From 710fda907d726068f38a5a0715cbe6c081ef0c8f Mon Sep 17 00:00:00 2001 From: Mike Cohen Date: Mon, 5 Jan 2026 01:52:04 +1000 Subject: [PATCH 1/7] Added Server.Utils.ArtifactVerifier to verify artifacts This is similar to the `velociraptor artifacts verify` command but outputs in a more structured way. --- api/api.go | 2 +- api/artifacts.go | 2 +- .../Server/Utils/ArtifactVerifier.yaml | 67 +++++++++++ artifacts/testdata/files/artifacts/good.yaml | 3 + .../testdata/files/artifacts/invalid1.yaml | 2 + .../testdata/files/artifacts/invalid2.yaml | 3 + .../testdata/files/artifacts/invalid3.yaml | 3 + .../testdata/server/testcases/verify.in.yaml | 40 ++++++- .../testdata/server/testcases/verify.out.yaml | 113 +++++++++++++++++- bin/artifacts.go | 4 +- bin/verify.go | 3 +- go.mod | 14 ++- go.sum | 28 +++-- services/launcher/flows_reader.go | 4 +- services/launcher/index.go | 5 + services/launcher/verifier.go | 4 +- vql/linux/ebpf/dns.go | 4 + 17 files changed, 269 insertions(+), 32 deletions(-) create mode 100644 artifacts/definitions/Server/Utils/ArtifactVerifier.yaml create mode 100644 artifacts/testdata/files/artifacts/good.yaml create mode 100644 artifacts/testdata/files/artifacts/invalid1.yaml create mode 100644 artifacts/testdata/files/artifacts/invalid2.yaml create mode 100644 artifacts/testdata/files/artifacts/invalid3.yaml diff --git a/api/api.go b/api/api.go index 4bca4d21506..fc663ba5c1e 100644 --- a/api/api.go +++ b/api/api.go @@ -799,7 +799,7 @@ func (self *ApiServer) SetArtifactFile( } for _, e := range state.Errors { - res.Errors = append(res.Errors, e.Error()) + res.Errors = append(res.Errors, e) } return res, nil diff --git a/api/artifacts.go b/api/artifacts.go index 8e88a88306c..1f81e9d5e19 100644 --- a/api/artifacts.go +++ b/api/artifacts.go @@ -201,7 +201,7 @@ func checkArtifact( if err != nil { return &launcher.AnalysisState{ - Errors: []error{err}, + Errors: []string{err.Error()}, }, nil } diff --git a/artifacts/definitions/Server/Utils/ArtifactVerifier.yaml b/artifacts/definitions/Server/Utils/ArtifactVerifier.yaml new file mode 100644 index 00000000000..e9ed45b73ce --- /dev/null +++ b/artifacts/definitions/Server/Utils/ArtifactVerifier.yaml @@ -0,0 +1,67 @@ +name: Server.Utils.ArtifactVerifier +description: | + Verify a set of artifacts and returns results in a structured way. + + You can run this on the command line like: + ``` + velociraptor -r Server.Utils.ArtifactVerifier --SearchGlob '/path/to/*.yaml' + ``` + +type: SERVER + +parameters: +- name: SearchGlob + default: /tmp/*.yaml + description: A glob to capture all artifacts to verify + +- name: ErrorIsFatal + type: bool + default: N + description: If set, an error is produced if any artifact is failed. + +sources: +- query: | + -- Convert the array to a string + LET _Stringify(X) = SELECT str(str=_value) AS value + FROM foreach(row=X) + LET Stringify(X) = _Stringify(X=X).value + + LET MaybeLogError(Verify, Path) = if(condition=ErrorIsFatal, + then=Verify.Errors AND log(level="ERROR", dedup= -1, message="%v failed!", args=Path), + else=NOT Verify.Errors) + + -- Extract the name of the artifact from the raw data - needed if + -- the yaml can not be parsed at all then we need to fallback to a + -- regex. + LET GetName(Artifact) = parse_string_with_regex( + regex='''^name:\s*(.+)''', string=Artifact).g1 + + LET Files = SELECT OSPath, + read_file(filename=OSPath, length=10000) AS Data + FROM glob(globs=SearchGlob) + + LET Results <= SELECT name, + path, + MaybeLogError(Verify=Verify, Path=path) AS passed, + Stringify(X=Verify.Errors) AS errors, + Stringify(X=Verify.Warnings) AS warnings + FROM foreach(row=Files, + query={ + SELECT OSPath AS path, + GetName(Artifact=Data) AS name, + verify(artifact=Data) AS Verify + FROM scope() + }) + + -- Add some metadata to the output and present in the same row. + SELECT timestamp(epoch=now()) AS timestamp, + config.version as metadata, + dict( + total=len(list=Results), + passed=len(list=filter(list=Results, condition="x=>x.passed")), + failed=len(list=filter(list=Results, condition="x=>NOT x.passed")), + warnings=len(list=filter(list=Results, condition="x=>x.warnings")) + ) AS summary, + { SELECT name FROM Results } as artifacts, + Results as results + FROM scope() diff --git a/artifacts/testdata/files/artifacts/good.yaml b/artifacts/testdata/files/artifacts/good.yaml new file mode 100644 index 00000000000..06ae83fa856 --- /dev/null +++ b/artifacts/testdata/files/artifacts/good.yaml @@ -0,0 +1,3 @@ +name: Good +sources: +- query: SELECT * FROM info() diff --git a/artifacts/testdata/files/artifacts/invalid1.yaml b/artifacts/testdata/files/artifacts/invalid1.yaml new file mode 100644 index 00000000000..1e2b5780ca2 --- /dev/null +++ b/artifacts/testdata/files/artifacts/invalid1.yaml @@ -0,0 +1,2 @@ +name: BrokenYaml +someweirdfield: 1 diff --git