def GenerateSample(self, number=0): result = artifact_registry.Artifact(name="artifact%s" % number, doc="Doco", provides="environ_windir", supported_os="Windows", urls="http://blah") return result
def testValidateSyntax(self): sources = [{ "type": artifact_registry.ArtifactSource.SourceType.REGISTRY_KEY, "attributes": { "keys": [ r"%%current_control_set%%\Control\Session " r"Manager\Environment\Path" ] } }, { "type": artifact_registry.ArtifactSource.SourceType.FILE, "attributes": { "paths": [r"%%environ_systemdrive%%\Temp"] } }] artifact = artifact_registry.Artifact( name="good", doc="Doco", provides=["environ_windir"], supported_os=["Windows"], urls=["http://blah"], sources=sources) artifact.ValidateSyntax()
def testGetArtifactPathDependencies(self): sources = [{ "type": artifact_registry.ArtifactSource.SourceType.REGISTRY_KEY, "attributes": { "keys": [ r"%%current_control_set%%\Control\Session " r"Manager\Environment\Path" ] } }, { "type": artifact_registry.ArtifactSource.SourceType.WMI, "attributes": { "query": "SELECT * FROM Win32_UserProfile " "WHERE SID='%%users.sid%%'" } }, { "type": artifact_registry.ArtifactSource.SourceType.GREP, "attributes": { "content_regex_list": ["^%%users.username%%:"] } }] artifact = artifact_registry.Artifact( name="artifact", doc="Doco", provides=["environ_windir"], supported_os=["Windows"], urls=["http://blah"], sources=sources) self.assertItemsEqual( [x["type"] for x in artifact.ToPrimitiveDict()["sources"]], ["REGISTRY_KEY", "WMI", "GREP"]) class Parser1(object): knowledgebase_dependencies = ["appdata", "sid"] class Parser2(object): knowledgebase_dependencies = ["sid", "desktop"] @classmethod def MockGetClassesByArtifact(unused_cls, _): return [Parser1, Parser2] with utils.Stubber(parsers.Parser, "GetClassesByArtifact", MockGetClassesByArtifact): self.assertItemsEqual(artifact.GetArtifactPathDependencies(), [ "appdata", "sid", "desktop", "current_control_set", "users.sid", "users.username" ])
def testValidateSyntaxBadPathDependency(self): sources = [ {"type": artifact_registry.ArtifactSource.SourceType.FILE, "attributes": { "paths": [r"%%systemdrive%%\Temp"]}}] artifact = artifact_registry.Artifact(name="bad", doc="Doco", provides=["environ_windir"], supported_os=["Windows"], urls=["http://blah"], sources=sources) with self.assertRaises(artifact_registry.ArtifactDefinitionError): artifact.ValidateSyntax()
def testCommandArgumentOrderIsPreserved(self): content = """name: CommandOrder doc: here's the doc sources: - type: COMMAND attributes: args: ["-L", "-v", "-n"] cmd: /sbin/iptables supported_os: [Linux] """ artifact.UploadArtifactYamlFile(content, token=self.token) artifact_obj = artifact_registry.REGISTRY.GetArtifacts( name_list=["CommandOrder"]).pop() arglist = artifact_obj.sources[0].attributes.get("args") self.assertEqual(arglist, ["-L", "-v", "-n"]) # Check serialize/deserialize doesn't change order. serialized = artifact_obj.SerializeToString() artifact_obj = artifact_registry.Artifact(serialized) arglist = artifact_obj.sources[0].attributes.get("args") self.assertEqual(arglist, ["-L", "-v", "-n"])