Added Windows.Registry.Hunter (Velocidex#3392)

Also added multichoice parameter types.

CreateInitialNotebook will now block until all the cells are constructed
to ensure that the cells can not overwhelm the notebook workers. When an
artifact creates a large default notebook, the browser will attempt to
render each in parallel and this will initiate a worker update.

api/proto/notebooks.proto

@@ -44,6 +44,9 @@ message NotebookCellRequest {
     repeated Env env = 9;
 
     bool include_uploads = 10;
+
+    // If this is set schedule the calculation syncronously.
+    bool sync = 15;
 }
 
 message NotebookContext {

artifacts/definitions/Server/Import/RegistryHunter.yaml

@@ -0,0 +1,17 @@
+name: Server.Import.RegistryHunter
+description: |
+  This artifact will import the latest Registry Hunter artifact.
+
+  To read more about the Registry Hunter, see
+  https://registry-hunter.velocidex.com/
+
+type: SERVER
+
+required_permissions:
+- SERVER_ADMIN
+
+sources:
+  - query: |
+      SELECT * FROM Artifact.Server.Import.ArtifactExchange(
+         ExchangeURL="https://registry-hunter.velocidex.com/Windows.Registry.Hunter.zip",
+         Prefix="")

artifacts/proto/artifact.proto

@@ -48,6 +48,7 @@ message NotebookSourceCell {
     string template = 1;
     string type = 2;
     string name = 4;
+    string output = 5;
     repeated ArtifactEnv env = 3;
 }
 

gui/velociraptor/src/components/forms/form.jsx

@@ -18,6 +18,7 @@ import ButtonGroup from 'react-bootstrap/ButtonGroup';
 import Alert from 'react-bootstrap/Alert';
 import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
 import CSVForm from './csv.jsx';
+import Select from 'react-select';
 
 import BootstrapTable from 'react-bootstrap-table-next';
 import cellEditFactory, { Type } from 'react-bootstrap-table2-editor';
@@ -410,8 +411,47 @@ export default class VeloForm extends React.Component {
                   </Col>
                 </Form.Group>
             );
+
+        case "multichoice":
+            let options = [];
+            _.each(this.props.param.choices, x=>{
+                options.push({value: x, label: x});
+            });
+
+            let defaults = [];
+            try {
+                defaults = _.map(JSON.parse(this.props.value), x=>{return {value: x, label: x};});
+            } catch(e){};
+
+            return (
+                <Form.Group as={Row}>
+                  <Form.Label column sm="3">
+                    <OverlayTrigger
+                      delay={{show: 250, hide: 400}}
+                      overlay={(props)=>renderToolTip(props, param)}>
+                      <div>
+                        {name}
+                      </div>
+                    </OverlayTrigger>
+                  </Form.Label>
+                  <Col sm="8">
+                    <Select
+                      closeMenuOnSelect={false}
+                      isMulti
+                      defaultValue={defaults}
+                      onChange={e=>{
+                          let data = _.map(e, x=>x.value);
+                          this.props.setValue(JSON.stringify(data));
+                      }}
+                      options={options}
+                    />
+                  </Col>
+                </Form.Group>
+            );
+
         case "artifactset":
-            // No artifacts means we haven't loaded yet.  If there are truly no artifacts, we've got bigger problems.
+            // No artifacts means we haven't loaded yet.  If there are
+            // truly no artifacts, we've got bigger problems.
             if (this.state.multichoices === undefined ||
                 this.state.artifact_loading) {
               return <></>;

services/backup/backup.go

@@ -272,8 +272,8 @@ func NewBackupService(
 	}
 
 	logger := logging.GetLogger(config_obj, &logging.FrontendComponent)
-	logger.Info("Starting <green>Backup Services</> for %v",
-		services.GetOrgName(config_obj))
+	logger.Info("Starting <green>Backup Services</> for %v every %v",
+		services.GetOrgName(config_obj), delay)
 
 	wg.Add(1)
 	go func() {

services/hunt_dispatcher/backup.go

@@ -29,7 +29,7 @@ func (self HuntBackupProvider) Name() []string {
 	return []string{"hunts.json"}
 }
 
