Example #1
0
  def testEvaluatesRaisesWithUnsetField(self):
    r = rdf_foreman.ForemanIntegerClientRule(
        operator=rdf_foreman.ForemanIntegerClientRule.Operator.EQUAL, value=123)

    client_id = self.SetupClient(0)

    with self.assertRaises(ValueError):
      r.Evaluate(aff4.FACTORY.Open(client_id, token=self.token))
Example #2
0
  def testEvaluatesRaisesWithUnsetField(self):
    r = rdf_foreman.ForemanIntegerClientRule(
        operator=rdf_foreman.ForemanIntegerClientRule.Operator.EQUAL, value=123)

    client = self.SetupTestClientObject(0)
    info = data_store.REL_DB.ReadClientFullInfo(client.client_id)

    with self.assertRaises(ValueError):
      r.Evaluate(info)
Example #3
0
    def testRuleAdding(self):
        foreman = aff4.FACTORY.Open("aff4:/foreman",
                                    mode="rw",
                                    token=self.token)
        rules = foreman.Get(foreman.Schema.RULES)
        # Make sure there are no rules yet in the foreman.
        self.assertEqual(len(rules), 0)

        client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
            rdf_foreman.ForemanClientRule(
                rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
                regex=rdf_foreman.ForemanRegexClientRule(
                    field="CLIENT_NAME", attribute_regex="HUNT")),
            rdf_foreman.ForemanClientRule(
                rule_type=rdf_foreman.ForemanClientRule.Type.INTEGER,
                integer=rdf_foreman.ForemanIntegerClientRule(
                    field="CLIENT_CLOCK",
                    operator=rdf_foreman.ForemanIntegerClientRule.Operator.
                    GREATER_THAN,
                    value=1336650631137737))
        ])

        hunt = implementation.GRRHunt.StartHunt(
            hunt_name=standard.SampleHunt.__name__,
            client_rule_set=client_rule_set,
            client_rate=0,
            token=self.token)

        # Push the rules to the foreman.
        with hunt:
            hunt.GetRunner().Start()

        foreman = aff4.FACTORY.Open("aff4:/foreman",
                                    mode="rw",
                                    token=self.token)
        rules = foreman.Get(foreman.Schema.RULES)

        # Make sure they were written correctly.
        self.assertEqual(len(rules), 1)
        rule = rules[0]

        self.assertEqual(rule.client_rule_set, client_rule_set)

        self.assertEqual(len(rule.actions), 1)
        self.assertEqual(rule.actions[0].hunt_name, "SampleHunt")

        # Running a second time should not change the rules any more.
        with hunt:
            hunt.GetRunner().Start()

        foreman = aff4.FACTORY.Open("aff4:/foreman",
                                    mode="rw",
                                    token=self.token)
        rules = foreman.Get(foreman.Schema.RULES)

        # Still just one rule.
        self.assertEqual(len(rules), 1)
Example #4
0
    def testEvaluatesSizeLessThanEqualValueToFalse(self):
        now = rdfvalue.RDFDatetime().Now()
        client = self.SetupTestClientObject(0, last_boot_time=now)
        info = data_store.REL_DB.ReadClientFullInfo(client.client_id)

        r = rdf_foreman.ForemanIntegerClientRule(
            field="LAST_BOOT_TIME",
            operator=rdf_foreman.ForemanIntegerClientRule.Operator.LESS_THAN,
            value=now.AsSecondsFromEpoch())

        # The values are the same, less than should not trigger.
        self.assertFalse(r.Evaluate(info))
Example #5
0
    def testEvaluatesToFalseWithNonIntAttribute(self):
        # Instantiate an integer rule
        r = rdf_foreman.ForemanIntegerClientRule(
            attribute_name="Host",
            operator=rdf_foreman.ForemanIntegerClientRule.Operator.EQUAL,
            value=123)

        client_id = self.SetupClient(0)

        # Host is not a number
        self.assertFalse(
            r.Evaluate(aff4.FACTORY.Open(client_id, token=self.token)))
Example #6
0
    def testEvaluatesSizeLessThanZeroToFalse(self):
        # Instantiate an integer rule
        r = rdf_foreman.ForemanIntegerClientRule(
            attribute_name="size",
            operator=rdf_foreman.ForemanIntegerClientRule.Operator.LESS_THAN,
            value=0)

        client_id = self.SetupClient(0)

