def testGetFlowFilesArchiveReturnsNonLimitedHandlerForArtifactsWhenNeeded( self): router = self._CreateRouter( artifact_collector_flow=rr.RobotRouterArtifactCollectorFlowParams( artifact_collector_flow_name=AnotherArtifactCollector.__name__ ), get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams( enabled=True, skip_glob_checks_for_artifact_collector=True, path_globs_blacklist=["**/*.txt"], path_globs_whitelist=["foo/*", "bar/*"])) flow_id = self._CreateFlowWithRobotId() handler = router.GetFlowFilesArchive( api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id, flow_id=flow_id), token=self.token) self.assertEqual(handler.path_globs_blacklist, ["**/*.txt"]) self.assertEqual(handler.path_globs_whitelist, ["foo/*", "bar/*"]) flow_id = self._CreateFlowWithRobotId( flow_name=AnotherArtifactCollector.__name__, flow_args=artifact_utils.ArtifactCollectorFlowArgs( artifact_list=["Foo"])) handler = router.GetFlowFilesArchive( api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id, flow_id=flow_id), token=self.token) self.assertTrue(handler.path_globs_blacklist is None) self.assertTrue(handler.path_globs_whitelist is None)
def Check(artifacts): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow( name=collectors.ArtifactCollectorFlow.__name__, args=artifact_utils.ArtifactCollectorFlowArgs( artifact_list=artifacts)), client_id=self.client_id), token=self.token)
def Check(artifacts): with self.assertRaises(access_control.UnauthorizedAccess): router.CreateFlow(api_flow.ApiCreateFlowArgs( flow=api_flow.ApiFlow( name=collectors.ArtifactCollectorFlow.__name__, args=artifact_utils.ArtifactCollectorFlowArgs( artifact_list=artifacts)), client_id=self.client_id), token=self.token)
def testKnowledgeBase(self): """Test that the knowledge base is passed in the bundle.""" artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() kb = rdf_client.KnowledgeBase() kb.os = "Windows" artifact_collector.args.knowledge_base = kb artifact_bundle = artifact_collector._GetArtifactCollectorArgs([]) self.assertEqual(artifact_bundle.knowledge_base.os, "Windows")
def testDuplicationChecks(self): """Test duplicated artifacts are only processed once.""" artifact_list = [ "TestAggregationArtifact", "TestFilesArtifact", "TestCmdArtifact", "TestFilesArtifact" ] artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() artifact_bundle = artifact_collector._GetArtifactCollectorArgs( artifact_list) artifacts_objects = list(artifact_bundle.artifacts) self.assertEqual(len(artifacts_objects), 2)
def testInterpolateArgs(self): collect_flow = collectors.ArtifactCollectorFlow(None, token=self.token) kb = rdf_client.KnowledgeBase() kb.MergeOrAddUser(rdf_client.User(username="******")) kb.MergeOrAddUser(rdf_client.User(username="******")) collect_flow.state["knowledge_base"] = kb collect_flow.current_artifact_name = "blah" collect_flow.args = artifact_utils.ArtifactCollectorFlowArgs() test_rdf = rdf_client.KnowledgeBase() action_args = { "usernames": ["%%users.username%%", "%%users.username%%"], "nointerp": "asdfsdf", "notastring": test_rdf } kwargs = collect_flow.InterpolateDict(action_args) self.assertItemsEqual(kwargs["usernames"], ["test1", "test2", "test1", "test2"]) self.assertEqual(kwargs["nointerp"], "asdfsdf") self.assertEqual(kwargs["notastring"], test_rdf) # We should be using an array since users.username will expand to multiple # values. self.assertRaises(ValueError, collect_flow.InterpolateDict, {"bad": "%%users.username%%"}) list_args = collect_flow.InterpolateList( ["%%users.username%%", r"%%users.username%%\aa"]) self.assertItemsEqual(list_args, ["test1", "test2", r"test1\aa", r"test2\aa"]) list_args = collect_flow.InterpolateList(["one"]) self.assertEqual(list_args, ["one"]) # Ignore the failure in users.desktop, report the others. collect_flow.args.ignore_interpolation_errors = True list_args = collect_flow.InterpolateList( ["%%users.desktop%%", r"%%users.username%%\aa"]) self.assertItemsEqual(list_args, [r"test1\aa", r"test2\aa"]) # Both fail. list_args = collect_flow.InterpolateList( [r"%%users.desktop%%\aa", r"%%users.sid%%\aa"]) self.assertItemsEqual(list_args, [])
def testPrepareBasicArtifactBundle(self): """Test we can prepare a basic artifact.""" artifact_list = ["TestCmdArtifact"] artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() artifact_bundle = artifact_collector._GetArtifactCollectorArgs( artifact_list) artifacts_objects = list(artifact_bundle.artifacts) art_obj = artifacts_objects[0] source = list(art_obj.sources)[0] self.assertEqual(art_obj.name, "TestCmdArtifact") self.assertEqual(source.base_source.attributes["cmd"], "/usr/bin/dpkg") self.assertEqual(source.base_source.attributes.get("args", []), ["--list"])
def testPrepareAggregatedArtifactBundle(self): """Test we can prepare the source artifacts of an aggregation artifact.""" artifact_list = ["TestAggregationArtifact"] artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() artifact_bundle = artifact_collector._GetArtifactCollectorArgs( artifact_list) artifacts_objects = list(artifact_bundle.artifacts) art_obj = artifacts_objects[0] self.assertEqual(art_obj.name, "TestAggregationArtifact") source = list(art_obj.sources)[0] self.assertEqual(source.base_source.type, "GRR_CLIENT_ACTION") source = list(art_obj.sources)[1] self.assertEqual(source.base_source.type, "COMMAND")
def testSourceMeetsConditions(self): """Test we can get a GRR client artifact with conditions.""" artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() kb = rdf_client.KnowledgeBase() kb.os = "Windows" artifact_collector.args.knowledge_base = kb # Run with false condition. source = artifacts.ArtifactSource( type=artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION, attributes={"client_action": standard.ListProcesses.__name__}, conditions=["os == 'Linux'"]) self.assertFalse(artifact_collector._MeetsConditions(source)) # Run with matching or condition. source = artifacts.ArtifactSource( type=artifacts.ArtifactSource.SourceType.GRR_CLIENT_ACTION, attributes={"client_action": standard.ListProcesses.__name__}, conditions=["os == 'Linux' or os == 'Windows'"]) self.assertTrue(artifact_collector._MeetsConditions(source))
def testPrepareMultipleArtifacts(self): """Test we can prepare multiple artifacts of different types.""" artifact_list = [ "TestFilesArtifact", "DepsWindirRegex", "DepsProvidesMultiple", "WMIActiveScriptEventConsumer" ] artifact_collector = collectors.ClientArtifactCollector(None) artifact_collector.args = artifact_utils.ArtifactCollectorFlowArgs() artifact_bundle = artifact_collector._GetArtifactCollectorArgs( artifact_list) artifacts_objects = list(artifact_bundle.artifacts) self.assertEqual(len(artifacts_objects), 4) self.assertEqual(artifacts_objects[0].name, "TestFilesArtifact") self.assertEqual(artifacts_objects[1].name, "DepsWindirRegex") self.assertEqual(artifacts_objects[2].name, "DepsProvidesMultiple") self.assertEqual(artifacts_objects[3].name, "WMIActiveScriptEventConsumer") art_obj = artifacts_objects[3] source = list(art_obj.sources)[0] self.assertEqual(source.base_source.attributes["query"], "SELECT * FROM ActiveScriptEventConsumer")