How to use the turbinia.lib.text_formatter.bullet function in turbinia

To help you get started, we’ve selected a few turbinia examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github google / turbinia / turbinia / workers / analysis / wordpress.py View on Github external
report = []
    findings_summary = set()

    for log_line in config.split('\n'):

      if self.install_step_regex.search(log_line):
        line = '{0:s}: Wordpress installation successful'.format(
            self._get_timestamp(log_line))
        report.append(fmt.bullet(line))
        findings_summary.add('install')

      match = self.theme_editor_regex.search(log_line)
      if match:
        line = '{0:s}: Wordpress theme editor edited file ({1:s})'.format(
            self._get_timestamp(log_line), match.group('edited_file'))
        report.append(fmt.bullet(line))
        findings_summary.add('theme_edit')

    if report:
      findings_summary = ', '.join(sorted(list(findings_summary)))
      summary = 'Wordpress access logs found ({0:s})'.format(findings_summary)

      report.insert(0, fmt.heading4(fmt.bold(summary)))
      report_text = '\n'.join(report)
      return (report_text, Priority.HIGH, summary)

    report_text = 'No Wordpress install or theme editing found in access logs'
    return (fmt.heading4(report_text), Priority.LOW, report_text)
github google / turbinia / turbinia / client.py View on Github external
task (dict): The task to format data for
      show_files (bool): Whether we want to print out log file paths

    Returns:
      list: Formatted task data
    """
    report = []
    saved_paths = task.get('saved_paths') or []
    status = task.get('status') or 'No task status'

    report.append(fmt.heading2(task.get('name')))
    line = '{0:s} {1:s}'.format(fmt.bold('Status:'), status)
    report.append(fmt.bullet(line))
    report.append(fmt.bullet('Task Id: {0:s}'.format(task.get('id'))))
    report.append(
        fmt.bullet('Executed on worker {0:s}'.format(task.get('worker_name'))))
    if task.get('report_data'):
      report.append('')
      report.append(fmt.heading3('Task Reported Data'))
      report.extend(task.get('report_data').splitlines())
    if show_files:
      report.append('')
      report.append(fmt.heading3('Saved Task Files:'))
      for path in saved_paths:
        report.append(fmt.bullet(fmt.code(path)))
      report.append('')
    return report
github google / turbinia / turbinia / workers / sshd.py View on Github external
permit_root_login_re = re.compile(
        r'^\s*PermitRootLogin\s*(yes|prohibit-password|without-password)',
        re.IGNORECASE | re.MULTILINE)
    password_authentication_re = re.compile(
        r'^\s*PasswordAuthentication[\s"]*No', re.IGNORECASE | re.MULTILINE)
    permit_empty_passwords_re = re.compile(
        r'^\s*PermitEmptyPasswords[\s"]*Yes', re.IGNORECASE | re.MULTILINE)

    if re.search(permit_root_login_re, config):
      findings.append(fmt.bullet('Root login enabled.'))

    if not re.search(password_authentication_re, config):
      findings.append(fmt.bullet('Password authentication enabled.'))

    if re.search(permit_empty_passwords_re, config):
      findings.append(fmt.bullet('Empty passwords permitted.'))

    if findings:
      summary = 'Insecure SSH configuration found.'
      findings.insert(0, fmt.heading4(fmt.bold(summary)))
      report = '\n'.join(findings)
      return (report, Priority.HIGH, summary)

    report = 'No issues found in SSH configuration'
    return (report, Priority.LOW, report)
github google / turbinia / turbinia / client.py View on Github external
report.append(fmt.heading2(task.get('name')))
    line = '{0:s} {1:s}'.format(fmt.bold('Status:'), status)
    report.append(fmt.bullet(line))
    report.append(fmt.bullet('Task Id: {0:s}'.format(task.get('id'))))
    report.append(
        fmt.bullet('Executed on worker {0:s}'.format(task.get('worker_name'))))
    if task.get('report_data'):
      report.append('')
      report.append(fmt.heading3('Task Reported Data'))
      report.extend(task.get('report_data').splitlines())
    if show_files:
      report.append('')
      report.append(fmt.heading3('Saved Task Files:'))
      for path in saved_paths:
        report.append(fmt.bullet(fmt.code(path)))
      report.append('')
    return report
github google / turbinia / turbinia / workers / hadoop.py View on Github external
summary = msg
      priority = Priority.CRITICAL
    else:
      msg = 'Did not find any suspicious commands.'
      report.append(fmt.heading4(msg))
      summary = msg

