forked from Velocidex/velociraptor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcsv.go
107 lines (87 loc) · 2.39 KB
/
csv.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package main
import (
"log"
"os"
"github.com/Velocidex/ordereddict"
logging "www.velocidex.com/golang/velociraptor/logging"
"www.velocidex.com/golang/velociraptor/reporting"
"www.velocidex.com/golang/velociraptor/services"
"www.velocidex.com/golang/velociraptor/startup"
vql_subsystem "www.velocidex.com/golang/velociraptor/vql"
"www.velocidex.com/golang/velociraptor/vql/acl_managers"
"www.velocidex.com/golang/vfilter"
)
var (
csv_cmd = app.Command("csv", "Convert a CSV file to another format")
csv_cmd_filter = csv_cmd.Flag("where", "A WHERE condition for the query").String()
csv_format = csv_cmd.Flag("format", "Output format").
Default("jsonl").Enum("text", "json", "jsonl")
csv_cmd_files = csv_cmd.Arg("files", "CSV files to parse").Required().Strings()
)
func doCSV() error {
logging.DisableLogging()
config_obj, err := makeDefaultConfigLoader().
WithNullLoader().LoadAndValidate()
if err != nil {
return err
}
ctx, cancel := install_sig_handler()
defer cancel()
config_obj.Services = services.GenericToolServices()
sm, err := startup.StartToolServices(ctx, config_obj)
defer sm.Close()
if err != nil {
return err
}
logger := &LogWriter{config_obj: config_obj}
builder := services.ScopeBuilder{
Config: config_obj,
ACLManager: acl_managers.NullACLManager{},
Logger: log.New(logger, "", 0),
Env: ordereddict.NewDict().
Set(vql_subsystem.ACL_MANAGER_VAR,
acl_managers.NewRoleACLManager(config_obj, "administrator")).
Set("Files", *csv_cmd_files),
}
manager, err := services.GetRepositoryManager(config_obj)
if err != nil {
return err
}
scope := manager.BuildScope(builder)
defer scope.Close()
query := "SELECT * FROM parse_csv(filename=Files)"
if *csv_cmd_filter != "" {
query += " WHERE " + *csv_cmd_filter
}
vql, err := vfilter.Parse(query)
if err != nil {
return err
}
switch *csv_format {
case "text":
table := reporting.EvalQueryToTable(ctx, scope, vql, os.Stdout)
table.Render()
case "jsonl":
err = outputJSONL(ctx, scope, vql, os.Stdout)
if err != nil {
return err
}
case "json":
err = outputJSON(ctx, scope, vql, os.Stdout)
if err != nil {
return err
}
}
return logger.Error
}
func init() {
command_handlers = append(command_handlers, func(command string) bool {
switch command {
case csv_cmd.FullCommand():
FatalIfError(csv_cmd, doCSV)
default:
return false
}
return true
})
}