Merge branch 'develop'

sumeshi · Nov 26, 2023 · 98abc6f · 98abc6f
2 parents 3d4f26f + d035ac7
commit 98abc6f
Show file tree

Hide file tree

Showing 22 changed files with 801 additions and 549 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,8 +1,11 @@
-FROM python:3.9.15-bullseye
+FROM python:3.11.6-bullseye
 
 RUN apt -y update && apt upgrade -qqy && apt -y install \
     curl \
     gcc \
-    git
+    git \
+    fish \
+    && apt clean
 
+RUN chsh -s /usr/bin/fish
 RUN pip install -U pip && pip install poetry
diff --git a/.devcontainer/README.md b/.devcontainer/README.md
@@ -0,0 +1,16 @@
+# Elasticsearch manipulation commands
+
+## Check if indices exist
+```bash
+$ curl -X GET "http://elasticsearch:9200/_cat/indices?pretty"
+```
+
+## Test evtx to Elasticsearch import
+```bash
+$ evtx2es FooBar.evtx --host=elasticsearch --port=9200 --index=foobar
+```
+
+## Delete an unnecessary index
+```bash
+$ curl -XDELETE "http://elasticsearch:9200/foobar?pretty"
+```
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -1,20 +1,26 @@
 {
     "name": "dev",
-    "dockerFile": "Dockerfile",
-    "postCreateCommand": "/bin/sh ./.devcontainer/postCreateCommands.sh",
-    "extensions": [
-		"ms-azuretools.vscode-docker",
-		"ms-python.python",
-		"ms-python.vscode-pylance"
-	],
-    "settings": {
-        "python.linting.flake8Enabled": true,
-        "python.formatting.provider": "black",
-        "[python]": {
-            "editor.formatOnSave": true,
-            "editor.codeActionsOnSave": {
-                "source.organizeImports": true
+    "dockerComposeFile": "docker-compose.yaml",
+	"service": "dev",
+	"workspaceFolder": "/workspace/",
+    "postCreateCommand": "/usr/bin/fish ./.devcontainer/postCreateCommands.fish",
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "ms-azuretools.vscode-docker",
+                "ms-python.python",
+                "ms-python.vscode-pylance"
+            ],
+            "settings": {
+                "python.linting.flake8Enabled": true,
+                "python.formatting.provider": "black",
+                "[python]": {
+                    "editor.formatOnSave": true,
+                    "editor.codeActionsOnSave": {
+                        "source.organizeImports": true
+                    }
+                }
             }
-        },
+        }
     }
 }
diff --git a/.devcontainer/docker-compose.yaml b/.devcontainer/docker-compose.yaml
@@ -0,0 +1,32 @@
+version: '3.8'
+
+services:
+  dev:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    volumes:
+      - ..:/workspace:cached
+    network_mode: service:elasticsearch
+    tty: true
+
+  elasticsearch:
+    image: elasticsearch:8.11.1
+    container_name: evtx2es-elasticsearch
+    ports:
+        - "9200:9200"
+    environment:
+      - discovery.type=single-node
+      - xpack.security.enabled=false
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+
+  # kibana:
+  #   image: kibana:8.11.1
+  #   container_name: evtx2es-kibana
+  #   ports:
+  #       - 5601:5601
+  #   environment:
+  #     - elasticsearch.host="http://localhost:9200"
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
diff --git a/.devcontainer/postCreateCommands.fish b/.devcontainer/postCreateCommands.fish
@@ -0,0 +1,3 @@
+#!/usr/bin/fish
+poetry config virtualenvs.in-project true
+poetry install
diff --git a/.devcontainer/postCreateCommands.sh b/.devcontainer/postCreateCommands.sh
diff --git a/.github/workflows/publish-binary-pypi.yaml b/.github/workflows/publish-binary-pypi.yaml
@@ -0,0 +1,25 @@
+name: publish-binary-pypi
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v1
+      with:
+        python-version: '3.11'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install poetry
+    - name: Build and publish
+      run: |
+        poetry config pypi-token.pypi ${{secrets.PYPI_TOKEN}}
+        poetry publish --build
+      
diff --git a/.github/workflows/publish-release.yaml b/.github/workflows/publish-release.yaml
@@ -0,0 +1,142 @@
+name: publish-release
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build-windows:
+    runs-on: windows-latest
+    outputs:
+      version: ${{ steps.create_tag.outputs.version }}
+    strategy:
+      matrix:
+        python-version: ['3.11']
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: install python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: replace version
+        run: |
+          from pathlib import Path
+          version = [l for l in Path('pyproject.toml').read_text().splitlines() if 'version' in l][0].split(' ')[-1].strip('\"')
