Fix issues with .children property and walk_chidren.py example

jgarman · jgarman · commit e42c93e9ec21 · 2017-08-03T10:30:35.000-04:00
diff --git a/examples/response/walk_children.py b/examples/response/walk_children.py
@@ -9,7 +9,11 @@
 # This function is called for every child of the given process
 def visitor(proc, depth):
     try:
-        print("%s%s: %s" % ('  '*(depth-1), proc.start, proc.cmdline))
+        start_time = proc.get("start") or "<unknown>"
+        end_time = proc.get("end") or "<unknown>"
+
+        print("%s%s -- %s: %s %s" % ('  '*(depth + 1), start_time, end_time, proc.cmdline,
+                                     "(suppressed)" if proc.suppressed_process else ""))
     except Exception as e:
         print("** Encountered error while walking children: {0:s}".format(str(e)))
 
@@ -42,8 +46,15 @@ def main():
         return 2
 
     for root_proc in procs:
-        print("Process {0:s} on {1:s} executed by {2:s} children:".format(root_proc.path, root_proc.hostname,
+        if not root_proc.terminated:
+            duration = "still running"
+        else:
+            duration = str(root_proc.end - root_proc.start)
+
+        print("Process {0:s} on {1:s} executed by {2:s}:".format(root_proc.cmdline, root_proc.hostname,
                                                                           root_proc.username))
+        print("started at {0} ({1})".format(str(root_proc.start), duration))
+        print("Cb Response console link: {0}".format(root_proc.webui_link))
         root_proc.walk_children(visitor)
         print("")
 
diff --git a/src/cbapi/response/models.py b/src/cbapi/response/models.py
@@ -2213,6 +2213,20 @@ def start(self):
         """
         return convert_from_solr(self._attribute('start', -1))
 
+    @property
+    def end(self):
+        """
+        Returns the end time of the process (based on the last event received). If the process has not yet exited,
+        "end" will return None.
+
+        :return: datetime object of the last event received for the process, if it has terminated. Otherwise, None.
+        """
+        if self.get("end") is not None:
+            return convert_from_solr(self._attribute('end', -1))
+
+        if self.get("terminated", False) == True and self.get("last_update") is not None:
+            return convert_from_solr(self._attribute('last_update', -1))
+
     def require_events(self):
         event_key_list = ['filemod_complete', 'regmod_complete', 'modload_complete', 'netconn_complete',
                           'crossproc_complete', 'childproc_complete']
@@ -2346,7 +2360,8 @@ def children(self):
 
         if self._children_info is not None:
             for i, child in enumerate(self._children_info):
-                yield CbChildProcEvent(self, convert_event_time(child.get("start") or "1970-01-01T00:00:00Z"), i,
+                timestamp = convert_event_time(child.get("start") or "1970-01-01T00:00:00Z")
+                yield CbChildProcEvent(self, timestamp, i,
                                        {
                                            "procguid": child["unique_id"],
                                            "md5": child["process_md5"],
@@ -2784,12 +2799,15 @@ def process(self):
         if path:
             proc_data["path"] = path
 
+        proc_data["parent_unique_id"] = self.parent._model_unique_id
+        proc_data["parent_id"] = self.parent.id
+
         try:
             (sensor_id, proc_pid, proc_createtime) = parse_process_guid(self.parent.id)
-            proc_data["parent_unique_id"] = self.parent._model_unique_id
-            proc_data["parent_id"] = self.parent.id
-            proc_data["sensor_id"] = sensor_id
-            proc_data["start"] = proc_createtime
+            if "sensor_id" not in proc_data:
+                proc_data["sensor_id"] = sensor_id
+            if "start" not in proc_data:
+                proc_data["start"] = convert_to_solr(proc_createtime)
         except Exception:
             # silently fail if the GUID is not able to be parsed
             pass