        # The size is not less than 0
        self.assertFalse(
            r.Evaluate(aff4.FACTORY.Open(client_id, token=self.token)))
Example #7
0
    def testEvaluatesSizeLessThanEqualValueToFalse(self):
        now = rdfvalue.RDFDatetime().Now()
        client_id = self.SetupClient(0, last_boot_time=now)
        client = aff4.FACTORY.Open(client_id, mode="rw", token=self.token)

        r = rdf_foreman.ForemanIntegerClientRule(
            field="LAST_BOOT_TIME",
            operator=rdf_foreman.ForemanIntegerClientRule.Operator.LESS_THAN,
            value=now.AsSecondsFromEpoch())

        # The values are the same, less than should not trigger.
        self.assertFalse(r.Evaluate(client))
Example #8
0
  def testEvaluatesToFalseWithNonIntAttribute(self):
    # Instantiate an integer rule
    r = rdf_foreman.ForemanIntegerClientRule(
        attribute_name="Host",
        operator=rdf_foreman.ForemanIntegerClientRule.Operator.EQUAL,
        value=123)

    client_id, = self.SetupClients(nr_clients=1)

    # Host is not a number
    self.assertFalse(r.Evaluate(CollectAff4Objects(r.GetPathsToCheck(),
                                                   client_id, self.token),
                                client_id))
Example #9
0
  def testEvaluatesSizeLessThanZeroToFalse(self):
    # Instantiate an integer rule
    r = rdf_foreman.ForemanIntegerClientRule(
        attribute_name="size",
        operator=rdf_foreman.ForemanIntegerClientRule.Operator.LESS_THAN,
        value=0)

    client_id, = self.SetupClients(nr_clients=1)

    # The size is not less than 0
    self.assertFalse(r.Evaluate(CollectAff4Objects(r.GetPathsToCheck(),
                                                   client_id, self.token),
                                client_id))
Example #10
0
    def testEvaluatesSizeGreaterThanMinusOneToTrue(self):
        # Instantiate an integer rule
        r = rdf_foreman.ForemanIntegerClientRule(
            attribute_name="size",
            operator=rdf_foreman.ForemanIntegerClientRule.Operator.
            GREATER_THAN,
            value=-1)

        client_id = self.SetupClient(0)

        # size > -1
        self.assertTrue(
            r.Evaluate(aff4.FACTORY.Open(client_id, token=self.token)))
Example #11
0
  def testEvaluatesSizeGreaterThanSmallerValueToTrue(self):
    now = rdfvalue.RDFDatetime().Now()
    client = self.SetupTestClientObject(0, last_boot_time=now)
    info = data_store.REL_DB.ReadClientFullInfo(client.client_id)

    before_boot = now - 1

    r = rdf_foreman.ForemanIntegerClientRule(
        field="LAST_BOOT_TIME",
        operator=rdf_foreman.ForemanIntegerClientRule.Operator.GREATER_THAN,
        value=before_boot.AsSecondsSinceEpoch())

    self.assertTrue(r.Evaluate(info))
Example #12
0
  def testEvaluatesSizeGreaterThanMinusOneToTrue(self):
    # Instantiate an integer rule
    r = rdf_foreman.ForemanIntegerClientRule(
        attribute_name="size",
        operator=rdf_foreman.ForemanIntegerClientRule.Operator.GREATER_THAN,
        value=-1)

    client_id, = self.SetupClients(nr_clients=1)

    # size > -1
    self.assertTrue(r.Evaluate(CollectAff4Objects(r.GetPathsToCheck(),
                                                  client_id, self.token),
                               client_id))
Example #13
0
  def testEvaluatesSizeGreaterThanSmallerValueToTrue(self):
    now = rdfvalue.RDFDatetime().Now()
    client_id = self.SetupClient(0, last_boot_time=now)
    client = aff4.FACTORY.Open(client_id, mode="rw", token=self.token)

    before_boot = now - 1

    r = rdf_foreman.ForemanIntegerClientRule(
        field="LAST_BOOT_TIME",
        operator=rdf_foreman.ForemanIntegerClientRule.Operator.GREATER_THAN,
        value=before_boot.AsSecondsSinceEpoch())

    self.assertTrue(r.Evaluate(client))
Example #14
0
  def testEvaluation(self):
    now = rdfvalue.RDFDatetime().Now()
    client = self.SetupTestClientObject(0, last_boot_time=now)
    info = data_store.REL_DB.ReadClientFullInfo(client.client_id)

