def testBasicConversion(self):
conn1 = rdf_client_network.NetworkConnection(
state=rdf_client_network.NetworkConnection.State.LISTEN,
type=rdf_client_network.NetworkConnection.Type.SOCK_STREAM,
local_address=rdf_client_network.NetworkEndpoint(ip="0.0.0.0",
port=22),
remote_address=rdf_client_network.NetworkEndpoint(ip="0.0.0.0",
port=0),
pid=2136,
ctime=0)
conn2 = rdf_client_network.NetworkConnection(
state=rdf_client_network.NetworkConnection.State.LISTEN,
type=rdf_client_network.NetworkConnection.Type.SOCK_STREAM,
local_address=rdf_client_network.NetworkEndpoint(ip="192.168.1.1",
port=31337),
remote_address=rdf_client_network.NetworkEndpoint(ip="1.2.3.4",
port=6667),
pid=1,
ctime=0)
proc = rdf_client.Process(pid=2,
ppid=1,
cmdline=["cmd.exe"],
exe="c:\\windows\\cmd.exe",
ctime=1333718907167083,
connections=[conn1, conn2])
converter = process.ProcessToExportedNetworkConnectionConverter()
results = list(converter.Convert(self.metadata, proc))
self.assertLen(results, 2)
self.assertEqual(results[0].state,
rdf_client_network.NetworkConnection.State.LISTEN)
self.assertEqual(results[0].type,
rdf_client_network.NetworkConnection.Type.SOCK_STREAM)
self.assertEqual(results[0].local_address.ip, "0.0.0.0")
self.assertEqual(results[0].local_address.port, 22)
self.assertEqual(results[0].remote_address.ip, "0.0.0.0")
self.assertEqual(results[0].remote_address.port, 0)
self.assertEqual(results[0].pid, 2136)
self.assertEqual(results[0].ctime, 0)
self.assertEqual(results[1].state,
rdf_client_network.NetworkConnection.State.LISTEN)
self.assertEqual(results[1].type,
rdf_client_network.NetworkConnection.Type.SOCK_STREAM)
self.assertEqual(results[1].local_address.ip, "192.168.1.1")
self.assertEqual(results[1].local_address.port, 31337)
self.assertEqual(results[1].remote_address.ip, "1.2.3.4")
self.assertEqual(results[1].remote_address.port, 6667)
self.assertEqual(results[1].pid, 1)
self.assertEqual(results[1].ctime, 0)
def AddListener(self, ip, port, family="INET", sock_type="SOCK_STREAM"): """Create a network connection.""" conn = rdf_client_network.NetworkConnection() conn.state = "LISTEN" conn.family = family conn.type = sock_type conn.local_address = rdf_client_network.NetworkEndpoint(ip=ip, port=port) return conn
def ListNetworkConnections(self, _):
"""Returns fake connections."""
conn1 = rdf_client_network.NetworkConnection(
state=rdf_client_network.NetworkConnection.State.CLOSED,
type=rdf_client_network.NetworkConnection.Type.SOCK_STREAM,
local_address=rdf_client_network.NetworkEndpoint(ip="0.0.0.0", port=22),
remote_address=rdf_client_network.NetworkEndpoint(ip="0.0.0.0", port=0),
pid=2136,
ctime=0)
conn2 = rdf_client_network.NetworkConnection(
state=rdf_client_network.NetworkConnection.State.LISTEN,
type=rdf_client_network.NetworkConnection.Type.SOCK_STREAM,
local_address=rdf_client_network.NetworkEndpoint(
ip="192.168.1.1", port=31337),
remote_address=rdf_client_network.NetworkEndpoint(
ip="1.2.3.4", port=6667),
pid=1,
ctime=0)
return [conn1, conn2]