def setUp(self):
super(TestMemoryScanner, self).setUp()
self.output_path = "analysis/memory_scanner"
self.key = rdfvalue.AES128Key("1a5eafcc77d428863d4c2441ea26e5a5")
self.iv = rdfvalue.AES128Key("2241b14c64874b1898dad4de7173d8c0")
self.memory_file = os.path.join(config_lib.CONFIG["Test.data_dir"],
"auth.log")
with open(self.memory_file, "r") as f:
self.memory_dump = f.read()
self.assertTrue(self.memory_dump)
self.client_mock = test_lib.ActionMock("TransferBuffer", "HashBuffer",
"StatFile", "CopyPathToFile",
"SendFile",
"DeleteGRRTempFiles", "Find",
"Grep")
self.old_driver_flow = flow.GRRFlow.classes["LoadMemoryDriver"]
flow.GRRFlow.classes["LoadMemoryDriver"] = DummyLoadMemoryDriverFlow
vfs.VFS_HANDLERS[rdfvalue.PathSpec.PathType.
MEMORY] = test_lib.ClientTestDataVFSFixture
class TestSendFile(ClientTestBase):
platforms = ["linux"]
flow = "SendFile"
key = rdfvalue.AES128Key("1a5eafcc77d428863d4c2441ea26e5a5")
iv = rdfvalue.AES128Key("2241b14c64874b1898dad4de7173d8c0")
args = dict(host="127.0.0.1",
port=12345,
pathspec=rdfvalue.PathSpec(pathtype=0, path="/bin/ls"),
key=key,
iv=iv)
def setUp(self):
logging.info(
"This test only works if the client is running on localhost!!")
class Listener(threading.Thread):
result = []
daemon = True
def run(self):
for res in socket.getaddrinfo(None, 12345, socket.AF_INET,
socket.SOCK_STREAM, 0,
socket.AI_ADDRCONFIG):
af, socktype, proto, _, sa = res
try:
s = socket.socket(af, socktype, proto)
except socket.error:
s = None
continue
try:
s.bind(sa)
s.listen(1)
except socket.error:
s.close()
s = None
continue
break
conn, _ = s.accept()
while 1:
data = conn.recv(1024)
if not data: break
self.result.append(data)
conn.close()
self.listener = Listener()
self.listener.start()
def CheckFlow(self):
original_data = open("/bin/ls", "rb").read()
received_cipher = "".join(self.listener.result)
cipher = crypto.AES128CBCCipher(key=self.key,
iv=self.iv,
mode=crypto.AES128CBCCipher.OP_DECRYPT)
received_data = cipher.Update(received_cipher) + cipher.Final()
self.assertEqual(received_data, original_data)