def home():
"""Generates the home page view template.
Returns:
Template with context.
"""
form = HiddenNameDescriptionForm()
sketches = Sketch.all_with_acl().filter(
not_(Sketch.Status.status == u'deleted'),
Sketch.Status.parent).order_by(Sketch.updated_at.desc())
# Only render upload button if it is configured.
upload_enabled = current_app.config[u'UPLOAD_ENABLED']
# Handle form for creating a new sketch.
if form.validate_on_submit():
sketch = Sketch(name=form.name.data,
description=form.description.data,
user=current_user)
sketch.status.append(sketch.Status(user=None, status=u'new'))
# Give the requesting user permissions on the new sketch.
sketch.grant_permission(permission=u'read', user=current_user)
sketch.grant_permission(permission=u'write', user=current_user)
sketch.grant_permission(permission=u'delete', user=current_user)
db_session.add(sketch)
db_session.commit()
return redirect(url_for(u'sketch_views.overview', sketch_id=sketch.id))
return render_template(u'home/home.html',
sketches=sketches,
form=form,
upload_enabled=upload_enabled)
def _create_mock_event(event_id, quantity, time_diffs=None, source_attrs=None):
"""
Returns an instance of Event, based on the MockDataStore event_dict
example.
Args:
event_id: Desired ID for the Event.
quantity: The number of Events to be generated.
time_diffs: A list of time differences between the generated
Events.
source_attrs: Dictionary of attributes to add to the source of the
generated events.
Returns:
A generator of Event objects.
"""
if not time_diffs:
time_diffs = [0]
if quantity < 0:
quantity = abs(quantity)
# If the list of time differences is too small to be compatible
# with the quantity of events, then extend the list with the last
# value for as many items as necessary.
if quantity - len(time_diffs) > 0:
time_diffs.extend([time_diffs[len(time_diffs) - 1]] *
(quantity - len(time_diffs)))
# Setup for Event object initialisation
ds = MockDataStore('test', 0)
user = User('test_user')
sketch = Sketch('test_sketch', 'description', user)
label = sketch.Label(label='Test label', user=user)
sketch.labels.append(label)
event_timestamp = 1410895419859714
event_template = ds.get_event('test', 'test')
for i in range(quantity):
eventObj = _create_eventObj(ds, sketch, event_template, event_id,
event_timestamp, source_attrs)
yield eventObj
# adding extra events after every requested event for better
# simulation of real timeline data i.e. working with a larger
# dataset
for _ in range(100):
event_timestamp += 1
event_id += 1
eventObj = _create_eventObj(ds, sketch, event_template, event_id,
event_timestamp, source_attrs)
yield eventObj
event_timestamp += abs(time_diffs[i])
event_id += 1
def home():
"""Generates the home page view template.
Returns:
Template with context.
"""
form = HiddenNameDescriptionForm()
sketches = Sketch.all_with_acl().filter(
not_(Sketch.Status.status == u'deleted'),
Sketch.Status.parent).order_by(Sketch.updated_at.desc())
query_filter = request.args.get(u'filter', u'')
query = request.args.get(u'q', u'')
# Only render upload button if it is configured.
upload_enabled = current_app.config[u'UPLOAD_ENABLED']
last_sketch = View.query.filter_by(user=current_user, name=u'').order_by(
View.updated_at.desc()).first()
if query_filter:
if query_filter == u'user':
sketches = sketches.filter(Sketch.user == current_user)
elif query_filter == u'shared':
sketches = sketches.filter(not_(Sketch.user == current_user))
# TODO: Figure out a better way to handle this.
if query:
if query.startswith(u'*'):
query = u''
else:
sketches = sketches.filter(Sketch.name.contains(query)).limit(100)
# Handle form for creating a new sketch.
if form.validate_on_submit():
sketch = Sketch(name=form.name.data,
description=form.description.data,
user=current_user)
sketch.status.append(sketch.Status(user=None, status=u'new'))
# Give the requesting user permissions on the new sketch.
sketch.grant_permission(permission=u'read', user=current_user)
sketch.grant_permission(permission=u'write', user=current_user)
sketch.grant_permission(permission=u'delete', user=current_user)
db_session.add(sketch)
db_session.commit()
return redirect(url_for(u'sketch_views.overview', sketch_id=sketch.id))
return render_template(u'home/home.html',
sketches=sketches,
form=form,
query=query,
upload_enabled=upload_enabled,
last_sketch=last_sketch)
def post(self):
"""Handles POST request to the resource.
