fix: Added check for jsonl format

Yamato-Security · Sep 30, 2023 · fa366b7 · fa366b7
1 parent 4dd7e92
commit fa366b7
Show file tree

Hide file tree

Showing 9 changed files with 43 additions and 0 deletions.
diff --git a/src/takajopkg/general.nim b/src/takajopkg/general.nim
@@ -325,6 +325,25 @@ proc isLocalIP*(ip: string): bool =
   return ip == "127.0.0.1" or ip == "-" or ip == "::1"
 
 
+proc isJsonConvertible*(timeline: string) : bool =
+  var
+    file: File
+    firstLine: string
+    jsonLine: JsonNode
+  if file.open(timeline):
+    try:
+      firstLine = file.readLine()
+      jsonLine = parseJson(firstLine)
+      return true
+    except:
+      echo "Failed to convert '" & timeline & "'.This file is not in JSONL format."
+      echo "Please specify a file that has been executed with the Hayabusa json-timeline command --JSONL-output(-L) option."
+      return false
+    finally:
+      close(file)
+  echo "Failed to open '" & timeline & "'.Please specify a valid file path."
+  return false
+
 type VirusTotalResult* = object
   resTable*: TableRef[string, string]
   resJson*: JsonNode

diff --git a/src/takajopkg/listDomains.nim b/src/takajopkg/listDomains.nim
@@ -9,6 +9,9 @@ proc listDomains(includeSubdomains: bool = false, includeWorkstations: bool = fa
         echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
         quit(1)
 
+    if not isJsonConvertible(timeline):
+        quit(1)
+
     echo "Started the List Domains command"
     echo ""
     echo "Local queries to workstations are filtered out by default, but can be included with -w, --includeWorkstations."

diff --git a/src/takajopkg/listHashes.nim b/src/takajopkg/listHashes.nim
@@ -9,6 +9,9 @@ proc listHashes(level: string = "high", output: string, quiet: bool = false, tim
         echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
         quit(1)
 
+    if not isJsonConvertible(timeline):
+        quit(1)
+
     if level != "critical" and level != "high" and level != "medium" and level != "low" and level != "informational":
         echo "You must specify a minimum level of critical, high, medium, low or informational. (default: high)"
         echo ""

diff --git a/src/takajopkg/listIpAddresses.nim b/src/takajopkg/listIpAddresses.nim
@@ -7,6 +7,9 @@ proc listIpAddresses(inbound: bool = true, outbound: bool = true, output: string
         echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
         quit(1)
 
+    if not isJsonConvertible(timeline):
+        quit(1)
+
     # Error if both inbound and outbound are set to false as there is nothing to search for.
     if inbound == false and outbound == false:
         echo "You must enable inbound and/or outbound searching."

diff --git a/src/takajopkg/splitJsonTimeline.nim b/src/takajopkg/splitJsonTimeline.nim
@@ -6,6 +6,9 @@ proc splitJsonTimeline(output: string = "output", quiet: bool = false, timeline:
         echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
         quit(1)
 
+    if not isJsonConvertible(timeline):
+        quit(1)
+
     echo "Started the Split JSONL Timeline command"
     echo ""
     echo "This command will split a large JSONL timeline into many multiple ones based on computer name."

diff --git a/src/takajopkg/stackLogons.nim b/src/takajopkg/stackLogons.nim
@@ -11,6 +11,9 @@ proc stackLogons(localSrcIpAddresses = false, output: string = "", quiet: bool =
         echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
         quit(1)
 
+    if not isJsonConvertible(timeline):
+        quit(1)
+
     echo "Started the Stack Logons command"
     echo ""
     echo "This command will stack logons based on target user, target computer, source IP address and source computer."

diff --git a/src/takajopkg/sysmonProcessTree.nim b/src/takajopkg/sysmonProcessTree.nim
@@ -77,6 +77,9 @@ proc sysmonProcessTree(output: string = "", processGuid: string,
         echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
         quit(1)
 
+    if not isJsonConvertible(timeline):
+        quit(1)
+
     echo ""
     echo "Running the Process Tree module"
     echo ""

diff --git a/src/takajopkg/timelineLogon.nim b/src/takajopkg/timelineLogon.nim
@@ -7,6 +7,9 @@ proc timelineLogon(calculateElapsedTime: bool = true, output: string, outputLogo
         echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
         quit(1)
 
+    if not isJsonConvertible(timeline):
+            quit(1)
+
     echo "Started the Timeline Logon command"
     echo ""
     echo "This command creates a CSV timeline of logon events."

diff --git a/src/takajopkg/timelineSuspiciousProcesses.nim b/src/takajopkg/timelineSuspiciousProcesses.nim
@@ -7,6 +7,9 @@ proc timelineSuspiciousProcesses(level: string = "high", output: string = "", qu
         echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
         quit(1)
 
+    if not isJsonConvertible(timeline):
+        quit(1)
+
     if level != "critical" and level != "high" and level != "medium" and level != "low" and level != "informational":
         echo "You must specify a minimum level of critical, high, medium, low or informational. (default: high)"
         echo ""
-Original file line number
+Diff line change
@@ Expand Up @@
             echo "The file '" & timeline & "' does not exist. Please specify a valid file path."
             quit(1)
+        if not isJsonConvertible(timeline):
+            quit(1)
         echo ""
         echo "Running the Process Tree module"
         echo ""
@@ Expand Down @@