def _SetupClientImpl(self,
client_nr,
index=None,
arch="x86_64",
kernel="4.0.0",
os_version="buster/sid",
ping=None,
system="Linux"):
client_id_urn = rdf_client.ClientURN("C.1%015x" % client_nr)
with aff4.FACTORY.Create(client_id_urn,
aff4_grr.VFSGRRClient,
mode="rw",
token=self.token) as fd:
cert = self.ClientCertFromPrivateKey(
config.CONFIG["Client.private_key"])
fd.Set(fd.Schema.CERT, cert)
fd.Set(fd.Schema.CLIENT_INFO, self._TestClientInfo())
fd.Set(fd.Schema.PING, ping or rdfvalue.RDFDatetime.Now())
fd.Set(fd.Schema.HOSTNAME("Host-%x" % client_nr))
fd.Set(fd.Schema.FQDN("Host-%x.example.com" % client_nr))
fd.Set(
fd.Schema.MAC_ADDRESS("aabbccddee%02x\nbbccddeeff%02x" %
(client_nr, client_nr)))
fd.Set(
fd.Schema.HOST_IPS("192.168.0.%d\n2001:abcd::%x" %
(client_nr, client_nr)))
if system:
fd.Set(fd.Schema.SYSTEM(system))
if os_version:
fd.Set(fd.Schema.OS_VERSION(os_version))
if arch:
fd.Set(fd.Schema.ARCH(arch))
if kernel:
fd.Set(fd.Schema.KERNEL(kernel))
kb = rdf_client.KnowledgeBase()
kb.fqdn = "Host-%x.example.com" % client_nr
kb.users = [
rdf_client.User(username="******"),
rdf_client.User(username="******"),
]
artifact.SetCoreGRRKnowledgeBaseValues(kb, fd)
fd.Set(fd.Schema.KNOWLEDGE_BASE, kb)
fd.Set(fd.Schema.INTERFACES(self._TestInterfaces(client_nr)))
hardware_info = fd.Schema.HARDWARE_INFO()
hardware_info.system_manufacturer = ("System-Manufacturer-%x" %
client_nr)
hardware_info.bios_version = ("Bios-Version-%x" % client_nr)
fd.Set(fd.Schema.HARDWARE_INFO, hardware_info)
fd.Flush()
index.AddClient(fd)
return client_id_urn
def _SetupClientImpl(self,
client_nr,
index=None,
system=None,
os_version=None,
arch=None,
uname=None,
ping=None):
client_id_urn = rdf_client.ClientURN("C.1%015x" % client_nr)
with aff4.FACTORY.Create(client_id_urn,
aff4_grr.VFSGRRClient,
mode="rw",
token=self.token) as fd:
cert = self.ClientCertFromPrivateKey(
config.CONFIG["Client.private_key"])
fd.Set(fd.Schema.CERT, cert)
info = fd.Schema.CLIENT_INFO()
info.client_name = "GRR Monitor"
fd.Set(fd.Schema.CLIENT_INFO, info)
fd.Set(fd.Schema.PING, ping or rdfvalue.RDFDatetime.Now())
fd.Set(fd.Schema.HOSTNAME("Host-%x" % client_nr))
fd.Set(fd.Schema.FQDN("Host-%x.example.com" % client_nr))
fd.Set(
fd.Schema.MAC_ADDRESS("aabbccddee%02x\nbbccddeeff%02x" %
(client_nr, client_nr)))
fd.Set(
fd.Schema.HOST_IPS("192.168.0.%d\n2001:abcd::%x" %
(client_nr, client_nr)))
if system:
fd.Set(fd.Schema.SYSTEM(system))
if os_version:
fd.Set(fd.Schema.OS_VERSION(os_version))
if arch:
fd.Set(fd.Schema.ARCH(arch))
if uname:
fd.Set(fd.Schema.UNAME(uname))
kb = rdf_client.KnowledgeBase()
artifact.SetCoreGRRKnowledgeBaseValues(kb, fd)
fd.Set(fd.Schema.KNOWLEDGE_BASE, kb)
hardware_info = fd.Schema.HARDWARE_INFO()
hardware_info.system_manufacturer = ("System-Manufacturer-%x" %
client_nr)
hardware_info.bios_version = ("Bios-Version-%x" % client_nr)
fd.Set(fd.Schema.HARDWARE_INFO, hardware_info)
fd.Flush()
index.AddClient(fd)
return client_id_urn
def setUp(self):
"""Make sure things are initialized."""
