def testCmdArtifact(self):
"""Test the parsing of an Echo Command with a TestParser."""
client_test_lib.Command("/bin/echo", args=["1"])
processor = parser.Parser.GetClassesByArtifact("TestEchoCmdArtifact")[0]()
self.assertIsInstance(processor, TestEchoCmdParser)
request = rdf_client.ExecuteRequest(cmd="/bin/echo", args=["1"])
res = client_utils_common.Execute(request.cmd, request.args)
(stdout, stderr, status, time_used) = res
response = rdf_client.ExecuteResponse(
request=request,
stdout=stdout,
stderr=stderr,
exit_status=status,
time_used=int(1e6 * time_used))
results = []
for res in artifact_collector.ParseResponse(processor, response, {}):
results.append(res)
self.assertEqual(len(results), 1)
self.assertIsInstance(results[0], rdf_client.SoftwarePackage)
self.assertEqual(results[0].description, "1\n")
def testFilterRequestedArtifactResults(self, registry):
"""Test that only artifacts requested by the user are sent to the server."""
client_test_lib.Command("/usr/bin/dpkg",
args=["--list"],
system="Linux")
registry.AddFileSource(self.test_artifacts_file)
artifact = registry.GetArtifact("TestCmdArtifact")
ext_src = rdf_artifact.ExpandedSource(base_source=artifact.sources[0])
ext_art = rdf_artifact.ExpandedArtifact(name=artifact.name,
sources=[ext_src])
request = rdf_artifact.ClientArtifactCollectorArgs(artifacts=[ext_art],
apply_parsers=False)
ext_art = rdf_artifact.ExpandedArtifact(name=artifact.name,
sources=[ext_src],
requested_by_user=False)
request.artifacts.append(ext_art)
result = self.RunAction(artifact_collector.ArtifactCollector,
request)[0]
collected_artifacts = list(result.collected_artifacts)
self.assertEqual(len(collected_artifacts), 1)
self.assertEqual(collected_artifacts[0].name, "TestCmdArtifact")
execute_response = collected_artifacts[0].action_results[0].value
self.assertGreater(execute_response.time_used, 0)
def testCmdArtifactAction(self):
"""Test the actual client action with parsers."""
client_test_lib.Command("/bin/echo", args=["1"])
source = rdf_artifact.ArtifactSource(
type=rdf_artifact.ArtifactSource.SourceType.COMMAND,
attributes={
"cmd": "/bin/echo",
"args": ["1"]
})
ext_src = rdf_artifact.ExpandedSource(base_source=source)
ext_art = rdf_artifact.ExpandedArtifact(name="TestEchoCmdArtifact",
sources=[ext_src])
request = rdf_artifact.ClientArtifactCollectorArgs(
artifacts=[ext_art],
knowledge_base=None,
ignore_interpolation_errors=True,
apply_parsers=True)
result = self.RunAction(artifact_collector.ArtifactCollector,
request)[0]
self.assertIsInstance(result,
rdf_artifact.ClientArtifactCollectorResult)
self.assertTrue(len(result.collected_artifacts), 1)
res = result.collected_artifacts[0].action_results[0].value
self.assertIsInstance(res, rdf_client.SoftwarePackage)
self.assertEqual(res.description, "1\n")
def testCmdArtifactWithParser(self):
"""Test a command artifact and parsing the response."""
client_test_lib.Command("/bin/echo", args=["1"])
parsers.SINGLE_RESPONSE_PARSER_FACTORY.Register(
"TestCmd", TestCmdParser)
try:
artifact_list = ["TestEchoArtifact"]
# Run the ArtifactCollector to get the expected result.
expected = self._RunFlow(aff4_flows.ArtifactCollectorFlow,
standard.ExecuteCommand,
artifact_list,
apply_parsers=True)
self.assertTrue(expected)
expected = expected[0]
self.assertIsInstance(expected, rdf_client.SoftwarePackage)
# Run the ClientArtifactCollector to get the actual result.
results = self._RunFlow(aff4_flows.ClientArtifactCollector,
artifact_collector.ArtifactCollector,
artifact_list,
apply_parsers=True)
self.assertLen(results, 1)
artifact_response = results[0]
self.assertIsInstance(artifact_response,
rdf_client.SoftwarePackage)
self.assertEqual(artifact_response, expected)
finally:
parsers.SINGLE_RESPONSE_PARSER_FACTORY.Unregister("TestCmd")
def testMultipleArtifacts(self, registry):
"""Test collecting multiple artifacts."""