    for f in rdf_foreman.ForemanIntegerClientRule.ForemanIntegerField.enum_dict:
      if f == "UNSET":
        continue

      r = rdf_foreman.ForemanIntegerClientRule(
          field=f,
          operator=rdf_foreman.ForemanIntegerClientRule.Operator.LESS_THAN,
          value=now.AsSecondsSinceEpoch())
      r.Evaluate(info)
Example #15
0
    def testEvaluatesSizeGreaterThanSmallerValueToTrue(self):
        client_id = self.SetupClient(0)
        client = aff4.FACTORY.Open(client_id, mode="rw", token=self.token)

        now = rdfvalue.RDFDatetime().Now()
        client.Set(client.Schema.LAST_BOOT_TIME, now)

        before_boot = now - 1

        # Instantiate an integer rule
        r = rdf_foreman.ForemanIntegerClientRule(
            field="LAST_BOOT_TIME",
            operator=rdf_foreman.ForemanIntegerClientRule.Operator.
            GREATER_THAN,
            value=before_boot.AsSecondsFromEpoch())

        self.assertTrue(r.Evaluate(client))
Example #16
0
  def testStopping(self):
    """Tests if we can stop a hunt."""

    foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token)
    rules = foreman.Get(foreman.Schema.RULES)

    # Make sure there are no rules yet.
    self.assertEqual(len(rules), 0)
    now = rdfvalue.RDFDatetime.Now()
    expires = rdfvalue.Duration("1h").Expiry()
    # Add some rules.
    rules = [
        rdf_foreman.ForemanRule(
            created=now, expires=expires, description="Test rule1"),
        rdf_foreman.ForemanRule(
            created=now, expires=expires, description="Test rule2")
    ]
    self.AddForemanRules(rules)

    client_rule_set = rdf_foreman.ForemanClientRuleSet(rules=[
        rdf_foreman.ForemanClientRule(
            rule_type=rdf_foreman.ForemanClientRule.Type.REGEX,
            regex=rdf_foreman.ForemanRegexClientRule(
                attribute_name="GRR client", attribute_regex="HUNT")),
        rdf_foreman.ForemanClientRule(
            rule_type=rdf_foreman.ForemanClientRule.Type.INTEGER,
            integer=rdf_foreman.ForemanIntegerClientRule(
                attribute_name="Clock",
                operator=rdf_foreman.ForemanIntegerClientRule.Operator.
                GREATER_THAN,
                value=1336650631137737))
    ])

    hunt = implementation.GRRHunt.StartHunt(
        hunt_name=standard.SampleHunt.__name__,
        client_rule_set=client_rule_set,
        client_rate=0,
        token=self.token)

    with hunt:
      runner = hunt.GetRunner()
      runner.Start()

      # Add some more rules.
      rules = [
          rdf_foreman.ForemanRule(
              created=now, expires=expires, description="Test rule3"),
          rdf_foreman.ForemanRule(
              created=now, expires=expires, description="Test rule4")
      ]
      self.AddForemanRules(rules)

      foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token)
      rules = foreman.Get(foreman.Schema.RULES)
      self.assertEqual(len(rules), 5)

      # It should be running.
      self.assertTrue(runner.IsHuntStarted())

      # Now we stop the hunt.
      hunt.Stop()

    foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token)
    rules = foreman.Get(foreman.Schema.RULES)
    # The rule for this hunt should be deleted but the rest should be there.
    self.assertEqual(len(rules), 4)

    # And the hunt should report no outstanding requests any more.
    with hunt:
      self.assertFalse(hunt.GetRunner().IsHuntStarted())
Example #17
0
 def GenerateSample(self, number=0):
     # Sample rule matches clients with the attribute size equal to number
     return rdf_foreman.ForemanIntegerClientRule(
         field="LAST_BOOT_TIME",
         operator=rdf_foreman.ForemanIntegerClientRule.Operator.EQUAL,
         value=number)
Example #18
0
 def GenerateSample(self, number=0):
     # Sample rule matches clients with the attribute size equal to number
     return rdf_foreman.ForemanIntegerClientRule(
         attribute_name="size",
         operator=rdf_foreman.ForemanIntegerClientRule.Operator.EQUAL,
         value=number)