def post(self): """Handles POST request to the resource. Returns: A view in JSON (instance of flask.wrappers.Response) Raises: ApiHTTPError """ UPLOAD_ENABLED = current_app.config[u'UPLOAD_ENABLED'] UPLOAD_FOLDER = current_app.config[u'UPLOAD_FOLDER'] form = UploadFileForm() if form.validate_on_submit() and UPLOAD_ENABLED: from timesketch.lib.tasks import run_plaso file_storage = form.file.data timeline_name = form.name.data # We do not need a human readable filename or # datastore index name, so we use UUIDs here. filename = unicode(uuid.uuid4().hex) index_name = unicode(uuid.uuid4().hex) file_path = os.path.join(UPLOAD_FOLDER, filename) file_storage.save(file_path) search_index = SearchIndex.get_or_create(name=timeline_name, description=timeline_name, user=current_user, index_name=index_name) search_index.grant_permission(permission=u'read', user=current_user) search_index.grant_permission(permission=u'write', user=current_user) search_index.grant_permission(permission=u'delete', user=current_user) search_index.set_status(u'processing') db_session.add(search_index) db_session.commit() run_plaso.apply_async((file_path, timeline_name, index_name), task_id=index_name) return self.to_json(search_index, status_code=HTTP_STATUS_CODE_CREATED) else: raise ApiHTTPError(message=form.errors[u'file'][0], status_code=HTTP_STATUS_CODE_BAD_REQUEST)
def post(self, sketch_id): """Handles POST request to the resource. Returns: A sketch in JSON (instance of flask.wrappers.Response) Raises: ApiHTTPError """ sketch = Sketch.query.get_with_acl(sketch_id) searchindices_in_sketch = [t.searchindex.id for t in sketch.timelines] indices = SearchIndex.all_with_acl( current_user).order_by( desc(SearchIndex.created_at)).filter( not_(SearchIndex.id.in_(searchindices_in_sketch))) add_timeline_form = AddTimelineForm.build(request) add_timeline_form.timelines.choices = set( (i.id, i.name) for i in indices.all()) if add_timeline_form.validate_on_submit(): if not sketch.has_permission(current_user, u'write'): abort(HTTP_STATUS_CODE_FORBIDDEN) for searchindex_id in add_timeline_form.timelines.data: searchindex = SearchIndex.query.get_with_acl(searchindex_id) if searchindex not in [t.searchindex for t in sketch.timelines]: _timeline = Timeline( name=searchindex.name, description=searchindex.description, sketch=sketch, user=current_user, searchindex=searchindex) db_session.add(_timeline) sketch.timelines.append(_timeline) db_session.commit() return self.to_json(sketch, status_code=HTTP_STATUS_CODE_CREATED) else: raise ApiHTTPError( message=add_timeline_form.errors, status_code=HTTP_STATUS_CODE_BAD_REQUEST)
def post(self, sketch_id=None): """Handles POST request to the resource. Returns: A view in JSON (instance of flask.wrappers.Response) Raises: ApiHTTPError """ UPLOAD_ENABLED = current_app.config[u'UPLOAD_ENABLED'] UPLOAD_FOLDER = current_app.config[u'UPLOAD_FOLDER'] sketch = None if sketch_id: sketch = Sketch.query.get_with_acl(sketch_id) form = UploadFileForm() if form.validate_on_submit() and UPLOAD_ENABLED: from timesketch.lib.tasks import run_plaso from timesketch.lib.tasks import run_csv # Map the right task based on the file type task_directory = {u'plaso': run_plaso, u'csv': run_csv} file_storage = form.file.data timeline_name = form.name.data _, _extension = os.path.splitext(file_storage.filename) file_extension = _extension.lstrip(u'.') # Current user username = current_user.username # We do not need a human readable filename or # datastore index name, so we use UUIDs here. filename = unicode(uuid.uuid4().hex) index_name = unicode(uuid.uuid4().hex) file_path = os.path.join(UPLOAD_FOLDER, filename) file_storage.save(file_path) # Create the search index in the Timesketch database searchindex = SearchIndex.get_or_create(name=timeline_name, description=timeline_name, user=current_user, index_name=index_name) searchindex.grant_permission(permission=u'read', user=current_user) searchindex.grant_permission(permission=u'write', user=current_user) searchindex.grant_permission(permission=u'delete', user=current_user) searchindex.set_status(u'processing') db_session.add(searchindex) db_session.commit() if sketch and sketch.has_permission(current_user, u'write'): timeline = Timeline(name=searchindex.name, description=searchindex.description, sketch=sketch, user=current_user, searchindex=searchindex) db_session.add(timeline) sketch.timelines.append(timeline) db_session.commit() # Run the task in the background task = task_directory.get(file_extension) task.apply_async((file_path, timeline_name, index_name, username), task_id=index_name) return self.to_json(searchindex, status_code=HTTP_STATUS_CODE_CREATED) else: raise ApiHTTPError(message=form.errors[u'file'][0], status_code=HTTP_STATUS_CODE_BAD_REQUEST)