def collect(
self,
artifact: Text,
) -> Sequence[Union[message.Message, api_utils.UnknownProtobuf]]:
"""Collects specified artifact.
Args:
artifact: A name of the artifact to collect.
Returns:
A list of results that artifact collection yielded.
"""
args = flows_pb2.ArtifactCollectorFlowArgs()
args.artifact_list.append(artifact)
args.apply_parsers = True
try:
ac = self._client.CreateFlow(name='ArtifactCollectorFlow',
args=args)
except api_errors.AccessForbiddenError as e:
raise errors.ApprovalMissingError(self.id, e)
_timeout.await_flow(ac)
return [_.payload for _ in ac.ListResults()]
def _ProcessThread(self, client):
"""Processes a single GRR client.
This function is used as a callback for the processing thread.
Args:
client (object): a GRR client object.
"""
system_type = client.data.os_info.system
self.logger.info('System type: {0:s}'.format(system_type))
# If the list is supplied by the user via a flag, honor that.
artifact_list = []
if self.artifacts:
self.logger.info('Artifacts to be collected: {0!s}'.format(
self.artifacts))
artifact_list = self.artifacts
else:
default_artifacts = self.artifact_registry.get(system_type, None)
if default_artifacts:
self.logger.info(
'Collecting default artifacts for {0:s}: {1:s}'.format(
system_type, ', '.join(default_artifacts)))
artifact_list.extend(default_artifacts)
if self.extra_artifacts:
self.logger.info('Throwing in an extra {0!s}'.format(
self.extra_artifacts))
artifact_list.extend(self.extra_artifacts)
artifact_list = list(set(artifact_list))
if not artifact_list:
return
flow_args = flows_pb2.ArtifactCollectorFlowArgs(
artifact_list=artifact_list,
use_tsk=self.use_tsk,
ignore_interpolation_errors=True,
apply_parsers=False)
flow_id = self._LaunchFlow(client, 'ArtifactCollectorFlow', flow_args)
if not flow_id:
msg = 'Flow could not be launched on {0:s}.'.format(
client.client_id)
msg += '\nArtifactCollectorFlow args: {0!s}'.format(flow_args)
self.ModuleError(msg, critical=True)
self._AwaitFlow(client, flow_id)
collected_flow_data = self._DownloadFiles(client, flow_id)
if collected_flow_data:
self.logger.info('{0!s}: Downloaded: {1:s}'.format(
flow_id, collected_flow_data))
container = containers.File(name=client.data.os_info.fqdn.lower(),
path=collected_flow_data)
self.state.StoreContainer(container)
def Process(self):
"""Starts a new Artifact Collection GRR hunt.
Raises:
RuntimeError: if no items specified for collection.
"""
print('Artifacts to be collected: {0!s}'.format(self.artifacts))
hunt_args = grr_flows.ArtifactCollectorFlowArgs(
artifact_list=self.artifacts,
use_tsk=self.use_tsk,
ignore_interpolation_errors=True,
apply_parsers=False,)
self._create_hunt('ArtifactCollectorFlow', hunt_args)
def process(self):
"""Collect the artifacts.
Raises:
RuntimeError: if no artifacts specified nor resolved by platform.
"""
# TODO(tomchop): Thread this
for client in self._clients:
# Create a list of artifacts to collect.
system_type = client.data.os_info.system
fqdn = client.data.os_info.fqdn.lower()
client_dir = os.path.join(self.output_path)
if not os.path.isdir(client_dir):
os.makedirs(client_dir)
print('System type: {0:s}'.format(system_type))
# If the list is supplied by the user via a flag, honor that.
artifact_list = []
if self.artifacts:
print('Artifacts to be collected: {0:s}'.format(
self.artifacts))
artifact_list = self.artifacts
else:
default_artifacts = self.artifact_registry.get(
system_type, None)
print('Collecting default artifacts for {0:s}: {1:s}'.format(
system_type, default_artifacts))
artifact_list.extend(default_artifacts)
if self.extra_artifacts:
print('Throwing in an extra {0:s}'.format(
self.extra_artifacts))
artifact_list.extend(self.extra_artifacts)
artifact_list = list(set(artifact_list))
if not artifact_list:
raise RuntimeError('No artifacts to collect')
flow_args = flows_pb2.ArtifactCollectorFlowArgs(
artifact_list=artifact_list,
use_tsk=self.use_tsk,
ignore_interpolation_errors=True,
apply_parsers=False)
flow_id = self._launch_flow(client, 'ArtifactCollectorFlow',
flow_args)
self._await_flow(client, flow_id)
self.state.output.append((fqdn, client_dir))
def process(self):
"""Construct and start new Artifact Collection hunt.
Returns:
The newly created GRR hunt object.
Raises:
RuntimeError: if no items specified for collection.
"""
print('Artifacts to be collected: {0:s}'.format(self.artifacts))
hunt_args = flows_pb2.ArtifactCollectorFlowArgs(
artifact_list=self.artifacts,
use_tsk=self.use_tsk,
ignore_interpolation_errors=True,
apply_parsers=False,
)
return self._create_hunt('ArtifactCollectorFlow', hunt_args)
def _ProcessThread(self, client):
"""Processes a single GRR client.
This function is used as a callback for the processing thread.
Args:
client (object): a GRR client object.
"""
system_type = client.data.os_info.system
print('System type: {0:s}'.format(system_type))
# If the list is supplied by the user via a flag, honor that.
artifact_list = []
if self.artifacts:
print('Artifacts to be collected: {0!s}'.format(self.artifacts))
artifact_list = self.artifacts
else:
default_artifacts = self.artifact_registry.get(system_type, None)
if default_artifacts:
print('Collecting default artifacts for {0:s}: {1:s}'.format(
system_type, ', '.join(default_artifacts)))
artifact_list.extend(default_artifacts)
if self.extra_artifacts:
print('Throwing in an extra {0!s}'.format(self.extra_artifacts))
artifact_list.extend(self.extra_artifacts)
artifact_list = list(set(artifact_list))
if not artifact_list:
return
flow_args = flows_pb2.ArtifactCollectorFlowArgs(
artifact_list=artifact_list,
use_tsk=self.use_tsk,
ignore_interpolation_errors=True,
apply_parsers=False)
flow_id = self._LaunchFlow(client, 'ArtifactCollectorFlow', flow_args)
self._AwaitFlow(client, flow_id)
collected_flow_data = self._DownloadFiles(client, flow_id)
if collected_flow_data:
print('{0!s}: Downloaded: {1:s}'.format(flow_id,
collected_flow_data))
fqdn = client.data.os_info.fqdn.lower()
self.state.output.append((fqdn, collected_flow_data))
