def testHuntActionsReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.HuntActionsReportPlugin.__name__)
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.AUDIT_CHART,
audit_chart=rdf_report_plugins.ApiAuditChartReportData(
used_fields=[
"action", "description", "flow_name", "timestamp", "urn",
"user"
],
rows=[])))
def testLastActiveReportPlugin(self):
self.MockClients()
# Scan for activity to be reported.
flow_test_lib.TestFlowHelper(
cron_system.LastAccessStats.__name__, token=self.token)
report = report_plugins.GetReportByName(
client_report_plugins.LastActiveReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__, client_label="All"),
token=self.token)
self.assertEqual(
api_report_data.representation_type,
rdf_report_plugins.ApiReportData.RepresentationType.LINE_CHART)
labels = [
"60 day active", "30 day active", "7 day active", "3 day active",
"1 day active"
]
ys = [20, 20, 0, 0, 0]
for series, label, y in itertools.izip(api_report_data.line_chart.data,
labels, ys):
self.assertEqual(series.label, label)
self.assertEqual(len(series.points), 1)
self.assertEqual(series.points[0].y, y)
def testFileSizeDistributionReportPlugin(self):
filename = "winexec_img.dd"
client_id = self.SetupClient(0)
# Add a file to be reported.
filestore_test_lib.AddFileToFileStore(
rdf_paths.PathSpec(
pathtype=rdf_paths.PathSpec.PathType.OS,
path=os.path.join(self.base_path, filename)),
client_id=client_id,
token=self.token)
# Scan for files to be reported (the one we just added).
flow_test_lib.TestFlowHelper(
filestore_stats.FilestoreStatsCronFlow.__name__, token=self.token)
report = report_plugins.GetReportByName(
filestore_report_plugins.FileSizeDistributionReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__),
token=self.token)
self.checkStaticData(api_report_data)
for series in api_report_data.stack_chart.data:
if series.label == "976.6 KiB - 4.8 MiB":
self.assertEqual([p.y for p in series.points], [1])
else:
self.assertEqual([p.y for p in series.points], [0])
def testGetReportByName(self):
"""Ensure GetReportByName instantiates correct subclasses based on name."""
with report_plugins_test_mocks.MockedReportPlugins():
report_object = report_plugins.GetReportByName("BarReportPlugin")
self.assertTrue(
isinstance(report_object, report_plugins_test_mocks.BarReportPlugin))
def testMostActiveUsersReportPlugin(self):
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(
"Fake audit description 14 Dec.",
"C.123",
"User123",
token=self.token)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")):
for _ in xrange(10):
AddFakeAuditLog(
"Fake audit description 22 Dec.",
"C.123",
"User123",
token=self.token)
AddFakeAuditLog(
"Fake audit description 22 Dec.",
"C.456",
"User456",
token=self.token)
report = report_plugins.GetReportByName(
server_report_plugins.MostActiveUsersReportPlugin.__name__)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/31")):
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration),
token=self.token)
# pyformat: disable
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.PIE_CHART,
pie_chart=rdf_report_plugins.ApiPieChartReportData(
data=[
rdf_report_plugins.ApiReportDataPoint1D(
label="User123",
x=11
),
rdf_report_plugins.ApiReportDataPoint1D(
label="User456",
x=1
)
]
)))
def Handle(self, args, token):
report = report_plugins.GetReportByName(args.name)
if not args.client_label:
args.client_label = "All"
return rdf_report_plugins.ApiReport(desc=report.GetReportDescriptor(),
data=report.GetReportData(
args, token))
def testSystemFlowsReportPlugin(self):
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.RUN_FLOW,
user="******",
flow_name="Flow123",
token=self.token)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")):
for _ in xrange(10):
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.RUN_FLOW,
user="******",
flow_name="Flow123",
token=self.token)
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.RUN_FLOW,
user="******",
flow_name="Flow456",
token=self.token)
report = report_plugins.GetReportByName(
server_report_plugins.SystemFlowsReportPlugin.__name__)
start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15")
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=start,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(
x_ticks=[],
data=[
rdf_report_plugins.ApiReportDataSeries2D(
label=u"Flow123\u2003Run By: GRR (10)",
points=[
rdf_report_plugins.ApiReportDataPoint2D(x=0, y=10)
]),
rdf_report_plugins.ApiReportDataSeries2D(
label=u"Flow456\u2003Run By: GRR (1)",
points=[
rdf_report_plugins.ApiReportDataPoint2D(x=1, y=1)
])
])))
def testUserActivityReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.UserActivityReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(data=[])))
def testOSReleaseBreakdownReportPluginWithNoDataToReport(self):
report = report_plugins.GetReportByName(
client_report_plugins.OSReleaseBreakdown30ReportPlugin.__name__)
api_report_data = report.GetReportData(stats_api.ApiGetReportArgs(
name=report.__class__.__name__, client_label="All"),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[]),
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.PIE_CHART))
def testFileSizeDistributionReportPluginWithNothingToReport(self):