a/artifacts/testdata/files/artifacts/invalid2.yaml b/artifacts/testdata/files/artifacts/invalid2.yaml new file mode 100644 index 00000000000..43fcdef857b --- /dev/null +++ b/artifacts/testdata/files/artifacts/invalid2.yaml @@ -0,0 +1,3 @@ +name: BrokenQuery +sources: +- query: SELECT * FROM nosuchplugin() diff --git a/artifacts/testdata/files/artifacts/invalid3.yaml b/artifacts/testdata/files/artifacts/invalid3.yaml new file mode 100644 index 00000000000..f9ee570f23f --- /dev/null +++ b/artifacts/testdata/files/artifacts/invalid3.yaml @@ -0,0 +1,3 @@ +name: WarnningExecve +sources: +- query: SELECT * FROM execve(argv=["ls"]) diff --git a/artifacts/testdata/server/testcases/verify.in.yaml b/artifacts/testdata/server/testcases/verify.in.yaml index 9f2a188a2c7..f799a907b99 100644 --- a/artifacts/testdata/server/testcases/verify.in.yaml +++ b/artifacts/testdata/server/testcases/verify.in.yaml @@ -1,5 +1,37 @@ +Parameters: + Broken1: | + name: BrokenYaml + someweirdfield: 1 + + Broken2: | + name: BrokenQuery + sources: + - query: SELECT * FROM nosuchplugin() + + Broken3: | + name: BrokenSubArtifact + sources: + - query: SELECT * FROM Artifact.No.Such.Artifact() + + Warn1: | + name: WarnningExecve + sources: + - query: SELECT * FROM execve(argv=["ls"]) + + Queries: - - SELECT count() AS Count , - verify(artifact=name) AS V - FROM artifact_definitions() - WHERE type=~'client' AND built_in AND V.Warnings + # Basic verification of some artifacts. + - SELECT verify(artifact=Broken1) AS Broken1, + verify(artifact=Broken2) AS Broken2, + verify(artifact=Broken3) AS Broken3, + verify(artifact=Warn1) AS Warn1 + FROM scope() + + # Check the Server.Utils.ArtifactVerifier works on some bad + # artifacts. Filter out the absolute path to make test reproducible + - SELECT *, { + SELECT *, basename(path=path) as path + FROM results + } AS results + FROM Artifact.Server.Utils.ArtifactVerifier( + SearchGlob=srcDir+"/artifacts/testdata/files/artifacts/*") diff --git a/artifacts/testdata/server/testcases/verify.out.yaml b/artifacts/testdata/server/testcases/verify.out.yaml index 64c4b93f1aa..b8421bd35c7 100644 --- a/artifacts/testdata/server/testcases/verify.out.yaml +++ b/artifacts/testdata/server/testcases/verify.out.yaml @@ -1,3 +1,112 @@ -Query: SELECT count() AS Count , verify(artifact=name) AS V FROM artifact_definitions() WHERE type=~'client' AND built_in AND V.Warnings -Output: [] +# Basic verification of some artifacts. +Query: SELECT verify(artifact=Broken1) AS Broken1, verify(artifact=Broken2) AS Broken2, verify(artifact=Broken3) AS Broken3, verify(artifact=Warn1) AS Warn1 FROM scope() +Output: [ + { + "Broken1": { + "Artifact": "name: BrokenYaml\nsomeweirdfield: 1\n", + "Permissions": null, + "Errors": [ + "yaml: unmarshal errors:\n line 2: field someweirdfield not found in type proto.Artifact" + ], + "Warnings": null, + "Definitions": {} + }, + "Broken2": { + "Artifact": "name: BrokenQuery\nsources:\n- query: SELECT * FROM nosuchplugin()\n", + "Permissions": null, + "Errors": [ + "BrokenQuery: query: Unknown plugin nosuchplugin()" + ], + "Warnings": null, + "Definitions": {} + }, + "Broken3": { + "Artifact": "name: BrokenSubArtifact\nsources:\n- query: SELECT * FROM Artifact.No.Such.Artifact()\n", + "Permissions": null, + "Errors": [ + "BrokenSubArtifact: query: Unknown artifact reference No.Such.Artifact" + ], + "Warnings": null, + "Definitions": {} + }, + "Warn1": { + "Artifact": "name: WarnningExecve\nsources:\n- query: SELECT * FROM execve(argv=[\"ls\"])\n", + "Permissions": [ + "EXECVE" + ], + "Errors": null, + "Warnings": [ + "\u003cyellow\u003eSuggestion\u003c/\u003e: Add EXECVE to artifact's required_permissions or implied_permissions fields" + ], + "Definitions": {} + } + } +] + +# Check the Server.Utils.ArtifactVerifier works on some bad +# artifacts. Filter out the absolute path to make test reproducible +Query: SELECT *, { SELECT *, basename(path=path) as path FROM results } AS results FROM Artifact.Server.Utils.ArtifactVerifier( SearchGlob=srcDir+"/artifacts/testdata/files/artifacts/*") +Output: [ + { + "timestamp": "2026-01-04T15:33:43Z", + "metadata": { + "name": "velociraptor", + "version": "0.75.6", + "commit": "b4403b36a", + "build_time": "2026-01-05T01:24:01+10:00", + "compiler": "go1.25.3", + "system": "linux", + "architecture": "amd64" + }, + "summary": { + "total": 4, + "passed": 2, + "failed": 2, + "warnings": 1 + }, + "artifacts": [ + "Good", + "BrokenYaml", + "BrokenQuery", + "WarnningExecve" + ], + "_Source": "Server.Utils.ArtifactVerifier", + "results": [ + { + "name": "Good", + "passed": true, + "errors": [], + "warnings": [], + "path": "good.yaml" + }, + { + "name": "BrokenYaml", + "passed": false, + "errors": [ + "yaml: unmarshal errors:\n line 2: field someweirdfield not found in type proto.Artifact" + ], + "warnings": [], + "path": "invalid1.yaml" + }, + { + "name": "BrokenQuery", + "passed": false, + "errors": [ + "BrokenQuery: query: Unknown plugin nosuchplugin()" + ], + "warnings": [], + "path": "invalid2.yaml" + }, + { + "name": "WarnningExecve", + "passed": true, + "errors": [], + "warnings": [ + "\u003cyellow\u003eSuggestion\u003c/\u003e: Add EXECVE to artifact's required_permissions or implied_permissions fields" + ], + "path": "invalid3.yaml" + } + ] + } +] diff --git a/bin/artifacts.go b/bin/artifacts.go index 16742cfc69c..495e64f2319 100644 --- a/bin/artifacts.go +++ b/bin/artifacts.go @@ -229,7 +229,7 @@ func doArtifactCollect() error { scope := manager.BuildScope(services.ScopeBuilder{ Config: config_obj, ACLManager: acl_managers.NullACLManager{}, - Logger: log.New(&LogWriter{config_obj: config_obj}, "", 0), + Logger: log.New(logger, "", 0), Env: ordereddict.NewDict(). Set("Artifacts", *artifact_command_collect_names). Set("Output", *artifact_command_collect_output). @@ -526,7 +526,7 @@ func maybeAddDefinitionsDirectory(config_obj *config_proto.Config) error { // Windows) we also support some simpler types here func parseArtifactType(param_type string, param string) string { switch param_type { - case "multichoice": + case "multichoice", "json_array": var res []string err := json.Unmarshal([]byte(param), &res) if err != nil { diff --git a/bin/verify.go b/bin/verify.go index cb9dc424b55..b424cdb4121 100644 --- a/bin/verify.go +++ b/bin/verify.go @@ -4,6 +4,7 @@ import ( "fmt" "os" + errors "github.com/go-errors/errors" artifacts_proto "www.velocidex.com/golang/velociraptor/artifacts/proto" "www.velocidex.com/golang/velociraptor/constants" logging "www.velocidex.com/golang/velociraptor/logging" @@ -97,7 +98,7 @@ func doVerify() error { } for _, err := range state.Errors { logger.Error("%v: %v", artifact_path, err) - ret = err + ret = errors.New(err) } for _, msg := range state.Warnings { logger.Info("%v: %v", artifact_path, msg) diff --git a/go.mod b/go.mod index a51b2ccffc0..6a45c41888e 100644 --- a/go.mod +++ b/go.mod @@ -64,13 +64,13 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 github.com/sebdah/goldie/v2 v2.8.0 github.com/sergi/go-diff v1.4.0 - github.com/sirupsen/logrus v1.8.3 + github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.11.1 github.com/xor-gate/ar v0.0.0-20170530204233-5c72ae81e2b7 // indirect github.com/xor-gate/debpkg v1.0.0 go.starlark.net v0.0.0-20230925163745-10651d5192ab golang.org/x/crypto v0.46.0 - golang.org/x/mod v0.30.0 + golang.org/x/mod v0.31.0 golang.org/x/net v0.48.0 golang.org/x/sys v0.39.0 golang.org/x/text v0.32.0 @@ -111,7 +111,7 @@ require ( github.com/Velocidex/grok v0.0.1 github.com/Velocidex/ordereddict v0.0.0-20250821063524-02dc06e46238 github.com/Velocidex/sigma-go v0.0.0-20241113062227-c1c5ea4b5250 - github.com/Velocidex/tracee_velociraptor v0.0.0-20251231004915-03828c8ab890 + github.com/Velocidex/tracee_velociraptor v0.0.0-20260102153735-470363a4efa4 github.com/Velocidex/yara-x-go v0.0.0-20251010010632-d8eaad9c539c github.com/VirusTotal/gyp v0.9.1-0.20231202132633-bb35dbf177a6 github.com/alecthomas/kingpin/v2 v2.4.0 @@ -183,6 +183,7 @@ require ( github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect github.com/andybalholm/cascadia v1.3.2 // indirect + github.com/aquasecurity/tracee/api v0.0.0-20251229080346-032e875eaa90 // indirect github.com/atotto/clipboard v0.1.4 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 // indirect @@ -211,7 +212,7 @@ require ( github.com/charmbracelet/x/ansi v0.5.2 // indirect github.com/charmbracelet/x/exp/strings v0.0.0-20241209212528-0eec74ecaa6f // indirect github.com/charmbracelet/x/term v0.2.1 // indirect - github.com/cilium/ebpf v0.20.0 // indirect + github.com/cilium/ebpf v0.20.1-0.20251215101449-df5c3096bd8c // indirect github.com/clipperhouse/stringish v0.1.1 // indirect github.com/clipperhouse/uax29/v2 v2.3.0 // indirect github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 // indirect @@ -231,7 +232,7 @@ require ( github.com/go-jose/go-jose/v4 v4.1.3 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/goccy/go-yaml v1.18.0 // indirect + github.com/goccy/go-yaml v1.19.1 // indirect github.com/godzie44/go-uring v0.0.0-20220926161041-69611e8b13d5 // indirect github.com/golang/gddo v0.0.0-20210115222349-20d68f94ee1f // indirect github.com/golang/glog v1.2.5 // indirect @@ -305,7 +306,8 @@ require ( go.opentelemetry.io/otel/trace v1.39.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect + golang.org/x/arch v0.23.0 // indirect + golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 // indirect golang.org/x/sync v0.19.0 // indirect golang.org/x/term v0.38.