def test_memdump(cbcsdk_mock):
"""Test the response to the 'memdump' command."""
generated_file_name = None
target_file_name = None
def respond_to_post(url, body, **kwargs):
assert body['session_id'] == '1:2468'
nonlocal generated_file_name, target_file_name
if body['name'] == 'memdump':
generated_file_name = body['object']
target_file_name = generated_file_name
if body['compress']:
target_file_name += '.zip'
retval = copy.deepcopy(MEMDUMP_START_RESP)
retval['object'] = generated_file_name
return retval
elif body['name'] == 'delete file':
assert body['object'] == target_file_name
retval = copy.deepcopy(MEMDUMP_DEL_START_RESP)
retval['object'] = target_file_name
return retval
else:
pytest.fail(f"Invalid command name seen: {body['name']}")
def respond_get1(url, query_parameters, default):
retval = copy.deepcopy(MEMDUMP_END_RESP)
retval['object'] = generated_file_name
return retval
def respond_get2(url, query_parameters, default):
retval = copy.deepcopy(MEMDUMP_DEL_END_RESP)
retval['object'] = target_file_name
return retval
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request(
'POST', '/integrationServices/v3/cblr/session/1:2468/command',
respond_to_post)
cbcsdk_mock.mock_request(
'GET', '/integrationServices/v3/cblr/session/1:2468/command/101',
respond_get1)
cbcsdk_mock.mock_request(
'GET', '/integrationServices/v3/cblr/session/1:2468/command/102',
respond_get2)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
memdump = session.start_memdump()
assert memdump.lr_session is session
assert memdump.remote_filename == target_file_name
memdump.wait()
memdump.delete()
def test_registry_get(cbcsdk_mock):
"""Test the response to the 'reg get value' command."""
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request(
'POST', '/integrationServices/v3/cblr/session/1:2468/command',
REG_GET_START_RESP)
cbcsdk_mock.mock_request(
'GET', '/integrationServices/v3/cblr/session/1:2468/command/61',
REG_GET_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
val = session.get_registry_value(
'HKLM\\SYSTEM\\CurrentControlSet\\services\\ACPI\\Start')
assert val['value_data'] == 0
assert val['value_name'] == 'Start'
assert val['value_type'] == 'REG_DWORD'
def test_registry_set(cbcsdk_mock, set_val, check_val, overwrite, set_type,
check_type):
"""Test the response to the 'reg set value' command."""
def respond_to_post(url, body, **kwargs):
assert body['session_id'] == '1:2468'
assert body['name'] == 'reg set value'
assert body[
'object'] == 'HKLM\\SYSTEM\\CurrentControlSet\\services\\ACPI\\testvalue'
assert body['overwrite'] == overwrite
assert body['value_type'] == check_type
assert body['value_data'] == check_val
return REG_SET_START_RESP
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request(
'POST', '/integrationServices/v3/cblr/session/1:2468/command',
respond_to_post)
cbcsdk_mock.mock_request(
'GET', '/integrationServices/v3/cblr/session/1:2468/command/62',
REG_SET_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
session.set_registry_value(
'HKLM\\SYSTEM\\CurrentControlSet\\services\\ACPI\\testvalue',
set_val, overwrite, set_type)
def test_run_process_with_output(cbcsdk_mock, mox, remotefile):
"""Test the response to the 'create process' command with output that we retrieve."""
def respond_to_post(url, body, **kwargs):
assert body['session_id'] == '1:2468'
if body['name'] == 'create process':
return RUN_PROC_START_RESP
elif body['name'] == 'delete file':
resp = copy.deepcopy(DELETE_FILE_START_RESP)
resp['object'] = body['object']
return resp
else:
pytest.fail(f"Invalid command name seen: {body['name']}")
def validate_get_file(name):
if name is None:
return False
if remotefile is not None:
return name == remotefile
return True
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', respond_to_post)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/command/9', RUN_PROC_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
mox.StubOutWithMock(session, 'get_file')
session.get_file(pymox.Func(validate_get_file)).AndReturn('I Got It')
mox.ReplayAll()
rc = session.create_process('gimme', True, remotefile)
assert rc == 'I Got It'
mox.VerifyAll()
def test_list_processes(cbcsdk_mock):
"""Test the response to the 'list processes' command."""
