def testUnicodeListDirectory(self):
"""Test that the ListDirectory flow works on unicode directories."""
client_mock = action_mocks.ListDirectoryClientMock()
# Deliberately specify incorrect casing
pb = rdf_paths.PathSpec(path=os.path.join(self.base_path,
"test_img.dd"),
pathtype=rdf_paths.PathSpec.PathType.OS)
pb.Append(path=u"入乡随俗 海外春节别样过法",
pathtype=rdf_paths.PathSpec.PathType.TSK)
for _ in test_lib.TestFlowHelper("ListDirectory",
client_mock,
client_id=self.client_id,
pathspec=pb,
token=self.token):
pass
# Check the output file is created
output_path = self.client_id.Add("fs/tsk").Add(pb.CollapsePath())
fd = aff4.FACTORY.Open(output_path, token=self.token)
children = list(fd.OpenChildren())
self.assertEqual(len(children), 1)
child = children[0]
self.assertEqual(os.path.basename(utils.SmartUnicode(child.urn)),
u"入乡随俗.txt")
def testListDirectory(self):
"""Test that the ListDirectory flow works."""
client_mock = action_mocks.ListDirectoryClientMock()
pb = rdf_paths.PathSpec(path=os.path.join(self.base_path,
"test_img.dd"),
pathtype=rdf_paths.PathSpec.PathType.OS)
pb.Append(path="test directory",
pathtype=rdf_paths.PathSpec.PathType.TSK)
for _ in test_lib.TestFlowHelper("ListDirectory",
client_mock,
client_id=self.client_id,
pathspec=pb,
token=self.token):
pass
# Check the output file is created
output_path = self.client_id.Add("fs/tsk").Add(pb.first.path)
fd = aff4.FACTORY.Open(output_path.Add("Test Directory"),
token=self.token)
children = list(fd.OpenChildren())
self.assertEqual(len(children), 1)
child = children[0]
# Check that the object is stored with the correct casing.
self.assertEqual(child.urn.Basename(), "numbers.txt")
# And the wrong object is not there
self.assertRaises(IOError,
aff4.FACTORY.Open,
output_path.Add("test directory"),
aff4_type=aff4_standard.VFSDirectory,
token=self.token)
def setUp(self):
super(TestEndToEndTestFlow, self).setUp()
self.SetupClients(1, system="Linux", os_version="14.04", arch="x86_64")
install_time = rdfvalue.RDFDatetime.Now()
user = "******"
userobj = rdf_client.User(username=user)
interface = rdf_client.Interface(ifname="eth0")
self.client = aff4.FACTORY.Create(self.client_id,
aff4_grr.VFSGRRClient,
mode="rw",
token=self.token,
age=aff4.ALL_TIMES)
kb = self.client.Get(self.client.Schema.KNOWLEDGE_BASE)
kb.users.Append(userobj)
self.client.Set(self.client.Schema.HOSTNAME("hostname"))
self.client.Set(self.client.Schema.OS_RELEASE("debian"))
self.client.Set(self.client.Schema.KERNEL("3.15-rc2"))
self.client.Set(self.client.Schema.FQDN("hostname.example.com"))
self.client.Set(self.client.Schema.INSTALL_DATE(install_time))
self.client.Set(self.client.Schema.KNOWLEDGE_BASE(kb))
self.client.Set(self.client.Schema.USERNAMES([user]))
self.client.Set(self.client.Schema.INTERFACES([interface]))
self.client.Flush()
self.client_mock = action_mocks.ListDirectoryClientMock()
def testRegistryMTimes(self):
# Just listing all keys does not generate a full stat entry for each of
# the results.
results = self._RunRegistryFinder(
["HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest/*"])
self.assertEqual(len(results), 2)
for result in results:
st = result.stat_entry
self.assertIsNone(st.st_mtime)
# Explicitly calling RegistryFinder on a value does though.
results = self._RunRegistryFinder([
"HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest/Value1",
"HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest/Value2",
])
self.assertEqual(len(results), 2)
for result in results:
st = result.stat_entry
path = utils.SmartStr(st.aff4path)
if "Value1" in path:
self.assertEqual(st.st_mtime, 110)
elif "Value2" in path:
self.assertEqual(st.st_mtime, 120)
else:
self.fail("Unexpected value: %s" % path)
