Version bump to 3.4.7.4. Syncing recent changes. (#1091)

CHANGELOG.md

@@ -5,6 +5,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+### Removed
+
+* Removed the `ListFlowApplicableParsers` API method.
+* Removed the `ListParsedFlowResults` API method.
+
+## [3.4.7.4] - 2024-05-28
+
 ### Removed
 
 * Removed support for Chipsec based flows.
@@ -13,13 +22,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   by individual and combination of system name, release and version).
 * Removed support for foreman rules using `uname` of an endpoint (this can be
   simulated by using 3 rules for system name, release and version).
-* GRR server Debian package is removed when github actions are updated. The
-  docker image and Docker Compose stack (see section "Added") are the
-  recommended wait of running GRR in the future.
 * Removed the `provides` field from the `Artifact` message. This change has been
   done in anticipation of the removal of the same field from the official GitHub
   repository (ForensicArtifacts/artifacts#275).
-
+* **GRR server Debian package**. We stopped providing the GRR server Debian
+  package as the main way of distributing GRR server and client binaries.
+  Instead we  make GRR Docker image a preferred way for running GRR in a
+  demo or production environment.  See the documentation [here](https://grr-doc.readthedocs.io/en/latest/installing-and-running-grr/via-docker-compose.html).
+* **Artifact parsers**. ArtifactCollector flow supported parsing collected files
+  and output of executed commands. Its parsers were not properly maintained,
+  were often outdated and fragile. We're converted selected parsers
+  into standalone flows (`CollectDistroInfo`, `CollectInstalledSoftware`, `CollectHardwareInfo`) and removed the artifact parsing subsystem.
+  The ArtifactCollector now works as if "apply_parsers" arguments
+  attribute is set to False. At some point the "apply_parsers" attribute will be
+  deprecated completely.
 
 ### Added
 * GRR docker image which contains all grr server components and client
@@ -31,6 +47,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   to decode a crowdstrike quarantine encoded file, given as a
   `BinaryChunkIterator`.
 
+### Fixed
+
+* YARA memory scanning improvements (matching context options, consuming less bandwidth).
 
 ### API removed
 
@@ -58,19 +77,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Planned for removal
 
-Note: GRR release 3.4.7.1 is the **last release** containing the following
-features:
-
-* **Artifact parsers**. ArtifactCollector flow supports parsing collected files
-  and output of executed commands. Its parsers are not properly maintained,
-  are often outdated and fragile. We're going to convert selected parsers
-  into standalone flows and remove the artifact parsing subsystem:
-  the ArtifactCollector will always work as if "apply_parsers" arguments
-  attribute is set to False. Afterwards the "apply_parsers" attribute will be
-  deprecated completely. We will provide documentation on integrating
-  GRR and ArtifactCollector with well-maintained parsing frameworks like
-  [Plaso](https://plaso.readthedocs.io/en/latest/index.html).
-
 * **Built-in cron jobs**. Built-in cron jobs are primarily used for periodic
   hunts. We will provide documentation on how to easily replicate the
   current functionality using external scheduling systems (like Linux cron,
@@ -80,15 +86,6 @@ features:
   when migrating it to external schedulers, please reach out to us via email
   or GitHub.
 
-* **GRR server Debian package**. We will stop providing the GRR server Debian
-  package as the main way of distributing GRR server and client binaries.
-  Instead we will make GRR Docker image a preferred way for running GRR in a
-  demo or production environment.
-
-If your workflow depends on any of the above, please feel free reach out to
-us via [grr-users](https://groups.google.com/forum/#!forum/grr-users) Google
-Group or [GitHub](https://github.com/google/grr/issues).
-
 ## [3.4.7.1] - 2023-10-23
 
 ### Added

api_client/python/grr_api_client/flow.py

@@ -86,27 +86,6 @@ def ListResults(self) -> utils.ItemsIterator[FlowResult]:
     items = self._context.SendIteratorRequest("ListFlowResults", args)
     return utils.MapItemsIterator(lambda data: FlowResult(data=data), items)
 
-  def ListParsedResults(self) -> utils.ItemsIterator[FlowResult]:
-    args = flow_pb2.ApiListParsedFlowResultsArgs(
-        client_id=self.client_id, flow_id=self.flow_id
-    )
-    items = self._context.SendIteratorRequest("ListParsedFlowResults", args)
-    return utils.MapItemsIterator(lambda data: FlowResult(data=data), items)
-
-  def ListApplicableParsers(
-      self,
-  ) -> flow_pb2.ApiListFlowApplicableParsersResult:
-    """Lists parsers that are applicable to results of the flow."""
-    args = flow_pb2.ApiListFlowApplicableParsersArgs(
-        client_id=self.client_id, flow_id=self.flow_id
-    )
-
-    result = self._context.SendRequest("ListFlowApplicableParsers", args)
-    if not isinstance(result, flow_pb2.ApiListFlowApplicableParsersResult):
-      raise TypeError(f"Unexpected type: '{type(result)}'")
-
-    return result
-
   def GetExportedResultsArchive(self, plugin_name) -> utils.BinaryChunkIterator:
     args = flow_pb2.ApiGetExportedFlowResultsArgs(
         client_id=self.client_id, flow_id=self.flow_id, plugin_name=plugin_name

grr/core/grr_response_core/lib/parsers/all.py

@@ -1,16 +1,8 @@
 #!/usr/bin/env python
 """A module for registering all known parsers."""
 
-from grr_response_core.lib import parsers
-from grr_response_core.lib.parsers import linux_release_parser
-
 
 def Register():
   """Adds all known parsers to the registry."""
   # pyformat: disable
-
-  # File multi-parsers.
-  parsers.MULTI_FILE_PARSER_FACTORY.Register(
-      "LinuxReleaseInfo", linux_release_parser.LinuxReleaseParser)
-
   # pyformat: enable