Example #1
0
    def testGetFlowFilesArchiveReturnsNonLimitedHandlerForArtifactsWhenNeeded(
            self):
        router = self._CreateRouter(
            artifact_collector_flow=rr.RobotRouterArtifactCollectorFlowParams(
                artifact_collector_flow_name=AnotherArtifactCollector.__name__
            ),
            get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
                enabled=True,
                skip_glob_checks_for_artifact_collector=True,
                path_globs_blacklist=["**/*.txt"],
                path_globs_whitelist=["foo/*", "bar/*"]))

        flow_id = self._CreateFlowWithRobotId()
        handler = router.GetFlowFilesArchive(
            api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
                                                flow_id=flow_id),
            token=self.token)
        self.assertEqual(handler.path_globs_blacklist, ["**/*.txt"])
        self.assertEqual(handler.path_globs_whitelist, ["foo/*", "bar/*"])

        flow_id = self._CreateFlowWithRobotId(
            flow_name=AnotherArtifactCollector.__name__,
            flow_args=artifact_utils.ArtifactCollectorFlowArgs(
                artifact_list=["Foo"]))
        handler = router.GetFlowFilesArchive(
            api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
                                                flow_id=flow_id),
            token=self.token)
        self.assertTrue(handler.path_globs_blacklist is None)
        self.assertTrue(handler.path_globs_whitelist is None)
Example #2
0
 def Check(artifacts):
     router.CreateFlow(api_flow.ApiCreateFlowArgs(
         flow=api_flow.ApiFlow(
             name=collectors.ArtifactCollectorFlow.__name__,
             args=artifact_utils.ArtifactCollectorFlowArgs(
                 artifact_list=artifacts)),
         client_id=self.client_id),
                       token=self.token)
Example #3
0
 def Check(artifacts):
     with self.assertRaises(access_control.UnauthorizedAccess):
         router.CreateFlow(api_flow.ApiCreateFlowArgs(
             flow=api_flow.ApiFlow(
                 name=collectors.ArtifactCollectorFlow.__name__,
                 args=artifact_utils.ArtifactCollectorFlowArgs(
                     artifact_list=artifacts)),
             client_id=self.client_id),
                           token=self.token)
Example #4
0
    def testKnowledgeBase(self):
        """Test that the knowledge base is passed in the bundle."""
        artifact_collector = collectors.ClientArtifactCollector(None)
        artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()

        kb = rdf_client.KnowledgeBase()
        kb.os = "Windows"
        artifact_collector.args.knowledge_base = kb

        artifact_bundle = artifact_collector._GetArtifactCollectorArgs([])

        self.assertEqual(artifact_bundle.knowledge_base.os, "Windows")
Example #5
0
    def testDuplicationChecks(self):
        """Test duplicated artifacts are only processed once."""
        artifact_list = [
            "TestAggregationArtifact", "TestFilesArtifact", "TestCmdArtifact",
            "TestFilesArtifact"
        ]
        artifact_collector = collectors.ClientArtifactCollector(None)
        artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()

        artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
            artifact_list)
        artifacts_objects = list(artifact_bundle.artifacts)

        self.assertEqual(len(artifacts_objects), 2)
Example #6
0
  def testPrepareBasicArtifactBundle(self):
    """Test we can prepare a basic artifact."""
    artifact_list = ["TestCmdArtifact"]
    artifact_collector = collectors.ClientArtifactCollector(None)
    artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()

    artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
        artifact_list)
    artifacts_objects = list(artifact_bundle.artifacts)

    art_obj = artifacts_objects[0]
    source = list(art_obj.sources)[0]

    self.assertEqual(art_obj.name, "TestCmdArtifact")
    self.assertEqual(source.base_source.attributes["cmd"], "/usr/bin/dpkg")
    self.assertEqual(source.base_source.attributes.get("args", []), ["--list"])
Example #7
0
    def testInterpolateArgs(self):
        collect_flow = collectors.ArtifactCollectorFlow(None, token=self.token)

        kb = rdf_client.KnowledgeBase()
        kb.MergeOrAddUser(rdf_client.User(username="******"))
        kb.MergeOrAddUser(rdf_client.User(username="******"))
        collect_flow.state["knowledge_base"] = kb

        collect_flow.current_artifact_name = "blah"
        collect_flow.args = artifact_utils.ArtifactCollectorFlowArgs()

        test_rdf = rdf_client.KnowledgeBase()
        action_args = {
            "usernames": ["%%users.username%%", "%%users.username%%"],
            "nointerp": "asdfsdf",
            "notastring": test_rdf
        }

        kwargs = collect_flow.InterpolateDict(action_args)
        self.assertItemsEqual(kwargs["usernames"],
                              ["test1", "test2", "test1", "test2"])
        self.assertEqual(kwargs["nointerp"], "asdfsdf")
        self.assertEqual(kwargs["notastring"], test_rdf)