Returns:
A sketch in JSON (instance of flask.wrappers.Response)
"""
form = NameDescriptionForm.build(request)
if form.validate_on_submit():
sketch = Sketch(name=form.name.data,
description=form.description.data,
user=current_user)
sketch.status.append(sketch.Status(user=None, status=u'new'))
# Give the requesting user permissions on the new sketch.
sketch.grant_permission(permission=u'read', user=current_user)
sketch.grant_permission(permission=u'write', user=current_user)
sketch.grant_permission(permission=u'delete', user=current_user)
db_session.add(sketch)
db_session.commit()
return self.to_json(sketch, status_code=HTTP_STATUS_CODE_CREATED)
return abort(HTTP_STATUS_CODE_BAD_REQUEST)
def _create_sketch(self, name, user, acl=False):
"""Create a sketch in the database.
Args:
name: Name of the sketch (string)
user: A user (instance of timesketch.models.user.User)
acl: Boolean value to decide if ACL permissions should be set
Returns:
A sketch (instance of timesketch.models.sketch.Sketch)
"""
sketch = Sketch(name=name, description=name, user=user)
if acl:
for permission in [u'read', u'write', u'delete']:
sketch.grant_permission(permission=permission, user=user)
label = sketch.Label(label=u'Test label', user=user)
status = sketch.Status(status=u'Test status', user=user)
sketch.labels.append(label)
sketch.status.append(status)
self._commit_to_database(sketch)
return sketch
def test_get_event_data(self):
"""Test getEventData returns the correct values."""
user = User("test_user")
sketch = Sketch("test_sketch", "description", user)
label = sketch.Label(label="Test label", user=user)
sketch.labels.append(label)
index = "test_index"
sketch_id = 1
for analyzer_class in self.analyzer_classes:
analyzer = analyzer_class["class"](index, sketch_id)
datastore = analyzer.datastore
event_dict = copy.deepcopy(MockDataStore.event_dict)
event_dict["_source"].update({"xml_string": xml_string1})
event_obj = Event(event_dict, datastore, sketch)
username = analyzer.getEventData(event_obj, "TargetUserName")
logon_id = analyzer.getEventData(event_obj, "TargetLogonId")
self.assertEqual(username, "USER_1")
self.assertEqual(logon_id, "0x0000000000000001")
def test_get_event_data(self):
"""Test getEventData returns the correct values."""
user = User('test_user')
sketch = Sketch('test_sketch', 'description', user)
label = sketch.Label(label='Test label', user=user)
sketch.labels.append(label)
index = 'test_index'
sketch_id = 1
for analyzer_class in self.analyzer_classes:
analyzer = analyzer_class['class'](index, sketch_id)
datastore = analyzer.datastore
event_dict = copy.deepcopy(MockDataStore.event_dict)
event_dict['_source'].update({'xml_string': xml_string1})
event_obj = Event(event_dict, datastore, sketch)
username = analyzer.getEventData(event_obj, 'TargetUserName')
logon_id = analyzer.getEventData(event_obj, 'TargetLogonId')
self.assertEqual(username, 'USER_1')
self.assertEqual(logon_id, '0x0000000000000001')
def run(self, file_path, sketch_id, username, timeline_name):
"""This is the run method."""
file_path = os.path.realpath(file_path)
file_path_no_extension, extension = os.path.splitext(file_path)
extension = extension.lstrip('.')
filename = os.path.basename(file_path_no_extension)
supported_extensions = ('plaso', 'csv', 'jsonl')
if not os.path.isfile(file_path):
sys.exit('No such file: {0:s}'.format(file_path))
if extension not in supported_extensions:
sys.exit('Extension {0:s} is not supported. '
'(supported extensions are: {1:s})'.format(
extension, ', '.join(supported_extensions)))
user = None
if not username:
username = pwd.getpwuid(os.stat(file_path).st_uid).pw_name
if not username == 'root':
if not isinstance(username, six.text_type):
username = codecs.decode(username, 'utf-8')
user = User.query.filter_by(username=username).first()
if not user:
sys.exit('Cannot determine user for file: {0:s}'.format(file_path))
