def testClientSummary(self): d = self.CreateDatabase() client_id_1 = "C.0000000000000001" client_id_2 = "C.0000000000000002" client_id_3 = "C.0000000000000003" d.WriteClientMetadata(client_id_1, fleetspeak_enabled=True) d.WriteClientMetadata(client_id_2, fleetspeak_enabled=True) d.WriteClientMetadata(client_id_3, fleetspeak_enabled=True) d.WriteClient( client_id_1, objects.Client(hostname="test1234.examples.com", kernel="12.3")) d.WriteClient( client_id_1, objects.Client(hostname="test1234.examples.com", kernel="12.4")) d.WriteClient( client_id_2, objects.Client(hostname="test1235.examples.com", kernel="12.4")) hist = d.ReadClientHistory(client_id_1) self.assertEqual(len(hist), 2) # client_3 should be excluded - no snapshot yet res = d.ReadClients([client_id_1, client_id_2, client_id_3]) self.assertEqual(len(res), 3) self.assertIsInstance(res[client_id_1], objects.Client) self.assertIsInstance(res[client_id_2], objects.Client) self.assertIsNotNone(res[client_id_1].timestamp) self.assertIsNotNone(res[client_id_2].timestamp) self.assertEqual(res[client_id_1].hostname, "test1234.examples.com") self.assertEqual(res[client_id_1].kernel, "12.4") self.assertEqual(res[client_id_2].hostname, "test1235.examples.com") self.assertFalse(res[client_id_3])
def testInvalidClientID(self): # No id. with self.assertRaises(ValueError): objects.Client() # One digit short. with self.assertRaises(ValueError): objects.Client(client_id="C.000000000000000") with self.assertRaises(ValueError): objects.Client(client_id="not a real id") objects.Client(client_id="C.0000000000000000")
def ConvertVFSGRRClient(client): """Converts a VFSGRRClient object to and rdfvalues.objects.Client objects.""" result = rdf_objects.Client(client_id=client.urn.Basename()) s = client.Schema result.last_boot_time = client.Get(s.LAST_BOOT_TIME) result.filesystems = client.Get(s.FILESYSTEM) result.client_info = client.Get(s.CLIENT_INFO) result.hostname = client.Get(s.HOSTNAME) result.fqdn = client.Get(s.FQDN) result.system = client.Get(s.SYSTEM) result.os_release = client.Get(s.OS_RELEASE) result.os_version = client.Get(s.OS_VERSION) result.arch = client.Get(s.ARCH) result.install_time = client.Get(s.INSTALL_DATE) result.knowledge_base = client.Get(s.KNOWLEDGE_BASE) conf = client.Get(s.GRR_CONFIGURATION) for key in conf or []: result.grr_configuration.Append(key=key, value=utils.SmartStr(conf[key])) lib = client.Get(s.LIBRARY_VERSIONS) for key in lib or []: result.library_versions.Append(key=key, value=utils.SmartStr(lib[key])) result.kernel = client.Get(s.KERNEL) result.volumes = client.Get(s.VOLUMES) result.interfaces = client.Get(s.INTERFACES) result.hardware_info = client.Get(s.HARDWARE_INFO) result.memory_size = client.Get(s.MEMORY_SIZE) result.cloud_instance = client.Get(s.CLOUD_INSTANCE) return result
def testClientStartupInfo(self): """StartupInfo is written to a separate table, make sure the merge works.""" d = self.db client_id = "C.fc413187fefa1dcf" self._InitializeClient(client_id) client = objects.Client(client_id=client_id, kernel="12.3") client.startup_info = rdf_client.StartupInfo(boot_time=123) client.knowledge_base.fqdn = "test1234.examples.com" d.WriteClient(client) client = d.ReadClient(client_id) self.assertEqual(client.startup_info.boot_time, 123) client.kernel = "12.4" client.startup_info = rdf_client.StartupInfo(boot_time=124) d.WriteClient(client) client.kernel = "12.5" client.startup_info = rdf_client.StartupInfo(boot_time=125) d.WriteClient(client) hist = d.ReadClientHistory(client_id) self.assertEqual(len(hist), 3) startup_infos = [cl.startup_info for cl in hist] self.assertEqual([si.boot_time for si in startup_infos], [125, 124, 123]) # StartupInfos written using WriteClient show up in the StartupInfoHistory. history = d.ReadClientStartupInfoHistory(client_id) self.assertEqual(len(history), 3) self.assertEqual(startup_infos, history)
