def testEvaluatesNegativeInMatchAnyModeIfNoRuleMatches(self): # Instantiate a rule set that matches if any of its two # operating system rules matches rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_win = self.SetupClient(0, system="Windows") # None of the set's rules has os_windows=True, so the whole set doesn't # match self.assertFalse( rs.Evaluate( CollectAff4Objects(rs.GetPathsToCheck(), client_id_win, self.token), client_id_win))
def testEvaluatesNegativeInMatchAllModeIfOnlyOneRuleMatches(self): # Instantiate a rule set that matches if all of its two # operating system rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_dar, = self.SetupClients(nr_clients=1, system="Darwin") # One of the set's rules has os_darwin=False, so the whole set doesn't # match with the match all match mode self.assertFalse( rs.Evaluate( CollectAff4Objects(rs.GetPathsToCheck(), client_id_dar, self.token), client_id_dar))
def testEvaluatesPositiveInMatchAnyModeIfOneRuleMatches(self): # Instantiate a rule set that matches if any of its two # operating system rules matches rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_dar = self.SetupClient(0, system="Darwin") # One of the set's rules has os_darwin=True, so the whole set matches # with the match any match mode self.assertTrue( rs.Evaluate( CollectAff4Objects(rs.GetPathsToCheck(), client_id_dar, self.token), client_id_dar))
def testDarwinClientMatchesIffOsDarwinIsSelected(self): r0 = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False) r1 = rdf_foreman.ForemanOsClientRule( os_windows=True, os_linux=False, os_darwin=True) client = self.SetupTestClientObject(0, system="Darwin") info = data_store.REL_DB.ReadClientFullInfo(client.client_id) self.assertFalse(r0.Evaluate(info)) self.assertTrue(r1.Evaluate(info))
def testDarwinClientMatchesIffOsDarwinIsSelected(self): r0 = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False) r1 = rdf_foreman.ForemanOsClientRule( os_windows=True, os_linux=False, os_darwin=True) client_id_dar = self.SetupClient(0, system="Darwin") self.assertFalse( r0.Evaluate(aff4.FACTORY.Open(client_id_dar, token=self.token))) self.assertTrue( r1.Evaluate(aff4.FACTORY.Open(client_id_dar, token=self.token)))
def testLinuxClientMatchesIffOsLinuxIsSelected(self): # Instantiate two operating system rules r0 = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=False, os_darwin=False) r1 = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False) client = self.SetupTestClientObject(0, system="Linux") info = data_store.REL_DB.ReadFullInfoClient(client.client_id) self.assertFalse(r0.Evaluate(info)) self.assertTrue(r1.Evaluate(info))
def testLinuxClientMatchesIffOsLinuxIsSelected(self): # Instantiate two operating system rules r0 = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=False, os_darwin=False) r1 = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False) client_id_lin = self.SetupClient(0, system="Linux") self.assertFalse( r0.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token))) self.assertTrue( r1.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testWindowsClientDoesNotMatchRuleWithNoOsSelected(self): r = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=False, os_darwin=False) client_id_win = self.SetupClient(0, system="Windows") self.assertFalse( r.Evaluate(aff4.FACTORY.Open(client_id_win, token=self.token)))
def testWindowsClientDoesNotMatchRuleWithNoOsSelected(self): r = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=False, os_darwin=False) client = self.SetupTestClientObject(0, system="Windows") info = data_store.REL_DB.ReadClientFullInfo(client.client_id) self.assertFalse(r.Evaluate(info))
def testCopyHuntPreservesRuleType(self): implementation.GRRHunt.StartHunt( hunt_name=standard.GenericHunt.__name__, description="model hunt", flow_runner_args=rdf_flows.FlowRunnerArgs( flow_name=transfer.GetFile.__name__), flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec( path="/tmp/evil.txt", pathtype=rdf_paths.PathSpec.PathType.TSK,)), client_rule_set=rdf_foreman.ForemanClientRuleSet( rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule(os_darwin=True)) ]), token=self.token) self.Open("/#main=ManageHunts") self.Click("css=tr:contains('model hunt')") self.Click("css=button[name=CopyHunt]:not([disabled])") # Wait until dialog appears. self.WaitUntil(self.IsTextPresent, "What to run?") # Click on "Next" button. self.Click("css=grr-new-hunt-wizard-form button.Next") self.WaitUntil(self.IsTextPresent, "Output Processing") # Click on "Next" button self.Click("css=grr-new-hunt-wizard-form button.Next") self.WaitUntil(self.IsTextPresent, "Where to run?") self.WaitUntil(self.IsElementPresent, "css=grr-new-hunt-wizard-form " "label:contains('Os darwin') ~ * input:checked")
