def testDarwinClientMatchesIffOsDarwinIsSelected(self):
r0 = rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False)
r1 = rdf_foreman.ForemanOsClientRule(os_windows=True,
os_linux=False,
os_darwin=True)
client = self.SetupTestClientObject(0, system="Darwin")
info = data_store.REL_DB.ReadClientFullInfo(client.client_id)
self.assertFalse(r0.Evaluate(info))
self.assertTrue(r1.Evaluate(info))
def testDarwinClientMatchesIffOsDarwinIsSelected(self):
r0 = rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False)
r1 = rdf_foreman.ForemanOsClientRule(os_windows=True,
os_linux=False,
os_darwin=True)
client_id_dar = self.SetupClient(0, system="Darwin")
self.assertFalse(
r0.Evaluate(aff4.FACTORY.Open(client_id_dar, token=self.token)))
self.assertTrue(
r1.Evaluate(aff4.FACTORY.Open(client_id_dar, token=self.token)))
def Run(self):
def ReplaceCronJobUrn():
jobs = list(cronjobs.CRON_MANAGER.ListJobs(token=self.token))
return {jobs[0].Basename(): "CreateAndRunGeneicHuntFlow_1234"}
flow_args = standard.CreateGenericHuntFlowArgs()
flow_args.hunt_args.flow_args = rdf_file_finder.FileFinderArgs(
paths=["c:\\windows\\system32\\notepad.*"])
flow_args.hunt_args.flow_runner_args.flow_name = (
file_finder.FileFinder.__name__)
flow_args.hunt_runner_args.client_rule_set.rules = [
rdf_foreman.ForemanClientRule(os=rdf_foreman.ForemanOsClientRule(
os_windows=True))
]
flow_args.hunt_runner_args.description = "Foobar! (cron)"
self.Check(
"CreateCronJob",
args=cron_plugin.ApiCronJob(
description="Foobar!",
flow_name=standard.CreateAndRunGenericHuntFlow.__name__,
periodicity=604800,
lifetime=3600,
flow_args=flow_args),
replace=ReplaceCronJobUrn)
def testWindowsClientDoesNotMatchRuleWithNoOsSelected(self):
r = rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=False,
os_darwin=False)
client = self.SetupTestClientObject(0, system="Windows")
info = data_store.REL_DB.ReadClientFullInfo(client.client_id)
self.assertFalse(r.Evaluate(info))
def testWindowsClientDoesNotMatchRuleWithNoOsSelected(self):
r = rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=False,
os_darwin=False)
client_id_win = self.SetupClient(0, system="Windows")
self.assertFalse(
r.Evaluate(aff4.FACTORY.Open(client_id_win, token=self.token)))
def testEvaluatesNegativeIfNestedRuleEvaluatesNegative(self):
r = rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False))
client_id_win = self.SetupClient(0, system="Windows")
# The Windows client doesn't match rule r
self.assertFalse(
r.Evaluate(aff4.FACTORY.Open(client_id_win, token=self.token)))
def testEvaluatesPositiveInMatchAllModeIfAllRuleMatch(self):
# Instantiate a rule set that matches if all of its two
# operating system rules match
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL,
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False)),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=True))
])
client_id_lin = self.SetupClient(0, system="Linux")
# All of the set's rules have os_linux=False, so the whole set matches
self.assertTrue(
rs.Evaluate(aff4.FACTORY.Open(client_id_lin, token=self.token)))
def testEvaluatesNegativeInMatchAllModeIfOnlyOneRuleMatches(self):
# Instantiate a rule set that matches if all of its two
# operating system rules match
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ALL,
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False)),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=True))
])
client_id_dar = self.SetupClient(0, system="Darwin")
# One of the set's rules has os_darwin=False, so the whole set doesn't
# match with the match all match mode
self.assertFalse(
rs.Evaluate(aff4.FACTORY.Open(client_id_dar, token=self.token)))
def testEvaluatesNegativeInMatchAnyModeIfNoRuleMatches(self):
# Instantiate a rule set that matches if any of its two
# operating system rules matches
rs = rdf_foreman.ForemanClientRuleSet(
match_mode=rdf_foreman.ForemanClientRuleSet.MatchMode.MATCH_ANY,
rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=False)),
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_windows=False,
os_linux=True,
os_darwin=True))
])
client_id_win = self.SetupClient(0, system="Windows")
# None of the set's rules has os_windows=True, so the whole set doesn't
# match
self.assertFalse(
rs.Evaluate(aff4.FACTORY.Open(client_id_win, token=self.token)))
def GenerateSample(number=0):
# Assert that the argument uses at most the three least significant bits
num_combinations = 2**3
if number < 0 or number >= num_combinations:
raise ValueError(
"Only %d distinct instances of %s exist, "
"numbered from 0 to %d." %
(num_combinations, rdf_foreman.ForemanOsClientRule.__name__,
num_combinations - 1))
# Assign the bits to new rule's boolean fields accordingly
return rdf_foreman.ForemanOsClientRule(os_windows=number & 1,
os_linux=number & 2,
os_darwin=number & 4)
def testCopyHuntPreservesRuleType(self):
implementation.GRRHunt.StartHunt(
hunt_name=standard.GenericHunt.__name__,
description="model hunt",
flow_runner_args=rdf_flows.FlowRunnerArgs(
flow_name=transfer.GetFile.__name__),
flow_args=transfer.GetFileArgs(pathspec=rdf_paths.PathSpec(
path="/tmp/evil.txt",
pathtype=rdf_paths.PathSpec.PathType.TSK,
)),
client_rule_set=rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
rule_type=rdf_foreman.ForemanClientRule.Type.OS,
os=rdf_foreman.ForemanOsClientRule(os_darwin=True))
]),
token=self.token)
self.Open("/#main=ManageHunts")
self.Click("css=tr:contains('model hunt')")
self.Click("css=button[name=CopyHunt]:not([disabled])")
# Wait until dialog appears.
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('What to run?')")