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request(
'POST', '/integrationServices/v3/cblr/session/1:2468/command',
LIST_PROC_START_RESP)
cbcsdk_mock.mock_request(
'GET', '/integrationServices/v3/cblr/session/1:2468/command/10',
LIST_PROC_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
plist = session.list_processes()
assert len(plist) == 3
assert plist[0]['path'] == 'proc1'
assert plist[1]['path'] == 'server'
assert plist[2]['path'] == 'borg'
def test_put_file(cbcsdk_mock, mox):
"""Test the response to the 'put file' command."""
def respond_to_post(url, body, **kwargs):
assert body['session_id'] == '1:2468'
assert body['name'] == 'put file'
assert body['file_id'] == 10203
assert body['object'] == 'foobar.txt'
return PUT_FILE_START_RESP
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request(
'POST', '/integrationServices/v3/cblr/session/1:2468/command',
respond_to_post)
cbcsdk_mock.mock_request(
'GET', '/integrationServices/v3/cblr/session/1:2468/command/6',
PUT_FILE_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
filep = io.StringIO('This is a test')
with manager.request_session(2468) as session:
mox.StubOutWithMock(session, '_upload_file')
session._upload_file(filep).AndReturn(10203)
mox.ReplayAll()
session.put_file(filep, 'foobar.txt')
mox.VerifyAll()
def test_list_directory(cbcsdk_mock):
"""Test the response to the 'list directory' command."""
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request(
'POST', '/integrationServices/v3/cblr/session/1:2468/command',
DIRECTORY_LIST_START_RESP)
cbcsdk_mock.mock_request(
'GET', '/integrationServices/v3/cblr/session/1:2468/command/6',
DIRECTORY_LIST_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
files = session.list_directory('C:\\\\TEMP\\\\')
assert files[0]['filename'] == '.'
assert 'DIRECTORY' in files[0]['attributes']
assert files[1]['filename'] == '..'
assert 'DIRECTORY' in files[1]['attributes']
assert files[2]['filename'] == 'test.txt'
assert 'ARCHIVE' in files[2]['attributes']
def test_spawn_process(cbcsdk_mock):
"""Test the response to the 'create process' command without wait for completion."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', CREATE_PROC_START_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
assert session.create_process('start_daemon', False, None, None, 30, False) is None
def test_create_session_with_poll_error(cbcsdk_mock):
"""Test creating a Live Response session with an error in the polling."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP_ERROR)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with pytest.raises(TimeoutError) as excinfo:
manager.request_session(2468)
assert excinfo.value.uri == '/integrationServices/v3/cblr/session/1:2468'
assert excinfo.value.error_code == 404
def test_registry_unsupported_command(cbcsdk_mock):
"""Test the response to a command that we know isn't supported on the target node."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/7777', USESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:7777', USESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/7777', UDEVICE_RESPONSE)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', USESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(7777) as session:
with pytest.raises(ApiError) as excinfo:
session.create_registry_key('HKLM\\SYSTEM\\CurrentControlSet\\services\\ACPI\\Nonsense')
assert excinfo.value.__str__().startswith("Command reg create key not supported")
def test_registry_delete(cbcsdk_mock):
"""Test the response to the 'reg delete value' command."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', REG_DELETE_START_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/command/65', REG_DELETE_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
session.delete_registry_value('HKLM\\SYSTEM\\CurrentControlSet\\services\\ACPI\\testvalue')
def test_delete_file(cbcsdk_mock):
"""Test the response to the 'delete file' command."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', DELETE_FILE_START_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/command/3', DELETE_FILE_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
session.delete_file('C:\\\\TEMP\\\\foo.txt')
def test_kill_process_timeout(cbcsdk_mock):
