def testGetFlowFilesArchiveReturnsNonLimitedHandlerForArtifactsWhenNeeded(
self):
router = self._CreateRouter(
artifact_collector_flow=rr.RobotRouterArtifactCollectorFlowParams(
artifact_collector_flow_name=AnotherArtifactCollector.__name__
),
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True,
skip_glob_checks_for_artifact_collector=True,
path_globs_blacklist=["**/*.txt"],
path_globs_whitelist=["foo/*", "bar/*"]))
flow_id = self._CreateFlowWithRobotId()
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
self.assertEqual(handler.path_globs_blacklist, ["**/*.txt"])
self.assertEqual(handler.path_globs_whitelist, ["foo/*", "bar/*"])
flow_id = self._CreateFlowWithRobotId(
flow_name=AnotherArtifactCollector.__name__,
flow_args=artifact_utils.ArtifactCollectorFlowArgs(
artifact_list=["Foo"]))
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
self.assertTrue(handler.path_globs_blacklist is None)
self.assertTrue(handler.path_globs_whitelist is None)
def testGeneratesTarGzArchive(self):
result = self.handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_urn.Basename(),
archive_format="TAR_GZ"),
token=self.token)
with utils.TempDirectory() as temp_dir:
tar_path = os.path.join(temp_dir, "archive.tar.gz")
with open(tar_path, "w") as fd:
for chunk in result.GenerateContent():
fd.write(chunk)
with tarfile.open(tar_path) as tar_fd:
tar_fd.extractall(path=temp_dir)
manifest_file_path = None
for parent, _, files in os.walk(temp_dir):
if "MANIFEST" in files:
manifest_file_path = os.path.join(parent, "MANIFEST")
break
self.assertTrue(manifest_file_path)
with open(manifest_file_path) as fd:
manifest = yaml.safe_load(fd.read())
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["skipped_files"], 0)
def testGetFlowFilesArchiveWorksIfFlowWasCreatedBySameRouter(self):
flow_id = self._CreateFlowWithRobotId()
router = self._CreateRouter(
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True))
router.GetFlowFilesArchive(api_flow.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id, flow_id=flow_id),
token=self.token)
def testFlowFilesArchiveRaisesIfFlowWasNotCreatedBySameRouter(self):
flow_urn = flow.GRRFlow.StartFlow(
client_id=self.client_id,
flow_name=file_finder.FileFinder.__name__,
token=self.token)
router = self._CreateRouter()
with self.assertRaises(access_control.UnauthorizedAccess):
router.GetFlowFilesArchive(api_flow.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id, flow_id=flow_urn.Basename()),
token=self.token)
def testGeneratesZipArchive(self):
result = self.handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_urn.Basename(),
archive_format="ZIP"),
token=self.token)
manifest = self._GetZipManifest(result)
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 0)
def testGetFlowFilesArchiveReturnsLimitedHandler(self):
flow_id = self._CreateFlowWithRobotId()
router = self._CreateRouter(
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True,
path_globs_blacklist=["**/*.txt"],
path_globs_whitelist=["foo/*", "bar/*"]))
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
self.assertEqual(handler.path_globs_blacklist, ["**/*.txt"])
self.assertEqual(handler.path_globs_whitelist, ["foo/*", "bar/*"])
def testAllClientFlowsMethodsAreAccessChecked(self):
args = api_flow.ApiListFlowsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlows, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlow, "CheckClientAccess", args=args)
args = api_flow.ApiCreateFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.CreateFlow, "CheckClientAccess", args=args)
self.CheckMethodIsAccessChecked(
self.router.CreateFlow, "CheckIfCanStartFlow", args=args)
args = api_flow.ApiCancelFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.CancelFlow, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowRequestsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowRequests, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowResultsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowResults, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowResultsExportCommandArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlowResultsExportCommand, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlowFilesArchive, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPlugins, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginLogsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPluginLogs, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginErrorsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPluginErrors, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowLogsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowLogs, "CheckClientAccess", args=args)
def testArchivesFileMatchingPathGlobsWhitelist(self):
handler = flow_plugin.ApiGetFlowFilesArchiveHandler(
path_globs_blacklist=[],
path_globs_whitelist=[rdf_paths.GlobExpression("/**/*/test.plist")])
result = handler.Handle(
flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_urn.Basename(),
archive_format="ZIP"),
token=self.token)
manifest = self._GetZipManifest(result)
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 0)
def testIgnoresFileNotMatchingPathGlobsWhitelist(self):
handler = flow_plugin.ApiGetFlowFilesArchiveHandler(
path_globs_blacklist=[],
path_globs_whitelist=[rdf_paths.GlobExpression("/**/foo.bar")])
result = handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_urn.Basename(),
archive_format="ZIP"),
token=self.token)
manifest = self._GetZipManifest(result)
self.assertEqual(manifest["archived_files"], 0)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 1)
self.assertEqual(manifest["ignored_files_list"], [
utils.SmartUnicode(
self.client_id.Add("fs/os").Add(
self.base_path).Add("test.plist"))
])
def testGeneratesZipArchive(self):
result = self.handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_urn.Basename(),
archive_format="ZIP"),
token=self.token)
out_fd = StringIO.StringIO()
for chunk in result.GenerateContent():
out_fd.write(chunk)
zip_fd = zipfile.ZipFile(out_fd, "r")
manifest = None
for name in zip_fd.namelist():
if name.endswith("MANIFEST"):
manifest = yaml.safe_load(zip_fd.read(name))
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["skipped_files"], 0)
