def testGetFlowFilesArchiveReturnsNonLimitedHandlerForArtifactsWhenNeeded(
self):
router = self._CreateRouter(
artifact_collector_flow=rr.RobotRouterArtifactCollectorFlowParams(
artifact_collector_flow_name=AnotherArtifactCollector.__name__
),
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True,
skip_glob_checks_for_artifact_collector=True,
path_globs_blacklist=["**/*.txt"],
path_globs_whitelist=["foo/*", "bar/*"]))
flow_id = self._CreateFlowWithRobotId()
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
self.assertEqual(handler.path_globs_blacklist, ["**/*.txt"])
self.assertEqual(handler.path_globs_whitelist, ["foo/*", "bar/*"])
flow_id = self._CreateFlowWithRobotId(
flow_name=AnotherArtifactCollector.__name__,
flow_args=artifact_utils.ArtifactCollectorFlowArgs(
artifact_list=["Foo"]))
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
self.assertTrue(handler.path_globs_blacklist is None)
self.assertTrue(handler.path_globs_whitelist is None)
def Check(artifacts):
router.CreateFlow(api_flow.ApiCreateFlowArgs(
flow=api_flow.ApiFlow(
name=collectors.ArtifactCollectorFlow.__name__,
args=artifact_utils.ArtifactCollectorFlowArgs(
artifact_list=artifacts)),
client_id=self.client_id),
token=self.token)
def Check(artifacts):
with self.assertRaises(access_control.UnauthorizedAccess):
router.CreateFlow(api_flow.ApiCreateFlowArgs(
flow=api_flow.ApiFlow(
name=collectors.ArtifactCollectorFlow.__name__,
args=artifact_utils.ArtifactCollectorFlowArgs(
artifact_list=artifacts)),
client_id=self.client_id),
token=self.token)
def testKnowledgeBase(self):
"""Test that the knowledge base is passed in the bundle."""
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
kb = rdf_client.KnowledgeBase()
kb.os = "Windows"
artifact_collector.args.knowledge_base = kb
artifact_bundle = artifact_collector._GetArtifactCollectorArgs([])
self.assertEqual(artifact_bundle.knowledge_base.os, "Windows")
def testDuplicationChecks(self):
"""Test duplicated artifacts are only processed once."""
artifact_list = [
"TestAggregationArtifact", "TestFilesArtifact", "TestCmdArtifact",
"TestFilesArtifact"
]
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
artifact_list)
artifacts_objects = list(artifact_bundle.artifacts)
self.assertEqual(len(artifacts_objects), 2)
def testInterpolateArgs(self):
collect_flow = collectors.ArtifactCollectorFlow(None, token=self.token)
kb = rdf_client.KnowledgeBase()
kb.MergeOrAddUser(rdf_client.User(username="******"))
kb.MergeOrAddUser(rdf_client.User(username="******"))
collect_flow.state["knowledge_base"] = kb
collect_flow.current_artifact_name = "blah"
collect_flow.args = artifact_utils.ArtifactCollectorFlowArgs()
test_rdf = rdf_client.KnowledgeBase()
action_args = {
"usernames": ["%%users.username%%", "%%users.username%%"],
"nointerp": "asdfsdf",
"notastring": test_rdf
}
kwargs = collect_flow.InterpolateDict(action_args)
self.assertItemsEqual(kwargs["usernames"],
["test1", "test2", "test1", "test2"])
self.assertEqual(kwargs["nointerp"], "asdfsdf")
self.assertEqual(kwargs["notastring"], test_rdf)
# We should be using an array since users.username will expand to multiple
# values.
self.assertRaises(ValueError, collect_flow.InterpolateDict,
{"bad": "%%users.username%%"})
list_args = collect_flow.InterpolateList(
["%%users.username%%", r"%%users.username%%\aa"])
self.assertItemsEqual(list_args,
["test1", "test2", r"test1\aa", r"test2\aa"])
list_args = collect_flow.InterpolateList(["one"])
self.assertEqual(list_args, ["one"])
# Ignore the failure in users.desktop, report the others.
collect_flow.args.ignore_interpolation_errors = True
list_args = collect_flow.InterpolateList(
["%%users.desktop%%", r"%%users.username%%\aa"])
self.assertItemsEqual(list_args, [r"test1\aa", r"test2\aa"])
# Both fail.
list_args = collect_flow.InterpolateList(
[r"%%users.desktop%%\aa", r"%%users.sid%%\aa"])
self.assertItemsEqual(list_args, [])
def testPrepareBasicArtifactBundle(self):
"""Test we can prepare a basic artifact."""
artifact_list = ["TestCmdArtifact"]
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
artifact_list)
artifacts_objects = list(artifact_bundle.artifacts)
art_obj = artifacts_objects[0]
source = list(art_obj.sources)[0]
self.assertEqual(art_obj.name, "TestCmdArtifact")
self.assertEqual(source.base_source.attributes["cmd"], "/usr/bin/dpkg")
self.assertEqual(source.base_source.attributes.get("args", []),
["--list"])
def testPrepareAggregatedArtifactBundle(self):
"""Test we can prepare the source artifacts of an aggregation artifact."""
artifact_list = ["TestAggregationArtifact"]
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
artifact_list)
artifacts_objects = list(artifact_bundle.artifacts)
art_obj = artifacts_objects[0]
self.assertEqual(art_obj.name, "TestAggregationArtifact")
source = list(art_obj.sources)[0]
self.assertEqual(source.base_source.type, "GRR_CLIENT_ACTION")
source = list(art_obj.sources)[1]
self.assertEqual(source.base_source.type, "COMMAND")
def testSourceMeetsConditions(self):
"""Test we can get a GRR client artifact with conditions."""
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
kb = rdf_client.KnowledgeBase()
kb.os = "Windows"
artifact_collector.args.knowledge_base = kb
# Run with false condition.
source = artifacts.ArtifactSource(
type=artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION,
attributes={"client_action": standard.ListProcesses.__name__},
conditions=["os == 'Linux'"])
self.assertFalse(artifact_collector._MeetsConditions(source))
# Run with matching or condition.
source = artifacts.ArtifactSource(
type=artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION,
attributes={"client_action": standard.ListProcesses.__name__},
conditions=["os == 'Linux' or os == 'Windows'"])
self.assertTrue(artifact_collector._MeetsConditions(source))
def testPrepareMultipleArtifacts(self):
"""Test we can prepare multiple artifacts of different types."""
artifact_list = [
"TestFilesArtifact", "DepsWindirRegex", "DepsProvidesMultiple",
"WMIActiveScriptEventConsumer"
]
artifact_collector = collectors.ClientArtifactCollector(None)
artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs()
artifact_bundle = artifact_collector._GetArtifactCollectorArgs(
artifact_list)
artifacts_objects = list(artifact_bundle.artifacts)
self.assertEqual(len(artifacts_objects), 4)
self.assertEqual(artifacts_objects[0].name, "TestFilesArtifact")
self.assertEqual(artifacts_objects[1].name, "DepsWindirRegex")
self.assertEqual(artifacts_objects[2].name, "DepsProvidesMultiple")
self.assertEqual(artifacts_objects[3].name,
"WMIActiveScriptEventConsumer")
art_obj = artifacts_objects[3]
source = list(art_obj.sources)[0]
self.assertEqual(source.base_source.attributes["query"],
"SELECT * FROM ActiveScriptEventConsumer")