"""Test the response to the 'kill' command when it times out."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', KILL_PROC_START_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/command/13', KILL_PROC_START_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api, 2)
with manager.request_session(2468) as session:
assert not session.kill_process(601)
def test_registry_create_key(cbcsdk_mock):
"""Test the response to the 'reg create key' command."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', REG_CREATE_KEY_START_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/command/63', REG_CREATE_KEY_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
session.create_registry_key('HKLM\\SYSTEM\\CurrentControlSet\\services\\ACPI\\Nonsense')
def test_create_directory(cbcsdk_mock):
"""Test the response to the 'create directory' command."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', CREATE_DIRECTORY_START_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/command/7', CREATE_DIRECTORY_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
session.create_directory('C:\\\\TEMP\\\\TRASH')
def test_create_session(cbcsdk_mock):
"""Test creating a Live Response session."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
assert session.session_id == '1:2468'
assert session.device_id == 2468
assert session._cblr_manager is manager
assert session._cb is cbcsdk_mock.api
assert session.os_type == 1
def test_delete_file_with_error(cbcsdk_mock):
"""Test the response to the 'delete file' command when it returns an error."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', DELETE_FILE_START_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/command/3', DELETE_FILE_ERROR_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
with pytest.raises(LiveResponseError) as excinfo:
session.delete_file('C:\\\\TEMP\\\\foo.txt')
assert excinfo.value.decoded_win32_error == "ERROR_FILE_NOT_FOUND"
def test_create_session_with_keepalive_option(cbcsdk_mock):
"""Test creating a Live Response session using the keepalive option."""
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api, 100000, True)
try:
with manager.request_session(2468) as session1:
assert session1.session_id == '1:2468'
assert session1.device_id == 2468
assert session1._cblr_manager is manager
assert session1._cb is cbcsdk_mock.api
assert session1.os_type == 1
with manager.request_session(2468) as session2:
assert session2 is session1
assert len(manager._sessions) == 1
manager._maintain_sessions()
assert len(manager._sessions) == 0
finally:
manager.stop_keepalive_thread()
def test_walk_bottomup_with_error(cbcsdk_mock, mox):
"""Test the logic of the directory walking with an error in one of the directories."""
called_error_response = 0
def error_response(err):
assert err.decoded_win32_error == "ERROR_FILE_NOT_FOUND"
nonlocal called_error_response
called_error_response = called_error_response + 1
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
mox.StubOutWithMock(session, 'list_directory')
session.list_directory('C:\\TEMP\\*').AndReturn(WALK_RETURN_1)
session.list_directory('C:\\TEMP\\FOO\\*').AndRaise(
LiveResponseError(FILE_NOT_FOUND_ERR))
session.list_directory('C:\\TEMP\\BAR\\*').AndReturn(WALK_RETURN_3)
mox.ReplayAll()
index = 1
for entry in session.walk('C:\\TEMP\\', False, error_response):
if index == 1:
assert entry[0] == 'C:\\TEMP\\BAR\\'
assert len(entry[1]) == 0
assert len(entry[2]) == 1
assert 'evil.exe' in entry[2]
elif index == 2:
assert entry[0] == 'C:\\TEMP\\'
assert len(entry[1]) == 2
assert 'FOO' in entry[1]
assert 'BAR' in entry[1]
assert len(entry[2]) == 1
assert 'test.txt' in entry[2]
else:
pytest.fail("Index went out of range")
index = index + 1
mox.VerifyAll()
assert called_error_response == 1
def test_session_maintenance_sends_keepalive(cbcsdk_mock, thrown_exception):
"""Test to ensure the session maintenance sends the keepalive messages as needed."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/keepalive', {})
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/keepalive', thrown_exception)
manager = LiveResponseSessionManager(cbcsdk_mock.api, 100000, True)
try:
with manager.request_session(2468):
manager._maintain_sessions()
assert len(manager._sessions) == 1
manager._maintain_sessions()
finally:
manager.stop_keepalive_thread()
def test_walk(cbcsdk_mock, mox):
"""Test the logic of the directory walking."""
