def GenerateSample(self, number=0):
result = artifact_registry.Artifact(name="artifact%s" % number,
doc="Doco",
provides="environ_windir",
supported_os="Windows",
urls="http://blah")
return result
def testValidateSyntaxWithSources(self):
registry_key_source = {
"type": ar.ArtifactSource.SourceType.REGISTRY_KEY,
"attributes": {
"keys": [
r"%%current_control_set%%\Control\Session "
r"Manager\Environment\Path"
],
}
}
file_source = {
"type": ar.ArtifactSource.SourceType.FILE,
"attributes": {
"paths": [r"%%environ_systemdrive%%\Temp"]
}
}
artifact = ar.Artifact(
name="Bar",
doc="This is Bar.",
provides=["environ_windir"],
supported_os=["Windows"],
urls=["https://example.com"],
sources=[registry_key_source, file_source])
artifact.ValidateSyntax()
def testValidateSyntaxSimple(self):
artifact = ar.Artifact(
name="Foo",
doc="This is Foo.",
provides=["fqdn", "domain"],
supported_os=["Windows"],
urls=["https://example.com"])
artifact.ValidateSyntax()
def testValidateSyntaxBrokenProvides(self):
artifact = ar.Artifact(
name="Thud",
doc="This is Thud.",
provides=["fqdn", "garbage"],
labels=["Network"])
with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "'garbage'"):
artifact.ValidateSyntax()
def testValidateSyntaxInvalidLabel(self):
artifact = ar.Artifact(
name="Norf",
doc="This is Norf.",
provides=["domain"],
labels=["Mail", "Browser", "Reddit"],
supported_os=["Darwin"])
with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "'Reddit'"):
artifact.ValidateSyntax()
def testValidateSyntaxInvalidSupportedOs(self):
artifact = ar.Artifact(
name="Quux",
doc="This is Quux.",
provides=["os"],
labels=["Cloud", "Logs"],
supported_os=["Solaris"])
with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "'Solaris'"):
artifact.ValidateSyntax()
def testGetArtifactPathDependencies(self):
sources = [{
"type": artifact_registry.ArtifactSource.SourceType.REGISTRY_KEY,
"attributes": {
"keys": [
r"%%current_control_set%%\Control\Session "
r"Manager\Environment\Path"
]
}
}, {
"type": artifact_registry.ArtifactSource.SourceType.WMI,
"attributes": {
"query":
"SELECT * FROM Win32_UserProfile "
"WHERE SID='%%users.sid%%'"
}
}, {
"type": artifact_registry.ArtifactSource.SourceType.GREP,
"attributes": {
"content_regex_list": ["^%%users.username%%:"]
}
}]
artifact = artifact_registry.Artifact(name="artifact",
doc="Doco",
provides=["environ_windir"],
supported_os=["Windows"],
urls=["http://blah"],
sources=sources)
self.assertItemsEqual(
[x["type"] for x in artifact.ToPrimitiveDict()["sources"]],
["REGISTRY_KEY", "WMI", "GREP"])
class Parser1(object):
knowledgebase_dependencies = ["appdata", "sid"]
class Parser2(object):
knowledgebase_dependencies = ["sid", "desktop"]
@classmethod
def MockGetClassesByArtifact(unused_cls, _):
return [Parser1, Parser2]
with utils.Stubber(parsers.Parser, "GetClassesByArtifact",
MockGetClassesByArtifact):
self.assertItemsEqual(artifact.GetArtifactPathDependencies(), [
"appdata", "sid", "desktop", "current_control_set",
"users.sid", "users.username"
])
def testValidateSyntaxBadSource(self):
source = {
"type": ar.ArtifactSource.SourceType.ARTIFACT_GROUP,
"attributes": {}
}
artifact = ar.Artifact(
name="Barf",
doc="This is Barf.",
provides=["os"],
labels=["Logs", "Memory"],
sources=[source])
with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "required attributes"):
artifact.ValidateSyntax()
def testValidateSyntaxBadPathDependency(self):
sources = [{
"type": artifact_registry.ArtifactSource.SourceType.FILE,
"attributes": {
"paths": [r"%%systemdrive%%\Temp"]
}
}]
artifact = artifact_registry.Artifact(name="bad",
doc="Doco",
provides=["environ_windir"],
supported_os=["Windows"],
urls=["http://blah"],
sources=sources)
with self.assertRaises(artifact_registry.ArtifactDefinitionError):
artifact.ValidateSyntax()
def testValidateSyntax(self):
sources = [{
"type": artifact_registry.ArtifactSource.SourceType.REGISTRY_KEY,
"attributes": {
"keys": [
r"%%current_control_set%%\Control\Session "
r"Manager\Environment\Path"
]
}
}, {
"type": artifact_registry.ArtifactSource.SourceType.FILE,
"attributes": {
"paths": [r"%%environ_systemdrive%%\Temp"]
}
}]
artifact = artifact_registry.Artifact(name="good",
doc="Doco",
provides=["environ_windir"],
supported_os=["Windows"],
urls=["http://blah"],
sources=sources)
artifact.ValidateSyntax()
def testValidateSyntaxMissingDoc(self):
artifact = ar.Artifact(name="Baz", provides=["os"], supported_os=["Linux"])
with self.assertRaisesRegexp(ar.ArtifactSyntaxError, "missing doc"):
artifact.ValidateSyntax()