How to use the turbinia.message.TurbiniaRequest function in turbinia

To help you get started, we’ve selected a few turbinia examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github google / turbinia / tests / pubsub.py View on Github external
def testTurbiniaRequestSerializationBadData(self):
    """Tests that TurbiniaRequest will raise error on non-json data."""
    request_new = message.TurbiniaRequest()
    self.assertRaises(TurbiniaException, request_new.from_json, 'non-json-data')
github google / turbinia / tests / pubsub.py View on Github external
def getTurbiniaRequest():
  """Get a Turbinia Request object with valid evidence attached.

  Returns:
    TurbiniaRequest object.
  """
  request = message.TurbiniaRequest(
      request_id='deadbeef', context={'kw': [1, 2]})
  rawdisk = evidence.RawDisk(
      name='My Evidence', local_path='/tmp/foo', mount_path='/mnt/foo')
  request.evidence.append(rawdisk)
  return request
github google / turbinia / tests / pubsub.py View on Github external
def testTurbiniaRequestSerialization(self):
    """Test that TurbiniaRequests serializes/unserializes."""
    request = getTurbiniaRequest()
    request_json = request.to_json()
    self.assertTrue(isinstance(request_json, str))

    # Create a new Turbinia Request object to load our results into
    request_new = message.TurbiniaRequest()
    request_new.from_json(request_json)

    self.assertTrue(isinstance(request_new, message.TurbiniaRequest))
    self.assertTrue(request_new.context['kw'][1], 2)
    self.assertTrue(request_new.request_id, 'deadbeef')
    self.assertTrue(isinstance(request_new.evidence[0], evidence.RawDisk))
    self.assertEqual(request_new.evidence[0].name, 'My Evidence')
github google / turbinia / tests / pubsub.py View on Github external
def testTurbiniaRequestSerializationBadJSON(self):
    """Tests that TurbiniaRequest will raise error on wrong JSON object."""
    rawdisk = evidence.RawDisk(name='My Evidence', local_path='/tmp/foo')
    rawdisk_json = rawdisk.to_json()
    self.assertTrue(isinstance(rawdisk_json, str))

    request_new = message.TurbiniaRequest()
    # Try to load serialization RawDisk() into a TurbiniaRequest, which should
    # error because this is not the correct type.
    self.assertRaises(TurbiniaException, request_new.from_json, rawdisk_json)
github google / turbinia / turbinia / turbiniactl.py View on Github external
'Turbinia. Consider wrapping it in a '
          'GoogleCloudDiskRawEmbedded or other Cloud compatible '
          'object'.format(evidence_.type))
      sys.exit(1)

  # If we have evidence to process and we also want to run as a server, then
  # we'll just process the evidence directly rather than send it through the
  # PubSub frontend interface.  If we're not running as a server then we will
  # create a new TurbiniaRequest and send it over PubSub.
  request = None
  if evidence_ and args.server:
    server = TurbiniaServer()
    server.add_evidence(evidence_)
    server.start()
  elif evidence_:
    request = TurbiniaRequest(
        request_id=args.request_id, requester=getpass.getuser())
    request.evidence.append(evidence_)
    if filter_patterns:
      request.recipe['filter_patterns'] = filter_patterns
    if args.jobs_blacklist:
      request.recipe['jobs_blacklist'] = args.jobs_blacklist
    if args.jobs_whitelist:
      request.recipe['jobs_whitelist'] = args.jobs_whitelist
    if args.recipe_config:
      for pair in args.recipe_config:
        try:
          key, value = pair.split('=')
        except ValueError as exception:
          log.error(
              'Could not parse key=value pair [{0:s}] from recipe config '
              '{1:s}: {2!s}'.format(pair, args.recipe_config, exception))
github log2timeline / dftimewolf / dftimewolf / lib / processors / turbinia.py View on Github external
print('Turbinia log file: {0:s}'.format(log_file_path))

    if self.state.input and not self.disk_name:
      _, disk = self.state.input[0]
      self.disk_name = disk.name
      print('Using disk {0:s} from previous collector'.format(self.disk_name))

    evidence_ = evidence.GoogleCloudDisk(
        disk_name=self.disk_name, project=self.project, zone=self.turbinia_zone)
    try:
      evidence_.validate()
    except TurbiniaException as exception:
      self.state.AddError(exception, critical=True)
      return

    request = TurbiniaRequest(requester=getpass.getuser())
    request.evidence.append(evidence_)
    if self.sketch_id:
      request.recipe['sketch_id'] = self.sketch_id
    if not self.run_all_jobs:
      request.recipe['jobs_blacklist'] = ['StringsJob']

    # Get threat intelligence data from any modules that have stored some.
    # In this case, observables is a list of containers.ThreatIntelligence
    # objects.
    threatintel = self.state.GetContainers(containers.ThreatIntelligence)
    if threatintel:
      print('Sending {0:d} threatintel to Turbinia GrepWorkers...'.format(
          len(threatintel)))
      indicators = [item.indicator for item in threatintel]
      request.recipe['filter_patterns'] = indicators
github google / turbinia / turbinia / message.py View on Github external
def _validate_message(message):
    """Validates incoming messages, returns them as a new TurbiniaRequest
    object.

    Args:
      message: The message string

    Returns:
      TurbiniaRequest|None: Returns the valid object, or None if there are
    decoding failures.
    """

    request = TurbiniaRequest()
    try:
      request.from_json(message)
    except TurbiniaException as e:
      log.error('Error decoding message: {0:s}'.format(str(e)))
      return None

    return request