+          f = Path('src/evtx2es/views/BaseView.py')
+          text = f.read_text().replace("get_version('evtx2es')", f"\'{version}\'")
+          f.write_text(text)
+        shell: python
+
+      - name: Install dependencies
+        run: |
+          pip install poetry
+          poetry config virtualenvs.in-project true
+          poetry install
+
+      - name: run python
+        run: |
+          poetry run evtx2es -h
+          poetry run evtx2es -v
+          poetry run evtx2json -h
+          poetry run evtx2json -v
+      
+      - name: build
+        run: |
+          pip install nuitka
+          poetry run python -m nuitka --standalone --onefile --follow-imports -o evtx2es.exe --output-dir=dist --assume-yes-for-downloads src/evtx2es/views/Evtx2esView.py
+          poetry run python -m nuitka --standalone --onefile --follow-imports -o evtx2json.exe --output-dir=dist --assume-yes-for-downloads src/evtx2es/views/Evtx2jsonView.py
+      
+      - name: verify
+        run: |
+          dist/evtx2es.exe -h
+          dist/evtx2es.exe -v
+          dist/evtx2json.exe -h
+          dist/evtx2json.exe -v
+      
+      - name: create tag
+        id: create_tag
+        if: startsWith(github.ref, 'refs/heads/master')
+        run: |
+          version=$(cat pyproject.toml | grep version | head -1 | awk -F '"' '{print $2}')
+          git tag "v$version"
+          git push origin "v$version"
+          echo "version=v$version" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        shell: bash
+
+      - name: create release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ steps.create_tag.outputs.version }}
+          files: |
+            dist/evtx2es.exe
+            dist/evtx2json.exe
+          name: Release ${{ steps.create_tag.outputs.version }}
+          body: 'This release was automatically created by GitHub Actions.'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  build-linux:
+    needs: build-windows
+    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        python-version: ['3.11']
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: install python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: replace version
+        run: |
+          from pathlib import Path
+          version = [l for l in Path('pyproject.toml').read_text().splitlines() if 'version' in l][0].split(' ')[-1].strip('\"')
+          f = Path('src/evtx2es/views/BaseView.py')
+          text = f.read_text().replace("get_version('evtx2es')", f"\'{version}\'")
+          f.write_text(text)
+        shell: python
+
+      - name: Install dependencies
+        run: |
+          sudo apt install patchelf
+          pip install poetry
+          poetry install
+
+      - name: run python
+        run: |
+          poetry run evtx2es -h
+          poetry run evtx2es -v
+          poetry run evtx2json -h
+          poetry run evtx2json -v
+
+      - name: build
+        run: |
+          pip install nuitka
+          poetry run python -m nuitka --standalone --onefile --follow-imports -o evtx2es --output-dir=dist --assume-yes-for-downloads src/evtx2es/views/Evtx2esView.py
+          poetry run python -m nuitka --standalone --onefile --follow-imports -o evtx2json --output-dir=dist --assume-yes-for-downloads src/evtx2es/views/Evtx2jsonView.py
+      
+      - name: verify
+        run: |
+          dist/evtx2es -h
+          dist/evtx2es -v
+          dist/evtx2json -h
+          dist/evtx2json -v
+
+      - name: upload asset to release
+        uses: softprops/action-gh-release@v1
+        with:
+          tag_name: ${{ needs.build-windows.outputs.version }}
+          files: |
+            dist/evtx2es
+            dist/evtx2json
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml → .github/workflows/test.yaml b/.github/workflows/test.yml → .github/workflows/test.yaml
@@ -1,21 +1,18 @@
-name: tests
+name: pytest
 
 on:
   push:
     branches:
       - develop
-
-  pull_request:
-    branches:
-      - develop
+      - 'feature/**'
 
 jobs:
   pytest:
     name: Run tests
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: [3.9]
+        python-version: [3.11]
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -33,9 +30,6 @@ jobs:
 
       - name: Install Dependencies
         run: poetry install --no-interaction
-
-      - name: Get Sample File
-        run: wget --quiet https://github.com/JPCERTCC/LogonTracer/raw/master/sample/Security.evtx
 
       - name: Run Tests
-        run: poetry run pytest
+        run: poetry run pytest
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md