client_test_lib.Command("/usr/bin/dpkg",
args=["--list"],
system="Linux")
registry.AddFileSource(self.test_artifacts_file)
artifact = registry.GetArtifact("TestCmdArtifact")
ext_src = rdf_artifact.ExpandedSource(base_source=artifact.sources[0])
ext_art = rdf_artifact.ExpandedArtifact(name=artifact.name,
sources=[ext_src])
request = rdf_artifact.ClientArtifactCollectorArgs(artifacts=[ext_art],
apply_parsers=False)
request.artifacts.append(ext_art)
result = self.RunAction(artifact_collector.ArtifactCollector,
request)[0]
collected_artifacts = list(result.collected_artifacts)
self.assertEqual(len(collected_artifacts), 2)
self.assertEqual(collected_artifacts[0].name, "TestCmdArtifact")
self.assertEqual(collected_artifacts[1].name, "TestCmdArtifact")
execute_response_1 = collected_artifacts[0].action_results[0].value
execute_response_2 = collected_artifacts[1].action_results[0].value
self.assertGreater(execute_response_1.time_used, 0)
self.assertGreater(execute_response_2.time_used, 0)
def testCmdArtifactWithParser(self):
"""Test a command artifact and parsing the response."""
client_test_lib.Command("/bin/echo", args=["1"])
artifact_list = ["TestEchoArtifact"]
# Run the ArtifactCollector to get the expected result.
expected = self._RunFlow(
aff4_flows.ArtifactCollectorFlow,
standard.ExecuteCommand,
artifact_list,
apply_parsers=True)
self.assertTrue(expected)
expected = expected[0]
self.assertIsInstance(expected, rdf_client.SoftwarePackage)
# Run the ClientArtifactCollector to get the actual result.
results = self._RunFlow(
aff4_flows.ClientArtifactCollector,
artifact_collector.ArtifactCollector,
artifact_list,
apply_parsers=True)
self.assertEqual(len(results), 1)
artifact_response = results[0]
self.assertIsInstance(artifact_response, rdf_client.SoftwarePackage)
self.assertEqual(artifact_response, expected)
def testCmdArtifactWithParser(self):
client_test_lib.Command("/bin/echo", args=["1"])
artifact_list = ["TestEchoArtifact"]
# Run the ArtifactCollector to get the expected result.
expected = self._RunFlow(collectors.ArtifactCollectorFlow,
standard.ExecuteCommand,
artifact_list,
apply_parsers=True)
self.assertTrue(expected)
expected = expected[0]
self.assertIsInstance(expected, rdf_client.SoftwarePackage)
# Run the ClientArtifactCollector to get the actual result.
result = self._RunFlow(collectors.ClientArtifactCollector,
artifact_collector.ArtifactCollector,
artifact_list,
apply_parsers=True)[0]
self.assertEqual(len(result.collected_artifacts), 1)
result = result.collected_artifacts[0].action_results[0].value
self.assertIsInstance(result, rdf_client.SoftwarePackage)
self.assertEqual(result, expected)
def testClientArtifactCollectorWithMultipleArtifacts(self):
"""Test artifact collector flow with a single artifact."""
client_test_lib.Command("/usr/bin/dpkg",
args=["--list"],
system="Linux")
artifact_list = ["TestCmdArtifact", "TestOSAgnostic"]
results = self._RunFlow(collectors.ClientArtifactCollector,
artifact_collector.ArtifactCollector,
artifact_list,
apply_parsers=False)
self.assertEqual(len(results), 1)
result = results[0]
self.assertIsInstance(result,
rdf_artifacts.ClientArtifactCollectorResult)
self.assertEqual(len(result.collected_artifacts), 2)
collected_artifact = result.collected_artifacts[0]
self.assertEqual(collected_artifact.name, "TestCmdArtifact")
self.assertGreater(
collected_artifact.action_results[0].value.time_used, 0)
collected_artifact = result.collected_artifacts[1]
self.assertEqual(collected_artifact.name, "TestOSAgnostic")
self.assertTrue(collected_artifact.action_results[0].value.string)
def testAggregatedArtifact(self):
"""Test we can collect an ARTIFACT_GROUP."""