# Scan for files to be reported.
flow_test_lib.TestFlowHelper(
filestore_stats.FilestoreStatsCronFlow.__name__, token=self.token)
report = report_plugins.GetReportByName(
filestore_report_plugins.FileSizeDistributionReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__),
token=self.token)
self.checkStaticData(api_report_data)
for series in api_report_data.stack_chart.data:
self.assertEqual([p.y for p in series.points], [0])
def testLastActiveReportPluginWithNoActivityToReport(self):
# Scan for activity to be reported.
flow_test_lib.TestFlowHelper(cron_system.LastAccessStats.__name__,
token=self.token)
report = report_plugins.GetReportByName(
client_report_plugins.LastActiveReportPlugin.__name__)
api_report_data = report.GetReportData(stats_api.ApiGetReportArgs(
name=report.__class__.__name__, client_label="All"),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.LINE_CHART,
line_chart=rdf_report_plugins.ApiLineChartReportData(data=[])))
def testMostActiveUsersReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.MostActiveUsersReportPlugin.__name__)
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.PIE_CHART,
pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[])))
def testSystemFlowsReportPluginWithNoActivityToReport(self):
report = report_plugins.GetReportByName(
server_report_plugins.SystemFlowsReportPlugin.__name__)
now = rdfvalue.RDFDatetime().Now()
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=now - month_duration,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(x_ticks=[])))
def testOSBreakdownReportPlugin(self):
# Add a client to be reported.
self.SetupClients(1)
# Scan for clients to be reported (the one we just added).
flow_test_lib.TestFlowHelper(cron_system.OSBreakDown.__name__,
token=self.token)
report = report_plugins.GetReportByName(
client_report_plugins.OSBreakdown30ReportPlugin.__name__)
api_report_data = report.GetReportData(stats_api.ApiGetReportArgs(
name=report.__class__.__name__, client_label="All"),
token=self.token)
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
pie_chart=rdf_report_plugins.ApiPieChartReportData(data=[
rdf_report_plugins.ApiReportDataPoint1D(label="Linux", x=1)
]),
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.PIE_CHART))
def testGRRVersionReportPlugin(self):
self.MockClients()
# Scan for activity to be reported.
flow_test_lib.TestFlowHelper(
cron_system.GRRVersionBreakDown.__name__, token=self.token)
report = report_plugins.GetReportByName(
client_report_plugins.GRRVersion30ReportPlugin.__name__)
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__, client_label="All"),
token=self.token)
self.assertEqual(
api_report_data.representation_type,
rdf_report_plugins.ApiReportData.RepresentationType.LINE_CHART)
self.assertEqual(len(api_report_data.line_chart.data), 1)
self.assertEqual(api_report_data.line_chart.data[0].label,
"GRR Monitor %s" % config.CONFIG["Source.version_numeric"])
self.assertEqual(len(api_report_data.line_chart.data[0].points), 1)
self.assertEqual(api_report_data.line_chart.data[0].points[0].y, 20)
def testUserActivityReportPlugin(self):
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(
"Fake audit description 14 Dec.",
"C.123",
"User123",
token=self.token)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22")):
for _ in xrange(10):
AddFakeAuditLog(
"Fake audit description 22 Dec.",
"C.123",
"User123",
token=self.token)
AddFakeAuditLog(
"Fake audit description 22 Dec.",
"C.456",
"User456",
token=self.token)
report = report_plugins.GetReportByName(
server_report_plugins.UserActivityReportPlugin.__name__)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/31")):
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(name=report.__class__.__name__),
token=self.token)
# pyformat: disable
self.assertEqual(
api_report_data,
rdf_report_plugins.ApiReportData(
representation_type=rdf_report_plugins.ApiReportData.
