_get_event_data(self): """Test getEventData returns the correct values.""" user = User("test_user") sketch = Sketch("test_sketch", "description", user) label = sketch.Label(label="Test label", user=user) sketch.labels.append(label) index = "test_index" sketch_id = 1 for analyzer_class in self.analyzer_classes: analyzer = analyzer_class["class"](index, sketch_id) datastore = analyzer.datastore event_dict = copy.deepcopy(MockDataStore.event_dict) event_dict["_source"].update({"xml_string": xml_string1}) event_obj = Event(event_dict, datastore, sketch) username = analyzer.getEventData(event_obj, "TargetUserName") logon_id = analyzer.getEventData(event_obj, "TargetLogonId") self.assertEqual(username, "USER_1") self.assertEqual(logon_id, "0x0000000000000001")
def test_get_event_data(self): """Test getEventData returns the correct values.""" user = User('test_user') sketch = Sketch('test_sketch', 'description', user) label = sketch.Label(label='Test label', user=user) sketch.labels.append(label) index = 'test_index' sketch_id = 1 for analyzer_class in self.analyzer_classes: analyzer = analyzer_class['class'](index, sketch_id) datastore = analyzer.datastore event_dict = copy.deepcopy(MockDataStore.event_dict) event_dict['_source'].update({'xml_string': xml_string1}) event_obj = Event(event_dict, datastore, sketch) username = analyzer.getEventData(event_obj, 'TargetUserName') logon_id = analyzer.getEventData(event_obj, 'TargetLogonId') self.assertEqual(username, 'USER_1') self.assertEqual(logon_id, '0x0000000000000001')
def run(self, file_path, sketch_id, username, timeline_name): """This is the run method.""" file_path = os.path.realpath(file_path) file_path_no_extension, extension = os.path.splitext(file_path) extension = extension.lstrip('.') filename = os.path.basename(file_path_no_extension) supported_extensions = ('plaso', 'csv', 'jsonl') if not os.path.isfile(file_path): sys.exit('No such file: {0:s}'.format(file_path)) if extension not in supported_extensions: sys.exit('Extension {0:s} is not supported. ' '(supported extensions are: {1:s})'.format( extension, ', '.join(supported_extensions))) user = None if not username: username = pwd.getpwuid(os.stat(file_path).st_uid).pw_name if not username == 'root': if not isinstance(username, six.text_type): username = codecs.decode(username, 'utf-8') user = User.query.filter_by(username=username).first() if not user: sys.exit('Cannot determine user for file: {0:s}'.format(file_path)) sketch = None # If filename starts with <number> then use that as sketch_id. # E.g: 42_file_name.plaso means sketch_id is 42. sketch_id_from_filename = filename.split('_')[0] if not sketch_id and sketch_id_from_filename.isdigit(): sketch_id = sketch_id_from_filename if sketch_id: try: sketch = Sketch.query.get_with_acl(sketch_id, user=user) except Forbidden: pass if not timeline_name: if timeline_name is None: timeline_name = '{0:s}_timeline'.format(filename) if not isinstance(timeline_name, six.text_type): timeline_name = codecs.decode(timeline_name, 'utf-8') timeline_name = timeline_name.replace('_', ' ') # Remove sketch ID if present in the filename. timeline_parts = timeline_name.split() if timeline_parts[0].isdigit(): timeline_name = ' '.join(timeline_name.split()[1:]) if not sketch: # Create a new sketch. sketch_name = 'Sketch for: {0:s}'.format(timeline_name) sketch = Sketch(name=sketch_name, description=sketch_name, user=user) # Need to commit here to be able to set permissions later. db_session.add(sketch) db_session.commit() sketch.grant_permission(permission='read', user=user) sketch.grant_permission(permission='write', user=user) sketch.grant_permission(permission='delete', user=user) sketch.status.append(sketch.Status(user=None, status='new')) db_session.add(sketch) db_session.commit() index_name = uuid.uuid4().hex if not isinstance(index_name, six.text_type): index_name = codecs.decode(index_name, 'utf-8') searchindex = SearchIndex.get_or_create(name=timeline_name, description=timeline_name, user=user, index_name=index_name) searchindex.grant_permission(permission='read', user=user) searchindex.grant_permission(permission='write', user=user) searchindex.grant_permission(permission='delete', user=user) searchindex.set_status('processing') db_session.add(searchindex) db_session.commit() if sketch and sketch.has_permission(user, 'write'): timeline = Timeline(name=searchindex.name, description=searchindex.description, sketch=sketch, user=user, searchindex=searchindex) timeline.set_status('processing') sketch.timelines.append(timeline) db_session.add(timeline) db_session.commit() # Start Celery pipeline for indexing and analysis. # Import here to avoid circular imports. from timesketch.lib import tasks # pylint: disable=import-outside-toplevel pipeline = tasks.build_index_pipeline(file_path=file_path, events='', timeline_name=timeline_name, index_name=index_name, file_extension=extension, sketch_id=sketch.id) pipeline.apply_async(task_id=index_name) print('Imported {0:s} to sketch: {1:d} ({2:s})'.format( file_path, sketch.id, sketch.name))
def setup_sketch(timeline_name, index_name, username, sketch_id=None): """Use existing sketch or create a new sketch. Args: timeline_name: (str) Name of the Timeline index_name: (str) Name of the index username: (str) Who should own the timeline sketch_id: (str) Optional sketch_id to add timeline to Returns: (tuple) sketch ID and timeline ID as integers """ with app.app_context(): user = User.get_or_create(username=username) sketch = None if sketch_id: try: sketch = Sketch.query.get_with_acl(sketch_id, user=user) logger.info('Using existing sketch: {} ({})'.format( sketch.name, sketch.id)) except Forbidden: pass if not (sketch or sketch_id): # Create a new sketch. sketch_name = 'Turbinia: {}'.format(timeline_name) sketch = Sketch(name=sketch_name, description=sketch_name, user=user) # Need to commit here to be able to set permissions later. db_session.add(sketch) db_session.commit() sketch.grant_permission(permission='read', user=user) sketch.grant_permission(permission='write', user=user) sketch.grant_permission(permission='delete', user=user) sketch.status.append(sketch.Status(user=None, status='new')) db_session.add(sketch) db_session.commit() logger.info('Created new sketch: {} ({})'.format( sketch.name, sketch.id)) searchindex = SearchIndex.get_or_create( name=timeline_name, description='Created by Turbinia.', user=user, index_name=index_name) searchindex.grant_permission(permission='read', user=user) searchindex.grant_permission(permission='write', user=user) searchindex.grant_permission(permission='delete', user=user) searchindex.set_status('processing') db_session.add(searchindex) db_session.commit() timeline = Timeline(name=searchindex.name, description=searchindex.description, sketch=sketch, user=user, searchindex=searchindex) # If the user doesn't have write access to the sketch then create the # timeline but don't attach it to the sketch. if not sketch.has_permission(user, 'write'): timeline.sketch = None else: sketch.timelines.append(timeline) db_session.add(timeline) db_session.commit() timeline.set_status('processing') return sketch.id, timeline.id