    for filepath, command in evil_commands:
      report.append(fmt.bullet(fmt.bold('Command:')))
      report.append(fmt.code(command))
      report.append('Found in file:')
      report.append(fmt.code(filepath))

    msg = 'Extracted {0:d} strings from {1:d} file(s)'.format(
        strings_count, len(collected_artifacts))
    report.append(fmt.bullet(msg))

    return (report, priority, summary)
github google / turbinia / turbinia / workers / sshd.py View on Github external
report_text(str): The report data
        report_priority(int): The priority of the report (0 - 100)
        summary(str): A summary of the report (used for task status)
      )
    """
    findings = []
    permit_root_login_re = re.compile(
        r'^\s*PermitRootLogin\s*(yes|prohibit-password|without-password)',
        re.IGNORECASE | re.MULTILINE)
    password_authentication_re = re.compile(
        r'^\s*PasswordAuthentication[\s"]*No', re.IGNORECASE | re.MULTILINE)
    permit_empty_passwords_re = re.compile(
        r'^\s*PermitEmptyPasswords[\s"]*Yes', re.IGNORECASE | re.MULTILINE)

    if re.search(permit_root_login_re, config):
      findings.append(fmt.bullet('Root login enabled.'))

    if not re.search(password_authentication_re, config):
      findings.append(fmt.bullet('Password authentication enabled.'))

    if re.search(permit_empty_passwords_re, config):
      findings.append(fmt.bullet('Empty passwords permitted.'))

    if findings:
      summary = 'Insecure SSH configuration found.'
      findings.insert(0, fmt.heading4(fmt.bold(summary)))
      report = '\n'.join(findings)
      return (report, Priority.HIGH, summary)

    report = 'No issues found in SSH configuration'
    return (report, Priority.LOW, report)
github google / turbinia / turbinia / workers / bulk_extractor.py View on Github external
try:
      # Retrieve summary related results.
      findings.append(fmt.heading4('Bulk Extractor Results'))
      findings.append(fmt.heading5('Run Summary'))
      findings.append(
          fmt.bullet(
              'Program: {0} - {1}'.format(
                  self.check_xml_attrib('creator/program'),
                  self.check_xml_attrib('creator/version'))))
      findings.append(
          fmt.bullet(
              'Command Line: {0}'.format(
                  self.check_xml_attrib(
                      'creator/execution_environment/command_line'))))
      findings.append(
          fmt.bullet(
              'Start Time: {0}'.format(
                  self.check_xml_attrib(
                      'creator/execution_environment/start_time'))))
      findings.append(
          fmt.bullet(
              'Elapsed Time: {0}'.format(
                  self.check_xml_attrib('report/elapsed_seconds'))))

      # Retrieve results from each of the scanner runs
      feature_files = self.xml.find('feature_files')
      if feature_files is not None:
        feature_iter = feature_files.iter()
        findings.append(fmt.heading5('Scanner Results'))
        for f in feature_iter:
          if f.tag == 'feature_file':
            name = next(feature_iter)
github google / turbinia / turbinia / client.py View on Github external
"""Formats a single task in detail.

    Args:
      task (dict): The task to format data for
      show_files (bool): Whether we want to print out log file paths

    Returns:
      list: Formatted task data
    """
    report = []
    saved_paths = task.get('saved_paths') or []
    status = task.get('status') or 'No task status'

    report.append(fmt.heading2(task.get('name')))
    line = '{0:s} {1:s}'.format(fmt.bold('Status:'), status)
    report.append(fmt.bullet(line))
    report.append(fmt.bullet('Task Id: {0:s}'.format(task.get('id'))))
    report.append(
        fmt.bullet('Executed on worker {0:s}'.format(task.get('worker_name'))))
    if task.get('report_data'):
      report.append('')
      report.append(fmt.heading3('Task Reported Data'))
      report.extend(task.get('report_data').splitlines())
    if show_files:
      report.append('')
      report.append(fmt.heading3('Saved Task Files:'))
      for path in saved_paths:
        report.append(fmt.bullet(fmt.code(path)))
      report.append('')
    return report