def testProcessToExportedNetworkConnection(self):
conn1 = rdfvalue.NetworkConnection(
state=rdfvalue.NetworkConnection.State.LISTEN,
type=rdfvalue.NetworkConnection.Type.SOCK_STREAM,
local_address=rdfvalue.NetworkEndpoint(
ip="0.0.0.0",
port=22),
remote_address=rdfvalue.NetworkEndpoint(
ip="0.0.0.0",
port=0),
pid=2136,
ctime=0)
conn2 = rdfvalue.NetworkConnection(
state=rdfvalue.NetworkConnection.State.LISTEN,
type=rdfvalue.NetworkConnection.Type.SOCK_STREAM,
local_address=rdfvalue.NetworkEndpoint(
ip="192.168.1.1",
port=31337),
remote_address=rdfvalue.NetworkEndpoint(
ip="1.2.3.4",
port=6667),
pid=1,
ctime=0)
process = rdfvalue.Process(
pid=2,
ppid=1,
cmdline=["cmd.exe"],
exe="c:\\windows\\cmd.exe",
ctime=long(1333718907.167083 * 1e6),
connections=[conn1, conn2])
converter = export.ProcessToExportedNetworkConnectionConverter()
results = list(converter.Convert(rdfvalue.ExportedMetadata(), process,
token=self.token))
self.assertEqual(len(results), 2)
self.assertEqual(results[0].state, rdfvalue.NetworkConnection.State.LISTEN)
self.assertEqual(results[0].type,
rdfvalue.NetworkConnection.Type.SOCK_STREAM)
self.assertEqual(results[0].local_address.ip, "0.0.0.0")
self.assertEqual(results[0].local_address.port, 22)
self.assertEqual(results[0].remote_address.ip, "0.0.0.0")
self.assertEqual(results[0].remote_address.port, 0)
self.assertEqual(results[0].pid, 2136)
self.assertEqual(results[0].ctime, 0)
self.assertEqual(results[1].state, rdfvalue.NetworkConnection.State.LISTEN)
self.assertEqual(results[1].type,
rdfvalue.NetworkConnection.Type.SOCK_STREAM)
self.assertEqual(results[1].local_address.ip, "192.168.1.1")
self.assertEqual(results[1].local_address.port, 31337)
self.assertEqual(results[1].remote_address.ip, "1.2.3.4")
self.assertEqual(results[1].remote_address.port, 6667)
self.assertEqual(results[1].pid, 1)
self.assertEqual(results[1].ctime, 0)
def Run(self, unused_args):
netstat = []
for proc in psutil.process_iter():
try:
netstat.append((proc.pid, proc.connections()))
except (psutil.NoSuchProcess, psutil.AccessDenied):
pass
for pid, connections in netstat:
for conn in connections:
res = rdfvalue.NetworkConnection()
res.pid = pid
res.family = conn.family
res.type = conn.type
try:
if conn.status:
res.state = conn.status
except ValueError:
logging.warn("Encountered unknown connection status (%s).",
conn.status)
res.local_address.ip, res.local_address.port = conn.local_address
if conn.remote_address:
res.remote_address.ip, res.remote_address.port = conn.remote_address
self.SendReply(res)
def AddListener(self, ip, port, family="INET", sock_type="SOCK_STREAM"):
conn = rdfvalue.NetworkConnection()
conn.state = "LISTEN"
conn.family = family
conn.type = sock_type
conn.local_address = rdfvalue.NetworkEndpoint(ip=ip, port=port)
return conn
def Netstat(self, _):
"""Returns fake connections."""
conn1 = rdfvalue.NetworkConnection(
state=rdfvalue.NetworkConnection.State.LISTEN,
type=rdfvalue.NetworkConnection.Type.SOCK_STREAM,
local_address=rdfvalue.NetworkEndpoint(ip="0.0.0.0",
port=22),
remote_address=rdfvalue.NetworkEndpoint(ip="0.0.0.0",
port=0),
pid=2136,
ctime=0)
conn2 = rdfvalue.NetworkConnection(
state=rdfvalue.NetworkConnection.State.LISTEN,
type=rdfvalue.NetworkConnection.Type.SOCK_STREAM,
local_address=rdfvalue.NetworkEndpoint(ip="192.168.1.1",
port=31337),
remote_address=rdfvalue.NetworkEndpoint(ip="1.2.3.4",
port=6667),
pid=1,
ctime=0)
return [conn1, conn2]
def testFileViewDoesNotHaveExportTabWhenCollectionHasNoFiles(self):
collection_urn = "aff4:/C.0000000000000001/analysis/SomeFlow/results"
with self.ACLChecksDisabled():
with aff4.FACTORY.Create(collection_urn,
"RDFValueCollection",
token=self.token) as fd:
fd.Add(rdfvalue.NetworkConnection(pid=42))
self.GrantClientApproval("C.0000000000000001")
self.Open("/#c=C.0000000000000001")
self.Click("css=a:contains('Browse Virtual Filesystem')")
self.Click("css=li[path='/analysis'] > a")
self.Click("css=li[path='/analysis/SomeFlow'] > a")
self.Click("css=tr:contains('results')")
# The Results tab should appear, but the "Export" tab should be
# disabled since we only display export hint when we have collections of
# StatEntries or FileFinderResults.
self.WaitUntil(self.IsElementPresent, "css=#Export.disabled")
def Start(self):
self.SendReply(rdfvalue.NetworkConnection(pid=42))