Add ConvertFrom-EpocTime with pipeline support

* Rename Get-EpocTimeFromUtc to ConvertFrom-EpocTime
* Export ConvertFrom-EpocTime
* Update Pester tests
* Add markdown help file
* Update external help file
* Update tags
* Update CHANGELOG

Author: Karneades

CHANGELOG.md

@@ -15,6 +15,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
   files like registry files.
 ### Changed
 * Update PowerShell help file with further examples.
+* Rename `Get-EpocTimeFromUtc` to `ConvertFrom-EpocTime`, add pipeline support
+    and export the function. Use `ConvertFrom-EpocTime` to convert unix
+    timestamps to UTC, e.g. in a registry flow, convert the st_mtime value
+    within PowerShell.
 <!--
 ### Fixed
 ### Deprecated

PowerGRR.psd1

@@ -98,7 +98,8 @@ FunctionsToExport = @(
     'ConvertTo-Hex',
     'Wait-GRRHuntApproval',
     'Wait-GRRClientApproval',
-    'Get-GRRClientInfo'
+    'Get-GRRClientInfo',
+    'ConvertFrom-EpocTime'
     )
 
 # Cmdlets to export from this module

PowerGRR.psm1

@@ -160,7 +160,7 @@ Function Get-GRRComputerNameFromClientId()
                     $info=[ordered]@{
                         ComputerName=$item.os_info.node
                         ClientId=$item.urn.substring(6)
-                        LastSeenAt=$(Get-EpocTimeFromUtc ($item.last_seen_at).toString().Insert(10,"."))
+                        LastSeenAt=$(ConvertFrom-EpocTime ($item.last_seen_at).toString().Insert(10,"."))
                         OSVersion=$item.os_info.kernel
                     }
 
@@ -256,8 +256,8 @@ function Get-GRRClientInfo()
                         $info=[ordered]@{
                             ComputerName=$( if($item.os_info) { $item.os_info.node } )
                             ClientId=$item.urn.substring(6)
-                            InstallationDate=$(Get-EpocTimeFromUtc ($item.os_info.install_date).toString().Insert(10,"."))
-                            LastSeenAt=$(Get-EpocTimeFromUtc ($item.last_seen_at).toString().Insert(10,"."))
+                            InstallationDate=$(ConvertFrom-EpocTime ($item.os_info.install_date).toString().Insert(10,"."))
+                            LastSeenAt=$(ConvertFrom-EpocTime ($item.last_seen_at).toString().Insert(10,"."))
                             OSVersion=$( if($item.os_info) { $item.os_info.kernel } )
                             GRRClientVersion=$item.agent_info.client_version
                             UserNames=$( if($item.users) { $item.users.username } )
@@ -348,7 +348,7 @@ Function Get-GRRClientIdFromComputerName()
                         $info=[ordered]@{
                             ComputerName=$item.os_info.node
                             ClientId=$item.urn.substring(6)
-                            LastSeenAt=$(Get-EpocTimeFromUtc ($item.last_seen_at).toString().Insert(10,"."))
+                            LastSeenAt=$(ConvertFrom-EpocTime ($item.last_seen_at).toString().Insert(10,"."))
                             OSVersion=$item.os_info.kernel
                         }
 
@@ -2017,7 +2017,7 @@ Function Get-GRRHunt()
         foreach ($r in $ret.items)
         {
             $info=[ordered]@{
-                Created=$(Get-EpocTimeFromUtc ($r.created).toString().Insert(10,"."))
+                Created=$(ConvertFrom-EpocTime ($r.created).toString().Insert(10,"."))
                 HuntId=$r.urn
                 Description=$r.description
                 Creator=$r.Creator
@@ -2347,11 +2347,22 @@ Function Get-ClientCertificate()
 } # Get-ClientCertificate
 