client_test_lib.Command("/bin/echo", args=["1"])
artifact_list = ["TestArtifactGroup"]
file_path = os.path.join(self.base_path, "numbers.txt")
source = rdf_artifacts.ArtifactSource(
type=rdf_artifacts.ArtifactSource.SourceType.FILE,
attributes={"paths": [file_path]})
artifact_obj = artifact_registry.REGISTRY.GetArtifact("TestFileArtifact")
artifact_obj.sources.append(source)
results = self._RunFlow(
collectors.ClientArtifactCollector,
artifact_collector.ArtifactCollector,
artifact_list,
apply_parsers=False)
self.assertEqual(len(results), 1)
result = results[0]
self.assertIsInstance(result, rdf_artifacts.ClientArtifactCollectorResult)
self.assertEqual(len(result.collected_artifacts), 1)
collected_artifact = result.collected_artifacts[0]
self.assertEqual(collected_artifact.name, "TestArtifactGroup")
self.assertEqual(len(collected_artifact.action_results), 2)
self.assertIsInstance(collected_artifact.action_results[0].value,
rdf_client_fs.StatEntry)
self.assertIsInstance(collected_artifact.action_results[1].value,
rdf_client_action.ExecuteResponse)
self.assertEqual(collected_artifact.action_results[1].value.stdout, "1\n")
def testCommandArtifact(self, registry):
"""Test the basic ExecuteCommand action."""
client_test_lib.Command("/usr/bin/dpkg", args=["--list"], system="Linux")
registry.AddFileSource(self.test_artifacts_file)
artifact = registry.GetArtifact("TestCmdArtifact")
request = GetRequest(artifact.sources[0], artifact.name)
collected_artifact = self.RunArtifactCollector(request)
execute_response = collected_artifact.action_results[0].value
self.assertEqual(collected_artifact.name, "TestCmdArtifact")
self.assertTrue(execute_response.time_used > 0)
def testClientArtifactCollector(self):
"""Test artifact collector flow with a single artifact."""
client_test_lib.Command("/usr/bin/dpkg", args=["--list"], system="Linux")
artifact_list = ["TestCmdArtifact"]
results = self._RunFlow(
aff4_flows.ClientArtifactCollector,
artifact_collector.ArtifactCollector,
artifact_list,
apply_parsers=False)
self.assertLen(results, 1)
artifact_response = results[0]
self.assertIsInstance(artifact_response, rdf_client_action.ExecuteResponse)
self.assertGreater(artifact_response.time_used, 0)
def testCommandArtifact(self, registry):
"""Test the basic ExecuteCommand action."""
client_test_lib.Command("/usr/bin/dpkg", args=["--list"], system="Linux")
registry.AddFileSource(self.test_artifacts_file)
artifact = registry.GetArtifact("TestCmdArtifact")
ext_src = rdf_artifact.ExtendedSource(base_source=list(artifact.sources)[0])
ext_art = rdf_artifact.ExtendedArtifact(
name=artifact.name, sources=[ext_src])
request = rdf_artifact.ClientArtifactCollectorArgs(
artifacts=[ext_art], apply_parsers=False)
result = self.RunAction(artifact_collector.ArtifactCollector, request)[0]
collected_artifact = list(result.collected_artifacts)[0]
execute_response = list(collected_artifact.action_results)[0].value
self.assertEqual(collected_artifact.name, "TestCmdArtifact")
self.assertTrue(execute_response.time_used > 0)
def testAggregatedArtifact(self):
"""Test we can collect an ARTIFACT_GROUP."""
client_test_lib.Command("/bin/echo", args=["1"])
artifact_list = ["TestArtifactGroup"]
self.InitializeTestFileArtifact()
results = self._RunFlow(aff4_flows.ClientArtifactCollector,
artifact_collector.ArtifactCollector,
artifact_list,
apply_parsers=False)
self.assertLen(results, 2)
artifact_response = results[0]
self.assertIsInstance(artifact_response, rdf_client_fs.StatEntry)
artifact_response = results[1]
self.assertIsInstance(artifact_response,
rdf_client_action.ExecuteResponse)
self.assertEqual(artifact_response.stdout, "1\n")