def testReordering(self):
"""Check that out of order client messages are reordered."""
flow_obj = self.FlowSetup("FlowOrderTest")
# Simultate processing messages arriving in random order
message_ids = [2, 1, 4, 3, 5]
self.SendMessages(message_ids, flow_obj.session_id)
# Send the status message
message = self.SendOKStatus(6, flow_obj.session_id)
runner = flow_runner.FlowRunner(flow_obj)
notification = rdfvalue.Notification(timestamp=rdfvalue.RDFDatetime().Now())
runner.ProcessCompletedRequests(notification, [message])
# Check that the messages were processed in order
self.assertEqual(flow_obj.messages, [1, 2, 3, 4, 5])
def testAuthentication1(self):
"""Test that flows refuse to processes unauthenticated messages."""
flow_obj = self.FlowSetup("FlowOrderTest")
# Simultate processing messages arriving in random order
message_ids = [2, 1, 4, 3, 5]
self.SendMessages(message_ids, flow_obj.session_id,
authenticated=False)
# Send the status message
message = self.SendOKStatus(6, flow_obj.session_id)
runner = flow_runner.FlowRunner(flow_obj)
notification = rdfvalue.Notification(timestamp=rdfvalue.RDFDatetime().Now())
runner.ProcessCompletedRequests(notification, [message])
# Now messages should actually be processed
self.assertEqual(flow_obj.messages, [])
def testAuthentication2(self):
"""Test that flows refuse to processes unauthenticated messages.
Here we try to simulate an attacker injecting unauthenticated
messages midstream.
The current implementation actually fails to process the entire
flow since the injected messages displace the real ones if they
arrive earlier. This can be an effective DoS against legitimate
clients but would require attackers to guess session ids.
"""
flow_obj = self.FlowSetup("FlowOrderTest")
# Simultate processing messages arriving in random order
message_ids = [1, 2]
self.SendMessages(message_ids, flow_obj.session_id,
authenticated=True)
# Now suppose some of the messages are spoofed
message_ids = [3, 4, 5]
self.SendMessages(message_ids, flow_obj.session_id,
authenticated=False)
# And now our real messages arrive
message_ids = [5, 6]
self.SendMessages(message_ids, flow_obj.session_id,
authenticated=True)
# Send the status message
message = self.SendOKStatus(7, flow_obj.session_id)
runner = flow_runner.FlowRunner(flow_obj)
notification = rdf_flows.Notification(
timestamp=rdfvalue.RDFDatetime().Now())
runner.ProcessCompletedRequests(notification, [message])
# Some messages should actually be processed
self.assertEqual(flow_obj.messages, [1, 2, 5, 6])
def CreateRunner(self, **kw): """Make a new runner.""" self.runner = flow_runner.FlowRunner(self, token=self.token, **kw) return self.runner