 
-function Get-EpocTimeFromUtc ([long]$UnixTime)
+Function ConvertFrom-EpocTime()
 {
-    $epoch = New-Object System.DateTime (1970, 1, 1, 0, 0, 0, [System.DateTimeKind]::Utc);
-    $epoch.AddSeconds($UnixTime)
-} # FromUtcEpocTime
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
+        [long[]]$UnixTime
+    )
+
+    Process
+    {
+        $UnixTime | ForEach-Object {
+            $epoch = New-Object System.DateTime (1970, 1, 1, 0, 0, 0, [System.DateTimeKind]::Utc)
+            $epoch.AddSeconds($_)
+        }
+    }
+} # ConvertFrom-EpocTime
 
 
 function Get-GRRSession ()
@@ -2668,7 +2679,7 @@ function Invoke-GRRRequest ()
 } # Invoke-GRRRequest
 
 
-function ConvertTo-Base64 ()
+function ConvertTo-Base64()
 {
     [CmdletBinding()]
     param(
@@ -2697,7 +2708,7 @@ function ConvertTo-Base64 ()
 }
 
 
-function ConvertFrom-Base64()
+Function ConvertFrom-Base64()
 {
     param(
         [Parameter(ValueFromPipeline=$True, Mandatory=$true)]
@@ -3032,7 +3043,8 @@ Export-ModuleMember @(
     'ConvertTo-Hex',
     'Wait-GRRHuntApproval',
     'Wait-GRRClientApproval',
-    'Get-GRRClientInfo'
+    'Get-GRRClientInfo',
+    'ConvertFrom-EpocTime'
 )
 
 #endregion

docs/ConvertFrom-EpocTime.md

@@ -0,0 +1,67 @@
+---
+external help file: PowerGRR-help.xml
+online version: https://github.com/swisscom/powergrr/blob/master/docs/ConvertFrom-EpocTime.md
+schema: 2.0.0
+---
+
+# ConvertFrom-EpocTime
+
+## SYNOPSIS
+Convert a unix timestamp into UTC.
+
+## SYNTAX
+
+```
+ConvertFrom-EpocTime [-UnixTime] <Int64[]> [<CommonParameters>]
+```
+
+## DESCRIPTION
+Convert a unix timestamp into UTC.
+
+## EXAMPLES
+
+### Example 1
+```
+PS C:\> ConvertFrom-EpocTime 1514997715
+
+Mittwoch, 3. Januar 2018 16:41:55
+
+PS C:\> 1514997715 | ConvertFrom-EpocTime
+
+Mittwoch, 3. Januar 2018 16:41:55
+```
+
+Convert the specified unix timestamp into UTC. Use pipeline if needed.
+
+## PARAMETERS
+
+### -UnixTime
+Unix timestamp to convert.
+
+```yaml
+Type: Int64[]
+Parameter Sets: (All)
+Aliases: 
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### System.Int64[]
+
+## OUTPUTS
+
+### System.Object
+
+## NOTES
+
+## RELATED LINKS
+

en-us/PowerGRR-help.xml

@@ -306,6 +306,96 @@
       </maml:navigationLink>
     </command:relatedLinks>
   </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>ConvertFrom-EpocTime</command:name>
+      <command:verb>ConvertFrom</command:verb>
+      <command:noun>EpocTime</command:noun>
+      <maml:description>
+        <maml:para>Convert a unix timestamp into UTC.</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>Convert a unix timestamp into UTC.</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>ConvertFrom-EpocTime</maml:name>
+        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
+          <maml:name>UnixTime</maml:name>
+          <maml:Description>
+            <maml:para>Unix timestamp to convert.</maml:para>
+          </maml:Description>
+          <command:parameterValue required="true" variableLength="false">Int64[]</command:parameterValue>
+          <dev:type>
+            <maml:name>Int64[]</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByValue)" position="0" aliases="none">
+        <maml:name>UnixTime</maml:name>
+        <maml:Description>
+          <maml:para>Unix timestamp to convert.</maml:para>
+        </maml:Description>
+        <command:parameterValue required="true" variableLength="false">Int64[]</command:parameterValue>
+        <dev:type>
+          <maml:name>Int64[]</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>System.Int64[]</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>Example 1</maml:title>
+        <dev:code>PS C:\&gt; ConvertFrom-EpocTime 1514997715
+
+Mittwoch, 3. Januar 2018 16:41:55
+
+PS C:\&gt; 1514997715 | ConvertFrom-EpocTime
+
+Mittwoch, 3. Januar 2018 16:41:55</dev:code>
+        <dev:remarks>
+          <maml:para>Convert the specified unix timestamp into UTC. Use pipeline if needed.</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>https://github.com/swisscom/powergrr/blob/master/docs/ConvertFrom-EpocTime.md</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
   <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
     <command:details>
       <command:name>ConvertTo-Base64</command:name>

