def testRegistryValueArtifact(self):
"""Test the basic Registry Value collection."""
with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.REGISTRY,
vfs_test_lib.FakeRegistryVFSHandler):
with vfs_test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS,
vfs_test_lib.FakeFullVFSHandler):
source = rdf_artifact.ArtifactSource(
type=rdf_artifact.ArtifactSource.SourceType.REGISTRY_VALUE,
attributes={
"key_value_pairs": [{
"key": (r"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet"
r"\Control\Session Manager"),
"value":
"BootExecute"
}]
})
ext_src = rdf_artifact.ExtendedSource(base_source=source)
ext_art = rdf_artifact.ExtendedArtifact(
name="FakeRegistryValue", sources=list(ext_src))
request = rdf_artifact.ClientArtifactCollectorArgs(
artifacts=list(ext_art))
result = self.RunAction(artifact_collector.ArtifactCollector,
request)[0]
collected_artifact = list(result.collected_artifacts)[0]
file_stat = list(
list(collected_artifact.action_responses)[0].file_stat)[0]
self.assertTrue(isinstance(file_stat, rdf_client.StatEntry))
urn = file_stat.pathspec.AFF4Path(self.SetupClient(0))
self.assertTrue(str(urn).endswith("BootExecute"))
def testGRRClientActionArtifact(self, registry):
"""Test the GetHostname action."""
registry.AddFileSource(self.test_artifacts_file)
artifact = registry.GetArtifact("TestOSAgnostic")
ext_src = rdf_artifact.ExtendedSource(base_source=list(artifact.sources)[0])
ext_art = rdf_artifact.ExtendedArtifact(
name=artifact.name, sources=list(ext_src))
request = rdf_artifact.ClientArtifactCollectorArgs(artifacts=list(ext_art))
result = self.RunAction(artifact_collector.ArtifactCollector, request)[0]
collected_artifact = list(result.collected_artifacts)[0]
hostname = list(list(collected_artifact.action_responses)[0].hostname)[0]
self.assertEqual(collected_artifact.name, "TestOSAgnostic")
self.assertTrue(hostname.string)
def _ExtendArtifact(self, art_obj):
"""Extend artifact by adding information needed for their collection.
Args:
art_obj: rdf value artifact
Returns:
rdf value representation of extended artifact containing the name of the
artifact and the extended sources
"""
ext_art = rdf_artifacts.ExtendedArtifact()
ext_art.name = art_obj.name
for source in art_obj.sources:
if self._MeetsConditions(source):
ext_source = self._ExtendSource(source)
ext_art.sources.Extend(ext_source)
self.processed_artifacts.add(art_obj.name)
return ext_art
def testCommandArtifact(self, registry):
"""Test the basic ExecuteCommand action."""
client_test_lib.Command("/usr/bin/dpkg", args=["--list"], system="Linux")
registry.AddFileSource(self.test_artifacts_file)
artifact = registry.GetArtifact("TestCmdArtifact")
ext_src = rdf_artifact.ExtendedSource(base_source=list(artifact.sources)[0])
ext_art = rdf_artifact.ExtendedArtifact(
name=artifact.name, sources=list(ext_src))
request = rdf_artifact.ClientArtifactCollectorArgs(artifacts=list(ext_art))
result = self.RunAction(artifact_collector.ArtifactCollector, request)[0]
collected_artifact = list(result.collected_artifacts)[0]
execute_response = list(
list(collected_artifact.action_responses)[0].execute_response)[0]
self.assertEqual(collected_artifact.name, "TestCmdArtifact")
self.assertTrue(execute_response.time_used > 0)