def BuildTable(self, start, end, request):
"""Draw table cells."""
row_count = 0
query_string = request.REQ.get("q", "")
if not query_string:
raise RuntimeError("A query string must be provided.")
result_urns = search.SearchClients(query_string,
start=start,
max_results=end - start,
token=request.token)
result_set = aff4.FACTORY.MultiOpen(result_urns, token=request.token)
self.message = "Searched for %s" % query_string
for child in result_set:
# Add the fd to all the columns
self.AddRowFromFd(row_count + start, child)
# Also update the online status.
ping = child.Get(child.Schema.PING) or 0
self.columns[0].AddElement(row_count + start, long(ping))
row_count += 1
# We only show 50 hits here.
return False
def BuildTable(self, start, end, request):
"""Draw table cells."""
row_count = 0
query_string = request.REQ.get("q", "")
if not query_string:
self.message = "A query string must be provided."
return False
try:
result_urns = search.SearchClients(query_string,
start=start,
max_results=end - start,
token=request.token)
result_set = aff4.FACTORY.MultiOpen(result_urns,
token=request.token)
self.message = "Searched for %s" % query_string
for child in result_set:
# Add the fd to all the columns
self.AddRowFromFd(row_count + start, child)
# Also update the checkbox and online/crash status.
for column in (self.columns[0], self.columns[1],
self.columns[9]):
column.AddElement(row_count + start, child)
row_count += 1
except Exception as e: # pylint: disable=broad-except
self.message = str(e)
# We only show 50 hits here.
return False
def testDeleteLabels(self):
"""Test the ability to search for clients via label."""
client_ids = self.SetupClients(2)
client1 = aff4.FACTORY.Open(client_ids[0], token=self.token, mode="rw")
client1.Set(client1.Schema.FQDN("lmao1.example.com"))
client1.AddLabels(["label1", "label2", "label3"])
client1.Flush()
results = list(search.SearchClients("label:label2", token=self.token))
self.assertEqual(len(results), 1)
client1.RemoveLabels(["label2"])
client1.Close(sync=True)
results = list(search.SearchClients("label:label2", token=self.token))
self.assertEqual(len(results), 0)
results = list(search.SearchClients("label:label1", token=self.token))
self.assertEqual(len(results), 1)
def SearchClients(query_str, token=None, limit=1000):
"""Search indexes for clients. Returns list (client, hostname, os version)."""
client_schema = aff4.AFF4Object.classes["VFSGRRClient"].SchemaCls
results = []
result_urns = search.SearchClients(query_str, max_results=limit, token=token)
result_set = aff4.FACTORY.MultiOpen(result_urns, token=token)
for result in result_set:
results.append((result,
str(result.Get(client_schema.HOSTNAME)),
str(result.Get(client_schema.OS_VERSION)),
str(result.Get(client_schema.PING))))
return results
def BuildTable(self, start, end, request):
"""Draw table cells."""
row_count = 0
query_string = request.REQ.get("q", "")
if not query_string:
self.message = "A query string must be provided."
return False
logging.info("Processing Client Query [%s]" % query_string)
try:
# If the string begins with the token k, we treat the remaining tokens as
# a keyword search. This is to allow people to try the keyword
# functionality.
#
# TODO(user): Migrate fully to keyword index when it is sufficiently
# tuned and tested.
if query_string[:2] == "k ":
keywords = shlex.split(query_string)[1:]
index = aff4.FACTORY.Create(client_index.MAIN_INDEX,
aff4_type="ClientIndex",
mode="rw",
token=request.token)
result_urns = sorted(index.LookupClients(keywords),
key=str)[start:end]
else:
result_urns = search.SearchClients(query_string,
start=start,
max_results=end - start,
token=request.token)
result_set = aff4.FACTORY.MultiOpen(result_urns,
token=request.token)
self.message = "Searched for %s" % query_string
for child in result_set:
# Add the fd to all the columns
self.AddRowFromFd(row_count + start, child)
# Also update the checkbox and online/crash status.
for column in (self.columns[0], self.columns[1],
self.columns[9]):
column.AddElement(row_count + start, child)
row_count += 1
except Exception as e: # pylint: disable=broad-except
self.message = str(e)
# We only show 50 hits here.
return False
def testSearchLabels(self):
"""Test the ability to search for clients via label."""
client_ids = self.SetupClients(2)
client1 = aff4.FACTORY.Open(client_ids[0], token=self.token, mode="rw")
client2 = aff4.FACTORY.Open(client_ids[1], token=self.token, mode="rw")
client1.Set(client1.Schema.FQDN("lmao1.example.com"))
client2.Set(client2.Schema.FQDN("lmao2.example.com"))
client1.AddLabels(["label1", "label2", "label3"])
client2.AddLabels(["label1"])
client1.Flush()
client2.Flush()
# Check we can search labels with or without index.
results = list(search.SearchClients("label1", token=self.token))
self.assertEqual(len(results), 2)
results.sort()
self.assertEqual(str(results[0]), str(client1.urn))
results = list(search.SearchClients("label2", token=self.token))
self.assertEqual(str(results[0]), str(client1.urn))
self.assertEqual(len(results), 1)
results = list(search.SearchClients("label", token=self.token))
self.assertEqual(len(results), 0)
def testSearch(self):
"""Test the ability to search for clients."""
client_ids = self.SetupClients(10)
client1 = aff4.FACTORY.Open(client_ids[0], token=self.token, mode="rw")
client2 = aff4.FACTORY.Open(client_ids[1], token=self.token, mode="rw")
client1.Set(client1.Schema.FQDN("lmao.example.com"))
client2.Set(client2.Schema.FQDN("lmao.example.com"))
macs = client1.Get(client1.Schema.MAC_ADDRESS)
client1.AddLabels(["label1", "label2", "label3"])
client1.Flush()
client2.Flush()
# Search for something indexed on two clients.
results = list(
search.SearchClients("lmao.example.com", token=self.token))
results.sort()
self.assertEqual(results[0], client1.urn)
self.assertEqual(len(results), 2)
# Search for something indexed on many clients.
results = list(
search.SearchClients("example.com",
token=self.token,
max_results=4))
self.assertEqual(len(results), 4)
results = list(
search.SearchClients("example.com",
token=self.token,
max_results=1))
self.assertEqual(len(results), 1)
# Check we can search mac addresses with or without index.
mac_addr = str(macs).split()[0]
results = list(
search.SearchClients("mac:%s" % mac_addr, token=self.token))
self.assertEqual(results[0], client1.urn)
self.assertEqual(len(results), 1)
results = list(search.SearchClients("%s" % mac_addr, token=self.token))
self.assertEqual(results[0], client1.urn)
self.assertEqual(len(results), 1)
# Check we handle mac addresses in : format.
mac_addr = ":".join(mac_addr[i:i + 2]
for i in range(0, len(mac_addr), 2))
results = list(search.SearchClients(mac_addr.upper(),
token=self.token))
self.assertEqual(len(results), 1)
# Check we handle mac addresses in : format with prefix.
results = list(
search.SearchClients("mac:%s" % mac_addr, token=self.token))
self.assertEqual(len(results), 1)
def _CheckLabelIndex(self):
"""Check that label indexes are updated."""
self.assertEqual(
list(search.SearchClients("label:Label2", token=self.token)),
[self.client_id])