# For Listdir, the situation is the same. Listing does not yield mtimes.
client_id = self.SetupClients(1)[0]
pb = rdf_paths.PathSpec(
path="/HKEY_LOCAL_MACHINE/SOFTWARE/ListingTest",
pathtype=rdf_paths.PathSpec.PathType.REGISTRY)
output_path = client_id.Add("registry").Add(pb.first.path)
aff4.FACTORY.Delete(output_path, token=self.token)
client_mock = action_mocks.ListDirectoryClientMock()
for _ in test_lib.TestFlowHelper(
"ListDirectory",
client_mock,
client_id=client_id,
pathspec=pb,
token=self.token):
pass
results = list(
aff4.FACTORY.Open(
output_path, token=self.token).OpenChildren())
self.assertEqual(len(results), 2)
for result in results:
st = result.Get(result.Schema.STAT)
self.assertIsNone(st.st_mtime)
def testListDirectoryOnNonexistentDir(self):
"""Test that the ListDirectory flow works."""
client_mock = action_mocks.ListDirectoryClientMock()
pb = rdf_paths.PathSpec(path=os.path.join(self.base_path,
"test_img.dd"),
pathtype=rdf_paths.PathSpec.PathType.OS)
pb.Append(path="doesnotexist",
pathtype=rdf_paths.PathSpec.PathType.TSK)
with self.assertRaises(RuntimeError):
for _ in test_lib.TestFlowHelper("ListDirectory",
client_mock,
client_id=self.client_id,
pathspec=pb,
token=self.token):
pass
def testListDirectoryOnFile(self):
"""OS ListDirectory on a file will raise."""
client_mock = action_mocks.ListDirectoryClientMock()
pb = rdf_paths.PathSpec(path=os.path.join(self.base_path,
"test_img.dd"),
pathtype=rdf_paths.PathSpec.PathType.OS)
# Make sure the flow raises.
self.assertRaises(
RuntimeError, list,
test_lib.TestFlowHelper("ListDirectory",
client_mock,
client_id=self.client_id,
pathspec=pb,
token=self.token))
def testEndToEndTestsResultChecking(self):
self.client_ids = [
"aff4:/C.6000000000000000", "aff4:/C.6000000000000001",
"aff4:/C.6000000000000002"
]
for clientid in self.client_ids:
self._SetSummaries(clientid)
self.client_mock = action_mocks.ListDirectoryClientMock()
endtoend = system.EndToEndTests(None, token=self.token)
endtoend.state.hunt_id = "aff4:/temphuntid"
endtoend.state.client_ids = set(self.client_ids)
endtoend.state.client_ids_failures = set()
endtoend.state.client_ids_result_reported = set()
# No results at all
self.assertRaises(flow.FlowError, endtoend._CheckForSuccess, [])
# Not enough client results
endtoend.state.client_ids_failures = set()
endtoend.state.client_ids_result_reported = set()
self.assertRaises(
flow.FlowError, endtoend._CheckForSuccess,
[self._CreateResult(True, "aff4:/C.6000000000000001")])
# All clients succeeded
endtoend.state.client_ids_failures = set()
endtoend.state.client_ids_result_reported = set()
endtoend._CheckForSuccess([
self._CreateResult(True, "aff4:/C.6000000000000000"),
self._CreateResult(True, "aff4:/C.6000000000000001"),
self._CreateResult(True, "aff4:/C.6000000000000002")
])
# All clients complete, but some failures
endtoend.state.client_ids_failures = set()
endtoend.state.client_ids_result_reported = set()
self.assertRaises(flow.FlowError, endtoend._CheckForSuccess, [
self._CreateResult(True, "aff4:/C.6000000000000000"),
self._CreateResult(False, "aff4:/C.6000000000000001"),
self._CreateResult(False, "aff4:/C.6000000000000002")
])
def testSystemRootFallback(self):
with test_lib.VFSOverrider(rdf_paths.PathSpec.PathType.OS,
test_lib.ClientVFSHandlerFixture):
client_mock = action_mocks.ListDirectoryClientMock()
for s in test_lib.TestFlowHelper(
"SystemRootSystemDriveFallbackFlow",
client_mock,
client_id=self.client_id,
token=self.token,
artifact_name="SystemRoot"):
session_id = s
output_fd = flow.GRRFlow.ResultCollectionForFID(session_id,
token=self.token)
self.assertEqual(len(output_fd), 1)
self.assertEqual(str(output_fd[0].registry_data.GetValue()),
r"C:\WINDOWS")
def testEndToEndTests(self):
self.client_ids = [
"aff4:/C.6000000000000000", "aff4:/C.6000000000000001",
"aff4:/C.6000000000000002"
]
for clientid in self.client_ids:
self._SetSummaries(clientid)
self.client_mock = action_mocks.ListDirectoryClientMock()
with test_lib.ConfigOverrider(
{"Test.end_to_end_client_ids": self.client_ids}):
with utils.MultiStubber(
(base.AutomatedTest, "classes", {
"MockEndToEndTest": endtoend_mocks.MockEndToEndTest
}), (system.EndToEndTests, "lifetime", 0)):