cbcsdk_mock.mock_request('POST',
'/integrationServices/v3/cblr/session/2468',
SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET',
'/integrationServices/v3/cblr/session/1:2468',
SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468',
DEVICE_RESPONSE)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session',
SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
mox.StubOutWithMock(session, 'list_directory')
session.list_directory('C:\\TEMP\\*').AndReturn(WALK_RETURN_1)
session.list_directory('C:\\TEMP\\FOO\\*').AndReturn(WALK_RETURN_2)
session.list_directory('C:\\TEMP\\BAR\\*').AndReturn(WALK_RETURN_3)
mox.ReplayAll()
index = 1
for entry in session.walk('C:\\TEMP\\'):
if index == 1:
assert entry[0] == 'C:\\TEMP\\'
assert len(entry[1]) == 2
assert 'FOO' in entry[1]
assert 'BAR' in entry[1]
assert len(entry[2]) == 1
assert 'test.txt' in entry[2]
elif index == 2:
assert entry[0] == 'C:\\TEMP\\FOO\\'
assert len(entry[1]) == 0
assert len(entry[2]) == 2
assert 'hoopy.doc' in entry[2]
assert 'frood.doc' in entry[2]
elif index == 3:
assert entry[0] == 'C:\\TEMP\\BAR\\'
assert len(entry[1]) == 0
assert len(entry[2]) == 1
assert 'evil.exe' in entry[2]
else:
pytest.fail("Index went out of range")
index = index + 1
mox.VerifyAll()
def live_response(self):
"""
Create and return the Live Response session manager.
Returns:
LiveResponseSessionManager: The session manager object.
"""
if self._lr_scheduler is None:
self._lr_scheduler = LiveResponseSessionManager(self)
return self._lr_scheduler
def test_registry_enum(cbcsdk_mock):
"""Test the response to the 'reg enum keys' command."""
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/2468', SESSION_INIT_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468', SESSION_POLL_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/device/2468', DEVICE_RESPONSE)
cbcsdk_mock.mock_request('POST', '/integrationServices/v3/cblr/session/1:2468/command', REG_ENUM_START_RESP)
cbcsdk_mock.mock_request('GET', '/integrationServices/v3/cblr/session/1:2468/command/56', REG_ENUM_END_RESP)
cbcsdk_mock.mock_request('PUT', '/integrationServices/v3/cblr/session', SESSION_CLOSE_RESP)
manager = LiveResponseSessionManager(cbcsdk_mock.api)
with manager.request_session(2468) as session:
rc1 = session.list_registry_keys_and_values('HKLM\\SYSTEM\\CurrentControlSet\\services\\ACPI')
assert len(rc1['sub_keys']) == 2
assert 'Parameters' in rc1['sub_keys']
assert 'Enum' in rc1['sub_keys']
value_names = ['Start', 'Type', 'ErrorControl', 'ImagePath', 'DisplayName', 'Group', 'DriverPackageId', 'Tag']
assert len(rc1['values']) == len(value_names)
for keyitem in rc1['values']:
assert keyitem['value_name'] in value_names
rc2 = session.list_registry_values('HKLM\\SYSTEM\\CurrentControlSet\\services\\ACPI')
assert len(rc2) == len(value_names)
for keyitem in rc2:
assert keyitem['value_name'] in value_names
def live_response(self):
if self._lr_scheduler is None:
self._lr_scheduler = LiveResponseSessionManager(self)
return self._lr_scheduler
def test_create_manager(cbcsdk_mock):
"""Test creating the Live Response session manager."""
sut = LiveResponseSessionManager(cbcsdk_mock.api, 35)
assert sut._timeout == 35
assert not sut._keepalive_sessions
assert sut._job_scheduler is None