def Start(self): """Start off all the tests.""" # Create the objects we need to exist. self.Load() self.state.client = objects.Client(client_id=self.client_id.Basename()) self.state.fqdn = None self.state.os = None # Make sure we always have a VFSDirectory with a pathspec at fs/os pathspec = rdf_paths.PathSpec( path="/", pathtype=rdf_paths.PathSpec.PathType.OS) urn = pathspec.AFF4Path(self.client_id) with aff4.FACTORY.Create( urn, standard.VFSDirectory, mode="w", token=self.token) as fd: fd.Set(fd.Schema.PATHSPEC, pathspec) self.CallClient(server_stubs.GetPlatformInfo, next_state="Platform") self.CallClient(server_stubs.GetMemorySize, next_state="StoreMemorySize") self.CallClient(server_stubs.GetInstallDate, next_state="InstallDate") self.CallClient(server_stubs.GetClientInfo, next_state="ClientInfo") self.CallClient( server_stubs.GetConfiguration, next_state="ClientConfiguration") self.CallClient( server_stubs.GetLibraryVersions, next_state="ClientLibraries") self.CallClient( server_stubs.EnumerateInterfaces, next_state="EnumerateInterfaces") self.CallClient( server_stubs.EnumerateFilesystems, next_state="EnumerateFilesystems")
def _SetupClients(self, n): res = {} for i in range(1, n + 1): client_id = "C.100000000000000%d" % i client = objects.Client() client.system = "Windows" client.hostname = "host-%d" % i client.fqdn = "host-%d.example.com" % i client.interfaces = [ rdf_client.Interface(addresses=[ rdf_client.NetworkAddress( address_type=rdf_client.NetworkAddress.Family.INET, packed_bytes=ipv6_utils.InetPtoN( socket.AF_INET, "192.168.0.%d" % i)), rdf_client.NetworkAddress( address_type=rdf_client.NetworkAddress.Family.INET6, packed_bytes=ipv6_utils.InetPtoN( socket.AF_INET6, "2001:abcd::%d" % i)) ], mac_address=("aabbccddee0%d" % i).decode("hex")) ] res[client_id] = client return res
def testClientSummary(self): d = self.db client_id_1 = "C.0000000000000001" client_id_2 = "C.0000000000000002" client_id_3 = "C.0000000000000003" self._InitializeClient(client_id_1) self._InitializeClient(client_id_2) self._InitializeClient(client_id_3) d.WriteClient( client_id_1, objects.Client(client_id=client_id_1, knowledge_base=rdf_client.KnowledgeBase( fqdn="test1234.examples.com"), kernel="12.3")) d.WriteClient( client_id_1, objects.Client(client_id=client_id_1, knowledge_base=rdf_client.KnowledgeBase( fqdn="test1234.examples.com"), kernel="12.4")) d.WriteClient( client_id_2, objects.Client(client_id=client_id_2, knowledge_base=rdf_client.KnowledgeBase( fqdn="test1235.examples.com"), kernel="12.4")) hist = d.ReadClientHistory(client_id_1) self.assertEqual(len(hist), 2) # client_3 should be excluded - no snapshot yet res = d.ReadClients([client_id_1, client_id_2, client_id_3]) self.assertEqual(len(res), 3) self.assertIsInstance(res[client_id_1], objects.Client) self.assertIsInstance(res[client_id_2], objects.Client) self.assertIsInstance(res[client_id_1].timestamp, rdfvalue.RDFDatetime) self.assertIsNotNone(res[client_id_2].timestamp) self.assertEqual(res[client_id_1].knowledge_base.fqdn, "test1234.examples.com") self.assertEqual(res[client_id_1].kernel, "12.4") self.assertEqual(res[client_id_2].knowledge_base.fqdn, "test1235.examples.com") self.assertFalse(res[client_id_3])
def SetupTestClientObject(self, client_nr, add_cert=True, arch="x86_64", last_boot_time=None, fqdn=None, kernel="4.0.0", memory_size=None, os_version="buster/sid", ping=None, system="Linux"): """Prepares a test client object.""" client_id = "C.1%015x" % client_nr client = objects.Client(client_id=client_id) client.startup_info.client_info = self._TestClientInfo() if last_boot_time is not None: client.startup_info.boot_time = last_boot_time client.knowledge_base.fqdn = fqdn or "Host-%x.example.com" % client_nr client.knowledge_base.os = system client.knowledge_base.users = [ rdf_client.User(username="******"), rdf_client.User(username="******"), ] client.os_version = os_version client.arch = arch client.kernel = kernel client.interfaces = self._TestInterfaces(client_nr) client.hardware_info = rdf_client.HardwareInfo( system_manufacturer="System-Manufacturer-%x" % client_nr, bios_version="Bios-Version-%x" % client_nr) if memory_size is not None: client.memory_size = memory_size ping = ping or rdfvalue.RDFDatetime.Now() if add_cert: cert = self.ClientCertFromPrivateKey( config.CONFIG["Client.private_key"]) else: cert = None data_store.REL_DB.WriteClientMetadata(client_id, last_ping=ping, certificate=cert, fleetspeak_enabled=False) data_store.REL_DB.WriteClient(client) client_index.ClientIndex().AddClient(client_id, client) return client
def testClientWriteToUnknownClient(self): d = self.db client_id = "C.fc413187fefa1dcf" with self.assertRaises(db.UnknownClientError): d.WriteClient(objects.Client(client_id=client_id)) # fleetspeak_enabled not set means update. with self.assertRaises(db.UnknownClientError): d.WriteClientMetadata(client_id, first_seen=rdfvalue.RDFDatetime.Now())