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect diff --git a/go.sum b/go.sum index ac9667188c0..a3422c284bc 100644 --- a/go.sum +++ b/go.sum @@ -124,8 +124,8 @@ github.com/Velocidex/sflags v0.3.1-0.20241126160332-cc1a5b66b8f1 h1:fLJ2AjY0dtDZ github.com/Velocidex/sflags v0.3.1-0.20241126160332-cc1a5b66b8f1/go.mod h1:UpFVihkMZWl2JRkVRiZYie0e2l7Ry+vjlCHCs6XVKGU= github.com/Velocidex/sigma-go v0.0.0-20241113062227-c1c5ea4b5250 h1:GhiTVVoHNhb0mzUDgieUwjfJeEaUHCHIVvV/mHzLQOI= github.com/Velocidex/sigma-go v0.0.0-20241113062227-c1c5ea4b5250/go.mod h1:ukLFs2t1+ud7MC4oN+zImhtTRP/eQHaDL3TwLs58uUA= -github.com/Velocidex/tracee_velociraptor v0.0.0-20251231004915-03828c8ab890 h1:dnjK9G2vwFnD7YnfrUzsIjH+hePNeOqv7R8CtaOUXVA= -github.com/Velocidex/tracee_velociraptor v0.0.0-20251231004915-03828c8ab890/go.mod h1:vs7ytTzZ8msanXo4AcCmCkvvdTdpt57C9vbN1325vPE= +github.com/Velocidex/tracee_velociraptor v0.0.0-20260102153735-470363a4efa4 h1:k7izTGQzBedw0wzOwVvSVNoYUd+y9usbbVIBz2C7Eto= +github.com/Velocidex/tracee_velociraptor v0.0.0-20260102153735-470363a4efa4/go.mod h1:nOb8af1ftRw8owHabTPNZ0R2X2WnPt6BftzQDRzVlxs= github.com/Velocidex/ttlcache/v2 v2.9.1-0.20240517145123-a3f45e86e130 h1:+QujZ0D7KSy3WJVchkOhMkvAUab6/CIisO5LCoN48q4= github.com/Velocidex/ttlcache/v2 v2.9.1-0.20240517145123-a3f45e86e130/go.mod h1:3/pI9BBAF7gydBWvMVtV7W1qRwshEG9lBwed/d8xfFg= github.com/Velocidex/yaml/v2 v2.2.8 h1:GUrSy4SBJ6RjGt43k6MeBKtw2z/27gh4A3hfFmFY3No= @@ -172,6 +172,8 @@ github.com/andybalholm/cascadia v1.2.0/go.mod h1:YCyR8vOZT9aZ1CHEd8ap0gMVm2aFgxB github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA= github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss= github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= +github.com/aquasecurity/tracee/api v0.0.0-20251229080346-032e875eaa90 h1:7c1+tK01z+wbie3Y6K49oRaRPjGVIK9zFFQh5VIPgqo= +github.com/aquasecurity/tracee/api v0.0.0-20251229080346-032e875eaa90/go.mod h1:51UhfaqeC9MU/kMMQYHnHvz4jEu9J7E3GC0UfSO6xxw= github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de h1:FxWPpzIjnTlhPwqqXc4/vE0f7GvRjuAsbW+HOIe8KnA= github.com/araddon/dateparse v0.0.0-20210429162001-6b43995a97de/go.mod h1:DCaWoUhZrYW9p1lxo/cm8EmUOOzAPSEZNGF2DK1dJgw= github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= @@ -251,8 +253,8 @@ github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNE github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/cilium/ebpf v0.20.0 h1:atwWj9d3NffHyPZzVlx3hmw1on5CLe9eljR8VuHTwhM= -github.com/cilium/ebpf v0.20.0/go.mod h1:pzLjFymM+uZPLk/IXZUL63xdx5VXEo+enTzxkZXdycw= +github.com/cilium/ebpf v0.20.1-0.20251215101449-df5c3096bd8c h1:oC8e6Vac5mOCKfGtbozmBY7wUvKV0aekCUYeFJ9ffCM= +github.com/cilium/ebpf v0.20.1-0.20251215101449-df5c3096bd8c/go.mod h1:dM+AMI6FkW5LOkzikdefUmzK0z81o7GqiKXon7D1F58= github.com/clayscode/Go-Splunk-HTTP/splunk/v2 v2.0.1-0.20221027171526-76a36be4fa02 h1:GpaHYwMLoDarNxagi3vGGzPsIMhO7LHGlMn9eHVXWK4= github.com/clayscode/Go-Splunk-HTTP/splunk/v2 v2.0.1-0.20221027171526-76a36be4fa02/go.mod h1:HxsMAwjIrYG2Afz/JB+a4HcALVNM0zTLTO5RZnf+OS8= github.com/clbanning/mxj v1.8.4 h1:HuhwZtbyvyOw+3Z1AowPkU87JkJUSv751ELWaiTpj8I= @@ -347,8 +349,8 @@ github.com/go-quicktest/qt v1.101.1-0.20240301121107-c6c8733fa1e6/go.mod h1:p4lG github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-stack/stack v1.6.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= -github.com/goccy/go-yaml v1.18.0/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= +github.com/goccy/go-yaml v1.19.1 h1:3rG3+v8pkhRqoQ/88NYNMHYVGYztCOCIZ7UQhu7H+NE= +github.com/goccy/go-yaml v1.19.1/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA= github.com/godzie44/go-uring v0.0.0-20220926161041-69611e8b13d5 h1:5zELAgnSz0gqmr4Q5DWCoOzNHoeBAxVUXB7LS1eG+sw= github.com/godzie44/go-uring v0.0.0-20220926161041-69611e8b13d5/go.mod h1:ermjEDUoT/fS+3Ona5Vd6t6mZkw1eHp99ILO5jGRBkM= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= @@ -695,8 +697,8 @@ github.com/shirou/gopsutil/v4 v4.25.1/go.mod h1:RoUCUpndaJFtT+2zsZzzmhvbfGoDCJ7n github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.8.3 h1:DBBfY8eMYazKEJHb3JKpSPfpgd2mBCoNFlQx6C5fftU= -github.com/sirupsen/logrus v1.8.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/afero v0.0.0-20170901052352-ee1bd8ee15a1/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/cast v1.1.0/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -809,6 +811,8 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= +golang.org/x/arch v0.23.0 h1:lKF64A2jF6Zd8L0knGltUnegD62JMFBiCPBmQpToHhg= +golang.org/x/arch v0.23.