        # We should be using an array since users.username will expand to multiple
        # values.
        self.assertRaises(ValueError, collect_flow.InterpolateDict,
                          {"bad": "%%users.username%%"})

        list_args = collect_flow.InterpolateList(
            ["%%users.username%%", r"%%users.username%%\aa"])
        self.assertItemsEqual(list_args,
                              ["test1", "test2", r"test1\aa", r"test2\aa"])

        list_args = collect_flow.InterpolateList(["one"])
        self.assertEqual(list_args, ["one"])

        # Ignore the failure in users.desktop, report the others.
        collect_flow.args.ignore_interpolation_errors = True
        list_args = collect_flow.InterpolateList(
            ["%%users.desktop%%", r"%%users.username%%\aa"])
        self.assertItemsEqual(list_args, [r"test1\aa", r"test2\aa"])

        # Both fail.
        list_args = collect_flow.InterpolateList(
            [r"%%users.desktop%%\aa", r"%%users.sid%%\aa"])
        self.assertItemsEqual(list_args, [])
Example #8
0
    def testPrepareAggregatedArtifactBundle(self):
        """Test we can prepare the source artifacts of an aggregation artifact."""
        artifact_list = ["TestAggregationArtifact"]
        artifact_collector = collectors.ClientArtifactCollector(None)
        artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()

        artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
            artifact_list)
        artifacts_objects = list(artifact_bundle.artifacts)

        art_obj = artifacts_objects[0]
        self.assertEqual(art_obj.name, "TestAggregationArtifact")

        source = list(art_obj.sources)[0]
        self.assertEqual(source.base_source.type, "GRR_CLIENT_ACTION")

        source = list(art_obj.sources)[1]
        self.assertEqual(source.base_source.type, "COMMAND")
Example #9
0
    def testSourceMeetsConditions(self):
        """Test we can get a GRR client artifact with conditions."""
        artifact_collector = collectors.ClientArtifactCollector(None)
        artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()

        kb = rdf_client.KnowledgeBase()
        kb.os = "Windows"
        artifact_collector.args.knowledge_base = kb

        # Run with false condition.
        source = rdf_artifacts.ArtifactSource(
            type=rdf_artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION,
            attributes={"client_action": standard.ListProcesses.__name__},
            conditions=["os == 'Linux'"])
        self.assertFalse(artifact_collector._MeetsConditions(source))

        # Run with matching or condition.
        source = rdf_artifacts.ArtifactSource(
            type=rdf_artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION,
            attributes={"client_action": standard.ListProcesses.__name__},
            conditions=["os == 'Linux' or os == 'Windows'"])
        self.assertTrue(artifact_collector._MeetsConditions(source))
Example #10
0
  def testPrepareMultipleArtifacts(self):
    """Test we can prepare multiple artifacts of different types."""
    artifact_list = [
        "TestFilesArtifact", "DepsWindirRegex", "DepsProvidesMultiple",
        "WMIActiveScriptEventConsumer"
    ]
    artifact_collector = collectors.ClientArtifactCollector(None)
    artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()

    artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
        artifact_list)
    artifacts_objects = list(artifact_bundle.artifacts)

    self.assertEqual(len(artifacts_objects), 4)
    self.assertEqual(artifacts_objects[0].name, "TestFilesArtifact")
    self.assertEqual(artifacts_objects[1].name, "DepsWindirRegex")
    self.assertEqual(artifacts_objects[2].name, "DepsProvidesMultiple")
    self.assertEqual(artifacts_objects[3].name, "WMIActiveScriptEventConsumer")

    art_obj = artifacts_objects[3]
    source = list(art_obj.sources)[0]
    self.assertEqual(source.base_source.attributes["query"],
                     "SELECT * FROM ActiveScriptEventConsumer")