tags

@@ -5,19 +5,22 @@
 !_TAG_PROGRAM_URL	http://ctags.sourceforge.net	/official site/
 !_TAG_PROGRAM_VERSION	5.8	//
 Add-GRRArtifact	.\PowerGRR.psm1	/^function Add-GRRArtifact()$/;"	m
+ConvertFrom-Base64	.\PowerGRR.psm1	/^Function ConvertFrom-Base64()$/;"	m
+ConvertFrom-EpocTime	.\PowerGRR.psm1	/^Function ConvertFrom-EpocTime()$/;"	m
+ConvertTo-Base64	.\PowerGRR.psm1	/^function ConvertTo-Base64()$/;"	m
 ConvertTo-Hex	.\PowerGRR.psm1	/^function ConvertTo-Hex()$/;"	m
 Find-GRRClient	.\PowerGRR.psm1	/^Function Find-GRRClient()$/;"	m
 Find-GRRClientByLabel	.\PowerGRR.psm1	/^Function Find-GRRClientByLabel()$/;"	m
 Get-ClientCertificate	.\PowerGRR.psm1	/^Function Get-ClientCertificate()$/;"	m
 Get-DynamicFlowParam	.\PowerGRR.psm1	/^function Get-DynamicFlowParam()$/;"	m
-Get-EpocTimeFromUtc	.\PowerGRR.psm1	/^function Get-EpocTimeFromUtc ([long]$UnixTime)$/;"	m
 Get-FlowArgs	.\PowerGRR.psm1	/^function Get-FlowArgs()$/;"	m
 Get-GRRArtifact	.\PowerGRR.psm1	/^function Get-GRRArtifact()$/;"	m
 Get-GRRClientApproval	.\PowerGRR.psm1	/^function Get-GRRClientApproval()$/;"	m
 Get-GRRClientIdFromComputerName	.\PowerGRR.psm1	/^Function Get-GRRClientIdFromComputerName()$/;"	m
 Get-GRRClientInfo	.\PowerGRR.psm1	/^function Get-GRRClientInfo()$/;"	m
 Get-GRRComputerNameFromClientId	.\PowerGRR.psm1	/^Function Get-GRRComputerNameFromClientId()$/;"	m
 Get-GRRConfig	.\PowerGRR.psm1	/^Function Get-GRRConfig()$/;"	m
+Get-GRRCredential	.\PowerGRR.psm1	/^function Get-GRRCredential()$/;"	m
 Get-GRRFlowDescriptor	.\PowerGRR.psm1	/^function Get-GRRFlowDescriptor()$/;"	m
 Get-GRRFlowResult	.\PowerGRR.psm1	/^function Get-GRRFlowResult()$/;"	m
 Get-GRRHunt	.\PowerGRR.psm1	/^Function Get-GRRHunt()$/;"	m

test/Pester/PowerGRR.Tests.ps1

@@ -1088,9 +1088,12 @@ Describe "internal functions" {
             }
         }
 
-        Context 'Testing Get-EpocTimeFromUtc' {
+        Context 'Testing ConvertFrom-EpocTime' {
             It 'convert unix timestamp to utc' {
-                $ret = Get-EpocTimeFromUtc 1496907016
+                $ret = ConvertFrom-EpocTime 1496907016
+                $ret | should be "06/08/2017 07:30:16"
+
+                $ret = 1496907016 | ConvertFrom-EpocTime
                 $ret | should be "06/08/2017 07:30:16"
             }
         }