def ReadFlowResults(self,
client_id,
flow_id,
offset,
count,
with_tag=None,
with_type=None,
with_substring=None):
"""Reads flow results of a given flow using given query options."""
results = sorted([
x.Copy() for x in self.flow_results.get((client_id, flow_id), [])
],
key=lambda r: r.timestamp)
# This is done in order to pass the tests that try to deserialize
# value of an unrecognized type.
for r in results:
if utils.GetName(
r.payload.__class__) not in rdfvalue.RDFValue.classes:
r.payload = rdf_objects.SerializedValueOfUnrecognizedType(
type_name=utils.GetName(r.payload.__class__),
value=r.payload.SerializeToString())
if with_tag is not None:
results = [i for i in results if i.tag == with_tag]
if with_type is not None:
results = [
i for i in results
if utils.GetName(i.payload.__class__) == with_type
]
if with_substring is not None:
encoded_substring = with_substring.encode("utf8")
results = [
i for i in results
if encoded_substring in i.payload.SerializeToString()
]
return results[offset:offset + count]
def ReadHuntResults(self,
hunt_id,
offset,
count,
with_tag=None,
with_type=None,
with_substring=None,
with_timestamp=None,
cursor=None):
"""Reads hunt results of a given hunt using given query options."""
hunt_id_int = db_utils.HuntIDToInt(hunt_id)
query = ("SELECT client_id, flow_id, hunt_id, payload, type, "
"UNIX_TIMESTAMP(timestamp), tag "
"FROM flow_results "
"FORCE INDEX(flow_results_hunt_id_flow_id_timestamp) "
"WHERE hunt_id = %s ")
args = [hunt_id_int]
if with_tag:
query += "AND tag = %s "
args.append(with_tag)
if with_type:
query += "AND type = %s "
args.append(with_type)
if with_substring:
query += "AND payload LIKE %s "
args.append("%" + db_utils.EscapeWildcards(with_substring) + "%")
if with_timestamp:
query += "AND timestamp = FROM_UNIXTIME(%s) "
args.append(mysql_utils.RDFDatetimeToTimestamp(with_timestamp))
query += "ORDER BY timestamp ASC LIMIT %s OFFSET %s"
args.append(count)
args.append(offset)
cursor.execute(query, args)
ret = []
for (
client_id_int,
flow_id_int,
hunt_id_int,
serialized_payload,
payload_type,
timestamp,
tag,
) in cursor.fetchall():
if payload_type in rdfvalue.RDFValue.classes:
payload = rdfvalue.RDFValue.classes[
payload_type].FromSerializedBytes(serialized_payload)
else:
payload = rdf_objects.SerializedValueOfUnrecognizedType(
type_name=payload_type, value=serialized_payload)
result = rdf_flow_objects.FlowResult(
client_id=db_utils.IntToClientID(client_id_int),
flow_id=db_utils.IntToFlowID(flow_id_int),
hunt_id=hunt_id,
payload=payload,
timestamp=mysql_utils.TimestampToRDFDatetime(timestamp))
if tag is not None:
result.tag = tag
ret.append(result)
return ret
