Beispiel #1
0
    def runTest(self):
        """Launch our flows."""
        for flow, args in [
            (filesystem.ListDirectory.__name__, {
                "pathspec":
                rdf_paths.PathSpec(
                    pathtype=rdf_paths.PathSpec.PathType.REGISTRY,
                    path=self.reg_path)
            }),
            (find.FindFiles.__name__, {
                "findspec":
                rdf_client.FindSpec(pathspec=rdf_paths.PathSpec(
                    path=self.reg_path,
                    pathtype=rdf_paths.PathSpec.PathType.REGISTRY),
                                    path_regex="ProfileImagePath"),
            })
        ]:

            if self.local_worker:
                self.session_id = debugging.StartFlowAndWorker(
                    self.client_id, flow, **args)
            else:
                self.session_id = flow_utils.StartFlowAndWait(self.client_id,
                                                              flow_name=flow,
                                                              token=self.token,
                                                              **args)

        results = self.CheckResultCollectionNotEmptyWithRetry(self.session_id)
        for stat_entry in results:
            self.assertTrue(isinstance(stat_entry, rdf_client.StatEntry))
            self.assertTrue("ProfileImagePath" in stat_entry.pathspec.path)
Beispiel #2
0
    def Read(self, path, length=None, offset=0, fh=None):
        fd = aff4.FACTORY.Open(self.root.Add(path), token=self.token)
        last = fd.Get(fd.Schema.CONTENT_LAST)
        client_id = rdf_client.GetClientURNFromPath(path)

        if not self.DataRefreshRequired(last=last, path=path):
            return super(GRRFuse, self).Read(path, length, offset, fh)

        if isinstance(fd, standard.AFF4SparseImage):
            # If we have a sparse image, update just a part of it.
            self.UpdateSparseImageIfNeeded(fd, length, offset)
            # Read the file from the datastore as usual.
            return super(GRRFuse, self).Read(path, length, offset, fh)

        # If it's the first time we've seen this path (or we're asking
        # explicitly), try and make it an AFF4SparseImage.
        if last is None or self.force_sparse_image:
            pathspec = fd.Get(fd.Schema.PATHSPEC)

            # Either makes a new AFF4SparseImage or gets the file fully,
            # depending on size.
            flow_utils.StartFlowAndWait(
                client_id,
                token=self.token,
                flow_name=filesystem.MakeNewAFF4SparseImage.__name__,
                pathspec=pathspec,
                size_threshold=self.size_threshold)

            # Reopen the fd in case it's changed to be an AFF4SparseImage
            fd = aff4.FACTORY.Open(self.root.Add(path), token=self.token)
            # If we are now a sparse image, just download the part we requested
            # from the client.
            if isinstance(fd, standard.AFF4SparseImage):
                flow_utils.StartFlowAndWait(
                    client_id,
                    token=self.token,
                    flow_name=filesystem.FetchBufferForSparseImage.__name__,
                    file_urn=self.root.Add(path),
                    length=length,
                    offset=offset)
        else:
            # This was a file we'd seen before that wasn't a sparse image, so update
            # it the usual way.
            self._RunAndWaitForVFSFileUpdate(path)

        # Read the file from the datastore as usual.
        return super(GRRFuse, self).Read(path, length, offset, fh)
Beispiel #3
0
    def UpdateSparseImageIfNeeded(self, fd, length, offset):
        missing_chunks = self.GetMissingChunks(fd, length, offset)
        if not missing_chunks:
            return

        client_id = rdf_client.GetClientURNFromPath(fd.urn.Path())
        flow_utils.StartFlowAndWait(
            client_id,
            token=self.token,
            flow_name=filesystem.UpdateSparseImageChunks.__name__,
            file_urn=fd.urn,
            chunks_to_fetch=missing_chunks)
Beispiel #4
0
    def runTest(self):
        if self.client_min_version:
            target_client = aff4.FACTORY.Open(self.client_id, token=self.token)
            client_info = target_client.Get(target_client.Schema.CLIENT_INFO)
            if client_info.client_version < self.client_min_version:
                message = "Skipping version %s less than client_min_version: %s" % (
                    client_info.client_version, self.client_min_version)
                return self.skipTest(message)

        if self.local_worker:
            self.session_id = debugging.StartFlowAndWorker(
                self.client_id, self.flow, **self.args)
        else:
            self.session_id = flow_utils.StartFlowAndWait(self.client_id,
                                                          flow_name=self.flow,
                                                          timeout=self.timeout,
                                                          token=self.token,
                                                          **self.args)

        self.CheckFlow()
Beispiel #5
0
  def GetGRRBinaryName(self, run_interrogate=True):
    client = aff4.FACTORY.Open(self.client_id, mode="r", token=self.token)
    self.assertIsInstance(client, aff4_grr.VFSGRRClient)
    config = client.Get(aff4_grr.VFSGRRClient.SchemaCls.GRR_CONFIGURATION)

    if config is None:
      # Try running Interrogate once.
      if run_interrogate:
        flow_utils.StartFlowAndWait(
            self.client_id,
            flow_name=discovery.Interrogate.__name__,
            token=self.token)
        return self.GetGRRBinaryName(run_interrogate=False)
      else:
        self.fail("No valid configuration found, interrogate the client before "
                  "running this test.")
    else:
      try:
        self.binary_name = config["Client.binary_name"]
      except KeyError:
        self.binary_name = config["Client.name"]
      return self.binary_name