def RenderOption(self, option, request, response):
if option == "Windows":
return self.RenderFromTemplate(self.match_system_template,
response,
system="Windows")
elif option == "Linux":
return self.RenderFromTemplate(self.match_system_template,
response,
system="Linux")
elif option == "OSX":
return self.RenderFromTemplate(self.match_system_template,
response,
system="OSX")
elif option == "Regex":
return self.RenderFromTemplate(
self.form_template,
response,
form=forms.SemanticProtoFormRenderer(
rdfvalue.ForemanAttributeRegex(),
prefix=self.prefix).RawHTML(request))
elif option == "Integer":
return self.RenderFromTemplate(
self.form_template,
response,
form=forms.SemanticProtoFormRenderer(
rdfvalue.ForemanAttributeInteger(),
prefix=self.prefix).RawHTML(request))
def ParseOption(self, option, request):
"""Parse the form that is selected by option."""
if option == "Windows":
return implementation.GRRHunt.MATCH_WINDOWS
elif option == "Linux":
return implementation.GRRHunt.MATCH_LINUX
elif option == "OSX":
return implementation.GRRHunt.MATCH_DARWIN
elif option == "Label":
label_name = ClientLabelNameFormRenderer(
descriptor=type_info.TypeInfoObject(),
default="",
prefix=self.prefix).ParseArgs(request)
regex = rdfvalue.AFF4ObjectLabelsList.RegexForStringifiedValueMatch(
label_name)
return rdfvalue.ForemanAttributeRegex(attribute_name="Labels",
attribute_regex=regex)
elif option == "Regex":
return forms.SemanticProtoFormRenderer(
rdfvalue.ForemanAttributeRegex(),
prefix=self.prefix).ParseArgs(request)
elif option == "Integer":
return forms.SemanticProtoFormRenderer(
rdfvalue.ForemanAttributeInteger(),
prefix=self.prefix).ParseArgs(request)
def testRuleAdding(self):
foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
# Make sure there are no rules yet in the foreman.
self.assertEqual(len(rules), 0)
hunt = hunts.GRRHunt.StartHunt(
hunt_name="SampleHunt",
regex_rules=[
rdfvalue.ForemanAttributeRegex(
attribute_name="GRR client",
attribute_regex="HUNT")
],
integer_rules=[
rdfvalue.ForemanAttributeInteger(
attribute_name="Clock",
operator=rdfvalue.ForemanAttributeInteger.Operator.GREATER_THAN,
value=1336650631137737)
],
client_rate=0,
token=self.token)
# Push the rules to the foreman.
with hunt:
hunt.GetRunner().Start()
foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
# Make sure they were written correctly.
self.assertEqual(len(rules), 1)
rule = rules[0]
self.assertEqual(len(rule.regex_rules), 1)
self.assertEqual(rule.regex_rules[0].attribute_name, "GRR client")
self.assertEqual(rule.regex_rules[0].attribute_regex, "HUNT")
self.assertEqual(len(rule.integer_rules), 1)
self.assertEqual(rule.integer_rules[0].attribute_name, "Clock")
self.assertEqual(rule.integer_rules[0].operator,
rdfvalue.ForemanAttributeInteger.Operator.GREATER_THAN)
self.assertEqual(rule.integer_rules[0].value, 1336650631137737)
self.assertEqual(len(rule.actions), 1)
self.assertEqual(rule.actions[0].hunt_name, "SampleHunt")
# Running a second time should not change the rules any more.
with hunt:
hunt.GetRunner().Start()
foreman = aff4.FACTORY.Open("aff4:/foreman", mode="rw", token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
# Still just one rule.
self.assertEqual(len(rules), 1)
def ParseOption(self, option, request):
"""Parse the form that is selected by option."""
if option == "Windows":
return implementation.GRRHunt.MATCH_WINDOWS
elif option == "Linux":
return implementation.GRRHunt.MATCH_LINUX
elif option == "OSX":
return implementation.GRRHunt.MATCH_DARWIN
elif option == "Regex":
return forms.SemanticProtoFormRenderer(
rdfvalue.ForemanAttributeRegex(),
prefix=self.prefix).ParseArgs(request)
elif option == "Integer":
return forms.SemanticProtoFormRenderer(
rdfvalue.ForemanAttributeInteger(),
prefix=self.prefix).ParseArgs(request)
def RenderOption(self, option, request, response):
if option == "Windows":
return self.RenderFromTemplate(self.match_system_template,
response,
system="Windows")
elif option == "Linux":
return self.RenderFromTemplate(self.match_system_template,
response,
system="Linux")
elif option == "OSX":
return self.RenderFromTemplate(self.match_system_template,
response,
system="OSX")
elif option == "Label":
return self.RenderFromTemplate(
self.form_template,
response,
form=ClientLabelNameFormRenderer(
descriptor=type_info.TypeInfoObject(friendly_name="Label"),
default="",
prefix=self.prefix).RawHTML(request))
elif option == "Regex":
return self.RenderFromTemplate(
self.form_template,
response,
form=forms.SemanticProtoFormRenderer(
rdfvalue.ForemanAttributeRegex(),
prefix=self.prefix).RawHTML(request))
elif option == "Integer":
return self.RenderFromTemplate(
self.form_template,
response,
form=forms.SemanticProtoFormRenderer(
rdfvalue.ForemanAttributeInteger(),
prefix=self.prefix).RawHTML(request))
def testStopping(self):
"""Tests if we can stop a hunt."""
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
# Make sure there are no rules yet.
self.assertEqual(len(rules), 0)
now = rdfvalue.RDFDatetime().Now()
expires = rdfvalue.Duration("1h").Expiry()
# Add some rules.
rules = [
rdfvalue.ForemanRule(created=now,
expires=expires,
description="Test rule1"),
rdfvalue.ForemanRule(created=now,
expires=expires,
description="Test rule2")
]
self.AddForemanRules(rules)
hunt = hunts.GRRHunt.StartHunt(
hunt_name="SampleHunt",
regex_rules=[
rdfvalue.ForemanAttributeRegex(attribute_name="GRR client",
attribute_regex="HUNT")
],
integer_rules=[
rdfvalue.ForemanAttributeInteger(
attribute_name="Clock",
operator=rdfvalue.ForemanAttributeInteger.Operator.
GREATER_THAN,
value=1336650631137737)
],
client_rate=0,
token=self.token)
with hunt:
runner = hunt.GetRunner()
runner.Start()
# Add some more rules.
rules = [
rdfvalue.ForemanRule(created=now,
expires=expires,
description="Test rule3"),
rdfvalue.ForemanRule(created=now,
expires=expires,
description="Test rule4")
]
self.AddForemanRules(rules)
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
self.assertEqual(len(rules), 5)
# It should be running.
self.assertTrue(runner.IsHuntStarted())
# Now we stop the hunt.
hunt.Stop()
foreman = aff4.FACTORY.Open("aff4:/foreman",
mode="rw",
token=self.token)
rules = foreman.Get(foreman.Schema.RULES)
# The rule for this hunt should be deleted but the rest should be there.
self.assertEqual(len(rules), 4)
# And the hunt should report no outstanding requests any more.
with hunt:
self.assertFalse(hunt.GetRunner().IsHuntStarted())