# Click on "Next" button
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Hunt parameters')")
# Click on "Next" button.
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(
self.IsElementPresent,
"css=grr-wizard-form:contains('How to process results')")
# Click on "Next" button
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Where to run?')")
self.WaitUntil(
self.IsElementPresent, "css=grr-new-hunt-wizard-form "
"label:contains('Os darwin') ~ * input:checked")
def testCopyHuntRespectsUserChanges(self):
self.CreateSampleHunt("model hunt", token=self.token)
self.Open("/#main=ManageHunts")
self.Click("css=tr:contains('model hunt')")
self.Click("css=button[name=CopyHunt]:not([disabled])")
# Wait until dialog appears and then click through.
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('What to run?')")
# Change values in the flow configuration.
self.Type(
"css=grr-new-hunt-wizard-form label:contains('Path') "
"~ * input:text", "/tmp/very-evil.txt")
self.Select(
"css=grr-new-hunt-wizard-form label:contains('Pathtype') "
"~ * select", "OS")
# Click on "Next" button
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Hunt parameters')")
self.Type(
"css=grr-new-hunt-wizard-form label:contains('Description') "
"~ * input:text", "my personal copy")
self.Type(
"css=grr-new-hunt-wizard-form label:contains('Client rate') "
"~ * input", "42")
# Click on "Next" button.
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(
self.IsElementPresent,
"css=grr-wizard-form:contains('How to process results')")
# Change output plugin and add another one.
self.Click("css=grr-new-hunt-wizard-form button[name=Add]")
self.Select("css=grr-configure-output-plugins-page select:eq(0)",
"DummyOutputPlugin")
self.Type(
"css=grr-configure-output-plugins-page "
"label:contains('Filename Regex'):eq(0) ~ * input:text", "foobar!")
# Click on "Next" button.
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Where to run?')")
# Replace a rule with another one.
self.Click("css=grr-configure-rules-page button[name=Remove]")
self.Click("css=grr-configure-rules-page button[name=Add]")
self.Click(
"css=grr-configure-rules-page label:contains('Os darwin') ~ * "
"input[type=checkbox]")
# Click on "Next" button.
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Review')")
# Check that expected values are shown in the review.
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('OS')")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('/tmp/very-evil.txt')")
self.WaitUntil(
self.IsElementPresent,
"css=grr-wizard-form:contains('%s')" % transfer.GetFile.__name__)
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('DummyOutputPlugin')")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('foobar!')")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('blah!')")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('my personal copy')")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Os darwin')")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('42')")
# Click on "Run" button.
self.Click("css=grr-new-hunt-wizard-form button.Next")
self.WaitUntil(self.IsElementPresent,
"css=grr-wizard-form:contains('Created Hunt')")
hunts_root = aff4.FACTORY.Open("aff4:/hunts", token=self.token)
hunts_list = sorted(list(hunts_root.ListChildren()),
key=lambda x: x.age)
self.assertEqual(len(hunts_list), 2)
last_hunt = aff4.FACTORY.Open(hunts_list[-1], token=self.token)
self.assertEqual(last_hunt.args.flow_args.pathspec.path,
"/tmp/very-evil.txt")
self.assertEqual(last_hunt.args.flow_args.pathspec.pathtype, "OS")
self.assertEqual(last_hunt.args.flow_runner_args.flow_name,
transfer.GetFile.__name__)
self.assertEqual(len(last_hunt.runner_args.output_plugins), 2)
self.assertEqual(last_hunt.runner_args.output_plugins[0].plugin_name,
"DummyOutputPlugin")
self.assertEqual(
last_hunt.runner_args.output_plugins[0].plugin_args.filename_regex,
"foobar!")
self.assertEqual(
last_hunt.runner_args.output_plugins[0].plugin_args.fetch_binaries,
False)
self.assertEqual(last_hunt.runner_args.output_plugins[1].plugin_name,
"DummyOutputPlugin")
self.assertEqual(
last_hunt.runner_args.output_plugins[1].plugin_args.filename_regex,
"blah!")
self.assertEqual(
last_hunt.runner_args.output_plugins[1].plugin_args.fetch_binaries,
True)
runner_args = last_hunt.runner_args
self.assertAlmostEqual(runner_args.client_rate, 42)
self.assertEqual(runner_args.description, "my personal copy")
self.assertEqual(
runner_args.client_rule_set,
rdf_foreman.ForemanClientRuleSet(rules=[
rdf_foreman.ForemanClientRule(
os=rdf_foreman.ForemanOsClientRule(os_darwin=True))
]))