def testClientHistory(self): d = self.CreateDatabase() client_id = "C.fc413187fefa1dcf" d.WriteClientMetadata(client_id, fleetspeak_enabled=True) client = objects.Client(hostname="test1234.examples.com", kernel="12.3") d.WriteClient(client_id, client) client = objects.Client(hostname="test1234.examples.com", kernel="12.4") d.WriteClient(client_id, client) hist = d.ReadClientHistory(client_id) self.assertEqual(len(hist), 2) self.assertIsInstance(hist[0], objects.Client) self.assertIsInstance(hist[1], objects.Client) self.assertGreater(hist[0].timestamp, hist[1].timestamp) self.assertEqual(hist[0].kernel, "12.4") self.assertEqual(hist[1].kernel, "12.3")
def MakeClient(): client = objects.Client() base_pb = objects_pb2.Client() text_format.Merge( """ hostname: "test123" fqdn: "test123.examples.com" system: "Linux" os_release: "Ubuntu" os_version: "14.4" interfaces: { addresses: { address_type: INET packed_bytes: "\177\000\000\001" } addresses: { address_type: INET6 packed_bytes: "\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\001" } } interfaces: { mac_address: "\001\002\003\004\001\002\003\004\001\002\003\004" addresses: { address_type: INET packed_bytes: "\010\010\010\010" } addresses: { address_type: INET6 packed_bytes: "\376\200\001\002\003\000\000\000\000\000\000\000\000\000\000\000" } } knowledge_base: { users: { username: "******" full_name: "Good Guy Joe" } users: { username: "******" full_name: "Ok Guy Fred" } } cloud_instance: { cloud_type: GOOGLE google: { unique_id: "us-central1-a/myproject/1771384456894610289" } } """, base_pb) client.ParseFromString(base_pb.SerializeToString()) return client
def testClientHistory(self): d = self.db client_id = "C.fc413187fefa1dcf" self._InitializeClient(client_id) client = objects.Client(client_id=client_id, kernel="12.3") client.knowledge_base.fqdn = "test1234.examples.com" d.WriteClient(client) client.kernel = "12.4" d.WriteClient(client) hist = d.ReadClientHistory(client_id) self.assertEqual(len(hist), 2) self.assertIsInstance(hist[0], objects.Client) self.assertIsInstance(hist[1], objects.Client) self.assertGreater(hist[0].timestamp, hist[1].timestamp) self.assertIsInstance(hist[0].timestamp, rdfvalue.RDFDatetime) self.assertEqual(hist[0].kernel, "12.4") self.assertEqual(hist[1].kernel, "12.3")
def testFullInfo(self): d = self.db client_id = "C.0000000050000001" self._InitializeClient(client_id) cl = objects.Client(client_id=client_id, knowledge_base=rdf_client.KnowledgeBase( fqdn="test1234.examples.com"), kernel="12.3") d.WriteClient(cl) d.WriteClientMetadata(client_id, certificate=CERT) si = rdf_client.StartupInfo(boot_time=1) d.WriteClientStartupInfo(client_id, si) d.AddClientLabels(client_id, "test_owner", ["test_label"]) full_info = d.ReadFullInfoClient(client_id) self.assertEqual(full_info["client"], cl) self.assertEqual(full_info["metadata"].certificate, CERT) self.assertEqual(full_info["last_startup_info"], si) self.assertEqual( full_info["labels"], [objects.ClientLabel(owner="test_owner", name="test_label")])
def testAnalyzeClient(self): index = client_index.ClientIndex() client = objects.Client(client_id="C.0000000000000000") client.knowledge_base.os = "Windows" client.startup_info.client_info.client_name = "grr monitor" client.startup_info.client_info.labels = ["client-label-23"] kb = client.knowledge_base kb.users = [ rdf_client.User( username="******", full_name="Eric (Bertrand ) 'Russell' \"Logician\" Jacobson"), rdf_client.User(username="******", full_name="Steve O'Bryan") ] keywords = index.AnalyzeClient(client) # Should not contain an empty string. self.assertNotIn("", keywords) # OS of the client self.assertIn("windows", keywords) # Users of the client. self.assertIn("bert", keywords) self.assertIn("bertrand", keywords) self.assertNotIn(")", keywords) self.assertIn("russell", keywords) self.assertIn("logician", keywords) self.assertIn("ernie", keywords) self.assertIn("eric", keywords) self.assertIn("jacobson", keywords) self.assertIn("steve o'bryan", keywords) self.assertIn("o'bryan", keywords) # Client information. self.assertIn("grr monitor", keywords) self.assertIn("client-label-23", keywords)