def testGetFlowFilesArchiveReturnsNonLimitedHandlerForArtifactsWhenNeeded(
self):
router = self._CreateRouter(
artifact_collector_flow=rr.RobotRouterArtifactCollectorFlowParams(
artifact_collector_flow_name=AnotherArtifactCollector.__name__
),
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True,
skip_glob_checks_for_artifact_collector=True,
path_globs_blacklist=["**/*.txt"],
path_globs_whitelist=["foo/*", "bar/*"]))
flow_id = self._CreateFlowWithRobotId()
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
self.assertEqual(handler.path_globs_blacklist, ["**/*.txt"])
self.assertEqual(handler.path_globs_whitelist, ["foo/*", "bar/*"])
flow_id = self._CreateFlowWithRobotId(
flow_name=AnotherArtifactCollector.__name__,
flow_args=rdf_artifacts.ArtifactCollectorFlowArgs(
artifact_list=["Foo"]))
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
self.assertTrue(handler.path_globs_blacklist is None)
self.assertTrue(handler.path_globs_whitelist is None)
def testGetFlowFilesArchiveReturnsNonLimitedHandlerForArtifactsWhenNeeded(
self):
router = self._CreateRouter(
artifact_collector_flow=rr.RobotRouterArtifactCollectorFlowParams(
artifact_collector_flow_name=AnotherArtifactCollector.__name__
), # pylint: disable=undefined-variable
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True,
skip_glob_checks_for_artifact_collector=True,
exclude_path_globs=["**/*.txt"],
include_only_path_globs=["foo/*", "bar/*"]))
flow_id = self._CreateFlowWithRobotId()
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
context=self.context)
self.assertEqual(handler.exclude_path_globs, ["**/*.txt"])
self.assertEqual(handler.include_only_path_globs, ["foo/*", "bar/*"])
flow_id = self._CreateFlowWithRobotId(
flow_name=AnotherArtifactCollector.__name__, # pylint: disable=undefined-variable
flow_args=rdf_artifacts.ArtifactCollectorFlowArgs(
artifact_list=["Foo"]))
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
context=self.context)
self.assertIsNone(handler.exclude_path_globs)
self.assertIsNone(handler.include_only_path_globs)
def testGeneratesTarGzArchive(self):
result = self.handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_id,
archive_format="TAR_GZ"),
token=self.token)
with utils.TempDirectory() as temp_dir:
tar_path = os.path.join(temp_dir, "archive.tar.gz")
with open(tar_path, "wb") as fd:
for chunk in result.GenerateContent():
fd.write(chunk)
with tarfile.open(tar_path) as tar_fd:
tar_fd.extractall(path=temp_dir)
manifest_file_path = None
for parent, _, files in os.walk(temp_dir):
if "MANIFEST" in files:
manifest_file_path = os.path.join(parent, "MANIFEST")
break
self.assertTrue(manifest_file_path)
with open(manifest_file_path, "rb") as fd:
manifest = yaml.safe_load(fd.read())
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 0)
def testGetFlowFilesArchiveWorksIfFlowWasCreatedBySameRouter(self):
flow_id = self._CreateFlowWithRobotId()
router = self._CreateRouter(
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True))
router.GetFlowFilesArchive(api_flow.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id, flow_id=flow_id),
token=self.token)
def testFlowFilesArchiveRaisesIfFlowWasNotCreatedBySameUser(self):
flow_id = flow_test_lib.StartFlow(file_finder.FileFinder,
self.client_id,
creator=self.another_username)
router = self._CreateRouter()
with self.assertRaises(access_control.UnauthorizedAccess):
router.GetFlowFilesArchive(api_flow.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id, flow_id=flow_id),
context=self.context)
def testFlowFilesArchiveRaisesIfFlowWasNotCreatedBySameRouter(self):
flow_urn = flow.StartFlow(client_id=self.client_id,
flow_name=file_finder.FileFinder.__name__,
token=self.token)
router = self._CreateRouter()
with self.assertRaises(access_control.UnauthorizedAccess):
router.GetFlowFilesArchive(api_flow.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id, flow_id=flow_urn.Basename()),
token=self.token)
def testAllClientFlowsMethodsAreAccessChecked(self):
args = api_flow.ApiListFlowsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlows, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlow, "CheckClientAccess", args=args)
args = api_flow.ApiCreateFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.CreateFlow, "CheckClientAccess", args=args)
self.CheckMethodIsAccessChecked(
self.router.CreateFlow, "CheckIfCanStartClientFlow", args=args)
args = api_flow.ApiCancelFlowArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.CancelFlow, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowRequestsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowRequests, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowResultsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowResults, "CheckClientAccess", args=args)
args = api_flow.ApiGetExportedFlowResultsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetExportedFlowResults, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowResultsExportCommandArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlowResultsExportCommand, "CheckClientAccess", args=args)