-// The backup will just dump out the contents of the client info manager.
+// The backup will just dump out the contents of the hunt dispatcher.
 func (self HuntBackupProvider) BackupResults(
 	ctx context.Context, wg *sync.WaitGroup) (
 	<-chan vfilter.Row, error) {

services/notebook/calculate.go

@@ -123,8 +123,13 @@ func (self *NotebookManager) UpdateNotebookCell(
 		return notebook_cell, err
 	}
 
+	wait := 2 * time.Second
+	if in.Sync {
+		wait = time.Hour
+	}
+
 	// Only wait here for a short time to keep the browser moving.
-	fast_ctx, cancel := context.WithTimeout(ctx, 2*time.Second)
+	fast_ctx, cancel := context.WithTimeout(ctx, wait)
 	defer cancel()
 
 	select {

services/notebook/calculate_test.go

@@ -77,9 +77,9 @@ func (self *NotebookManagerTestSuite) TestNotebookManagerUpdateCell() {
 
 	assert.Equal(self.T(), len(notebook.CellMetadata), 1)
 	assert.Equal(self.T(),
-		notebook.CellMetadata[0].CurrentVersion, "03")
+		notebook.CellMetadata[0].CurrentVersion, "04")
 	assert.Equal(self.T(),
-		notebook.CellMetadata[0].AvailableVersions, []string{"03"})
+		notebook.CellMetadata[0].AvailableVersions, []string{"04"})
 
 	golden.Set("Notebook Metadata", notebook)
 
@@ -106,11 +106,11 @@ func (self *NotebookManagerTestSuite) TestNotebookManagerUpdateCell() {
 
 	// The new cell should have a higher version
 	assert.Equal(self.T(), len(notebook.CellMetadata), 1)
-	assert.Equal(self.T(), cell.CurrentVersion, "05")
+	assert.Equal(self.T(), cell.CurrentVersion, "06")
 
 	// The old version is still there and available. There should be 3
 	// versions all up.
-	assert.Equal(self.T(), cell.AvailableVersions, []string{"03", "04", "05"})
+	assert.Equal(self.T(), cell.AvailableVersions, []string{"04", "05", "06"})
 
 	golden.Set("VQL Cell", cell)
 	goldie.Assert(self.T(), "TestNotebookManagerUpdateCell",

services/notebook/fixtures/TestNotebookManagerUpdateCell.golden

@@ -10,12 +10,13 @@
    {
     "cell_id": "NC.02",
     "timestamp": 10,
-    "current_version": "03",
+    "current_version": "04",
     "available_versions": [
-     "03"
+     "04"
     ]
    }
-  ]
+  ],
+  "latest_cell_id": "NC.02"
  },
  "Markdown Cell": {
   "input": "# Heading 1\n\nHello world\n",
@@ -27,27 +28,27 @@
   ],
   "timestamp": 10,
   "type": "markdown",
-  "current_version": "04",
+  "current_version": "05",
   "available_versions": [
-   "03",
-   "04"
+   "04",
+   "05"
   ]
  },
  "VQL Cell": {
   "input": "SELECT _value AS X FROM range(end=2)",
-  "output": "\u003cdiv class=\"panel\"\u003e\u003cgrr-csv-viewer base-url=\"'v1/GetTable'\" params='%7B%22notebook_id%22%3A%22N.01%22%2C%22client_id%22%3A%22%22%2C%22cell_id%22%3A%22NC.02-05%22%2C%22table_id%22%3A1%2C%22TableOptions%22%3A%7B%7D%2C%22Version%22%3A10%7D' /\u003e\u003c/div\u003e",
+  "output": "\u003cdiv class=\"panel\"\u003e\u003cgrr-csv-viewer base-url=\"'v1/GetTable'\" params='%7B%22notebook_id%22%3A%22N.01%22%2C%22client_id%22%3A%22%22%2C%22cell_id%22%3A%22NC.02-06%22%2C%22table_id%22%3A1%2C%22TableOptions%22%3A%7B%7D%2C%22Version%22%3A10%7D' /\u003e\u003c/div\u003e",
   "data": "{}",
   "cell_id": "NC.02",
   "messages": [
    "DEBUG:Query Stats: {\"RowsScanned\":2,\"PluginsCalled\":1,\"FunctionsCalled\":0,\"ProtocolSearch\":0,\"ScopeC ..."
   ],
   "timestamp": 10,
   "type": "vql",
-  "current_version": "05",
+  "current_version": "06",
   "available_versions": [
-   "03",
    "04",
-   "05"
+   "05",
+   "06"
   ]
  }
 }