sketch = None
# If filename starts with <number> then use that as sketch_id.
# E.g: 42_file_name.plaso means sketch_id is 42.
sketch_id_from_filename = filename.split('_')[0]
if not sketch_id and sketch_id_from_filename.isdigit():
sketch_id = sketch_id_from_filename
if sketch_id:
try:
sketch = Sketch.query.get_with_acl(sketch_id, user=user)
except Forbidden:
pass
if not timeline_name:
if timeline_name is None:
timeline_name = '{0:s}_timeline'.format(filename)
if not isinstance(timeline_name, six.text_type):
timeline_name = codecs.decode(timeline_name, 'utf-8')
timeline_name = timeline_name.replace('_', ' ')
# Remove sketch ID if present in the filename.
timeline_parts = timeline_name.split()
if timeline_parts[0].isdigit():
timeline_name = ' '.join(timeline_name.split()[1:])
if not sketch:
# Create a new sketch.
sketch_name = 'Sketch for: {0:s}'.format(timeline_name)
sketch = Sketch(name=sketch_name,
description=sketch_name,
user=user)
# Need to commit here to be able to set permissions later.
db_session.add(sketch)
db_session.commit()
sketch.grant_permission(permission='read', user=user)
sketch.grant_permission(permission='write', user=user)
sketch.grant_permission(permission='delete', user=user)
sketch.status.append(sketch.Status(user=None, status='new'))
db_session.add(sketch)
db_session.commit()
index_name = uuid.uuid4().hex
if not isinstance(index_name, six.text_type):
index_name = codecs.decode(index_name, 'utf-8')
searchindex = SearchIndex.get_or_create(name=timeline_name,
description=timeline_name,
user=user,
index_name=index_name)
searchindex.grant_permission(permission='read', user=user)
searchindex.grant_permission(permission='write', user=user)
searchindex.grant_permission(permission='delete', user=user)
searchindex.set_status('processing')
db_session.add(searchindex)
db_session.commit()
if sketch and sketch.has_permission(user, 'write'):
timeline = Timeline(name=searchindex.name,
description=searchindex.description,
sketch=sketch,
user=user,
searchindex=searchindex)
timeline.set_status('processing')
sketch.timelines.append(timeline)
db_session.add(timeline)
db_session.commit()
# Start Celery pipeline for indexing and analysis.
# Import here to avoid circular imports.
from timesketch.lib import tasks # pylint: disable=import-outside-toplevel
pipeline = tasks.build_index_pipeline(file_path=file_path,
events='',
timeline_name=timeline_name,
index_name=index_name,
file_extension=extension,
sketch_id=sketch.id)
pipeline.apply_async(task_id=index_name)
print('Imported {0:s} to sketch: {1:d} ({2:s})'.format(
file_path, sketch.id, sketch.name))
def setup_sketch(timeline_name, index_name, username, sketch_id=None):
"""Use existing sketch or create a new sketch.
Args:
timeline_name: (str) Name of the Timeline
index_name: (str) Name of the index
username: (str) Who should own the timeline
sketch_id: (str) Optional sketch_id to add timeline to
Returns:
(tuple) sketch ID and timeline ID as integers
"""
with app.app_context():
user = User.get_or_create(username=username)
sketch = None
if sketch_id:
try:
sketch = Sketch.query.get_with_acl(sketch_id, user=user)
logger.info('Using existing sketch: {} ({})'.format(
sketch.name, sketch.id))
except Forbidden:
pass
if not (sketch or sketch_id):
# Create a new sketch.
sketch_name = 'Turbinia: {}'.format(timeline_name)
sketch = Sketch(name=sketch_name,
description=sketch_name,
user=user)
# Need to commit here to be able to set permissions later.
db_session.add(sketch)
db_session.commit()
sketch.grant_permission(permission='read', user=user)
sketch.grant_permission(permission='write', user=user)
sketch.grant_permission(permission='delete', user=user)
sketch.status.append(sketch.Status(user=None, status='new'))
db_session.add(sketch)
db_session.commit()
logger.info('Created new sketch: {} ({})'.format(
sketch.name, sketch.id))
searchindex = SearchIndex.get_or_create(
name=timeline_name,
description='Created by Turbinia.',
user=user,
index_name=index_name)
searchindex.grant_permission(permission='read', user=user)
searchindex.grant_permission(permission='write', user=user)
searchindex.grant_permission(permission='delete', user=user)
searchindex.set_status('processing')
db_session.add(searchindex)
db_session.commit()
timeline = Timeline(name=searchindex.name,
description=searchindex.description,
sketch=sketch,
user=user,
searchindex=searchindex)
# If the user doesn't have write access to the sketch then create the
# timeline but don't attach it to the sketch.
if not sketch.has_permission(user, 'write'):
timeline.sketch = None
else:
sketch.timelines.append(timeline)
db_session.add(timeline)
db_session.commit()
timeline.set_status('processing')
return sketch.id, timeline.id
