def setUp(self):
super(TestComponents, self).setUp()
# Create a mock component.
fp = StringIO.StringIO()
new_zip_file = zipfile.ZipFile(fp, mode="w")
new_zip_file.writestr("mock_mod.py", self.component_payload)
new_zip_file.close()
self.component = test_lib.WriteComponent(name="mock_component",
version="1.0",
token=self.token,
modules=["mock_mod"],
raw_data=fp.getvalue())
def testRekallPsListArtifact(self):
"""Check we can run Rekall based artifacts."""
test_lib.WriteComponent(
token=self.token,
version=memory.AnalyzeClientMemoryArgs().component_version)
fd = self.RunCollectorAndGetCollection(
["RekallPsList"],
RekallMock(self.client_id, "rekall_pslist_result.dat.gz"))
self.assertEqual(len(fd), 35)
self.assertEqual(fd[0].exe, "System")
self.assertEqual(fd[0].pid, 4)
self.assertIn("DumpIt.exe", [x.exe for x in fd])
def testRekallVadArtifact(self):
"""Check we can run Rekall based artifacts."""
test_lib.WriteComponent(
token=self.token,
version=memory.AnalyzeClientMemoryArgs().component_version)
# The client should now be populated with the data we care about.
with aff4.FACTORY.Open(self.client_id, mode="rw", token=self.token) as fd:
fd.Set(fd.Schema.KNOWLEDGE_BASE(os="Windows", environ_systemdrive=r"c:"))
fd = self.RunCollectorAndGetCollection(["FullVADBinaryList"], RekallMock(
self.client_id, "rekall_vad_result.dat.gz"))
self.assertEqual(len(fd), 1705)
self.assertEqual(fd[0].path, u"c:\\Windows\\System32\\ntdll.dll")
for x in fd:
self.assertEqual(x.pathtype, "OS")
extension = x.path.lower().split(".")[-1]
self.assertIn(extension, ["exe", "dll", "pyd", "drv", "mui", "cpl"])
def setUp(self):
super(RekallTestSuite, self).setUp()
self.client_id = self.SetupClients(1)[0]
test_lib.WriteComponent(token=self.token)
def setUp(self):
super(DumpACPITableTest, self).setUp()
test_lib.WriteComponent(name="grr-chipsec-component",
version="1.2.4.1",
modules=["grr_chipsec"],
token=self.token)
def setUp(self):
super(MemoryTest, self).setUp()
test_lib.WriteComponent(
token=self.token,
version=memory.AnalyzeClientMemoryArgs().component_version)
def setUp(self):
super(RekallTestSuite, self).setUp()
self.client_id = self.SetupClients(1)[0]
test_lib.WriteComponent(
token=self.token,
version=memory.AnalyzeClientMemoryArgs().component_version)
def setUp(self):
super(MemoryTest, self).setUp()
test_lib.WriteComponent(token=self.token)