RepresentationType.STACK_CHART,
stack_chart=rdf_report_plugins.ApiStackChartReportData(
data=[
rdf_report_plugins.ApiReportDataSeries2D(
label=u"User123",
points=[
rdf_report_plugins.ApiReportDataPoint2D(
x=-10, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-9, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-8, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-7, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-6, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-5, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-4, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-3, y=1),
rdf_report_plugins.ApiReportDataPoint2D(
x=-2, y=10),
rdf_report_plugins.ApiReportDataPoint2D(
x=-1, y=0)
]
),
rdf_report_plugins.ApiReportDataSeries2D(
label=u"User456",
points=[
rdf_report_plugins.ApiReportDataPoint2D(
x=-10, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-9, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-8, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-7, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-6, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-5, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-4, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-3, y=0),
rdf_report_plugins.ApiReportDataPoint2D(
x=-2, y=1),
rdf_report_plugins.ApiReportDataPoint2D(
x=-1, y=0)
])])))
def testCronApprovalsReportPlugin(self):
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.CRON_APPROVAL_GRANT,
user="******",
description="Approval grant description.",
token=self.token)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22"), increment=1):
for i in xrange(10):
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
user="******" % i,
description="Approval request.",
token=self.token)
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.CRON_APPROVAL_GRANT,
user="******",
description="Another grant.",
token=self.token)
report = report_plugins.GetReportByName(
server_report_plugins.CronApprovalsReportPlugin.__name__)
start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15")
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=start,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data.representation_type,
rdf_report_plugins.ApiReportData.RepresentationType.AUDIT_CHART)
self.assertEqual(api_report_data.audit_chart.used_fields,
["action", "description", "timestamp", "urn", "user"])
self.assertEqual([(row.action, row.description,
row.timestamp.Format("%Y/%m/%d"), row.urn, row.user)
for row in api_report_data.audit_chart.rows],
[(rdf_events.AuditEvent.Action.CRON_APPROVAL_GRANT,
"Another grant.", "2012/12/22", None, "User456"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User9"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User8"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User7"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User6"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User5"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User4"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User3"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User2"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User1"),
(rdf_events.AuditEvent.Action.CRON_APPROVAL_REQUEST,
"Approval request.", "2012/12/22", None, "User0")
]) # pyformat: disable
def testHuntActionsReportPlugin(self):
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/14")):
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.HUNT_CREATED,
user="******",
flow_name="Flow123",
token=self.token)
with test_lib.FakeTime(
rdfvalue.RDFDatetime.FromHumanReadable("2012/12/22"), increment=1):
for i in xrange(10):
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.HUNT_MODIFIED,
user="******" % i,
flow_name="Flow%d" % i,
token=self.token)
AddFakeAuditLog(
action=rdf_events.AuditEvent.Action.HUNT_PAUSED,
user="******",
flow_name="Flow456",
token=self.token)
report = report_plugins.GetReportByName(
server_report_plugins.HuntActionsReportPlugin.__name__)
start = rdfvalue.RDFDatetime.FromHumanReadable("2012/12/15")
month_duration = rdfvalue.Duration("30d")
api_report_data = report.GetReportData(
stats_api.ApiGetReportArgs(
name=report.__class__.__name__,
start_time=start,
duration=month_duration),
token=self.token)
self.assertEqual(
api_report_data.representation_type,
rdf_report_plugins.ApiReportData.RepresentationType.AUDIT_CHART)
self.assertEqual(
api_report_data.audit_chart.used_fields,
["action", "description", "flow_name", "timestamp", "urn", "user"])
self.assertEqual([(row.action, row.description, row.flow_name,
row.timestamp.Format("%Y/%m/%d"), row.urn, row.user)
for row in api_report_data.audit_chart.rows],
[(rdf_events.AuditEvent.Action.HUNT_PAUSED, "", "Flow456",
"2012/12/22", None, "User456"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow9",
"2012/12/22", None, "User9"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow8",
"2012/12/22", None, "User8"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow7",
"2012/12/22", None, "User7"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow6",
"2012/12/22", None, "User6"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow5",
"2012/12/22", None, "User5"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow4",
"2012/12/22", None, "User4"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow3",
"2012/12/22", None, "User3"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow2",
"2012/12/22", None, "User2"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "", "Flow1",
"2012/12/22", None, "User1"),
(rdf_events.AuditEvent.Action.HUNT_MODIFIED, "",
"Flow0", "2012/12/22", None, "User0")
]) # pyformat: disable