super(TestArtifactCollectors, self).setUp()
test_artifacts_file = os.path.join(config.CONFIG["Test.data_dir"],
"artifacts", "test_artifacts.json")
artifact_registry.REGISTRY.AddFileSource(test_artifacts_file)
self.fakeartifact = artifact_registry.REGISTRY.GetArtifact("FakeArtifact")
self.fakeartifact2 = artifact_registry.REGISTRY.GetArtifact("FakeArtifact2")
self.output_count = 0
with aff4.FACTORY.Open(self.client_id, token=self.token, mode="rw") as fd:
fd.Set(fd.Schema.SYSTEM("Linux"))
kb = fd.Schema.KNOWLEDGE_BASE()
artifact.SetCoreGRRKnowledgeBaseValues(kb, fd)
fd.Set(kb)
def setUp(self):
super(ArtifactFilesDownloaderFlowTest, self).setUp()
with aff4.FACTORY.Open(self.client_id, token=self.token,
mode="rw") as fd:
fd.Set(fd.Schema.SYSTEM("Windows"))
kb = fd.Schema.KNOWLEDGE_BASE()
artifact.SetCoreGRRKnowledgeBaseValues(kb, fd)
fd.Set(kb)
self.stubbers = []
self.collector_replies = []
def ArtifactCollectorStub(this):
for r in self.collector_replies:
this.SendReply(r)
stubber = utils.Stubber(collectors.ArtifactCollectorFlow, "Start",
ArtifactCollectorStub)
stubber.Start()
self.stubbers.append(stubber)
self.start_file_fetch_args = []
self.received_files = []
self.failed_files = []
def StartFileFetch(this, pathspec, request_data=None):
self.start_file_fetch_args.append(pathspec)
for r in self.received_files:
this.ReceiveFetchedFile(r, None, request_data=request_data)
for r in self.failed_files:
this.FileFetchFailed(pathspec,
"StatFile",
request_data=request_data)
stubber = utils.Stubber(transfer.MultiGetFileMixin, "StartFileFetch",
StartFileFetch)
stubber.Start()
self.stubbers.append(stubber)
def RunFlow(self, client_id, artifact_list=None, use_tsk=False):
if artifact_list is None:
artifact_list = ["WindowsRunKeys"]
client_id = self.SetupClient(0, system="Windows", os_version="6.2")
with aff4.FACTORY.Open(client_id, token=self.token, mode="rw") as fd:
fd.Set(fd.Schema.SYSTEM("Windows"))
kb = fd.Schema.KNOWLEDGE_BASE()
artifact.SetCoreGRRKnowledgeBaseValues(kb, fd)
fd.Set(kb)
urn = flow.GRRFlow.StartFlow(
flow_name=collectors.ArtifactFilesDownloaderFlow.__name__,
client_id=client_id,
artifact_list=artifact_list,
use_tsk=use_tsk,
token=self.token)
for _ in flow_test_lib.TestFlowHelper(urn, token=self.token):
pass
results_fd = flow.GRRFlow.ResultCollectionForFID(urn)
return list(results_fd)
def CreateClientObject(self, vfs_fixture):
"""Make a new client object."""
# First remove the old fixture just in case its still there.
aff4.FACTORY.Delete(self.client_id, token=self.token)
# Create the fixture at a fixed time.
with test_lib.FakeTime(self.age):
for path, (aff4_type, attributes) in vfs_fixture:
path %= self.args
aff4_object = aff4.FACTORY.Create(self.client_id.Add(path),
aff4_type,
mode="rw",
token=self.token)
for attribute_name, value in attributes.items():
attribute = aff4.Attribute.PREDICATES[attribute_name]
if isinstance(value, (str, unicode)):
# Interpolate the value
value %= self.args
# Is this supposed to be an RDFValue array?
if aff4.issubclass(attribute.attribute_type,
rdf_protodict.RDFValueArray):
rdfvalue_object = attribute()
for item in value:
new_object = rdfvalue_object.rdf_type.FromTextFormat(
utils.SmartStr(item))
rdfvalue_object.Append(new_object)
# It is a text serialized protobuf.
elif aff4.issubclass(attribute.attribute_type,
rdf_structs.RDFProtoStruct):
# Use the alternate constructor - we always write protobufs in
# textual form:
rdfvalue_object = attribute.attribute_type.FromTextFormat(
utils.SmartStr(value))
elif aff4.issubclass(attribute.attribute_type,
rdfvalue.RDFInteger):
rdfvalue_object = attribute(int(value))
else:
rdfvalue_object = attribute(value)
# If we don't already have a pathspec, try and get one from the stat.
if aff4_object.Get(aff4_object.Schema.PATHSPEC) is None:
# If the attribute was a stat, it has a pathspec nested in it.
# We should add that pathspec as an attribute.
if attribute.attribute_type == rdf_client.StatEntry:
stat_object = attribute.attribute_type.FromTextFormat(
utils.SmartStr(value))
if stat_object.pathspec:
pathspec_attribute = aff4.Attribute(
"aff4:pathspec", rdf_paths.PathSpec,
"The pathspec used to retrieve "
"this object from the client.", "pathspec")
aff4_object.AddAttribute(
pathspec_attribute, stat_object.pathspec)
if attribute in ["aff4:content", "aff4:content"]:
# For AFF4MemoryStreams we need to call Write() instead of
# directly setting the contents..
aff4_object.Write(rdfvalue_object)
else:
aff4_object.AddAttribute(attribute, rdfvalue_object)
# Populate the KB from the client attributes.
if aff4_type == aff4_grr.VFSGRRClient:
kb = rdf_client.KnowledgeBase()
artifact.SetCoreGRRKnowledgeBaseValues(kb, aff4_object)
aff4_object.Set(aff4_object.Schema.KNOWLEDGE_BASE, kb)
# Make sure we do not actually close the object here - we only want to
# sync back its attributes, not run any finalization code.
aff4_object.Flush()
if aff4_type == aff4_grr.VFSGRRClient:
index = client_index.CreateClientIndex(token=self.token)
index.AddClient(aff4_object)