args = api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.GetFlowFilesArchive, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPlugins, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginLogsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPluginLogs, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowOutputPluginErrorsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowOutputPluginErrors, "CheckClientAccess", args=args)
args = api_flow.ApiListFlowLogsArgs(client_id=self.client_id)
self.CheckMethodIsAccessChecked(
self.router.ListFlowLogs, "CheckClientAccess", args=args)
def testGeneratesZipArchive(self):
result = self.handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_id,
archive_format="ZIP"),
token=self.token)
manifest = self._GetZipManifest(result)
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 0)
def testGeneratesTarGzArchive(self):
result = self.handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_id,
archive_format="TAR_GZ"),
context=self.context)
manifest = self._GetTarGzManifest(result)
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 0)
def testGetFlowFilesArchiveReturnsLimitedHandler(self):
flow_id = self._CreateFlowWithRobotId()
router = self._CreateRouter(
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True,
path_globs_blacklist=["**/*.txt"],
path_globs_whitelist=["foo/*", "bar/*"]))
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
token=self.token)
self.assertEqual(handler.path_globs_blacklist, ["**/*.txt"])
self.assertEqual(handler.path_globs_whitelist, ["foo/*", "bar/*"])
def testGetFlowFilesArchiveReturnsLimitedHandler(self):
flow_id = self._CreateFlowWithRobotId()
router = self._CreateRouter(
get_flow_files_archive=rr.RobotRouterGetFlowFilesArchiveParams(
enabled=True,
exclude_path_globs=["**/*.txt"],
include_only_path_globs=["foo/*", "bar/*"]))
handler = router.GetFlowFilesArchive(
api_flow.ApiGetFlowFilesArchiveArgs(client_id=self.client_id,
flow_id=flow_id),
context=self.context)
self.assertEqual(handler.exclude_path_globs, ["**/*.txt"])
self.assertEqual(handler.include_only_path_globs, ["foo/*", "bar/*"])
def testArchivesFileMatchingPathGlobsWhitelist(self):
handler = flow_plugin.ApiGetFlowFilesArchiveHandler(
path_globs_blacklist=[],
path_globs_whitelist=[rdf_paths.GlobExpression("/**/*/test.plist")])
result = handler.Handle(
flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_urn.Basename(),
archive_format="ZIP"),
token=self.token)
manifest = self._GetZipManifest(result)
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 0)
def testArchivesFileMatchingPathGlobsInclusionList(self):
handler = flow_plugin.ApiGetFlowFilesArchiveHandler(
exclude_path_globs=[],
include_only_path_globs=[rdf_paths.GlobExpression("/**/*/test.plist")])
result = handler.Handle(
flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_id,
archive_format="ZIP"),
context=self.context)
manifest = self._GetZipManifest(result)
self.assertEqual(manifest["archived_files"], 1)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 0)
def testIgnoresFileNotMatchingPathGlobsInclusionList(self):
handler = flow_plugin.ApiGetFlowFilesArchiveHandler(
exclude_path_globs=[],
include_only_path_globs=[rdf_paths.GlobExpression("/**/foo.bar")])
result = handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_id,
archive_format="ZIP"),
token=self.token)
manifest = self._GetZipManifest(result)
self.assertEqual(manifest["archived_files"], 0)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 1)
self.assertEqual(
manifest["ignored_files_list"],
["aff4:/%s/fs/os%s/test.plist" % (self.client_id, self.base_path)])
def testIgnoresFileNotMatchingPathGlobsWhitelist(self):
handler = flow_plugin.ApiGetFlowFilesArchiveHandler(
path_globs_blacklist=[],
path_globs_whitelist=[rdf_paths.GlobExpression("/**/foo.bar")])
result = handler.Handle(flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_id,
archive_format="ZIP"),
token=self.token)
manifest = self._GetZipManifest(result)
self.assertEqual(manifest["archived_files"], 0)
self.assertEqual(manifest["failed_files"], 0)
self.assertEqual(manifest["processed_files"], 1)
self.assertEqual(manifest["ignored_files"], 1)
self.assertEqual(manifest["ignored_files_list"], [
utils.SmartUnicode(
self.client_id.Add("fs/os").Add(
self.base_path).Add("test.plist"))
])
def testGeneratesTarGzArchiveForFlowWithCustomMappings(self):
path = abstract_db.ClientPath.OS(
self.client_id,
self.base_path.lstrip("/").split("/") + ["test.plist"])
mappings = [
flow_base.ClientPathArchiveMapping(path, "foo/file"),
]
with mock.patch.object(file_finder.FileFinder,
"GetFilesArchiveMappings",
return_value=mappings):
result = self.handler.Handle(
flow_plugin.ApiGetFlowFilesArchiveArgs(
client_id=self.client_id,
flow_id=self.flow_id,
archive_format="TAR_GZ"),
token=self.token)
manifest = self._GetTarGzManifest(result)
self.assertEqual(manifest["client_id"], self.client_id)
self.assertEqual(manifest["flow_id"], self.flow_id)
self.assertEqual(manifest["processed_files"],
{path.vfs_path: "foo/file"})
self.assertEmpty(manifest["missing_files"])
