def testWMIArtifact(self, registry): """Test collecting a WMI artifact.""" registry.AddFileSource(self.test_artifacts_file) artifact = registry.GetArtifact("WMIActiveScriptEventConsumer") ext_src = rdf_artifact.ExpandedSource(base_source=artifact.sources[0]) ext_art = rdf_artifact.ExpandedArtifact(name=artifact.name, sources=[ext_src]) request = rdf_artifact.ClientArtifactCollectorArgs( artifacts=[ext_art], knowledge_base=None, ignore_interpolation_errors=True, apply_parsers=False) result = self.RunAction(artifact_collector.ArtifactCollector, request)[0] self.assertIsInstance(result, rdf_artifact.ClientArtifactCollectorResult) coll = artifact_collector.ArtifactCollector() coll.knowledge_base = None coll.ignore_interpolation_errors = True expected = rdf_client_action.WMIRequest( query="SELECT * FROM ActiveScriptEventConsumer", base_object="winmgmts:\\root\\subscription") for action, request in coll._ProcessWmiSource(ext_src): self.assertEqual(request, expected) self.assertEqual(action, self.windows.WmiQueryFromClient) self.windows.WmiQueryFromClient.assert_called_with(request)
def _ProcessWmiSource(self, source): # pylint: disable= g-import-not-at-top from grr_response_client.client_actions.windows import windows # pylint: enable=g-import-not-at-top action = windows.WmiQueryFromClient base_object = source.base_source.attributes.get("base_object") for query in self._Interpolate(source.base_source.attributes["query"]): request = rdf_client_action.WMIRequest( query=query, base_object=base_object) yield action, request
def _ProcessWmiSource(self, args): # pylint: disable= g-import-not-at-top from grr_response_client.client_actions.windows import windows # pylint: enable=g-import-not-at-top action = windows.WmiQuery query = args.base_source.attributes["query"] queries = artifact_utils.InterpolateKbAttributes( query, self.knowledge_base, self.ignore_interpolation_errors) base_object = args.base_source.attributes.get("base_object") for query in queries: request = rdf_client_action.WMIRequest(query=query, base_object=base_object) yield action, request