def setUp(self): super().setUp() stack = contextlib.ExitStack() self.addCleanup(stack.close) self._tmp_dir = stack.enter_context(utils.TempDirectory()) self.client_id = self.SetupClient(0) self.procs = [ client_test_lib.MockWindowsProcess(pid=101, name="proc101.exe"), client_test_lib.MockWindowsProcess(pid=102, name="proc102.exe", ppid=101), client_test_lib.MockWindowsProcess(pid=103, name="proc103.exe", ppid=1), client_test_lib.MockWindowsProcess(pid=104, name="proc104.exe", ppid=103), client_test_lib.MockWindowsProcess(pid=105, name="proc105.exe", ppid=1), client_test_lib.MockWindowsProcess(pid=106, name="proc106.exe", ppid=104), client_test_lib.MockWindowsProcess(pid=108, name="proc108.exe"), client_test_lib.MockWindowsProcess(pid=109, name="proc109.exe"), client_test_lib.MockWindowsProcess(pid=110, name="proc110.exe"), ]
def testYaraProcessScanLimitMatches(self): proc = client_test_lib.MockWindowsProcess(pid=107, name="proc107.exe") matches, _, _ = self._RunYaraProcessScan([proc]) self.assertLen(matches[0].match, 2) matches, _, _ = self._RunYaraProcessScan([proc], max_results_per_process=1) self.assertLen(matches[0].match, 1)
def Run(self): client_id = self.SetupClient(0) with test_lib.FakeTime(42): flow_urn = flow.StartAFF4Flow( flow_name=processes.ListProcesses.__name__, client_id=client_id, token=self.token) test_process = client_test_lib.MockWindowsProcess( name="test_process") with utils.Stubber(psutil, "Process", lambda: test_process): mock = flow_test_lib.MockClient(client_id, None, token=self.token) while mock.Next(): pass replace = {flow_urn.Basename(): "W:ABCDEF"} manager = queue_manager.QueueManager(token=self.token) requests_responses = manager.FetchRequestsAndResponses(flow_urn) for request, responses in requests_responses: replace[str(request.request.task_id)] = "42" for response in responses: replace[str(response.task_id)] = "42" self.Check("ListFlowRequests", args=flow_plugin.ApiListFlowRequestsArgs( client_id=client_id.Basename(), flow_id=flow_urn.Basename()), replace=replace)
def setUp(self): super(BaseYaraFlowsTest, self).setUp() self.client_id = self.SetupClient(0) self.procs = [ client_test_lib.MockWindowsProcess(pid=101, name="proc101.exe"), client_test_lib.MockWindowsProcess( pid=102, name="proc102.exe", ppid=101), client_test_lib.MockWindowsProcess(pid=103, name="proc103.exe", ppid=1), client_test_lib.MockWindowsProcess( pid=104, name="proc104.exe", ppid=103), client_test_lib.MockWindowsProcess(pid=105, name="proc105.exe", ppid=1), client_test_lib.MockWindowsProcess( pid=106, name="proc106.exe", ppid=104), client_test_lib.MockWindowsProcess(pid=108, name="proc108.exe"), client_test_lib.MockWindowsProcess(pid=109, name="proc109.exe"), client_test_lib.MockWindowsProcess(pid=110, name="proc110.exe"), ]
def Run(self): client_ids = self.SetupClients(1) client_id = client_ids[0] replace = {} with test_lib.FakeTime(42): flow_urn = flow.GRRFlow.StartFlow( client_id=client_id, flow_name=processes.ListProcesses.__name__, token=self.token) replace[flow_urn.Basename()] = "F:123456" test_process = client_test_lib.MockWindowsProcess( name="test_process") with utils.Stubber(psutil, "Process", lambda: test_process): # Here we emulate a mock client with no actions (None) that # should produce an error. mock = flow_test_lib.MockClient(client_id, None, token=self.token) while mock.Next(): pass manager = queue_manager.QueueManager(token=self.token) requests_responses = manager.FetchRequestsAndResponses(flow_urn) for request, responses in requests_responses: replace[str(request.request.task_id)] = "42" for response in responses: replace[str(response.task_id)] = "43" self.Check("ListClientActionRequests", args=client_plugin.ApiListClientActionRequestsArgs( client_id=client_id.Basename()), replace=replace) self.Check("ListClientActionRequests", args=client_plugin.ApiListClientActionRequestsArgs( client_id=client_id.Basename(), fetch_responses=True), replace=replace)
def setUp(self): super(TestYaraFlows, self).setUp() self.procs = [ client_test_lib.MockWindowsProcess(pid=101, name="proc101.exe"), client_test_lib.MockWindowsProcess(pid=102, name="proc102.exe", ppid=101), client_test_lib.MockWindowsProcess(pid=103, name="proc103.exe", ppid=1), client_test_lib.MockWindowsProcess(pid=104, name="proc104.exe", ppid=103), client_test_lib.MockWindowsProcess(pid=105, name="proc105.exe", ppid=1), client_test_lib.MockWindowsProcess(pid=106, name="proc106.exe", ppid=104) ]
def setUp(self): super(TestYaraFlows, self).setUp() self.rules = FakeRules(matching_pids=[101, 102], timeout_pids=[103, 104]) self.procs = [ client_test_lib.MockWindowsProcess(pid=101, name="proc101.exe"), client_test_lib.MockWindowsProcess(pid=102, name="proc102.exe", ppid=101), client_test_lib.MockWindowsProcess(pid=103, name="proc103.exe", ppid=1), client_test_lib.MockWindowsProcess(pid=104, name="proc104.exe", ppid=103), client_test_lib.MockWindowsProcess(pid=105, name="proc105.exe", ppid=1), client_test_lib.MockWindowsProcess(pid=106, name="proc106.exe", ppid=104) ]
def ProcessIter(): return iter([client_test_lib.MockWindowsProcess()])