def Run(self): def ReplaceCronJobUrn(): jobs = list(cronjobs.CRON_MANAGER.ListJobs(token=self.token)) return {jobs[0].Basename(): "CreateAndRunGeneicHuntFlow_1234"} flow_args = standard.CreateGenericHuntFlowArgs() flow_args.hunt_args.flow_args = rdf_file_finder.FileFinderArgs( paths=["c:\\windows\\system32\\notepad.*"]) flow_args.hunt_args.flow_runner_args.flow_name = "FileFinder" flow_args.hunt_runner_args.client_rule_set.rules = [ rdf_foreman.ForemanClientRule(os=rdf_foreman.ForemanOsClientRule( os_windows=True)) ] flow_args.hunt_runner_args.description = "Foobar! (cron)" self.Check( "CreateCronJob", args=cron_plugin.ApiCronJob( description="Foobar!", flow_name=standard.CreateAndRunGenericHuntFlow.__name__, periodicity=604800, lifetime=3600, flow_args=flow_args), replace=ReplaceCronJobUrn)
def testDarwinClientMatchesIffOsDarwinIsSelected(self): # Instantiate two operating system rules r0 = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False) r1 = rdf_foreman.ForemanOsClientRule( os_windows=True, os_linux=False, os_darwin=True) client_id_dar, = self.SetupClients(nr_clients=1, system="Darwin") self.assertFalse( r0.Evaluate( CollectAff4Objects(r0.GetPathsToCheck(), client_id_dar, self.token), client_id_dar)) self.assertTrue( r1.Evaluate( CollectAff4Objects(r1.GetPathsToCheck(), client_id_dar, self.token), client_id_dar))
def testWindowsClientDoesNotMatchRuleWithNoOsSelected(self): # Instantiate an operating system rule r = rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=False, os_darwin=False) client_id_win, = self.SetupClients(nr_clients=1, system="Windows") self.assertFalse( r.Evaluate( CollectAff4Objects(r.GetPathsToCheck(), client_id_win, self.token), client_id_win))
def testEvaluatesNegativeIfNestedRuleEvaluatesNegative(self): r = rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False)) client_id_win = self.SetupClient(0, system="Windows") # The Windows client doesn't match rule r self.assertFalse( r.Evaluate(aff4.FACTORY.Open(client_id_win, token=self.token)))
def testEvaluatesPositiveInMatchAllModeIfAllRuleMatch(self): # Instantiate a rule set that matches if all of its two # operating system rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_lin = self.SetupClient(0, system="Linux") # All of the set's rules have os_linux=False, so the whole set matches self.assertTrue( rs.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testEvaluatesPositiveIfNestedRuleEvaluatesPositive(self): # Instantiate a wrapped operating system rule r = rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=True, os_linux=True, os_darwin=False)) client_id_win = self.SetupClient(0, system="Windows") # The Windows client matches rule r self.assertTrue( r.Evaluate(aff4.FACTORY.Open(client_id_win, token=self.token)))
def testEvaluatesNegativeInMatchAllModeIfOnlyOneRuleMatches(self): # Instantiate a rule set that matches if all of its two # operating system rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_dar = self.SetupClient(0, system="Darwin") # One of the set's rules has os_darwin=False, so the whole set doesn't # match with the match all match mode self.assertFalse( rs.Evaluate(aff4.FACTORY.Open(client_id_dar, token=self.token)))
def GenerateSample(number=0): # Assert that the argument uses at most the three least significant bits num_combinations = 2**3 if number < 0 or number >= num_combinations: raise ValueError("Only %d distinct instances of %s exist, " "numbered from 0 to %d." % (num_combinations, rdf_foreman.ForemanOsClientRule.__name__, num_combinations - 1)) # Assign the bits to new rule's boolean fields accordingly return rdf_foreman.ForemanOsClientRule( os_windows=number & 1, os_linux=number & 2, os_darwin=number & 4)
def testEvaluatesNegativeIfNestedRuleEvaluatesNegative(self): # Instantiate a wrapped operating system rule r = rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False)) client_id_win, = self.SetupClients(nr_clients=1, system="Windows") # The Windows client doesn't match rule r self.assertFalse( r.Evaluate( CollectAff4Objects(r.GetPathsToCheck(), client_id_win, self.token), client_id_win))