# The test harness doesn't understand the callstate at a later time that
# this flow is doing, so we need to disable check_flow_errors.
for _ in flow_test_lib.TestFlowHelper(
system.EndToEndTests.__name__,
self.client_mock,
client_id=self.client_id,
check_flow_errors=False,
token=self.token):
pass
hunt_test_lib.TestHuntHelperWithMultipleMocks(
{}, check_flow_errors=False, token=self.token)
hunt_ids = list(
aff4.FACTORY.Open("aff4:/hunts",
token=self.token).ListChildren())
# We have only created one hunt, and we should have started with a clean
# aff4 space.
self.assertEqual(len(hunt_ids), 1)
hunt_obj = aff4.FACTORY.Open(hunt_ids[0],
token=self.token,
age=aff4.ALL_TIMES)
self.assertItemsEqual(sorted(hunt_obj.GetClients()),
sorted(self.client_ids))
def testFlowExecution(self):
client_mock = action_mocks.ListDirectoryClientMock()
rollover = config_lib.CONFIG["Logging.aff4_audit_log_rollover"]
# Set time to epoch + 20 intervals
with test_lib.FakeTime(20 * rollover):
for _ in test_lib.TestFlowHelper(
"ListDirectory",
client_mock,
client_id=self.client_id,
pathspec=rdf_paths.PathSpec(
path=os.path.join(self.base_path,
"test_img.dd/test directory"),
pathtype=rdf_paths.PathSpec.PathType.OS),
token=self.token):
pass
for _ in test_lib.TestFlowHelper(
"ListDirectory",
client_mock,
client_id=self.client_id,
pathspec=rdf_paths.PathSpec(
path=os.path.join(self.base_path,
"test_img.dd/test directory"),
pathtype=rdf_paths.PathSpec.PathType.OS),
token=self.token):
pass
parentdir = aff4.FACTORY.Open("aff4:/audit/logs",
aff4.AFF4Volume,
mode="r",
token=self.token)
logs = list(parentdir.ListChildren())
self.assertEqual(len(logs), 1)
log = aff4.CurrentAuditLog()
stored_events = list(aff4.FACTORY.Open(log, token=self.token))
self.assertEqual(len(stored_events), 2)
for event in stored_events:
self.assertEqual(event.action,
events.AuditEvent.Action.RUN_FLOW)
self.assertEqual(event.flow_name, "ListDirectory")
self.assertEqual(event.user, self.token.username)
# Set time to epoch + 22 intervals
with test_lib.FakeTime(22 * rollover):
for _ in test_lib.TestFlowHelper(
"ListDirectory",
client_mock,
client_id=self.client_id,
pathspec=rdf_paths.PathSpec(
path=os.path.join(self.base_path,
"test_img.dd/test directory"),
pathtype=rdf_paths.PathSpec.PathType.OS),
token=self.token):
pass
parentdir = aff4.FACTORY.Open("aff4:/audit/logs",
aff4.AFF4Volume,
mode="r",
token=self.token)
# Now we should have two collections
logs = list(parentdir.ListChildren())
self.assertEqual(len(logs), 2)
# One with two events
stored_events = list(aff4.FACTORY.Open(logs[0], token=self.token))
self.assertEqual(len(stored_events), 2)
# The other with one
stored_events = list(aff4.FACTORY.Open(logs[1], token=self.token))
self.assertEqual(len(stored_events), 1)
