def testLogsWarningIfBtimeNotSupported(self, db: abstract_db.Database):
client_id = self.client_id
db.WriteClientMetadata(client_id, fleetspeak_enabled=True)
snapshot = rdf_objects.ClientSnapshot()
snapshot.client_id = client_id
snapshot.knowledge_base.os = "Linux"
snapshot.startup_info.client_info.timeline_btime_support = False
db.WriteClientSnapshot(snapshot)
with temp.AutoTempDirPath() as tempdir:
args = rdf_timeline.TimelineArgs(root=tempdir.encode("utf-8"))
flow_id = flow_test_lib.TestFlowHelper(
timeline_flow.TimelineFlow.__name__,
action_mocks.ActionMock(timeline_action.Timeline),
client_id=client_id,
token=self.token,
args=args)
flow_test_lib.FinishAllFlowsOnClient(client_id)
log_entries = db.ReadFlowLogEntries(client_id,
flow_id,
offset=0,
count=1)
self.assertLen(log_entries, 1)
self.assertRegex(log_entries[0].message, "birth time is not supported")
def testNoLogsIfBtimeSupported(self, db: abstract_db.Database):
client_id = self.client_id
db.WriteClientMetadata(client_id, fleetspeak_enabled=True)
snapshot = rdf_objects.ClientSnapshot()
snapshot.client_id = client_id
snapshot.knowledge_base.os = "Linux"
snapshot.startup_info.client_info.timeline_btime_support = True
db.WriteClientSnapshot(snapshot)
with temp.AutoTempDirPath() as tempdir:
args = rdf_timeline.TimelineArgs(root=tempdir.encode("utf-8"))
flow_id = flow_test_lib.TestFlowHelper(
timeline_flow.TimelineFlow.__name__,
action_mocks.ActionMock(timeline_action.Timeline),
client_id=client_id,
creator=self.test_username,
args=args)
flow_test_lib.FinishAllFlowsOnClient(client_id)
log_entries = db.ReadFlowLogEntries(client_id,
flow_id,
offset=0,
count=1)
self.assertEmpty(log_entries)
def testClientInfoDefault(self, db: abstract_db.Database):
client_id = "C.0123456789ABCDEF"
db.WriteClientMetadata(client_id, fleetspeak_enabled=False)
flow = rdf_flow_objects.Flow()
flow.client_id = client_id
flow.flow_id = "FEDCBA9876543210"
flow = FlowBaseTest.Flow(flow)
self.assertIsInstance(flow.client_info, rdf_client.ClientInformation)
self.assertEmpty(flow.client_info.client_name)
def testFlowWithNoResult(self, db: abstract_db.Database) -> None:
client_id = "C.1234567890123456"
flow_id = "ABCDEF92"
db.WriteClientMetadata(client_id, last_ping=rdfvalue.RDFDatetime.Now())
flow_obj = rdf_flow_objects.Flow()
flow_obj.client_id = client_id
flow_obj.flow_id = flow_id
flow_obj.flow_class_name = timeline_flow.TimelineFlow.__name__
flow_obj.create_time = rdfvalue.RDFDatetime.Now()
db.WriteFlowObject(flow_obj)
self.assertIsNone(timeline_flow.FilesystemType(client_id, flow_id))
def testClientInfo(self, db: abstract_db.Database):
client_id = "C.0123456789ABCDEF"
db.WriteClientMetadata(client_id, fleetspeak_enabled=False)
startup_info = rdf_client.StartupInfo()
startup_info.client_info.client_name = "rrg"
startup_info.client_info.client_version = 1337
db.WriteClientStartupInfo(client_id, startup_info)
flow = rdf_flow_objects.Flow()
flow.client_id = client_id
flow.flow_id = "FEDCBA9876543210"
flow = FlowBaseTest.Flow(flow)
self.assertIsInstance(flow.client_info, rdf_client.ClientInformation)
self.assertEqual(flow.client_info.client_name, "rrg")
self.assertEqual(flow.client_info.client_version, 1337)
def testFlowWithResult(self, db: abstract_db.Database) -> None:
client_id = "C.1234567890123456"
flow_id = "ABCDEF92"
db.WriteClientMetadata(client_id, last_ping=rdfvalue.RDFDatetime.Now())
flow_obj = rdf_flow_objects.Flow()
flow_obj.client_id = client_id
flow_obj.flow_id = flow_id
flow_obj.flow_class_name = timeline_flow.TimelineFlow.__name__
flow_obj.create_time = rdfvalue.RDFDatetime.Now()
db.WriteFlowObject(flow_obj)
flow_result = rdf_flow_objects.FlowResult()
flow_result.client_id = client_id
flow_result.flow_id = flow_id
flow_result.payload = rdf_timeline.TimelineResult(
filesystem_type="ntfs")
db.WriteFlowResults([flow_result])
self.assertEqual(timeline_flow.FilesystemType(client_id, flow_id),
"ntfs")
def TestMethod(self, db: abstract_db.Database):
client_id = "C.0123456789abcdef"
db.WriteClientMetadata(client_id, first_seen=now)
client = db.ReadClientFullInfo(client_id)
self.assertEqual(client.metadata.first_seen, now)