def testEvaluatesPositiveInMatchAllModeIfAllRuleMatch(self): # Instantiate a rule set that matches if all of its two # operating system rules match rs = rdf_foreman.ForemanClientRuleSet( match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL, rules=[ rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=False)), rdf_foreman.ForemanClientRule( rule_type=rdf_foreman.ForemanClientRule.Type.OS, os=rdf_foreman.ForemanOsClientRule( os_windows=False, os_linux=True, os_darwin=True)) ]) client_id_lin, = self.SetupClients(nr_clients=1, system="Linux") # All of the set's rules have os_linux=False, so the whole set matches self.assertTrue( rs.Evaluate( CollectAff4Objects(rs.GetPathsToCheck(), client_id_lin, self.token), client_id_lin))
def testCopyHuntRespectsUserChanges(self): self.CreateSampleHunt("model hunt", token=self.token) self.Open("/#main=ManageHunts") self.Click("css=tr:contains('model hunt')") self.Click("css=button[name=CopyHunt]:not([disabled])") # Wait until dialog appears and then click through. self.WaitUntil(self.IsTextPresent, "What to run?") # Change values in the flow configuration. self.Type("css=grr-new-hunt-wizard-form label:contains('Path') " "~ * input:text", "/tmp/very-evil.txt") self.Select("css=grr-new-hunt-wizard-form label:contains('Pathtype') " "~ * select", "OS") self.Type("css=grr-new-hunt-wizard-form label:contains('Description') " "~ * input:text", "my personal copy") self.Type("css=grr-new-hunt-wizard-form label:contains('Client rate') " "~ * input", "42") # Click on "Next" button. self.Click("css=grr-new-hunt-wizard-form button.Next") self.WaitUntil(self.IsTextPresent, "Output Processing") # Change output plugin and add another one. self.Click("css=grr-new-hunt-wizard-form button[name=Add]") self.Select("css=grr-configure-output-plugins-page select:eq(0)", "DummyOutputPlugin") self.Type("css=grr-configure-output-plugins-page " "label:contains('Filename Regex'):eq(0) ~ * input:text", "foobar!") # Click on "Next" button. self.Click("css=grr-new-hunt-wizard-form button.Next") self.WaitUntil(self.IsTextPresent, "Where to run?") # Replace a rule with another one. self.Click("css=grr-configure-rules-page button[name=Remove]") self.Click("css=grr-configure-rules-page button[name=Add]") self.Click("css=grr-configure-rules-page label:contains('Os darwin') ~ * " "input[type=checkbox]") # Click on "Next" button. self.Click("css=grr-new-hunt-wizard-form button.Next") self.WaitUntil(self.IsTextPresent, "Review") # Check that expected values are shown in the review. self.WaitUntil(self.IsTextPresent, "OS") self.WaitUntil(self.IsTextPresent, "/tmp/very-evil.txt") self.WaitUntil(self.IsTextPresent, transfer.GetFile.__name__) self.WaitUntil(self.IsTextPresent, "DummyOutputPlugin") self.WaitUntil(self.IsTextPresent, "foobar!") self.WaitUntil(self.IsTextPresent, "blah!") self.WaitUntil(self.IsTextPresent, "my personal copy") self.WaitUntil(self.IsTextPresent, "Os darwin") self.WaitUntil(self.IsTextPresent, "42") # Click on "Run" button. self.Click("css=grr-new-hunt-wizard-form button.Next") self.WaitUntil(self.IsTextPresent, "Created Hunt") hunts_root = aff4.FACTORY.Open("aff4:/hunts", token=self.token) hunts_list = sorted(list(hunts_root.ListChildren()), key=lambda x: x.age) self.assertEqual(len(hunts_list), 2) last_hunt = aff4.FACTORY.Open(hunts_list[-1], token=self.token) self.assertEqual(last_hunt.args.flow_args.pathspec.path, "/tmp/very-evil.txt") self.assertEqual(last_hunt.args.flow_args.pathspec.pathtype, "OS") self.assertEqual(last_hunt.args.flow_runner_args.flow_name, transfer.GetFile.__name__) self.assertEqual(len(last_hunt.runner_args.output_plugins), 2) self.assertEqual(last_hunt.runner_args.output_plugins[0].plugin_name, "DummyOutputPlugin") self.assertEqual( last_hunt.runner_args.output_plugins[0].plugin_args.filename_regex, "foobar!") self.assertEqual( last_hunt.runner_args.output_plugins[0].plugin_args.fetch_binaries, False) self.assertEqual(last_hunt.runner_args.output_plugins[1].plugin_name, "DummyOutputPlugin") self.assertEqual( last_hunt.runner_args.output_plugins[1].plugin_args.filename_regex, "blah!") self.assertEqual( last_hunt.runner_args.output_plugins[1].plugin_args.fetch_binaries, True) runner_args = last_hunt.runner_args self.assertAlmostEqual(runner_args.client_rate, 42) self.assertEqual(runner_args.description, "my personal copy") self.assertEqual( runner_args.client_rule_set, rdf_foreman.ForemanClientRuleSet(rules=[ rdf_foreman.ForemanClientRule(os=rdf_foreman.ForemanOsClientRule( os_darwin=True)) ]))