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A= golang.org/x/crypto v0.0.0-20170808112155-b176d7def5d7/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -823,8 +827,8 @@ golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= +golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1iimyPKZ/xwniHj8Q2a0= +golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -840,8 +844,8 @@ golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= -golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= +golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI= +golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= diff --git a/services/launcher/flows_reader.go b/services/launcher/flows_reader.go index 2fca60aa105..0082f1016a5 100644 --- a/services/launcher/flows_reader.go +++ b/services/launcher/flows_reader.go @@ -76,7 +76,9 @@ func NewFlowReader( for session_id := range in { collection_context, err := storage_manager. LoadCollectionContext(ctx, config_obj, client_id, session_id) - if err == nil { + if err == nil && + collection_context != nil && + collection_context.Request != nil { select { case <-ctx.Done(): return diff --git a/services/launcher/index.go b/services/launcher/index.go index 93da6e0ba38..8ddd98a0095 100644 --- a/services/launcher/index.go +++ b/services/launcher/index.go @@ -150,6 +150,11 @@ func (self *flowIndexBuilder) buildFlowIndexFromDatastore( if !ok { return nil } + + if flow == nil || flow.Request == nil { + continue + } + rs_writer.Write(ordereddict.NewDict(). Set("FlowId", flow.SessionId). Set("Artifacts", flow.Request.Artifacts). diff --git a/services/launcher/verifier.go b/services/launcher/verifier.go index e4f36c0582a..5d8c06419af 100644 --- a/services/launcher/verifier.go +++ b/services/launcher/verifier.go @@ -22,7 +22,7 @@ var ( type AnalysisState struct { Artifact string Permissions []string - Errors []error + Errors []string Warnings []string // Keep track of existing definitions in LET queries. @@ -30,7 +30,7 @@ type AnalysisState struct { } func (self *AnalysisState) SetError(err error) { - self.Errors = append(self.Errors, err) + self.Errors = append(self.Errors, err.Error()) } func (self *AnalysisState) AnalyseCall( diff --git a/vql/linux/ebpf/dns.go b/vql/linux/ebpf/dns.go index a90f4a244a5..8859337709a 100644 --- a/vql/linux/ebpf/dns.go +++ b/vql/linux/ebpf/dns.go @@ -1,3 +1,7 @@ +//go:build linux && (arm64 || amd64) +// +build linux +// +build arm64 amd64 + package ebpf import ( From 03212f73adc03763746eebdd77d0050978d0b663 Mon Sep 17 00:00:00 2001 From: Mike Cohen Date: Mon, 5 Jan 2026 02:09:11 +1000 Subject: [PATCH 2/7] Fixed tests --- artifacts/testdata/server/testcases/verify.in.yaml | 2 +- artifacts/testdata/server/testcases/verify.out.yaml | 13 +------------ 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/artifacts/testdata/server/testcases/verify.in.yaml b/artifacts/testdata/server/testcases/verify.in.yaml index f799a907b99..256c42dc03b 100644 --- a/artifacts/testdata/server/testcases/verify.in.yaml +++ b/artifacts/testdata/server/testcases/verify.in.yaml @@ -29,7 +29,7 @@ Queries: # Check the Server.Utils.ArtifactVerifier works on some bad # artifacts. Filter out the absolute path to make test reproducible - - SELECT *, { + - SELECT summary, artifacts, { SELECT *, basename(path=path) as path FROM results } AS results diff --git a/artifacts/testdata/server/testcases/verify.out.yaml b/artifacts/testdata/server/testcases/verify.out.yaml index b8421bd35c7..4e5e8dae204 100644 --- a/artifacts/testdata/server/testcases/verify.out.yaml +++ b/artifacts/testdata/server/testcases/verify.out.yaml @@ -45,19 +45,9 @@ Output: [ # Check the Server.Utils.ArtifactVerifier works on some bad # artifacts. Filter out the absolute path to make test reproducible -Query: SELECT *, { SELECT *, basename(path=path) as path FROM results } AS results FROM Artifact.Server.Utils.ArtifactVerifier( SearchGlob=srcDir+"/artifacts/testdata/files/artifacts/*") +Query: SELECT summary, artifacts, { SELECT *, basename(path=path) as path FROM results } AS results FROM Artifact.Server.Utils.ArtifactVerifier( SearchGlob=srcDir+"/artifacts/testdata/files/artifacts/*") Output: [ { - "timestamp": "2026-01-04T15:33:43Z", - "metadata": { - "name": "velociraptor", - "version": "0.75.6", - "commit": "b4403b36a", - "build_time": "2026-01-05T01:24:01+10:00", - "compiler": "go1.25.3", - "system": "linux", - "architecture": "amd64" - }, "summary": { "total": 4, "passed": 2, @@ -70,7 +60,6 @@ Output: [ "BrokenQuery", "WarnningExecve" ], - "_Source": "Server.Utils.ArtifactVerifier", "results": [ { "name": "Good", From 69c541c2c87a56e8fad532e7fc433139c334b50f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Dec 2025 01:23:59 +0000 Subject: [PATCH 3/7] Build(deps): Bump qs from 6.13.1 to 6.14.1 in /gui/velociraptor Bumps [qs](https://github.com/ljharb/qs) from 6.13.1 to 6.14.1. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](https://github.com/ljharb/qs/compare/v6.13.1...v6.14.1) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- gui/velociraptor/package-lock.json | 168 ++++++++++++++++++++++++----- gui/velociraptor/package.json | 2 +- 2 files changed, 140 insertions(+), 30 deletions(-) diff --git a/gui/velociraptor/package-lock.json b/gui/velociraptor/package-lock.json index 11439e8f994..95d9046aa67 100644 --- a/gui/velociraptor/package-lock.json +++ b/gui/velociraptor/package-lock.json @@ -16,7 +16,7 @@ "@fortawesome/react-fontawesome": "0.2.6", "@popperjs/core": "^2.11.8", "ace-builds": "1.43.4", - "axios": "^1.13.2", + "axios": ">=1.13.2", "axios-retry": "3.9.1", "bootstrap": "5.3.8", "classnames": "^2.5.1", @@ -36,7 +36,7 @@ "patch-package": "8.0.1", "path-browserify": "1.0.1", "prop-types": "^15.8.1", - "qs": "6.13.1", + "qs": "6.14.1", "react": "^16.14.0", "react-ace": "^9.5.0", "react-autosuggest": "^10.1.0", @@ -6402,6 +6402,21 @@ "node": ">= 0.4" } }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", @@ -12396,9 +12411,12 @@ } }, "node_modules/object-inspect": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", - "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==", + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "engines": { + "node": ">= 0.4" + }, "funding": { "url": "https://github.com/sponsors/ljharb" } @@ -13070,12 +13088,11 @@ ] }, "node_modules/qs": { - "version": "6.13.1", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.1.tgz", - "integrity": "sha512-EJPeIn0CYrGu+hli1xilKAPXODtJ12T0sP63Ijx2/khC2JtuaN3JyNIpvmnkmaEtha9ocbG4A4cMcr+TvqvwQg==", - "license": "BSD-3-Clause", + "version": "6.14.1", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", + "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", "dependencies": { - "side-channel": "^1.0.6" + "side-channel": "^1.1.0" }, "engines": { "node": ">=0.6" @@ -13966,14 +13983,65 @@ } }, "node_modules/side-channel": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", - "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", "dependencies": { - "call-bind": "^1.0.7", "es-errors": "^1.3.0", - "get-intrinsic": "^1.2.4", - "object-inspect": "^1.13.1" + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", + "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" }, "engines": { "node": ">= 0.4" @@ -19869,6 +19937,15 @@ "function-bind": "^1.1.2" } }, + "call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "requires": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + } + }, "callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", @@ -24266,9 +24343,9 @@ "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==" }, "object-inspect": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", - "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==" + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==" }, "object-is": { "version": "1.1.5", @@ -24741,11 +24818,11 @@ "dev": true }, "qs": { - "version": "6.13.1", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.1.tgz", - "integrity": "sha512-EJPeIn0CYrGu+hli1xilKAPXODtJ12T0sP63Ijx2/khC2JtuaN3JyNIpvmnkmaEtha9ocbG4A4cMcr+TvqvwQg==", + "version": "6.14.1", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz", + "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==", "requires": { - "side-channel": "^1.0.6" + "side-channel": "^1.1.0" } }, "querystringify": { @@ -25393,14 +25470,47 @@ "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==" }, "side-channel": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", - "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", "requires": { - "call-bind": "^1.0.7", "es-errors": "^1.3.0", - "get-intrinsic": "^1.2.4", - "object-inspect": "^1.13.1" + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + } + }, + "side-channel-list": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", + "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", + "requires": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3" + } + }, + "side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "requires": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + } + }, + "side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "requires": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" } }, "signal-exit": { diff --git a/gui/velociraptor/package.json b/gui/velociraptor/package.json index 1fb20abdf60..31f1cad0899 100644 --- a/gui/velociraptor/package.json +++ b/gui/velociraptor/package.json @@ -31,7 +31,7 @@ "patch-package": "8.0.1", "path-browserify": "1.0.1", "prop-types": "^15.8.1", - "qs": "6.13.1", + "qs": "6.14.1", "react": "^16.14.0", "react-ace": "^9.5.0", "react-autosuggest": "^10.1.0", From ca12a185b9ccba85434e26c840cb9131b439c18f Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 29 Dec 2025 10:21:43 +0000 Subject: [PATCH 4/7] fix: upgrade humanize-duration from 3.33.1 to 3.33.2 Snyk has created this PR to upgrade humanize-duration from 3.33.1 to 3.33.2. See this package in npm: humanize-duration See this project in Snyk: https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr --- gui/velociraptor/package-lock.json | 14 +++++++------- gui/velociraptor/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/gui/velociraptor/package-lock.json b/gui/velociraptor/package-lock.json index 95d9046aa67..95f00392356 100644 --- a/gui/velociraptor/package-lock.json +++ b/gui/velociraptor/package-lock.json @@ -27,7 +27,7 @@ "hosted-git-info": "^2.8.9", "html-react-parser": "^0.14.3", "http-proxy-middleware": "^2.0.9", - "humanize-duration": "^3.33.1", + "humanize-duration": "^3.33.2", "lodash": "^4.17.21", "markdown-it": "14.1.0", "moment": "^2.30.1", @@ -8850,9 +8850,9 @@ } }, "node_modules/humanize-duration": { - "version": "3.33.1", - "resolved": "https://registry.npmjs.org/humanize-duration/-/humanize-duration-3.33.1.tgz", - "integrity": "sha512-hwzSCymnRdFx9YdRkQQ0OYequXiVAV6ZGQA2uzocwB0F4309Ke6pO8dg0P8LHhRQJyVjGteRTAA/zNfEcpXn8A==", + "version": "3.33.2", + "resolved": "https://registry.npmjs.org/humanize-duration/-/humanize-duration-3.33.2.tgz", + "integrity": "sha512-K7Ny/ULO1hDm2nnhvAY+SJV1skxFb61fd073SG1IWJl+D44ULrruCuTyjHKjBVVcSuTlnY99DKtgEG39CM5QOQ==", "license": "Unlicense", "funding": { "url": "https://github.com/sponsors/EvanHahn" @@ -21744,9 +21744,9 @@ "dev": true }, "humanize-duration": { - "version": "3.33.1", - "resolved": "https://registry.npmjs.org/humanize-duration/-/humanize-duration-3.33.1.tgz", - "integrity": "sha512-hwzSCymnRdFx9YdRkQQ0OYequXiVAV6ZGQA2uzocwB0F4309Ke6pO8dg0P8LHhRQJyVjGteRTAA/zNfEcpXn8A==" + "version": "3.33.2", + "resolved": "https://registry.npmjs.org/humanize-duration/-/humanize-duration-3.33.2.tgz", + "integrity": "sha512-K7Ny/ULO1hDm2nnhvAY+SJV1skxFb61fd073SG1IWJl+D44ULrruCuTyjHKjBVVcSuTlnY99DKtgEG39CM5QOQ==" }, "iconv-lite": { "version": "0.6.3", diff --git a/gui/velociraptor/package.json b/gui/velociraptor/package.json index 31f1cad0899..9ad13714acb 100644 --- a/gui/velociraptor/package.json +++ b/gui/velociraptor/package.json @@ -22,7 +22,7 @@ "hosted-git-info": "^2.8.9", "html-react-parser": "^0.14.3", "http-proxy-middleware": "^2.0.9", - "humanize-duration": "^3.33.1", + "humanize-duration": "^3.33.2", "lodash": "^4.17.21", "markdown-it": "14.1.0", "moment": "^2.30.1", From e2cc89d3cd19515dd77f8a3ec2f312eacc4eda12 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 29 Dec 2025 10:21:36 +0000 Subject: [PATCH 5/7] fix: upgrade ace-builds from 1.43.4 to 1.43.5 Snyk has created this PR to upgrade ace-builds from 1.43.4 to 1.43.5. See this package in npm: ace-builds See this project in Snyk: https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr --- gui/velociraptor/package-lock.json | 14 +++++++------- gui/velociraptor/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/gui/velociraptor/package-lock.json b/gui/velociraptor/package-lock.json index 95f00392356..3e7704ac110 100644 --- a/gui/velociraptor/package-lock.json +++ b/gui/velociraptor/package-lock.json @@ -15,7 +15,7 @@ "@fortawesome/free-solid-svg-icons": "^6.7.2", "@fortawesome/react-fontawesome": "0.2.6", "@popperjs/core": "^2.11.8", - "ace-builds": "1.43.4", + "ace-builds": "^1.43.5", "axios": ">=1.13.2", "axios-retry": "3.9.1", "bootstrap": "5.3.8", @@ -5419,9 +5419,9 @@ "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==" }, "node_modules/ace-builds": { - "version": "1.43.4", - "resolved": "https://registry.npmjs.org/ace-builds/-/ace-builds-1.43.4.tgz", - "integrity": "sha512-8hAxVfo2ImICd69BWlZwZlxe9rxDGDjuUhh+WeWgGDvfBCE+r3lkynkQvIovDz4jcMi8O7bsEaFygaDT+h9sBA==", + "version": "1.43.5", + "resolved": "https://registry.npmjs.org/ace-builds/-/ace-builds-1.43.5.tgz", + "integrity": "sha512-iH5FLBKdB7SVn9GR37UgA/tpQS8OTWIxWAuq3Ofaw+Qbc69FfPXsXd9jeW7KRG2xKpKMqBDnu0tHBrCWY5QI7A==", "license": "BSD-3-Clause" }, "node_modules/acorn": { @@ -19203,9 +19203,9 @@ "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==" }, "ace-builds": { - "version": "1.43.4", - "resolved": "https://registry.npmjs.org/ace-builds/-/ace-builds-1.43.4.tgz", - "integrity": "sha512-8hAxVfo2ImICd69BWlZwZlxe9rxDGDjuUhh+WeWgGDvfBCE+r3lkynkQvIovDz4jcMi8O7bsEaFygaDT+h9sBA==" + "version": "1.43.5", + "resolved": "https://registry.npmjs.org/ace-builds/-/ace-builds-1.43.5.tgz", + "integrity": "sha512-iH5FLBKdB7SVn9GR37UgA/tpQS8OTWIxWAuq3Ofaw+Qbc69FfPXsXd9jeW7KRG2xKpKMqBDnu0tHBrCWY5QI7A==" }, "acorn": { "version": "8.15.0", diff --git a/gui/velociraptor/package.json b/gui/velociraptor/package.json index 9ad13714acb..a4a4a500bb8 100644 --- a/gui/velociraptor/package.json +++ b/gui/velociraptor/package.json @@ -11,7 +11,7 @@ "@fortawesome/react-fontawesome": "0.2.6", "@popperjs/core": "^2.11.8", "axios": ">=1.13.2", - "ace-builds": "1.43.4", + "ace-builds": "1.43.5", "axios-retry": "3.9.1", "bootstrap": "5.3.8", "classnames": "^2.5.1", From 59be9c05a89e64ac366b7804d7a814554fc0b008 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Mon, 15 Dec 2025 10:07:50 +0000 Subject: [PATCH 6/7] fix: upgrade webpack from 5.102.1 to 5.103.0 Snyk has created this PR to upgrade webpack from 5.102.1 to 5.103.0. See this package in npm: webpack See this project in Snyk: https://app.snyk.io/org/scudette/project/76f4d127-566b-42ef-86f4-bdcbc92b90b4?utm_source=github&utm_medium=referral&page=upgrade-pr --- gui/velociraptor/package-lock.json | 35 +++++++++++++++++------------- gui/velociraptor/package.json | 2 +- 2 files changed, 21 insertions(+), 16 deletions(-) diff --git a/gui/velociraptor/package-lock.json b/gui/velociraptor/package-lock.json index 3e7704ac110..a0a68cb73db 100644 --- a/gui/velociraptor/package-lock.json +++ b/gui/velociraptor/package-lock.json @@ -54,7 +54,7 @@ "recharts": "^2.15.4", "sprintf-js": "1.1.3", "url-parse": "^1.5.10", - "webpack": "5.102.1" + "webpack": "^5.103.0" }, "devDependencies": { "@babel/core": "^7.25.2", @@ -11987,11 +11987,16 @@ } }, "node_modules/loader-runner": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.0.tgz", - "integrity": "sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==", + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.1.tgz", + "integrity": "sha512-IWqP2SCPhyVFTBtRcgMHdzlf9ul25NwaFx4wCEH/KjAXuuHY4yNjvPXsBokp8jCB936PyWRaPKUNh8NvylLp2Q==", + "license": "MIT", "engines": { "node": ">=6.11.5" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" } }, "node_modules/locate-path": { @@ -15167,9 +15172,9 @@ } }, "node_modules/webpack": { - "version": "5.102.1", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.102.1.tgz", - "integrity": "sha512-7h/weGm9d/ywQ6qzJ+Xy+r9n/3qgp/thalBbpOi5i223dPXKi04IBtqPN9nTd+jBc7QKfvDbaBnFipYp4sJAUQ==", + "version": "5.103.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.103.0.tgz", + "integrity": "sha512-HU1JOuV1OavsZ+mfigY0j8d1TgQgbZ6M+J75zDkpEAwYeXjWSqrGJtgnPblJjd/mAyTNQ7ygw0MiKOn6etz8yw==", "license": "MIT", "dependencies": { "@types/eslint-scope": "^3.7.7", @@ -15189,7 +15194,7 @@ "glob-to-regexp": "^0.4.1", "graceful-fs": "^4.2.11", "json-parse-even-better-errors": "^2.3.1", - "loader-runner": "^4.2.0", + "loader-runner": "^4.3.1", "mime-types": "^2.1.27", "neo-async": "^2.6.2", "schema-utils": "^4.3.3", @@ -24032,9 +24037,9 @@ } }, "loader-runner": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.0.tgz", - "integrity": "sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==" + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.1.tgz", + "integrity": "sha512-IWqP2SCPhyVFTBtRcgMHdzlf9ul25NwaFx4wCEH/KjAXuuHY4yNjvPXsBokp8jCB936PyWRaPKUNh8NvylLp2Q==" }, "locate-path": { "version": "6.0.0", @@ -26306,9 +26311,9 @@ "dev": true }, "webpack": { - "version": "5.102.1", - "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.102.1.tgz", - "integrity": "sha512-7h/weGm9d/ywQ6qzJ+Xy+r9n/3qgp/thalBbpOi5i223dPXKi04IBtqPN9nTd+jBc7QKfvDbaBnFipYp4sJAUQ==", + "version": "5.103.0", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.103.0.tgz", + "integrity": "sha512-HU1JOuV1OavsZ+mfigY0j8d1TgQgbZ6M+J75zDkpEAwYeXjWSqrGJtgnPblJjd/mAyTNQ7ygw0MiKOn6etz8yw==", "requires": { "@types/eslint-scope": "^3.7.7", "@types/estree": "^1.0.8", @@ -26327,7 +26332,7 @@ "glob-to-regexp": "^0.4.1", "graceful-fs": "^4.2.11", "json-parse-even-better-errors": "^2.3.1", - "loader-runner": "^4.2.0", + "loader-runner": "^4.3.1", "mime-types": "^2.1.27", "neo-async": "^2.6.2", "schema-utils": "^4.3.3", diff --git a/gui/velociraptor/package.json b/gui/velociraptor/package.json index a4a4a500bb8..b0cbeec193a 100644 --- a/gui/velociraptor/package.json +++ b/gui/velociraptor/package.json @@ -49,7 +49,7 @@ "recharts": "^2.15.4", "sprintf-js": "1.1.3", "url-parse": "^1.5.10", - "webpack": "5.102.1" + "webpack": "5.103.0" }, "homepage": ".", "scripts": { From c11a180d69a761eb4dc87fa3485e1e256b9b1fa2 Mon Sep 17 00:00:00 2001 From: Mike Cohen Date: Mon, 5 Jan 2026 02:31:11 +1000 Subject: [PATCH 7/7] Fix logic when fatal logs --- .../definitions/Server/Utils/ArtifactVerifier.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/artifacts/definitions/Server/Utils/ArtifactVerifier.yaml b/artifacts/definitions/Server/Utils/ArtifactVerifier.yaml index e9ed45b73ce..b4b412b6eae 100644 --- a/artifacts/definitions/Server/Utils/ArtifactVerifier.yaml +++ b/artifacts/definitions/Server/Utils/ArtifactVerifier.yaml @@ -26,9 +26,12 @@ sources: FROM foreach(row=X) LET Stringify(X) = _Stringify(X=X).value - LET MaybeLogError(Verify, Path) = if(condition=ErrorIsFatal, - then=Verify.Errors AND log(level="ERROR", dedup= -1, message="%v failed!", args=Path), - else=NOT Verify.Errors) + LET maybeLog(Path) = if(condition=ErrorIsFatal, + then=log(level="ERROR", dedup= -1, message="%v failed!", args=Path), + else=TRUE) + + LET PassLogError(Verify, Path) = NOT Verify.Errors + OR NOT maybeLog(Path=Path) -- Extract the name of the artifact from the raw data - needed if -- the yaml can not be parsed at all then we need to fallback to a @@ -42,7 +45,7 @@ sources: LET Results <= SELECT name, path, - MaybeLogError(Verify=Verify, Path=path) AS passed, + PassLogError(Verify=Verify, Path=path) AS passed, Stringify(X=Verify.Errors) AS errors, Stringify(X=Verify.Warnings) AS warnings FROM foreach(row=Files,